Docsity
Docsity

Prepara i tuoi esami
Prepara i tuoi esami

Studia grazie alle numerose risorse presenti su Docsity


Ottieni i punti per scaricare
Ottieni i punti per scaricare

Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium


Guide e consigli
Guide e consigli


Project Risk Management: Identifying, Analyzing, and Mitigating Risks - Prof. De Marco, Dispense di Project Management

A comprehensive overview of project risk management, a critical component of effective project planning and execution. It covers key concepts, processes, and techniques for identifying, analyzing, and mitigating risks, including risk identification, risk analysis, and risk response planning. The document also explores different types of risks, such as financial risks, environmental risks, and stakeholder risks, and provides practical examples and insights to enhance understanding.

Tipologia: Dispense

2024/2025

Caricato il 02/04/2025

angelica-bonino
angelica-bonino 🇮🇹

11 documenti

1 / 18

Toggle sidebar

Questa pagina non è visibile nell’anteprima

Non perderti parti importanti!

bg1
7.Risk
This unit focuses on project risk management, a critical component of e3ective project
planning and execution. Up to this point, we have emphasized the importance of forecasting
and predicting project outcomes. Project risk management builds on this foundation by
addressing the uncertainties and risks that traditional forecasting techniques may overlook.
Unlike deterministic approaches, risk management incorporates techniques to explore the
unknown, providing tools to anticipate and mitigate potential risks. As discussed in previous
lectures, methods such as probabilistic scheduling or scenario-based scheduling help
identify trends, forecast outcomes, and plan for potential risks. Project risk management
extends these concepts by:
Defining risks.
Evaluating their implications.
Establishing strategies to manage and mitigate them e3ectively.
By the end of this lecture, you will:
Understand the fundamental principles of project risk management as an integral
discipline within project management.
Learn how to execute the processes involved in identifying, analysing, and addressing
risks within a project.
Gain the ability to select and apply the appropriate tools, techniques, and actions for
comprehensive risk management.
This unit aims to equip you with the skills to proactively address uncertainties and ensure better
project outcomes.
In this unit, we will cover a few key topics essential to understanding project risk management.
These include:
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12

Anteprima parziale del testo

Scarica Project Risk Management: Identifying, Analyzing, and Mitigating Risks - Prof. De Marco e più Dispense in PDF di Project Management solo su Docsity!

7.Risk

This unit focuses on project risk management , a critical component of e3ective project planning and execution. Up to this point, we have emphasized the importance of forecasting and predicting project outcomes. Project risk management builds on this foundation by addressing the uncertainties and risks that traditional forecasting techniques may overlook. Unlike deterministic approaches, risk management incorporates techniques to explore the unknown, providing tools to anticipate and mitigate potential risks. As discussed in previous lectures, methods such as probabilistic scheduling or scenario-based scheduling help identify trends, forecast outcomes, and plan for potential risks. Project risk management extends these concepts by:

  • Defining risks.
  • Evaluating their implications.
  • Establishing strategies to manage and mitigate them e3ectively. By the end of this lecture, you will:
  • Understand the fundamental principles of project risk management as an integral discipline within project management.
  • Learn how to execute the processes involved in identifying, analysing, and addressing risks within a project.
  • Gain the ability to select and apply the appropriate tools, techniques, and actions for comprehensive risk management. This unit aims to equip you with the skills to proactively address uncertainties and ensure better project outcomes. In this unit, we will cover a few key topics essential to understanding project risk management. These include:
  1. Introduction to Key Definitions: o Familiarization with the fundamental terminology and concepts in the risk management glossary , which form the foundation of the discipline.
  2. Risk Management Processes: o Risk Identification: The process of systematically recognizing potential risks that could a3ect the project. o Risk Analysis: Assessing the identified risks to determine their likelihood, impact, and priority for action. o Risk Response: Developing and implementing strategies to address identified risks, either by mitigating, transferring, accepting, or avoiding them. These topics provide a structured framework for managing risks e3ectively, ensuring better project outcomes and preparedness for uncertainties.

