Electrical Energy Conversion and Power Systems

Universidad de Oviedo

Project Management
Risk Management
Lecturer: Javier Daz lvarez

Risk Management
Introduction Plan Risk Management Risks Identification Risk Analysis Risk Responses Monitor and Control Risks

Definition & Management

- Project Risk: an uncertain event or condition that, if occurs, has an effect (positive or negative) in the project in one of the following aspects: - Cost - Scope - Time - Resources - Quality - Risk Management includes all the proceses related with planning, identification, analysis, response and control of the risks in a project.

Key Elements of a Risk

An event that can be defined. We have to know what might happen. The probability that it occurs. Likelihood that the event will occur. The consecuences (impact) of its occurrence. Loss or gain should the event occur, often referred to cost, scope, time, resources or quality.

Categories of Risk
Known risks: has been identified, has been analyzed and can be managed. Unknown risks: may be addresed through a general contingency based on experience with similar projects. Threats (negative) Opportunities (positive)

Impact Probability Matrix (example)

Exercise 4.1
Project. Promotion and construction (civil works, transport and erection o a wind farm of 40 MW (20 wind turbines) in Leon mountains (1500 masl).
Preliminar Risks Identification. Write them in 5 minutes. Compare the responses of the assitants and save them.

Risk Management
Introduction Plan Risk Management Risks Identification Risk Analysis Risk Responses Monitor and Control Risks

Risk Managment Plan

Describes how risk management will be structured and performed on the project. It includes the following:
1.-Methodology. Defines the approaches, tools and data sources that may be used to perform risk managment on the project. 2.- Roles and responsibilities. Defines the lead (Project Manager), support, and risk management team members for each type of activity in the risk managment plan, and clarifies responsibilities.

Risk Management Plan (II)

3.-Budgeting. Assigns resources, estimates funds needed for risk management. They should be included in the cost performance baseline. Finally protocols for application of contingency reserve should be stablished. 4.-Timing. Defines when and how often the risk management process will be performed throughout the project life cycle, establishes protocols for application of schedule contingency reserves, and stablishes risks management activities to be included in the project schedule. 5.-Risk categories. Provides a structure that ensures a comprehensive process of systematically identifying risks to a consistent level of detail. It contributes to the effectiveness and quality of the Identify Risks process.

Risk Categories
Technical Law related issues Organizacional Project Management External

Requirements

Permitting

Project Dependencies

Estimating

Subcontractors and suppliers

Technology

Contracts

Resources

Planning

Regulatory

Complexity and Interfaces

Legal proceedings

Funding

Controlling

Market

Performances and Reliability

Priorization

Communication

Customer

Quality

Weather

Risk Management Plan (III)

6.-Definitions of risk probability and impact. They should be defined according to each individual project. Each project target (Cost, Time, Scope and Quality) should have categorized the impact of the risks.

Impact scale of a Risk

Project Very low Objective Cost Low Moderate 1-3 % increase 5-10% increase High 3-10% increase 10-20% increase Unacceptable reduction to sponsor Unacceptable reduction to sponsor Very high >10% increase 20% increase Project item is effectively useless Project item is effectively useless

Insignificant < 1% increase increase Insignificant < 5% increase increase Barely noticeable decrease

Time

Scope

Minor areas Major areas of scope of scope affected affected

Quality

Barely Only very Sponsor noticeable demanding approval degradation applications required are affected

Risk Management Plan (IV)

7.-Revised stakeholders tolerances. They should be reviewed in the Plan Risk Management process. 8.-Reporting formats. Create templates for documenting the outcomes of the risk management processes. Define how to analyze and communicate. 9.-Tracking. Documents how risk activities will be recorded for the benefit of the current project, as well as for future needs and learnt lessons.

Risk Management
Introduction Plan Risk Management Risks Identification Risk Analysis Risk Responses Monitor and Control Risks

Risks Identification
Risk events must be specific and must be completely defined. It must include what, when and the impact of each risk. Identification process should be done from the task list. Develop a complete risk list. Identification tasks should be done as team work or in different teams constituted by members of the team project. Focus on Risk Identification, do not try to analyze them at this moment

Tools for Risks Identification

Experience. Interwiev with experts (could be telematic) Brainstorming Analogy method Documents review Root cause analysis Other (Cause-effect, fishbone, process flowcharts, etc.)

Experience. Interview with experts

Experts identification

Prepare the interview. Focus on the specific issue

Ask opinion and general information

Write the Minutes of Meeting

Include the conclusion in the List of Risks

Brainstorming

Ideas formulation Ideas evaluation

Very important: Do not start Ideas evaluation before the previous stage (Ideas formulation) is finished.

