Project Risk Management

Project Risk
Management
Oleksa Stelmakh
PMP, SBU Manager
04/01/2011

Risk Management Trainings
Page 2 of 50
ProjectRiskManagementbyOleksaStelmakh.SoftServe(c)2011

Project Risk
Project risk is an uncertain event or condition
that, if it occurs, has a positive or a negative
effect on at least one project objective, such as
Time, Cost, Scope, Quality
Page 3 of 50

Risk Management Objective
Increase the probability and impact
of positive events
Decrease the probability and impact
of events adverse to the project
Page 4 of 50

Risk Management Process
Risk
Management
Planning
Risk
Identification
Qualitative
Risk Analysis
Quantitative
Risk Analysis
Risk
Response
Planning
Risk
Monitoring
and Control
Page 5 of 50

Risk Management Planning
Page 6 of 50

Risk Management Planning: Outputs
Methodology
Roles and responsibilities
Timing
Risk categories (RBS)
Definitions of risk probability and impact
Probability and impact matrix
Page 7 of 50

Type of Risks
Technical
Resource
Personnel
Communications
Legal & Regulatory
Force Majeure
Page 8 of 50

Risk Breakdown Structure (RBS)
Technical
Requirements
Technology
Performance
Quality
External
Subcontractors
Regulatory
Market
Customer
Organizational
Dependencies
Resources
Funding
Prioritization
Project
Management
Estimating
Planning
Controlling
Communication
Page 9 of 50

Risk Impact Definition
Project
Objective
Very low /.05 Low /.10 Moderate /.20 High /.40
Very high
/.80
Cost
Insignificant cost
increase
<10% cost
increase
10-20% cost
increase
20-40% cost
increase
>40% cost
lincrease
Time
Insignificant time
increase
<5% time
increase
5-10% time
increase
10-20% time
increase
>20% time
increase
Scope
Scope decrease
barely noticeable
Minor areas of
scope affected
Major areas of
scope affected Scope/Quality
reduction
unacceptable
to sponsor
Project end
item is
effectively
uselessQuality
Quality
degradation
barely noticeable
Only very
demanding
applications are
affected
Quality
reduction
requires sponsor
approval
Page 10 of 50

Risk Identification
Page 11 of 50

Risk Identification
 Forms
 Checklist
 Sticky Notes
 Prompt list
(RBS)
 Historical
records
 Pre-mortem
 Brainstorming
 Affinity Diagrams
 Expert interview
 Nominal group
interview
 Delphi technique
 Fishbone
technique
 SWOT
Page 12 of 50

Identification Order
• Brainstorming
• Interview
• Delphi
Step-1
• Historical records
• RBS
• Checklist, forms
Step-2
• Pre-mortem
• Affinity Diagram
• Other
Step-3
When
to stop?
Page 13 of 50
Do it until it seems stupid

Risk Identification: Outputs
Risk Register
List of
identified
risks
List of
potential
responses
Root
causes of
risk
Updated
risk
categories
Page 14 of 50

Qualitative Analysis
Impact
High-High High Medium Low Low-low
100% 80% 60% 40% 20%
Probability
High-high 85% 0.85 0.68 0.51 0.34 0.17
High 65% 0.65 0.52 0.39 0.26 0.13
Medium 45% 0.45 0.36 0.27 0.18 0.09
Low 25% 0.25 0.20 0.15 0.10 0.05
Low-low 5% 0.05 0.04 0.03 0.02 0.01
Page 15 of 50

Quantitative Analysis
Page 16 of 50

Quantitative Analysis:
Expected Monetary Value
Risk Name Type Probability Cost Impact EMV
Risk 1 Threat 30% $10,000 $3,000
Risk 2 Threat 20% $5,000 $1,000
Risk 3 Threat 80% $2,500 $2,000
Risk 4 Threat 15% $20,000 $3,000
Risk 5 Threat 20% $2,500 $500
Risk 6 Opportunity 5% -$20,000 -$1,000
Risk 7 Opportunity 50% -$10,000 -$5,000
Contingency Reserve $3,500
Cost of
Activities
Contingency
Reserve
Management
Reserve
Project
Budget
Page 17 of 50

Quantitative Analysis: Decision Tree
Net Path
Value
Chance
Node
Chance
Node
Decision
Node
Decision
Definition
Build or
Upgrade?
Invest
120K
65%
Reward
200K
52K
35%
Reward
80K
-14K
Invest
50K
65%
Reward
100K
33K
35%
Reward
80K
11K
Page 18 of 50

