Project Management Ch 7

Risk (p205)
an uncertain event or condition-planning cannot control
Has a cause.
Has a consequence.
Impacts cost, schedule, and quality.
can be anticipated.
can be a positive consequence.
Risk Management (p 205)
attempts to recognize and manage potential and unforeseen trouble spots that may occur when the project is implemented.
1. identifies risk events (What can go wrong?)
2. minimizes their impact (What can be done before?) consequences
3. Manages responses (Contingency Plans). anticipation
4. Provides Contingency funds.
5. Are greatest during the early stages of a project, Uncertainty the highest with unanswered questions.
6. Decreases as critical issues are answered.
Cost impact increases over the life of the project.
Risk Management Process (p 207)
1. Risk Identification.
2. Risk Assessment.
3. Risk Response Development.
4. Risk Response control.
better control over future
improves reaching project objectives within budget and on time.
Risk Identification (Risk Management Process p 207-8)
1. analyze the project to identify sources of risks.
collected during planning
uses a risk management team from core team members and relevant stakeholders.
Note: common mistake: risks are focused on objectives not events.
Note: focusing on events leads to solutions.
Risk Assessment (Risk Identification Step 1 p 207)
Assess risk in terms of:
1. severity of impact
2. likelihood of occurring.
3. Controllability
Risk Response Development (Risk Identification Step 1 p 207)
1. Develop a strategy to reduce possible damage.
2. Develop contingency plans.
Risk Response Control (Risk Identification Step 1 p 207)
1. Implement risk strategy.
2. Monitor and adjust plan for new risks.
3. Change management.
Risk Sources (Risk Identification Step 1 p 207)
External sources, referred to threats:
inflation, market acceptance, exchange rates, government regulations.
Excluded from risk management discussions.
Internal sources:
Risk Breakdown Structures or RBS (Risk Identification Step 1 p 208-9) Example pg 208.
used in conjunction with WBS to help identify and analyze risks.
First. Identify macro risks that affect the whole project.
Second. identify specific risks within the macro risks using the WBS.
Large projects, multiple risk teams are organized around specific deliverables.
Risk Profile (Risk Identification Step 1 p 209-10)
A list of questions that address traditional areas of uncertainty on a project.
Questions may be tailored from previous projects.
Are tailored to the type of project.
Organization specific: Recognizes strengths and weaknesses of firm.
Addresses technical and management risks.
generated and maintained by project office personnel.
can be a powerful resource if kept up to date.
Historical files can be used instead of RBS, if not available.
Identifying risks should not be limited to core team.
Risk Identification Keys to success (Risk Identification Step 1s p 210)
1. Attitude; need “can do” especially during implementation.
2. Critical Thinking.
3. Managers setting the right tone.
Risk Profile Questions (Risk Identification Step 1s p 209)
Technical Requirements: Are the requirements stable?
Design: Does the design depend on unrealistic or optimistic assumptions.
Testing: Will testing euipment be available when needed?
Development: Is the development process supported by a compatible set of procedures, methods, and tools?
Schedule: Is the schedule dependent upon the completion of the other projects
Budget: How reliable are the cost estimates?
Quality: Are quality considerations built into the design?
Management: Do people know who has authority for what?
Work Environment: Do people work cooperatively across functional boundaries?
Staffing: Is staff inexperienced or understaffed?
Customer: Does he customer understand what it will take to complete the project?
Contractors: Are there any ambiguities in contractor task definitions?
Scenario Analysis (Risk Assessment Step 2 Pg 210)
easiest and most commonly used technique for analyzing risks.
Significance of each risk:
1. Probability of the event.
2. Impact of the event.
Quality and credibility of Risk analysis process (Risk Assessment Step 2 Pg 210-213)
required different levels of risk probabilities and impacts be defined. Definitions vary and are tailored to specific nature and needs of project.
Impact Scales are problematic and assessed in terms of project priorities.
Impact Scales (Risk Assessment Step 2 Pg 211-213)
are problematic and assessed in terms of project priorities.
Different kinds: rank-order descriptors, numeric weights and are set by the risk management team.
Team assess when risk or impact might occur.
Risk Severity Matix (Risk Assessment Step 2 Pg 212-213)
Provides a basis for prioritizing which risks to address.
typically structured around the impact and likelihood of the risk event.
Divided into major, moderate, and minor risk zones.
NOTE: Failure Mode and Effects Analysis (FMEA)
Impact × Probability × Detection = Risk Value
Failure Mode and Effects Analysis or FMEA (Risk Assessment Step 2 Pg 213)
extends the risk severity matrix by including ease of detection in the equation:
Impact X Probability X Detection =Risk Value
NOTE: weakness ratings could equal another giving a false indication of severity. 5+5+1 = 1+5+5.
Probability programs used. (Risk Assessment Step 2 Pg 211-213)
Decision Trees
Net Present Value or NPV
Correlations between past projects’ cash flow.
