Project Management

THE MANAGERIAL PROCESS Clifford F. Gray

Eric W. Larson
Third Edition

Chapter 7

Managing Risk

Risk Management Process Risk Management Process

• Risk • Some potential risks can be identify prior to
–Inherent in projects is the inability to control chance project start
events –Equipment
E i t malfunction
lf ti
–No amount of planning can overcome the negative • Risks can be anticipated consequences
impact of every unplanned event
–Schedule slippage or cost overruns
• Definition:
• Risks can be beyond imagination
–In the context of projects, risk is an uncertain event that,
–Sept 11, 2001
if it occurs,, has a positive
p or negative
g effect on the
project objectives • Risks can have positive consequences
• A risk has a cause and, if it occurs, a consequence –Unexpected price reduction in materials
–It will impact the cost, schedule, and/or project quality

1
 Risk Management Process Risk Event Graph (p.198)
• Risk Management • Chances of risk event occurring (time/cost
–A proactive attempt to recognize and manage internal estimates, design technology) are greatest in
events and external threats that affect the likelihood of the concept
concept, planning
planning, and start-up
start up phases of
a project’s success. project
• Identifies as many risk events as possible (what can go wrong) • Cost of such an occurrence is less if the event
• Minimizes the risk event’s impact (consequences)
occurs earlier rather than later
• What can be done before an event occurs (anticipation)
• Early project stages is the best time to minimize
the impact of potential risk events
• What to do when an event occurs (contingency plans)
• The cost of risk event occurrence increases
• Provides contingency funds
rapidly past the halfway point of the project
–Mars Orbiter (Thrust: Metric vs. Standard)
• Check and balance processes were not followed

Risk Management’s Benefits Risk Sources

• A proactive rather than reactive approach. • Limitless

–External (threats)
• Reduces surprises and negative consequences
consequences. • eg.,
eg inflation
inflation, market acceptance
acceptance, exchange rates
rates,
government regulation
• Prepares the project manager to take advantage • Dealt with through contingency
• Considered prior to project go-ahead
of appropriate risks.
• Not discussed here (out of PM control)
• Provides better control over the future.
–Internal
• Improves chances of reaching project • Project Specific
performance objectives within budget and on
time. –Fig 7.2, p. 199

2
 Step 1: Risk Identification Step 1: Risk Identification
• The goal is to find problems before they happen • During planning phase, a risk management
• Murphy’s Law is in effect attitude team generates a list of all possible risks
–Focus on big picture,
picture not specific events
• During planning phase, a risk management –Project-level risks are Macro risks. Do these first, then
team generates a list of all possible risks specific events
–Team consists of PM, key team members, estimators, –Use WBS to ensure all work gets covered
stakeholders, risk specialists –Different groups can work on different deliverables
–Use brainstorming and other problem identification • Risk profiling
techniques to identify potential problems –List
Li t off questions
ti to
t address
dd traditional
t diti l areas off project
j t
–Anything goes at this stage, analyze/filter later uncertainty
–Focus on events, not consequences –Questions are tailored to the specific project type
• E.g., schedule delay is consequence, events are adverse –Generated from historical experiences
weather, poor estimate of time, shipping problems

Step 2: Risk Assessment Step 2: Risk Assessment

• Sifting through the Part 1 list and stratifying the • Failure Mode and Effects Analysis (FMEA)
worthy concerns –Extends severity matrix
• Scenario analysis (most common method) • Impact
I txPProbability
b bilit x D
Detection
t ti = RiRiskk V
Value
l
–Answers questions • 1 to 5 scale
• What is the undesirable event? • Detection (1 = chimp can detect, 5 = too late to respond)
• What are all the possible outcomes of the event?
• Probability analysis
• What is the severity of the event’s impact?
• What is the probability of occurrence? –Decision trees, NPV, PERT
• When might
g the event occur? • Semiquantitative scenario analysis
• How does the event interact with other project parts?
–Based on the theory that time is the biggest / most
–Use scenario & risk assessment forms (p.203)
costly risk
–Can use a matrix (p.204)
• Red, Yellow, Green zones
–Develop 3 schedules: Pessimistic, Likely, Optimistic
–Helps to explain uncertainties

3
 Step 3: Risk Response Development Step 3: Risk Response Development
• Reduces stress and uncertainty • Five categories (cont.):
• Deciding the appropriate response for each event – Transferring Risk
• Paying
y g a premium
p to pass
p the risk to another party.
p y
• Five categories: – Who is in control of minimizing the risk event occurrence?
– Mitigating Risk (usually the first alternative considered) – Can the contractor absorb the risk?
• Reducing the likelihood an adverse event will occur. – Insurance
– Small scale test software installation – Sharing Risk
– Schedule outdoor work for summer months
• Allocating proportions of risk to different parties
– Invest in up-front safety training
– Entertainment industry’s DVD standard
– “Beef” up future estimates
– Owner / contractor risk sharing
• Reducing the impact the adverse event will have on the project
project.
– Retaining Risk
– Redundant portable concrete plants for continuous pour cement
• Making a conscious decision to accept the risk.
– Can absorb
– Avoiding Risk – Develop contingency plan
• Changing the project plan to eliminate the risk or condition.
– Adopting proven instead of experimental technology

