Managing Project Risk
17.08.2013 Views
Share Embed Flag

Managing Project Risk

Managing Project Risk

Managing Project Risk

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
media.govtech.net

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

<strong>Managing</strong><br />

<strong>Project</strong> <strong>Risk</strong><br />

DHY01 0807

© Copyright ESI International<br />

August 2007<br />

All rights reserved.<br />

No part of this publication may be reproduced, stored in a retrieval system, or<br />

transmitted, in any form or by any means, electronic, mechanical, photocopying,<br />

recording, or otherwise, without the prior written permission of ESI International.<br />

ESI grants federal government users "Restricted Rights" (as the term is defined in<br />

FAR 52.227-14 and DFARS 252.227-7013). Use, reproduction, or disclosure of<br />

these materials is subject to the restrictions set forth in the MOBIS, FSS, or contract<br />

under which the materials were provided.<br />

All material from A Guide to the <strong>Project</strong> Management Body of Knowledge (PMBOK ®<br />

Guide) is reprinted with permission of the <strong>Project</strong> Management Institute,<br />

Four Campus Boulevard, Newtown Square, Pennsylvania 19073-3299, USA, a<br />

worldwide organization of advancing the state-of-the-art in project management.<br />

Phone: (610)356-4600, Fax: (610)356-4647.<br />

PMI ® did not participate in the development of this publication and has not<br />

reviewed the content for accuracy. PMI ® does not endorse or otherwise sponsor this<br />

publication and makes no warranty, guarantee, or representation, expressed or<br />

implied, as to its accuracy or content. PMI ® does not have any financial interest in<br />

this publication and has not contributed any financial resources.<br />

The names of all companies and characters used in these materials are purely<br />

fictional. Any resemblance to any existing or no longer existing company or living<br />

or dead person is not intended, and is purely coincidental.<br />

“PMI” is a service and trademark of the <strong>Project</strong> Management Institute, Inc., which is<br />

registered in the United States and other nations.<br />

“PMBOK” is a trademark of the <strong>Project</strong> Management Institute, Inc., which is<br />

registered in the United States and other nations.<br />

“PMP” is a certification mark of the <strong>Project</strong> Management Institute, Inc., which is<br />

registered in the United States and other nations.<br />

ESI International<br />

Arlington, VA USA

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

© ESI August 2007 dhy01-01.ppt<br />

1-1

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Course Objectives<br />

By the end of this course, you will be able to—<br />

Identify risks using various methods<br />

Assess the potential impact of risk factors<br />

Prioritize risks to determine the most important<br />

Develop effective risk response strategies<br />

Control risk during project execution using proven<br />

tools and techniques<br />

Use a practical 8-step process to manage project<br />

risk<br />

Integrate risk management into the overall project<br />

management process<br />

© ESI August 2007 dhy01-01.ppt<br />

1-3<br />

© ESI August 2007 dhy01-01.ppt<br />

1-3

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

What Is a <strong>Project</strong>?<br />

“[A] temporary endeavor undertaken to create a unique<br />

product, service, or result”*<br />

—PMBOK® Guide, p. 5<br />

<strong>Project</strong><br />

A<br />

*Source: <strong>Project</strong> Management Institute. A Guide to the <strong>Project</strong> Management Body of Knowledge. 3d ed.<br />

Newtown Square, Pa.: <strong>Project</strong> Management Institute, 2004.<br />

“PMBOK” is a trademark of the <strong>Project</strong> Management Institute, Inc., which is registered in the United States<br />

and other nations.<br />

© ESI August 2007 dhy01-01.ppt<br />

1-4<br />

© ESI August 2007 dhy01-01.ppt<br />

1-4<br />

<strong>Project</strong><br />

C<br />

Ongoing Business Operation<br />

<strong>Project</strong><br />

D<br />

Program X<br />

<strong>Project</strong><br />

B<br />

Program Y<br />

<strong>Project</strong><br />

E<br />

Cancelled

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Project</strong> Management<br />

[T]he application of knowledge, skills, tools and<br />

techniques to project activities to meet project<br />

requirements<br />

[A]ccomplished through the application and<br />

integration of the project management processes of<br />

initiating, planning, executing, monitoring and<br />

controlling, and closing<br />

—PMBOK® Guide, p. 8<br />

Sound project management helps ensure success.<br />

© ESI August 2007 dhy01-01.ppt<br />

1-5<br />

© ESI August 2007 dhy01-01.ppt<br />

1-5

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Project</strong> Life Cycle<br />

<strong>Project</strong>s are usually divided into phases<br />

Collectively, these phases make up the project life<br />

cycle<br />

I<br />

Initiation<br />

P<br />

Planning<br />

I<br />

Implementation<br />

C<br />

Closeout<br />

© ESI August 2007 dhy01-01.ppt<br />

1-6<br />

© ESI August 2007 dhy01-01.ppt<br />

1-6

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Project</strong> Management Process Groups<br />