Analogy method
Stage 1

Identify required information (project risks)

Identify similar projects Stage 2 Focus on similar components of the project Accumulate useful data Stage 3 Analyze data Include the conclusion in the list of risks

Stage 4

Tools for Risk Identification

Documents review. It consists on collecting documentation related with the project and perform, first, an individual analysis and, then, a group analysis. Root cause analysis. An examination of the causes of individual risks and any groupings that seem to occur as a result.

List of Risks
Risk Code Category (task) Threat / Opportunity event Probability Impact Prob x Imp Priority

Risk Register
At the end of the proccess, the Risk Register will be done. It is an evolutionary document that serves to capture risk information. It includes:
List of Risks List of potencial responses Root causes of risks Update of the Risk Cathegories Chart

Exercise 4.2
Project. Promotion and construction (civil works, transport and erection o a wind farm of 40 MW (20 wind turbines) in Len mountains (1500 masl).
Starting from the Tasks List and using some of the explained tools, write the List of Risks. Assign probability and impact and complete List of Risks Chart. Elaborate a list of potencial responses. Find root causes of the risks Make a proposal for updating the Risk Cathegories Chart

Risk Management
Introduction Plan Risk Management Risks Identification Risk Analysis Risk Responses Monitor and Control Risks

Qualitative Risk Analysis

The input for performing the qualitative analysis (and also for the quantitative analysis) is the Risk Management Plan. It is the process of assesing and combining the impact and likelihood of identified risks. It prioritizes risks according to their potential effect on project performance. This type of analysis, in general, is more subjective than quantitative analysis, even when we assign numbers to our qualitative analysis. This is due to our own perception of the risk and our emotions at the time we do the evaluation.

Impact Probability Matrix

90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Very low Low Moderate High Very high

Probability

Impact

Impact Probability Matrix

Probabilities description:
Low probability. It is not likely that the event occurs (0-30%). Medium probability. It is likely that the event occurs (30-60%). High probability. It is very likely that the event occurs (60-90%). Events with probability higher than 90% are not risks, they are certainties which must be planified.

Impacts description:
Very low impact. If the event occurs, it will not impact in cost, time, quality or client satisfaction. Low impact. If the event occurs, it will have a mild effect. Medium impact. If the event occurs, it will impact moderately. High impact. If the event occurs, it will have a significant effect. Very high impact. If the event occurs, it will have a very important effect.

Quantitative Risk Analysis

It consists on a numerical measurement of the probability and the consequences of risks and an estimation of their consequences on project objectives. This method is more objective than Qualitative Analysis. The most common tool for this analysis is the Decision tree analysis.

Decision tree analysis (I)

Guidelines:
A box represents a decision Circles represent events with multiple possible outcomes We are evaluating the primary decision (root decision) which is placed at the left side of the decision tree, and the tree is drawn from that root. Find the most advantageous path at each decision node (box). What makes a path advantageous (lowest cost, greatest return, etc.) depends on the specific situation. Draw all possible paths for the scenario. Place values on each path segment if appropriate. Place probabilities on the path segments leading from events. Decision nodes have no probabilities associated with their alternatives

Decision tree analysis (II)

Guidelines:
Determine the risk values for each path segment by multiplying all probabilities to the left of the segment (including any probability for the segment itself) by each other and then by the value of the segment (if any). For each decision node, determine the most advantageous path by adding the risk values for the alternatives. You must work from right to left. Determine the paths for the right-most decision nodes, and then work your way to the left. The reason for choosing one path is that the paths are mutually exclusive; you can only choose one path. For event nodes, consider each path and add the results. The reason for including all paths is that they are mutually inclusive; that is, together they form the entire universe of possible outcomes.

Decision tree analysis (III)

Guidelines:
Continue working to the left until you can determine the most advantageous path for your root decision.

Decision tree analysis. Example.

Wind Farm in Leon (40 MW). Analyze the posibility of testing the power transformer. The test costs 40 k. The failure of the transformer costs one month of production losses (250 net equivalent hours, 80 /MWh)

Decision tree analysis. Example.

