Managing Project Risk
Managing Project Risk
Managing Project Risk
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Managing</strong><br />
<strong>Project</strong> <strong>Risk</strong><br />
DHY01 0807
© Copyright ESI International<br />
August 2007<br />
All rights reserved.<br />
No part of this publication may be reproduced, stored in a retrieval system, or<br />
transmitted, in any form or by any means, electronic, mechanical, photocopying,<br />
recording, or otherwise, without the prior written permission of ESI International.<br />
ESI grants federal government users "Restricted Rights" (as the term is defined in<br />
FAR 52.227-14 and DFARS 252.227-7013). Use, reproduction, or disclosure of<br />
these materials is subject to the restrictions set forth in the MOBIS, FSS, or contract<br />
under which the materials were provided.<br />
All material from A Guide to the <strong>Project</strong> Management Body of Knowledge (PMBOK ®<br />
Guide) is reprinted with permission of the <strong>Project</strong> Management Institute,<br />
Four Campus Boulevard, Newtown Square, Pennsylvania 19073-3299, USA, a<br />
worldwide organization of advancing the state-of-the-art in project management.<br />
Phone: (610)356-4600, Fax: (610)356-4647.<br />
PMI ® did not participate in the development of this publication and has not<br />
reviewed the content for accuracy. PMI ® does not endorse or otherwise sponsor this<br />
publication and makes no warranty, guarantee, or representation, expressed or<br />
implied, as to its accuracy or content. PMI ® does not have any financial interest in<br />
this publication and has not contributed any financial resources.<br />
The names of all companies and characters used in these materials are purely<br />
fictional. Any resemblance to any existing or no longer existing company or living<br />
or dead person is not intended, and is purely coincidental.<br />
“PMI” is a service and trademark of the <strong>Project</strong> Management Institute, Inc., which is<br />
registered in the United States and other nations.<br />
“PMBOK” is a trademark of the <strong>Project</strong> Management Institute, Inc., which is<br />
registered in the United States and other nations.<br />
“PMP” is a certification mark of the <strong>Project</strong> Management Institute, Inc., which is<br />
registered in the United States and other nations.<br />
ESI International<br />
Arlington, VA USA
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
© ESI August 2007 dhy01-01.ppt<br />
1-1
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Course Objectives<br />
By the end of this course, you will be able to—<br />
Identify risks using various methods<br />
Assess the potential impact of risk factors<br />
Prioritize risks to determine the most important<br />
Develop effective risk response strategies<br />
Control risk during project execution using proven<br />
tools and techniques<br />
Use a practical 8-step process to manage project<br />
risk<br />
Integrate risk management into the overall project<br />
management process<br />
© ESI August 2007 dhy01-01.ppt<br />
1-3<br />
© ESI August 2007 dhy01-01.ppt<br />
1-3
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
What Is a <strong>Project</strong>?<br />
“[A] temporary endeavor undertaken to create a unique<br />
product, service, or result”*<br />
—PMBOK® Guide, p. 5<br />
<strong>Project</strong><br />
A<br />
*Source: <strong>Project</strong> Management Institute. A Guide to the <strong>Project</strong> Management Body of Knowledge. 3d ed.<br />
Newtown Square, Pa.: <strong>Project</strong> Management Institute, 2004.<br />
“PMBOK” is a trademark of the <strong>Project</strong> Management Institute, Inc., which is registered in the United States<br />
and other nations.<br />
© ESI August 2007 dhy01-01.ppt<br />
1-4<br />
© ESI August 2007 dhy01-01.ppt<br />
1-4<br />
<strong>Project</strong><br />
C<br />
Ongoing Business Operation<br />
<strong>Project</strong><br />
D<br />
Program X<br />
<strong>Project</strong><br />
B<br />
Program Y<br />
<strong>Project</strong><br />
E<br />
Cancelled
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Project</strong> Management<br />
[T]he application of knowledge, skills, tools and<br />
techniques to project activities to meet project<br />
requirements<br />
[A]ccomplished through the application and<br />
integration of the project management processes of<br />
initiating, planning, executing, monitoring and<br />
controlling, and closing<br />
—PMBOK® Guide, p. 8<br />
Sound project management helps ensure success.<br />
© ESI August 2007 dhy01-01.ppt<br />
1-5<br />
© ESI August 2007 dhy01-01.ppt<br />
1-5
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Project</strong> Life Cycle<br />
<strong>Project</strong>s are usually divided into phases<br />
Collectively, these phases make up the project life<br />
cycle<br />
I<br />
Initiation<br />
P<br />
Planning<br />
I<br />
Implementation<br />
C<br />
Closeout<br />
© ESI August 2007 dhy01-01.ppt<br />
1-6<br />
© ESI August 2007 dhy01-01.ppt<br />