The PMBOK® Guide’s five project process groups: Initiating,<br />

Planning, Executing, Monitoring and Controlling, and Closing<br />

Initiating<br />

Processes<br />

Monitoring and<br />

Controlling Processes<br />

Planning Process<br />

Executing Processes<br />

Initiating<br />

Processes Closing<br />

Processes<br />

Monitoring and<br />

Controlling Processes<br />

Planning Process<br />

Executing Processes<br />

Source: PMBOK® Guide, p. 69<br />

<strong>Project</strong><br />

Process<br />

Groups<br />

Life Cycle<br />

Phase Phase Phase Phase<br />

Initiating<br />

Processes Closing<br />

Processes<br />

Monitoring and<br />

Controlling Processes<br />

Planning Process<br />

Executing Processes<br />

Initiating<br />

Processes Closing<br />

Processes<br />

Monitoring and<br />

Controlling Processes<br />

Initiating<br />

Processes<br />

Monitoring and<br />

Controlling Processes<br />

Planning Process<br />

Executing Processes<br />

© ESI August 2007 dhy01-01.ppt<br />

1-7<br />

Closing<br />

Processes<br />

© ESI August 2007 dhy01-01.ppt<br />

1-7<br />

Planning Process<br />

Executing Processes<br />

Closing<br />

Processes

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Needs<br />

The Right Start<br />

Goals and<br />

Outcomes<br />

Becoming<br />

more<br />

specific<br />

Specific<br />

Objectives<br />

Functional<br />

Requirements<br />

Technical Requirements<br />

© ESI August 2007 dhy01-01.ppt<br />

1-8<br />

© ESI August 2007 dhy01-01.ppt<br />

1-8

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Formulating Good Objectives<br />

Objective<br />

An understanding between someone who needs<br />

something and someone who can provide it<br />

Exists at all levels (corporate, project, work team,<br />

specific task)<br />

Uses the SMART model<br />

S = Specific<br />

M = Measurable<br />

A = Agreed-upon<br />

R = Realistic<br />

T = Time-based<br />

© ESI August 2007 dhy01-01.ppt<br />

1-9<br />

© ESI August 2007 dhy01-01.ppt<br />

1-9

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Work Breakdown Structure (WBS)<br />

The WBS—<br />

[Is a] deliverable-oriented hierarchical<br />

decomposition of the work to be executed by the<br />

project team to accomplish the project objectives<br />

and create the required deliverables<br />

[O]rganizes and defines the total scope of the<br />

project<br />

[Subdivides the project work into smaller, more<br />

manageable pieces of work, with] each descending<br />

level [of the WBS] represent[ing] an increasingly<br />

detailed definition of the project work<br />

—PMBOK® Guide, p. 379<br />

© ESI August 2007 dhy01-01.ppt<br />

1-10<br />

© ESI August 2007 dhy01-01.ppt<br />

1-10

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Organizing the WBS<br />

Define the project—<br />

Scope<br />

Tasks<br />

Work packages<br />

Technical baseline<br />

Organize the WBS to allow—<br />

For realistic estimating<br />

Assignment to a single organizational unit or<br />

for exclusive responsibility<br />

Use tools consistent with your comfort level and<br />

project needs<br />

© ESI August 2007 dhy01-01.ppt<br />

1-11<br />

© ESI August 2007 dhy01-01.ppt<br />

1-11

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

WBS Review<br />

The WBS should—<br />

Be consistent<br />

Be task oriented and start with a verb, or be<br />

deliverable oriented and start with a noun<br />

Be decomposed to your level of control<br />

Ensure that each work package accomplishes a<br />

discrete work element<br />

Make work packages SMART<br />

© ESI August 2007 dhy01-01.ppt<br />

1-12<br />

© ESI August 2007 dhy01-01.ppt<br />

1-12

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Key Definitions<br />

<strong>Project</strong> risk<br />

“An uncertain event or condition that, if it occurs,<br />

has a positive or a negative effect on at least one<br />

project objective…”<br />

<strong>Risk</strong> management<br />

“…includes the processes concerned with<br />

conducting risk management planning,<br />

identification, analysis, responses, and monitoring<br />

and control on a project…”<br />

Includes “increas[ing] the probability and impact of<br />

positive events, and decreas[ing] the probability<br />

and impact of events adverse to the project”<br />

Source: PMBOK ® Guide, pp. 237–238<br />

© ESI August 2007 dhy01-01.ppt<br />

1-13<br />

© ESI August 2007 dhy01-01.ppt<br />

1-13

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Probability<br />

of<br />

occurrence<br />

Dual Nature of <strong>Risk</strong><br />

Threat Opportunity<br />

Consequence<br />

of<br />

failure<br />

Probability<br />

of<br />

success<br />

Benefit<br />

of<br />

success<br />

© ESI August 2007 dhy01-01.ppt<br />

1-14<br />

© ESI August 2007 dhy01-01.ppt<br />

1-14

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Uncertainty<br />

Unknown–Unknowns<br />

Known–Unknowns<br />

Known–Knowns<br />

Known risks: <strong>Risk</strong>s that were identified by the<br />

project team<br />

Unknown risks: <strong>Risk</strong>s that were not identified<br />

© ESI August 2007 dhy01-01.ppt<br />

1-15<br />

© ESI August 2007 dhy01-01.ppt<br />

1-15

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Elements of <strong>Risk</strong><br />

