Managing Project Planning

Risk

1
• Project risk management is the art and science of
identifying, assigning, and responding to risk
throughout the life of a project and in the best
interests of meeting project objectives
• Risk management is often overlooked, but it can help
improve project success by helping select good
projects, determining project scope, and developing
realistic estimates

2
 What is risk?
• A dictionary definition of risk is “the possibility of
loss or injury”
• Project risk involves understanding potential
problems that might occur on the project and how
they might impede project success
• Risk management is like a form of insurance; it is
an investment.

3
 Why take risks?

Try to balance risks and opportunities

Risks Opportunities

4
 Risk utility
• Risk utility or risk tolerance is the amount of
satisfaction or pleasure received from a potential
payoff
• Utility rises at a decreasing rate for a person who is
risk-averse
• Those who are risk-seeking have a higher tolerance for
risk and their satisfaction increases when more payoff
is at stake
• The risk neutral approach achieves a balance between
risk and payoff

5
9. Risk utility function

6
Common source of risks for IT projects

• Several studies show that IT projects share some

common sources of risk
• The Standish Group developed an IT success
potential scoring sheet based on potential risks
• McFarlan developed a risk questionnaire to help
assess risk
• Other broad categories of risk help identify
potential risks

7
 9. Risk types
• Market risk: Will the new product be useful to the
organization or marketable to others? Will users accept
and use the product or service?
• Financial risk: Can the organization afford to undertake the
project? Is this project the best way to use the company’s
financial resources?
• Technology risk: Is the project technically feasible? Could
the technology be obsolete before a useful product can be
produced?

8
 9. Technology risk
David Anderson, a project manager for Kaman Sciences Corp.,
shared his lessons learned from a project failure in an article for CIO
Enterprise Magazine.
After spending two years and several hundred thousand
dollars on a project to provide new client-server based financial and
human resources information systems for their company, Anderson
and his team finally admitted they had a failure on their hands.
Anderson admitted that he was too enamored by using
cutting edge technology and took a high-risk approach on the project.
He "ramrodded through" what the project team was going to do, and
he admitted that he was wrong.
The company finally decided to switch to a more stable
technology to meet the business needs of the company.

Hildebrand, Carol. “If At First You Don’t Succeed,” CIO Enterprise Magazine, April 15, 1998

9
 9. What is project risk?
• The goal of project risk management is to minimize potential
risks while maximizing potential opportunities. Major
processes include
• Risk identification: determining which risks are likely to affect a
project
• Risk quantification: evaluating risks to assess the range of
possible project outcomes
• Risk response development: taking steps to enhance
opportunities and developing responses to threats
• Risk response control: responding to risks over the course of
the project

10
 9. Identifying risk
• Risk identification is the process of understanding
what potential unsatisfactory outcomes are
associated with a particular project
• Several risk identification tools include checklists,
flowcharts, and interviews

11
 9. Potential risk areas
Knowledge Area Risk Conditions
Integration Inadequate planning; poor resource allocation; poor integration
management; lack of post-project review
Scope Poor definition of scope or work packages; incomplete definition
of quality requirements; inadequate scope control
Time Errors in estimating time or resource availability; poor allocation
and management of float; early release of competitive products
Cost Estimating errors; inadequate productivity, cost, change, or
contingency control; poor maintenance, security, purchasing, etc.
Quality Poor attitude toward quality; substandard
design/materials/workmanship; inadequate quality assurance
program
Human Resources Poor conflict management; poor project organization and
definition of responsibilities; absence of leadership
Communications Carelessness in planning or communicating; lack of consultation
with key stakeholders
Risk Ignoring risk; unclear assignment of risk; poor insurance
management
Procurement Unenforceable conditions or contract clauses; adversarial relations
12
 9. Quantifying risk
• Risk quantification or risk analysis is the process of
evaluating risks to assess the range of possible project
outcomes
• Determine the risk’s probability of occurrence and its
impact to the project if the risk does occur
• Risk quantification techniques include expected
monetary value analysis, calculation of risk factors, PERT
estimations, simulations, and expert judgment