Fail
1%

30+0,01*800+0,99*0= 38 k
1 week; 30 k 99%

Pass Test Power Transformer Fail

0 5%

0+0,05*800+0,95*0=40 k
95%

Pass

4 weeks x 40 MW x 250 neh + 80 /MWh = 800 k

Exercise 4.3
Project 40 MW in Leon (3000 neh/year). Analyze the possibility of starting the works one week before obtaining the work licence using the decision tree analysis.
80/MWh 60% possibility of the stop of the works (0,5 weeks of delay) and 150 k penalty 30% possibility of 150 k penalty 10% possibility of nothing

Exercise 4.3
Stop Works + Penalty
60% 30%

Penalty

1 week; 62,5 neh 10%

190,4 k (0,6*(150+95,2)+0,3*150+0,1*0)= 190,4 - 192,13 = -1,72 k

Start Works before obtaining work permit

Nothing

0 k

1 week; 62,5 neh. 40 MW x 250 neh/month x 1 month /4,2 weeks x 80 /MWh = 190,4 k 0,5 weeks ? 190,4 k / 2 = 95,2 k

37

Comparison of methods
Qualitative
Fast and easy to administrate Difficult of using in a uniform way in the organizacin Ir requires definitions, rules, standards and processes

Quantitative
It is preferred (most of the times obligued) by the direction More time is required, it needs estimation Numbers give a precission image, but it depends on the precission of the estimation It is difficult if team project doesnt want to give figures It allows to see tendences Easier to predict More valuable

Risk Analysis Instructions

Study the complete list of risk events Assign risk analysis tasks to the appropiate members of the team Quantify or qualify probability and impact of each identified risk Identify the best, the worst and more probable results of risk events with high grade of uncertainty Review the result of the analysis with the members of the team Do not advance, at this moment, in priority assignation

Impacts to Project Cost

Each Risk Event must be analyzed to evaluate potential impacts to project cost:
Cost of power of work (people) Task duration Direct materials Equipment and tools

Impacts to Project Time

Each Risk Event must be analyzed to evaluate potential impacts to project time baseline:
Resorces shortage Length extension Other delays

Net diagram must be analyzed to evaluate potential impacts due to:

Dependent tasks Tracks convergence

Time Risks Analysis

Network diagram Experts judgment Finantial analysis
Net Present Value (NPV) Expected value (EV = Probability * Impact)

Decision tree (explained).

Network diagram
Example Calculate critical path using a balanced average time: (Optimistic value + 4*Probable value + Pesimistic value)/6

Exercise 4.4
The activities for the construction of one new wind turbine in an existing wind farm are the following:
Activity 1.- Wind turbine foundation digging 2.- Wind turbine erection 3.- Cable conection to wind turbine and tests 4.- Trench digging 5.- Cable lying 6.- Cable connection to substation 7.- Tests and energizing Balanced Predeccessor Optimistic Expected Pesimistic average time 1 2, 5 4 5 6 2 3 1 2 1 1 0,5 5 5 4 5 4 2 1 7 7 8 14 10 4 10 4,83 5,00 4,17 6,00 4,50 2,17 2,42

Draw network diagrams and calculate critical paths for Expected Values and for Balanced Average time: (Optimistic value + 4*Probable value + Pesimistic value)/6

Exercise 4.4
0 Task 1 (5) 0 0 Start 0 0 Task 4 (5) 1 6 6 5 5 Task 5 (4) 10 11 9 9 Task 6 (2) 13 13 11 11 Task 7 (1) 14 12 14 5 5 5 5 Task 2 (5) 10 10 10 10 Task 3 (4) 14 14 End 14

0 Task 1 (4,8) 1,1 0 Start 0 0 Task 4 (6) 0

4,8 5,9

4,8 Task 2 (5) 5,9

9,8 10,9

10,5 Task 3 (4,2) 10,9

14,7 15,1 15,1 End 15,1

6,0 6

6,0 Task 5 (4,5) 6

10,5 10,5

10,5 Task 6 (2,2) 10,5

12,7 12,7

12,7 Task 7 (2,4) 12,7

15,1 15,1

45

Expected Value
Best case Base case Concrete problem Productivity increase Snow in april Total 10.000 0 -200 0 9.800 50% 10% 50% Probabilit y Expected Value Worst case 10.000 200 -20 400 10.580 10.000 400 0 800 8.800

Prioritize Risks
Project Team must prioritize the risks which should be taken into account because there will not be enough time and resources to respond to risks. Prioritization must be done from Risk Register. Work should be done by all the team. In this stage, do not think about responses.

Prioritize Risks
Qualitative method. Clasify taking into account only the impact (not the probability). Do two lists, one with cost impacts and another one with time impacts. Quantitative method. Clasify risks according to their Expected Value (probability x impact). Filtered. Elaborate a list of questions and filter all the risks. Ask each question to all the remaing risks. Start with the first question and discard the risks with non significative impact. Then the second question.