A definable event<br />

Probability of occurrence<br />

Impact (consequence) of occurrence<br />

© ESI August 2007 dhy01-01.ppt<br />

1-16<br />

© ESI August 2007 dhy01-01.ppt<br />

1-16

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Is a Function of Its Elements<br />

Expected value = (probability of occurrence) × (impact of occurrence)<br />

Probability<br />

of<br />

Occurrence<br />

Low<br />

High<br />

Low<br />

<strong>Risk</strong> from snow in Maine<br />

Impact of Occurrence<br />

<strong>Risk</strong> from snow in Georgia<br />

© ESI August 2007 dhy01-01.ppt<br />

1-17<br />

© ESI August 2007 dhy01-01.ppt<br />

1-17<br />

High

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Benefits of <strong>Risk</strong> Management<br />

Minimize management by crisis<br />

Encourage proactive management<br />

Minimize surprises and problems<br />

Gain competitive advantage<br />

Decrease overall probability of project variances<br />

Increase probability of project success<br />

Increase profitability<br />

Focus on building the right product the first time<br />

Prevent problems from occurring, or if they occur,<br />

from escalating<br />

© ESI August 2007 dhy01-01.ppt<br />

1-18<br />

© ESI August 2007 dhy01-01.ppt<br />

1-18

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Responsibilities in <strong>Risk</strong> Management<br />

<strong>Project</strong> manager<br />

Initiate and lead the risk<br />

management process<br />

Provide direction to the<br />

project team on the risk<br />

management process<br />

and tools<br />

<strong>Project</strong> team<br />

Understand and follow<br />

the risk management<br />

process<br />

Execute risk<br />

management<br />

strategies<br />

Report status on the risk<br />

management process<br />

© ESI August 2007 dhy01-01.ppt<br />

1-19<br />

© ESI August 2007 dhy01-01.ppt<br />

1-19

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Management—A Full <strong>Project</strong> Life-<br />

Cycle Responsibility<br />

Initiate Plan<br />

Preliminary<br />

project plan<br />

<strong>Project</strong> Life Cycle<br />

<strong>Risk</strong> Planning Processes<br />

Final<br />

project plan<br />

Implement<br />

Execute Control<br />

<strong>Project</strong> <strong>Project</strong><br />

replanning replanning<br />

<strong>Risk</strong> assessment and response processes are performed—<br />

At regular intervals throughout the project life cycle<br />

Every time a new baseline or plan is established<br />

At major milestones or decision check points<br />

<strong>Risk</strong> Monitoring and Control Processes<br />

<strong>Risk</strong> monitoring and control processes are performed—<br />

Continuously throughout the project life cycle<br />

During project status and reporting updates<br />

Closeout<br />

© ESI August 2007 dhy01-01.ppt<br />

1-20<br />

© ESI August 2007 dhy01-01.ppt<br />

1-20

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Management Process<br />

Inputs<br />

Requirements<br />

People<br />

Development process<br />

Management<br />

Schedule<br />

Budget<br />

Quality<br />

Assumptions<br />

Constraints<br />

Testing<br />

Expectations<br />

Deployment<br />

Security<br />

Training<br />

Tools<br />

and<br />

Techniques Outputs<br />

<strong>Risk</strong><br />

Management<br />

Prioritized risks<br />

(<strong>Risk</strong> Listing)<br />

<strong>Risk</strong> response plan<br />

<strong>Project</strong> plan updates<br />

© ESI August 2007 dhy01-01.ppt<br />

1-21<br />

© ESI August 2007 dhy01-01.ppt<br />

1-21

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Monitoring<br />

and Control*<br />

ESI’s <strong>Risk</strong> Management Model<br />

Document<br />

Evaluate<br />

Execute<br />

*PMI ® <strong>Project</strong> <strong>Risk</strong> Management Processes<br />

Source: PMBOK ® Guide, p. 239<br />

<strong>Risk</strong><br />

Management<br />

Planning<br />

Document and<br />

Communicate<br />

Plan<br />

Identify<br />

Analyze<br />

Prioritize<br />

<strong>Risk</strong> Management Planning*<br />

<strong>Risk</strong> Identification*<br />

Qualitative <strong>Risk</strong> Analysis* and<br />

Quantitative <strong>Risk</strong> Analysis*<br />

<strong>Risk</strong> Response Planning*<br />

© ESI August 2007 dhy01-01.ppt<br />

1-22<br />

© ESI August 2007 dhy01-01.ppt<br />

1-22

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Step 1: <strong>Risk</strong> Management Planning<br />

<strong>Risk</strong> management<br />

planning is the—<br />

Preliminary planning<br />

for addressing risk<br />

Initial development of<br />

a framework to be<br />

carried out during the<br />

project<br />

Document<br />

Evaluate<br />

Execute<br />

<strong>Risk</strong><br />

Management<br />

Planning<br />

Document<br />

and<br />

Communicate<br />

Identify<br />

© ESI August 2007 dhy01-01.ppt<br />

1-23<br />

Analyze<br />

Prioritize<br />

© ESI August 2007 dhy01-01.ppt<br />

1-23<br />

Plan

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Management Planning Outputs<br />

