














































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The importance of risk management in projects according to the Project Management Institute (PMI). It highlights how risks can impact project objectives and the need for early identification and evaluation. The document also outlines the process of risk management, including qualitative and quantitative analysis, and monitoring and controlling. It also mentions the benefits of risk management and the role of a risk management plan.
Typology: Study notes
1 / 54
This page cannot be seen from the preview
Don't miss anything!















































Master of Science (1 year)
Project management and operational development
This thesis studies if successive calculation is suitable for estimating costs, in middle size projects in a department in Sweden. Also if the method could help decision-makers in decide if a project is ready to pass a tollgate and go into the next phase. Successive calculation was developed in the 70’s by Steen Lichtenberg. Lichtenberg founded an interest in the method after the publication of his first report.
A project is a temporary organization, with a clear goal and a unique assignment, with a defined beginning and ending, and also an own budget. According to Project management institute (PMI) risk management in projects are one out of nine arias that is vital for a successive project. Every project has risks as soon as it initiated how well the project manager succeed with work associated with risks, can make or break the whole project. ‘SS-ISO 31000:2009’ is an example of a standard that describes how a company should work with risk management. Risks can be defined as the likelihood and consequence of events, which if they occur, affect business objectives, project objectives, external environment or working environment in a negative way. There are methods that can be used when working with risks to describe them better, and be able to calculate more accurate budgets. Examples of quantitative risk analysis methods are: Monte Carlo, Sensitivity Analysis and Successive calculation.
The department have a well-defined risk management system, which is similar to the theory on how risk management should be performed. They have clear instructions and routines, also a well-defined risk management process similar to the standard ‘Svensk standard SS-ISO 31000:2009’. Their project model is comparable to any model that can be found in literature, with clear phases and tollgates, also what’s requested in order to pass a tollgate. Documents from the department confirm that projects use the management system.
Project managers and sponsors in the department, considered risk management to be important in projects, and if managed well, helps projects to keep within given budget. They also thought that cost for projects, in the department often overruns. There were no contradictions to use successive calculation as a method for determine budget for projects, but in order to use the method project managers- and sponsors needed to be educated in the method.
The theses use a reference project called ‘ project X’, which the method was tested on. The result from the analysis suggests that project x most likely have an underestimated budget.
The recommendation for the department is to use successive calculation in order to do better cost estimations.
The goal of this thesis is to study if successive calculation is suitable as a cost estimation method in middle size projects. And if the result can help decision-makers decide if a project is ready to pass a tollgate and go into the next phase.
The following questions have been formed, In order to answer the overall goal:
The management system was studied according to how the department should work with risks and how predictive the risk management was, for example; anticipate potential cost changes for projects. The thesis suggests improvements in order to make risk management more effective, with support from theory, interviews with project managers and project sponsors who work/worked in projects at the company. The thesis also uses a reference project (called project X in this thesis) as an input.
The thesis will only study project risk, not safety risks. The report will suggest improvements for risk management in projects, but not how the improvements should be implemented. The report will not consider successive calculation for setting a time schedule for a project.
Data such as interviews and the reference project are from one department within the company, findings therefore don’t reflect the whole company.
2 Methodology
The methodology for this thesis was first to do a literature study in risk management, project methodology and successive calculation. The risk management study was important to do, because it gave an understanding how all processes theoretically should be performed in order to get all data required for the quantitative risk analysis. After that, learn the successive principle to be able to perform the analysis on a real project.
The thesis contains two analysis parts, one descriptive and the other one inductive. The descriptive part, studies how the company work at the moment, with the management system as a basis. The other part is inductive which mean that the conclusions are based on experience form results of interviews and the reference project. The inductive part could have been better if more projects had been studied, also if more people were interviewed such as project members. Another aspect would to study a company that had implemented successive calculation with good result and compare that organisation with the department. The two methods were used in order to get an understanding how work was performed, how the department felt regarding risk management and how the process could be improved. The descriptive part, gave the opportunity for a better and more related inductive part.
