Risk Analysis

WEDELITO SUMALINOG ARGANA

What Is Risk Analysis?
Risk Analysis is a process that helps you identify and
manage potential problems that could undermine key
business initiatives or projects.
The overall purpose of the management of risk process is
to help a decision-maker understand a situation, along with
the likely outcomes.
When Risk Analysis should be used?
When you're planning projects, to help you anticipate and neutralize
possible problems.
When you're deciding whether or not to move forward with a project.
When you're improving safety and managing potential risks in the
workplace.
When you're preparing for events such as equipment or technology
failure, theft, staff sickness, or natural disasters.
When you're planning for changes in your environment, such as new
competitors coming into the market, or changes to government policy.
Benefits of Risk Analysis
Saves time and money.
Reduces the level of uncertainty.
Decreases the impact of negative events.
Improves project controls.
Improves organizational learning.
Risk Analysis Steps
oRisk identification
Risk
oRisk assessment
Analysis
oResponse planning and implementation
oRisk monitoring and control
Identify
Assess Respond Identify
 1. Risk Identification
Determining and documenting the potential risk that could occur.
These can come from many different sources. For instance, they could be:
◦ Human – Illness, death, injury, or other loss of a key individual.
◦ Operational – Disruption to supplies and operations, loss of access to essential assets, or failures in
distribution.
◦ Reputational – Loss of customer or employee confidence, or damage to market reputation.
◦ Procedural – Failures of accountability, internal systems, or controls, or from fraud.
◦ Project – Going over budget, taking too long on key tasks, or experiencing issues with product or service
quality.
◦ Financial – Business failure, stock market fluctuations, interest rate changes, or non-availability of funding.
◦ Technical – Advances in technology, or from technical failure.
◦ Natural – Weather, natural disasters, or disease.
◦ Political – Changes in tax, public opinion, government policy, or foreign influence.
◦ Structural – Dangerous chemicals, poor lighting, falling boxes, or any situation where staff, products, or
technology can be harmed.
 Risk Identification Methods and Sources
To identify project risks are usually used typical information-gathering techniques
like the following listed:
•Brainstorming: is a method to enhance PT creativity. It consists of: identification of the appropriate
team to execute the brainstorming; constitution of the team and definition of the basic rules for the
Brainstorming performance; generation of new ideas; clarification of ideas and conclusion of the
Brainstorming session. The entire process is usually followed by a qualified facilitator
•Delphi method: is a method to gain the experts agreement or disagreement about a problem; the
experts should express their opinion about the problem (i.e. risk posed on the project), and a
process administrator should aggregate the opinions received (i.e. in a statistical form) and send
these back to the experts as anonymous feedback; the experts might revise their opinion and
generate new ideas or keep the previous; the process is repeated 4÷5 times, and the areas of
agreement or disagreement documented; the main advantage of this method is to avoid the direct
mutual influence on judgements among the experts
•Interviews: interviews are the simplest method and consist of asking various people their opinion
 Risk Identification Methods and Sources
•Checklist: provides a typical list of risks from literature
•Database: the collection of all risks experienced by the Company in the various projects; the database can be
inquired to decide whether a certain identified risk could reasonably occur, or which are the risks that the
project is exposed to.
•Cause / effect diagrams: are diagrams supporting the analysis of the root cause of the risk on which the
control strategy should operate
•Network analysis: the analysis of the project network to compute the impact of the activities' duration on
the project schedule; it allows the identification of the critical path, near critical paths, etc.
•Sensitivity analysis: is the technique that allows to understand the relative impact of several variables to the
entire problem; it consists in keeping all variables constant except one and modifying its value to assess its
importance in the problem
•Risk already identified might disappear and new risks might appear; and
•Risks already identified might change over the time in probability of occurrence and / or impact to
understand such variance, risk management process shall be repeated periodically during the project starting
from risk identification.
2. Risk Assessment
is the process of assessing the impact and likelihood of the identified
risks, thus prioritizing the risks according to their potential effect on
project objectives.
Helps to evaluate the significance of each risk.
Highlight the risks that present the greatest threat on the overall
objectives.
Risks should be prioritized according to their potential impact and
probability of occurring.
o Risk Impact is the effect the risk will cause if it occurs.
o Risk probability is a measure of the likelihood of the risk occurring.
The risk score helps guide risk responses
3. Risk Response Planning and Implementation
is the process of developing options and determining
actions to reduce threats to the project objectives
You need now to respond to the assessed risks by developing
options and actions to reduce the probability or impact.
Here you will apply strategies to deal with them effectively.
Response Strategies
Avoidance: It usually involves changing in the project plan such as:
o Extending the schedule.
o Reducing the scope.
o Spending money or hiring resources to eliminate the risk.
An example is when you hire a more skilled resource who is likely to
get the tasks done in less time.