S-curves, cumulative project cost curve, baseline, over the life of the project evaluate cash flow.
PERT OR Program Evaluation and Review Technique
PERT or Program Evaluation and Review technique Probability Analysis (Risk Assessment Step 2 Pg 213)
take a macro perspective by looking at overall cost and schedule risks.
focus on likelihood the project will be completed on time and within budget.
assess the overall risk of the project and the need for contingency funds, resources and time.
Assumes a statistical distribution or range between optimistic and pessimistic.
Critical Index: outcome of relative probability.
Responses to Rish (Risk Assessment Step 2 Pg 211-213)
1. Mitigating.
2. Avoiding.
3. Transferring.
4. Sharing.
5. Retaining.
greatly reduces stress and uncertainty.
Mitigating Risk basic strategies (Risk Response Management Step 3 pg214-5)
1. reduce the likelihood that the event will occur and/or
2. reduce the impact that the adverse even would have on the project.
Alternate strategy: reduce the impact of the risk if it occurs.
Testing and Prototyping
Identifying root cause of an event is useful.
scheduling outdoor work during summer months.
investing in safety training.
choosing high-quality materials and equipment.
Avoiding Risk (Risk Assessment Step 2 Pg 215-6)
changing the project plan to eliminate the risk or condition.
specific risk may be avoided before project launch.
adopting proven technology.
Avoiding supplies in politically unrest areas.
develop software in two different sources.
Transferring Risk (Risk Assessment Step 2 Pg 216)
passing risk to another party.
requires premium payment for this exemption.
Fixed-price contracts -Monetary risk factor is added to contract.
Clearly identify and document responsibility.
Performance bonds, warranties, guarantees are financial instruments to transfer risk.
Retaining Risk (Risk Assessment Step 2 Pg 211-213)
conscious decision to accept the risk of an event occurring.
risk is slim.
budget reserve can absorb it.
developing a contingency plan.
can be ignored.
Contingency Plan (Contingency Planning pg 216-218)
alternative plan that will be used if a possible foreseen risk event becomes a reality.
actions that will reduce or mitigate negative impact or consequences of a risk event.
Answers what, where, when, how much action will take place.
early contingency planning facilitates smooth transition to remedy or work-around plan.
Conditions for implementation decided and documented, include cost estimate and source of funding.
communicated to surprise and resistance are minimized.
Risks not having a Contingency Plan
Having no plan may slow managerial response.
decision made under pressure can be potentially dangerous and
Difference between Risk Response and Contingency Plan (Contingency Planning pg 217)
a response is part of the actual implementation plan and action is taken before the risk can materialize, while contingency plans are not part of the initial implementation plan and only goes into effect after the risk is recognized.
Risk Response Matrix (Contingency Planning pg 217-218)
useful for summarizing how the project team plans to manage identified risks.
Column titles:
Risk Event.
Contingency plan.
Who is responsible.
Risk Response Steps (Contingency Planning pg 217-8)
1. Identify whether to reduce, share, transfer or accept risk.
2. identify contingency plans in case the risk still occurs.
2a. identify triggers.
3. individual responsible for monitoring the potential risk and initiating the contingency plan needs to be assigned.
Technical Risks (Contingency Planning pg 218-9)
Are problematic and can shut down a project.
What if the system or process does not work?
Managers need to develop methods to quickly asses whether technical uncertainties can be resolved.
Use of CAD to resolve design problems.
Smith/Reinertsen – Identify high-risk areas and the build models/design experiments.
Backup strategies if chosen technology fails.
Assessing whether technical uncertainties can be resolved.
Schedule Risks (Contingency Planning pg pg 220)
Contingency funds are set aside to expedite or “crash” the project to get it back on track.
Crashing, reducing the project duration by shortening or compressing activities on the critical path.
Crashing can be avoided by parallel activities.
Crashing can be avoided by using the best people for the job.
Use of slack increases the risk of a late project finish.
Imposed duration dates (absolute project finish date)
Compression of project schedules due to a shortened project duration date.
Cost Risks (Contingency Planning pg 220-1)
Note: remember when reviewing prices is to avoid the trap of using one lump sum to cover prices risks.
Lump-sum approach does not addresses where price protection is needed and does not provide tracking and control.
Add price contingency to the activities that change over time according to the activity magnitude.
Time/cost dependency links: costs increase when problems take longer to solve than expected.
Price protection risks (a rise in input costs) increase if the duration of a project is increased.
Funding Risks (Contingency Planning pg 221)
Complete assessment of funding supply, especially true for public funded projects.
Changes in strategy and political agenda, i.e. pet projects of the new CEO replace the pet projects of the old CEO.
Severe budget cuts require scaling back. some scopes are “all-or-nothing”.
Advantage is the “chunkability” of a project.
An Opportunity (Opportunity Management pg 221-2)
an event that can have a positive impact on project objectives.
Identified, assessed in likelihood and impact, responses are determined, contingency plans and funds established.
