Introduction

• General
  • What is risk?
  • 6 questions to define the project
  • The key areas of concern
  • What should risk analysis provide?
  • 3 Ways to view risk management
  • General comments on risk assessment
  • Accountability
  • General comments on planning
  • What are the core process steps to assess a risk?
  • Simple process outline
  • What are the basic overall process steps?
  • Stakeholders
  • Success measures
  • Why carry out Risk Assessment?
• Project Life Cycle
  • Project Life Cycle
  • Project Life Cycle - concept
  • Project Life Cycle - plan
  • Project Life Cycle - execute
  • Project Life Cycle - termination
  • Project Life Cycle - general points

• Terminology
  • Clarification of terms
  • Basic statistical terms

The Risk Management process

• General
• Define
  • Define the project
  • Define the project management process
• Identify the risks and responses
• Organise - prioritise risks and responses
• Ownership - risks, responsibilities and contractors
• Estimation
  • Size the risks
  • Simple estimating of risk
  • Cumulative probability graph
  • Simple estimating of risk - more detail
  • Simple estimation problems
  • Obtaining the estimates
  • Breakdown of variables
• Evaluation
  • Estimates
  • Independent correlation
  • Cumulative probability graph
  • Positive correlation
  • Cumulative probability graph
  • Negative correlation
  • Conditional correlation
  • Cumulative probability graph
  • Cumulative probability graph 2
• Planning
  • Ways to modify plans
  • Plans and strategies
  • Types of plans
  • Dependencies - 4 basic types
  • Dependencies - 4 basic types
    part 2
  • Manage - plans and strategies

Risk issues

• General
  • Identify risk issues
  • Other issues
  • The contractor
  • Other aspects
  • Risk combination
• Assessment of risk
  • Common methods of assessing risk
  • Common methods of assessing risk 2
  • Issue based
  • Checklists
  • Qualitative method
  • Quantitative method
  • Quantitative method part 2
  • Quantitative method part 3
  • Quantitative method part 4

Modelling

• Cost models
  • Simple cost model
  • Cost model
  • Cost model part 2
• Monte Carlo model
  • Monte Carlo simulation
  • Monte Carlo simulation 2
  • Monte Carlo simulation - output
  • Monte Carlo distribution
  • Monte Carlo risk distribution
  • How do we carry out the simulations?
  • Probability density function - PDF
  • PDF - Simplified version

Events

• Uncertain
  • Uncertain events
  • Uncertain events part 2
  • Uncertain events part 3
  • Uncertain events part 4
• Corellated
  • Risk of exceeding the target cost
  • Correlated events
  • Correlated events part 2
  • Correlated events part 3
• 3 point model
  • 2 pathways
  • Simple probability estimation
  • Collecting task information
  • Documentation
  • Task probability
  • Monte Carlo risk distribution
  • Multiple variables

Networks and branching

• Network
  • Simple network
  • Simple network - no lag
  • Simple network - with lag
• Branching
  • Simple branching
  • Complex branching
  • Complex branching part 2
  • Multiple branching
  • Multiple branching part 2
  • Multiple probability branching
  • Multiple probability branching
    part 2
  • Nodes and branching networks
  • Branching networks
• Production example
  • Production example
  • Production example part 2
  • Risk of exceeding target duration

Other

• Business forecast
  • Business forecast
  • Business schedule risk
  • Business revenue and profit risk
  • Business revenue and profit risk 2
  • Business profit simulation
• Other areas to consider when reviewing risk
• Markov chain
• General points to consider
• Task information
  • Risk assessment of a task
  • Risk assessment of a task part 2
• Human relations
  • Negatives
  • Benefits

The Risk Management process

DEFINE (the project management process)

In terms of Rudyard Kipling’s honest serving men we are concerned with identifying:

In other words, we will need to define exactly what the RISK MANAGEMENT PROCESS is, including the resource and then to plan how it will be managed.

