Académique Documents
Professionnel Documents
Culture Documents
planning responses to the most important project risks. The goal of • Risk monitoring and control. Keeping track of major potential
risk management is to identify all project risks and develop strate- risks, implementing the risk response plan when risk events do
gies to maximize the effects of potential opportunities and signifi- occur, and watching for any new risks.
cantly reduce or eliminate the potential impact of threats.
Risk Identification
Companies that consistently excel in project delivery, typically
have a well-documented project process in use, which includes risk Risk identification involves information-gathering techniques that
management. An excellent reference on the project risk management determine which risks may affect the project and the characteris-
process is A Guide to the Project Management Body of Knowledge tics of each risk event. Risk characteristics include the possible fre-
(PMBOK® Guide), published by the Project Management Institute. quency of the risk event, the range of outcomes, the type of risk, im-
The material presented in this article is consistent with the pacts if the risk event occurs and symptoms of the risk event. Many
PMBOK® Guide, which describes the generally accepted project different techniques are available for identification of project risks.
management knowledge. However, generally accepted doesn’t These include the following:
mean that the knowledge and practices should be uniformly applied Brainstorming. The free flow of ideas used to generate a listing
on all projects. The project team is responsible for determining of potential risk events. The key to brainstorming is to not prejudge
the appropriate tools and techniques to apply on a project. For ex- any idea until after completion of the brainstorming session.
ample, the risk management plan for construction of a multibillion- Phrases to avoid during brainstorming include: “that can’t happen”
dollar chemical plant would be more extensive than the risk man- and “what a dumb idea.”
agement plan for a simple office renovation. The risk management Checklists. A listing of risk events typically encountered for a spe-
processes are as follows: cific type or class of projects. The project team reviews the check-
• Risk Management Planning. Deciding how to approach and plan list when starting a new project to identify specific risk events that
the risk management activities for the project. may occur. Checklists can be organized by project phase, major de-
• Risk identification. Determining which risks may affect the proj- liverables or by impacts to the project.
ect and understanding the characteristics of the risk events. Interviews. Discussions with project team members and other
• Risk analysis. Using qualitative and/or quantitative techniques stakeholders can help identify risks not identified during normal
to understand the probability and severity of each risk event, in planning activities. A good source of risk information is from peo-
order to prioritize the risk events based on impacts to the project ple who have done similar projects in the past.
objectives. Flowcharting. Diagramming techniques displaying how various
• Risk response planning. Determining actions that the project elements of a project are related. This illustrates how risk events and
team can take for each major risk event, in order to maximize any causes relate to create potential risk impacts and help the team
opportunities and minimize threats to the project objectives. better understand causes and effects of risks.
Impact
Value Cost Schedule Functionality Quality
10 very high impact - major issue major issue
8 high impact - medium issue medium issue
6 medium impact major impact minor issue minor issue
4 low impact medium impact very small issue very small issue
2 - low impact - -
0 - - - -
Exhibit 4.The CMS Project Risks Expected Values Helped Team Members Focus on the Most Important Risks
impact scales defined by the CMS project team, the maximum ex- Transference is shifting the risk event impact to a third party
pected value a risk event could have is 10 (1.0 probability x 10 impact). along with ownership of the risk response. Transferring the risk
The CMS project team decided that risk events with an expected simply gives another party responsibility for the risk but the risk
value over 5.0 warranted specific risk response planning, and risk isn’t eliminated. Transference is most effective in dealing with fi-
events below 5.0 deserved watching, but not necessarily specific action. nancial risk exposure. However, risk transfer almost always in-
Exhibit 4 shows the assigned probability, impact and expected value volves payment of a risk premium to the party taking on the risk.
for each risk event on the CMS project. For simplicity, not all identi- Examples of transference include insurance, warranties and fixed
fied risk events on the CMS project are shown in Exhibit 4. price contracts.
Mitigation is reducing the expected value of a risk event by re-
ducing the probability of occurrence and/or the risk event value. It
Risk Response Planning looks to change conditions so that the probability of the risk event
occurring is reduced.