How risks in projects should be handled was studied according to the description in the management system at the company, which gave an overall picture of the process. After getting more data about how the working progress should be carried out, several interviews with project managers and projects sponsors was held, to get a more balanced view, and to compare if work is carried out according to the management system, or in a different way. The info was essential, because it tells how important the project leaders think risk management is.
This thesis also had the opportunity to test successive calculation on a reference project before the project was going up for decision about future planning at the project review board.
A questionnaire was designed in order to find out if there were any contradictions to use successive calculation in the department, also if a new method would affect the management system. Each question was summarized into three cores.
When successive calculation was conducted on project X , the project manager already had a WBS and a budget as an input for the analysis. The analysis started with breaking down existing activities, in order to do better triple estimations. When the project manager was satisfied with the result, all risks in the risk list was transferred into the method. The result from the analysis was presented in a normal distribution curve.
All data was analysed, in order to give recommendations to the department if they should implement successive calculation in their risk management process.
A project is associated with uncertainties, how well the project manager succeeds with work associated with risks, can make or break, the whole project. (Antvik & Sjöholm, 2008)
Work done early in a project will affect, and have influence on the entire project. It’s one of the reasons that risk management are an important factor when working in projects and a good factor for decision-makers to do health checks on. At the beginning of a project, there is not enough information available for the decision-makers, as they would like. Because of that, it’s important to carry out risk management early, to obtain as much information as possible to get an idea of how many, and big risks there are involved for the project.
Although not all information is available, it’s essential to make decisions for the project regarding if the project should proceed, be reworked or closed down. In a project, there is more ability to influence in the beginning, in relation to what it costs. The longer the project progresses, the more expensive it will be to change scope for the project with a decision, which figure 3-2 shows. (Antvik & Sjöholm, 2008) It’s important that risk management is carried out in a satisfactory manner, so decision-makers are aware of what risk they take, in the next phase of a project.
Figure 3-3 shows the information gap decreases during the project but that it does not reach zero until it’s completed.
Figure 3-3 Information in projects over time
Necessary information
Idea design specification Production Testing Operation
Available information
Figure 3 - 2 Cost impact and ability to influence over time
Ability to influence Cost to Impact
Idea (^) design specification Production Testing (^) Operation
In a project there are always stakeholders, interested of the outcome. Stakeholders have various reasonability and authorities to affect and influence the project, both in a negative and a positive way. It’s Important in the beginning to identify all stakeholders, so their influence can be determent from the start. Common stakeholders in a project are;
Customer/user i s the person or organization that will use to product, service or result of the project, and can either internal or external.
Sponsor is the person or group that provides the project with economical funds. When a project starts, the sponsor is the one that represents it. The sponsor seeks support in the organization and markets the project with what benefits it will give. The sponsor is responsible for the initial process before the project is formally accepted, and has an essential role in creating the overall scope and the project authorization. The sponsor should also support the project when problems are out of the project manager control. The sponsor can also be involved in; change in scope, decisions about passing a tollgate, or close down a project if the risks are too high.
Project manager is the person that has to responsibility to manage the project and deliver the project according to budget, quality and time. The project leader has the main responsibility to communicate with all stakeholders especially the sponsor and the project group. The project manager should write the project plan and all plans within that plan, identify, control, monitor risks and report the project status.
A Project group is people that perform work within the project and should have various field of knowledge’s. (Project management intitute, 2008)
According to Steen Lichtenberg (Lichtenberg, Proactive Management of uncertainty using the successive principle, 2000) there are four types of risk management approaches for a project manager:
The Brave Is the person that doesn’t see the risk management as a help at all, and think that the problem can be tackled as they arrive, and manage it then.
The contractor Thinks that an expert should do the risk analysis, and that the project doesn’t benefit from it at all, but the client may like it. The project manager doesn’t use the risk analysis as an input for decision making, he/she just want do finish the project.
The risk manager Performs professional risk analysis for the project. He/she see it as a cost for the project, because risks are something dangers.
The proactive manager See the risk analysis as something useful, for showing hidden and potential unforeseen events. They see it as a tool to be well prepared for managing risks and hopefully avoid some of them.
