SAFAT Collage

Of
Science &Technology

Risk Management

Eng. Mohamed Khalid Mohamed

 What is a Risk?
 A risk is an uncertain event that could have a positive or
negative effect on your project

 * This means there is a probability between 1-99% that the event

could occur

 If there is a 0% chance of an event occurring, there is no risk

 (example; there is a 0% chance your project will be adequately
funded, this is not a risk, it is a reality).
 What is a Risk?
 If there is a 100% chance of an event occurring, this would be an issue,
not a risk

 Risks with negative consequences are called threats

 Risks with positive consequences are called opportunities

Opportunities
Risk Factors
1. The probability the risk will occur

2. The range of possible outcomes (impact)

Threats
Why Risk Management

 A project manager’s work should not focus on dealing

with problems; it should focus on preventing them.

 Performing risk management helps prevent many

problems and helps make other problems less likely
 What is Project Risk Management?
 Project risk management is actively managing the risks on your
project

 The goal of risk management is to be more proactive and less

reactive
Types of Risk

Technical

Financial

Socio-Economic

Contractual
SOURCES of RISKS
SOURCES of RISKS

INTERNAL EXTERNAL

Resources Processes

Political risk
Inadequate, Country Risk
Humane internal controls Market Risk
errors (incompetence, Currency Risk
inexperienced, corruption) Interest Rate Risk
Net Worke failure Counter-part Risk
Inadequate human resources Credit or default Risk
Operational Risks Environmental Risk
Legal Risks??
Risk Event Graph
 Project Risk Management
Monitoring &
Controlling Processes
Planning
Processes

Enter phase/ Initiating Closing Exit phase/

Start project Processes Processes End project

Executing
Processes

Process
Knowledge Area
Initiating Planning Executing Monitoring & Contol Closing

Plan Risk Management

Identify Risk
Risk   Perform Qualitative Risk Analysis Monitor and Control Risks
Perform Quantitative Risk Analysis
Plan Risk Response
 Overall Project Management Processes
with Risk Management

The Risk Management Process Done During

 Plan Risk Management Planning Process Group
 Identify Risks Planning Process Group
 Perform Qualitative Risk Analysis Planning Process Group
 Perform Quantitative Risk Analysis Planning Process Group
 Plan Riske Risk Responses Planning Process Group
 Monitor and Control Risks Monitoring and Controlling
Process Group
 Plan Risk Management

 The process of defining how to conduct risk management

activities for a project

 Important to provide sufficient resources and time for risk

management activities, and to establish an agreed upon
basis for evaluating risk.
Plan Risk Management
 Plan Risk Management: Tools & Techniques

 Planning Meetings and Analysis

 Project teams meet with stakeholders

 High level plans for risk management are define in these

meetings
 Plan Risk Management: Outputs
 Methodology Defines the tools, approaches, and data sources that may be
used to perform risk management on the project.
 Budgeting A budget for project risk management should be established
and included in the risk management plan.
 Role & Responsibility Defines the lead, support, and risk management
team membership for each type of action in the risk management plan.
 Plan Risk Management: Outputs

 Timing Defines how often the risk management activities will be performed
throughout the project life cycle.
 Risk categories Documentation such as risk breakdown structures (RBS) or
categories from previous projects will help identify and organize risks.
 Definitions of risk Risks and their probabilities are probability & impact
defined for use in Qualitative Risk Analysis using a scale of ―very
Unlikely to ―almost certain.
 Plan Risk Management: Outputs
 Stakeholder tolerances – Stakeholders have a low risk tolerance
than impact is high. That information should be taken into
account to rank cost impacts higher than if the low tolerance
was in another area. Tolerances should not be implied, but
uncovered in project initiating and clarified or refined
continually.

 Reporting – Describes reports related to RM and how they will

be used and what they will include.

