November 3, 2010
How to identify, quantify and manage project risks
Perhaps, everything within a project involves a risk of some kind: changes in working environment, an increase of project costs, procurement issues, postponed delivery dates, etc. Risk analysis within the project initiation phase allows assessing all possible risks and making a decision on what actions can be taken to minimize disruptions to the statements of the initiation phase. Project risk analysis is the efficient way to ensure that strategies used to control project risks are cost-effective.
Risk Analysis Definition
Project Risk Analysis is a series of activities to quantify the impact of uncertainty on a project. These activities are risk identification, probability assessment, and impact estimation. Risk analysis creates the foundation for running the risk management process throughout the project lifecycle.
Risk Analysis Management
The goal of risk analysis management is to identify and estimate the value of potential threats and then choose what approaches to apply to respond to identified risks. Risk analysis management consists of three coherent activities: 1) Identify threats, 2) Assess probability of their occurrence, and 3) Estimate their impact on the project in terms of working hours. For this purpose, it is convenient to develop a risk analysis checklist that describes a range of tasks to complete each of the activities. Let’s review items (tasks) of the checklist (see below).
- Threats Identification. This activity is about identifying all potential events that seem to be risky for the project. The next tasks characterize this activity:
- Conduct workshops and use brainstorming to determine types of the risks surrounding your project. There could be Strategic risks, Operational risks, Compliance risks, Staff management risks, Financial risks, Knowledge risks, etc.
- List all the types of risks affecting the project (create a project risks list sorted by types).
- Probability Assessment. Once the potential threats have been identified, the next activity is to measure the probability of those threats for occurrence. The goal is to estimate the probability of each event happening during the project.
- Investigate each of the identified risks to create a detailed description of the risks.
- Use the project risk description to make an evaluation on how the risks may cause a project failure considering Budget, Completion Dates, and Performance Objectives.
- Apply analysis methods and techniques (e.g. PERT – Program Evaluation and Review Technique) to identify the probability of risk occurrence and assess potential deviations of project characteristics from the baseline.
- Impact Estimation. One of the best approaches to estimating risk impact is to multiply the probability of risk occurrence by the amount of costs required for setting things right if risks happen. The result will give a value for the identified risks. Following this concept, the next tasks should be completed:
- Use the formula ∑ (Events * Probability * Consequences) to estimate the impact of the risks affecting your project.
- Develop a risk analysis table that includes such columns as Risk Event, Probability, Impact, Score, and Risk Mitigation Plan. The table demonstrates results of the risk analysis management process with details on risk characteristics and mitigation plans. An example of the risk analysis table is shown below.
Note that the sample risk analysis table gives the impact in working hours, yet it can be estimated in other units, for example in dollars.
Once the value of project risks has been identified and estimated, the analysis management process should be targeted at finding ways to managing the risks. This is made by using cost-effective approaches because such approaches allow comparing risk elimination expenses with the cost of the risk event if it happen. Cost effective approaches for project risk analysis management will help determine the necessity for either mitigating a risk or accepting it, because there can be cases when it’s better to access a risk rather than invest excessive resources to eliminate it.
Considering this, managing of project risk analysis can be performed by using:
- Available assets. Any project has resources available for solving risk issues. Such resources can be used to make improvements to existing methodologies and systems, reassign roles and responsibilities, delegate tasks, improve internal controls and supervision, etc.
- Contingency planning. This involves the development of a contingency plan. Contingency planning assumes acceptance of a risk with further implementation of a contingency plan to minimize or eliminate the negative impact of the risk (once it happens).
- External resources. The process of managing project analysis sometimes requires additional resources when existing assets are not enough for solving project issues. In this case, investments will help counter risks. Often project risk insuring is used to carry part of the risks. Project risk insuring is an effective way to increase solvency of the performing organization.
Project Risk Management Plan
An analysis of project risks at the initiation phase is the starting point for the development of a risk management plan. By following the steps and accomplishing activities of the project risk analysis template, the project manager can create the foundation of implementing risk management strategies throughout the project life cycle. Once the analysis is completed and potential risks are identified and estimated, the project manager should also work on building of a risk management team which will take responsibilities for treating the risks and implementing mitigation strategies.