Chapter 8

As mentioned in Chapter 1, one attribute of a project is that it involves a degree of uncertainty. Such uncertainty can impact the outcome of a project. Risk is an uncertain event that, if it occurs, can jeopardize accomplishing the project objective. Risk management involves identifying, assessing,and responding to project risks in order to minimize the likelihood of occurrence and/or potential impact of adverse events on the accomplishment of the project objective. Addressing risks proactively will increase the chances of accomplishing the project objective. Waiting for unfavorable events to occur and then reacting to them can result in panic and costly responses. Managing risk includes taking action to prevent or minimize the likelihood of occurrence or the impact of such unfavorable events.

Some level of risk planning should be done during the initiating phase of the project life cycle to make sure, for example, that a contractor understands the risks involved with bidding on a proposed project. With knowledge of potential risks, the contractor can include contingency or management reserve amounts in the bid price. On the other hand, if the risks seem too great, the contractor may decide to not bid on a proposed project, as discussed in the decision to develop a proposal section in Chapter 3. Subsequently, more detailed risk planning should be done during the planning phase of a project.

A project manager cannot be risk averse. She must accept that risk is a part of project management and has to address it head-on. Furthermore, the project manager needs to set the tone for encouraging open and timely discussion of risks among the project team.

Based upon this chapter, you will become familiar with

  • Identifying risks and their potential impact

  • Assessing the likelihood of occurrence and degree of impact of risks

  • Risk response planning

  • Controlling risks

Learning Outcomes

After studying this chapter, the you should be able to:

  • Discuss what is involved in managing risks

  • Identify and categorize risks

  • Assess and prioritize risks

  • Prepare a risk response plan

  • Develop a risk assessment matrix

  • Control risks

Project Management Knowledge Areas from PMBOK® Guide

  • Project Risk Management

  • Real-World Project Management Examples

Vignette A: Critical Risks for Underground Rail

The underground rail construction of Singapore is filled with risks related to the complex ground structure and a number of risks that are not related to the project activities. The indirect risks must be managed.

  • Singapore’s Mass Rapid Transit system operates five lines and is adding an additional three fully underground lines by 2020.

    • Unpredictable ground conditions leading to ground settlement control issues is one of the risks the international joint ventures teams is facing.

    • Too great a project for a single civil engineering firm, this large-scale project garnered the collaboration of firms from a number of countries to create a multifaceted team that matches the complexity of the project and adds additional management risks.

  • Even though the partnerships reduced some of the potential risk associated with the lack of regional knowledge and awareness of customs, communication problems related to social and cultural misunderstandings still plague the project progress.

    • Risks related to differences in management styles, procurement methods, and expectations are catalysts for project failure.

    • Leading risks identified by the joint venture teams included accounting profit and loss disagreements, financial distress, lack of competence, over-interference by parent companies of the contractors, and work allocation disagreements.

    • Some risks that were not associated with the actual work being completed to construct the underground rail. Risks such as policy changes in a contractor’s parent company, exchange rate fluctuations, language barriers, social and cultural customs differences, labor and equipment import restrictions, governmental cash flow issues, and technology transfer disputes all cause delays, conflict, and failure to complete tasks within the project.

These risks and those directly related to the work being completed must be managed in order for the underground rail project to be completed by its projected 2020 date. Every risk raises the probability that the underground rail will not be operational when expected. The completion of the construction of the underground rail is dependent upon managing risk.

Vignette B: Wrestling with the Grand Challenges of IT

Catherine Bessant is a non-It person in charge of IT. Her management skills are beneficial to reduce the risks of IT projects.

  • One generally doesn’t think of the author Shakespeare when thinking about project management. Catherine Bessant, Bank of America’s Global Technology and Operations Executive, does. Bessant says, “Shakespeare’s lessons, every one of them, are timeless lessons.” Her goal is to build systems that are elastic and foundationally strong yet nimble enough to last for 30 years and through the challenges of hurricanes, tsunamis, earthquakes, cyber attacks, and other risks.

    • Attention to risk management and mitigation decisions is an even greater challenge when the team is more than 100,000 employees and contractors who handle all the technology and operations for the financial services giant.

    • Technology continues to be advancing rapidly and regulatory requirements are ever changing.

    • Bessant’s team must maintain the robustness in their systems necessary to withstand every potential devastating event that puts Bank of America’s customers at risk of not achieving their business objectives.

  • The unification has worked to simplify processes for risk mitigation through a series of boot camps to intensely focus on creating risk management strategies.

    • The first boot camp reduced risks and increased understanding of operational risks for the capabilities of the technology operations.

    • Controls were examined process-by-process during the second boot camp to analyze the procedures for any risks.

    • During the third boot camp, the project team identified specific issues, including business continuity and cyber security, and ways to mitigate risks.

  • Tests such as Hurricane Sandy, the earthquakes and tsunami in Japan, and cyber security attacks have shown the developed risk mitigation strategy has performed extraordinarily.

