Proton Group Co. 

Risk Analysis

RISK IDENTIFICATION

• Determining which risk events will effect the project. 

• The process of systematically identifying all  possible risk events which may impact on a project. They may be conveniently classified according to their cause or source and ranked roughly according to ability to manage effective responses.  Not all risk events will impact all projects, but the cumulative effect of several risk events occurring in conjunction with each other may well be more severe than the examination of the individual risk events would suggest.
• Risks are events that can potentially affect the cost, schedule, and/or efforts of a project.   

Risk Identification begins during Project Initiation with the documentation of known proj­ect risks so that early planning can mitigate their effects. Throughout the duration of the project, risks must continue to be identified, tracked and analyzed to assess the probability of their occurrence, and to mini­mize their potential impacts on the project. 

The project should be analyzed for risk in areas such as:

• Culture of the Performing Organization

• Anticipated impact on the Performing Organization of the resulting product or service

• The level to which the end result is defined - the more com­plete the definition, the lower the possibility of risk.

• Technology used on the project (proven vs. new)

• Relationships among team members

• Impact on work units

Documentation associated with Project Initiation can also be used to help identify risks.

Some examples are:

• Preliminary staffing requirements may be problematic if required resources have limited availability or unique skills that would be hard to find and/or replace should they leave the project.

• The Project Scope Statement may uncover previously unidentified areas of concern (again, the more complete the scope definition, the lower the possibility of risk);

• Project constraints indicate likely risk sources;

• The High-Level Project Schedule may produce extremely aggressive or unrealistic scheduling

RISK IN CONSTRUCTION – Sample breakdown

Socioeconomic factors

        1. Environmental protection

        2. Public safety regulation

        3. Economic instability

Organizational relationships

        Contractual relations

        Attitudes of participants

        Communication

Technological problems

        Design assumptions

        Site conditions

        Construction procedures

        Construction occupational safety

1. The environmental protection movement has contributed to the uncertainty for construction because of the inability to know what will be required and how long it will take to obtain approval from the regulatory agencies. The requirements of continued re-evaluation of problems and the lack of definitive criteria which are practical have also resulted in added costs.

2. Public safety regulations have similar effects, which have been most noticeable in the energy field involving nuclear power plants and coal mining. The situation has created constantly shifting guidelines for engineers, contractors and owners as projects move through the stages of planning to construction. These moving targets add a significant new dimension of uncertainty which can make it virtually impossible to schedule and complete work at budgeted cost.

3. Economic conditions of the past decade have further reinforced the climate of uncertainty with high inflation and interest rates. The deregulation of financial institutions has also generated unanticipated problems related to the financing of construction.

RISK LEVEL

An assignment of risk to low, medium and high risk categories based on probability and consequence.

RISK MANAGEMENT – The art and science of identifying and assessing the risk factors during a project and responding to them in the best interests of the project objectives.

Risks are potential future events that can adversely affect a project’s Cost, Schedule, Scope or Quality (CSSQ). In prior phases, the Project Manager defined these events as accurately as possible, determined when they would impact the project, and developed a Risk Management Plan. As the impact dates draw closer, it is important to continue re-evaluating probability, impact, and timing of risks, as well as to identify additional risk factors and events. When the risk event actually occurs, the risk (which is by definition a future, potential event) becomes an issue (which is by definition a current, definite condition) and issue monitoring and control takes over. The purpose of Monitor and Control Risks is to deploy the Risk Management Plans prepared in prior phases to anticipate project challenges, and to develop and apply new response and resolution strategies to unexpected eventualities.

During Project Initiation and Planning, risks were remote events with uncertain probabilities of coming true. In Execution and Control, however, impact dates draw closer, and risks become much more tangible.  The Project Manager must continually look for new risks, reassess old ones, and re-evaluate risk mitigation plans. The Project Manager should involve the whole Project Team in this endeavor, as various team members have their particular expertise and can bring a unique perspective to risk identification. As the Risk Management Worksheet is integrated into the status reporting process, this review and re-evaluation should take place automatically, with the preparation of each new status report.

Because the Risk Management Worksheet places risks in order according to their priority level, it is important to update all quantifiable fields to portray an accurate risk landscape. The risk probabilities may have changed; the expected level of impact may be different, or the date of impact may be sooner or later than originally anticipated – all of these variables determine which risks the Project Team will concentrate on first.  Likewise, the Risk Management Plan needs to be constantly re-evaluated. Make sure the right people are still assigned to mitigation actions and that the actions still make sense in the context of the latest project developments. Another consideration is whether a specific risk’s probability level is high enough to warrant incorporating the Risk Management Plan in the Project Schedule via the change control process. If so, the risk should be removed from the worksheet. Finally, the Project Manager must be constantly on the lookout for additional risks. Reviewing the risks as part of regular status reporting should involve the whole Project Team via bidirectional communications.

Monitor Impact on CSSQ

During the entire risk management process, the Project Manager should be especially vigilant regarding the effect on the project’s Cost, Scope, Schedule and Quality (CSSQ). With the proper risk management processes in place, many risk events may come to pass without affecting (either positively or negatively) the project’s defining parameters. However, when a risk event occurs that threatens the project’s scope, quality standards, schedule or budget, the Project Manager must determine the proper course of action to protect the integrity of the project.

      Until CSSQ impact is certain, the Project Manager must, at a minimum, introduce the event to the list of current project issues. The issue’s Action Plan must reflect all the tasks required to accurately determine what impact (if any) the event will have on CSSQ. Once the impact is certain and quantifiable, the Project Manager should transition the issue to the Change

Control process.

