Risk Management Overview
There is no project or technique that is 100% risk free. Risk in unavoidable when we take projects. However it is the responsibility of the project manager to ensure that risks are reduced to a minimum. With a proper risk management in place the risks can be monitored and controlled.
There are broadly four stages of risk management:
● Risk Identification
● Quantifying risks
● Risk response
● Risk monitoring and control
Classic examples of poor risk management leading to project failures
1. Lufthansa Systems Germany- Airline Ticket reservation System cancelled after 2 years. Although little information was available, the major reason was cited to be poor feasibility study and bad risk management
2. Los Angeles Unified School District- New payroll system goes wrong. Some teachers are paid $10000 for one month’s work while others are paid 20 cents
Reason cited was difficulty in cleaning the legacy data and poor training of the system
3.Qantas Australian Airline- Failure to engage the engineers in requirement gathering and testing of the system “Jetsmart” the new engineering parts system led to a system that was unusable by the engineers
In all these examples either the risks were not identified or were not properly monitored and controlled. Failure in any part of the risk management cycle can make the system unusable.
● Probability of occurrence
● Range of outcome
● Timing of occurrence
● Frequency of the risk event
Risk Management Plan
A risk management plan comprises of the following:
● Roles, responsibilities and methodology
● Classification of risks
● Probability of risks and impact
● Reporting of risks and risk tracking
Types of risks in projects
There are basically four types of risks in project management
● Scope risk- This includes changes in scope of the project due to changes in complexity or changes in dependency or any hardware or software changes
● Scheduling risk- This includes delays due to scheduling issues like vendor delays, error in estimation or delay in acquisition. A common method of avoiding scheduling risks is by critical path method
● Resource issues- This includes risks due to outsourcing and personnel related issues. A common resource risk is attrition risks. Availability of funds can also be an issue. Another area which needs the attention of the project manager is outsourcing because it is not under the direct purview of the project manager.
● Technology risks- This includes risks arising out of hardware or software failure or due to outdating of the hardware and software.
Risk Identification techniques for Project Management
● Information gathering techniques
– Brainstorming– Here a lot of thinking goes among the team members to identify the possible risks
– Delphi technique– Here a questionnaire is distributed to the experts and their response is collected. The process is then iterated several times so that a consensus of opinion is reached.
– Root cause Analysis– Here a problem is identified, the cause is analysed and action is taken so that the problem does not occur in future.
● Checklist Analysis– Here a checklist is made of all the possible problems that may occur and care is taken so that we prevent the risk
● SWOT– A SWOT analysis helps us to focus the risk identification on the strengths and weakness of the project as well as opportunities and threats.
● Influence diagrams– An influence is a visual representation of a decision problem. Influence diagrams help to identify the decisions, uncertainties and objectives and how they influence each other.
Example of an influence diagram for a product decision
Fish bone diagram– Also known as cause and effect diagram it is one of the commonly used methods for risk identification. In this method, the various causes of a problem are categorized under People, machine, environment, measures, and methods category. Very useful for a project of all kinds
The above diagram shows the risk management using fish bone diagram for Sales and Marketing business
Probability Impact Matrix– It is a qualitative method of risk identification. In this method. It categorizes the risk and its impact based on the probability of the occurrence of the risk
The risks which have high impact and high probability of occurrence are highlighted n red. They are the ones that should be more emphasized on. All risks which fall in the red zone are the one that are unacceptable. Risks in yellow zone are the ones that can be tackled. Risks in green zone are the ones that will least bother us
Expected value method– Its a quantitative method of risk identification and risk analysis. In this method the expected value of the decision tree alternatives is used to arrive at a decision.
EMV of decision 1= 10000-9000=1000
EMV of decision 2 =3200-8000=-4800
Hence choose decision 1
The Process of developing action to enhance opportunities and to reduce the threat is called Risk Response.
The following thing broadly encompass risk response:
● Strategies for negative risks
● Strategies for positive opportunities
● Contingency Plan
Strategies for threats are basically:
– Eliminate the threat
– Transfer the threat to a third party
– Reduce the threat
Strategies for opportunities are:
– Ensure that the opportunities definitely happen
– Ensure that the probability or impact of the opportunities increase
Risk Monitoring and Control
The purposes of risk monitoring and control are:
● Monitoring existing risks
● Identifying new risks
● Implementing risk response plans
● To see of a risk can be retired
● Audit of risk management policy
So this is how you must ideally manage risks for your project in order to make it successful. Incase of any doubts or queries, kindly get back to us.