3. Risk analysis and assessment: Identifying, Describing and Estimating project risks
May 13, 2010
- Identifying project risks
Identification of project risks is a subsidiary process that involves using of a risk identification approach to define which risks and threats surround the project and affect project activities, and to document risk characteristics. The project risk identification involves participation of the project manager, project team members, an assigned risk management team and risk experts, stakeholders. Project risk identification is an iterative process because new risks and threats may arise any time during the course of a project.
One of the best risk identification approaches is a workshop with project participants, especially with those carrying out daily duties. Workshops (or project risk management presentations) involve using a combination of both brainstorming and reviewing to create standard project risk lists and define types of project risks. All risks of a project can be classified into the following types:
- Strategic risks concern long-term strategic objectives of the project. This type of project risks affects such areas as initial project financing, technology, reputation, changes in the physical environment, etc.
- Operational risks concern issues and problems that project participants are confronted with from day to day. Mitigation of operational risks contributes to reducing of strategic risks.
- Compliance risks concern issues associated with the need to comply the project course with documented statements and regulations. Managing compliance risks lets ensure that current project activities are undertaken in the manner which project stakeholders and customers expect.
- Financial risks are associated with existing financial structure of the project and with all the transactions made to carry out the project. Identification of financial risks involves examining daily operations. Financial risks are an indicator that shows whether current project has serious implications for viability.
- Knowledge risks are associated with effective management and control of knowledge resources, communication mechanisms, and protection systems. Project knowledge risks may include abuse of intellectual property, loss of the key project staff, system malfunction, etc.
The given project risk classification is also known as the nature of project risks. It covers the major project risks. Sometimes, the given risk classification is broken down into a wider range of project risks, including environmental risks, staff management risks, political and economical stability risks, safety risks.
Project risk description is a subsidiary process that follows the project risk identification process and aims at displaying the identified risks in a structure format (often by using tables and spreadsheets). The project results in creation of a risk description table that facilitates better assessment and further risk management. By considering consequences and probability of each risk set out in the risk description table, the project manager can prioritize key risks which should be reviewed and analyzed in more detail. Then the project manager makes descriptions for the key risks and the rest risks to be used later for project risk analyzing. Prioritization of the key risks results in creation of the agreed risk priority scale.
Project risk estimating is a subsidiary process that enables an analysis of project risks and allows removing or mitigating identified risks which threaten successful achievement of project objectives or producing of project deliverables. A properly undertaken project risk analysis increases a probability of successful completion of project in terms of time, cost and performance objectives.
There are common suggestions for conducting the project risk analysis process. The suggestions involve investigation of various risks and uncertainties, including the following:
- The structure of financial management and authority is not established yet
- Technological foundation of project is not proven yet
- Project resources are unavailable at the required level
All the listed uncertainties produce an exposure to risks which may cause a failure of:
- Project budget
- Completion dates
- Performance objectives
In order to remove or at least mitigate risks, the project manager in cooperation with risk analysts and experts analyzes uncertainties of project activities and estimates risks. The process of project risk estimating is usually divided into two sub-processes, including Qualitative analysis and Quantitative analysis.
Qualitative analysis allows defining factors and causes that create a risk for project. Qualitative analysis can be done by using checklists, questionnaires, interviews or brainstorming sessions. The analysis uses risk assessment forms which describe the impacts of each risk and a likelihood of risk occurrence. Qualitative analysis uses the following documents:
- Risk register
- Project scope statement
- Risk management plan
Quantitative analysis often involves more sophisticated techniques and methods to investigate and analyze project risks. Quantitative analysis is conducted with help of project risk management software. It involves measurement of uncertainties associated with the project schedule and budget. Qualitative analysis uses the following documents:
- Risk register
- Risk management plan
- Cost management plan
- Schedule management plan
Both analyses result in making updates to the risk register. After Qualitative analysis and Quantitative analysis have been conducted, the results can be used to create a profile for each risk. A risk profile is a signature that rates each risk and provides a foundation for prioritizing risk treatment efforts. Risk profiles are also used later for reporting project risk activities.