1. Definitions

To begin, it is essential to define project risks clearly. According to the Project Management Institute (PMI) and its Project Management Body of Knowledge (PMBOK) , a project risk is defined as an uncertain event or condition that, if it occurs, may a3ect the project's objectives. Key points to clarify:

  • A risk di3ers from an issue , as risks pertain to uncertain future events, while issues are existing problems that need resolution.
  • Risks can have either a negative impact (threats) or a positive impact (opportunities) on project outcomes. For example:
  • A negative risk might arise if a company launches a new product and the market responds enthusiastically, leading to demand the company is unable to meet. While increased demand sounds positive, the inability to fulfil orders could result in lost customers and long-term reputational damage.

o Prioritization follows identification, allowing the project team to focus on the most significant uncertainties. This ensures resources are allocated e3iciently to address critical risks.

  1. What should we do about it? o This step involves developing and implementing risk responses: § For negative risks (threats): Avoid, mitigate, or transfer risks to minimize their impact. § For positive risks (opportunities): Exploit or enhance them to maximize their benefits.
  2. Did it work? o Evaluate the e3ectiveness of implemented risk responses. If the actions are not achieving the desired outcomes, adjustments or alternative strategies may be required.
  3. What changed? o Continuously monitor the dynamic environment of the project to identify new risks or changes in previously identified risks. Regular updates ensure that the risk management plan remains relevant and e3ective.

2. Risk Identification

Risk identification is the first step in analysing risks. It involves uncovering potential risks, their origins, and their contributing factors. Risks typically have:

  • Causes or triggers: Underlying factors or conditions that create the potential for risk.
  • The risk event itself: The occurrence of the uncertain event.
  • EKects or consequences: The impact or damage resulting from the event. This structured approach ensures that risks are not seen as sudden, isolated occurrences but as events with identifiable causes and predictable consequences, enabling proactive management and mitigation.

To better understand the distinction between hazards and risks , consider the following examples:

  • Climbing a ladder and falling oK represents a risk , while the ladder itself is a hazard.
  • Flying a plane in a thunderstorm and crashing is a risk , while the plane is a hazard.
  • Using a hammer and injuring oneself is a risk , while the hammer is a hazard. This di3erentiation clarifies that a hazard is a potential source of harm, whereas a risk arises from engaging with the hazard under specific conditions. Types of Risks in Projects Are: 1. Controllable Risks (Internal Risks):
  • These risks originate from within the organization or project and are generally manageable by decision-makers and managers.
  • Examples include: o Commercial Risks: Market-related uncertainties, such as demand fluctuations or competition. o Technical Risks: Issues arising from design flaws, equipment failures, or technological limitations. o Human Resource Risks: Challenges related to sta3 availability, skill gaps, or turnover. 2. Uncontrollable Risks (External Risks):
  • These risks are influenced by external factors beyond the organization’s control and are more challenging to manage.
  • Examples include: o Natural Risks: Environmental hazards such as floods, earthquakes, or storms. o Economic Risks: Changes in macroeconomic conditions, such as inflation, currency fluctuations, or recessions. o Political Risks: Uncertainties stemming from political instability, regulatory changes, or geopolitical tensions. o Country Risks: Challenges associated with operating in unfamiliar or volatile environments. Understanding these distinctions helps project managers identify, categorize, and develop strategies to manage or mitigate risks e3ectively, depending on their origin and controllability.

o Stakeholder Risks: Challenges in managing relationships with decision- makers, stakeholders, or local communities, which may influence project outcomes. Categorizing risks in this manner enables project managers to systematically identify and address potential challenges, tailoring mitigation strategies to each specific risk category. There are numerous techniques available for identifying risks in projects, whether simple or complex. These techniques vary in their approach but can be broadly classified as follows:

  1. Brainstorming: o A collaborative approach where experienced team members gather to discuss and identify potential risks that might impact the project. o This technique leverages the collective expertise of individuals familiar with the field or project.
  2. Expert Interviews: o Consulting individuals with relevant experience from outside the project. o These experts, often involved in similar past projects, can provide valuable insights into potential risks and challenges.
  3. Audits and Process Mapping: o Audits: A systematic review of processes or systems to identify vulnerabilities and risks. o Process Mapping: Visualizing the project's workflow to pinpoint potential risk sources at each stage of the activity sequence.
  4. What-If Analysis: o A scenario-based technique that explores the outcomes of various hypothetical situations to anticipate potential risks.
  5. Root Cause Analysis:

o Working backward from potential e3ects to identify the underlying causes or sources of risks. This technique ensures a thorough understanding of risk origins.