Four different types of response to an opportunity:
1. Exploit-seeks to eliminate the uncertainty to ensure it definitely happens.
2. Share -allocating some or all of the ownership to another party to best capture the opportunity for benefit.
3. Enhance – action is taken to increase the probability and/or positive impact.
4. Accept-take advantage if it occurs.
Sound practice to engage in active opportunity management.
Contingency fund (Contingency Funding and time Buffers pg 222-4).
Funds to cover project risks—identified and unknown.
Where spent not know until risk event occurs-perceived as a slush fund.
Size of funds reflects overall risk of a project [uncertainty].
Divided into budget and management reserve funds for control purposes.
risks separated because their use requires approval from different levels of project authority.
no risk occurs, its unused allocated funds needs to be removed from the reserve funds
Budge Reserves (Contingency Funding and time Buffers pg 222-4).
Are linked to the identified risks of specific work packages or segments.
reserve amount is determined by costing out the accepted contingency or recovery plan.
setup to cover identified risks; allocated for specific segments or risks and are allocated to specific segments or risks and are allocated to risks associated with the total project.
Management Reserves (Contingency Funding and time Buffers pg 223-4).
Are large funds to be used to cover major unforeseen risks (e.g., change in project scope) of the total project.
Established after budget reserves are identified and funds established.
Independent projects controlled by project managers.
Time Buffers (Contingency Funding and time Buffers pg 223-4).
Amounts of time used to compensate for unplanned delays in the project schedule.
Severe risk, merge, noncritical, and scarce resource activities
Time dependent upon the inherent uncertainty.
Sometimes added to the end of project.
Step 4 Risk Response Control (pg 224-5)
RISK REGISTER-details all identified risks, including descriptions category, and probability of occurring, impact, responses, contingency plans, owners, and current status. Back Bone of Risk Response Control.
Manager must be sensitive to people not wanting to talk, need to establish comfortable/trusting atmosphere.
Complex project-repeat risk assessment with new info.
Keep stakeholders updated.
Key: Document responsibility, who’s assigned by mutual agreement.
Step 4 Risk Response Control (pg 224-5) Part 2.
1. Risk control: Execution of the risk response strategy; mistakes are normal; encourage discovering risks. .
Monitoring of triggering events.
Initiating contingency plans.
Watching for new risks.
2. Establishing a Change: Management System
Monitoring, tracking, and reporting risk.
Fostering an open organization environment.
Repeating risk identification/assessment exercises.
Assigning and documenting responsibility for managing risk.
3, Sources of Change: Project scope changes.
Implementation of contingency plans.
Improvement changes.
Change Control Management (pg 225-6)
A major element of risk control process.
Fall into three Categories:
1. Scope Changes in the form of design or additions represent big changes.
2. Implementation of contingency plans, when risk events occur, represent changes in baseline costs and schedules.
3. Improvement changes suggested by team members.
NOTE: change is inevitable, a well-defined change review and control process-set up early.
Change Control Management (pg 225-6) Part 2
Change Management Systems involve reporting, controlling, and recording changes to project baseline.
1.Identify proposed changes.
2. List expected effects of proposed changes on schedule and budget.
3.Review, evaluate, and approve or disapprove of changes formally.
4.Negotiate and resolve conflicts of change, condition, and cost.
5. Communicate changes to parties affected.
6. Assign responsibility for implementing change.
7. Adjust master schedule and budget.
8. Track all changes that are to be implemented
Change Control Process (Change Control Management pg 225-6)
Step 1. Change originates.
Step 2. Change Request submitted.
Step 3. Review Change Request.
Step 4 Approved? Yes- go to step 5; No- go to step
Step 5. Update Plan of Record
Step 6. Distribute for action.
NOTE: Of Particular importance is assessing the impact of the change on the project.
NOTE: use Change Request forms and logs to track proposed changes.
NOTE: Requires integration into the WBS and baseline.
Change Control Process logs Request Forms (Change Control Management pg 225-6)
Need the following as a minimum:
1. Description of the change.
2. the impact of not approving the change.
3. impact of the change on project scope/schedule/cost.
4. Defined signature paths for review.
5. Tracking log number.
NOTE: summarize the status.
1. Source and date of change.
2. Document codes for related information.
3. Cost estimates.
4. current status of request.
Plan of Record Change Control Process (Change Control Management pg 227)
the current official plan for the project in terms of scope, budget, and schedule.
Serves as the benchmark for future request: baseline for evaluating project process.
Benefits of a Change Control System Change Control Process (Change Control Management pg 228)
1. Inconsequential changes are discouraged by the formal process.
2. Costs of changes are maintained in a log.
3. Integrity of the WBS and performance measures is maintained.
4. Allocation and use of budget and management reserve funds are tracked.
5. Responsibility for implementation is clarified.
6. Effect of changes is visible to all parties involved.
7. Implementation of change is monitored.
8. Scope changes will be quickly reflected in baseline and performance measures.