Managing Risk

During the planning phase, the project manager and core team members will address the risks inherent to the project. Risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on project objectives. Risk management identifies as many risk events as possible, minimizes their impact, manages responses to those events that do materialize and provide contingency funds to cover those events.

1. Risk Identification

It is useful to use Risk Breakdown Structures (RBS) in conjunction with the work breakdown structures to identify and analyze risks. A generic list of of events is as follows:

a. Project Management : Estimating, Planning, Controlling, Communication

b. Organizational: Project dependencies, Resources, Funding, Prioritization

c. Technical: Requirements, Technology, Interfaces, Reliable Performance, Quality

d. External: Suppliers, Regulatory , Market, Customer, Weather

It is advisable to start with the risks that affect the whole project as opposed to a specific section of it. For example, if funding is considered a risk, identify the events triggered by loosing funds. If failing to meet the schedule is considered a risk, the group must find the events that could cause this to happen. After the macro risks have been identified, specific areas can be checked. this can be done in association with WBS.

A list of questions, risk profile, that addresses areas of uncertainty that can be specific to the project or the company can be developed to aid implementation.

2. Risk assessment

to each of the risks identified, the group will assign a number/value to the probability of the event as well as the impact to the project. Probabilities can be expressed as a scale ranging from “very unlikely” to :almost certainly”, or using numerical values such as 0.1, 0.5, etc. The impact scale can be defined from 1 to 5 such as very low , low , moderate , high , very high , or something similar that fits the needs. In addition to evaluating the severity and probability of risk events the team also assesses when the event might occur and its detection difficulty. Failure Mode and Effects Analysis (FMEA)  recommends using the risk value formula for prioritizing risks. The equation is:

Impact x Probability x Detection = Risk Value

Decision trees can be used to assess alternative courses of action using expected values. Statistical variations of the net present value can be used to assess cash flow risks in projects. In assessing the overall risk of the project PERT technique takes a more macro perspective by looking at overall cost and schedule risks.

3. Risk Response

Responses to risk can be classified as mitigating, avoiding, transferring, sharing, or retaining.

a. Mitigating risk – implies either/both reducing the likelihood the event will occur and/or reducing the impact on the project. Testing and prototyping prevent problems from surfacing later in the project. If cost and duration seem underestimated, increase the estimates by a certain percentage to cover the uncertainty. Manufacturing close to installation site can be used to reduce the impact on a project of a risky event.

b. Avoiding risk – by changing the project plan to eliminate the risk. Using proven or mature technologies over experimental ones avoids the risk of technical failure.

c. Transferring risk – by passing risk to another party. Fixed-priced contracts allow for transferring the risk to a contractor. Insurance will transfer the risk of catastrophic acts of God. Performance bonds, warranties, and guarantees are other financial instruments used to transfer risk.

d. Retaining risk – by assuming the risk because the chance of such event occurring is slim. Developing a contingency plan to implement in case the risk materializes. Sometimes, no preparation is being made and the cost overrun is accepted.

A contingency plan is not part of the initial implementation plan and it goes in effect after the risk is recognized. Conditions for activating the implementation of the contingency plan need to be decided and clearly documented.  The plan should include a cost estimate and identify the source of funding. The contingency reserve fund is typically divided into budget and management reserve funds for control purposes. Budget reserves are set up to cover identified risks while management reserves are set up to cover unidentified risks.

Time buffers are used to cushion against potential delays in the project. It is best to assign extra time at critical moments in the project such as merge activities, activities that require scarce resources, or non critical activities found on critical path.

4. Risk Response Control

A risk register details all identified risks, including descriptions, category, and probability of occurring, impact, responses, contingency plans, owners, and current status. Risk control involves executing the risk response strategy, monitoring triggering events, initiating contingency plans, and watching for new risks. Risk assessment and updating should be part of every status meeting and progress report  system.

A change management system will deal with formal changes in the scope, budget and or schedule of the project.  Changes come from many sources such as the project customer, owner, project manager, team manager, and occurrence of risk events. Most changes fall into one of the following categories:

a. Design additions or changes at customer’s request

b. Implementation of contingency plans, when risk occurs affecting baseline cost and schedule

c. Improvements suggested by project team.

Change management system involves reporting, controlling, and recording changes to the project baseline.  This may already be part of the company’s configuration management. Any change needs to describe the following:

a. Identify proposed changes.

b. List expected effects on schedule and budget.

c. Review, evaluate, and approve changes formally.

d. Resolve conflicts of change, conditions, and cost.

e. Communicate changes to affected parties.

f. Assign responsibilities for implementing change.

g. Adjust master schedule and budget.

h. track all changes that are to be implemented.