Risk Management Best Practices

download Risk Management Best Practices

of 37

Embed Size (px)

Transcript of Risk Management Best Practices

  1. 1. Project Risk Management Best Practices By Mohamad Boukhari bdm@pmilebanonchapter.org mohamad.boukhari@cmcs-mena.com
  2. 2. Best Practices in Project Risk Management Routine activities that lead to high level of maturity.
  3. 3. Risk and Uncertainty Risk Uncertainty Risk Uncertainty that affects objectives
  4. 4. What is a risk ? A Risk is : An uncertain event, activity, or situation that can have a positive or a negative effect on any objective -ARM A Project Risk is : an uncertain event or condition that, if it occurs, has a positive or negative effect on at least one project objective. (PMBOK 4th) Cause Effect Uncertainty
  5. 5. Risk and Issue An Issue is a situation or circumstance that has occurred, is occurring, or has a 100% probability of occurring; and will have a detrimental impact on a programs schedule, cost, customer satisfaction, technical or quality objectives Issues can be initiated as a result of findings or failure to mitigate risks.
  6. 6. Risk and Risks Individual risks Overall project risk
  7. 7. Individual Risks Individual risks are the focus of day-to-day Project Risk Management in order to enhance the prospects of a successful project outcome. Individual risks refer to specific events or conditions that have the ability to affect project objectives positively or negatively. An individual risk may affect one or more project objectives, elements, or tasks.
  8. 8. Overall Project Risk The overall project risk is more than the sum of individual risks, and it represents the effect of uncertainty on the project as a whole. It represents the exposure of stakeholders to the implications of variations in project outcome. Chapter 2: Principles and Concepts of Risk Management
  9. 9. Project Risk Management Project Risk Management includes the processes concerned with conducting risk management planning, identification, analysis responses and monitoring & control on a project . Organisations are good at identifying Risks, but poor at doing something about them. Risk Identification is not Risk Management.
  10. 10. Project Risk Management Objective The objectives of Project Risk Management are to increase the probability and impact of positive events, and decrease the probability and impact of events adverse to the Project.
  11. 11. Role of Project Risk Management in Project Management Risk management should be embedded in the planning and operational documents of the project, and should not be considered as an optional activity. Chapter 1: Introduction to Risk Management Concepts
  12. 12. General Risk Management Continuous Risk Management Identification Risk sources can be external or internal. Assessment How important? / So what? What are the current trends? Treatment What can we do / What will we do? When do we need to manage the risk? Treat Assess Identify
  13. 13. Risk Process Chapter 11 of the PMBOK is the basis for Practice Standard for Project Risk Management
  14. 14. Risk Process
  15. 15. Plan Risk Management The process concerned with producing the risk management plan focusing on how risks will be approached on the project. This process is high-level and takes place early in the project since the results of this (and other risk processes) can significantly influence decisions made about scope, time, cost, quality, and procurement.
  16. 16. Identify Risks The process of determining which risks may affect the project and documenting their characteristics
  17. 17. Perform Qualitative Risk Analysis The process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact This process helps you rank and prioritize the risks so that you can put the right emphasis on the right risks. It helps to ensure that time and resources are spent in the right risk areas.
  18. 18. QRA can answer the following questions What is the risk? Why might it occur? How likely it is ? Probability How good/bad might it be ? Impact Does it matter ? What can we do ? When should we act ? Who is responsible?
  19. 19. Critical Success Factors for the Perform Qualitative Risk Analysis Process Perform Qualitative Risk Analysis
  20. 20. Probability-Impact Matrix 5 -5 -10 -15 -20 -25 25 20 15 10 5 5 4 -4 -8 -12 -16 -20 20 16 12 8 4 4 3 -3 -6 -9 -12 -15 15 12 9 6 3 3 2 -2 -4 -6 -8 -10 10 8 6 4 2 2 1 -1 -2 -3 -4 -5 5 4 3 2 1 1 -1 -2 -3 -4 -5 5 4 3 2 1 LIKELIHOOD Propability - Impact (P-I) Matrix THREATS (NEGATIVE IMPACT) OPPORTUNITIES (POSITIVE IMPACT) RISK IMPACTS (CONSEQUENCES) LIKELIHOOD Perform Qualitative Risk Analysis
  21. 21. Risk Score Risk Score = Probability X Impact The higher the Risk score the more serious the risk Chapter 6: Perform Qualitative Risk Analysis