The Global Technology and Operations team of Bank of America wrestled the challenges in their risk management and mitigation plan. They reversed the negative potential effects of the challenges and escaped the serious consequences of the events and incidents, which might have caused the customers to fall. You, too, can be successful controlling risks through management and mitigation plans.

2. Identify Risks

  • A risk is an uncertain event that, if it occurs, can jeopardize accomplishing the project objective.

  • Risk identification includes determining which risks may adversely affect the project objective and what the impact of each risk might be if it occurs.

  • Sometimes a sponsor identifies major risks in the project charter when the project is authorized.

  • A common approach to identifying the sources of risks is brainstorming.

  • The risks should be those that are somewhat likely to occur and/or can have a significant negative impact on accomplishing the project objective.

  • Establishing risk categories may help to identify and evaluate risks. Some categories are technical, schedule, cost, human resources, external, or sponsor/customer.

  • Historical information from past projects is another source that can be helpful in identifying possible risks.

  • The project team can progressively elaborate on and identify new risks, as well as the estimated impacts of previously identified risks, as more information is known or becomes clear.

  • Assess Risks

  • Risk assessment includes determining the likelihood that the risk event will occur and the degree of impact the event will have on the project objective.

  • Risks can then be prioritized based on their likelihood of occurrence and degree of impact.

  • Risks on the critical path should be given higher priority, because if they occur, they will have a greater impact on the schedule than will activities on a path that has a large positive value of total slack.

  • Figure 8.1 depicts a risk assessment matrix, a tool for assessing and managing risks.

  • Plan Risk Responses

  • A risk response plan is a defined set of actions to prevent or reduce the likelihood of occurrence or the impact of a risk, or to implement if the risk event occurs.

  • Risk response planning means developing an action plan to reduce the likelihood of occurrence or potential impact of each risk, establishing a trigger point for when to implement the actions to address each risk, and assigning responsibility to specific individuals for implementing each response plan.

  • A risk response plan can be to avoid the risk, to mitigate the risk, or to accept the risk.

  • Project prices and budgets should include a contingency or management reserve to pay additional costs associated with implementing response plans.

  • Control Risks

  • Risk control includes implementing risk response plans and monitoring risks. Risk response plans should be implemented as appropriate when their trigger point is reached.

  • Risk monitoring includes regularly reviewing the risk assessment matrix throughout the project.

  • Regularly review and evaluate all risks to determine whether there are any changes to the likelihood or potential impact of any of the risks.

  • Project meetings are a good forum for regularly reviewing, updating, and addressing risks.

  • Track and document which risks actually occurred and their impact.

  • Managing Risks for Information Systems Development

  • Risks for information systems (IS) development are inherent in all aspects of an IS project.

  • The risks can be categorized into seven types: technological risk, human risk, usability risk, project team risk, project risk, organizational risk, and strategic and political risk.

  • These categories help explain the risks associated with developing systems that accept data inputs, process those inputs, and produce information for users.

  • Chapters 4, 5, 6, and 7 provided foundation information about the definition, scheduling, resources, and costs associated with IS development projects.

A. An IS Example: Internet Applications Development for ABC Office Designs (Continued)

  • Beth wants to prepare for potential risks in the project so the team can take care of them early and not jeopardize the delivery date for the system.

  • Beth planned for the team to determine the impact of the risk, the likelihood of occurrence, the degree of impact if it does occur, the action trigger that will serve as a warning flag for the risk, who is responsible for the risk, and the response plan to avoid, mitigate, or accept the risk.

  • Beth reviewed the lessons learned from other projects again, to make sure the project team discussed the risks from the other projects.

  • Figure 8.2 depicts the Risk Assessment Matrix for Web-based Reporting System Project.

  • Critical Success Factors

  • Identify risks and their potential impacts before the project starts.

  • Include the project team or experts in assessing risks.

  • Assign high priority to managing risks that have a high likelihood of occurrence and a high potential impact on the project outcome.

  • Develop response plans for addressing high priority risks.

  • Summary

  • Risk is an uncertain event that, if it occurs, can jeopardize accomplishing the project objective.

  • Risk management includes identification, assessment, control, and response to project risks in order to minimize the likelihood of occurrence and/or the potential impact of adverse events on the accomplishment of the project objective.

  • Risk identification includes determining which risks may adversely affect the project objective and estimating what the potential impacts of each risk might be if they occur.

  • Assessing each risk means determining the likelihood that the risk event will occur and the degree of impact it will have on the project objective, and then prioritizing the risks.

  • A risk response plan is a defined set of actions to prevent or reduce the likelihood of occurrence or the impact of a risk, or to implement if the risk event occurs.

  • Regularly review and evaluate all risks to determine whether there are any changes to the likelihood or potential impact of any of the risks, or whether any new risks have been identified.

results matching ""

    No results matching ""