SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
Risk & Risk Management
• A risk is "an uncertain event or condition
that, if it occurs, has a positive or negative
effect on a project's objectives."
• Risk management includes for
identification of risks, assessment of risks
in terms of likelihood and consequences /
impacts, and defining responses to
• An uncertain event or condition that if it
occurs has a positive or negative effect on
at least one project objective such as time,
cost, scope, quality (safety).
• Risks have a cause and an impact.
• As a result of:
• a [DEFINITIVE CAUSE],
• an [UNCERTAIN EVENT (Risk)] may
• which would lead to [EFFECT/IMPACT
Risk is Perception
Risk is often in the eye of the beholder and
is a personnel perception.
This is linked to the following:
• Attitude (which drives)
• Behaviour (which leads to)
and the risk ‘appetite’ of a firm/individual
What can happen?
When & where?
How & why?
Risk Management Context
ESTABLISH THE CONTEXT
Compare against Criteria
Identify existing controls
Determine Level of Risk
Prepare & Implement Plans
Analyse / evaluate residual risk
I keep six wise serving men.
(They taught me all I knew).
There names are What & Why & When,
and How & Where & Who
(Rudyard Kipling 1902)
PMI Process Group
• Establishing the Context;
• Deciding ‘how’ to approach & conduct risk
RISK PLANNING - WHAT
• Enterprise Environmental Factors – structure, culture,
resources, market conditions, PMIS
• Organisational Processes – Assets, Policies &
• Scope & any legal regulatory, physical, time, constraints.
• Consider business needs for the project.
• WHYIdentifies who has to what and when and at what
cost (budget for risk required). Enables focused rational
communication with others. Describes and approach to
RISK PLANNING -WHY
• Identifies who has to do what and when
and at what cost (budget for risk required).
• Enables focused rational communication
• Describes risk management and approach
to be made
RISK PLANNING -WHEN
• Prior to commencement and ongoing as
part of monitoring & control.
• New situations or changes during project.
• Risk plan for formal risk review/risk
activities through project lifecycle.
RISK PLANNING -HOW
• Approach to be adopted – new, existing
registers. Depends on size, complexity
‘newness’ of project and project team.
Tools and techniques to be used.
• Definitions of probability and impact to be
used in RM.
• Communication and consultation with
• Location of initial meetings, internal and
• On or off site
• Consider Client and contractors who either
input direct or through documents, joint
workshops etc .depending on situation.
RISK PLANNING -WHO
• Participants required, stakeholders or
• Based on knowledge, experience,
• Client and contractors to either input direct
or through documents, joint workshops
RISK PLANNING - DELIVERABLES
• RISK MANAGEMENT PLAN
• RISK BREAKDOWN STRUCTURE (RBS).
• Definitions of probability (likelihood) and Impact
• Risk Context :Client / Contractor / Consultant etc,
Internal / External
• Risk categories : Technical, External, Organisational,
Project Management (Estimates of Time / Cost),
Legal/Contract, Reputation, Safety, Quality,
Environmental as per RBS.
• Organisation Risk Manual so set ‘policy’/ protocol/
organisation rules, roles & responsibilities.
Risk Management Plan (Contents)
• Introduction – project background and description; philosophy
• Risk Methodology (Tools & Techniques)
• Roles & Responsibilities
• Information & Communication protocols
• Training required
• Timing (Schedule)
• Risk Categories – RBS
• Definitions of probability & impact
• Probability / Impact Matrix & High, Medium, Low definition
• Tolerances with respect to risk categories and any predefined
• Report Formats – registers, tracking, reports, change.
Identification of risks affecting, or that may
affect the project, in a systematic manner.
Identification of what, where, when, why
and how events could prevent, delay or
enhance the achievement of the objectives.
RISK IDENTIFICATION - WHAT
• What can happen - the effect – the RISK.
Use of EFFECT & CONSEQUENCE to
define RISK rather than risk definition first.
• Definition is important so that it is clear
and not ambiguous.
RISK IDENTIFICATION - WHY
• Enables ‘definitions’ to be established so
risks are described properly and not
repeated in different guises using different
• Beware that a rsik is confused with cause.
RISK IDENTIFICATION - WHEN
• During initial planning once the plan has
• Plus when risks can happen during the
project life cycle (project phases,
construction, O&M, factory, delivery,
RISK IDENTIFICATION - HOW
Tools & Techniques based on:
• Information Gathering Techniques:
• Comprehensive Listings
• Root Cause determination
• Historical records Checklists
• Pre Mortem
• Affinity diagram
• Nominal group Technique
RISK IDENTIFICATION - HOW
• Cause & Effect
• Flow Charts
• Influence diagrams
RISK IDENTIFICATION - WHERE
• Off site, agenda and time / location,
workshop environment time bound
• Where will risk occur (On site/offsite etc)
RISK IDENTIFICATION - WHO
• Project Manager,
• Subject MatterSpecialists, experts
• ‘Three Wise Men’
• Project Team
• Historical Records - Advisors
RISK IDENTIFICATION -
• RISK REGISTER
• List of ID’d Risks
• Root Cause
• Risk categories
• Potential response (?)
