Project Risk Management

Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, and controlling risk on a project.
The objectives of project risk management are to increase the likelihood and impact of positive events, and decrease the likelihood and impact of negative events in the project.
Risk are broadly classified into three themes:
  • Risk appetite - 風險偏好。為了預期的回報,一個實體願意承受不確定性的程度。
  • Risk tolerance - 風險承受力。組織或個人能承受的風險程度、數量或容量。
  • Risk threshold - 風險臨界值。干系人特別關注的特定的不確定性程度或影響程度。低於風險臨界值,組織會接受風險;高於風險臨界值,組織將不能承受風險。
例如,組織的風險態度可包括組織對不確定性的偏好程度,不可接受的風險級別的臨界值,或者組織的風險承受力。組織會基於風險承受力而採取不同的風險應對措施。

11.1 Plan Risk Management

11.1.3 Plan risk Management: Outputs
Risk Breakdown Structure (RBS)


11.2 Identify Risks
11.2.2 Identify risks: Tools and Techniques
11.2.2.2 Information Gathering Techniques
  • Brainstorming - The goal of brainstorming is to obtain a comprehensive list of project risks.Categories of risk, such as in a risk breakdown structure, can be used as a framework. Risks are then identified and categorized by type of risk and their definitions are refined.
  • Delphi technique
  • Interviewing
  • Root cause analysis

11.2.2.3 Checklist Analysis
Risk identification checklists are developed based on historical information and knowledge that has been accumulated from previous similar projects and from other sources of information.
The lowest level of the RBS can also be used as a risk checklist.
The team should also explore items that do not appear on the checklist.
Additionally, the checklist should be pruned from time to time to remove or archive related items.
The checklist should be reviewed during project closure to incorporate new lessons learned and improve it for use on future projects.

Influence diagrams
These are graphical representations of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes.


SWOT Analysis
This technique examines the project from each of the Strengths, Weaknesses, Opportunities, and Threats (SWOT) to identified risks by including internally generated risks.

11.2.3 Identify risks: Outputs
11.2.3.1 Risk Register
The primary output from Identify Risks is the initial entry into the risk register. The risk register is a document in which the results of risk analysis and risk response planning are recorded.
The preparation of the risk register begins in the Identify Risks process with the following information, and then becomes available to other project management and risk management
  • List of identified risks
    The identified risks are described in as much detail as is reasonable.
    A structure for describing risks using risk statements may be applied, for example,
    EVENT may occur causing IMPACT, or If CAUSE exists, EVENT may occur leading to EFFECT.
    (某事件可能發生,從而造成什麼影響;或者,如果存在某個原因,某事件就可能發生,從而導致什麼影響。)
    In addition to the list of identified risks, the root causes of those risks may become more evident.
    These are the fundamental conditions or events that may give rise to one or more identified risks.
    They should be recorded and used to support future risk identification for this and other projects.
  • List of potential responses
    Potential responses to a risk may sometimes be identified during the Identify Risks process.
    These responses, if identified in this process, should be used as inputs to the Plan Risk Responses process.


11.3 Perform Qualitative Risk Analysis
Perform Qualitative Risk Analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
The key benefit of this process is that it enables project managers to reduce the level of uncertainty and to focus on high-priority risks.
Perform Qualitative Risk Analysis 根據風險發生的機率、風險發生後對項目目標的相應影 響及其他因素(如應對時間要求,與成本、進度、範圍和質量等),來評估已識別風險的優先級。
評估會受項目團隊和其他利益關係人的承受風險態度所影響。
因此,為了實現有效評估,就需要清晰地識別和實施Qualitative Risk Analysis 過程的關鍵參與者的風險處理方式。

如果他們的風險處理方式會導致風險評估中的偏頗,則應該注意對偏頗進行分析與糾正。

建立機率和影響層級的定義,有助於減少偏見的影響。
風險在時間緊迫性的情況下,可能會放大風險的重要性。
對項目風險相關信息的質量進行評估,也有助於澄清關於風險重要性的評估結果。

實施Qualitative Risk Analysis 通常可以快速且經濟有效地為規劃風險應對建立優先級,可以為實施Quantitative Risk Analysis(如果需要的話)奠定基礎。

需要根據Risk Management Plan的規定,在整個項目生命周期中定期實施Qualitative Risk Analysis過程。本過程完成後,可進入實施Quantitative Risk Analysis過程。

11.3.2 Perform Qualitative risk Analysis: Tools and Techniques
Risk Probability and Impact Assessment
Risk probability assessment investigates the likelihood (可能性) that each specific risk will occur.
Risk impact assessment investigates the potential effect on a project objective such as schedule, cost, quality, or performance, including both negative effects for threats and positive effects for opportunities.

The level of probability for each risk and its impact on each objective is evaluated during the interview or meeting.
Explanatory detail, including assumptions justifying the levels assigned, are also recorded.

Risk probabilities and impacts are rated according to the definitions given in the risk management plan.
Risks with low ratings of probability and impact will be included within the risk register as part of the watch list for future monitoring.

Probability and Impact Matrix

Risk Data Quality Assessment
A technique to evaluate the data about risks is useful for risk management.
and examining the data is understood and the accuracy, quality, reliability, and integrity.
The use of low-quality risk data may lead to a qualitative risk analysis of little use to the project.

11.4 Perform Quantitative Risk Analysis
Perform Quantitative Risk Analysis is performed on risks that have been prioritized by the Perform Qualitative Risk Analysis process.