Contingency Planning Contingency Planning

• Contingency Plan • Risks of Not Having a Contingency Plan
– An alternative plan that will be used if a possible foreseen risk
–Having no plan may slow managerial response.
event actually occurs
occurs.
– A plan of actions that will reduce or mitigate the negative impact –Decisions made under pressure can be potentially
of a risk event. dangerous and costly.
– Answers What, Where, When, How –Stress and uncertainty
– Facilitates a smooth transition to the work-around plan
– Conditions for plan activation should be documented
– Plan should include a cost estimate
– Plan should be discussed with, developed with, and distributed to
all responsible parties
– Risk Response Matrix (p. 209)

4
 Methods for Handling Risks Methods for Handling Risk
• Technical Risks • Costs Risks
– What if the system or process does not work? – Most are created in technical and schedule estimates
– Backup strategies if chosen technology fails – Time/cost dependency
p y link
– One approach: • Cost increases as schedule increases
• Assess whether technical uncertainties can be resolved – Cash Flow Decisions
• Simultaneously implement reliable system
• Deciding to delay the schedule to solve cash flow problems should
• Schedule Risks be avoided
– Use of slack increases the risk of a late project finish. – Price protection risks (a rise in input costs)
– Imposed duration dates (absolute project finish date) • increase if the duration of a project is increased.
• Top
p down • Should evaluate price risk item by item
• Increases cost risk as well
• Funding Risks
– Compression of project schedules due to a shortened project
– Changes in the supply of funds for the project can dramatically
duration date.
affect the likelihood of implementation or successful completion
• Use best people for critical activities of a project.
• Work activities in parallel
– Pet projects of new management vs. old

Contingency Funding Time Buffers

• Contingency Funds • Time Buffers
–Funds to cover project risks (identified and unknown) –Schedule Contingency
• Size
Si off funds
f d reflects
fl t overallll risk
i k off a project
j t –Add
Add b
buffers
ff to:
–Budget reserves • Activities with severe risk
• Are linked to the identified risks of specific work packages • “Merge activities” prone to delays due to chance of preceding
• Should be added to management reserve if unused activity delays
–Management reserves • Non-critical activities
• Activities with scarce resources
• Are large funds to be used to cover major unforeseen risks
(
(e.g., change
h in
i project
j t scope)) off the
th total
t t l project.
j t • The whole schedule (management decision)
• Determined after budget reserves are evaluated

5
 Step 4: Risk Response Control Change Control Management
• PMs need to manage risk just as schedule and budget • 3 main change categories
– Risk control
–Scope (design/additions)
• Execution of the risk response
p strategy
gy
• Monitoring of triggering events • Customer initiated
• Initiating contingency plans –Contingency plan initiation
• Watching for new risks
–Improvement changes (value engineering)
• Tendency is to hide risk
• Contractor initiated
– Culture: Do they “kill the messenger” or are mistakes are
severely punished • Change control involves
• Key: Document Responsibility –Reporting, controlling, and recording changes to the
– “Not my yob” baseline
– Weekly meetings, including minutes, signed off by all

Change Management Control Change Management Control

• CMC must include: • Process: (p.216, Fig 7.9)
–Identification of proposed changes • Change Request form (p.217, Fig. 7.10)
–Listing of expected effects to budget and schedule • Change Log (p.218, Fig. 7.11)
–Formal review, evaluation, dis/approval methods • Change control system must integrate with
–Negotiation to resolve conflicts the baseline
–Communication of changes to all parties • Document, Document, Document!
–Assignment of responsibility of change implementation
–Adjustment of master schedule and budget
–Tracking of all project changes

6
 Benefits of a Change Control System
1. Inconsequential changes are discouraged by the
Project Management
THE MANAGERIAL PROCESS Clifford F. Gray
formal process. Eric W. Larson
Third Edition
2 Costs of changes are maintained in a log
2. log.
3. Integrity of the WBS and performance measures is
maintained.
4. Allocation and use of budget and management
reserve funds are tracked.
5. Responsibility for implementation is clarified.
6. Effect of changes is visible to all parties involved.
7. Implementation of change is monitored.
8. Scope changes will be quickly reflected in baseline Chapter 7 Appendix

and performance measures. PERT and PERT Simulation