Outputs include the following:<br />

Methodology<br />

Roles and responsibilities<br />

Budgeting<br />

Timing<br />

<strong>Risk</strong> categories<br />

Definitions of risk probability and impact<br />

Revised stakeholders’ tolerances<br />

Reporting formats<br />

Tracking<br />

Source: PMBOK ® Guide, pp. 243–246<br />

© ESI August 2007 dhy01-01.ppt<br />

1-24<br />

© ESI August 2007 dhy01-01.ppt<br />

1-24

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Step 2: Identify <strong>Risk</strong>s<br />

<strong>Risk</strong> identification is—<br />

A structured and<br />

consistent approach to<br />

the identification of<br />

potential risk events<br />

A clear and specific<br />

description of the risk<br />

event<br />

A comprehensive list of<br />

risk events<br />

Document<br />

Evaluate<br />

Execute<br />

<strong>Risk</strong><br />

Management<br />

Planning<br />

Document<br />

and<br />

Communicate<br />

Identify<br />

© ESI August 2007 dhy01-01.ppt<br />

1-25<br />

Analyze<br />

Prioritize<br />

© ESI August 2007 dhy01-01.ppt<br />

1-25<br />

Plan

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Identification<br />

Inputs Tools<br />

Work breakdown structure (WBS)<br />

Contractual requirements (statement of<br />

work)<br />

Cost and schedule estimates<br />

Staffing plan<br />

Lessons learned files<br />

Scope statement<br />

Product or deliverables description<br />

Assumptions and constraints<br />

*Source: PMBOK ® Guide, pp. 247–248<br />

Documentation reviews*<br />

<strong>Risk</strong> identification techniques<br />

Checklist, questionnaires, and templates<br />

Assumption analysis*<br />

Diagramming techniques*<br />

© ESI August 2007 dhy01-01.ppt<br />

1-26<br />

© ESI August 2007 dhy01-01.ppt<br />

1-26

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Identification Guidelines<br />

Ensure that risk events are specific and fully<br />

defined<br />

Use the WBS as a basis for risk identification<br />

Develop as comprehensive a list of risks as possible<br />

Perform risk identification tasks as a team or as<br />

groups of team members<br />

Focus on identifying all the risks; don’t try to<br />

analyze at this point<br />

© ESI August 2007 dhy01-01.ppt<br />

1-27<br />

© ESI August 2007 dhy01-01.ppt<br />

1-27

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Outputs of <strong>Risk</strong> Identification<br />

A list of categorized risk events<br />

A documented source for each risk<br />

Potential risk indicators (triggers)<br />

© ESI August 2007 dhy01-01.ppt<br />

1-28<br />

© ESI August 2007 dhy01-01.ppt<br />

1-28

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Exercise 1<br />

Identify 20 Threats Associated<br />

with Your <strong>Project</strong><br />

© ESI August 2007 dhy01-01.ppt<br />

1-29<br />

© ESI August 2007 dhy01-01.ppt<br />

1-29

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Step 3: Analyze <strong>Risk</strong>s<br />

<strong>Risk</strong> analysis is—<br />

The systematic<br />

process of estimating<br />

probability of<br />

occurrence and<br />

magnitude of impact<br />

for each risk event<br />

from Step 2<br />

Document<br />

Evaluate<br />

Execute<br />

<strong>Risk</strong><br />

Management<br />

Planning<br />

Document<br />

and<br />

Communicate<br />

Identify<br />

© ESI August 2007 dhy01-01.ppt<br />

1-30<br />

Analyze<br />

Prioritize<br />

© ESI August 2007 dhy01-01.ppt<br />

1-30<br />

Plan

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Analysis<br />

Inputs Tools<br />

Categorized list of identified risks<br />

WBS<br />

Contractual requirements (statement of work)<br />

Cost and schedule estimates<br />

Lessons learned files<br />

Staffing plan<br />

Other project-related plans<br />

Rating system guidelines<br />

Source: PMBOK® Guide, p. 239<br />

Data-gathering and Representation<br />

Techniques<br />

Interviewing<br />

Probability distributions<br />

Expert judgment<br />

Quantitative <strong>Risk</strong> Analysis and<br />

Modeling Techniques<br />

Sensitivity analysis<br />

Expected monetary value<br />

analysis<br />

Decision tree analysis<br />

Modeling and simulation<br />

PERT<br />

© ESI August 2007 dhy01-01.ppt<br />

1-31<br />

© ESI August 2007 dhy01-01.ppt<br />

1-31

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Presenting <strong>Risk</strong><br />

<strong>Risk</strong> information is typically expressed in 1 of 3 forms:<br />

Qualitative: Categorizes the risk using a rating<br />

system of adjectives or colors to rank probability<br />

and/or impact<br />

Quantitative: Quantifies risk using a percentage to<br />

indicate probability of occurrence and a dollar<br />

value to indicate impact<br />

Descriptive: Uses text to explain the risk in some<br />

depth, including what might happen, why, and<br />

ideas for controlling it; used when neither<br />

qualitative or quantitative are available<br />

© ESI August 2007 dhy01-01.ppt<br />

1-32<br />

© ESI August 2007 dhy01-01.ppt<br />

1-32

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Comparison of Approaches<br />