 Tracking – Auditing, documentation regarding RM

 Identify Risks

 This is the phase where you work with your team to identify as
many risks as possible.
Identify Risks
 Identify Risks: Things to remember

Identify Risks can’t be completed without the project scope

statement and Work Breakdown Structure (WBS)
IdentifyRisks happens at the onset of the project and
throughout the project
Risks can be identified at any time and during any phase of
the project
Risk management is an iterative process, you should work to
identify risk during any changes to the project, working with
resources, and when dealing with issues
 Identify Risk: tools & tech

 Documentation Reviews – including charter,

contracts, and planning documentation, can help
identify risks.

 Those involved in risk identification might look at

this documentation, as well as lessons learned,
articles, and other documents, to help uncover
risks.
Identify Risk: tools & tech

 Brainstorming: One idea generates another

 Delphi technique: Expert participate anonymously; facilitator
use questionnaire; consensus may be reached in a few rounds;
Help reduce bias in the data and prevent influence each others.
 Interviewing: interviewing experts, stakeholders, experienced
PM
 Root cause analysis: Reorganizing the identified risk by their
root cause may help identify more risks
 Identify Risk: tools & tech

 Checklist analysis: checklist developed based on accumulated

historical information from previous similar project
 Assumption analysis: identify risk from inaccuracy, instability,
inconsistency, incompleteness.
 SWOT analysis – Strengths, Weaknesses, Opportunities, Threats
 Identify Risk: tools & tech

 Influence diagrams
 show the casual influences among project
variables, the timing or time ordering of
events, and the relationships among other
project variables and their outcomes.

 Cause and Effect Diagrams

 Flowcharts
 Output: Risk Register

 Output is initial entries into the risk

register. It includes:
 List of risk
 List of POTENTIAL responses
 Root causes of risks
 Updated risk categories
 Qualitative Risk Analysis
 This is the phase where you rank the risks you’ve identified from
Identify Risks to come up with a list of risks you will create plans
for dealing with
 Qualitative Risk Analysis

Risk has two dimensions:

- Uncertainty, and its potential effect on
objectives. The term “probability” is used to
describe the uncertainty dimension,

- Impact, describes effect on objectives usually

including time and cost, performance, quality,
regulatory compliance etc. With High, medium,
low grades
 Qualitative Risk Analysis

 Threats, impacts are negative (lost time, extra cost, less quality.),

 Opportunities have positive impacts (saved time or cost, etc.).

Plot each risk onto a Probability-Impact Matrix, with high/medium/low priority

zones.

A recent innovation is to use a double “mirror” matrix, to allow threats and

opportunities to be prioritized separately, and creating a central zone of focus.
Qualitative Risk Analysis
 Tools and Techniques of Qualitative
Analysis
 Probability & Impact Matrix – a matrix that creates
a consistent evaluation of high, medium, or low for
your project risks. This helps to make easy the risk
rating process
 Tools and Techniques of Qualitative
Probability & Impact MatrixAnalysis
 Tools and Techniques of Qualitative
Analysis
 Risk Data Quality Assessment – What is the quality of the
data used to determine or assess the risk? Think about the
following:
 Extent of the understanding of the risk
 Data available about the risk
 Reliability & Integrity of the data

 Risk Categorization – Which of your categories has more risk

than others? Which of your work packages could be most
affected by risk?
 Tools and Techniques of Qualitative
Analysis
 Risk Urgency Assessment – Which of your risks could occur
soon, or require a longer planning time? Risk urgency
assessment helps move these risks more quickly through the
rest of the project management process
Tools and Techniques of Qualitative
Analysis

“Mirror” Probability-Impact Matrix

Threats and Opportunities
 Qualitative Risk Analysis
Risk Categories & Patterns

 Mapping risks into the Risk Breakdown Structure (RBS) to

determine whether any particular causes give rise to large numbers
of risks, - Patterns -

 Mapping risks into the Work Breakdown Structure (WBS) to

identify areas of the project potentially affected by many risks. –
categories -
 Output: Risk Register Updates
 Risk ranking for the project.
 List of prioritized risks and their probability and impact ratings
 Risks grouped by categories
 List of risks for additional analysis and response
 Watch list (non-critical risks)
 Trends or pattern of risk on the project, and whether there are
common causes of risk or hot-spots of exposure.
 Quote
You cannot make risk go away just because you
don’t like bad news.

