Risk Management Flashcards
quantitative vs. qualitative risk
quantitative - delay of days, budget increase
qualitative - low, medium, high
-
qualitative first, quantitative if appropriate
- Qualitative analysis may be enough to show a risk is either acceptable or unacceptable
pro-actively minimising the probability and impact of risks, leads to …
- increases opportunity
- improves supplier negotiation
- better scheduling and budgeting
- clearly defined ownership for each risk
- less stressful environment
when does risk management occur in the project cycle
- During the initiation the risks are identified
- Output is a risk management plan
What does the risk management plan contain?
- Criteria for acceptability and tolerability (score board)
- Risk register
- Internal and external interfaces
What does the risk management plan require to start with?
- project needs to be well defined
- corporate risk policies may be followed
Techniques for risk identification
Document extensitvely and Review
- Assumption analysis
- Other project documentation (inside or outside the organisation)
Ask people
- Team (kick-off meeting, brainstorming)
- Interviews with stakeholders, questionnaires
- Delphi technique
Tools
- SWOT analysis
- Cause Effect Analysis
What is the Delphi Technique + pros and cons?
asking a panel of experts successively
a method of group decision-making and forecasting that involves successively collating the judgments of experts
Benefits
- Can be done “remotely”
- Final position is agreed
Limitations
- Need good experts
- Time-consuming
- Needs a good facilitator
Cause & Effect Analysis / Fishbone Diagram / Ishikawa Diagram
- Finds root cause and expose common risk areas
- Diagrams can help show the thinking
- Useful (facilitated) group activity
Articulating risks
A. An [external event] occurs, …
B. because [interacting with an aspect of the project], which …
C. causes a significant [effect] on the objectives.
- Sentences like this can be managed
- Vague risk descriptions just cause fear, doubt, etc.
- Use such sentences for assessment and in risk register
Assessing risks structurally
- risk events linked?
- shared root causes?
- Can risks be combined / single response strategy?
- Use project network to identify risk interdependence
Assessing risks owership-wise
- Who is responsible for managing the risk?
- including further evaluation/response strategy
- Particular importance is whether customer or supplier is responsible
- will be reflected in contractual requirements
- Responsibility may be changed at response strategy stage (if good response, less risk)
one qualitative risk assessment technique
Probability-Impact Matrix

P-I Matrix: assigning scores for each scale point
- probability score grows in an arithmetic scale (+2)
- impact score grows in an geometric scale (x2)
- this emphasises the relevance of the impact.
Low probability, high impact risks are more relevant than risks with high probability and low impact.

Type of Risk:
- Requirements
- Technical
- Resource
- Information
- Supplier
Look for concentration of risk in particular area(s), like …
- Time / Cost / Quality
- PBS / WBS / OBS
- Requirements/Technical/Resource/Information/Supplier
planning responses
- Identify options (treatment strategies)
- should be SMART
- consider effect on project objectives
- Cost / Benefit evaluation
- Prepare action plans
- Finalise and agree risk owner
What are threats and what to do with them?
Threats are risks with adverse consequences
may have more than one treatment for each risk
- Accept – do nothing (if very low risk)
- Avoid – change or abandon goals, processes or activities and replace with alternatives that remove the risk (e.g., exchange material used).
- Reduce probability – look at cause / effect analysis and take action.
- Reduce impact – develop plans for responding to the threat if it occurs (recovery plan).
- Share or transfer – share risks in part or full with another stakeholder. For example, passing back time / cost overrun risks to a contractor (see Procurement session, contract pricing methods); taking out insurance against fire, theft, loss, damage, etc.
What are opportunities and how to handle them?
Opportunities are risks with positive consequences
tendency to focus on threats
- Reject – may be too small or too large to be worth exploiting.
- Exploit – change the project scope to take advantage of the opportunity should the event come to pass (e.g., market research shows interest in an additional product).
What is a Risk Register / Risk Log
when is it created
+ characteristics
+ example layout
Key output of risk management process
- A summary of all risks and their status
- continually reviewed
- Full version of register prepared at definition phase

Implementation Response
- Ensure risk owner takes responsibility for actions
- Establish contingency fund (money set aside for risks)
risk vs. issue
- risks = what might happen
- issues = what is happening
risks become issues if the “risk event” happens
Issue management process
(5 phases)
Definition: How are issues going to be managed throughout the project?
- How issues will be raised and managed, and the process of escalation of issues to the next managerial level.
Identification: What is the issue and what is its impact?
- Issue Log
- Who has raised the issue and when
- What the impact of the issue is on the project’s goals
- Who is responsible for resolving the issue
- What has been done to resolve it, and the date it has been resolved
Escalation: Who has responsibility for resolving the issue?
Monitoring and reporting: what is happening to resolve the issue?
- Keep updating issue log.
Resolution: how has the issue been resolved?
- Issues may be resolved in a number of ways:
- change to objectives in terms time, cost, or quality
- the project schedule may be changed to cope with availability of resources
- further activities may be generated