PLAN RISK MANAGEMENT
2
Risk can present in your project. It is about HOW you will manage,
structured, & performed. You shall create a PLAN how to manage. A
company usually has own standard procedure / system of Risk Management.
RISK MANAGEMENT
PROCESS
1. Plan Risk Management
2. Identify Risk
3. Perform Qualitative Risk Analysis
4. Perform Quantitative Risk Analysis
5. Plan Risk Response
6. Monitoring & Control Risk Response
1
3
IDENTIFY RISK
Listing any possible risk, gather input from all stakeholders, is an iterative
process during project life cycle, as soon as project starting, mostly occur at
initiating & planning (but can come after that), continual assessment.
Tools:
• Documentation Reviews : charter, lesson learn, contract, etc.
• Gathering Information : Delphi Technique, Interviewing, Root Cause
Analysis
• SWOT
• Checklist Analysis : to identify risk within each category
• Assumption Analysis : assumption behind the project
• Diagram Technique : cause effect diagram, flow chart
OUTPUT of this identify risk is RISK REGISTER. Contains:
• List of risk
• Potential responses
• Root Cause of risk
• Update Risk Category
5
PERFORM QUANTITATIVE RISK ANALYSIS
Select some output of Qualitative Analysis to further analyze Quantitatively .
It is numerical, objective analysis, using Probability & Impact with output in
the form of $.
Purpose
• Determine which risk warrant a response
• Determine overall project’s risk
• Determine the quantified probability of meeting project
• Determine cost & schedule reserve
• Identify risk requiring the most attention
• Create realistic & achievable cost, schedule or scope target
Various Ways:
• Interviewing
• Cost & Time Estimating
• Delphi Technique
• Use historical records from previous project
• Expert Judgment
• Expected Monetary value analysis (EMV)
• Monte Carlo Analysis
OUTPUT
1. Methodology  How you will performed
2. Risk Category  Big/small, High/ Medium/Low; Risk Matrix
3. Definition of Probability & impact  Risk Matrix
4. Stakeholder tolerance  stakeholder justification/reputation
5. Role & Responsibility who will do what
6. Budgeting  cost to manage risk
7. Timing  when doing risk management
8. Reporting Format  standard dashboard, etc
9. Tracking  how will be audited, documentation
4
PERFORM QUALITATIVE RISK ANALYSIS
Output from identification of risk is Risk List. Select some of them to analyze
further Qualitatively. It is subjective analysis. Using Probability & Impact,
with the output High Medium Low risk category.
Tools:
• Probability Impact Matrix  using company standard
• Risk Data Quality Management  to measure how accurate and well
understood
• Risk Categorization  Regroup by cause to know what
package/process/people have most risk
• Risk Urgency Assessment  Choose which risk need to address first
(prioritizing)
OUTPUT is RISK REGISTER UPDATE (re‐update Risk Register on Identify
Risk). Contain update:
• Risk Ranking for the project compare to other project High Medium
Low, used for project selection
• List of prioritized risk and their probability & Impact rating
• List of risk requiring additional analysis in the near term
• List of risk for additional analysis and response  some of risk will be
further analyze in QUANTITATIVELY
• Watch‐list (non critical or non top risk)
6
• Trends
PLAN RISK RESPONSE
Output from qualitative analysis is top risk list. Plan risk response is about
what are you going to do with this each top risk.
Risk can be THREAT and OPPORTUNITY. Response requires difference
strategies. See the list.
RISK TYPE
THREAT
(‐)
RISK RESPONSE STRATEGY
AVOID
MITIGATE
TRANSFER
ACCEPT
eliminate the cause
Reduce probability/impact
deflect, allocate,
insurance
Happen it happens
SHARE
ACCEPT
partnership, joint
venture)
Happen it happens
OPPORTUNITY EXPLOIT
ENHANCE
make sure opportunity increase
(+)
occur
OUTPUT is RISK REGISTER UPDATE (re‐update risk on identify risk).
Contain update:
• Prioritized list of Quantified Risk
• Amount of contingency time & cost reserve needed
• Possible realistic achievable completion date & cost with confidence
level, versus time and cost objective for the project
• The quantified probability of meeting project objectives
• Trends in quantitative risk analysis
If there will be REMAINING RISK after implementing Risk Response, it should
be managed by CONTIGENCY PLAN (Reserve Budget/Time).
If Contingency Plan does not work, you need to create FALLBACK PLAN.
