Chapter 7Chapter 7Managing risk and qualityManaging risk and quality

Learning objectives• discuss the importance of risk in a project and how it

can be managed• explain the processes of risk planning, risk assessment

and risk control• describe tools used in risk management and how to use

them effectively• explain the process of contingency planning in project

management

Learning objectives (continued)• discuss the importance of quality to project management• explain three important quality management processes• outline key contributions to quality management by

Deming, Juran and Crosby• explain how to determine the total cost of quality• describe simple tools used in statistical process control

and how to use them effectively

Risk and risk management

• A project risk is often described as:– any event with an undesirable outcome for the project

that may happen sometime in the future.

• The 2000 edition of the Guide to the Project Management Body of Knowledge (PMI, 2000) states that a project risk is:– an uncertain event or condition that, if it occurs, has a

positive or negative effect on a project outcome.

The two categories of risk

• Speculative risk - meaning a chance of a loss or chance of a profit

• Pure risk - meaning only a chance of a loss

The risk management plan will take account of risks arising from

3 principal sources:

1) Factors under project control

2) Factors in the wider external environment which are only controllable by decision makers elsewhere

3) Factors that are essentially uncontrollable

Project risks are characterised by the fact that:

• they are usually at least partially unknown• they change with time• they are manageable, in the sense that

action may be taken to change their impact

• they exist only in the future tense – there are no past risks, only actual occurrences

• they exist in all projects.

Risk management is about balancing the harmful effects of

risk against potential project benefits.

Risk management can be divided into two types of activities:

• Risk assessment activities

• Risk control activities

Risk assessment

• The following activities are associated with risk assessment:– Risk identification– Risk analysis– Risk prioritisation

Identification of risks• The process of risk identification should:

– examine all areas of a project in a systematic manner

– be proactive rather than reactive – use information from all available sources. For

example:• previous lessons learned files and other historical

information about the project and its context• all planning outputs to date including work breakdown

structures, schedule and cost plans• the project charter, industry-wide and organisation-

wide risk checklists• feasibility reports

Risk analysis

• About establishing the probability of occurrence and the impact of occurrence of all identified project risks

• Once these two variables have been determined, the risk exposure of the project to each risk can be calculated using the equation: – Risk exposure = probability of risk x impact of risk

Risk prioritisation

• This method should consider the following three factors:

1) Probability of the risk occurring2) Impact of the risk – which can be broken

down further, for example, into:• impact on schedule • impact on cost• impact on performance

3) Cost and resources required to mitigate the risk

Tolerability of risk (ToR)• A ToR framework defines three bands of risk: intolerable,

tolerable and negligible

Risk response planning• Purpose is simply to bring organised, purposeful thought to the

subject of:– eliminating risk wherever possible– isolating and minimising risk– developing alternative courses of action– establishing time and money reserves to cover risks that cannot be avoided

• The output of this process is a risk response plan• There are six types of response to risk:

1. Avoidance 4. Transfer2. Mitigation 5. Absorption or pooling3. Acceptance 6. Knowledge and research

Contingency planning - if all else fails…

• A contingency plan should identify:– alternative resources and/or processes for completing

mission critical tasks (for example using manual labour for a task that has been automated)

– resources needed to launch and maintain such processes

– lead time for the substitute processes to become functional

– trigger point that causes a contingency plan to be activated

Quality management

About managing the quality of the products, services and processes associated with a project

International Organisation for Standardisation (ISO)

• The ISO standards specify the requirements which determine what elements a quality system has to contain - but do not specify how a specific company should implement them

• The basic approach to quality management used in a project should be compatible with ISO and with approaches to quality management such as those recommended by Deming, Juran and Crosby

DemingPlan-do-study-act cycle

Juranfitness for purpose

Crosby• Best known in relation to concepts of ‘do it right

first time’ and ‘zero defects’• Based on four absolutes of quality management:

1) Quality is defined as conformance to requirements, not as ‘goodness’ or ‘elegance’

2) The system for causing quality is prevention, not appraisal

3) The performance standard must be zero defects, not ‘that’s close enough’

4) The measurement of quality is the price of nonconformance, not indices

The cost of quality

• There are three elements to the cost of quality:1. Prevention costs2. Appraisal costs3. Failure costs

• The total cost of quality is the sum of all three.

Total cost = Failure + Appraisal + Prevention of quality costs costs costs

Quality control tools

• Are helpful to identify, quantify and then reduce the costs of quality

• Primary aim is to assure satisfactory quality in all processes

• Designed to be easy-to-use tools for quality control, which can be used by anyone involved in a project

The tally sheet (or tick chart)

The Pareto chart

A scatter diagram

Control charts