WHO:

Make sure we get the backing of senior managers by finding out exactly what is required and getting suitable input from them.
In addition, make sure other managers and key staff are involved in the input.
This will include technical expertise and the make up of the risk analysis team.

Identify the communication channels and links between the risk analysis team and the other personnel.
The nature of the risk analysis team and its remit needs clarification. Do they report to the project manager or do they report to a higher level e.g. the board.

If the team reports to the board then they must be able to do this in an objective manner.

Remember that the efficiency of the project management team in general can be the highest risk to the project.
If the quality of staff is poor then this will need to be addressed early and not avoided.

Make sure that we maintain control of the risk management process. Although a body outside of the immediate organisation could carry out the risk assessment, this may cause its own problems. For example, contractors would view the project from their perspective.

Also, if the risk analysis team gains their information from groups within the organisation then each of these groups must be aware of the ramifications of their views. There should be an opportunity to modify parts of a report before it is presented to either the project manager or the board.

This step clarifies everyone’s role in the process.

The project manager will be accountable for all of the risk assessments and their conclusions even if he / she delegates part of the process to others.

WHY:

What is the point of the risk analysis?

Most project managers will need to know the potential budget for the project and more importantly will want to get it approved.
Many people will inflate a possible budget in order to increase the potential for success. This is not good practice for all sorts of reasons and may actually lead to project rejection from senior managers as being too expensive.
In order to avoid rejection, the project manager will need a better assessment of the cost.
A risk management process can provide this using quantitative analysis as well as a knowledge of the limits to the cost.

We will need to properly assess the risk of resources not turning up on time which can dramatically affect the project.

WHAT:

The problem with risk analysis is that it points out potential ‘problems’ that the board must either directly or indirectly take action to avoid.
This would seem to be a negative activity that the project manager is involved in which may not be appreciated by those higher up the ladder.
However, it is up to the project manager to raise such issues even if they are completely ignored.

Thus, the project manager has to take a top down view of the business risk situation with regard to the project. If the project manager dose not do this he will not clarify his / her position with respect to some of the risks raised. In most cases it will be the project manager’s responsibility to deal with them and for others it will be the direct responsibility of the board.

Once the business risk has been clarified the ‘project’ related ones can be identified in terms of potential costs or delays to the project.

When an assessment is complete the project may have a range of potential costs with even the extreme value having significant risk of being exceeded.
However, provided this is backed up by logical reasons and an associated plan of action to reduce the risk there should be no obvious problem when seeking project approval.

HOW:

How exactly do we intend to approach the risk analysis process?
The process used must fit the nature and size of the project.

This will include the type of model we wish to use to analyse the data.
One model in popular use has been PERT (Program Evaluation Review Technique) which traditionally uses activity – on – node diagrams etc.
However, early use of this technique to look at the relationships of activities did not take into account the dependent nature of one activity on another when considering the overall risk.

It is important to identify not only the risk but the underlying cause that may realise it. The response must vary according to the potential underlying cause.

WHEN:

It is clear that the risk management process should be an integral part of the project management process.
Risk management is not a nice to have aspect of project management [see ‘The Complete Project Management package’] and [see 'The Complete Project Management plus PRINCE2'].

We will need to have a good idea, depending on the nature of the project, of how long it will take us to carry out the assessment.
There is often a temptation, particularly with smaller projects, to put together the initial plan based upon a perceived assessment of all of the risks from individual departments. This may not afford the complete consideration that some of the risks may deserve and may miss key ones.

At the end of this phase you will need to:

• Document the activity
• Identify all input to the report and circulate it to check it for errors
• Check that the information content in the report is adequate and suitable for the forthcoming RISK MANAGEMENT PROCESS
• Circulate the report and present it as necessary

The output of this phase should decide if the risk management process will go ahead.
It is unlikely to be cancelled, but there may be problems if the process requires the identification of risks that the senior managers wish to ignore.

It is also possible that the project could be put on hold if, for example, issues have been raised that require further investigation and the gathering of more data. Some risks could be ‘put to one side’ if they are beyond the control of the project manager and the company.