Managing project risks and opportunities in the field. Project Risk Management

25.09.2019

Probability of risk occurrence - probability that a risk event will occur[11]. All risks have a probability greater than zero and less than 100%. A risk with probability 0 cannot occur and is not considered a risk. A risk with 100% probability is also not a risk, since it is a certain event that must be included in the project plan.

Consequences of risk, if it happens, expressed in terms of schedule days, labor costs, money and determine the degree of impact on project goals.

Risk management planning

Risk management planning should be taken as seriously as cost and project schedule. Good planning increases the likelihood of positive results from other risk management processes. Risk management planning - is the process of determining approaches and planning operations to manage project risks[ 9 ] . Formation of the company's risk management strategy, the basic rules that allow managing project risks, is the goal of the risk planning process.

Initial information for risk planning

Sources of input information for risk planning processes are:

Factors external environment enterprises. The attitude towards risk and risk tolerance of organizations and individuals participating in the project influences project management plan and can manifest itself in specific actions. planning and review meetings. The project team holds meetings to develop the risk management plan, which may include the project manager, individual project team members and project participants, and representatives of the organization responsible for risk planning and response operations. At the meetings, basic plans for conducting risk management operations are drawn up. Risk cost elements and schedule activities are also developed and included in the project budget and schedule, respectively. The distribution of responsibility in the event of a risk is approved. The organization's general templates for risk categories and definitions of terms (for example, risk levels, probability of risk occurrence by type, impact of risks on project objectives by objective type, and probability and consequence matrix), adapted for each specific project, taking into account its specifics. The outputs of these operations are summarized in a risk management plan.

Project Risks A project risk is an uncertain event or condition that, if it occurs, will have a positive or negative effect on at least one of the project's target parameters (time, cost, scope, quality). A risk may have one or more causes and, if it occurs, one or more consequences. 2

Business risk is the normal risk associated with entrepreneurial activity, burning out assumes a variety of possibilities for profit and loss Pure risk (insurable) is: a risk involving the possibility or likelihood of loss without any possibility of profit a risk that must be given priority risk that can be transferred to another party by: concluding a contract, issuing a guarantee, insurance. Main types of risk 4

Project risk management is the systematic process of identifying, analyzing and responding to project risks; it includes processes that are associated with: Conducting risk management planning Identification Analysis Response Monitoring and control on the project Objectives: Increase the likelihood and enhance the consequences of positive events Reduce the likelihood and reduce the consequences of events unfavorable to the project Project risk management 5

Risk management planning is the process that determines the approach, planning and implementation of risk management activities for a project: Planning risk management processes is important to: ensure that the level, type, activity and visibility of risk management is commensurate with both the risk itself and with the importance of the design organization; ensure sufficient resources and time for project management activities; create a consistent framework for risk assessment; define and validate stakeholder risk practices and statements; create a risk management plan. Risk management planning 7

Risk identification is the process of determining which risks may affect the project and documenting their characteristics; why it is necessary: to identify the risk that affects the project; indicate internal and external sources of risk; reveal the causes and consequences of the risk; involve relevant specialists, stakeholders and external experts; classify risks into a specific category: project management risks, organizational risks, external risks Output of the risk identification process - risk register Risk identification 8

Conducting qualitative risk analysis is the process of assessing the probability of occurrence of identified risks, and prioritizing risks according to their potential impact on project objectives; To do this, it is necessary to: assess the probability of occurrence or non-occurrence of each identified risk; determine the consequences of each risk event, what amount is involved and what can be lost; prioritize risks based on their likelihood/consequence; identify risks that can be managed (that can be reduced). Conducting a qualitative risk analysis 11

Risk Assessment Assessment factors include: Precedent (Has this risk occurred before?) Knowledge of the operation (Has this type of work been done before?) Resources and skills Time, cost and quality Probability (How likely is the risk to occur?) Impact (What is its impact on the project or business?) 13

Measuring Probability Probability Value Low Schedule disruption, cost increases, or performance deterioration are potentially unlikely Moderate Schedule disruption, cost increases, or performance deterioration are potentially possible High Schedule disruption, cost increases, or performance deterioration are potentially highly likely 15

1. Prioritize risks to decide whether risk cases deserve your attention 2. Prioritize identified risks only after conducting a qualitative analysis 3. Identify the top 10 risks Develop mitigation measures for each 4. Regularly review and evaluate the top 10 risks 5 Include consideration of the top 10 risks on the agenda for regular project meetings. Risk Prioritization 20

Arrange the analyzed risk cases in order of their importance - from high to low. If possible, use quantitative systematization tools; otherwise, use qualitative analysis List risk cases of similar severity separately Prioritize risk cases as a whole team Do not plan response strategies within the process A practical approach to risk prioritization 21