1-6
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Project</strong> Management Process Groups<br />
The PMBOK® Guide’s five project process groups: Initiating,<br />
Planning, Executing, Monitoring and Controlling, and Closing<br />
Initiating<br />
Processes<br />
Monitoring and<br />
Controlling Processes<br />
Planning Process<br />
Executing Processes<br />
Initiating<br />
Processes Closing<br />
Processes<br />
Monitoring and<br />
Controlling Processes<br />
Planning Process<br />
Executing Processes<br />
Source: PMBOK® Guide, p. 69<br />
<strong>Project</strong><br />
Process<br />
Groups<br />
Life Cycle<br />
Phase Phase Phase Phase<br />
Initiating<br />
Processes Closing<br />
Processes<br />
Monitoring and<br />
Controlling Processes<br />
Planning Process<br />
Executing Processes<br />
Initiating<br />
Processes Closing<br />
Processes<br />
Monitoring and<br />
Controlling Processes<br />
Initiating<br />
Processes<br />
Monitoring and<br />
Controlling Processes<br />
Planning Process<br />
Executing Processes<br />
© ESI August 2007 dhy01-01.ppt<br />
1-7<br />
Closing<br />
Processes<br />
© ESI August 2007 dhy01-01.ppt<br />
1-7<br />
Planning Process<br />
Executing Processes<br />
Closing<br />
Processes
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Needs<br />
The Right Start<br />
Goals and<br />
Outcomes<br />
Becoming<br />
more<br />
specific<br />
Specific<br />
Objectives<br />
Functional<br />
Requirements<br />
Technical Requirements<br />
© ESI August 2007 dhy01-01.ppt<br />
1-8<br />
© ESI August 2007 dhy01-01.ppt<br />
1-8
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Formulating Good Objectives<br />
Objective<br />
An understanding between someone who needs<br />
something and someone who can provide it<br />
Exists at all levels (corporate, project, work team,<br />
specific task)<br />
Uses the SMART model<br />
S = Specific<br />
M = Measurable<br />
A = Agreed-upon<br />
R = Realistic<br />
T = Time-based<br />
© ESI August 2007 dhy01-01.ppt<br />
1-9<br />
© ESI August 2007 dhy01-01.ppt<br />
1-9
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Work Breakdown Structure (WBS)<br />
The WBS—<br />
[Is a] deliverable-oriented hierarchical<br />
decomposition of the work to be executed by the<br />
project team to accomplish the project objectives<br />
and create the required deliverables<br />
[O]rganizes and defines the total scope of the<br />
project<br />
[Subdivides the project work into smaller, more<br />
manageable pieces of work, with] each descending<br />
level [of the WBS] represent[ing] an increasingly<br />
detailed definition of the project work<br />
—PMBOK® Guide, p. 379<br />
© ESI August 2007 dhy01-01.ppt<br />
1-10<br />
© ESI August 2007 dhy01-01.ppt<br />
1-10
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Organizing the WBS<br />
Define the project—<br />
Scope<br />
Tasks<br />
Work packages<br />
Technical baseline<br />
Organize the WBS to allow—<br />
For realistic estimating<br />
Assignment to a single organizational unit or<br />
for exclusive responsibility<br />
Use tools consistent with your comfort level and<br />
project needs<br />
© ESI August 2007 dhy01-01.ppt<br />
1-11<br />
© ESI August 2007 dhy01-01.ppt<br />
1-11
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
WBS Review<br />
The WBS should—<br />
Be consistent<br />
Be task oriented and start with a verb, or be<br />
deliverable oriented and start with a noun<br />
Be decomposed to your level of control<br />
Ensure that each work package accomplishes a<br />
discrete work element<br />
Make work packages SMART<br />
© ESI August 2007 dhy01-01.ppt<br />
1-12<br />
© ESI August 2007 dhy01-01.ppt<br />
1-12
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Key Definitions<br />
<strong>Project</strong> risk<br />
“An uncertain event or condition that, if it occurs,<br />
has a positive or a negative effect on at least one<br />
project objective…”<br />
<strong>Risk</strong> management<br />
“…includes the processes concerned with<br />
conducting risk management planning,<br />
identification, analysis, responses, and monitoring<br />
and control on a project…”<br />
Includes “increas[ing] the probability and impact of<br />
positive events, and decreas[ing] the probability<br />
and impact of events adverse to the project”<br />
Source: PMBOK ® Guide, pp. 237–238<br />
© ESI August 2007 dhy01-01.ppt<br />
1-13<br />
© ESI August 2007 dhy01-01.ppt<br />
1-13
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Probability<br />
of<br />
occurrence<br />
Dual Nature of <strong>Risk</strong><br />
Threat Opportunity<br />
Consequence<br />
of<br />
failure<br />
Probability<br />
of<br />
success<br />
Benefit<br />
of<br />
success<br />
© ESI August 2007 dhy01-01.ppt<br />
1-14<br />
© ESI August 2007 dhy01-01.ppt<br />
1-14
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Uncertainty<br />
Unknown–Unknowns<br />
Known–Unknowns<br />
Known–Knowns<br />
Known risks: <strong>Risk</strong>s that were identified by the<br />
project team<br />