  22. 22. Qualitative Analysis - Risk Register Updates Relative ranking or priority list of project risks Risks grouped by categories Causes of risk or project areas requiring particular attention List of risks requiring response in the near-term List of risks for additional analysis and response Watch lists of low-priority risks Trends in qualitative risk analysis results
  23. 23. Perform Quantitative Risk Analysis It is the process of numerically analyzing the effect of identified risks on overall project objectives. It assigns a projected value to (quantify) the risks that have been ranked by performing Qualitative Risk Analysis.
  24. 24. Quantitative Analysis - Risk Register Updates: Probabilistic analysis of the project Probability of achieving cost and time objectives Prioritized list of quantified risks Trends in quantitative risk analysis results
  25. 25. Plan Risk Responses The process of developing options and actions to enhance opportunities and to reduce threats to project objectives It includes the identification and assignment of one person (the risk response owner) to take responsibility for each agreed-to and funded risk response.
  26. 26. Response Plan Strategies for Negative Risk CAUSE RISK EFFECT X X CAUSE RISK EFFECT CAUSE RISK EFFECT CAUSE RISK EFFECT Avoid Avoid Transfer = = Mitigate Mitigate Accept Accept
  27. 27. Response Plan Strategies for Positive Risks CAUSE RISK EFFECT CAUSE RISK EFFECT CAUSE RISK EFFECT CAUSE RISK EFFECT Exploit Exploit Share + + Enhance Enhance Ignore Ignore
  28. 28. Monitor and Control Risks The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project The project work should be continuously monitored for new, changing, and outdated risks.
  29. 29. Risk Identification- The Iterative Process Risk Identification should be repeated to find risks which were not evident earlier in the project. Input is required from a wide range of project stakeholders, since each will have a different perspective on the risks facing the project. Historical records and project documents are reviewed. Identified risks are not filtered, screened, or assessed at this stage; all identified risks are recorded. A risk owner is designated for each identified risk. It is the responsibility of the risk owner to manage the corresponding risk through all of the subsequent risk management processes. Chapter 3: Introduction to Project Risk Management Processes
  30. 30. Risk Assessment Prioritizes Evaluates the level of overall project risk Determine appropriate responses Risk evaluation can be performed using: Qualitative techniques to address individual risks Quantitative techniques for overall effect of risk on the project outcome. Integrated approach for both - requires different types of data Chapter 3: Introduction to Project Risk Management Processes
  31. 31. Qualitative Techniques Gaining better understanding of individual risks, understanding and prioritizing risks is a prerequisite to managing them Qualitative techniques are used on most projects. Outputs: Probability of occurrence Degree of impact on project objectives Manageability Timing of possible impacts Relationships with other risks Common causes or effects Outputs are documented and communicated to key project stakeholders and form a basis for determining appropriate responses. Chapter 3: Introduction to Project Risk Management Processes
  32. 32. Quantitative Techniques May not be required for all projects Provide combined effect of identified risks on the project outcome by taking into account probabilistic or project- wide effects, such as: Correlation between risks Interdependency Feedback loops Degree of overall risk faced by the project. Outputs of quantitative analysis provide: Focus for development of appropriate responses The calculation of required contingency reserve levels Documented and communicated to inform subsequent actions Chapter 3: Introduction to Project Risk Management Processes
  33. 33. Risk Responses Appropriate risk responses must be developed using an iterative process which continues until an optimal set of responses has been developed. Strategies exists for both threats and opportunities. The risk owner should select an achievable, affordable, and appropriate strategy for each individual risk, based on its characteristics and assessed priority The use of a single strategy that addresses several related risks should be considered whenever possible. Chapter 3: Introduction to Project Risk Management Processes
  34. 34. What is ERM ? (Enterprise Risk Management) The simple definition Integrated risk management working as a co-ordinated activity across the whole organisation. Bringing together all risk management activities Sharing them with all parts of the organisation Using an an appropriate framework ERM is ab