To develop an understanding and a
prioritisation of risks so that decisions may
be made regarding the acceptance of risks,
or actions to be taken to mitigate such risks.
ID and evaluate existing controls.
Determine consequences & likelihood of risk
plus range of potential consequences
Evaluation / Ranking
Insignificant Minor Moderate Major Catastrophic
Almost Certain Significant Risk Significant Risk High Risk High Risk High Risk
Likely Moderate Risk Significant Risk Significant Risk High Risk High Risk
Moderate Low Risk Moderate Risk Significant Risk High Risk High Risk
Unlikely Low Risk Low Risk Moderate Risk Significant Risk High Risk
Rare Low Risk Low Risk Moderate Risk Significant Risk Significant Risk
QUALITATIVE ANALYSIS - WHAT
• Determine the negative consequences of IDd
risks in the context of likelihood and probability
with respect to the Project and its Scope.
• Use of past records, experience, research,
prototypes, assumptions, ‘tailored’ scales and
matrices of probability & impact.
• Information and records are key – Market
factors, industry norms and range, experience of
others, public consultation, economics and
economic trends, government legislation
QUALITATIVE ANALYSIS - WHY
• So informed decisions may be made.
• Initial screening of risks to identify ‘High
Risks’ and allow management to focus on
higher risks and allocate appropriate
• WHENAt commencement.Initial part of
prioritising risk prior to qualitative
Analysis.If there are no hard and fast data
regarding time / cost.
QUALITATIVE ANALYSIS - WHEN
•At commencement of the Project
•As part of prioritising risk prior to
•If there are no hard and fast data regarding
time / cost thereby obviating any quantitative
QUALITATIVE ANALYSIS - HOW
• INFORMATION / RISK REGISTER
• ID TEAM TO ANALYSE RISKS
• ASSUMPTIONS RECORDED
• PROBABILITY / IMPACT SCALES
• CARRY OUT ANALYSIS
• DETERMINE RISKS AND CATEGORIES
• DOCUMENT ANALYSIS
• IDENTIFY ANY TRENDS
• DECISIONS AND CATEGORISATION
• INPUT TO QUANTITATIVE ANALYSIS
QUALITATIVE ANALYSIS - HOW
• Structured Interviews with Experts.
• Multi – disciplinary groups
• Models & Simulations
• 3x3 and 5X5 or 10x10 matrices.
• Thresholds, risk ranking / scoring
QUALITATIVE ANALYSIS - WHERE
• Off site to create a working environment to
focus on risks.
• On site during specific focussed
QUALITATIVE ANALYSIS - WHO
• Project Manager
• All involved disciplines and those involved
with interfaces etc.
• IDd Risk Owners / Managers
• Team Members / Contributors
• “I know my business” does not make the risks low;
Firms / individuals with a greater risk appetite still need
to be aware of risk and at least take a pragmatic /
realistic approach so appropriate reaction may be made
in a timely manner.
• It can’t happen to me. Bad things happen to others.
• Pushing through bids to win work – site will sort it out –
we have experienced people.
• ID Impact / Severity and Probability / Likelihood rather
than High, Medium, Low to move away from group think
as to LOW (optimistic) or HIGH (pessimistic)
Numerical analysis of risk with probability
expressed as a number or percentage and
impact as a definitive cost/delay
A means of prioritising risks that have been
Total cost Cumulative FrequencyLine Graph
405 410 415 420 425 430 435 440 445
Total cost (value)
Total cost frequency distribution
Total Cost (value)
QUANTITATIVE ANALYSIS -WHAT
• Decide upon which risks which require a
• Risk Register indicates ‘high priority’ risks
based on ranking.
• Focus can be on commercial / business
exposure and ranking projects on basis of
• OR schedule
• OR performance
QUANTITATIVE ANALYSIS - WHY
• Determining risk exposure in tangible and
business terms so that management time
and effort is focussed on areas of greatest
risk (Business / Commercial) in order to
decrease overall project risk.
QUANTITATIVE ANALYSIS - WHEN
• During planning phase following
QUANTITATIVE ANALYSIS - HOW
• Convert probability and impacts into numerical values.
Use of expert judgement, guesstimates (educated
guesses) based on experience, historical data, industry
data, corporate knowledge.
• Tools include
1. Monte Carlo Analysis (Cost & Time)
2. Risk Management Software (Cost & Time)
3. Precedence Diagram (Time)
• Also use interviews, sensitivity analyses, EMV and
• Tornado Diagram
QUANTITATIVE ANALYSIS - WHERE
• As required
• Specialist activity – off site
QUANTITATIVE ANALYSIS - WHO
• Expert input for input parameters and
review of outputs.
