Project Management
Risk Management Process

Risk

Uncertain or chance events that planning can not
overcome or control.
Risk Management Process

Risk Management

A proactive attempt to recognize and manage
internal events and external threats that affect the
likelihood of a project’s success.
Risk Management Process

Risk Management

What can go wrong (risk event).

How to minimize the risk event’s impact
(consequences).
Risk Management Process

Risk Management

What can be done before an event occurs
(anticipation).

What to do when an event occurs
(contingency plans).
The Risk Event Graph
Risk Categorization



Known risks
 Those risks that can be uncovered after careful
evaluation of the project plan, the business and
technical environment in which the project is being
developed, and other reliable information sources
(e.g., unrealistic delivery date)
Predictable risks
 Those risks that are extrapolated from past project
experience (e.g., past turnover)
Unpredictable risks
 Those risks that can and do occur, but are extremely
difficult to identify in advance
Reactive vs. Proactive Risk
Strategies

Reactive risk strategies
 "Don't worry, I'll think of something"
 The majority of software teams and managers rely
on this approach
 Nothing is done about risks until something goes
wrong
 The team then flies into action in an attempt to
correct the problem rapidly (fire fighting)
 Crisis management is the choice of management
techniques
Reactive vs. Proactive Risk
Strategies

Proactive risk strategies
 Steps for risk management are followed (see
next slide)
 Primary objective is to avoid risk and to have a
contingency plan in place to handle
unavoidable risks in a controlled and effective
manner
Mitigating a risk refers to taking action to
either reduce the likelihood that a risk (bad
event) will happen and/or reduce the
impact the risk has on the project.
Contingency planning is developing a
response if the risk occurs.
Mitigating is preventive while contingency is
reactive.
Risk Management’s Benefits

A proactive rather than reactive approach.

Reduces surprises and negative
consequences.

Prepares the project manager to take
advantage of appropriate risks.

Provides better control over the future.

Improves chances of reaching project
performance objectives within budget and on
time.
The Risk
Management
Process
Managing Risk

Step 1: Risk Identification

Generate a list of possible risks through
brainstorming, problem identification and risk
profiling.

Macro risks first, then specific events
Managing Risk

Step 2: Risk assessment



Scenario analysis
Risk assessment matrix
Probability analysis
 NPV
Assess Probability & Impact

Weighted Value
Probability of Occurrence
 Benefit of Opportunity

Risk Assessment Form
Managing Risk (cont’d)

Step 3: Risk Response Development

Mitigating Risk (2-strategies)


Reducing the likelihood an adverse event will occur.
Reducing impact of adverse event.
e.g. prototype
e.g. two suppliers

Transferring Risk

Paying a premium to pass the risk to another party.
Managing Risk (cont’d)

Step 3: Risk Response Development

Avoiding Risk
 Changing the project plan to eliminate some of the
risk or condition.
e.g. selection of supplier

Sharing Risk
 Allocating risk to different parties
e.g. Research and development two institutions
Managing Risk (cont’d)

Step 3: Risk Response Development

Retaining Risk
 Making a conscious decision to accept the risk.
e.g. earthquake
Contingency Planning

Contingency Plan

An alternative plan that will be used if a possible
foreseen risk event actually occurs.

A plan of actions that will reduce or mitigate the
negative impact (consequences) of a risk event.
Contingency Planning

Risks of Not Having a Contingency Plan

Having no plan may slow managerial response.

Decisions made under pressure can be potentially
dangerous and costly.
Risk Response Matrix
Exercise
1. Project Risk Management includes all of
the following processes except:
A
B
C
D
E
Risk Monitoring and Control
Risk Identification
Risk Avoidance
Risk Response Planning
Risk Management Planning
2. A risk response which involves
eliminating a threat is called:
A Mitigation
B Deflection
C Avoidance
D Transfer
E b and d

3. Deflection or transfer of a risk to
another party is part of which of the
following risk response categories?
A Mitigation
B Acceptance
C Avoidance
D Analysis
7. The one document that should always be
used to help identify risk is the:
A
B
C
D
E
Risk Management Plan
WBS
Scope Statement
Project Charter
Contingency Plan
8. Risks are accepted when:
A You develop a contingency plan to
execute should the risk event occur
B You accept the consequences of the risk
C You transfer the risk to another party
D You reduce the probability of the risk
event occurring
E a and b
9. By using Project Risk Management techniques
A
B
C
D
E
project managers can develop strategies that do
all but which of the following:
Significantly reduce project risks
Eliminate project risks
Provide a rational basis for better decision
making
Identifying risks, their impact(s), and any
appropriate responses
None of the above