Faculty of Applied Sciences, Dept of Computing, Engineering and Technology ATF 202 – Project Risk Management Alan Stafford Project Manager, AMAP/Digital

Faculty of Applied Sciences,

Dept of Computing, Engineering and Technology

ATF 202 – Project Risk Management

Alan Stafford

Project Manager, AMAP/Digital Factory project

Learning outcomes:

• What is meant by the term risk in the context of projects

• Be aware of the significance of risk and its role in project management

• Understand the meaning of Hazard, Risk & Importance

• Understand the elements and intent of Risk Analysis and purpose of a risk register

• Understand the elements and intent of Risk Management

• Cultural nature of risk management




We live with RISK every day

How do you assess risk? 80 mph on motorway? 40 mph past a primary school?

Aren’t you making a mental sum of the likelihood of an incident and the consequences?

Do you think differently for something new as opposed to a regular activity? Do you reflect before action, during and after?

Introduction & reflection


Are we rational about risk?

Which is the greater risk, MMR vaccine, Nuclear Power,

Flight or everyday Driving ?What about

cycling in traffic?

If you were managing a project would the everyday way you deal with risk be good enough?

What if something went fatally wrong?

What if an occurrence adversely affected the project delivery and you incurred a penalty?

What if you left part way through the project?


Risk in Projects

What is different about Risk in projects and everyday life?

Why are project managers particularly concerned with risk?

Risk in Projects

Projects are one off undertakings as opposed to operations where things are tried and tested.

Therefore greater likelihood of things going wrong

Consequences (magnitude) can be serious

Need to have a robust approach

Basic concepts of Risk

Terminology and concepts

Basic concepts of Risk

Risk = “The possibility of suffering harm or loss” (as a result of exposure to the hazard)

Importance = Likelihood x Magnitude

A Hazard = something that has potential to cause harm or loss e.g. delays, cost, failure

What are the hazards, risks & importance for

The turkey?

The cooks “project”?

Risk in Projects

What kinds of risk affect projects?

Technical failure

Project Risks (internal)

Human error

Acts of nature

Business failure due to Political, Economic,

Technological, Social, Legal, Environmental

changes

Consequence:

Project becomes invalid

Responsibility of

Senior management

Part of the Business CaseConsequence:

Deviation from the project

PhysicalfinancialSchedule

Business Risks (external)

http://en.wikipedia.org/wiki/File:Channel_Tunnel_NRM.jpg

http://en.wikipedia.org/wiki/File:Concorde.planview.arp.jpg

Risk in Projects

What kinds of risk affect projects?

Technical failure

Project Risks (internal)

Human error

Acts of nature

Responsibility of the

Project ManagerConsequence:

Deviation from the project

PhysicalfinancialSchedule

Methodologies

To ensure consistency and quality of approach it is normal to follow a recognised methodology

There are various frameworks and models to help deal with risk and they are all very similar

Project Management Institute

Methodologies

Methodology

All methods can be broken down into :

“Risk Analysis” & “Risk Management”

We will follow the Project Management Institute model

Methodology

1) Risk Identification 2) Risk Quantification

Two key concepts – Hazard and risk

What is a hazard?

A Hazard- something that has potential to cause harm to a project e.g. delays, cost, failure

What is a Risk?

Risk = “The possibility of suffering harm or loss from exposure to a hazard”.

Risk Analysis


Two key concepts, Hazard and risk

Risk Analysis

Hazard?

Risk (magnitude x likelihood)?

What would be the consequences?

•For the individuals concerned?

•For you & the firm?

•For the delivery of the project?


Two key concepts, Hazard and risk

Risk Analysis

Hazard?

Risk (magnitude x likelihood)?

http://en.wikipedia.org/wiki/File:NewWembleyBuild.jpg

http://en.wikipedia.org/wiki/File:Wembley_Stadium,_From_the_Outside.JPG

Generic hazards, e.g. People factors

experience and appropriateness of experience skills, turn-over rate, level of absenteeism cultural differences

Risk Analysis

1) Risk Identification 2) Risk QuantificationWhat is a hazard?

Project specific hazards, e.g. Application specific factors

the nature of the application complexity of the project the size and cost of the project

Two main approaches

Use of checklists

BrainstormingWhen would you

use each method?

Knowledge based software is also available to help with the task of hazard identification

Risk Analysis

1) Risk Identification 2) Risk QuantificationHazard & Risk?

Generic hazards

Project specific hazards

Risk Analysis


Once identified risks should be assessed for their possible affect on the project

The level of importance or priority of a risk must also be established.