Filtered method
Filter one. Is the impact significative (performance, quality, cost, time, scope)? Filter two. Has anybody seen it before? Do conditions or circunstances which make the risk more probable exist? Filter three. Does the risk have an inmediate effect on the project? Does it require a long actuation? Do we have to act in a short time? Filter four. Does the risk have a solution that is out of Board control?

Exercise 4.5
Project 40 MW in Leon.
Starting from the Risk Register, prioritize risks using the filtered method.

Risk Management
Introduction Plan Risk Management Risks Identification Risk Analysis Risk Responses Monitor and Control Risks

Strategies
Strategy for threats and opportunities
Accept

Strategies for threats

Mitigate Transfer Avoid

Strategies for opportunities

Exploit Share Enhance

Contingent response strategies

Accept
Acceptance:
Active. Develope a contingency plan Passive. Do not do anything. Accept consecuencies.

If a risk is acceptable for the project and for the company:

Review company tolerances Document and communicate strategy Keep reevaluating the risk during the life of the project

Mitigate
Take specific actions to:
Reduce risk probability Reduce risk impact

Estimate and evaluate mitigation strategy Document and communicate strategy Keep reevaluating the risk during the life of the project

Transfer
Subcontract Use guaranties (Warranties) Contractual guaranties (Guaranties) Ensurances Contract with client

Avoid
If risk exposure is not acceptable or mitigation and/or transfer are not enough, risk cause must be avoide and threat must be eliminated. Review tolerances of the organization. Evaluate task Vs avoid the project Document and communicate strategy Keep reevaluating the risk during the life of the project

Strategies for opportunities

Accept Enhance
Maximize event probability Maximize event impact

Exploit (making sure that the opportunity is materialized) Share (assign part of the bennefit to a third party)

Risks response matrix

Response 1 Risk 1 Risk 2 Risk 3 Risk 4 Response 2 Response 3 Response 4

- Try to identify responses that mitigate several risks at the same time. - For positive impacts, write + - For negative impacts, write - If impacts do not exist, dont write anything

Scaling of risks response

If team project cant develope response strategies for severe threats or significant opportunities, the Project director is responsible for scaling to the directors of the company

Reserves
Provision to mitigate risks (cost or time). It is an amount of money or time which is used to reduce deviation risk. To determine rerseves, consider the following:
Tipe of contracts Threaten exposure Tolerance to risk Consecuences of deviation Learnt lessons

Exercise 4.6
Project 40 MW in Leon.
Starting from the filtered risks register, develope the risks responses.

Risk Management
Introduction Plan Risk Management Risks Identification Risk Analysis Risk Responses Monitor and Control Risks

Monitor and Control Risks Purpose

Monitor residual Risks Identify new and secondary risks Execute risk responses Evaluate risk process effectiveness

Follow up and Control of Risks

The process consists on:
Identification, analysis and planification of new risks Making the follow up of identified risks Reanalyze existent risks Follow up of conditions that trigger plans for using reserves Follow up of residual risks Review of the execution of risks responses while evaluating its effectiveness.

It must be integrated with plannification, execution and control of the project.

Stablish a System of Early Detection

The target is detect deviations of the plan which could be or could cause risk triggers. Some examples:
Cost deviations Time deviations Changes in the estimated finishing date Changes in the attitude of stakeholders New alternative critical paths

Exercise 4.7
Think about other risks triggers

Evaluate results of Corrective Actions

Have the mitigated risks been sufficiently content? Can materialized and accepted risks be tolerated? Have the result of contingency plans have been satisfactory? Has the lifecycle of the risks been finished? Is another action required?

Risks reevaluation
What new risks are due to time or cost variations? What new risks are due to changes in client requirements? What new risks are a result of changes of personnel or stakeholders? What new risks are result of organizacional or environmental changes? What new risks are possible due to changes in resources or its utilization? Which of the identified risks have changed?

Risks Reevaluation. Analysis and Risks Clasification

Has the ocurrence probability of each risks changed? Is the impact of the risk the same? Are risk priorities the same? Are organizacional tolerances the same? Have the stakeholders changed? Are there new risks? Is there any response strategy that doesnt work?

Exercise 4.8
Question: when do you think that a new risk reevaluation should be done?

It depends on the project duration.

5 years project. Once a month could be ok. 4 weeks project. Once a week couldnt be enough.

Risk Documentation
It is the base for risk analysis in future projects Learnt lessons should be transmited to all the organization to avoid that the same problems could happen again It could be used to demonstrate to the direction of the company the work that has been done and when they were involved in project problem solutions.