Chapter 5: Project Risk Analysis and Management

5.1 Introduction to Project Risk

Projects are unique, complex in nature, based on assumptions and done by
people.
Projects are therefore subject to a excess of uncertainties, i.e. risks and
opportunities, that can affect their objectives.
Although the activity is normally referred to as project risk management, it
covers both risk and opportunity management. Potential positive and negative
outcomes deserve equal attention.
The objectives of project risk management are to increase the probability and/or
impact of opportunities and to decrease the probability and/or impact of risks,
to improve the likelihood of project success.
Risks and opportunities represent two sides of the same coin, but with a very
different impact.

1
 Introduction to Project Risk
Risks are defined as uncertain future events or conditions that, if it occurs, could
negatively influence the achievement of business, or project, objectives.
Opportunities are defined as uncertain future events or conditions that, if it
occurs, could positively influence the achievement of business, or project,
objectives.
It is always beneficial to start with a SWOT analysis of a business or project to
identify potential risks and opportunities.
Weaknesses and Threats give rise to risks and Strengths and Opportunities lead to
opportunities for achieving the objectives.
Risk management is the systematic process of planning for, identifying, analyzing,
responding to, and monitoring project risk. It is the art and science of identifying,
assigning and responding to risk throughout the life of a project and in the best
interest of meeting project objectives.

2
 Introduction to Project Risk
Project risk management includes:
 Risk identification: determining which risks are likely to affect a project.
 Risk quantification: evaluating risk to assess the range of possible project
outcomes.
 Risk response development: taking steps to enhance opportunities and developing
responses to threats.
 Risk response control: responding to risks over the course of the project.

3
 5.2 Types of Project Risk
Project Risk
A) Internal Risk:
a) Local: Labor, Materials, Plant, Site and Sub-contractor
b) Global: Construction, Client, Design, Environmental, Financial, Management and Location
B) External Risk: Economic, Physical, Political and Technical
Different types of risks can affect the viability of a project. Which are explained as
below:
Social risks: They cover the well-being of the workforce and the community. The
includes the health and safety of these stakeholders. It also addresses matters like
relocation, skills shortages, corporate social investment and training.
Technical risks: They address the risks that the selected process technologies will not
meet the business or project objectives, i.e. product quality and plant availability
issues. First-of-a-kind technologies and large scale-ups of proven technologies are
normally problematic.

4
 Types of Project Risk
Economic risks: They cover the profitability of the venture. It includes issues like equipment
cost, feedstock and product prices, logistics cost, effect of project cost overruns, effect of
schedule slip, etc.
Environmental risks: They cover potential impacts on air, water and groundwater, as well as
smells, noise and visual impacts on stakeholders. Included are compliance and reporting
risks to the responsible authorities, in line with the environmental management plan for the
facility.
Political risks: They address the likelihood of political instability and strikes in the country
and region where a facility is being planned or operated. Will the process facility be a high-
profile target in case of instability? Will political risks influence the supply chains?
Legal risks: These are risks associated with the specific legal framework within which the
business must operate. Are carbon taxes applicable? What is the likelihood of it becoming a
reality? What legislation is in the pipeline that can impact on the sustainability of a venture.

5
 Types of Project Risk
Organizational risks: They cover the structure and ownership of the company
responsible for the establishment and operation of a process facility. What are the
risks that a specific partner brings to the deal? It also addresses the issue of having
a lean organization structure and suitably qualified and experienced personnel in
key positions.
IT risks: Information technology risks are shown separate from the technical risks
due to the unique character thereof. Chemical plants require process control
systems, communication systems and business systems to interact and function
seamlessly.
Commercial risks: They include potential problems associated with contractual
agreements which can lead to delays, cost overruns or counterclaims. Here we
include risks associated with the marketing of final products and the governance
thereof.

6
 5.3 Analysis of Major Sources of Risk
A typical project is always associated with risks. It is important to understand the source of
project before identifying and analysis of risk because it is easier for a project team to
realize the root of the problem before solving it.
1) Common Sources of Risk
A) Project size and complexity:
 Effort hours
 Calendar time
 Estimated budget
 Team size (number of resources)
 Number of sites
 Number of business units
 Number of system borders
 Number of dependencies on other projects
 Number of dependencies on other systems
 Degree of business change

7
 Common Sources of Risk
B) Requirements:
 Volatile requirements
 Unrealistic or aggressive performance standards
 Complex requirements
C) Change Impact:
 Replacement or new system
 Impact on business policies
 Impact on business processes
 Impact on organizational structure
 Impact on system operations

