Project Risk Management Author: <> Date: <> Version: <> Table of Content 1 PROJECT RISK MANAGEMENT ........................................................................................................................... 1 2 RISK MANAGEMENT PLANNING ......................................................................................................................... 3 2.1 3 RISK IDENTIFICATION .......................................................................................................................................... 4 3.1 3.2 3.3 4 OUTPUT: RISK REGISTER ............................................................................................................................... 6 RISK RESPONSE ................................................................................................................................................... 6 6.1 6.2 7 OUTPUT: RISK REGISTER ............................................................................................................................... 5 ADDITIONAL RISKS ........................................................................................................................................... 5 RISK QUANTIFICATION ........................................................................................................................................ 5 5.1 6 TOOLS............................................................................................................................................................. 4 CHECK LIST FOR RISK IDENTIFICATION .............................................................................................................. 4 OUTPUT: RISK REGISTER ............................................................................................................................... 4 RISK QUALIFICATION ........................................................................................................................................... 5 4.1 4.2 5 OUTPUT: RISK MANAGEMENT PLAN ................................................................................................................ 3 TOOLS AND TECHNIQUES .................................................................................................................................. 6 OUTPUT: RISK REGISTER ............................................................................................................................... 7 RISK MONITORING AND CONTROL .................................................................................................................... 8 7.1 7.2 CHECK LIST FOR RISK MONITORING AND CONTROL............................................................................................ 8 OUTPUT: RISK MONITORING AND CONTROL..................................................................................................... 8 1 Project Risk Management When conducting the project risk management process, the work should be carried out as an iterative process throughout the project phases and it also needs to be carried out across different knowledge areas of the project. The main objectives for the risk management process should be to increase the probability and impact of positive events, and decrease the probability of negative events in the project. The project risk management processes are divided in 5 different areas: 1. 2. 3. 4. 5. Risk Management Planning Risk Identification Risk Quantification Risk Response Risk Monitoring and Control 1/8 Project Risk Management Author: <> Date: <> Version: <> Figure 1. Risk Management overview, from PMBOK Guide - 4th Edition. 2/8 Project Risk Management Author: <> Date: <> Version: <> 2 Risk Management Planning As a first step, a risk management plan needs to be defined for the approach and risk management activities for the project. Each section described in the project risk process occurs in one or more of the project phases. The work flow is an iterative process and shown below: Guidelines Templates Lessons Learned database (Knowledge Center) Risk Management Planning Organizational Process Assets Project Scope Scope Definition Project Management Plan Develop Risk Management Plan Risk Management Approved Change Requests Plan Approved Preventive Actions Approved Corrective Actions Risk Identification Approved Change Requests Risk Register Qualitative Risk Analysis Risk Register (updates) Quantitative Risk Analysis Risk Register (updates) Risk Response Planning Project Management Plan (updates) Risk Register (updates) Risk Monitoring and Control Integrated Change Control Recommended Preventive Actions Recommended Corrective Actions Requested Changes Risk Register 2.1 OUTPUT: Risk Management Plan The risk management plan should describe how the risk management will be structured and performed on the project, and should include the following: a) Approach, tools and data sources that may be used to perform the risk management on the project. b) Roles and responsibilities. Lead, support and project team, and belonging activity for the risk management. 3/8 Project Risk Management Author: <> Date: <> Version: <> c) Risk categories and tools to be used in project risk management (updated risk register and quantitative, qualitative, risk response as well as risk monitoring and control strategy for the project). d) Planning and Timing. Define how often the risk management process should be performed. Continuous reviews, audits and integration with change control system 3 Risk Identification The process of risk identification seeks to name and identify the risks of the project. 