Risk response planning is the process of developing plans and ac- An example of mitigation to prevent missing a schedule com-
tions to respond to specific risk events. The effectiveness of risk re- pletion date is adding more resources. Mitigation also looks to re-
sponse planning will greatly influence how much the risk level de- duce the risk impact. An example of this is airplanes that have re-
creases as the project continues. The risk response techniques com- dundant hydraulic systems to greatly reduce the impact of a failure
monly used are described below. of any one hydraulic system.
Avoidance is changing the project plan to eliminate either the risk Acceptance as a risk response technique is where the project
event or the impact. However, keep in mind that the project team team has decided not to change the project plan to deal with the
can never eliminate all risk events! An example of avoidance is risk—or more likely, is unable to identify any other suitable re-
adopting a familiar approach instead of a new and untried innov- sponse strategy. Acceptance can be either passive or active. The ac-
ative approach. Another example of avoidance is selecting a site for tive acceptance response is developing a contingency plan in case the
a new shopping mall in a town with a friendly town planning board risk event occurs. An example of active acceptance is developing an
where quick approval of building plans occur. alternative schedule plan to deal with late delivery of key equipment.
Risk RISK EVENT Probability Impact Expected Mitigation Plan Contingency Plan
# (0 - 1.0) (0 - 10) Value
The passive acceptance response would be doing nothing until the Conclusion
risk event occurs.
Risk Response Planning on the CMS Project Successful project teams include risk management as part of their
project plan. The probability of success on any project is much
Exhibit 5 shows the risk planning worksheet used by the CMS proj- higher when the project team follows a structured risk management
ect team for some representative risk events. Exhibit 5 only shows process. On the Capital Management System (CMS) IS project,
a few representative examples from the CMS project. use of risk management helped ensure successful completion of the
Mitigation was the biggest response technique used by the CMS project.
team, and this technique looks to reduce the expected value of the
risk event by reducing either or both the probability and impact. It References
makes sense that if a risk has high likelihood of occurring, the Graves, Roger. 2000. Qualitative Risk Assessment. PM Network (Octo-
team won’t just sit idle, but will try to intervene to reduce the prob- ber), pp. 61–66.
ability of the risk event. Likewise, if the consequences of the risk Hillson, David. 2000. Project Risks—Identifying Causes, Risks, and Ef-
event are high, the team will look for methods to reduce the impact. fects. PM Network (September): pp. 48–51.
In addition to mitigation planning, the project team also considered Lukas, Joseph. 1995. Managing Risks on Capital Projects. AACE Trans-
contingency plans in case the risk event did occur. This allows a actions.
team to quickly respond to any risk event that does occur. The Lukas, Joseph. 2001. Manage Project Risks with Success. Inside Project
spreadsheet in Exhibit 5 includes columns for mitigation and con- Management (November), pp. 1–5.
McKim, Robert. 1992. Risk Management—Back to Basics. Cost Engi-
tingency plans, along with columns for responsible person and sta-
neering (December), pp. 7–12.
tus. The project team reviewed the risk spreadsheet at the weekly
Project Management Institute Standards Committee. 2000. A Guide to
team meetings. the Project Management Body of Knowledge. PMBOK® Guide. 2000 Edition.
Newtown Square, PA: Project Management Institute.
Risk Response Monitoring and Control Royer, Paul. 2000. Risk Management: The Undiscovered Dimension of
Project Management. PM Network (September), pp. 31–39.
Note that probability and impact are not fixed during the project
life! As the project team implements actions to mitigate risk prob-
abilities and impacts, the associated values should drop. This means
the expected value should also decrease, reducing the overall risk
level on the project.
For example, in Exhibit 5, Risk Event #3 (missing key project re-
quirements) has a high probability and impact. The high probability
(0.9) resulted from the database manager holding multiple jobs. The
mitigation plan was getting management commitment to dedicate
the database manager to the CMS project and finding another per-
son to pick up her other job responsibilities. Once this happened,
the probability dropped from 0.9 down to 0.4. In addition, once the
project requirements were totally defined, the impact dropped
from 10 down to 4. This means the expected value of Risk Event #3
dropped from 9.0 down to 1.6, which is a very low risk event value.
This is the goal of the project team—to reduce the expected value
of risks and to increase the expected value of opportunities.
Previous Menu
October 3–10, 2002 • San Antonio,Texas, USA