8
 Common Sources of Risk
D) Organization:
 Changes to project objectives
 Lack of priorities
 Lack of project management "buy-in" and support
 Inadequate project funding
 Misallocation and mismanagement of resources
E) Sponsorship:
 Lack of strong executive commitment
 Lack of clear ownership
 Loss of political support

9
 Common Sources of Risk
F) Stakeholder involvement:
 All key stakeholders not identified
 Missing "buy-in" from a key stakeholder
 Stakeholder needs not completely identified
 Key stakeholders not fully engaged
G) Schedule:
 Estimate assumptions are not holding true
 Schedule contingency is not adequate
H) Funding:
 Reduction in available capital
 Cash flow issues
 Inflation or exchange rate factors

10
 Common Sources of Risk
I) Facilities:
 Adequate for team productivity requirements
 Adequate for project security requirements
J) Team:
 Full-time or part-time roles
 Location of team members
 Can't find desired resources
 Lack of experience
 Lack of business knowledge
 Lack of skills
 Lack of commitment
 Personal issues
 Lack of prior experience working together
11
 Common Sources of Risk
K) Technology:
 Missing technical data
 Use of unproven technology
 Use of non-standard technology
 Development approach
 Level of complexity
L) Vendors and Suppliers:
 Contract types
 Risk-reward elements
 Procurement process
 Experience with vendor/supplier
12
 Common Sources of Risk
M) External factors:
 Changing weather conditions
 Changes in legal and regulatory environment
 Approvals from governmental agencies
 Political changes
N) Business factors:
 Time-to-market
 Mergers and acquisitions
 Economic events
 Market conditions
O) Assumptions and Constraints:
 It may create schedule, costs, resource, or quality risks
13
 Common Sources of Risk
P) Project management:
 Lack of experience
 Poor leadership
 Poor communications
 Lack of contingency plans
 Inadequate risk management
2) Project Planning Sources of Risk
A) Project management:
 Improperly defined project deliverables
 Incomplete planning
 Improper procedures
 Not defining clear roles and responsibilities
 Lack of contingency plans
 Inadequate risk management
 Inadequate attention to the right details
 Inadequate resource staffing
14
 Project Planning Sources of Risk
B) Project Definition:
 Unrealistic objectives
 Inconsistent objectives
 Incomplete scope definition
 Inconsistent scope definition
 Improperly defined project deliverables
C) WBS:
 Not reviewed and approved by stakeholders
 Missing tasks
 Lack of team understanding
 Missing project management activities
 External dependencies not identified and understood

15
 Project Planning Sources of Risk
D) Project Schedule:
 Missing task dependencies
 Tasks not clearly assigned
 Resources over-allocated
 Calendar realities not factored
 Inadequate contingency or reserve
E) Project budget:
 Poorly developed cost estimates
 Missing cost sources
 Inadequate contingency or reserve
F) Requirements:
 Incomplete requirements
 Poorly defined requirements
G) Assumptions and Constraints:
 Not completely defined
16
 5.4 Effective Management of Project Risk
A) Risk Management Planning
The risk management plan tells us how we’re going to handle risk in our project. It
documents how we’ll assess risk, who is responsible for doing it, and how often
we’ll do risk planning (since we’ll have to meet about risk planning with our team
throughout the project).
Some risks are technical, like a component that might turn out to be difficult to
use. Others are external, like changes in the market or even problems with the
weather.
It’s important to come up with guidelines to help us figure out how big a risk’s
potential impact could be. The impact tells us how much damage the risk
would cause to our project.
Many projects classify impact on a scale from minimal to severe, or from very low
to very high. our risk management plan should give us a scale to help figure out
the probability of the risk. Some risks are very likely; others aren’t.
17
 B. Risk Identification
A more disciplined process involves using checklists of potential risks and
evaluating the likelihood that those events might happen on the project.
Some companies and industries develop risk checklists based on experience from
past projects. These checklists can be helpful to the project manager and project
team in identifying both specific risks on the checklist and expanding the thinking
of the team.
A team considers:
 Risks – what might go wrong
 Opportunities – better methods of achieving the project’s purposes and need
 Triggers – symptoms and warning signs that indicate whether each risks is likely to occur
The past experience of the project team, project experience within the company,
and experts in the industry can be valuable resources for identifying potential risk
on a project.