Unknown risks: <strong>Risk</strong>s that were not identified<br />
© ESI August 2007 dhy01-01.ppt<br />
1-15<br />
© ESI August 2007 dhy01-01.ppt<br />
1-15
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Elements of <strong>Risk</strong><br />
A definable event<br />
Probability of occurrence<br />
Impact (consequence) of occurrence<br />
© ESI August 2007 dhy01-01.ppt<br />
1-16<br />
© ESI August 2007 dhy01-01.ppt<br />
1-16
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Is a Function of Its Elements<br />
Expected value = (probability of occurrence) × (impact of occurrence)<br />
Probability<br />
of<br />
Occurrence<br />
Low<br />
High<br />
Low<br />
<strong>Risk</strong> from snow in Maine<br />
Impact of Occurrence<br />
<strong>Risk</strong> from snow in Georgia<br />
© ESI August 2007 dhy01-01.ppt<br />
1-17<br />
© ESI August 2007 dhy01-01.ppt<br />
1-17<br />
High
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Benefits of <strong>Risk</strong> Management<br />
Minimize management by crisis<br />
Encourage proactive management<br />
Minimize surprises and problems<br />
Gain competitive advantage<br />
Decrease overall probability of project variances<br />
Increase probability of project success<br />
Increase profitability<br />
Focus on building the right product the first time<br />
Prevent problems from occurring, or if they occur,<br />
from escalating<br />
© ESI August 2007 dhy01-01.ppt<br />
1-18<br />
© ESI August 2007 dhy01-01.ppt<br />
1-18
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Responsibilities in <strong>Risk</strong> Management<br />
<strong>Project</strong> manager<br />
Initiate and lead the risk<br />
management process<br />
Provide direction to the<br />
project team on the risk<br />
management process<br />
and tools<br />
<strong>Project</strong> team<br />
Understand and follow<br />
the risk management<br />
process<br />
Execute risk<br />
management<br />
strategies<br />
Report status on the risk<br />
management process<br />
© ESI August 2007 dhy01-01.ppt<br />
1-19<br />
© ESI August 2007 dhy01-01.ppt<br />
1-19
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Management—A Full <strong>Project</strong> Life-<br />
Cycle Responsibility<br />
Initiate Plan<br />
Preliminary<br />
project plan<br />
<strong>Project</strong> Life Cycle<br />
<strong>Risk</strong> Planning Processes<br />
Final<br />
project plan<br />
Implement<br />
Execute Control<br />
<strong>Project</strong> <strong>Project</strong><br />
replanning replanning<br />
<strong>Risk</strong> assessment and response processes are performed—<br />
At regular intervals throughout the project life cycle<br />
Every time a new baseline or plan is established<br />
At major milestones or decision check points<br />
<strong>Risk</strong> Monitoring and Control Processes<br />
<strong>Risk</strong> monitoring and control processes are performed—<br />
Continuously throughout the project life cycle<br />
During project status and reporting updates<br />
Closeout<br />
© ESI August 2007 dhy01-01.ppt<br />
1-20<br />
© ESI August 2007 dhy01-01.ppt<br />
1-20
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Management Process<br />
Inputs<br />
Requirements<br />
People<br />
Development process<br />
Management<br />
Schedule<br />
Budget<br />
Quality<br />
Assumptions<br />
Constraints<br />
Testing<br />
Expectations<br />
Deployment<br />
Security<br />
Training<br />
Tools<br />
and<br />
Techniques Outputs<br />
<strong>Risk</strong><br />
Management<br />
Prioritized risks<br />
(<strong>Risk</strong> Listing)<br />
<strong>Risk</strong> response plan<br />
<strong>Project</strong> plan updates<br />
© ESI August 2007 dhy01-01.ppt<br />
1-21<br />
© ESI August 2007 dhy01-01.ppt<br />
1-21
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Monitoring<br />
and Control*<br />
ESI’s <strong>Risk</strong> Management Model<br />
Document<br />
Evaluate<br />
Execute<br />
*PMI ® <strong>Project</strong> <strong>Risk</strong> Management Processes<br />
Source: PMBOK ® Guide, p. 239<br />
<strong>Risk</strong><br />
Management<br />
Planning<br />
Document and<br />
Communicate<br />
Plan<br />
Identify<br />
Analyze<br />
Prioritize<br />
<strong>Risk</strong> Management Planning*<br />
<strong>Risk</strong> Identification*<br />
Qualitative <strong>Risk</strong> Analysis* and<br />
Quantitative <strong>Risk</strong> Analysis*<br />
<strong>Risk</strong> Response Planning*<br />
© ESI August 2007 dhy01-01.ppt<br />
1-22<br />
© ESI August 2007 dhy01-01.ppt<br />
1-22
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Step 1: <strong>Risk</strong> Management Planning<br />
<strong>Risk</strong> management<br />
planning is the—<br />
Preliminary planning<br />
for addressing risk<br />
Initial development of<br />
a framework to be<br />
carried out during the<br />
project<br />
Document<br />
Evaluate<br />
Execute<br />
<strong>Risk</strong><br />
Management<br />
Planning<br />
Document<br />
and<br />
Communicate<br />
Identify<br />
© ESI August 2007 dhy01-01.ppt<br />
1-23<br />
Analyze<br />