Conducting quantitative risk analysis is the process of numerical analysis of the probability of occurrence of each risk and their consequences for the goals of the project, as well as numerical analysis of the overall project risk; To do this, it is necessary to: calculate the severity of the risk (risk exposure) based on the likelihood of the risk and its impact, which were determined during the qualitative risk analysis stage; prioritize risks assessed in numerical value; make a list of risks in descending order of severity; identify risks that can be managed (that can be reduced). Conducting quantitative risk analysis 22

The main tools and methods for identifying risks include: Data collection and presentation methods Survey - used to numerically analyze the likelihood and impact of risks on project objectives Probability distribution - used to represent uncertainty in values (continuous quantities) or uncertain events (discrete quantities) Expert assessments- involve specialists, both internal and external, to evaluate the data and methods obtained. Tools and methods of quantitative analysis 23

Quantitative Analysis Tools and Techniques Conducting Quantitative Risk Analysis and Modeling Technique Sensitivity Analysis - helps determine which risks have the greatest potential impact on a project Expected Monetary Value Analysis - a statistical approach that calculates an average outcome given future scenarios that may or may not occur Analysis decision tree - structurally usually represented as a branching decision diagram that describes the situation under consideration and the consequences that all possible choices may have Modeling - translates uncertainties given at a detailed project level into potential impacts on project goals 24

Risk response planning is the process of developing options and actions to enhance opportunities and reduce threats to project objectives; To do this, it is necessary to: identify the risks and their description, the project area they affect, the causes of the risks and their possible impact for the purpose of the project; determine who owns certain risks and is responsible for them; use the results of qualitative and quantitative risk analysis processes; develop consistent response strategies for each risk in the risk plan; implement specific actions to implement selected response strategies; assess the level of expected residual risk after implementing the strategy; determine the budget or time for response; evaluate possible losses and backup plans. Known Risk Response Plan 26

1. Create a list of risks in terms of their priority for the risk analysis stage. 2. Think over risk classes so as not to waste extra effort. 3. Develop different response alternatives: evaluate alternatives and select the most appropriate alternative for each risk and risk class; include selected alternatives in the risk management plan, other project plans and WBS. 4. Report decisions made relevant stakeholders. Risk Reduction Strategy (Practical Approach) 29

Avoid - avoiding a risk involves changing the project management plan to eliminate the threat posed by an adverse risk, insulating project objectives from the impact of the risk, or reducing the goal that is at risk Transfer - transferring the risk requires transferring negative influence threats and the need to respond to third parties Reduce - risk reduction involves reducing the likelihood and/or impact of a negative risk event to an acceptable threshold Strategies for responding to negative risks and threats 30

Contingency Response Strategies Risk Loss Planning: Prepare a contingency plan if the risk occurs Loss Funds or Risk Reserve - The amount of money or time, above and beyond what is planned, needed to reduce the risk of project targets being exceeded to an acceptable level for the organization (most typical adoption strategy) 33

Risk monitoring and management - the process of tracking identified risks, monitoring residual risks, identifying new risks, executing risk response plans and assessing their effectiveness throughout life cycle project, including: control examinations by external specialists; identification of new risks that may arise as a result of changes; implementation of a plan to respond to risks in the event of their occurrence. Monitoring and risk management 34

Make sure risk management actually happens! Involve your team and stakeholders in the process, don't do everything yourself. Incorporate risk management into project management planning processes. Select the correct risk management strategies (such as containment or backup) for each risk event. Monitor and manage risks regularly. Reassess the risk after each risk event to consider the likelihood, consequences and new cases. Communicate risks to stakeholders appropriately. Ensure that the risk management plan is followed The role of the project manager in risk management 35

Risk management is essential to project success. Use risk management to achieve maximum positive results and minimize negative consequences Document risk management standards and procedures and review them regularly with the project team Key Ideas 36

Key Ideas Take steps to assess and control each element of risk Formally evaluate the outcome of each action Risk includes both the opportunity for profit and the potential for loss Risk management is an iterative process that occurs throughout the project life cycle 37

Main and main reason The reason why project risks arise is the uncertainty that accompanies every project. Some project risks can be known, these are those risks that are identified, assessed and for which it is possible to develop a plan to manage these risks. But there are unknown project risks - these are risks that are not identified and cannot be assessed in at the moment. Although specific risks and the conditions for their occurrence are most often not defined, experienced project managers know that a fairly large part of the risks can be foreseen.

Carrying out projects with a high degree of uncertainty in areas such as goals and technologies for achieving them, many companies pay attention to the development and application corporate methods project risk management. These methods take into account both the specifics of projects and the specifics of corporate management methods.