RISK MANAGEMENT PLAN – Part of the program definition statement that contains a record of all the risks in the business environment, and to the program itself. 

* A component of the program definition statement, containing a record of all risks in the business environment and to the program itself. It assesses possible impact and what is to be done (and when) to avoid, remove and control them. It includes the detailed processes for managing the risk. 

Risk Management Plan:  addresses how risks are systematically identified analyzed and responded to throughout the project.  Descriptions of how the project risks will be/were determined, including its planning methodology, assumptions and decisions.

Major Artifacts:

1. Risk Management (and control) Plan, including:
2. Risk Inventory with Thresholds
3. Prioritized Probability-Impact Ranking (matrix)
4. Response Plan (Workarounds and Corrective Actions)

Management Processes, include

1) risk management planning,

2) risk identification,

3) qualitative risk analysis,

4) quantitative risk analysis,

5) risk response planning, and

6) risk monitoring and control.

Note:  Projects baselines are developed via the time (schedule), cost, and risk processes.

RISK MATRIX – A matrix with risks located in rows, and with impact and likelihood in columns. 

* The presentation of information about risks in a matrix format, enabling each risk to be presented as the cell of a matrix whose rows are usually the stages in the investment life-cycle and whose columns are different causes of risk. A risk matrix is useful as a checklist of different types of risk which might arise over the life of a project but it must always be supplemented by other ways of discovering risks.

RISK MITIGATION

• Action to reduce, transfer, or eliminate risk. 

• The act of revising the project's scope, budget, schedule or quality, preferably without material impact on the project's objectives, in order to reduce uncertainty on the project.

• A process to plan and implement risk control, risk transfer and alternate financing to minimize the cost to the Project.

RISK MITIGATION STRATEGY -- An overall plan for mitigating the risks in the investment activity.

RISK PRIORITIZING

• Ordering of risks according first to their risk value, and then by which risks need to be considered for risk reduction, risk avoidance, and risk transfer. 

• The ordering of risks according to their risk value and then deciding which need to be considered for risk reduction, risk transfer, risk avoidance, or contingency allowance etc.

RISK PROBABILITY – The degree to which the risk event is likely to occur.

RISK PROCESS MANAGER – The manager who will plan, lead and co-ordinate the RAMP process.

RISK QUANTIFICATION – Evaluating the probability of risk event effect and occurrence. 

              Process of applying values to the various aspects of a risk.

RISK RANKING

• Allocating a classification to the impact and likelihood of a risk. 

• The allocation of a classification to the  impact or likelihood of a risk.  This may be in the form of high, medium, low or a numeric classification on a scale of, say, 1 to 5. 

• Allocating a classification to the impact and likelihood of a risk.

RISK REDUCTION – Action taken to reduce the likelihood and impact of a risk.

RISK REGISTER – A file that holds all information on identifying and managing a risk.  * Formal record of identified risks

RISK RESPONSE CONTROL – Responding to changes in risk during a project.

RISK RESPONSE DEVELOPMENT –Developing a plan of action to enhance opportunities and decrease threats.

RISK RESPONSE PLAN – A plan (prepared towards the end of the risk review) for controlling the risks once implementation begins.

RISK RESPONSE PLANNING – The process of formulating suitable risk management strategies for the project, including the allocation of responsibility to the project's various functional areas. It may involve risk mitigation, risk deflection and contingency planning. It should also make some allowance, however tentative, for the completely unforeseen occurrence.

RISK RESPONSE SYSTEM – The on-going process put in place during the life of the project to monitor, review and update project risk and make the necessary adjustments. Examination of the various risks will show that some risks are greater in some stages of the project life cycle than in others.

RISK REVIEW – An overall assessment of the risks involved in a project, their magnitude and their optimal management. Risk reviews can in principle be held at any stage in the life of a project with each review building on the results of previous ones. Each risk review should be preceded by a risk review plan. Risk reviews should generate information for inclusion in the risk register, ris mitigation strategy and risk response plan. The results of a risk review should be set out in a risk review report.

RISK SHARING – Diminution of a risk by sharing it with others, usually for some consideration.

RISKS – Risks are events that if they occur can jeopardize the successful completion of the project. Risks should be identified and

        assessed for probability of occurrence and impact on the project.

RISK TRANSFER – A contractual arrangement between two parties for delivery and acceptance of a product where the liability

        for the costs of a risk is be transferred from one party to the other.

RISK TREATMENT – Selection and implementation of appropriate options for dealing with risk.

RISK VALUE – The number obtained when numeric impact and likelihood values are multiplied.

RISK CLOSE-DOWN REPORT – A report prepared by the risk process manager after the project has terminated.

RISK PROCESS PLAN – A plan prepared at the outset by the risk process manager, which establishes the risk strategy and baseline. The plan is updated as the work proceeds.

RISK, PROJECT – The likelihood of an event occurring that is detrimental to project success. Identification of all project risk categories and assessing their probability and impact is an important aspect of project management. Therefore, sufficient time and resources should be devoted to risk assessment as an integral part of the project plan. Managing and controlling risk involves assigning responsibility to those in the project team who can best control the consequence of each risk category. The objective is to mitigate risk/cost on the project. Unpredictable project risks should be assumed by the owner since they cannot be costed.

RISK SOURCES

Events or conditions that have been defined for use in Risk Assessment that might affect the outcome of a project. Risk sources are frequently subdivided into the following groups, based on the underlying source of the source:

1) Business needs risks;

2) Results definition risks;

3) Scope definition risks;

4) Execution plan, mastery and processes risks; and

5) External risks. See: CONDITION; EVENT.

RISK VALUE –The number obtained when numeric impact and likelihood values are multiplied.