7
MONITORING AND CONTROL RISK RESPONSE
Look for the occurrence of risk trigger, monitor residual risk, identify new
risk and analyze it, evaluate effectiveness of risk management plan, collect
and communicate risk status, develop new response, determine if
assumption is still valid, ensure risk management is followed, revisit watch
list, recommend corrective action, look for unexpected effect, reevaluate
risk identification, qualitative, quantitative risk analysis, update risk
management, look at the changes, make change, create database of risk
data, perform variance and trend analysis, use contingency reserve
Work Around : UNPLANNED responses. Not registered in RISK REGISTER
Risk Reassessment : review periodically and adjust the risk if necessary
Risk Audit
likelihood/probability
OUTPUT is UPDATE RISK REGISTER
• Project Management Plan Update  work package, task, cost, schedule,
etc. could be changed
• Project Document Update  Role & responsibility, quality metrics, etc
could be changed
• Risk Register Update
• Residual Risk
* Risk Trigger
• Contingency Plan
* Contracts
• Risk Response Owner
* Fallback Plan
• Secondary Risk
* Reserves
Reserve Analysis : check your remaining RESERVE Budget
Status Meeting : shall be one of meeting topic
Closing : Close the risk if no longer applicable
OUTPUT
• Risk Register Updates
• Change Request
• Project Management Update
• Project Document Update
• Organization Process Update
Risk Management ‐ slamet suryanto ‐ 2015
1
Increase
OPPORTUNITY
RISK MANAGEMENT
Reduce THREATS
Project has Risk and should be managed to avoid any unnecessary
changes and being in control of Project Manager.
Risk shall be identified and managed staring in initiating and are
continually kept up to date during the project is going on.
Project Manager should think in advance to identify any kind of risks.
Risk will always generate Impact. It could be Positive Impact (+, called
OPPORTUNITY), and could be Negative Impact ( ‐, called THREATS)
Risk Tolerance : Area of risk that are acceptable or not acceptable
Thresholds : The point at which the risk becomes unacceptable.
Risk Category, can be categorized in many ways : internal, external,
technical, unforeseen, etc.
Source of Risk, can be categorized in many ways (come from) : schedule,
cost, quality, resource, scope, customer, culture, etc.
•
•
•
•
•
•
•
•
Done During
Plan Risk
Identify Risk
Management
Planning Process Planning Process
What
Develop Planning List all possible Risk
Highlight
Output
Management
Plan
Risk Register
Perform Qualitative Risk
Analysis
Planning Process
Calculate Risk using
Probability x Impact = High
Medium Low
Risk Register Update
LISTING ALL POSSIBLE
SELECT SOME RISK:
Example:
Assume the plan RISK:
Bridge collapse : High Risk
Project of
is as per company Bridge collapse, rain
Rain Season : Low Risk
Bridge
procedure
season, high steel
Steel Price : Low
Construction
price, permitting
SUPPLEMENT INFORMATION
•
•
Risk Factor s are factors should be looked:
• Probability, the risk will happen
• Impact, the range of outcome (amount of impact, high medium low)
• Timing, in what project life cycle that risk could be happen
• Frequency, how often could be happen
Type of Risk
• Business Risk : Gain or Loss
• Pure Risk : only for Loss (fire, theft)
Tips: There are a lot of question in the exam that are situational. You need to
analyze in which Risk Management Process those questions falling into.
Different process will required different action.
Perform Quantitative
Risk Analysis
Planning Process
Plan Risk Response
Monitor & Control Risk
Response
Monitoring & Controlling
Planning Process
Develop strategy to increase
Calculate Risk Probability
Opportunity or
Monitor and control
x Impact (in $ )
decrease/eliminate Threat
Risk Register Update
Risk Register Update
Risk Register Update
Contingency Plan
Change Request
Fall back Plan
SELECT SOME RISK :
Bridge collapse: 20%
probable, impact $2M
Expected Monetary Value Analysis (EMV)
EMV = Probability (P) x Impact (I)
Check your plan, check
Bridge Collapse : hire expert,
the risk occurrence,
insurance, or joint venture
check your reserve
funding
budget, etc.
Work Package
Probability
Impact
EMV = P x I
A
25%
$ 20,000
$ 5,000
B
65%
$ 10,000
$ 6,500
DECISION TREE : Method to choose between many options using EMV analysis
A company is trying to determine if prototype is worthwhile on the project. They have come up with the following impacts (see the diagram) of whether the
equipment works or fails. Base on the information provided in the diagram, what is the expected monetary value of your decision?
Failure : 35% Probability
And $ 120,000 impact
Prototype:
Setup cost $200,000
PROTOTYPE
35% x $120,000 = $42,000
$42,000 + 200,000 = $242,000
Pass : No Impact
DO NOT PROTOTYPE
Failure : 70% Probability
And $ 450,000 impact
Don Not Prototype:
Set up Cost $0
70% x $450,000 = $315,000
The answer is $242,000, which is the expected monetary value of
the decision of prototype
Pass : No Impact
PROJECT BUDGET STRUCTURE – contingency & management reserve
8. Cost Budget
$ 425
7. Management Reserves
$ 25
6. Cost Baseline
$ 400
$ 50
5. Contingency Reserve
$ 350
4. Project Estiamtes
3. Control Account Estimate
CA #1= $ 200
CA #2 = $ 150
2. Work Package Estimate
WP #A $150
WP #B $50
……..
1. Activity Estimates
A1
A2 Ax
$ 75 $ 50 $ 25
B1
B2 Bx
$ 10 $ 20 $ 20
………
Risk Management ‐ slamet suryanto ‐ 2015
2