Denial Is Our Biggest

Enemy
Harvey A. Levine.
Practical Project Management
 Perform Quantitative Risk Analysis

 A numerical analysis of the probability and impact of the

risks with the highest risk rating score determined from
qualitative analysis

 Is a numerical evaluation (more objective)

 This process may be skipped.

 Perform Quantitative Risk Analysis
 Purpose of this process
 Determine overall project risk (risk exposure).
 Determine which risk events warrant a response.
 Determine the quantified probability of meeting project
objectives.
 Determine cost and schedule reserves.
 Identify risks requiring the most attention.
Perform Quantitative Risk Analysis
 Tools and Techniques of Quantitative
Analysis
1. Data Gathering and Representation
Techniques
 Interviewing
 Probability Distributions
2. Quantitative Risk Analysis and
Modelling Techniques
 Expected Monetary Value Analysis
 Decision Tree Analysis
 Modelling and Simulation
 Sensitivity Analysis
 3. Expert Judgment
 Tools and Techniques of Quantitative
Analysis
 EMV – Expected Monetary Value –
What is the probability of the risk occurring multiplied by
the impact if the risk does occur? If the risk occurs, what
could the financial or time loss be to your project?
 In the example below, this project has an EMV of ($58,250), this
means that you need to put aside $58,250 in your risk reserve
account for potential risks

Risk Probability Impact EMV

A 20% $ (100,000.00) $(20,000.00)
B 90% $ 10,000.00 $ 9,000.00
C 5% $ 30,000.00 $ 1,500.00
D 65% $ (75,000.00) $(48,750.00)
Total $(58,250.00)
 Tools and Techniques of Quantitative
Analysis

 Decision Tree – used for planning on individual risks

instead of planning for the whole project
 Takes into account future events to make a decision
today
 Can calculate the EMV in more complex situations
Notation Used in Decision Trees

 A box

is used to show a choice that the

manager has to make.

 A circle

is used to show that a probability

outcome will occur.

Lines

connect outcomes to their choice Decision Tree

or probability outcome.
Decision Tree Example

Mary’s Factory
Mary is a manager of a gadget factory. Her factory has been quite successful
the past three years. She is wondering whether or not it is a good idea to
expand her factory this year. The cost to expand her factory is $1.5M. If she
does nothing and the economy stays good and people continue to buy lots of
gadgets she expects $3M in revenue; while only $1M if the economy is bad.
If she expands the factory, she expects to receive $6M if economy is good and
$2M if economy is bad.
She also assumes that there is a 40% chance of a good economy and a 60%
chance of a bad economy.
 Decision Tree Example
(a) Draw a Decision Tree showing these choices.
40 % Chance of a Good Economy
.4 Profit = $6M
Expand Factory
Cost = $1.5 M
.6 60% Chance Bad Economy
Profit = $2M

Good Economy (40%)

.4
Profit = $3M
Don’t Expand Factory
Cost = $0 .6 Bad Economy (60%)
Profit = $1M

NPVExpand = (.4(6) + .6(2)) – 1.5 = $2.1M

NPVNo Expand = .4(3) + .6(1) = $1.8M

$2.1 > 1.8, therefore you should expand the factory

 Tools and Techniques of Quantitative
Analysis
 Monte Carlo Analysis – A technique that uses simulation to show the
probability of completing your project on time and within budget.
 Due to the complicated mathematical computations used, Monte Carlo
analysis is usually done with a computer program
 Determines the overall risk of the project.
 Determines the probability of completing the project on a specific day and
for a specific cost
 Used to evaluate the impact to your schedule and budget
Sensitivity Analysis

 Changing one or more elements/variables and set other

elements to its baseline then see the impact.
 To determine which risks have the most potential impact to
the project
 They provide the positive and negative impact of each risk on
the project and let you decide to choose which risk to take.
Sensitivity Analysis
Outcome of Quantitative Risk Analysis

