Managing Risk

By: khawaja Talha Aleem

Risk Management
Planning and Control Processes
 Risk: anything not in the project plan that may
occur and cause your project to be late, cost more
or compromise its quality/performance.

 Risk is an opportunity as well as a threat:

“You don’t put power brakes on a car to slow it down -

you do so to allow it to go faster.”
-Mark Davies, KPMG

 We will concentrate on the threat.

2 Module 1 - Introduction
Four Steps of Risk Management
1. Identification
 Anticipate the risk
 List the risks, event triggers, symptoms
2. Analysis
 Evaluate probability, impact
 Qualitative vs Quantitative
3. Risk Response
 Strategy Development to mitigate the risk:
 Eliminate the risk or reduce impact
 Contingency planning
4. Risk Control
 Monitor
 Update lists, strategies
 Action the contingency plan
 Fight the fires Which is most important??

3 Module 1 - Introduction
Step 1: Risk Identification
Anticipate the Risk
Risk Checklist at Preliminary Planning Time (Risk Taxonomy)

 Are we proposing the right solution?

 Any risk in technical components?
 Performance expectations reasonable?
 Is the hardware standard?
 How much experience do we have with it?
 Is the operating software standard? Well documented?
 How much experience do we have with it?
 Is the development method standard? Well documented?
 How much experience do we have with it?
 Any component availability risks?

4 Module 1 - Introduction
Step 1: Risk Identification
Risk Checklist at Preliminary Planning Time (Risk Taxonomy)
(cont’d)

 Does failure of this application affect the customer’s business?

 Is the project over 6 months? 12 months? 24 months?
 Does it need over 5 people?
 Are we dependent on third party resources? Internal?
External?
 Who is the project manager?
 Who is the project leader/architect?
 Are the resources available when needed?
 Who is the client?
 Have we worked with this client? How is our relationship?
 Is client available when needed?

5 Module 1 - Introduction
 Step 1: Risk Identification: Inputs
 Risk Checklists, The WBS, Environment:
NATURAL
SENIOR ENVIRONMENTS
MANAGEMENT

CORPORATE
POLICY
AND CULTURE
POLITICAL

PROJECT/ REGULATORY
CORPORATE PM AND LEGAL
PROGRAMS

& FINANCIAL HUMAN FACTORS

TECHNOLOGY
ECONOMIC HEALTH & SAFETY

History of past Similar Projects

6 Module 1 - Introduction
Step 2: Risk Analysis
Evaluate Probability and Impact into three
levels: Low, Medium, High:

Probability Criteria:

Probability Rank Description

High Greater than 66% probability of occurring

Medium 34 to 65% probability of occurring
Low Less than 33% probability of occurring

7 Module 1 - Introduction
Step 2: Risk Analysis
Impact Criteria:

Impact Rank Description

Schedule High Could add over 25% delay to the completion

of the project
Medium Could add over 10% delay to the completion
of the project
Low Could add less than 10% delay to the completion of
the project, or delays a non critical deliverable
Cost High Could add more than 25% to the project budget
Medium Could add between 10 and 25% to the project budget

Low Could add less than 10% to the project budget

Quality

Determine a combined impact level based on which constraint is most affected

8 Module 1 - Introduction
Step 2: RiskDraw
Analysis
a Risk Table to Summarize
Wonderful Management Tool/Report

Prob. Low Medium High

Impact
3. Lack of skilled staff, 2. Time estimate and 1. Lack of commitment.
organization slow to hire funds inadequate for the Headquarters may have to
High adequate staff; may scope of this project; assume more responsibility;
will result in project delay,
delay implementation. may be late and over cost overruns.
budget.
6. Cannot get office space 5. Expecting major scope 4. Not enough time spent
for staff; may cause changes from clients; planning, lack of
Medium communication problems, may cause delay and understanding of problem;
delaying the execution cost escalation. may take longer/
phase. cost more than anticipated.

Low

9 Module 1 - Introduction
Step 3: Risk Response
Strategy Development:
Reduce the Probability and/or Impact of the Risk

Risk Mitigation: Reducing the probability and/or impact

 Take immediate action. Can be risk avoidance (if
eliminated) or risk reduction (still there, but probability
or impact is reduced).
Contingency Plans
 Take action only when the risk is imminent or has
occurred
Or Acceptance (do nothing), depends on Risk Tolerance

10 Module 1 - Introduction
Risk as a Monetary Value
Tempering the Estimate

 Estimate range is
 ESTIMATE ESTIMATE + RISK
 Try to work within the range, depending on how
crucial the accuracy has to be.
 If you can get several estimates
 Use the Standard Deviations to give you
confidence levels:
 Expected estimate +/- 1 SD gives you 68% confidence
 Expected estimate +/- 2 SD gives you 95% confidence
 Expected estimate +/- 3 SD gives you 99% confidence

11 Module 1 - Introduction
Thank You…….