Qualitative Quantitative Descriptive<br />

Fast and easy to<br />

administer and<br />

understand<br />

Difficult to enforce<br />

uniformly across<br />

organization and<br />

projects<br />

Requires definitions,<br />

rules, standards, and<br />

processes<br />

Preferred methodology, often<br />

mandated by management<br />

More time-consuming;<br />

requires estimation<br />

Misleading in that numbers<br />

may give appearance of<br />

precision and specificity,<br />

unless the precision of the<br />

estimate is given<br />

Difficult if team resists<br />

deriving the numbers<br />

Easier to forecast<br />

Able to use trends<br />

Substantially more valuable in<br />

developing risk response<br />

strategies and reserves<br />

Difficult to quantify<br />

Usually based on<br />

experience<br />

Used when<br />

quantitative and/or<br />

qualitative are not<br />

readily apparent or<br />

available<br />

© ESI August 2007 dhy01-01.ppt<br />

1-33<br />

© ESI August 2007 dhy01-01.ppt<br />

1-33

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Probability Analysis<br />

Purpose<br />

To understand the likelihood of the occurrence<br />

of a risk event<br />

Sources of probability data<br />

Theoretical distributions<br />

Subjective judgment<br />

Simulations<br />

Historical data<br />

© ESI August 2007 dhy01-01.ppt<br />

1-34<br />

© ESI August 2007 dhy01-01.ppt<br />

1-34

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Impact Analysis<br />

Purpose: Understand how the project is affected if<br />

a risk event occurs<br />

<strong>Project</strong> cost<br />

<strong>Project</strong> schedule<br />

Sources of impact data<br />

Historical data<br />

Estimates<br />

Expert judgment<br />

Simulations<br />

Impact assessment is basically an estimation<br />

process<br />

© ESI August 2007 dhy01-01.ppt<br />

1-35<br />

© ESI August 2007 dhy01-01.ppt<br />

1-35

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Project</strong> Cost Impacts<br />

Each risk event must be analyzed to assess<br />

potential impacts to project costs resulting from<br />

such factors as—<br />

Level of effort<br />

Labor rates<br />

Task duration<br />

Direct materials<br />

Equipment and tools<br />

© ESI August 2007 dhy01-01.ppt<br />

1-36<br />

© ESI August 2007 dhy01-01.ppt<br />

1-36

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Project</strong> Schedule Impacts<br />

Each risk event must be analyzed to assess<br />

potential impacts to the project schedule resulting<br />

from such factors as—<br />

Resource shortages<br />

Duration expansions<br />

Other delays<br />

The network diagram must be analyzed to assess<br />

the impacts due to—<br />

Path convergence (parallel activities)<br />

Dependent activities<br />

© ESI August 2007 dhy01-01.ppt<br />

1-37<br />

© ESI August 2007 dhy01-01.ppt<br />

1-37

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Start<br />

Analyzing Schedule <strong>Risk</strong>s<br />

A<br />

B<br />

G<br />

C D<br />

E F End<br />

© ESI August 2007 dhy01-01.ppt<br />

1-38<br />

© ESI August 2007 dhy01-01.ppt<br />

1-38

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Tools and Techniques for <strong>Risk</strong> Analysis<br />

Expert judgment<br />

Expected value<br />

Decision trees<br />

Statistical sums<br />

Program Evaluation and Review Technique<br />

(PERT)<br />

Computer simulation<br />

Monte Carlo<br />

© ESI August 2007 dhy01-01.ppt<br />

1-39<br />

© ESI August 2007 dhy01-01.ppt<br />

1-39

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Exercise 2<br />

Analyze the 20 <strong>Risk</strong>s You<br />

Identified in Exercise 1<br />

© ESI August 2007 dhy01-01.ppt<br />

1-40<br />

© ESI August 2007 dhy01-01.ppt<br />

1-40

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Step 4: Prioritize <strong>Risk</strong>s<br />

<strong>Risk</strong> prioritization is the<br />

process of ranking<br />

identified risks<br />

The project team must<br />

decide which risks will<br />

be addressed, based on<br />

the premise that there<br />

never will be enough<br />

time and resources to<br />

respond to all risks<br />

Document<br />

Evaluate<br />

Execute<br />

<strong>Risk</strong><br />

Management<br />

Planning<br />

Document<br />

and<br />

Communicate<br />

Identify<br />

© ESI August 2007 dhy01-01.ppt<br />

1-41<br />

Analyze<br />

Prioritize<br />

© ESI August 2007 dhy01-01.ppt<br />

1-41<br />

Plan

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Prioritization<br />

Inputs Tools<br />

List of analyzed risks<br />

Prioritization structure<br />

Qualitative assessment<br />

Quantitative assessment<br />

Comparative risk ranking<br />

© ESI August 2007 dhy01-01.ppt<br />

1-42<br />

© ESI August 2007 dhy01-01.ppt<br />

1-42

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Prioritization Guidelines<br />