Prioritize<br />
© ESI August 2007 dhy01-01.ppt<br />
1-23<br />
Plan
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Management Planning Outputs<br />
Outputs include the following:<br />
Methodology<br />
Roles and responsibilities<br />
Budgeting<br />
Timing<br />
<strong>Risk</strong> categories<br />
Definitions of risk probability and impact<br />
Revised stakeholders’ tolerances<br />
Reporting formats<br />
Tracking<br />
Source: PMBOK ® Guide, pp. 243–246<br />
© ESI August 2007 dhy01-01.ppt<br />
1-24<br />
© ESI August 2007 dhy01-01.ppt<br />
1-24
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Step 2: Identify <strong>Risk</strong>s<br />
<strong>Risk</strong> identification is—<br />
A structured and<br />
consistent approach to<br />
the identification of<br />
potential risk events<br />
A clear and specific<br />
description of the risk<br />
event<br />
A comprehensive list of<br />
risk events<br />
Document<br />
Evaluate<br />
Execute<br />
<strong>Risk</strong><br />
Management<br />
Planning<br />
Document<br />
and<br />
Communicate<br />
Identify<br />
© ESI August 2007 dhy01-01.ppt<br />
1-25<br />
Analyze<br />
Prioritize<br />
© ESI August 2007 dhy01-01.ppt<br />
1-25<br />
Plan
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Identification<br />
Inputs Tools<br />
Work breakdown structure (WBS)<br />
Contractual requirements (statement of<br />
work)<br />
Cost and schedule estimates<br />
Staffing plan<br />
Lessons learned files<br />
Scope statement<br />
Product or deliverables description<br />
Assumptions and constraints<br />
*Source: PMBOK ® Guide, pp. 247–248<br />
Documentation reviews*<br />
<strong>Risk</strong> identification techniques<br />
Checklist, questionnaires, and templates<br />
Assumption analysis*<br />
Diagramming techniques*<br />
© ESI August 2007 dhy01-01.ppt<br />
1-26<br />
© ESI August 2007 dhy01-01.ppt<br />
1-26
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Identification Guidelines<br />
Ensure that risk events are specific and fully<br />
defined<br />
Use the WBS as a basis for risk identification<br />
Develop as comprehensive a list of risks as possible<br />
Perform risk identification tasks as a team or as<br />
groups of team members<br />
Focus on identifying all the risks; don’t try to<br />
analyze at this point<br />
© ESI August 2007 dhy01-01.ppt<br />
1-27<br />
© ESI August 2007 dhy01-01.ppt<br />
1-27
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Outputs of <strong>Risk</strong> Identification<br />
A list of categorized risk events<br />
A documented source for each risk<br />
Potential risk indicators (triggers)<br />
© ESI August 2007 dhy01-01.ppt<br />
1-28<br />
© ESI August 2007 dhy01-01.ppt<br />
1-28
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Exercise 1<br />
Identify 20 Threats Associated<br />
with Your <strong>Project</strong><br />
© ESI August 2007 dhy01-01.ppt<br />
1-29<br />
© ESI August 2007 dhy01-01.ppt<br />
1-29
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Step 3: Analyze <strong>Risk</strong>s<br />
<strong>Risk</strong> analysis is—<br />
The systematic<br />
process of estimating<br />
probability of<br />
occurrence and<br />
magnitude of impact<br />
for each risk event<br />
from Step 2<br />
Document<br />
Evaluate<br />
Execute<br />
<strong>Risk</strong><br />
Management<br />
Planning<br />
Document<br />
and<br />
Communicate<br />
Identify<br />
© ESI August 2007 dhy01-01.ppt<br />
1-30<br />
Analyze<br />
Prioritize<br />
© ESI August 2007 dhy01-01.ppt<br />
1-30<br />
Plan
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Analysis<br />
Inputs Tools<br />
Categorized list of identified risks<br />
WBS<br />
Contractual requirements (statement of work)<br />
Cost and schedule estimates<br />
Lessons learned files<br />
Staffing plan<br />
Other project-related plans<br />
Rating system guidelines<br />
Source: PMBOK® Guide, p. 239<br />
Data-gathering and Representation<br />
Techniques<br />
Interviewing<br />
Probability distributions<br />
Expert judgment<br />
Quantitative <strong>Risk</strong> Analysis and<br />
Modeling Techniques<br />
Sensitivity analysis<br />
Expected monetary value<br />
analysis<br />
Decision tree analysis<br />
Modeling and simulation<br />
PERT<br />
© ESI August 2007 dhy01-01.ppt<br />
1-31<br />
© ESI August 2007 dhy01-01.ppt<br />
1-31
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Presenting <strong>Risk</strong><br />
<strong>Risk</strong> information is typically expressed in 1 of 3 forms:<br />
Qualitative: Categorizes the risk using a rating<br />
system of adjectives or colors to rank probability<br />
and/or impact<br />
Quantitative: Quantifies risk using a percentage to<br />
indicate probability of occurrence and a dollar<br />
value to indicate impact<br />
Descriptive: Uses text to explain the risk in some<br />
depth, including what might happen, why, and<br />
ideas for controlling it; used when neither<br />
qualitative or quantitative are available<br />
© ESI August 2007 dhy01-01.ppt<br />
1-32<br />
© ESI August 2007 dhy01-01.ppt<br />
