beyond pmp: risk management
TRANSCRIPT
BEYOND PMP:�RISK MANAGEMENT
ABHINAY VERMA
Purpose of this document
Learning about project management doesn’t end when you pass the PMP exam. PMP teaches a methodology that every practitioner must follow. However, the PMP content is quite detailed and is geared for large projects and many small projects, typically in IT industry, do not follow all processes described in the PMBOK. As a result, many PMP certified project managers either forget what their learnt or start thinking that most of what they studied is not relevant for their roles. This slide deck is intended for all of us who wish to retain the most important and practice advice that PMP taught us irrespective of how big or small our projects are.
RISK MANAGEMENT
Why Risk Management Matters Risk Management is the most important activity for a project manager because: ü It helps prevent problems ü Reduces potential impact of problems ü Saves time and money on the project
Risk Management activities are an integral part of a project manager’s daily work.
Key Concepts Uncertainty
Risk Averse
Risk Factors
Threats & Opportunities
Risk Tolerance
Risk Threshold
Uncertainty is a lack of knowledge about any event that makes it difficult to predict the outcome of the event.
Risk Averse is the characteristic of someone who doesn’t want to take risks or chances.
Risk Factors include things like how likely is the risk occurrence, impact, frequency and timing.
If the outcome of a risk event is positive, it is an opportunity. If the outcome is negative, it is a threat.
It is the degree to which a person or an organization is willing to accept risk.
Risk Factors include things like how likely is the risk occurrence, impact, frequency and timing.
Sources of Risk
Scope Schedule
Cost Resources
Quality Stakeholders
Risk Categorization Risks can be categorized in various ways. Some PMs categorize risks using the source of the risk and some may use other approaches. One approach that is often used is:
Technical Unforeseeable
Internal External
Risks caused due to technical factors, software or hardware issues, patches or changes in technology.
Risks caused by factors internal to the project or the organization such as scope, cost, staffing, planning etc.
Only a small number of risks will actually fall under this category. E.g. Tsunami, Flash floods, terrorist attacks etc.
Risks caused by regulatory, government, environmental factors etc.
Risk Management Process Steps
Plan Risk Management
Identify Risks
Perform Risk Analysis
Plan Risk Response
Monitor and Control Risks Throughout
Risk Analysis Risk Analysis is the process of analyzing risks, their probability and potential impact to determine which of the risks warrant a response. Planning a risk response for every risk, irrespective of their impact, would be an expensive process. Therefore, it is important to determine which ones are worth managing.
Risks to be targeted
Quantitative Risk Analysis
Qualitative Risk Analysis
Qualitative Risk Analysis
Qualitative Risk Analysis is a subjective analysis of the risks. • Every risk is assigned a probability like High, Low and Medium (or using a scale of 1 to 3) • Impact of every risk is assigned a value too. Again, Low, Medium, High or using a scale.
Shortcomings of Qualitative Risk Analysis Such analysis is highly subjective in nature. What one person considers critical, may not be critical for somebody else.
Therefore, to ensure consistent risk analysis, organizations need to develop a rating system. Probability and Impact matrix is one such tool.
Quantitative Risk Analysis
Quantitative Risk Analysis is a numerical analysis of the risks. It is also known as risk assessment. • A quantified probability (80%, 60%) is determined for every risk. • Impact of every risk is measured in terms of amount at stake.
Expected Monetary Value Analysis (EMV) Calculating EMV of every risks helps rank the risks to understand which ones definitely deserve a thorough response planning.
EMV of a risk = Probability of the risk x Impact (Amount at Stake)
Monte Carlo Simulation Monte Carlo Analysis uses simulation to simulate the cost and schedule of the project over a high number of iteration. This calculates the overall risk of the project. It results in a probability distribution and determines the probability of completing the project on a specific day or for a specific cost.
Risk Register Risk Register is the project artifact where all data about risks is stored and maintained. Please note that risk register is updated throughout the project.
Risk ID
Risk Description
Potential Responses
Root Cause
Risk Category
Risk Probability
Impact Risk Rank
As the risk management process progresses, more columns are added to the risk register as risk analysis results in more data being captured.
Risk Response Strategies - Opportunities The risk response strategies for Opportunities include:
Exploit Enhance
Share Accept
Try to make sure that the opportunity occurs.
Form a partnership or joint venture that will increase the chances to achieve the opportunity.
Increase the likelihood or the (positive) impact of the opportunity (risk event)
Do nothing. Accept the risk
Risk Response Strategies - Threats The risk response strategies for Threats include:
Avoid Mitigate
Transfer Accept
Eliminate the risk by removing the cause of the risk.
Make another party responsible for the risk by purchasing insurance or by outsourcing the work.
Reduce the likelihood or the (negative) impact of the threat (risk event)
Do nothing. Accept the risk
Some Terms to know Residual Risks
Contingency Plans
Secondary Risks
Risk Triggers
Fallback Plans
Reserves
Risks remaining after the risk response planning. These include risks that have been accepted. Stakeholders must be informed about risks that have been accepted.
These are plans that describe what will be done when the risk event occurs.
These are risks created as a result of implementing any risk response strategy. For example, risks associated with outsourcing the work.
Risk triggers are events that triggers the contingency response.
These are plans that describe what will be done if the contingency plan is not effective. Think of these as Plan B.
Reserves are funds for time and cost that are maintained to cover risks and is an important part of cost management planning. Contingency reserves are for known risks that have been identified during risk planning process and are used to address residual risks. Management reserves are for those risks that could not be identified during risk management process.
Risk Management – Errors to avoid
Ø Cost and schedule are finalized without completing identifying all risks and completing risk management.
Ø Risk management is not given due attention during project execution.
Ø Risks are not discussed in every project meeting.
Ø Procurements are completed before all risks to the project have been discussed.
Ø Project Manager does not involve team members and other stakeholders in the risk management process.