Rank analyzed risks highest to lowest, based on<br />

Step 3, “Analyze”<br />

Prioritize threats and opportunities separately<br />

Prioritize risks as a team<br />

Use quantitative rankings when possible, and use<br />

qualitative ranking if necessary<br />

Do not plan risk response strategies at this time<br />

© ESI August 2007 dhy01-01.ppt<br />

1-43<br />

© ESI August 2007 dhy01-01.ppt<br />

1-43

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Exercise 3<br />

Prioritize Your Top-5 <strong>Risk</strong>s from<br />

Highest to Lowest<br />

© ESI August 2007 dhy01-01.ppt<br />

1-44<br />

© ESI August 2007 dhy01-01.ppt<br />

1-44

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Step 5: <strong>Risk</strong> Response Planning<br />

<strong>Risk</strong> response planning<br />

involves—<br />

Creating risk response<br />

strategies separately for<br />

both threats and<br />

opportunities<br />

Evaluating and selecting<br />

a primary response<br />

Incorporating responses<br />

into the risk and project<br />

plans<br />

Document<br />

Evaluate<br />

Execute<br />

<strong>Risk</strong><br />

Management<br />

Planning<br />

Document<br />

and<br />

Communicate<br />

Identify<br />

© ESI August 2007 dhy01-01.ppt<br />

1-45<br />

Analyze<br />

Prioritize<br />

© ESI August 2007 dhy01-01.ppt<br />

1-45<br />

Plan

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Response Planning Process<br />

Inputs Tools<br />

Prioritized risk listing<br />

Opportunities to pursue, threats to respond to<br />

Opportunities to accept, threats to accept<br />

<strong>Project</strong> plan<br />

Specific tools<br />

<strong>Risk</strong> response development worksheet<br />

Comparative risk ranking (CRR)<br />

<strong>Risk</strong> Response Analysis Matrix<br />

Idea-generation tools<br />

Group techniques<br />

Analogy comparisons<br />

Decision-making tools<br />

Decision trees<br />

Life-cycle cost analysis<br />

Financial measures<br />

Probability functions<br />

© ESI August 2007 dhy01-01.ppt<br />

1-46<br />

© ESI August 2007 dhy01-01.ppt<br />

1-46

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Response Strategies for Threats<br />

Accept (accepting the consequences)<br />

Mitigate (reducing the expected value of a threat)<br />

Minimizing the probability of the threat event<br />

Minimizing the impact of the threat event<br />

Transfer (shifting some or all of the threat to<br />

another)<br />

Avoid (eliminating a specific threat, usually by<br />

eliminating the cause)<br />

Source: PMBOK ® Guide, pp. 261–263<br />

© ESI August 2007 dhy01-01.ppt<br />

1-47<br />

© ESI August 2007 dhy01-01.ppt<br />

1-47

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Response Strategies for Opportunities<br />

Accept: Active or passive<br />

Enhance<br />

Maximize the probability of the opportunity<br />

event<br />

Maximize the impact of the opportunity event<br />

Exploit (ensure opportunity is realized)<br />

Share (allocate all or part of the ownership to third<br />

party)<br />

Source: PMBOK ® Guide, pp. 262–263<br />

© ESI August 2007 dhy01-01.ppt<br />

1-48<br />

© ESI August 2007 dhy01-01.ppt<br />

1-48

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Response Escalation<br />

If appropriate risk response strategies for severe<br />

threats or significant opportunities cannot be<br />

developed—<br />

The project manager is responsible for<br />

escalating to senior management<br />

© ESI August 2007 dhy01-01.ppt<br />

1-49<br />

© ESI August 2007 dhy01-01.ppt<br />

1-49

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Exercise 4<br />

Conduct a Threat Response for<br />

Your Top-5 <strong>Risk</strong>s You Identified<br />

in Exercise 3<br />

© ESI August 2007 dhy01-01.ppt<br />

1-50<br />

© ESI August 2007 dhy01-01.ppt<br />

1-50

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Definition of Reserves<br />

Reserves: “A provision in the project management<br />

plan to mitigate cost and/or schedule risk”<br />

Management reserves: A separately planned<br />

quantity used to allow for future situations that are<br />

impossible to predict, “unknown unknowns”<br />

Contingency reserves: “The amount of funds,<br />

budget, or time needed above the estimate to<br />

reduce the risk of overruns of project objectives to<br />

a level acceptable to the organization,” “known<br />

unknowns”<br />

Reserves are intended only for “in scope” risks<br />

Source: PMBOK ® Guide, pp. 372, 169, 355<br />

© ESI August 2007 dhy01-01.ppt<br />

1-51<br />

© ESI August 2007 dhy01-01.ppt<br />

1-51

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Update <strong>Risk</strong> Management Plan<br />

Represents the final output of all the risk response<br />

work<br />

Contains results of the preceding steps of risk<br />

identification, analysis, and prioritization<br />

Includes how contingency plans will be<br />

implemented and executed<br />

Includes how reserves will be allocated<br />

Provides structure for future risk management<br />

updates<br />

Provides a good basis for lessons learned<br />

© ESI August 2007 dhy01-01.ppt<br />

1-52<br />

© ESI August 2007 dhy01-01.ppt<br />

1-52

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Monitoring and Control<br />