1-32
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Comparison of Approaches<br />
Qualitative Quantitative Descriptive<br />
Fast and easy to<br />
administer and<br />
understand<br />
Difficult to enforce<br />
uniformly across<br />
organization and<br />
projects<br />
Requires definitions,<br />
rules, standards, and<br />
processes<br />
Preferred methodology, often<br />
mandated by management<br />
More time-consuming;<br />
requires estimation<br />
Misleading in that numbers<br />
may give appearance of<br />
precision and specificity,<br />
unless the precision of the<br />
estimate is given<br />
Difficult if team resists<br />
deriving the numbers<br />
Easier to forecast<br />
Able to use trends<br />
Substantially more valuable in<br />
developing risk response<br />
strategies and reserves<br />
Difficult to quantify<br />
Usually based on<br />
experience<br />
Used when<br />
quantitative and/or<br />
qualitative are not<br />
readily apparent or<br />
available<br />
© ESI August 2007 dhy01-01.ppt<br />
1-33<br />
© ESI August 2007 dhy01-01.ppt<br />
1-33
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Probability Analysis<br />
Purpose<br />
To understand the likelihood of the occurrence<br />
of a risk event<br />
Sources of probability data<br />
Theoretical distributions<br />
Subjective judgment<br />
Simulations<br />
Historical data<br />
© ESI August 2007 dhy01-01.ppt<br />
1-34<br />
© ESI August 2007 dhy01-01.ppt<br />
1-34
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Impact Analysis<br />
Purpose: Understand how the project is affected if<br />
a risk event occurs<br />
<strong>Project</strong> cost<br />
<strong>Project</strong> schedule<br />
Sources of impact data<br />
Historical data<br />
Estimates<br />
Expert judgment<br />
Simulations<br />
Impact assessment is basically an estimation<br />
process<br />
© ESI August 2007 dhy01-01.ppt<br />
1-35<br />
© ESI August 2007 dhy01-01.ppt<br />
1-35
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Project</strong> Cost Impacts<br />
Each risk event must be analyzed to assess<br />
potential impacts to project costs resulting from<br />
such factors as—<br />
Level of effort<br />
Labor rates<br />
Task duration<br />
Direct materials<br />
Equipment and tools<br />
© ESI August 2007 dhy01-01.ppt<br />
1-36<br />
© ESI August 2007 dhy01-01.ppt<br />
1-36
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Project</strong> Schedule Impacts<br />
Each risk event must be analyzed to assess<br />
potential impacts to the project schedule resulting<br />
from such factors as—<br />
Resource shortages<br />
Duration expansions<br />
Other delays<br />
The network diagram must be analyzed to assess<br />
the impacts due to—<br />
Path convergence (parallel activities)<br />
Dependent activities<br />
© ESI August 2007 dhy01-01.ppt<br />
1-37<br />
© ESI August 2007 dhy01-01.ppt<br />
1-37
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Start<br />
Analyzing Schedule <strong>Risk</strong>s<br />
A<br />
B<br />
G<br />
C D<br />
E F End<br />
© ESI August 2007 dhy01-01.ppt<br />
1-38<br />
© ESI August 2007 dhy01-01.ppt<br />
1-38
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Tools and Techniques for <strong>Risk</strong> Analysis<br />
Expert judgment<br />
Expected value<br />
Decision trees<br />
Statistical sums<br />
Program Evaluation and Review Technique<br />
(PERT)<br />
Computer simulation<br />
Monte Carlo<br />
© ESI August 2007 dhy01-01.ppt<br />
1-39<br />
© ESI August 2007 dhy01-01.ppt<br />
1-39
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Exercise 2<br />
Analyze the 20 <strong>Risk</strong>s You<br />
Identified in Exercise 1<br />
© ESI August 2007 dhy01-01.ppt<br />
1-40<br />
© ESI August 2007 dhy01-01.ppt<br />
1-40
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Step 4: Prioritize <strong>Risk</strong>s<br />
<strong>Risk</strong> prioritization is the<br />
process of ranking<br />
identified risks<br />
The project team must<br />
decide which risks will<br />
be addressed, based on<br />
the premise that there<br />
never will be enough<br />
time and resources to<br />
respond to all risks<br />
Document<br />
Evaluate<br />
Execute<br />
<strong>Risk</strong><br />
Management<br />
Planning<br />
Document<br />
and<br />
Communicate<br />
Identify<br />
© ESI August 2007 dhy01-01.ppt<br />
1-41<br />
Analyze<br />
Prioritize<br />
© ESI August 2007 dhy01-01.ppt<br />
1-41<br />
Plan
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Prioritization<br />
Inputs Tools<br />
List of analyzed risks<br />
Prioritization structure<br />
Qualitative assessment<br />
Quantitative assessment<br />
Comparative risk ranking<br />
© ESI August 2007 dhy01-01.ppt<br />
1-42<br />
© ESI August 2007 dhy01-01.ppt<br />
1-42
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Prioritization Guidelines<br />
Rank analyzed risks highest to lowest, based on<br />
Step 3, “Analyze”<br />
Prioritize threats and opportunities separately<br />
Prioritize risks as a team<br />