It’s important to implement all steps in risk management, as explained below, to give decision- makers the best basis to decide if a project can go into a new phase, and what risks that are involved by doing so. (Lichtenberg, Proactive Management of uncertainty using the successive principle, 2000)
Plan risk management is the process that defines how risk management activities should be implemented in the project. A careful and clear planning increases the chance that the other five risk management processes becomes successful. Risk management degree, type, and visibility must be decided in this process, in order to meet expectations from the organisation. Sufficient amount of resource to carry out the risk management process and a common basis for evaluation, are also important elements in this process. The risk planning process begins when the project starts and finishes early in the project planning process.
The inputs needed for this process are:
The output for this process is a risk management plan, which describes how risk management should be carried out and structured for the project. The plan should be included in the project plan and may contain the following:
Methodology, specifying methods and tools along with sources of information for risk management. Roles and responsibilities that specify how risk management group activities in the plan must be managed and supported as well as the responsibilities of the team members have. Budget to carry out risk management. Specify how often and when the process should be carried out under the project and which risk management activities that should be included in the schedule. Risk categories which provide the framework for systematic identification of risks with a consistent level of detail. An organization might already have a complete categorization of risk, if so, the project should use it. Definitions of probability and consequence. A risk reporting formula, so the risk management processes can be documented, analysed and communicated. (Project management intitute, 2008)
Identifying risks is the process that aims to find risks that might affect any project objective. People involved in this process are project members, external stakeholders and external personal with skills in a specific area. However, all people in the project are encouraged to reports any risk. (Project management intitute, 2008)
This process is an on-going progress throughout the whole project, because when more information becomes available, new risks may arise. How often the process is repeated depends on the project scope and complexity. Risks should be described in such a way that it allows decision-makers to compare risks from one project against other. The project group should be the owner of this process, in order to feel responsible and address new activities.
The inputs needed for this process are: Risk management plan Cost estimate is useful, because it provides an estimate of the likely cost of completing activities in which the assessment expressed best in range, where the intervals size indicates degree of risk. Estimation on activity durations, which helps to calculate whether any risk threatens the time schedule to deliver on time. Reference plan List of stakeholders, which provide a good input for risks that may occur. Plan for cost control Plan for timing Plan for quality management Project documents, such as network plans, reference plans or other project documentation External factors The organization's existing practices, the management system. (Project management intitute, 2008)
The likelihood and consequence of risks is established either by risk meetings or interviewing people with experience in different knowledge fields. The work will be easier if the organization already has predefined scales to use, if the scales aren’t suitable, they can be adjusted in order to fit better. If the scales don’t exist, the project will be required to make own. When the risk index is established it can be categorized into the risk structure, for example; financial risk, resources, environment or time. (Tonnquist, 2010)
The outputs of this process are: An updated Risk List A ranking or prioritization of project risks, the risks can be sorted by risk index, or by using "high risk", "medium risk" or "low risk". The project manager then uses this ranking to decide how the risks should be managed. (Project management intitute, 2008)
Quantitative risk analysis Quantitative risk analysis is the process that aims to numerically analyse the identified risks and determine how they affect the overall project objectives. This process is more fully described under heading 4 Quantitative risk analyses.
Risk Response Planning The purpose of this process is to develop options and actions to enhance opportunities to achieve project objectives, and to reduce the threat that exists against them. It’s during this process that a person becomes a risk owner, and managed by priority. Necessary resources are allocated and scheduled into the budget, time schedule and the project plan.
The inputs needed for this process are:
The four strategies are commonly used in risk response:
Avoid, where an example can be to reschedule a time plan or reduce scope in the project plan. If a risk is considered too be high, and can causes too much impact if it occurs, a decision can be to stop the project to avoid endanger too much. Risks that arise early in the project when not enough information is available can be avoided with clearer demands, or by trying to get more information and better communication.
Transferring is when a risk is transferred to another part. The risk doesn’t disappear because of this procedure, but can be effective on financial risks. An example if this is when a supplier is more capable to manage a risk then the project, or just that the supplier have a higher risk tolerance and are more willing to take bigger chances. The reward for taking risk is a risk premium, often inform of cash.
Reduce means that the project focuses on reducing the likelihood or consequences of a risk. A risk that is categorized as "high" can be transformed to a "medium risk" by reducing the likelihood of it by performing more tests on materials, for example.