“[T]he process of identifying, analyzing, and planning for<br />

newly arising risks, keeping track of the identified risks and<br />

those on the watchlist, reanalyzing existing risks…and<br />

reviewing the execution of risk responses while evaluating<br />

their effectiveness”*<br />

Integrated with project plan, execution, and control<br />

processes<br />

Related to the accomplishment of project objectives<br />

Performed continuously during the project<br />

Composed of 3 steps<br />

Execute the risk management plan (RMP)<br />

Evaluate the RMP<br />

Update documentation in the RMP<br />

*Source: PMBOK® Guide, p. 264<br />

© ESI August 2007 dhy01-01.ppt<br />

1-53<br />

© ESI August 2007 dhy01-01.ppt<br />

1-53

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong><br />

management<br />

plan<br />

<strong>Risk</strong> Monitoring and Control Overview<br />

<strong>Risk</strong> monitoring and<br />

control<br />

Execute<br />

Evaluate<br />

Document<br />

Updated<br />

risk<br />

response<br />

development<br />

Updated<br />

risk<br />

management<br />

plan<br />

Planned<br />

responses,<br />

evaluations,<br />

additional<br />

responses<br />

<strong>Project</strong> execution<br />

and<br />

control processes<br />

Updated<br />

prioritized<br />

risk list <strong>Risk</strong><br />

reassessment<br />

Progress,<br />

deviations,<br />

variances<br />

© ESI August 2007 dhy01-01.ppt<br />

1-54<br />

© ESI August 2007 dhy01-01.ppt<br />

1-54

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Step 6: Execute <strong>Risk</strong> Strategy<br />

<strong>Risk</strong> executing involves—<br />

Implementing risk<br />

response strategies in<br />

the project plan<br />

Monitoring and reacting<br />

to risk triggers,<br />

symptoms, indicators,<br />

and residual risks<br />

Communicating plan<br />

status to project<br />

stakeholders<br />

Document<br />

Evaluate<br />

Execute<br />

<strong>Risk</strong><br />

Management<br />

Planning<br />

Document<br />

and<br />

Communicate<br />

Identify<br />

© ESI August 2007 dhy01-01.ppt<br />

1-55<br />

Analyze<br />

Prioritize<br />

© ESI August 2007 dhy01-01.ppt<br />

1-55<br />

Plan

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Execute <strong>Risk</strong> Strategies<br />

Inputs Tools<br />

<strong>Project</strong> plan<br />

<strong>Risk</strong> management plan<br />

<strong>Risk</strong> list<br />

Approved change<br />

requests<br />

Work performance<br />

information<br />

Performance requests<br />

Technical performance measurement<br />

Status reports and meetings<br />

Early warning system<br />

© ESI August 2007 dhy01-01.ppt<br />

1-56<br />

© ESI August 2007 dhy01-01.ppt<br />

1-56

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Execution Terms<br />

Problem—A negative risk event, either known or<br />

unknown, that materializes<br />

Windfall—A positive risk event, either known or<br />

unknown, that materializes<br />

Workaround—A response, not defined in advance, to a<br />

negative risk event that has materialized<br />

Corrective action—Performing the response to a<br />

negative risk event, either planned or unplanned,<br />

when the threat materializes<br />

© ESI August 2007 dhy01-01.ppt<br />

1-57<br />

© ESI August 2007 dhy01-01.ppt<br />

1-57

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Establish an Early Warning System<br />

Establish an early warning system to detect deviations<br />

from plan that may be or may cause risk triggers.<br />

Exposure increases as cost and schedule variances<br />

increase<br />

Examples of early warning include—<br />

Cost variance<br />

Schedule variance<br />

Changes in forecasted project end date<br />

Changes in float<br />

Changes in stakeholder attitude<br />

Emergence of additional critical paths<br />

© ESI August 2007 dhy01-01.ppt<br />

1-58<br />

© ESI August 2007 dhy01-01.ppt<br />

1-58

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Step 7: Evaluate Results<br />

Evaluating risk response results<br />

involves—<br />

Monitoring the<br />

effectiveness of risk<br />

response strategies<br />

Evaluating corrective<br />

actions taken<br />

Reanalyzing existing risks<br />

Reassessing the risk<br />

environment<br />

Evaluating project<br />

assumption validity<br />

Identifying new risks<br />

Adjusting the plan<br />

accordingly<br />

Document<br />

Evaluate<br />

Execute<br />

<strong>Risk</strong><br />

Management<br />

Planning<br />

Document<br />

and<br />

Communicate<br />

Identify<br />

© ESI August 2007 dhy01-01.ppt<br />

1-59<br />

Analyze<br />

Prioritize<br />

© ESI August 2007 dhy01-01.ppt<br />

1-59<br />

Plan

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong> Evaluation<br />

Inputs Tools<br />

<strong>Risk</strong> management plan<br />

and project plan<br />

Cost and schedule<br />

performance<br />

All relevant event<br />

information<br />

Corrective actions<br />

Change requests<br />

<strong>Risk</strong> reassessment<br />

<strong>Risk</strong> audits<br />

Variance and trend analysis<br />

Assumptions analysis<br />

Technical performance measurement<br />

Reserve and contingency analysis<br />

Status meetings<br />

© ESI August 2007 dhy01-01.ppt<br />

1-60<br />

© ESI August 2007 dhy01-01.ppt<br />

1-60

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Evaluation Guidelines<br />

Identify opportunities to refine the risk<br />

management plan<br />

Identify any additional action required<br />

Reassess risks and response strategies<br />

Determine whether the consequences of the<br />

strategy were the same as envisioned<br />

© ESI August 2007 dhy01-01.ppt<br />

1-61<br />

© ESI August 2007 dhy01-01.ppt<br />

1-61

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Step 8: <strong>Risk</strong> Management Plan<br />