This is often done by assessing the risk value

Possible to use qualitative/quantitative methods

Risk Analysis

1) Risk Identification 2) Risk QuantificationRISK ESTIMATE MATRIX

Highly Likely

Low Moderate High High

Likely

Negligible Low High High

Unlikely

Negligible Low Moderate High

LIK

EL

IHO

OD

Highly Unlikely

Negligible Negligible Low Moderate

Marginal

Minor Intermediate Major

CONSEQUENCES

Marginal - Minimal effect on project e.g. project approval delays

Minor – Some effect on project e.g. delay, change in personnel/suppliers

Intermediate – Significant effect on project e.g. cost overrun > 10% , equipment not fit for purpose

Major - Severe effect on project e.g. project failure, major injury to personnel,

Qualitative method of displaying risk

Risk Analysis

1) Risk Identification 2) Risk QuantificationAdvantage of qualitative methods is that they are easily understood from an overall point of view – showing those risks which need attention.

Doesn’t show the “value” of the risk, i.e. the expected cost

Risk Analysis


Hazard Likelihood Impact Exposure

1 Changes to the requirements 1 8 8

specification during coding

2 Specification take longer than 3 7 21

expected

3 Staff sickness affecting 5 7 35

critical path activities

4 Staff sickness affecting 10 3 30

non-critical activities

Quantitative method of displaying risk

Risk Analysis


Hazard Likelihood Impact Exposure

1 Changes to the requirements 10% £8k £800

specification during coding

2 Specification take longer than 10% £6k £600

expected

3 Staff sickness affecting 30% £20k £6,000

critical path activities

4 Staff sickness affecting 60% £3k £1,800

non-critical activities

Quantitative method of displaying risk, can be shown in monetary terms

Risk Analysis

1) Risk Identification 2) Risk QuantificationOutput from this process is a Risk Register

Methodology

So we have covered the two elements of Risk Analysis using the PMI methodology

And have a Risk Register

Methodology

Having identified & quantified the risk what are we going to do about it?

That’s where Risk Management

comes in

Risk Management

Having identified the major risks and allocated priorities, the next task is to decide how to deal with them and there are 3 main options

3) Response Development 4) response Control

Risk Management

3 options


Risk acceptanceRisk avoidanceMitigation

Risk reduction Risk transfer Contingency

Risk Management

Risk acceptance Risk avoidance Mitigation


Unlikely occurrences Things you can’t do anything about “Acts of God” Could also be something where the

fix costs more than the problem!


Risk Management

Risk acceptance

Risk avoidance Mitigation


Attempts to “Design Out” the risk Avoid the activity or issue, but by doing so may introduce another


http://en.wikipedia.org/wiki/File:Auto_Mechanic.jpg

Risk Management


Risk acceptance Risk avoidance

Mitigation Risk reduction Risk transfer Contingency

Reduce either likelihood and/or the impact so that it is acceptable, e.g. ensure expert is used to reduce risk of

failure

Risk Management




Transfer the impact, e.g. Insurance policy – known cost v impact Particularly lends itself to physical risks

Your own car or house insurance

Penalty clause with supplier Benefit: reduce likelihood & impact

Risk Management




Holding something in reserve – should the worst happen, e.g. Reserve funds Playing safe

Add additional time to uncertain process

Backup supplier/plan

Activated when a trigger takes

place, i.e. Response Control

Risk Management


Risk management plan is a response to, and an extension of, the Risk Register

Details of responses are recorded

and the trigger points that bring

them into action

Risk Management

3) Response Development 4) Response Control

Ongoing activity throughout the project, part of the plan-action-monitor-control cycle No matter how thorough the Risk Analysis unforeseen events will arise. Control can be broken down into

Passive & Active responses

Risk Management

3) Response Development 4) Response Control

Passive control Ensuring steps in Response Development

are implemented at triggers

Active control Constant monitoring of triggers

May be part of a risk calendar for example.

Work arounds for unseen occurrences Last resort/necessary evil – to be avoided.

Summary

Projects are one off undertakings-therefore more risk than normal operations

Terminology – Hazard, Risk, Importance

Methodology – Various standards

Typically consist of elements that can be broken down into:

An example is:

Summary

Risk management is a culture not a paper exercise or bolt on has strategic implications, e.g. damage to reputation, loss of future business

Generally more successful if team based Risk owned by individuals but all contribute Contributes to “ownership” and “buy-in”

No-Fear culture, i.e. don’t shoot the messenger

Encourage a “learning organisation”

Not a cost but a saving




Q & A

Documents

Faculty of Applied Sciences, Dept of Computing, Engineering and Technology ATF 202 – Project Risk Management Alan Stafford Project Manager, AMAP/Digital