Risk Register Updates

 Prioritized list of quantified risks
 Amount needed for contingency reserves for time and cost
 Confidence levels of completing the project on a certain date for a
certain amount of money
 Trends - risk management is an iterative process; as you repeat the
process you can track your overall project risk and determine the
trend (if you are decreasing or increasing the level of risk on your
project)
 Risk Response Planning
 Eliminate the threats before they happen
 Make sure opportunities happen
 Decrease the probability and/or impact of threats
 Increase the probability and/or impact of opportunities
 For Residual Threats
 Contingency Plans
 Fallback Plans
Risk Response Planning
 Risk Response Strategies

Risk

Opportunities Threats

Accept Avoid
Exploit

Transfer
Enhance

Active Passive Mitigate

Share

Contingency
Fallback Plan Workaround
Plan
ToolStrategies
& Techniques of Risk Response
for NEGATIVE Risks or Planning
THREATS
 Avoidance
 Risk prevention
 Changing the plan to eliminate a risk by avoiding
the cause/source of risk
 Protect project from impact of risk
 Examples:
 Change the supplier / engineer
 Do it ourselves (do not subcontract)
 Reduce scope to avoid high risk deliverables
 Adopt a familiar technology or product
 Mitigation
 Seeks to reduce the impact or probability of the risk event to an
acceptable threshold
 Be proactive: Take early actions to reduce impact/probability and
don’t wait until the risk hits your project
 Examples:
 Staging - More testing - Prototype
 Redundancy planning
 Use more qualified resources
  Transfer
 Shift responsibility of risk consequence to another
party
 Does NOT eliminate risk
 Most effective in dealing with financial exposure
 Examples:
 Buy/subcontract: move liabilities
 Selecting type of Procurement contracts: Fixed
Price
 Insurance: liabilities + bonds + Warranties
 Tool & Techniques of Risk Response Planning
Strategies for POSTIVE Risks or Opportunities
 Strategies for Opportunities

Exploit: Ensure opportunity is realized

 Ex: Assigning organization most talented resources to the
project to reduce cost lower than originally planned.

Enhance: Increase the probability and/or the positive impact

of the opportunity
 Ex: Adding more resources to finish early
Share: Allocating some or all of the ownership to third part
best able to capture the opportunity
 Ex: Joint ventures, special-purpose companies
 Acceptance
(Both for Threats & opportunities)
 Active Acceptance
 Develop a contingency plan to execute if the risk occur
 Contingency plan = be ready with Plan B
 Fall back plan = plan C if B fails

 Passive Acceptance
 Deal with the risks as they occur = Workarounds
 Usually for low ranked risks
 Outputs of Risk Response Planning
Updates to Risk Register
 Residual Risks – risks that are left over after Plan Risk Response
 Contingency Plans – plans of action in case the risk does occur
 Risk Response Owners – the person on the team responsible
for monitoring the risk, risk triggers, developing a response strategy,
and implementing the strategy should the risk occur
 Secondary Risks – new risks that result from the
implementation of the contingency plans for the primary risks
 Outputs of Risk Response Planning
Updates to Risk Register
 Risk Triggers – early warning signs that there is a high probability the
risk will occur
 Fallback Plans – a secondary contingency plan, in case the contingency
plan does not work or is not effective
 Reserves
 Contingency reserves - covers the cost for ‘known unknowns’
discovered during risk management; covers the residual risks. The
contingency reserve is calculated and made part of the baseline.
 Management reserves – these are estimated and made part of the
project budget, not the baseline. Management approval is needed to
use the management reserve.
 Outputs of Risk Response Planning

Project Management Plan Updates

 Changes made due to risk management will be changes made to the
project and should be updated in the project management plan
Risk Response Matrix
Risk Event Response Contingency Trigger Who is
Plan responsible

Interface Mitigate: Test Workaround Not solved within Asif

Problems Prototype until help comes 24 hours

System freezing Mitigate: Test Reinstall OS Still frozen after 1 Khalid

Prototype hour
User backlash Mitigate: Increase staff Cell from top Javed
Prototype support management
demonstration

Equipment Mitigate: Select Order Equipment fails Aleem

malfunction reliable vendor replacement
Transfer:
Warranty
Objectives of a Schedule Risk Analysis

