1. 1
Risk Management
Project Management
Session 10
Dr. M. Sepehri
FAll 1390
2. 2
Project Risk
An uncertain event or condition that,
if it occurs, has a positive or negative
impact on a project objective
External: unpredictable
External: predictable
Internal: non-technical
Internal: technical
Legal
Business risks
Insurable risk
– Direct property
damage
– Indirect
consequential loss
– Legal liability
– Personnel
3. 3
Risk Continuun
Unknown
Unknowns
Known
Unknowns
Knowns
No
Information
Partial
Information
Complete
Information
Total Risk
Uncertainty
No Risk
Scope of Risk Management
Feasibility
Studies
Closeout
Reports
Enter New
Markets
4. 4
Definition of Risk
Risk = f(Likelihood, Impact)
event
• Likelihood is the probability of occurrence
• Impact is the amount at stake
5. 5
Components of Risk
Impact
Probability
• Risk Event
• Risk Probability
• Impact
• Timing
• Tolerance
10. 10
Variation through the
Project Life Cycle?
Time along project life cycle
Familiarity
Mitigation?
Risk Event
Probability?
Amount to
complete?
Amount
at Stake?
Cost to make
Changes?
11. 11
RISK MANAGEMENT
Why bother with Risk Management?
Arguments AGAINST
Arguments FOR
12. 12
Risk Management
Risk management focuses on the future
Risk and information are inversely related
Historically, we focused our attentions
on schedule & cost risk management.
Today, our primary emphasis is on
technological risk management:
– Can we design it and build it?
– What is the risk of obsolescence?
13. 13
Basic Concept
Risk management focuses on:
– Known unknowns
– Proactive management
The alternative to proactive management
is reactive management, also called crisis
management.
This requires significantly more resources
and takes longer for problems to surface.
15. 15
Risk Management
The systematic processes of identifying,
analyzing & responding to project risks
A formal approach to the process as
opposed to an intuitive one.
– Define objectives
– Identify Risk
– Qualify/Quantify Risk
– Develop Response
– Risk Control
17. 17
Risk Management (PMBOK)
The systematic processes of identifying,
analyzing & responding to project risks
A formal approach to the process as opposed
to an intuitive one.
1. Divide/define objectives
2. Identify Risk (to objectives)
3. Qualify/Quantify Risk
4. Develop Response
5. Risk Control
18. 18
1- Define Objectives
Divide and then define
– Subdivide by stakeholders
– Subdivide by PM knowledge area
– Subdivide by OBS (departments)
– Subdivide by WBS (work package)
– Subdivide by constraints
21. 21
Risk Types at Boeing
Financial risks
Market risks
Technical risks
Production risks
Risk >>> Mitigation strategies
22. 22
Financial Risks
Up-front funding and payback period
based upon number of planes sold
– Mitigation strategies
Funding by life cycle phase
Continuous financial risk
management
Sharing risks with subcontractors
Risk reevaluation based upon sales
commitments
23. 23
Market Risks
Forecasting customers’ expectations on
cost, configuration, and amenities based
upon a 30-40 year life of a plane
– Mitigation strategies
Close customer contact and input
Willingness to custom-design per
customer
Development of a baseline design
that allows for customization
24. 24
Technical Risks
Because of the long lifetime for a plane, we
must forecast technology and its impact on
cost, safety, reliability and maintainability
– Mitigation strategies
structured change management process
Use of proven technology rather than
high risk technology
Parallel product improvement and new
product development processes
25. 25
Production Risks
Coordination of manufacturing and assembly
of a large number of subcontractors without
impacting cost, schedule, quality or safety
– Mitigation strategies
Close working relationships with
subcontractors
A structured change management process
Lessons learned from other new projects
Use of learning curves
29. 29
Why Projects Fail
Innovation
Concurrency
Stakeholders
Communication
Scope of work
Poor estimating
Poor planning
Insufficient reviews
Insufficient control
Lack of commitment
Incomplete and/or in-accurate
information
Lack of support
from team members
. . . .
30. 30
3- Risk Qualification
For each risk, identify the risk degree,
qualify by experts, and quantify!
– Subjective
– Objective
• Probability
• Expected Value
• Variance
33. 33
4- Risk Response
• Eliminate Risk
Remove early
• Mitigate Risk
Reduce probability/impact
• Deflect Risk
Transfer to another party
• Accept Risk
Avoidance
Control (mitigation)
Transfer
Assumption (retention)
34. How Much Risk is Acceptable?
34
High tolerance for risk
Medium tolerance for risk
Low tolerance for risk
35. 35
Which Method to Use?
Project Procedural
Documentation
Guidelines
Reduction
Avoidance
High Low
Tolerance for Risk
Rigid
Policies/
Procedures
Assumption
Transfer
38. 38
5- Risk Control
Implements Risk Management plan to make it
happen. Most neglected, but most important.
Includes communication, training, practice
runs. Develop company culture & attitude.
Risk Management plan is monitored/updated on
a regular basis to include any changes:
– Changes in the scope of work
– Changes in the build method
– Changes in the team members
– Changes in the suppliers
40. 40
FIVE STEPS TO DEVELOP PAYOFF TABLE
List all the alternatives.
List the future consequences of each
alternative.
Identify the payoffs associated with each
combination.
Assess the degree of certainty that
these combinations will materialize
Decide on a decision criterion.
41. 41
Developing and Using Payoff Tables
Establishing the
procedure to follow
Construct the
Payoff table
Decision-making
under certainty
Decision-making
under complete
uncertainty
Maximin Approach
Maximax Approach
Minimax regret Approach
Insufficient Reason Approach
Decision-making
under risk
Expected Monetary Value (EMV) Approach
Expected Opportunity Loss (EOL) Approach
Expected Value of Perfect Information (EVPI) Approach
42. LEGEND
42
Risk Quantification
STAGE I STAGE II GUID-ANCE
WARHEAD
DESIGN
TEST
MANU.
COST
HIGH
MEDIUM
LOW
PROGRAM
SUMMARY
46. 46
Prioritization of Risks
Schedule Cost
Technical
Performance
or Quality
First
(Highest)
Priority
Second
Priority
Third
Priority
47. 47
Risk Intensity
Radical
Breakthrough
Product
Changes
Next
Generation
Add-ons &
Enhancements
Addition
to Family
New
Process
Process
Changes
Next
Generation
Fine-Tuning
& Incidentals
Changes and
Upgrades
Risk Type
Market
Technical
Timing
Cost
Price
Quality
High
High
High
Low
Medium
Medium
High
High
High
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Low
Medium
Medium
Medium
Low
Low
Low
Low
48. 48
Risk Control Measures
Extreme
Intensity of Controls
Risk Intensity
Standard
Controls
High
Range of Controls
Low
Low