Use quantitative rankings when possible, and use<br />
qualitative ranking if necessary<br />
Do not plan risk response strategies at this time<br />
© ESI August 2007 dhy01-01.ppt<br />
1-43<br />
© ESI August 2007 dhy01-01.ppt<br />
1-43
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Exercise 3<br />
Prioritize Your Top-5 <strong>Risk</strong>s from<br />
Highest to Lowest<br />
© ESI August 2007 dhy01-01.ppt<br />
1-44<br />
© ESI August 2007 dhy01-01.ppt<br />
1-44
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Step 5: <strong>Risk</strong> Response Planning<br />
<strong>Risk</strong> response planning<br />
involves—<br />
Creating risk response<br />
strategies separately for<br />
both threats and<br />
opportunities<br />
Evaluating and selecting<br />
a primary response<br />
Incorporating responses<br />
into the risk and project<br />
plans<br />
Document<br />
Evaluate<br />
Execute<br />
<strong>Risk</strong><br />
Management<br />
Planning<br />
Document<br />
and<br />
Communicate<br />
Identify<br />
© ESI August 2007 dhy01-01.ppt<br />
1-45<br />
Analyze<br />
Prioritize<br />
© ESI August 2007 dhy01-01.ppt<br />
1-45<br />
Plan
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Response Planning Process<br />
Inputs Tools<br />
Prioritized risk listing<br />
Opportunities to pursue, threats to respond to<br />
Opportunities to accept, threats to accept<br />
<strong>Project</strong> plan<br />
Specific tools<br />
<strong>Risk</strong> response development worksheet<br />
Comparative risk ranking (CRR)<br />
<strong>Risk</strong> Response Analysis Matrix<br />
Idea-generation tools<br />
Group techniques<br />
Analogy comparisons<br />
Decision-making tools<br />
Decision trees<br />
Life-cycle cost analysis<br />
Financial measures<br />
Probability functions<br />
© ESI August 2007 dhy01-01.ppt<br />
1-46<br />
© ESI August 2007 dhy01-01.ppt<br />
1-46
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Response Strategies for Threats<br />
Accept (accepting the consequences)<br />
Mitigate (reducing the expected value of a threat)<br />
Minimizing the probability of the threat event<br />
Minimizing the impact of the threat event<br />
Transfer (shifting some or all of the threat to<br />
another)<br />
Avoid (eliminating a specific threat, usually by<br />
eliminating the cause)<br />
Source: PMBOK ® Guide, pp. 261–263<br />
© ESI August 2007 dhy01-01.ppt<br />
1-47<br />
© ESI August 2007 dhy01-01.ppt<br />
1-47
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Response Strategies for Opportunities<br />
Accept: Active or passive<br />
Enhance<br />
Maximize the probability of the opportunity<br />
event<br />
Maximize the impact of the opportunity event<br />
Exploit (ensure opportunity is realized)<br />
Share (allocate all or part of the ownership to third<br />
party)<br />
Source: PMBOK ® Guide, pp. 262–263<br />
© ESI August 2007 dhy01-01.ppt<br />
1-48<br />
© ESI August 2007 dhy01-01.ppt<br />
1-48
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Response Escalation<br />
If appropriate risk response strategies for severe<br />
threats or significant opportunities cannot be<br />
developed—<br />
The project manager is responsible for<br />
escalating to senior management<br />
© ESI August 2007 dhy01-01.ppt<br />
1-49<br />
© ESI August 2007 dhy01-01.ppt<br />
1-49
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Exercise 4<br />
Conduct a Threat Response for<br />
Your Top-5 <strong>Risk</strong>s You Identified<br />
in Exercise 3<br />
© ESI August 2007 dhy01-01.ppt<br />
1-50<br />
© ESI August 2007 dhy01-01.ppt<br />
1-50
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Definition of Reserves<br />
Reserves: “A provision in the project management<br />
plan to mitigate cost and/or schedule risk”<br />
Management reserves: A separately planned<br />
quantity used to allow for future situations that are<br />
impossible to predict, “unknown unknowns”<br />
Contingency reserves: “The amount of funds,<br />
budget, or time needed above the estimate to<br />
reduce the risk of overruns of project objectives to<br />
a level acceptable to the organization,” “known<br />
unknowns”<br />
Reserves are intended only for “in scope” risks<br />
Source: PMBOK ® Guide, pp. 372, 169, 355<br />
© ESI August 2007 dhy01-01.ppt<br />
1-51<br />
© ESI August 2007 dhy01-01.ppt<br />
1-51
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Update <strong>Risk</strong> Management Plan<br />
Represents the final output of all the risk response<br />
work<br />
Contains results of the preceding steps of risk<br />
identification, analysis, and prioritization<br />
Includes how contingency plans will be<br />
implemented and executed<br />
Includes how reserves will be allocated<br />
Provides structure for future risk management<br />
updates<br />
Provides a good basis for lessons learned<br />
© ESI August 2007 dhy01-01.ppt<br />
1-52<br />
© ESI August 2007 dhy01-01.ppt<br />
1-52
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Monitoring and Control<br />
“[T]he process of identifying, analyzing, and planning for<br />