 Improve the accuracy of the schedule dates

 Validate the CPM or contract dates
 Establish a schedule contingency
 Identify the risk-driving events
 Communicate about and understand the project
 Continuously monitor changing schedule risk
Risk at Merge Points: The “Merge Bias”

 Many parallel paths merge in a real schedule

 Finish driven by the latest converging path
 Merge Bias has been understood for 40 years
 Build Unit 1

Design Unit 1 Build Unit 1

Start Finish

Design Unit 2 Build Unit 2

Much Schedule Overrun Risk
Occurs at Merge Points

 Complex schedules have activities in parallel

 Merge points are important events
 Completion of the project
 Major design review
 Beginning integration and test
 Delay on any path may potentially delay the project
 This extra risk is called the “Merge Bias
Monitor and Control Risk
The purpose of this final phase of the risk process is to
ensure that the planned response
are achieving what was expected, and to develop new
responses where necessary. It is also important to
determine whether new risks have arisen on the project,
and to assess
the overall effectiveness of the risk management
process. These aims are best achieved
through a risk review meeting, though it is possible on
smaller projects to review risk as
part of a regular project progress meeting.
Monitor and Control Risk
This stepalso involves producing risk reports at various
levels and for different stakeholders.
It is important to communicate the results of the risk
process, since the aim is to
actively manage the risks, and this is likely to require
action by stakeholders outside the
immediate project team. Risk reports should form a
basis for action, and include clear
conclusions (“What we have found”) and
recommendations (“What should be done”).
 Monitor and Control Risk

Risk Monitoring and control is the process of

responding to identified and unforeseen risks. It
involves tracking identified risks , identifying
new risks, implement risk response plans, and
monitoring their effectiveness.
 Monitor and Control Risk

 The process of
 implementing risk response plans
 tracking identified risks
 monitoring residual risks
 identifying new risks and
 evaluating risk process effectiveness throughout the project
– risk audit.
Monitor and Control Risk
 Inputs to Monitor & Control Risk

 Risk Management Plan

 Risk Register
 Approved Change Requests
 Work performance information
 Deliverable status
 Schedule progress
 Costs incurred
 Performance reports
 Monitor & Control Risk: Tools

 Workaround – a response to a risk that has occurred

when no contingency plan exists.

 Risk audit – a team of experienced project team

members reviews the risk management process and
response strategies to see if you’ve effectively identified
the major risks on the project and developed effective
strategies for dealing with them.
 Monitor & Control Risk: Tools

 Risk Reassessment – Risk management is iterative,

you should review the risks on your project throughout
the project to update their qualitative and quantitative
values.

 Status meetings – status meetings should be used to

identify new risks or changes to existing risks. This is
a great opportunity to discuss with your team and
stakeholders existing risks and new risks.
 Monitor & Control Risk: Tools

 Reserve analysis – has the reserve kept up with changes to

the risk list? Does the reserve still cover the costs of these
risks should they occur?

 Closing of risks – Risks are expected to happen during a

particular phase of the project. When that phase has passed
and the risk is no longer probable, the risk should be
removed from the risk list and any reserve associated should
be freed up.
 Outputs of Monitor & Control Risks
 Updates to Risk Register
 Outcomes of the risk reassessments and risk audits
one or
 Closing of risks that are no longer applicable
 Details of what happened when risks occurred
 Lessons learned
 Outputs of Monitor & Control Risks

 Requested Changes
 Recommended Corrective & Preventive Actions
 Updates to the Project Management Plan
 Organizational Process Assets Updates
CASE STUDY
 ‫‪  ‬أسم المشروع‪..‬حصاد المياه بدارفور ‪2011-2010‬‬
‫‪ ‬موقع المشروع‪ ..‬واليات ( شمال –غرب‪-‬جنوب )دارفور‬
‫‪ ‬المقاول – وحدة تنفيذ السدود‬
‫‪ ‬اإلستشارى‪..‬‬
‫‪ ‬قيمة العقد‪ )30,000,000.00(...‬جنيه سوداني ‪.‬‬
‫‪ ‬مدة العقد‪ 210(...‬يوم )‬
‫‪ ‬تاريخ البداية‪...‬نوفمبر ‪2010‬‬
‫‪ ‬تاريخ التسليم‪...‬مايو ‪2011‬‬
 Maintenance Tank 5000 qm