18
 B. Risk Identification
Identifying the sources of risk by category is another method for exploring
potential risk on a project. Some examples of categories for potential risks
include the following: Technical, Cost, Schedule, Client, Contractual, Weather,
Financial, Political, Environmental and People.
We can use the same framework as the work breakdown structure (WBS) for
developing a Risk Breakdown Structure (RBS). A risk breakdown structure
organizes the risks that have been identified into categories using a table with
increasing levels of detail to the right.
The people category can be subdivided into different types of risks associated
with the people. Examples of people risks include the risk of not finding people
with the skills needed to execute the project or the sudden unavailability of key
people on the project.

19
 C. Qualitative and Quantitative Risk Analysis
Qualitative Risk Analysis:
The qualitative risk analysis process is performed to prioritize project risks for
further analysis or action by assessing their probability of occurrence and impact in a
project.
It attempts to rank risks into high, medium, and low categories, depending on the
severity of impact and the probability of an event occurring in a project.
The team assesses each identified risk for it’s probability of occurring and it’s
impact on project objectives.
A benefit of this risk analysis process is that it allows project managers to
concentrate on high-priority risks and reduce the level of uncertainty.

20
C. Qualitative Risk Analysis

Fig: Risk and Impact

21
 C. Quantitative Risk Analysis

Quantitative risk analysis is a way of numerically estimating the probability that

a project will meet it’s cost and time objectives. It is based on a simultaneous
evaluation of the impact of all identified and quantified risks.
It involves statistical techniques that are most easily used with specialized
software. There is a positive correlation—both increase or decrease together—
between project risk and project complexity.
One benefit of this procedure is that it produces quantitative risk information to
support decision making that reduces project uncertainty.
In analyzing risks, construction practitioners apply tools such as decision trees,
Delphi techniques, expert judgment, influence diagrams, Monte Carlo
Simulations, probabilistic analysis, and sensitivity analysis

22
 D. Risk Response Planning
When we are planning our project, risks are still uncertain: they haven’t happened
yet. But eventually, some of the risks that we plan for do happen, and that’s when
we have to deal with them. There are four basic ways to handle a risk.
 Avoidance: The best thing we can do with a risk is avoid it. If we can prevent it from
happening, it definitely won’t hurt our project. The easiest way to avoid this risk is
to walk away from the cliff, but that may not be an option on this project. A
common risk avoidance technique is to use proven and existing technologies rather
than adopt new techniques, even though the new techniques may show promise of
better performance or lower costs.

23
 D. Risk Response Planning
 Mitigation: If we can’t avoid the risk, we can mitigate it. This means taking some sort
of action that will cause it to do as little damage to our project as possible. After the
risk has been identified and evaluated, the project team develops a risk mitigation
plan, which is a plan to reduce the impact of an unexpected event. The project team
mitigates risks in various ways: avoidance, sharing, reduction and transfer. Each of
these mitigation techniques can be an effective tool in reducing individual risks and
the risk profile of the project. The risk mitigation plan captures the risk mitigation
approach for each identified risk event and the actions the project management team
will take to reduce or eliminate the risk.
 Transference: One effective way to deal with a risk is to pay someone else to accept it
for us. The most common way to do this is to buy insurance. Risk sharing involves
partnering with others to share responsibility for the risky activities. Many
organizations that work on international projects will reduce political, legal, labor, and
others risk types associated with international projects by developing a joint venture
with a company located in that country.

24
 D. Risk Response Planning
 Acceptance: When you can’t avoid, mitigate, or transfer a risk, then we have to
accept it. But even when we accept a risk, at least you’ve looked at the
alternatives and we know what will happen if it occurs. If we can’t avoid the risk,
and there’s nothing we can do to reduce it’s impact, then accepting it is your only
choice.

Fig: Risk Management Options

25
 E. Risk Monitoring and Control
Project risk monitoring and control is a process of tracking identified risks,
identifying and analyzing new risks, monitoring the implementation of risk response
plans, and assessing the effectiveness of risk management processes throughout a
project.
Construction organizations should regularly give special attention to the importance
and usage of project risk monitoring and control practices to improve the success
rate of a project.
Since risks impact project performance, risks must be properly controlled,
monitored, and handled to ensure successful project delivery.
Unmonitored or uncontrolled risks could cause cost overruns, scheduling delays,
inferior project performance, and, ultimately, project failure (Khan & Gul, 2017).

26
 E. Risk Monitoring and Control
Risks must be proactively identified, assessed, analyzed, mitigated, monitored,
and controlled throughout the life cycle of a project.
Risks are more likely to occur during the execution of construction projects,
which can result in reduced project performance.
Project risk monitoring and control process involves risk tracking, risk
identification, risk analysis (qualitative and quantitative analysis), risk response
planning, and risk response plan implementation.

27
 E. Risk Monitoring and Control

Fig: The Project Risk Monitoring and Control Process

28