Unit 6

Risk Management

6.1 Importance, risk management planning, sources of risk

Risk is any unexpected event that can affect our project- for better or for worse. Risk can affect anything: people, processes, technology and resources. These are events that might happen and we may not be able to tell when. Like flu season hitting our team all at once, or a key product component being on backorder. Some examples of project risks are: - Scope risks, cost risks, time risks, technology risks etc.

Types of Risk in Projects: - In order to view risk exposure and uncertainty in greater detail, let's have a glance at the different types of risks- uncertain events and conditions- that may impact project objectives. Following are the types of risk associated with projects.

1) Technical Risk: - Example of this risks are not confident that a particular requirement is achievable given the constraint of existing technology.

2) Supply Chain: - Example of this chain are we may have a problem easily procuring high quality materials and parts for our prototype or production units

3)Manufacturability Risks: - Can we produce prototype components and assemblies quickly and reliably enough to meet the schedule and project expense objectives? Can we produce production units even more reliably?

4) Unit Cost: - Can we produce our product at or below the budgeted cost of goods? Is our customer's Total Cost of Ownership going to fit within their budget?

5) Product fit/ Market: - Will our potential customers like what we are producing and pay us enough for it?

6)Resource Risks: - Will we get enough resources to meet the planned target? What if a key person leaves the company or gets hit by the proverbial beer truck?

7) Program management: -Major scope change during the project.

8)Interpersonal: - For example, if there is a no effective communication between members of the development team, or between the team and management.

9)Regulatory: - What are the regulations we will need to meet, and how will we gain our regulatory approvals with a minimum delay of our launch?

These are just a few difficulties that could impact our ability to achieve our project objectives. The list of potential or near certain risks and issues is certainly long and if we include even the very low risks, it could easily overwhelm us with too many problems to solve.

Risk management planning and Sources of risk

All risk management processes follow the same basic steps, although sometimes different jargon is used to describe these steps. Together these 5 risk management process steps combine to deliver a simple and effective risk management process.

Step 1: Identify the Risk: - We and our team uncover, recognize and describe risks that might affect our project or its outcomes. There are a number of techniques we can use to find project risks. During this step we start to prepare our Project Risk Register.

Step 2: Analyze the risk: - Once risks are identified we determine the likelihood and consequence of each risk. We develop an understanding of the nature of the risk and its potential to affect project goals and objectives. This information is also input to our Project Risk Register.

Step 3: Evaluate or Rank the Risk: - We evaluate or rank the risk by determining the risk magnitude, which is the combination of likelihood and consequence. We make decisions about whether the risk is acceptable or whether it is serious enough to warrant treatment. These risk rankings are also added to our Project Risk Register.

Step 4: Treat the Risk: - This is also referred to as Risk Response Planning. During this step we assess our highest ranked risks and set out a plan to treat or modify these risks to achieve acceptable risk levels. How can we minimize the probability of the negative risks as well as enhancing the opportunities? We create risk mitigation strategies, preventive plans in this step. And we add the risk treatment measures for the highest ranking or most serious risks to our Project Risk Register.

Step 5: Monitor and Review the Risk: - This is the step where we take our project risk register and use it to monitor, track and review risks.

The risk management process also helps to resolve obstacles when they occur, because those problems have been envisaged, and plans to treat them have already been developed and agreed. We avoid impulsive reactions and going into fire-fighting mode to correct problems that could have been anticipated. This makes for happier, less stressed project teams and stakeholders. The end result is that we minimize the impacts of project threats and capture the opportunities that occur.

Key takeaways

1. Risk is any unexpected event that can affect our project- for better or for worse.
2. Risk can affect anything: people, processes, technology and resources. These are events that might happen and we may not be able to tell when.
3. These are just a few difficulties that could impact our ability to achieve our project objectives
4. The risk management process also helps to resolve obstacles when they occur, because those problems have been envisaged, and plans to treat them have already been developed and agreed.

6.2 Risk identification, qualitative and quantitative risk analysis

Risk analysis includes examining how project outcomes and objectives might change due to the impact of the risk event. Once the risks are identified, they are analyzed to identify the qualitative and quantitative impact of the risk on the project so that appropriate steps can be taken to mitigate them.

Before we are able to analyze the risk in our project, we have to acknowledge that risk is going to happen in our project. By planning for risks, we begin the process of knowing how to identify, monitor and close out risks when they show up in our project. Part of that process is risk analysis. It is a technique that helps us to ease risk. There are also tools that can assist. We should at the very least, have a risk tracking tool or use a risk tracking template to identify and list those risks.

Risk analysis is the process that figures out how likely that a risk will arise in a project. It's important to know that risk analysis is not an exact science, it's more like an art.

Risk identification is also a process, but in this case it lists all the potential project risk and what their characteristics would be. If this sounds like a risk register, that's because our findings are collected there. This information will then be  used for risk analysis. Though this process starts at the beginning of the project, it's  an iterative process and continues throughout the project life cycle.