Documentation<br />

<strong>Risk</strong> updating involves—<br />

Recording outcomes of<br />

risk reassessments<br />

Closing out risks no<br />

longer applicable<br />

Documenting changes<br />

to probability and<br />

impact matrixes and the<br />

risk breakdown<br />

structure (RBS)<br />

Creating lessons learned<br />

Revising and reissuing<br />

the project management<br />

plan<br />

Document<br />

Evaluate<br />

Execute<br />

<strong>Risk</strong><br />

Management<br />

Planning<br />

Document<br />

and<br />

Communicate<br />

Identify<br />

© ESI August 2007 dhy01-01.ppt<br />

1-62<br />

Analyze<br />

Prioritize<br />

© ESI August 2007 dhy01-01.ppt<br />

1-62<br />

Plan

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Update <strong>Risk</strong> Documentation<br />

Inputs Tools<br />

<strong>Risk</strong> identification and analysis data<br />

<strong>Risk</strong> management results<br />

<strong>Project</strong> results<br />

Assumptions and impressions<br />

Interpretations and analysis<br />

Documentation tools<br />

Simple reporting format<br />

Routine project reports<br />

ESI risk tools<br />

© ESI August 2007 dhy01-01.ppt<br />

1-63<br />

© ESI August 2007 dhy01-01.ppt<br />

1-63

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Benefits of Updating the <strong>Risk</strong> Management<br />

Plan<br />

Provides a valuable historical reference for future<br />

projects (lessons learned)<br />

Provides a project chronology of events for audit<br />

and other reasons<br />

Provides a communications mechanism<br />

The <strong>Risk</strong> Management Plan should be updated by the<br />

project team members.<br />

© ESI August 2007 dhy01-01.ppt<br />

1-64<br />

© ESI August 2007 dhy01-01.ppt<br />

1-64

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

<strong>Risk</strong>—The Final Steps During <strong>Project</strong><br />

Closeout<br />

<strong>Risk</strong> response control and risk management conclude<br />

with—<br />

Final risk assessment<br />

Cost, schedule, and performance<br />

Goal achievement assessment<br />

Determine whether the customer is satisfied<br />

Evaluation for lessons learned<br />

Identify implications for the future<br />

© ESI August 2007 dhy01-01.ppt<br />

1-65<br />

© ESI August 2007 dhy01-01.ppt<br />

1-65

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Workshop Review<br />

By now you should be able to—<br />

Define risk and risk management<br />

Identify risks using various methods<br />

Assess the potential impact of risk factors<br />

Prioritize risks to determine the most important<br />

Develop effective risk response strategies<br />

Control risk during project execution using proven<br />

tools and techniques<br />

Use a practical 8-step process to manage project<br />

risk<br />

Integrate <strong>Risk</strong> Management into the overall <strong>Project</strong><br />

Management process<br />

© ESI August 2007 dhy01-01.ppt<br />

1-66<br />

© ESI August 2007 dhy01-01.ppt<br />

1-66

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

Bibliography and Suggested Reading<br />

<strong>Project</strong> Management Institute. A Guide to the<br />

<strong>Project</strong> Management Body of Knowledge.<br />

Newtown Square, Pa.: <strong>Project</strong> Management<br />

Institute, 2004.<br />

Ward, LeRoy, ed. <strong>Project</strong> Management Terms: A<br />

Working Glossary. Arlington, Va.: ESI International,<br />

2000.<br />

© ESI August 2007 dhy01-01.ppt<br />

1-67<br />

© ESI August 2007 dhy01-01.ppt<br />

1-67

Notes<br />

<strong>Managing</strong> <strong>Project</strong> <strong>Risk</strong><br />

The ESI Team Appreciates Your Time.<br />

Please visit us at Booth #59.<br />

Free White Papers: Knowledge to Help You Improve<br />

Performance<br />

• Saving Troubled <strong>Project</strong>s: Five Steps to Rapid Recovery<br />

• The Hard Work Behind Soft Skills: Closing the Gap Between Technical and Business<br />

Expertise<br />

• Eight Things Your Business Analysts Need to Know: A Practical Approach to<br />

Recognizing and Improving Competencies<br />

• Establishing and Maturing a Business Analysis Center of Excellence: The Essential<br />

Guide<br />

• Collaborating for Successful EVM: Five Fundamental Roles<br />

• Improving Sourcing Outcomes: The Three Cs of Vendor Management Success<br />

Download ©ESI these August 2007 valuable dhy01-01.ppt white papers today at www.esi-intl.com/whitepapers.<br />

1-68<br />

© ESI August 2007 dhy01-01.ppt<br />

1-68

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!