Transference: Sharing the risk with someone else.

It is simply handling off the risk to another team, organization or a
third party.
Examples are outsourcing a service and buying an insurance.
Response Strategies
Mitigation: Involves carrying out work now to reduce the probability and/or
impact of a risk to be within the acceptable threshold limits.
It may include preventive, detective or testing possible ways to
reduce the risk.
Examples are: backing up the data to an offsite location and
choosing a more stable supplier.
Acceptance: An acceptable risk is the one that is tolerated because:
o There is nothing you can do to prevent or mitigate it.
o It is costly.
o It is difficult to implement.
One of the common acceptance strategies is to come up with a
contingency plan to cope with its consequences.
4. Controlling Risks
Improves the efficiency of the risk analysis process. Involves:
oMonitoring and re-assessing risks overtime.
oIdentifying new risks.
oEvaluating the effectiveness of the risk response strategies.
Performance information should be reviewed regularly:
oSchedule progress
oCosts incurred
4. Controlling Risks
Risk monitoring and control is an ongoing process during
the project lifecycle, the risks change as the project
develops, new risks arise, or some disappear.
Two different techniques can be used to
evaluate and prioritize risks:
Qualitative risk analysis
Qualitative risk analysis requires that the probability and consequences of the
risk be evaluated using established qualitative-analysis methods and tools,
describing them in terms such as very high, high, moderate, low, very low. These
two dimensions of risk are applied to each specific risk event and the results
may be plotted using a probability-impact matrix. It illustrates the simple
multiplication of the scale values assigned to determine whether a risk is
considered low, moderate or high.
Two different techniques can be used to
evaluate and prioritize risks:
Quantitative Risk Analysis
A quantitative risk analysis is a further analysis of the highest priority risks
during a which a numerical or quantitative rating is assigned in order to develop
a probabilistic analysis of the project.
A quantitative analysis:
oQuantifies the possible outcomes for the project and assesses the
probability of achieving specific project objectives
oProvides a quantitative approach to making decisions when there is
uncertainty
oCreates realistic and achievable cost, schedule or scope targets
Qualitative vs. Quantitative
Qualitative Quantitative
risk-level project-level
subjective evaluation of probability probabilistic estimates of time and
and impact cost

quick and easy to perform time consuming

no special software or tools may require specialized tools
required
Quantitative Risk Analysis Tools & Techniques
Three Point Estimate – a technique that uses the optimistic, most
likely, and pessimistic values to determine the best estimate.
Decision Tree Analysis – a diagram that shows the implications of
choosing one or other alternatives.
Expected Monetary Value (EMV) – a method used to establish the
contingency reserves for a project budget and schedule.
Quantitative Risk Analysis Tools & Techniques
Monte Carlo Analysis – a technique that uses optimistic, most likely,
and pessimistic estimates to determine the total project cost and
project completion dates. For example, we could estimate the
probability of completing a project at a cost of $20M. Or what is a
company wanted to have an 80% probability of achieving its cost
objectives. What is the cost to achieve 80%?
Sensitivity Analysis – a technique used to determine which risks
have the greatest impact on a project.
Fault Tree Analysis (FMEA) – the analysis of a structured diagram
which identifies elements that can cause system failure.
References
Rossi, P. (December, 2005). R(2000). Risk Management Process: methods, tools & techniques. Eni
Best Practices
Rossi, P. & Piantanida, M. (2007 May,). Supporting Project Management Processes with
integrated Software tools and database. PMI EMEA Global Congress, Budapest.
https://www.mindtools.com/pages/article/newTMC_07.htm
http://projectriskcoach.com/evaluating-risks-using-quantitative-risk-analysis/
https://www.pmi.org/learning/library/link-qualitative-quantitative-risk-assessment-7375