3.1 Tools Typical tools for indentifying the risks of a StreamServe implementation project are: Brainstorming Workshop Checklist of standard risks (as in attached spreadsheet) 3.2 Check List for Risk Identification 1) Collect project scope and project plan / risk plan 2) Collect and analyse resources: a) Previous documentation b) Interviews with key stakeholders, questionnaires c) Organizational Process Assets: Tools from Knowledge Center, check lists, web resources d) Organizational Process Assets: Lessons learned, project repository at Knowledge Center 3) Gather workshop with key stakeholders and experts, members of project team. Go through documents and brainstorm for risks. 4) Interviews with key stakeholders and experts for in depth comments and opinions. a) How is network diagram affected? Critical line? b) What strategic risks can be identified? 5) Apply, if necessary other methods: Brainstorming, Delphi method, SWOT analysis, root/cause diagram. 6) Document identified risks into risk register 7) Perform iterative checks during project execution to update risk register 8) If needed, invite PMO or other third party for Risk or Project Review. 3.3 OUTPUT: Risk Register <Risks identified in process are as follows, starting to map a risk register: Risk > 4/8 Project Risk Management Author: <> Date: <> Version: <> 4 Risk Qualification Check list of qualitative analysis is as follows: 1) Estimate probability 2) Analyse and estimate impact 3) Categorize and rank project risks 4) Decide on which risks that are acceptable and which risks that are non-acceptable 5) Decide on possible trends in the qualitative risk analysis result 6) Enter the results in the risk register The probability and impact of identified and prioritized risks (qualitative and quantitative) should be updated in a Probability/Impact matrix within the risk register. Risk Probability Impact PxI 4.1 OUTPUT: Risk Register Information for identified risks updates the risk register, together with risk priority: Risk PxI Risk Prio 4.2 Additional Risks Additional analysis and management of risk can also be updated at this point, typically listing a) acceptable risks, and, b) non acceptable risks: Risk, additional analysis needed Acceptable Risk Non Acceptable Risk 5 Risk Quantification Quantitative risk analysis is performed on risks that have been prioritized by the qualitative risk analysis in previous section as potentially and significantly impacting the project. The quantitative analysis process analyzes identified risks and assigns a numeric rating to those risks. Check list of quantitative analysis is as follows: 1. Investigate stakeholders and organizational risk thresholds 2. Divide risks in acceptable and non acceptable risks 3. Perform EMV, Earned Value Management, if needed 4. Analyse time estimations and project planning for activities in project plan 5. Add results and update risk register, in order to analyse and determine status of the project plan, timeframe and budget Decision Tree 5/8 Project Risk Management Author: <> Date: <> Decision definition Decision Node Version: <> Chance Node Net Path Value / Impact Choice #1 Choice #1 Decision Choice #2 Procedure Decision Choice #1 Choice #2 Decision Choice #2 5.1 OUTPUT: Risk Register Risk Probability Impact PxI Risk Prio 6 Risk Response 6.1 Tools and techniques A strategy for each identified risk should be chosen from standard alternatives and behavior below, where a qualitative analysis of the risk provides the proper risk response: 1. Avoidance – Perform a task to remove the risk 2. Transference – Make someone else responsible for the risk 3. Mitigation – Take actions to lessen the impact or chance of the risk occurring. 4. Acceptance – Accept the risk. A SWOT analysis gives the threats and opportunities for a certain risk, mirrored risk1. 1 Probability and Impact Matrix, PMBOK Guide Third Edition, p. 252. 6/8 Project Risk Management Author: <> Date: <> Version: <> Attention Area Given the threats and opportunities, a risk response is needed for a certain risk identified within the attention area. THREAT GENERIC STRATEGY OPPORTUNITY Avoid Transfer Mitigate Accept ELIMINATE UNCERTAINTY MODIFY EXPOSURE ALLOCATE OWNERSHIP INCLUDE IN BASELINE Exploit Enhance Share Accept 6.2 OUTPUT: Risk Register A part from the risk register, the following are reviewed and updated with changes: Risk Response Plan A risk response plan should include the strategy and action items to address the strategy. Contractual Agreements Risk Response Items The risk register, serves as an inputs to a revised project plan: Risk PxI Planned Risk Response Risk Prio 7/8 Project Risk Management Author: <> Date: <> Version: <> 7 Risk Monitoring and Control The risk management and control tools, typically used in a StreamServe implementation projects, are either a) periodic risk reviews (iterative process), and/or combined with b) project risk response audits. 7.1 Check List for Risk Monitoring and Control 1) Monitor identified risks stated in risk register. a. Project review b. Answer questions: closed risks? Changes in assessment? c. Update risk register 2) Determine effectiveness of responses 3) If needed, external risk audits (steering board, PMO etc.) 7.2 OUTPUT: Risk Monitoring and Control Risk Action* Action for identified important risk can be selected from alternatives listed below: Recommended Preventive Actions Workaround Plans Corrective Actions Change Requests Updates to Risk Register 8/8