• Specialist software users.
• Semi quantitative can be carried out if
cost/time not known exactly.
• Probability / Impact is based on time
frequency ranges and impacts in terms of
money/accident time etc.
• Accident severity is linked to financial loss.
• Monte Carlo simulations aid semi-
quantitative analysis when ranges
RISK RESPONSE PLANNING -
• Determining strategy(s) and techniques for
dealing with risk.
• Evaluate estimated risk levels against pre-
established criteria and consider balance
between potential benefit vs adverse outcome
so decisions as to extent and nature of treatment
required and priorities.
• Plan for implementation of specific cost-effective
strategy and action plans to increase
RISK RESPONSE PLANNING - WHAT
• Prioritised risks ranking. Identification of risks
within Risk thresholds, Risk Owners and
allocation of management responsibility,
• Contingency plans, fallback positions.
• Creation of reserves (time, cost, resources (just
• Go / No Go decisions with respect to certain
risks and action required.
RISK RESPONSE PLANNING - WHY
• So that appropriate plans can be made in
advance and sufficient funds etc may be
made available to respond to risk.
• Appropriate insurances or methodologies
may be adopted to reduce risk exposure.
• Selection of the appropriate choice to deal
RISK RESPONSE PLANNING - WHEN
• Prior to awarding contracts.
• Prior to execution
• Prior to new activities
RISK RESPONSE PLANNING - HOW
• Four main methods are adopted depending on
• TERMINATE / AVOID - Activity is not carried
• TRANSFER / ALLOCATE - Insurance, warranty,
• TREAT / MITIGATE - Choose a specialist
supplier, build in redundancy, adopt a JV partner
• TAKE / ACCEPT - As part of regular operations
and dealt with through organisational capability
or specific operating procedures
RISK MONITORING & CONTROL
Monitor the effectiveness of all steps of Risk
Management Process so that risks are
Any underestimates/overestimate of risk
may be identified and appropriate changes
to the plan implemented.
RISK MONITORING & CONTROL - WHAT
• Assess – Treat – Monitor - Assure
• Monitoring physical execution of a project,
identification of any adverse trends.
• ID of key metrics. “Cannot manage what
you don’t measure”.
• Trends – emerging issues and change ID
• Reviews of risk handling
RISK MONITORING & CONTROL - WHY
• Early identification of trends.
• Avoidance of risk
• Time implementation of a risk response
plan prior to risk becoming an issue
RISK MONITORING & CONTROL - WHEN
• Continuous to monthly to quarterly
depending on circumstances.
• At Project Phase Completion /Gateways
• On commencement of new activities
(utilising lessons learnt for repeat
RISK MONITORING & CONTROL - HOW
• Monitoring and measurement of key metrics.
(Rates of progress, EVM – not just money but
drawings/recruitment/materials placement etc,
• Definition of Trigger Levels, Thresholds,
Variance, Delays, “Drop Dead Dates”, trends.
• Audits – not blame and error but opportunity to
correct and improve; correct errors before they
• AVOIDING NEGLECT AND SUBSEQUENT
RISK MONITORING & CONTROL - WHERE
• On site
• Off site
• Project Retreats
• Corporate reviews
RISK MONITORING & CONTROL – WHO
• Project Team
• Project Controls
• Project Manager
• PM Office
RISK CLOSE OUT
PMI Process Group
Closure of risk register and review of
effectiveness of Risk Management Plan,
Risk ID and Risk Response Planning /
Opportunity for lessons learnt being includd
into corporate knowledge
RISK CLOSE OUT
• WHAT – Risks were realised and which
controls were effective
• WHY - Lessons learnt and knowledge
• WHEN -During execution, end of stages /
• HOW - Records / Reports / Close out
Report / Interviews
• WHERE - On site, corporate HQ
• WHO - Project Team / Facilitator
Value of Risk
• Return on Risk – 12.5 to 1
• Ounce of prevention is a one pound of
• Stitch in time saves 9.
• (16 +9)/2 = 12.5
• If it can go wrong…it will (Murphy’s Law)
• Ignoring a risk does not make it go away.
• You pay for your risk management if you do it or
not…unfortunately it may cost you more to cure
than prevent. (An ounce of prevention is worth
more than a pound of cure)
• Risk is the mind of the beholder and all too often
people believe their own hype - Optimism Bias
• Risks vs Issue – Risk – you can smell it, Issue –
your standing in it
• A little bit of risk management can prevent a lot
of fan cleaning
• Risk...isn’t that something that to happens to
• …but it’s on the Risk Register…but nobody was
assigned to own/monitor/act
• Risk clusters at interfaces, junctions, boundaries
• Risk is a perception
• Risk can happen to everybody
• Risk management allows a sensible and
pragmatic approach to be taken to
• Risk management can help avoid project
• Risk management can help promote