The American Project Management Institute (PMI), which develops and publishes standards in the field of project management, has significantly revised the sections regulating risk management procedures. IN new version The PMBoK (expected to be adopted in 2000) outlines six risk management procedures. In this article we will briefly review risk management procedures.

Project Risk Management are processes associated with identification, risk analysis and decision-making, which include maximizing the positive and minimizing the negative consequences of the occurrence of risk events. The project risk management process typically includes the following procedures:

Risk management planning— selection of approaches and planning of project risk management activities.
Risk identification— identifying risks that could affect the project and documenting their characteristics.
— qualitative analysis of risks and the conditions for their occurrence in order to determine their impact on the success of the project.
Quantification— quantitative analysis of the probability of occurrence and the impact of risk consequences on the project.
Risk response planning— determination of procedures and methods to mitigate the negative consequences of risk events and use possible benefits.
Risk monitoring and control— monitoring risks, identifying remaining risks, implementing the project risk management plan and assessing the effectiveness of risk mitigation actions.

All of these procedures interact with each other, as well as with other procedures. Each procedure is performed at least once in each project. Although the procedures presented here are considered discrete elements with clearly defined characteristics, in practice they may overlap and interact.

Risk management planning

Risk management planning— the decision-making process for applying and planning risk management for a specific project. This process may include decisions on the organization, staffing of project risk management procedures, selection of the preferred methodology, data sources for risk identification, and time interval for situation analysis. It is important to plan risk management appropriate to both the level and type of risk and the importance of the project to the organization.

Project Risk Identification

Project Risk Identification determines which risks may affect the project. It also documents the parameters of these risks. Risk identification will be ineffective if it is not carried out regularly. The most important condition successful work with risks is their constant identification, otherwise the project manager risks missing important risks, which, in turn, can lead to the collapse of the entire project.

That is why the project manager, in order to identify project risks, must involve as many participants as possible: the project team, customers, users, independent experts.

Risk identification is an iterative process. Initially, risk identification may be performed by part of the project managers or by a group of risk analysts. Identification can then be handled by the core group of project managers. To form an objective assessment, independent specialists can participate in the final stage of the process. Possible responses can be determined during the risk identification process.

Qualitative risk assessment of the project

— the process of qualitative analysis of identified risks and identification of risks requiring special attention or quick response. A qualitative risk assessment determines the severity of the risk and selects a response method. The availability of accompanying information makes it easier to prioritize different risk categories.

Qualitative risk assessment helps to identify the conditions under which individual project risks arise, as well as assess the degree of impact of risks on the project. Using this method helps to partially avoid the uncertainties that often occur in a project. Project risks must be reassessed throughout the project life cycle.

Fig. 1 - Qualitative risk assessment

Quantitative Project Risk Assessment

Quantitative risk assessment is necessary to determine the likelihood of risks occurring, as well as the impact of the consequences of risks on the project. This process is very important because... helps the project management team make correct decisions and avoid uncertainties.

Quantitative assessment of project risks allows you to determine:

Probability of project success;
The impact of risk on the project and the amount of additional costs that are necessary to deal with risks;
Critical project risks requiring urgent response from the project team;
Additional costs of the entire project associated with working with risks, as well as a forecast of project completion dates.

Quantitative risk assessment usually accompanies qualitative risk assessment; moreover, both of these processes require a risk identification process to be used effectively.

Quantitative and quantification risks can be used individually or together, depending on the experience of the project management team, available budget and time.

Fig. 2 - Quantitative risk assessment

Planning a response to project risks

Risk response planning is the search for and development of ways to reduce or increase the impact of risks on a project. The project team strives to reduce those project risks that negatively affect the project to zero, and the project team strives to bring closer and increase those project risks that positively affect the outcome of the project.

Project risk response planning involves identifying and ranking each risk into categories. The effectiveness of this process determines whether the impact of risks on the project will be positive or negative.

The response planning strategy must be tailored to the types of risks, resource availability, and time commitments. Typically, for each important risk, several options for strategies to respond to project risks are developed.

Project risk monitoring and control

Monitoring and control - identify residual project risks, ensure implementation of the risk plan and evaluate its effectiveness, taking into account risk mitigation. Risk indicators associated with the implementation of the conditions for fulfilling the plan are recorded. Project risk monitoring and control must be carried out throughout the project.

A well-established process for monitoring and controlling project risks helps make effective decisions to prevent the emergence of new risks. The project manager must always remember that effective risk monitoring requires collaboration between all project participants.

The purpose of monitoring and control is:

How well is the response to project risks applied;
Identification of changes in risks compared to the previous period;
Identification of the occurrence of risks;
Confidence that all necessary risk response measures have been implemented;
Exposure to risks turned out to be planned or an accidental result.

Fig.3 - Monitoring and control

Monitoring and control may entail developing alternative strategies, making adjustments, or re-planning the entire project for successful project implementation.

