Project Risk Management

TU907/3 BSc in Logistics and SCM

2023
 Learning Objectives

• Define what is Project Risk and Project Risk Management

• Outline 7 Steps of the Project Risk Management Process
• Describe each of these 7 steps of the Project Management
Process – using the Inputs, Tools & Techniques and Outputs
approach
 What is Project Risk?
• Projects operate in an environment composed of uncertainty. There is
uncertainty regarding project funding, the availability of necessary
resources, changing client expectations, potential technical problems—
the list is seemingly endless.
• This uncertainty forms the basis for project risk and the need to engage in
risk management.
• Risk management, which recognises the capacity of any project to run
into trouble, is defined as the art and science of identifying, analysing
and responding to risk factors throughout the life of a project and in the
best interests of its objectives.
• The Project Management Institute (PMI)defines project risk as “an
uncertain event or condition that, if it occurs, has a positive or negative
effect on one or more project objectives.”
 What is Project Risk?
For the manager, the process of risk management includes asking the
following questions:
• What is likely to happen (the probability and impact)?
• What can be done to minimise the probability or impact of these
events?
• What cues will signal the need for such action (i.e., what clues
should I actively look for)?
• What are the likely outcomes of these problems and my
anticipated reactions?
 Project Risk Management
• Project Risk Management includes the processes of
conducting risk management planning, identification, analysis,
response planning, response implementation, and monitoring
risk on a project.

• The objectives of project risk management are to increase the

probability and/or impact of positive risks (i.e., opportunities)
and to decrease the probability and/or impact of negative
risks (i.e., threats) to optimise the chances of project success.
 Tailoring Considerations
Because each project is unique, it is necessary to tailor how Project Risk Management
processes are applied. Considerations for tailoring include but are not limited to the
following:
• Project size. Does the project’s budget, duration, scope, or team size require a more
detailed approach to risk management? Or is it small enough to justify a simplified
risk process?
• Project complexity. Is a robust risk approach demanded by high levels of innovation,
new technology, commercial arrangements, interfaces, or external dependencies
that increase project complexity? Or is the project simple enough that a reduced-risk
process will suffice?
• Project importance. How strategically important is the project? Is the level of risk
increased for this project because it aims to produce breakthrough opportunities,
addresses significant blocks to organisational performance, or involves major
product innovation?
• Development approach. Is this a waterfall project, where risk processes can be
followed sequentially and iteratively, or does the project follow an agile approach
where risk is addressed at the start of each iteration and during its execution?
 Project Risk Management Process Overview

Source: Kloppenborg et al. (2019)

 Step 1: Plan Risk Management
• Plan Risk Management is the process of defining how to conduct risk management
activities for a project.
• The key benefit of this process is that it ensures that the degree, type, and visibility
of risk management are proportionate to both risks and the importance of the
project to the organization and other stakeholders.
• This process is performed once or at predefined points in the project.

Source: PMBOK (2017)

 Step 1 Outputs: Risk Management Plan
Risk Management Plan: is a component of the project management plan that
describes how risk management activities will be structured and performed. The
risk management plan may include some or all of the following elements:
• Risk strategy. Describes the general approach to managing risk on this
project.
• Methodology. Defines the specific approaches, tools, and data sources
that will be used to perform risk management on the project.
• Roles and responsibilities. Defines the lead, support, and risk
management team members for each type of activity described in the
risk management plan and clarifies their responsibilities.
• Funding. Identifies the funds needed to perform activities related to
Project Risk Management. Establishes protocols for the application of
contingency and management reserves.
 Cont’d … Risk Management Plan
• Timing. Defines when and how often the Project Risk Management
processes will be performed throughout the project life cycle and
establishes risk management activities for inclusion into the project
schedule.
• Risk categories. Provide a means for grouping individual project risks. A
common way to structure risk categories is with a risk breakdown
structure (RBS), which is a hierarchical representation of potential sources
of risk. An RBS helps the project team consider the range of sources from
which individual project risks may arise. This can be useful when
identifying risks or when categorising identified risks.
 Risk Breakdown Structure (RBS)

Source: Pinto (2019)

 Cont’d … Risk Management Plan
• Stakeholder risk appetite. The risk appetites of key stakeholders on the project
are recorded in the risk management plan, as they inform the details of the
Plan Risk Management process. Stakeholder risk appetite should be expressed
as measurable risk thresholds around each project objective.
• Definitions of risk probability and impacts. Definitions of risk probability and
impact levels are specific to the project context and reflect the risk appetite
and thresholds of the organisation and key stakeholders. The project may
generate specific definitions of probability and impact levels, or it may start
with general definitions provided by the organisation. See Table 11-1 next
slide.
• Probability and impact matrix. Prioritisation rules may be specified by the
organisation in advance of the project. Opportunities and threats are
represented in a common probability and impact matrix using positive
definitions of impact for opportunities and negative impact definitions for
threats. See Table 11-5, next slide.
Source: PMBOK (2017)
Source: PMBOK (2017)
 Cont’d … Risk Management Plan

