Anda di halaman 1dari 5

NAME: Soumendu Dirghangi


Q1: Describe briefly Project Risk, its identification, assessment, priority, risk response planning &
risk management methods.
A1: Project Risk arises when an uncertain event or condition that, if it occurs, has a positive or
negative impact on atleast one of the project objectives.
Project Risk Identification is the process of recognizing the different risks along with the general
sources of these risks and then documenting its attributes.
All possible risks should be explored after which filtration of the risks is done in order to prioritize on
risks. It is imperative to do a thorough identification of all possible risks because that will imply that
the project is being done considering assumptions. The risks which are not identified cannot be
managed. Risk identification is an iterative process as new risks can come up as a project progresses.
Tools which can be used for project risk identification are:

• iExpert Judgement
• Project Documentation Reviews Gaps and Uncertainty
• Information Gathering: Interviews, Delphi
• Check Lists and Databases
• Assumption Testing
• Diagramming Techniques (Swim Lane or Fishbone Diagram)
• SWOT Analysis

A risk assessment is a systematic process of evaluating existing controls and assessing their
adequacy against the potential operational, reputational, and compliance threats identified in a
risk analysis. The risk assessment process must be a continual, monitored process to be
effective. The five steps to a risk assessment include:

1. Conduct Risk Assessment Survey – Input from management and department heads is vital
to the risk assessment process. This survey is an avenue to document specific risks or threats
within a department.
2. Identify Risks – The purpose of a risk assessment is to evaluate something like an IT system
and ask, what are the risks to hardware, software, data, IT personnel? What are the potential
adverse events, like fire, human error, bomb threats, or flooding? What’s the potential for a
loss of integrity, availability, or confidentiality in your systems?
3. Assess Risk Importance and Risk Likelihood – What is the likelihood of a specific event
having a negative impact on an asset? This can be expressed subjectively or quantitatively
(High, Medium, Low or 1, 2, 3).
4. Create a Risk Management Action Plan – Based on your analysis of which assets are
valuable and which threats are likely to negatively affect those assets, you must develop
control recommendations to either mitigate, transfer, accept, or avoid the risk.
5. Implement a Risk Management Plan – Now that you’ve completed the first four steps to a
risk assessment, you’ve developed an effective way to identify and managed risk. Now, it’s
time to train your team and implement these controls.

Risk Priority: A project’s performance can be effectively improved by the organization by

focusing on the high-priority risks. The priority of the risk can be identified by the Qualitative
Risk Analysis using the probability of occurrence, the corresponding impact on project
objectives if the risks do occur, as well as other factors, such as time frame and risk tolerance
of the project constraints of cost, schedule, scope, and quality. The importance of a risk can
be evaluated and it’s priority known by using a look-up table or a probability and impact
matrix. Such kind of matrix specifies combinations of probability and impact that lead to
rating the risks as low, moderate and high priority.

Risk Response Mapping is the process of developing options, and determining actions to
enhance opportunities and reduce threats to the project’s objectives. It follows Qualitative and
Quantitative Risk Analysis processes. It includes the identification and assignment of one or
more persons (the risk response owner) to take responsibility for each agreed-to and funded
risk response.

Risk Response Planning addresses the risks by their priority, inserting resources and
activities into the budget, schedule and project management plan, as needed.
Risk Response Inputs:
• Risk Management Plan
• Risk Register
Project risk management is a project management activity that involves identifying,
assessing, measuring, documenting, communicating, avoiding, mitigating, transferring,
accepting, controlling and managing risk.

Strategies for Negative Risks or Threats:

• Avoid
• Transfer
• Mitigate

Strategies for Positive Risks or Opportunities:

• Explore
• Share
• Enhance

Strategies for Both Threats and Opportunities:

• Acceptance
• Contingency Response Strategy


• Risk Registers (Updates)

• Project Management Plans (Updates)
• Risk Related Contractual Agreements

Q2: Explain the Project risk in " Parmanu: The story of Pokhran". Explain the risk mitigation strategy
in detail.
A2: Project risk management is a project management activity that involves identifying, assessing,
measuring, documenting, communicating, avoiding, mitigating, transferring, accepting, controlling
and managing risk.
Following Project risks can be identified in “Parmanu: The story of Pokhran”:

• Executive support: Before the Pokhran project there was gross negligence among the
executive body. The need for testing a nuclear weapon and the requisite research surrounding
it was not understood. This was followed by half-hearted implementation in 1995 leading to
failure when India was caught red handed by the CIA. The necessary tasks which were
necessary to make this a covert operation were not undertaken. Furthermore, in 1998 when
the project was underway Ashwath Raina received orders to abort the project from Himanshu
Shukla (the Principal Secretary to the Prime minister, late Shri Atal Bihari Vajpayee) due to
threats to the PM office from their allies who threatened to withdraw the support and dissolve
the Government over various issues. Later when Raina pressed Shukla to continue the project,
Shukla was not on board initially and had faced difficulties to renew the project.
• Project Scope: Project scope should have been identified and defined to gain better and
timely outcomes. The fact that they were not resolute and the fear of repercussions if the intel
were to leak out undermined the project scope.
• Technical issues: The project had to be stealthy and covert in nature. Security systems and
operational procedures had to be developed to keep the project undetected by the CIA.
• External pressure: One of the biggest risks faced in the Pokhran project was external
pressure i.e. pressure of investigation by the CIA. If the details of the project were leaked
somehow, the Indian Government would have the run the risk of losing potential allies.
The risk mitigation strategies which were adopted are as follows:

• Accepting of the risk: In the light of a negligent and apprehensive executive body, Ashwath
Raina was resolute in his intentions and had relentlessly pursued the project believing that the
outcome would be beneficial to the future of India. Even though Himanshu Shukla had tried
to abort the project primarily due to the sensitivity of the project and externally induced risks,
Raina was determined and completed the project successfully. It should be noted here that
Himanshu Shukla wanted to resort to an `avoid’ strategy.
• Transferring the risk: The onus of the project was transferred to a highly specialised team
which followed a “strong matrix” organisational structure. The team consisted of specialists
in their functional areas from organisations like DRDO, Indian Army, BARC, ISA and IB
with Ashwath Raina at the helm as the Project manager.
• Reducing the risk/ Risk Buffering: Risks arising due to external pressure and technical
issues were reduced by camouflaging, surveillance and specialised contraptions. The team
identified blind spots when they could work without running the risk of detection due to
foreign surveillance. Procurement of nuclear material was also completed about a month
before the finalised launch dates and a contingency plan was also present to send back the
nuclear material in case of an emergency without leaving a paper trail.
• Organizational Flexibility: The Pokhran Test involved high levels of uncertainty. Some of
the risks were not identified or anticipated from before and hence no mitigating actions could
have been taken to resist them during the planning stage. A more flexible decision-making
approach was adopted with frequent change of schedule and decisions were revised on the go.
The project was restructured and hence the impact of the early decisions was minimized.
• Risk Control: There was considerable risk of news about the test being leaked by spies in the
area. Both CIA and ISI, with a few locals also involved. Hence the team changed their real
names and called each other using their alias i.e. Krishna, Yudhisthira, Bhima, Arjuna,
Nakula and Sahadeva. They also used satellite walkie-talkies which was safe and could not be
detected or tapped by the spies or external agencies. Everyday they had a different pass-code
which would be a line from an old Bollywood song for entering the secured area. They also
had limited exposure to the outside world and Ashwath Raina had to pretend to be a
University Professor to maintain his cover. They had also identified blind spots and worked in
those timings.