Impact of Risk Handling Measures: -Risk and uncertainty are inherent parts of all project work. There are ways we can mitigate and manage risk. When teams have a good risk management process in place, then we can identify and deal with all the project's risks in an appropriate manner.

Here are 9 risk management steps that will keep our project on track: -

1) Create a risk register: - Create a risk register for our project in a spreadsheet. Include fields for date of the risk being logged, risk description, likelihood, impact, owner, risk response, action and status.

2) Identify risk: - Brainstorm all current risks on our project with the project's key team members and stakeholders. Identify risk that relate to requirements, technology, materials, budget, people, quality, suppliers, legislation and any other element we can think of.

3) Identify opportunities: - When we identify risks, also factor in positive risks and opportunities. For example, include all events that in some ways could affect our project in a positive manner. What would the impact be, for instance, if too many people turned up to the concert? What could we do to exploit this opportunity and plan for it? Just as we anticipate and plan for problems, prepare for unlikely successes.

4) Determine likelihood and impact: - Establish how likely the risk is to occur (on a scale from 1-5) and determine the impact of each risk according to time, cost, quality and even benefits if it were to occur (again on a scale from 1-5). For example, a likelihood of five could mean that the risk is almost certain to occur, and an impact of four could mean that the risk would cause serious delays or significant rework if it were to happen.

5) Determine the response: - Focus our attention on those risks that have the highest potential impact and likelihood of happening (i.e., an estimate of three or more on the scale mentioned in No.4). Identify what we can do to lower the likelihood and impact of each risk.

6) Estimation: - Once we have determined what we will do to address each risk, estimate how much it will cost us to do so. For example, using the concert- how much will it cost to look after the performer's health before the show, and how much will it cost to prepare for a backup?

7) Assign owners: - Assign an owner to each risk. The owner should be the person who is most suited with a particular risk and to monitor it.

8) Regularly review risks: - Set aside time at least once a week to identify new risks and to monitor the progress of all logged items. Risk management is not an exercise that only happens at the beginning of the project, but something that must be attended to in all of the project's lifecycles.

9) Report on risks: - Make sure that all risks with an impact ad likelihood of four and higher (on the 1-5 scale) are listed on our status report. Encourage a discussion of all the risks at steering committee meetings so that executives get a chance to give input and direction.

Key takeaways

1. Risk analysis includes examining how project outcomes and objectives might change due to the impact of the risk event
2. Risk analysis is the process that figures out how likely that a risk will arise in a project.
3. It's important to know that risk analysis is not an exact science, it's more like an art.
4. Risk and uncertainty are inherent parts of all project work.

6.3 Risk response planning, risk monitoring and control

Project risk control and risk monitoring is where you keep track of how your risk responses are performing relative to the plan, as well as where new risks are managed for the project.

You must remember that risks can have both negative and positive impacts. Positive risk is a risk assumed by the project because its potential benefits exceed the traditional approach and a negative risk is one that could negatively influence the cost of the project or its schedule.

The purpose of project risk control is

1. Identify the events that can have a direct effect on the project deliverables.
2. Assign qualitative and quantitative weight: the probability and consequences of those events that could affect the deliverables of the project.
3. Produce alternate execution paths for events that are out of your control or that cannot be mitigated
4. Implement endless process to spot , qualify, quantify and answer new risks.
5. The main objectives of risk monitoring and control:
6. to verify that risk responses are implemented as planned
7. To determine if responses to risk are effective or if new responses are needed
8. Determine the validity of the assumptions of the project.
9. To determine if risk exposure has changed, evolved or decreased due to trends in the progress of the project.
10. To confirm that policies and procedures are happening as planned
11. Monitor the project for new risks.
12. To monitor risk triggers

Risk triggers are those events that will make the threat of a risk become a reality. For example, you've got identified the very fact that you simply only have one pump set available and therefore the replacement takes six weeks to arrive. In the midst of testing the irrigation and recycling process, you discover that water pressure tends to fluctuate beyond the tolerance levels of the pump. If you can't find a way to fix this problem, your risk will become a reality.

Make sure that for every identified risk, you want to provide a response plan. It is not of much help to you if risk becomes a reality or a problem and you do not have an alternative execution route or some other emergency acquisition plan.

Main inputs to effectively monitor and control risks:

1. Risk management plan
2. Risk register / Risk tracker
3. Risk response plan
4. Project communications
5. New risk identification
6. Scope changes

Results of risk supervision and control:

1. Alternative solution plans
2. Corrective / preventive actions
3. Change requests
4. Updates to the risk response plan
5. Risk database
6. Updates to the checklist

Key takeaways

1. Project risk control and risk monitoring is where you keep track of how your risk responses are performing relative to the plan, as well as where new risks are managed for the project
2. Risk triggers are those events that will make the threat of a risk become a reality.

References

1. https://www.projectmanager.com/blog/risk-management-plan
2. https://plan.io/blog/risk-management/
3. https://www.educba.com/project-risk-management-plan/
4. https://pecb.com/article/risk-assessment-in-project-management#:~:text=The%20benefits%20of%20performing%20risk,with%20the%20risk%20assessment%20approach.