Quantitative Analysis: Decision Tree
Cost Reward Net Path Net Path EMV EMV
Build -$120
Strong demand 65% $200 $80 $52
$38
Weak demand 35% $80 -$40 -$14
Upgrade -$50
Strong demand 65% $100 $50 $33
$43
Weak demand 35% $80 $30 $11
Page 19 of 50

Quantitative Analysis:
Monte Carlo Simulation
Estimate Distribution
0.0%
20.0%
40.0%
60.0%
80.0%
100.0%
20.0
25.0
30.0
35.0
40.0
45.0
50.0
55.0
60.0
65.0
70.0
75.0
80.0
85.0
90.0
95.0
100.0
105.0
110.0
115.0
120.0
Cumulative Estimate
Probability Prob. Est.
50% 70.00
75% 72.50
90% 77.50
95% 80.00
98% 82.50
99% 82.50
100% 120.00
Task
Optimistic
(0%)
Pessimistic
(100%)
Task-1 1 6
Task-2 1 6
Task-3 1 6
Task-4 1 6
Task-5 1 6
Task-6 1 6
Task-7 1 6
Task-8 1 6
Task-9 1 6
Task-10 1 6
Task-11 1 6
Task-12 1 6
Task-13 1 6
Task-14 1 6
Task-15 1 6
Task-16 1 6
Task-17 1 6
Task-18 1 6
Task-19 1 6
Task-20 1 6
Total 20 120
Page 20 of 50

PERT Estimation
Optimistic
Most Likely
Pessimistic
Activity Name Optimistic Cost Most Likely Cost Pessimistic Cost PERT Cost
Activity-1 2 3 5 3.17
Activity-2 7 10 15 10.33
Activity-3 10 12 20 13.00
Activity-4 15 20 30 20.83
Activity-5 1 2 6 2.50
Activity-6 2 2 5 2.50
Activity-7 3 4 6 4.17
Total 40 53 87 56.50
Page 21 of 50

Risk Response Planning
Page 22 of 50

Risk Response Strategies
PMBok PRINCE2 T-like Other Options Opportunities
Avoidance Prevention Tolerate Exploit
Mitigation Reducuction Terminate Control Enhance
Transfer Transference Transfer Allocate Share
Accept Acceptance Treat Accept
-Active (Contingent strategy) Contingency
-Pasive
Avoid Transfer Mitigate Accept
Active
(Contingency)
Passive
(Do Nothing)
Page 23 of 50

Risk Response Planning
Avoid Transfer Mitigate Accept
Active
(Contingency)
Passive
(Do Nothing)
Page 24 of 50
 Mitigation or Contingency
 Risk Response owner
 Several options

Risk Management Process
Long list of
risks
identified
Short List
(Qualitative &
Quantitative)
Risks
eliminated by
plan change
Probability
and impact
reduced by
plan change
Residual
risks
Additional
watchlist
items
Contingenc
y plan
Fallback
plan
Secondary
risks
Watchlist
Risk Register
Time & Cost
Reserve
Final Plan
Monitoring &
Control
Page 25 of 50

Risk Responses: Reserves Calculation
Percent
Guess
EMV
Monte Carlo Simulation
Cost of
Activities
Continge
ncy
Reserve
Managem
ent
Reserve
Project
Budget
Critical
path
duration
Continge
ncy
Reserve
Managem
ent
Reserve
Project
Schedule
Page 26 of 50

Mitigation vs. Contingency vs. Recovery
Planning Risk
Management
Accepting Risks
Page 27 of 50

Mitigation vs. Contingency vs. Recovery
If contingency plans cost money, why shouldn't we
just wait and see which problems arise?
Mitigation,
Contingency
Recovery
Recovery costs usually greatly outweighs…
Page 28 of 50

Strategies for Recovery
Re-sequencing the project
Adding resources
Changing the scope
Changing the approach
Page 29 of 50

Exercise: Mitigation vs. Contingency
Mitigation vs. Contingency?
1. Unit integration early in the project;
2. Load test early in the project;
3. Rotating tasks among developers;
4. Buying more powerful server then actually needed;
5. Prototyping;
6. Peer code review;
7. Making sure there is an alternative way of integrating
decoupled systems;
Page 30 of 50

Mitigation vs. Contingency
Mitigation
1. Unit integration early in the project;
2. Load test early in the project;
5. Prototyping;
6. Peer code review;
Contingency
3. Rotating tasks among developers;
4. Buying more powerful server then actually needed;
7. Making sure there is an alternative way of integrating
decoupled systems;
Page 31 of 50