  1. Risk Breakdown Structure (RBS): o The most widely used formal technique in project management for risk identification. o Similar to other breakdown structures in project management (e.g., Work Breakdown Structure), RBS categorizes risks into hierarchical levels, organizing them by source or type. These techniques can be employed individually or in combination to create a comprehensive risk identification process tailored to the specific needs of the project. The choice of method depends on the project’s complexity, industry, and available resources. A Risk Breakdown Structure (RBS) systematically decomposes major risks into smaller, more specific components until individual, identifiable risks are clearly defined. It provides a hierarchical classification system, typically represented as a tree structure, progressing logically from causes to eKects. For example:
  • Project Risks might be broken down into broad categories, such as: o Technical Risks : Risks associated with design, technology, or equipment. o External Risks : Risks arising from factors outside the organization, such as market fluctuations or regulatory changes. o Organizational Risks : Risks linked to internal processes, resource allocation, or communication. o Project Management Risks : Risks related to scheduling, budgeting, or stakeholder management. This hierarchical structure, as illustrated in the accompanying chart, helps organize risks in a way that facilitates systematic analysis and targeted mitigation strategies. By progressing from general categories to specific risks, the RBS ensures that no significant risks are overlooked, creating a robust foundation for e3ective risk management.

interconnectedness highlights the complexity of risk identification, as risks must be mapped to the project’s critical and near-critical tasks to assess their potential impact on the schedule.

3. Risk Analysis

Once risks are identified and mapped along the critical path, the next step is risk analysis. This process involves understanding both the impact and probability of risks. Risk analysis can be approached in two ways:

  1. Qualitative Risk Analysis: o Focuses on prioritizing risks based on their relative importance or severity. o Does not assign numerical or monetary values to risk occurrences or impacts. o Useful for creating a quick, high-level assessment of risks to determine which require immediate attention.
  2. Quantitative Risk Analysis: o Involves assigning specific figures, such as monetary values or measurable quantities, to both the likelihood of risks and their impact. o Provides detailed insights into the potential financial or operational consequences of risks, enabling more precise planning and resource allocation. The choice between qualitative and quantitative analysis depends on the project’s complexity, available data, and the level of detail required for decision-making. Both methods play a crucial role in developing a comprehensive understanding of risks and their implications for project outcomes. The principles of analysing risks involve assessing their probability and impact to determine their overall significance. This is often quantified using the following formula: 𝑅𝑖𝑠𝑘 𝑉𝑎𝑙𝑢𝑒 = 𝑃𝑟𝑜𝑏𝑎𝑏𝑖𝑙𝑖𝑡𝑦 𝑜𝑓 𝑂𝑐𝑐𝑢𝑟𝑒𝑛𝑐𝑒 ∗ 𝐼𝑚𝑝𝑎𝑐𝑡 𝑜𝑟 𝐶𝑜𝑛𝑠𝑒𝑞𝑢𝑒𝑛𝑐𝑒𝑠
  • Probability of Occurrence: Represents the likelihood of the risk event happening.
  • Impact or Consequences: Measures the extent of damage or disruption the risk would cause to the project's objectives if it occurs.

This approach provides a straightforward way to evaluate and prioritize risks by assigning a numerical value to their potential impact, helping project managers focus on the most critical risks. Probability refers to the likelihood of a risk occurring, while impact measures the magnitude or severity of the consequences if the risk materializes. Together, these factors provide a framework for assessing risks. When applying qualitative , semi-qualitative , or quantitative techniques, di3erent tools can be utilized to evaluate risks e3ectively:

  • Qualitative Tools: o Risk categorization matrices (e.g., Probability-Impact Matrix) o Risk prioritization charts o Expert judgment and brainstorming
  • Semi-Qualitative Tools: o Scoring systems to rank risks based on combined probability and impact levels o Weighted criteria to assess risks more systematically
  • Quantitative Tools: o Monte Carlo simulations for scenario analysis o Decision trees to evaluate potential outcomes and impacts o Expected monetary value (EMV) calculations for financial risk quantification The selection of tools depends on the project’s complexity, available data, and the precision required in the risk assessment process.
  • High-Probability, High-Impact Risks: These risks are critical and warrant detailed analysis and robust response planning to ensure they are e3ectively managed. By quantifying qualitative judgments, semi-quantitative evaluation provides a balance between simplicity and precision, allowing for better prioritization and decision-making in project risk management. Quantitative analysis is more challenging to implement in projects because it requires assigning specific numerical values to both the probability and impact of risks. This level of precision necessitates access to:
  • Historical data: A robust dataset of past project performance.
  • Previous experiences: Reliable benchmarks to inform probability and impact estimations. In many cases, such data may not be readily available, making it di3icult to apply this method e3ectively. As a result, quantitative analysis is less commonly used, particularly in projects where historical data or comparable experiences are limited. However, when applicable, it provides a more detailed and objective assessment, supporting decisions that require a high degree of accuracy. Conversely, qualitative analysis often lacks su3icient detail for use in mathematical modeling or precise calculations. This limitation makes it less e3ective in scenarios requiring detailed numerical insights.

