06-08-2013

PART II
Risk Identification
Risk identification is the process of determining
risks that could potentially prevent the program,
enterprise, or investment from achieving its
objectives. It includes documenting and
communicating the concern.

Risk management is concerned with identifying
risks and drawing up plans to minimise their effect
on a project.

Risk identification is an iterative process.
1. Assumptions Analysis
2. Checklists
3. Prompt Lists
4. Brainstorming
5. Facilitated workshops and
6. Interviews

Methods of Risk Identification
NOTE: Details can be seen in hidden slides
Assess probability and seriousness of
each risk.
Probability may be low, medium, high or
extreme.
Risk effects might be catastrophic,
serious, tolerable or insignificant.
Risk Analysis
One good reason for using qualitative analysis
even if you intend to use quantitative analysis is to
filter out the minor risks first so you dont waste
time and resources analyzing minor risks.
You come out of qualitative analysis with a good
idea of overall project risks, which will be important
to your stakeholders.
Moreover you have prioritized your identified risks,
and youre ready to either go on into more
quantitative analysis, or to developing your
response plan.
Qualitative Risk Analysis
Overall risk ranking for project
based on red condition risks
List of prioritized risks
by condition (red/yellow/green)
by impact type (cost/schedule/scope/quality)
by data precision

Risks requiring further analysis & management
Analysis trends
Qualitative Risk Analysis Outputs
A template of Qualitative Risk Analysis
Quantitative analysis of probability and impact:
determine probabilities of not achieving project objectives
determine realistic cost, schedule, and scope objectives
quantify risk exposure
quantify specific risk contributions to overall risk exposure
Often follows qualitative risk analysis, but both can be done
together.
Large, complex projects involving leading edge technologies
often require extensive quantitative risk analysis.
Main techniques include:
Sensitivity analysis
Decision tree analysis
Quantitative Risk Analysis
A template of Risk Quantification
A typical QRA Template on Excel Sheet
Sensitivity Analysis is a technique used to show
the effects of changing one or more variables on an
outcome.
For example, many people use it to determine what the
monthly payments for a loan will be given different
interest rates or periods of the loan, or for determining
break-even points based on different assumptions.
Spreadsheet software, such as Excel, is a common
tool for performing sensitivity analysis.
It determines which risks have the greatest effect on
the project objectives
Sensitivity Analysis
They are like flowchart diagrams and represent a
method of looking at many options and making a
decision. By analyzing the impact each decision
will have, the risks of taking that decision can be
forecast and used to anticipate problems or inform
the direction that the project may take.

This technique is best suited to simpler situations.

In complex scenarios they can become confusing
and complicated.
Decision Trees
Decision Trees
Objective of Risk Response Planning
Develop options and determine
actions to enhance opportunities
and minimize threats to project
objectives.
Assign responsibility to individuals
or parties for each risk response.
Criteria for Risk Response Planning
Risk response must be:
Proportional to the severity of the risk.
Cost effective.
Timely.
Realistic.
Accepted by all parties involved.
Owned by a person or a party.
Main Strategy of Risk Response Planning
Strategy for Negative Risks
Avoid
Mitigate
Transfer
Accept

Strategy for Positive Risks
Exploit
Share
Enhance
Avoid or Eliminate Risk
Remove the cause, make an alternative course of
action
This should occur during the design and planning
stage
Not all risks can be avoided, but some may.
Mitigate or Reduce Risk
Risk mitigation aims at reducing the probability
and/or impact of a risk to within an acceptable
threshold.
The probability/Impact should be mitigated before
the risk takes place.
Mitigation costs should be appropriate given the
likely impact and probability of the risk.


Risk Response Planning
Transfer or Deflect Risk
Transfer the risk (in part or whole) to a third party
It is most effective in dealing with financial risk
exposure.
The use of insurance, performance bonds,
warranties and guarantees.

Accept Risk
Acceptance indicates a decision not to make any
changes to the project plan to deal with a risk or
that a suitable response strategy cannot be
identified. This strategy can be used for both
negative and positive risks
Risk Response Planning
More about Risk Mitigation
Mitigation actions are proactive to prevent a risk
from occurring and impacting the project or
reducing the impact of the risk. Plans are
prepared for execution after a risk occurs,
becomes a problem and starts to impact the
project.
Risks can be mitigated not only by eliminating
the risk but also by reducing their degree of
occurrence and/or lessen the impact to the
project.
Contracting out: The act of transferring all or
part of a risk to another party, usually by some form
of contract.
Clients Risk
C
l
i
e
n
t
s

F
l
e
x
i
b
i
l
i
t
y

Design and Build (Turnkey)
Contractors Incentive
Partnership
Cost + Fixed Fee
Cost + % Fee
Fixed Price Contract
Build own, operate and transfer (BOOT)
Unit Rates
More about Deflecting Risk
Insurance
direct property damage
business interruption
legal liability
personal liability
Retention
client retains a % of the contractors income until completion.
This can severely affect the contractors cash flow
Bonds
contractor offers a bond (through a bank) to cover lack of
performance / poor quality
Futures
for projects involving multi-currency transactions you can
offset the effects of currency fluctuations by paying a
premium to purchase currency at an agreed rate in the future
Examples of Deflecting Risk
More about Accepting Risk
Acceptance The project team decides not to
change project objectives to deal with the risk.
Passive acceptance: no action , deal with
threats as they occur (workarounds)
Active acceptance: develop a contingency
plan or establish a contingency reserve to
handle risks
Residual and Secondary Risks
Its also important to identify residual and
secondary risks
Residual risks are risks that remain after all
of the response strategies have been
implemented

Secondary risks are a direct result of
implementing a risk response
SARA

holding

A-CAT


A Painting by:
Mary Cassatt
S
Share
Sharing with another
party the burden of loss
or the benefit of gain,
from a risk, and the
measures to reduce a
risk."
A
Avoid
involves (1) taking steps to
remove a hazard, (2)
engage in
alternative activity, or (3)
otherwise end a
specific exposure.
R
Reduce
Taking measures to reduce
the likelihood of a loss, or
to reduce the severity of a
possible loss.
A
Accept
Occurs when the cost of
managing a certain type of
risk is accepted, because
the risk involved is not big
enough to warrant the
added cost it will take to
avoid that risk.
A
Avoid
Changing a project
objective to eliminate
the threat posed by
an adverse risk event.
C
Control
Techniques to evaluate
potential losses and
take action to reduce or
eliminate such threats
A
Accept
The project team
decides not to change
project objectives to
deal with the risk.
T
Transfer
Shifting the negative
impact of a threat,
along with the
ownership of the
response, to a third
party.
Courageous risks are life-giving,
they help you grow, make you brave,
and better than you think you are.