13
9. Expected Monetary Value

14
 9. Simulation for quantifying risk
McDonnell Aircraft Company used Monte Carlo simulation to help
quantify risks on several advanced-design engineering projects. The
National Aerospace Plan (NASP) project involved many risks. The
purpose of this multi-billion dollar project was to design and develop a
vehicle that could fly into space using a single-stage-to-orbit approach.
A single-stage-to-orbit approach meant the vehicle would have to
achieve a speed of Mach 25 (25 times the speed of sound) without a
rocket booster. A team of engineers and business professionals
worked together in the mid-1980s to develop a software model for
estimating the time and cost of developing the NASP. This model was
then linked with Monte Carlo simulation software to determine the
sources of cost and schedule risk for the project. The results of the
simulation were then used to determine how the company would
invest its internal research and development funds. Although the
NASP project was terminated, the resulting research has helped
develop more advanced materials and propulsion systems used on
many modern aircraft.
15
 9. Expert judgment
• Many organizations rely on the intuitive feelings
and past experience of experts to help identify
potential project risks
• The Delphi method is a technique for deriving a
consensus among a panel of experts to make
predictions about future developments

16
 9. Response to risk
• Risk avoidance: eliminating a specific threat or
risk, usually by eliminating its causes
• Risk acceptance: accepting the consequences
should a risk occur
• Risk mitigation: reducing the impact of a risk event
by reducing the probability of its occurrence

17
 9. Risk Mitigation Strategies
Technical Risks Cost Risks Schedule Risks
Emphasize team support Increase the frequency of Increase the frequency of
and avoid stand alone project monitoring project monitoring
project structure
Increase project manager Use WBS and PERT/CPM Use WBS and PERT/CPM
authority
Improve problem handling Improve communication, Select the most experienced
and communication project goals understanding project manager
and team support
Increase the frequency of Increase project manager
project monitoring authority
Use WBS and PERT/CPM

18
 9. Risk planning
• A risk management plan documents the
procedures for managing risk throughout the
project
• Contingency plans are predefined actions that the
project team will take if an identified risk event
occurs
• Contingency reserves are provisions held by the
project sponsor for possible changes in project
scope or quality that can be used to mitigate cost
and/or schedule risk

19
 9. Risk management
questions
• Why is it important to take/not take this risk in relation to
the project objectives?
• What specifically is the risk and what are the risk mitigation
deliverables?
• How is the risk going to be mitigated? (What risk mitigation
approach is to be used?)
• Who are the individuals responsible for implementing the
risk management plan?
• When will the milestones associated with the mitigation
approach occur?
• How much is required in terms of resources to mitigate risk?

20
 9. Response to risks
• Risk response control involves executing the risk
management processes and the risk management
plan to respond to risk events
• Risks must be monitored based on defined
milestones and decisions made regarding risks and
mitigation strategies
• Sometimes workarounds or unplanned responses
to risk events are needed when there are no
contingency plans

21
 9. Tracking risks
• Top 10 risk item tracking is a tool for maintaining
an awareness of risk throughout the life of a
project
• Establish a periodic review of the top 10 project
risk items
• List the current ranking, previous ranking, number
of times the risk appears on the list over a period
of time, and a summary of progress made in
resolving the risk item

22
 9. Example for risk tracking
Monthly Ranking
Risk Item This Last Number Risk Resolution
of Months Progress
Month Month
Inadequate 1 2 4 Working on revising the
planning entire project plan
Poor definition 2 3 3 Holding meetings with
of scope project customer and
sponsor to clarify scope
Absence of 3 1 2 Just assigned a new
leadership project manager to lead
the project after old one
quit
Poor cost 4 4 3 Revising cost estimates
estimates
Poor time 5 5 3 Revising schedule
estimates estimates

23
9. Tools for tracking risks
• Databases can keep track of risks
• Spreadsheets can aid in tracking and quantifying
risks
• More sophisticated risk management software
helps develop models and uses simulation to
analyze and respond to various project risks

24
9. Good project risk management
• Unlike crisis management, good project risk
management often goes unnoticed
• Well-run projects appear to be almost effortless,
but a lot of work goes into running a project well
• Project managers should strive to make their jobs
look easy to reflect the results of well-run
projects

25