Semi-quantitative analysis , on the other hand, is widely used because it combines the strengths of both qualitative and quantitative approaches. It provides enough structure to support prioritization and decision-making without requiring the extensive data necessary for full quantitative analysis. At the conclusion of the risk analysis process, a risk report can be prepared, typically on a monthly basis, by the risk manager or project team. The report commonly includes the following columns:

  • Risk Name: A clear identification of the risk.
  • Task Impacted: The specific task(s) a3ected by the risk.
  • Risk Owner: The individual responsible for managing the response to the risk.
  • Probability and Impact: Numerical or descriptive evaluations of the risk’s likelihood and severity.
  • Risk Score: The product of probability and impact values to prioritize risks e3ectively. For example, in a construction project , inclement weather could be identified as a high- impact external risk. This type of risk, originating from external factors, often requires careful monitoring and proactive response planning to mitigate potential delays or disruptions. During the construction phase of a project, such as a building, risks like inclement weather often arise. Responsibility for addressing such risks typically falls on a designated individual, such as a field manager. For example:
  • Probability: Rated at 2 out of 5 on a Likert scale (low probability).
  • Impact: Rated at 3 out of 5 (moderate impact). The risk exposure is calculated as: 𝑅𝑖𝑠𝑘 𝐸𝑥𝑝𝑜𝑠𝑢𝑟𝑒 = 𝑃𝑟𝑜𝑏𝑎𝑏𝑖𝑙𝑖𝑡𝑦 ∗ 𝐼𝑚𝑝𝑎𝑐𝑡 = ! "

"

$ !" This represents the expected level of risk for inclement weather during the construction phase.

The fundamental principle is that prevention is generally more e3ective and less expensive than addressing the consequences after a risk has materialized. This proactive approach minimizes potential disruptions and reduces overall costs. Once risk management strategies are defined, each risk listed in the risk report can be assigned a corresponding response strategy , ranging from preventive to corrective actions. The selection of a response depends on the project's goals, the nature of the risk, and the resources available. The risk responses are:

  1. Preventive Strategies: o Avoidance: Eliminate the risk entirely by removing the activities or conditions associated with it. o Mitigation: Reduce the likelihood or impact of the risk through proactive measures, such as process improvements or additional safeguards.
  2. Acceptance Strategies: o Risk Transfer: Shift responsibility for the risk to a third party, such as through insurance or outsourcing. This approach avoids direct cost impacts but does not reduce the risk itself. o Acceptance: Acknowledge the risk and prepare to handle the consequences if it occurs, without taking proactive measures to prevent it. By aligning each risk with an appropriate strategy, the project team ensures a balanced and e3icient approach to risk management, addressing both prevention and reaction in a way that supports the project's objectives.

The risk report serves as the foundation for creating a contingency budget , which accounts for potential costs associated with risks that may materialize and generate damage or financial impact. What is Contingency? Contingency refers to the additional funds allocated to address unforeseen costs arising from risks. These costs are directly tied to the likelihood and impact of risks, as identified in the risk analysis process. Transforming the Risk Report into a Contingency Budget:

  1. Enhancing the Risk Report: o After identifying risks, their impacts on tasks, and their owners, and calculating the probability × impact score, additional columns are added to detail: § The response action for each risk (e.g., preventive or reactive). § The estimated cost of that response.
  2. Categorizing Costs: o If the response is preventive , the cost is incorporated into the budgeted cost of the project as part of planned expenditures. o If the response is reactive , the associated cost is classified as a contingency cost , representing potential expenditures should the risk materialize.
  3. Creating the Contingency Budget: o The contingency budget aggregates all contingency costs , providing a financial bu3er to cover risks without exceeding the overall project budget. o This budget reflects the likelihood-weighted costs of risks, ensuring the project team is prepared for unexpected scenarios. By integrating contingency planning into the risk management process, project managers ensure that financial resources are available to address risks, reducing the likelihood of disruptions and cost overruns.