Qualitative Risk Analysis vs Quantitative Risk Analysis
Qualitative risk analysis should performed on all risks, for all projects;
Quantitative risk analysis is limited use, based on the type of project, the project risks, and the availability of data to use.

Qualitative risk analysis prioritizes the identified project risks using a rating method e.g. .Probability and Impact Matrix
So the impact scale is organizationally defined (for example, a one to five scale, with five being the highest impact on project objectives - such as budget, schedule, or quality).

Quantitative risk analysis is a further analysis of the highest priority risks during a numerical or quantitative rating is done by Qualitative risk analysis.
In order to conduct a quantitative risk analysis, you will need high-quality data, a well-developed project model, and a prioritized lists of project risks (usually from performing a Qualitative risk analysis)
Quantitative risk analysis:
  • Quantifies the possible outcomes for the project and assesses the probability of achieving specific project objectives.
  • Provides a quantitative approach to making decisions when there is uncertainty.
  • Creates realistic and achievable cost, schedule or scope targets.

Summary
Qualitative: risk-level
Quantitative: project-level

Qualitative: subjective evaluation of probability and impact
Quantitative: probabilistic estimates of time and cost

Qualitative: quick and easy to perform
Quantitative: time consuming

Qualitative: no special software or tools required
Quantitative: may require specialized tools


11.3.2 Perform Qualitative risk Analysis: Tools and Techniques
Beta distribution and Triangular distribution
Both of them use PERT 3-point estimate formula to illustrate the Expected Value ,Optimistic Value, Most Likely Value, Pessimistic Value on diagram.

1. Formula of Beta distribution

2. Formula of Triangular distribution

Expected monetary value (EMV) analysis
After conducting a Qualitative Risk Analysis, you’ll have a list of risks with a priority and urgency assigned. By using Expected Monetary Value, you can quantify each risk to determine whether your qualitative analysis is backed by numbers.
How to Calculate Expected Monetary Value (EMV)
Using a Decision Trees Example in Project Risk Management to Calculate Expected Monetary Value

Monte Carlo Simulation
Monte Carlo experiments are a class of computational algorithms that rely on repeated random sampling to compute their results.

Monte Carlo methods are often used in computer simulations of physical and mathematical systems.

To conduct a Monte Carlo simulation, you need to have your project’s Network Diagram, and the duration of each task. If you want to do a Cost simulation, then the associated cost for each task must be identified too.

The Monte Carlo Simulation will use a complex algorithm (and that’s why we need to use a computer software to do it).

It will do multiple iterations of the project, to see what will be the impact of changes on the project.

Say if the software did this over 5000 times, it will come up with a very useful set of numbers, which will aid in a better assessment of risks, and give you clarity of the actual costs or schedule, with much more accuracy.

Benefits of the Monte Carlo Simulation Technique
  1. Helps to evaluate the overall risk in the project.
  2. Converts uncertainity on the project into tangible numbers to assess the overall impact to the project.
  3. It can be applied to assess the impact on the schedule or the cost.
  4. Provides the answer in a range of probabilities or a curve.
  5. The answer can give you, quite accurately, the probability of completing the project with a specific cost, or a specific date.



11.4 Perform Quantitative Risk Analysis
Plan Risk Responses is the process of developing options and actions to enhance opportunities and to reduce threats to project objectives. The key benefit of this process is that it addresses the risks by their priority, inserting resources and activities into the budget, schedule and project management plan as needed.

The Plan Risk Responses process follows the Perform Quantitative Risk Analysis process (if used).
Each risk response requires an understanding of the mechanism by which it will address the risk.
This is the mechanism used to analyze if the risk response plan is having the desired effect.
Selecting the optimum risk response from several options is often required.

11.5.2 Plan risk responses: Tools and Techniques
11.5.2.1 Strategies for Negative Risks or Threats
Three strategies, which typically deal with threats or risks that may have negative impacts.
Avoid -
  • Changing the project management plan
  • Isolate the project objectives
  • Change the objective
    • Extending the schedule, changing the
    • Strategy, or reducing scope
    • Shut down the project entirely

transfer -
  • buy an insurance
  • payment to the external party taking on the risk

Mitigate -
  • A reduction in the probability and/or impact
  • Less complex processes, conducting more tests, or choosing a more stable supplier are examples of mitigation actions

Accept -
  • the project team has decided not to change the project management plan to deal with a risk
  • unable to identify any other suitable response strategy
  • review the threat to ensure that it does not change significantly
  • The most common active acceptance strategy is to establish a contingency reserve, including amounts of time, money, or resources to handle the risks.

11.5.2.2 Strategies for Positive Risks or Opportunities
Exploit -
  • wishes to ensure that the opportunity is realized
  • For example, web development team found and use CSS/JS Framework instead to save time.

Enhance -
  • increase the probability and/or the positive impacts of an opportunity

Share -
  • Sharing a positive risk to other.

Accept -
  • Accepting an opportunity but not actively pursuing it.

11.6 Control Risk
Control Risks is the process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project.
Control Risks can involve choosing alternative strategies, executing a contingency or fallback plan, taking corrective action, and modifying the project management plan.

11.6.2 Control Risks: Tools and Techniques
11.6.2.1 Risk Reassessment - Control Risks often results in identification of new risks, reassessment of current risks, and the closing of risks that are outdated.
11.6.2.2 Risk Audits - Risk audits examine and document the effectiveness of risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.

1 則留言:

  1. What is risk analysis process? and there is the part of finance. If you want to help in Finance Assignment. Then you should contact EssayCorp.

    回覆刪除