Accepting, is a strategy when an active decision has been taken by the project not to manage the risk at all, just supervise it. This strategy is used because every risk in a project can’t be eliminated. However, it is important to document the risk and also wise to establish a possibility reserve if the risk occurs. (Tonnquist, 2010)
The outputs of this process are: Updated risk list Risk-related contract decisions Updated the project plan Updated project documents (Project management intitute, 2008)
Monitoring and controlling Monitoring and controlling is the process that aims to implement plans for; risk response, follow up identified risks, identify new risks, and evaluating the risk process during all phases. In this process risks are reviewed, reconsideration also still relevant and if the risk index has changed. Risk audits measure effectiveness of risk response for documented risks, and if they have enough documentation. Budget- and time reserve are evaluated and compared against the project's progress, in order to determine if the reserve enough.
The inputs needed for this process are: Risk List Project Management Plan Information on job performance, which includes delivered status, progress against schedule and costs incurred. Progress reports
The outputs for this process are: Update Risk List Updating of the organization's existing practices Change Request Update on the project management plan (Project management intitute, 2008)
The quantitative risk analysis is the process that aims to numerically analyse identified risks. Quantitative risk analysis is performed on risks according to the prioritization from the qualitative risk analysis, where the risks are analysed regarding on the impact they may have. In some projects, it is not necessary to perform this process in order to perform an effective risk management.
The inputs needed for this process are: Risk List Risk Management Plan Plan for Cost Control Plan for timing The organization's existing practices
The successive principle has some fundamentally principles:
Accept uncertainty , as mention projects are involved with risks, best way to handle them is trying to identify, evaluate and hopefully eliminate those risks. (Lichtenberg, 2000)
A Top-down technology should be followed, because it allows the group to work systematically and with right priorities. When cost elements are estimated, they are broken down from top to the bottom. The focus from the project should be on the most uncertain factors and items that can impact costs the most. First, a number of large cost items assessed and then work out a more detailed assessment to get a more balanced picture of the risks involved. The goal is to get an overall picture of the project and then be able to work with the right items. (Lichtenberg, 2000)
Statistical calculation is used in the method to evaluate the results based on the probability of achieving a result. Each cost item is assessed with a minimum, maximum and probable value. The results are then presented with a weighted mean value and a standard deviation; the results are presented graphically with normal distribution curves, which make the results easier to understand.
General uncertainties refers to elements that aren’t described in the overall WBS but affect several cost items, for example, public opinion and political decisions. These uncertainties are analyzed separately from the WBS-structure. In traditional calculation, it is not uncommon for these to be forgotten or underestimated. (Antvik & Sjöholm, 2008)
An analysis group that has a broad range of expertise in different field, and they should meet the requirements of the actual issue. They need to be able to communicate openly while identifying all elements of possible importance for the project they shouldn’t just look at physical and formal items but also on more soft issues for example project maturity. The calculations that are being performed must be simple and understandable also that the figures evaluated are neutral have a correct manner. The analysis group is one of the key factors when performing a forecast efficiently.
The successive principle also requires that the qualitative phase of risk management has been performed in a satisfying way. One of the first things that the analysis group needs do decide is how detailed the analysis should be for the project, programme or the tasks, this is important to decide at an early stage. (Lichtenberg, 2000)
Prioritize right risks It’s important in too work with the “right” risks; figure 3-4 shows how the selection should be done.
A 400 50
50
50
A 1 200 20 A 2 100 5 A 9 0 25
B 200 20
20 20
B 1 50 10 B 2 25 5 B 9 0 15
Figure 3-4 on how a selection should be done to work with the right risks
The ‘Triple group estimate method’ is used for each main item in the project. The group decides the extreme minimum, most likely and extreme maximum for each item this will result in a variance for each item. The item is then broken down into smaller pieces to see how much uncertainty that the item has. The white boxes indicate local uncertainly which can be reduced through further detailing. The grey boxes indicate that they are overall influences in the aria, and the black represent remaining unavoidable uncertainty, this should according to Steen be repeated five to ten times, note that figure 3 only show two cycles. After this detailing process the group have a list with the highest priority figures to work with further. (Lichtenberg, 2000)
After selecting uncertainties to work further with, the calculation can take place. The calculation is described below:
The factor mean value (m)(EV) is calculated for all factors and items according to the formula:
The local conditional uncertainty (s) is according to the formula:
Where the factors are used the relative or percentage uncertainty is calculated:
The local mean value (M) of the local item is calculated by multiplying the m-values of related factors to get M=m.