Andrius Kutis

Risks arise from the uncertainties that exist in every project. Risks can be “known” - those that are identified, assessed, and for which planning is possible. “Unknown” risks are those that are not identified and cannot be predicted. Although the specific risks and conditions under which they arise are not defined, project managers know from past experience that most risks can be foreseen.

Implementing projects that have high degree uncertainty in such elements as goals and technologies for achieving them, many companies pay attention to the development and application of corporate risk management methods. These methods take into account both the specifics of projects and corporate management methods.

The American Project Management Institute (PMI), which develops and publishes standards in the field of project management, has significantly revised the sections regulating risk management procedures. The new version of the PMBOK (expected to be adopted in 2000) describes six risk management procedures. In this article we propose brief overview risk management procedures (no comments).

Risk management- these are processes associated with identification, risk analysis and decision-making, which include maximizing the positive and minimizing the negative consequences of the occurrence of risk events.

The project risk management process typically includes the following procedures:

- selection of approaches and planning of project risk management activities.
Risk identification- identifying risks that could affect the project and documenting their characteristics.
Qualitative risk assessment- qualitative analysis of risks and conditions of their occurrence in order to determine their impact on the success of the project.
Quantification- quantitative analysis of the probability of occurrence and the impact of risk consequences on the project.
- determination of procedures and methods to mitigate the negative consequences of risk events and use possible benefits.
Risk monitoring and control- monitoring risks, identifying remaining risks, implementing the project risk management plan and assessing the effectiveness of actions to minimize risks.

Risk management planning

Risk management planning- the decision-making process for applying and planning risk management for a specific project. This process may include decisions on the organization, staffing of project risk management procedures, selection of the preferred methodology, data sources for risk identification, and time interval for situation analysis. It is important to plan risk management appropriate to both the level and type of risk and the importance of the project to the organization.

Risk identification

Risk identification Determines which risks may affect the project and documents the characteristics of those risks. Risk identification will not be effective unless it is carried out regularly throughout the project.

Risk identification should involve as many participants as possible: project managers, customers, users, independent specialists.

Qualitative risk assessment

Qualitative risk assessment- the process of presenting a qualitative analysis of risk identification and identification of risks requiring rapid response. This risk assessment determines the severity of the risk and selects a response method. The availability of accompanying information makes it easier to prioritize different risk categories.

Qualitative risk assessment is an assessment of the conditions for the occurrence of risks and determination of their impact on the project using standard methods and means. The use of these tools helps to partially avoid the uncertainties that often occur in a project. Risks must be continually reassessed throughout the project life cycle.

Quantitative risk assessment

Quantitative risk assessment determines the likelihood of risks occurring and the impact of risk consequences on the project, which helps the project management team make correct decisions and avoid uncertainties.

Quantitative risk assessment allows you to determine:

the likelihood of achieving the final goal of the project;
the degree of risk impact on the project and the amount of unforeseen costs and materials that may be needed;
risks that require prompt response and greater attention, as well as the impact of their consequences on the project;
actual costs, estimated completion dates.

Quantitative risk assessment often accompanies qualitative assessment and also requires a risk identification process. Quantitative and quantitative risk assessment can be used separately or together, depending on the time and budget available and the need for quantitative or qualitative risk assessment.

Risk response planning

Risk response planning is the development of methods and technologies to reduce the negative impact of risks on a project.

Takes responsibility for the effectiveness of protecting the project from exposure to risks. Planning involves identifying and categorizing each risk. The effectiveness of the response design will directly determine whether the impact of the risk on the project will be positive or negative.

The response planning strategy must be tailored to the types of risks, cost-benefit of resources, and timing. Issues discussed during meetings must be adequate to the tasks at each stage of the project, and agreed upon by all members of the project management team. Typically, multiple risk response strategies are required.

Monitoring and control

Monitoring and control monitor the identification of risks, determine residual risks, ensure implementation of the risk plan and evaluate its effectiveness, taking into account risk reduction. Risk indicators associated with the implementation of the conditions for fulfilling the plan are recorded. Monitoring and control accompanies the process of implementing the project.

Quality project control provides information to help make effective decisions to prevent risks. To provide complete information Project execution requires communication between all project managers.

The purpose of monitoring and control is to find out whether:

The risk response system was implemented as planned.
The response is sufficiently effective or changes are necessary.
Risks have changed compared to the previous value.
Onset of risk influence.
The necessary measures have been taken.
Exposure to risks turned out to be planned or an accidental result.

Control may entail choosing alternative strategies, making adjustments, and redesigning the project to achieve the baseline. There must be constant interaction between project managers and the risk group, and all changes and phenomena must be recorded. Project progress reports should be generated regularly.