• Reporting formats. Reporting formats define how the outcomes

of the Project Risk Management process will be documented,
analyzed, and communicated. This section of the risk
management plan describes the content and format of the risk
register and the risk report, as well as any other required
outputs from the Project Risk Management processes.
• Tracking. Tracking documents how risk activities will be
recorded and how risk management processes will be audited.
 Step 2: Identify Risks
• Identify Risks is the process of identifying individual project risks and
sources of overall project risk and documenting their characteristics.
• The key benefit of this process is the documentation of existing
individual project risks and the sources of overall project risk.
• It also brings together information so the project team can respond
appropriately to identified risks.
• This process is performed throughout the project.
 Step 2 Outputs: Risk Register
Risk Register - captures details of identified individual project risks. The
risk register may contain limited or extensive risk information depending
on project variables such as size and complexity.
On completion of the Identify Risks process, the content of the risk
register may include but is not limited to the following:
• List of identified risks. Each individual project risk is given a unique identifier in
the risk register. Identified risks are described in as much detail as required to
ensure unambiguous understanding. A structured risk statement may be used to
distinguish risks from their cause(s) and their effect(s).
• Potential risk owners. Where a potential risk owner has been identified during
the Identify Risks process, the risk owner is recorded in the risk register. This will
be confirmed during the Perform Qualitative Risk Analysis process.
• List of potential risk responses. Where a potential risk response has been
identified during the Identify Risks process, it is recorded in the risk register. This
will be confirmed during the Plan Risk Responses process.
 Step 3: Perform Qualitative Risk Analysis

• Qualitative Risk Analysis is the process of prioritising individual project

risks for further analysis or action by assessing their probability of
occurrence and impact and other characteristics.
• The key benefit of this process is that it focuses efforts on high-priority
risks.
• This process is performed throughout the project.
 Step 4: Perform Quantitative Risk Analysis
• Quantitative Risk Analysis is the process of numerically analysing the
combined effect of identified individual project risks and other
sources of uncertainty on overall project objectives.
• The key benefit of this process is that it quantifies overall project risk
exposure, and it can also provide additional quantitative risk
information to support risk response planning.
• This process is not required for every project, but where it is used, it
is performed throughout the project.
 Tools and
Techniques:
Decision
Tree
Analysis
 Step 5: Plan Risk Responses
• Plan Risk Responses is the process of developing options, selecting
strategies, and agreeing on actions to address overall project risk
exposure and to treat individual project risks.
• The key benefit of this process is that it identifies appropriate ways to
address overall and individual project risks.
• This process also allocates resources and inserts activities into project
documents and the project management plan as needed.
• This process is performed throughout the project.
 Tools and
Techniques:
Project Risk
Strategies
Source:
Kloppenborg
et al. (2019)
 Step 6: Implement Risk Responses
• Implement Risk Responses is the process of implementing agreed-
upon risk response plans.
• The key benefit of this process is that it ensures that agreed-upon risk
responses are executed as planned to address overall project risk
exposure, minimise individual project threats, and maximise
individual project opportunities.
• This process is performed throughout the project.
 Step 7: Monitor Risks

• Monitor Risks is the process of monitoring the implementation of

agreed-upon risk response plans, tracking identified risks, identifying
and analysing new risks, and evaluating risk process effectiveness
throughout the project.
• The key benefit of this process is that it enables project decisions to be
based on current information about overall project risk exposure and
individual project risks.
• This process is performed throughout the project.
 Monitor Risks: Work Performance Information
The Monitor Risks process uses performance information generated
during project execution to determine if:
• Implemented risk responses are effective,
• Level of overall project risk has changed,
• Status of identified individual project risks has changed,
• New individual project risks have arisen,
• Risk management approach is still appropriate,
• Project assumptions are still valid,
• Risk management policies and procedures are being followed,
• Contingency reserves for cost or schedule require modification, and
• Project strategy is still valid.
 References
• Kloppenborg, T. J., Anantatmula, V. S., & Wells, K. N.
(2019). Contemporary project management. Chapter 11
• Pinto, J. K. (2019). Project management: Achieving competitive
advantage. New York, NY: Pearson, 5th Ed, Chapter 7
• Project Management Institute,. (2017). A guide to the project
management body of knowledge (PMBOK guide), 6th Ed. Chapter 11