newly arising risks, keeping track of the identified risks and<br />
those on the watchlist, reanalyzing existing risks…and<br />
reviewing the execution of risk responses while evaluating<br />
their effectiveness”*<br />
Integrated with project plan, execution, and control<br />
processes<br />
Related to the accomplishment of project objectives<br />
Performed continuously during the project<br />
Composed of 3 steps<br />
Execute the risk management plan (RMP)<br />
Evaluate the RMP<br />
Update documentation in the RMP<br />
*Source: PMBOK® Guide, p. 264<br />
© ESI August 2007 dhy01-01.ppt<br />
1-53<br />
© ESI August 2007 dhy01-01.ppt<br />
1-53
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong><br />
management<br />
plan<br />
<strong>Risk</strong> Monitoring and Control Overview<br />
<strong>Risk</strong> monitoring and<br />
control<br />
Execute<br />
Evaluate<br />
Document<br />
Updated<br />
risk<br />
response<br />
development<br />
Updated<br />
risk<br />
management<br />
plan<br />
Planned<br />
responses,<br />
evaluations,<br />
additional<br />
responses<br />
<strong>Project</strong> execution<br />
and<br />
control processes<br />
Updated<br />
prioritized<br />
risk list <strong>Risk</strong><br />
reassessment<br />
Progress,<br />
deviations,<br />
variances<br />
© ESI August 2007 dhy01-01.ppt<br />
1-54<br />
© ESI August 2007 dhy01-01.ppt<br />
1-54
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Step 6: Execute <strong>Risk</strong> Strategy<br />
<strong>Risk</strong> executing involves—<br />
Implementing risk<br />
response strategies in<br />
the project plan<br />
Monitoring and reacting<br />
to risk triggers,<br />
symptoms, indicators,<br />
and residual risks<br />
Communicating plan<br />
status to project<br />
stakeholders<br />
Document<br />
Evaluate<br />
Execute<br />
<strong>Risk</strong><br />
Management<br />
Planning<br />
Document<br />
and<br />
Communicate<br />
Identify<br />
© ESI August 2007 dhy01-01.ppt<br />
1-55<br />
Analyze<br />
Prioritize<br />
© ESI August 2007 dhy01-01.ppt<br />
1-55<br />
Plan
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Execute <strong>Risk</strong> Strategies<br />
Inputs Tools<br />
<strong>Project</strong> plan<br />
<strong>Risk</strong> management plan<br />
<strong>Risk</strong> list<br />
Approved change<br />
requests<br />
Work performance<br />
information<br />
Performance requests<br />
Technical performance measurement<br />
Status reports and meetings<br />
Early warning system<br />
© ESI August 2007 dhy01-01.ppt<br />
1-56<br />
© ESI August 2007 dhy01-01.ppt<br />
1-56
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Execution Terms<br />
Problem—A negative risk event, either known or<br />
unknown, that materializes<br />
Windfall—A positive risk event, either known or<br />
unknown, that materializes<br />
Workaround—A response, not defined in advance, to a<br />
negative risk event that has materialized<br />
Corrective action—Performing the response to a<br />
negative risk event, either planned or unplanned,<br />
when the threat materializes<br />
© ESI August 2007 dhy01-01.ppt<br />
1-57<br />
© ESI August 2007 dhy01-01.ppt<br />
1-57
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Establish an Early Warning System<br />
Establish an early warning system to detect deviations<br />
from plan that may be or may cause risk triggers.<br />
Exposure increases as cost and schedule variances<br />
increase<br />
Examples of early warning include—<br />
Cost variance<br />
Schedule variance<br />
Changes in forecasted project end date<br />
Changes in float<br />
Changes in stakeholder attitude<br />
Emergence of additional critical paths<br />
© ESI August 2007 dhy01-01.ppt<br />
1-58<br />
© ESI August 2007 dhy01-01.ppt<br />
1-58
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Step 7: Evaluate Results<br />
Evaluating risk response results<br />
involves—<br />
Monitoring the<br />
effectiveness of risk<br />
response strategies<br />
Evaluating corrective<br />
actions taken<br />
Reanalyzing existing risks<br />
Reassessing the risk<br />
environment<br />
Evaluating project<br />
assumption validity<br />
Identifying new risks<br />
Adjusting the plan<br />
accordingly<br />
Document<br />
Evaluate<br />
Execute<br />
<strong>Risk</strong><br />
Management<br />
Planning<br />
Document<br />
and<br />
Communicate<br />
Identify<br />
© ESI August 2007 dhy01-01.ppt<br />
1-59<br />
Analyze<br />
Prioritize<br />
© ESI August 2007 dhy01-01.ppt<br />
1-59<br />
Plan
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong> Evaluation<br />
Inputs Tools<br />
<strong>Risk</strong> management plan<br />
and project plan<br />
Cost and schedule<br />
performance<br />
All relevant event<br />
information<br />
Corrective actions<br />
Change requests<br />
<strong>Risk</strong> reassessment<br />
<strong>Risk</strong> audits<br />
Variance and trend analysis<br />
Assumptions analysis<br />
Technical performance measurement<br />
Reserve and contingency analysis<br />