Risk Monitoring and Control
 ONGOING PROCESS
for the life of the project
Identifying, analyzing, planning for new
Reanalyzing existing
Monitoring triggers for contingency
Monitoring residual
Page 32 of 50

Risk Management: Quiz
• Mitigation
• Transfer
• Acceptance
• Avoidance
1. “Limitations” and “Out of
scope” sections of project
proposal are examples of
risk
• Quantitative basis
• Numerical basis
• Qualitative basis
• Econometric basis
2. You are finding it difficult
to evaluate the exact cost
impact of risks. You should
evaluate on a(n)
• A list of risks
• A list of triggers
• A list of the risk response owners
• An understanding of project risks
3. Which of the following is
the BEST way to describe
the outputs of risk
identification?
• Risk identification
• Qualitative risk analysis
• Risk response planning
• Risk monitoring and control
4. What risk management
process MOST affects the
project management plan?
Page 33 of 50

Risk Management: Quiz
• Mitigation
• Transfer
• Acceptance
• Avoidance
1. “Limitations” and “Out of
scope” sections of project
proposal are examples of
risk
• Quantitative basis
• Numerical basis
• Qualitative basis
• Econometric basis
2. You are finding it difficult
to evaluate the exact cost
impact of risks. You should
evaluate on a(n)
• A list of risks
• A list of triggers
• A list of the risk response owners
• An understanding of project
risks
3. Which of the following is
the BEST way to describe
the outputs of risk
identification?
• Risk identification
• Qualitative risk analysis
• Risk response planning
• Risk monitoring and control
4. What risk management
process MOST affects the
project management plan?
Page 34 of 50

The End of Part-1. Questions?
Page 35 of 50

Part 2
Typical Risk Management Errors
Risk Management in Scrum
Risk Management at SoftServe
Page 36 of 50

Typical Error #1
 Project is estimated long BEFORE
risks to the project are discussed
Plan Scope
Plan
Schedule
Plan
Budget
Contract
Sign-off
Plan
Risks
Plan Scope
Plan
Schedule
Plan
Budget
Plan
Risks &
Reserve
Contract
Sign-off
Page 37 of 50

Typical Error #2
 Risk identification happens only once
before performance appraisal during
project planning
Risk
Identification
Risk
Identification
Risk
Identification
Risk
Identification
Page 38 of 50

Typical Error #3
 Risks are not identified using the
cause-risk-effect format
Cause Risk Effect
Code quality produced by the
team is insufficient
Cause Risk Effect
Due to lack of code
review, pair programming,
code inspections tools and
junior project staff there
were few cases of poor
code inspected
What means that
overall code
quality may be
insufficient
Causing huge number
of defects causing
rework and project
delays
Page 39 of 50

Well-Defined Risks
Page 40 of 50
EVENT may occur, causing
IMPACT
If CAUSE, EVENT may occur,
leading to EFFECT

Typical Error #4
 The risks identified are general
rather than specific
Cause Risk Effect
Communication issues
Cause Risk Effect
Due to time
difference and
just 1h of
overlapping
Requirements clarifications
may not always be completed
with PO
Causing delay and
reworks impacting the
schedule
Due to team co-
location
User story and acceptance
may be not documented in
details
Saving extra project
time
Page 41 of 50

Typical Error #5
 Some things considered to be risks
are not uncertain; they are facts,
and are therefore not risks
Cause Risk Effect
There is no access to Hyland environment
Continuous integration is missing on the
project
Lack of EMS knowledge
Team Reduction
Team member will be leaving for a
maternity leave
Requirements are unclear
Requirements are unstable
Junior project staff
Page 42 of 50

Different Fruits
 Work Package, Task, Defect
 Action Item
 Risk
 Assumptions, Decisions, Risks,
Issues, Action items, Next Steps,
Opportunities (ADRIANO)
Page 43 of 50

Typical Errors
Page 44 of 50
6. Whole categories of risks missed
7. Too brief list during risk
identification
8. Team not familiar with risk
management
9. Opportunities are not identified
10. Only estimation risks are managed
11. Sole person (usually PM) is doing
whole risk management

Does Scrum encompass
Risk Management process?
Page 45 of 50

 Scrum itself covers majority of project
risks
 Scrum does not automatically mean
complete risk management process
Release
Planning
Sprint
Planning
Sprint Demo
Daily Scrums
Scrum of
Scrums
Retrospective
Page 46 of 50

Thank You!
Page 47 of 50

Project Risk Management

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a Project Risk Management

Semelhante a Project Risk Management (20)

Último

Último (20)

Project Risk Management

Notas do Editor