Project Risk Management

What is Risk Management?

The process of identifying, assessing and prioritizing risks followed by the coordinated efforts to minimize, monitor and control the impact of those risks on a project.

Risk Management Processes

• Planning

• Identifying Risks

• Perform Risk Qualitative Analysis

• Perform Risk Quantitative Analysis

• Plan Risk Responses

• Implement Risk Responses

• Monitor Risks

Plan Risk Management

defining how to conduct risk management activities for a project.

Identifying Risks

identifying individual project risks as well as sources of overall project risk, and documenting their characteristics.

Perform Risk Qualitative Analysis

prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics.

Perform Risk Quantitative Analysis

numerically analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives.

Plan Risk Responses

developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks.

Implement Risk Responses

implementing agreed-upon risk response plans.

Monitor Risks

monitoring the implementation of risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.

Individual Project Risk

an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.

Overall Project Risk

the effect of uncertainty on the project as a whole, arising from individual risks, representing the exposure of stakeholders to the implications of variations in project outcome, both positive and negative.

Risk Management Plan

a component of the project management plan that describes how risk managementactivities will be structured and performed.

Risk Strategy

the general approach to managing risks on a project.

Methodology

Defines the specific approaches, tools, and data sources that will be used to perform risk management on the project.

Roles and Responsibilities

Defines the lead, support, and risk management team members for each type of activity described in the risk management plan, and clarifies their responsibilities.

Funding

Identifies the funds needed to perform activities related to Project Risk Management. Establishes protocols for the application of contingency and management reserves.

Timing

Defines when and how often the Project Risk Management processes will be performed throughout the project life cycle, and establishes risk management activities for inclusion into the project schedule.

Risk Categories

A grouping for individual risks. A common way to structure risk categories is with a risk breakdown structure (RBS), which is a hierarchical representation of potential sources of risks.

Risk Breakdown Structure

An RBS helps the project team consider the full range of sources from which individual project risks may arise. This can be useful when identifying risks or when categorizing identified risks.

Risk Register

details of identified individual project risks. The results of Perform Qualitative Risk Analysis, Plan Risk Responses, Implement Risk Responses, and Monitor Risks are recorded in the risk register as those processes are conducted throughout the project.

Content of Risk Register

• List of Identified risks

• Potential Risk Owners

• List of potential risk responses

Strategies for Threats

• Escalate

• Avoid

• Transfer

• Mitigate

• Accept

Escalate

is appropriate when the project team or the project sponsor agrees that a threat is outside the scope of the project or that the proposed response would exceed the project manager's authority.

Avoid

acts to eliminate the threat to protect the project. This may change some aspect of the project plan or the objective to eliminate the threat completely.

Transfer

shifting ownership of a threat to a third party to manage the risk and to bear the impact if the threat occurs. This involves payment of a risk premium to the party taking on the threat. Transfer can be achieved by a range of actions, which include but are not limited to the use of insurance, performance bonds, warranties, guarantees, etc.

Mitigate

action is taken to reduce the probability of occurrence and/or impact of a threat.

Accept

acknowledges the existence of a threat, but no proactive action is taken. This strategy may be appropriate for low-priority threats, and it may also be adopted where it is not possible or cost-effective to address a threat in any other way.

Acceptance; Active

Something is done to reduce impact; a contingency reverse is set to deal with threat.

Acceptance; Passive

No action is taken to reduce impact.

Strategies for Opportunities

• Escalate

• Exploit

• Share

• Enhance

• Accept

Exploit

This strategy seeks to capture the benefit associated with a particular opportunity by ensuring that it definitely happens, increasing the probability of occurrence to 100%.

Share

involves transferring ownership of an opportunity to a third party so that it shares some of the benefit if the opportunity occurs. Risk sharing often involves payment of a risk premium to the party taking on the opportunity. Examples of sharing actions include forming risk-sharing partnerships, teams, special-purpose companies, or joint ventures.

Enhance

is used to increase the probability and/or impact of an opportunity. Early enhancement action is often more effective. The probability of occurrence of an opportunity may be increased by focusing attention on its causes.