Status meetings<br />
© ESI August 2007 dhy01-01.ppt<br />
1-60<br />
© ESI August 2007 dhy01-01.ppt<br />
1-60
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Evaluation Guidelines<br />
Identify opportunities to refine the risk<br />
management plan<br />
Identify any additional action required<br />
Reassess risks and response strategies<br />
Determine whether the consequences of the<br />
strategy were the same as envisioned<br />
© ESI August 2007 dhy01-01.ppt<br />
1-61<br />
© ESI August 2007 dhy01-01.ppt<br />
1-61
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Step 8: <strong>Risk</strong> Management Plan<br />
Documentation<br />
<strong>Risk</strong> updating involves—<br />
Recording outcomes of<br />
risk reassessments<br />
Closing out risks no<br />
longer applicable<br />
Documenting changes<br />
to probability and<br />
impact matrixes and the<br />
risk breakdown<br />
structure (RBS)<br />
Creating lessons learned<br />
Revising and reissuing<br />
the project management<br />
plan<br />
Document<br />
Evaluate<br />
Execute<br />
<strong>Risk</strong><br />
Management<br />
Planning<br />
Document<br />
and<br />
Communicate<br />
Identify<br />
© ESI August 2007 dhy01-01.ppt<br />
1-62<br />
Analyze<br />
Prioritize<br />
© ESI August 2007 dhy01-01.ppt<br />
1-62<br />
Plan
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Update <strong>Risk</strong> Documentation<br />
Inputs Tools<br />
<strong>Risk</strong> identification and analysis data<br />
<strong>Risk</strong> management results<br />
<strong>Project</strong> results<br />
Assumptions and impressions<br />
Interpretations and analysis<br />
Documentation tools<br />
Simple reporting format<br />
Routine project reports<br />
ESI risk tools<br />
© ESI August 2007 dhy01-01.ppt<br />
1-63<br />
© ESI August 2007 dhy01-01.ppt<br />
1-63
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Benefits of Updating the <strong>Risk</strong> Management<br />
Plan<br />
Provides a valuable historical reference for future<br />
projects (lessons learned)<br />
Provides a project chronology of events for audit<br />
and other reasons<br />
Provides a communications mechanism<br />
The <strong>Risk</strong> Management Plan should be updated by the<br />
project team members.<br />
© ESI August 2007 dhy01-01.ppt<br />
1-64<br />
© ESI August 2007 dhy01-01.ppt<br />
1-64
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
<strong>Risk</strong>—The Final Steps During <strong>Project</strong><br />
Closeout<br />
<strong>Risk</strong> response control and risk management conclude<br />
with—<br />
Final risk assessment<br />
Cost, schedule, and performance<br />
Goal achievement assessment<br />
Determine whether the customer is satisfied<br />
Evaluation for lessons learned<br />
Identify implications for the future<br />
© ESI August 2007 dhy01-01.ppt<br />
1-65<br />
© ESI August 2007 dhy01-01.ppt<br />
1-65
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Workshop Review<br />
By now you should be able to—<br />
Define risk and risk management<br />
Identify risks using various methods<br />
Assess the potential impact of risk factors<br />
Prioritize risks to determine the most important<br />
Develop effective risk response strategies<br />
Control risk during project execution using proven<br />
tools and techniques<br />
Use a practical 8-step process to manage project<br />
risk<br />
Integrate <strong>Risk</strong> Management into the overall <strong>Project</strong><br />
Management process<br />
© ESI August 2007 dhy01-01.ppt<br />
1-66<br />
© ESI August 2007 dhy01-01.ppt<br />
1-66
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
Bibliography and Suggested Reading<br />
<strong>Project</strong> Management Institute. A Guide to the<br />
<strong>Project</strong> Management Body of Knowledge.<br />
Newtown Square, Pa.: <strong>Project</strong> Management<br />
Institute, 2004.<br />
Ward, LeRoy, ed. <strong>Project</strong> Management Terms: A<br />
Working Glossary. Arlington, Va.: ESI International,<br />
2000.<br />
© ESI August 2007 dhy01-01.ppt<br />
1-67<br />
© ESI August 2007 dhy01-01.ppt<br />
1-67
Notes<br />
<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />
The ESI Team Appreciates Your Time.<br />
Please visit us at Booth #59.<br />
Free White Papers: Knowledge to Help You Improve<br />
Performance<br />
• Saving Troubled <strong>Project</strong>s: Five Steps to Rapid Recovery<br />
• The Hard Work Behind Soft Skills: Closing the Gap Between Technical and Business<br />
Expertise<br />
• Eight Things Your Business Analysts Need to Know: A Practical Approach to<br />
Recognizing and Improving Competencies<br />
• Establishing and Maturing a Business Analysis Center of Excellence: The Essential<br />
Guide<br />
• Collaborating for Successful EVM: Five Fundamental Roles<br />
• Improving Sourcing Outcomes: The Three Cs of Vendor Management Success<br />
Download ©ESI these August 2007 valuable dhy01-01.ppt white papers today at www.esi-intl.com/whitepapers.<br />
1-68<br />
© ESI August 2007 dhy01-01.ppt<br />
1-68