Owner CAPCO
Contractor FYK Engineering Work
300000$
Amount
60 Days
Period 1000$ Per Day and NOT
Plenty Exceeding 10%
Date 8 /2010
CONSTRUCTION
PROJECT CASE
STUDY
Project description :
The project Type: - Educational - School Building
Location : Gothenburg Sweden.
The project duration : Estimated to be approximately 2.5
years
Starting Date : December 2010
Project stage : initial stage where plans, layouts and
documentation were being prepared
The vision for the project : to deliver it with „0 errors'.
- to deliver the project on time, budget and to the right
quality.
Organization chart over the project
Data collection:

- For the theoretical background, a literature

study has been conducted,

- Structured interviews were conducted with

people who had an active role in the project,
engineers, architect, client, final users and
project managers

- As a follow up to the interview, an on-line

questionnaire was sent out to each respondent,
Risk definition :
-In construction industry, RM is a concept
which is used frequently in non-structured
form .

-Defined as a difficulty, uncertainty, threat,

unpredictable event or danger, not meeting the
project objectives.

- An interesting observation was that everyone

perceived risk as something negative which
should be avoided.
A coherent picture of how to manage risks
Risk identification and response from the interviews
In Project life cycle
Risk Analysis :

Impact on time cost and quality

Probability Probability – Impact Matrix

Risk Analysis :

Evaluation results
Risk Analysis :

Evaluation results
Risk Analysis :

Evaluation results
Risk Analysis : Not finding the right
Miscalculation contractor-2

Cheap Solution
Delays in Users do not take
construction -1 decisions

Evaluation results
Risk Analysis :
Moisture

Delays in
construction -1 Cheap
Solution

Evaluation results
Risk Analysis :
Not finding the right
Moisture
contractor-2

Choosing not the Users do not take

Right consultant -1 decisions

Cheap Solution

Evaluation results
Conclusion :
- Risk is perceived as a negative term.

- Professionals in the construction are using techniques of RM, but are not
aware of it.
-Risks are being managed , but not in such a structured way.
- Concept of RM is becoming more popular in the construction sector.

-There is a willingness to start using RMP, but it has to bring profits to the
organization.
- By simple method, it is possible to identify potential risks in an easy way
and it is impact on time, cost and quality.
Conclusion :
- The most common response is risk mitigation.
- Results may differ among projects due to the fact that each project and its
scope are unique.
- Knowledge is the factor which is missing for organizations to implement
RM
- Simple RM manual could be developed including basic theoretical
information

- Some theories are not applicable to construction industry, be careful with

choosing the right data.

- Project manager should have a basic knowledge about risks associated to a

project and how to handle them.
 ‫الخالصه والدروس المستفاده‬

‫•االهتمام بادارة المخاطر وانشاء اقسام لها ‪.‬‬

‫•بناء ثقافة مخاطر للمؤسسات داخل المؤسسات العامه والخاصه ‪.‬‬
‫•ادارة المخاطر تؤثر بشكل كبير جدا في تقليل التكلفه وتاهيل افضل المقاولين‪.‬‬
‫•التركيز على الجوانب العمليه في عملية التدريب على المخاطر‪.‬‬
‫•تجنب المخاطر واالستفاه من الفرص وتقليل المهددات‪.‬‬
‫•وضع استراتيجيات للمخاطر بالموسسات العامه والخاصه ‪.‬‬
‫•توفير التمويل االزم للمشروعات‪.‬‬
‫•توفير ميزانيه احتياطيه للمخاطر الي مشروع حسب درجة المخاطر بالمشروع ‪.‬‬
‫•التامين على جميع انواع المخاطر ‪.‬‬
‫•وضع خطط بديله ‪.‬‬
 References

Dr. AWAD SAAD LECTURE SLIDES

 A GUIDE TO THE PROJECT MANAGEMENT
 BODY OF KNOWLEGAE 5TH EDITION
 www.free-management-ebooks.com