Project Risk ManagementSESW 108: Program Development and Management

Dr. Kazi Abdur RoufInstructor

Settlement Services Worker Certificate Social Service Worker Part-Time Diploma Program

School of Social and Community ServicesHumber College Institute of Technology and Advanced Learning

Building C, Lakeshore Campus, TorontoTuesday, November 13, 2012

6:30 - 9:30 PM(11th class lesion)

Project Risk Management

• Project Risk Management Definition, Objectives and Process• Components of Risk Management • Project Risk Continuum • Risk Management Model• Risk through the Project Life Cycle• Risk Management Responsibility• Develop Risk Assessment Criteria• Risk Identification• Process of Risk Identification• Misinterpreting the Scope of Work

Project Risk Management Definition, Objectives and Process• It is process concerned with identifying, analysing and responding to

uncertainty (throughout the project cycle). It includes maximizing the results of positive events and minimizing the consequences of adverse events.

• The purpose of Project Risk Management is to provide an outline of project risk and opportunity, and a methodology for reducing risk to an acceptable level.

• A key component of project management is making decisions with a high degree of certainty of the outcome.

• However, in real world most decisions are based on incomplete information with an associated level of uncertainty about the outcome.

• Agency success has typically been setup to take advantage of these opportunities-to make new, or change an existing facility.

Project Risk Management Definition, Objectives and Process

• So risk has always been an intrinsic part project management.• The risk continuum indicates the boundaries of risk management between

certainty and uncertainty. • Risk, uncertainty and opportunity are closely related. When risk occurs, this

may open up an opportunity and conversely when pursuing an opportunity there will be associated risks.

Project Risk ManagementTotal Risk Uncertainty No Risk

Scope of Risk Management

Unknown, Unknowns Unknowns, Unknowns Knowns

No information Partial information Complete information

Enter new market Feasibility study identifies unknown issues

Closeout report , project successfully completed

Risk Continuum

Risk Management Model

Risk Control Monitor and Review Document Risk Management

Define Objectives Identify Risk Quantify Risk Develop Responses

Components of Risk Management

Define Objectives: Define the content of the work and the plan for success. Identify Risk: identify areas of risk and uncertainty which may limit or prevent you achieving your agency objectivesQuantify Risk: Evaluate and prioritize the level of risk and uncertainty and quantify frequency of occurrence and impactDevelop Response: Define how you are going to respond to the identified risks; eliminate, mitigate, deflect or acceptDocument: the risk management plan documents how you propose to tackle risk on your projectRisk Control: the risk control function implements the risk management plan. This may involve training and communication. And as the risks and the work environment are continually changing, it is essential to continually monitor and review the level of risk and your ability to effectively respond.

Risk through the Project Life CycleProject Cycle

INCREASINg

RISk

Values

Plan Accomplish

Phase 1 Concept Conceive

©

Phase-2Development

Develop (D)

Phase-3Implementation

Execute (E)

Phase-4Termination

Finish (F)

Time

Period of Highest Risk ImpactAmount at stake

Risk and opportunity

Risk Management Responsibility

Who is responsible for managing risk? •The GM and managing director are ultimately responsible to the board of directors and the shareholders for managing risk within the agency. •However, this responsibility is usually delegated through the corporate hierarchy with the project managers responsible for project risk and the functional managers responsible for their department’s risk. •The respective mangers then be responsible for developing a risk management plan to identify, quantify, respond and control risks that affect their scope of work.

Disaster Recovery•The ultimate unplanned catastrophe could results significant damage or loss of the organization, which needs to develop a disaster recovery plan. The objective of disaster recovery planning is to reduce the consequence of a disaster to an acceptable level. •The responsibility for developing and implementing the disaster recovery plan should be assigned to a particular manager as part of the organization’s risk management.

Risk Management Responsibility

General ManagerDisaster Recovery Manager

Civil Manager Mechanical Manager Electrical Manager

PM-1

PM-2

Functional Risk

Project Risk

External Risk

Risk Management Integrated

Project RiskQuality

Scope

TimeCost

Project Management

Integration Information Communications

Human Resources

Contract Procurement

Feasibility Life cycle

Ideas data

Forecast Availability

Services suppliersBudget cash flow

Schedules

Requirements standards

Develop Risk Assessment Criteria

• Develop Risk Assessment Criteria against which risks can be assessed and decisions made. These criteria may be based on operational, technical, financial, legal, social and humanitarian requirements. There will be internal, external constraints.

• Internal project• Internal corporate• External• It is important to understand the environment of the project or the nature of

the problem.

Risk Identification

• It is needed to plan to prevent failure• Risk identification is probably the hardest and most important part of the risk

management process, because if you cannot identify a risk, it will be executed from further analysis and probably find no respond to it.

• The process of risk identification is not a one time event, but rather a continuous process, its frequency depending on the level of risk on the project and schedule of meetings.

Cause and Effect Preform

WBS Objectives Cause Effect

1.1

1.2

Process of Risk Identification

RI should be a systematic process to ensure nothing significant is over looked. By adding another column, combinations of risk can also be considered.Techniques for identifying risk include:•Analysing historical records- closeout reports •Structured questionnaires•Structured interviews•Brainstorming•Structured check list •Flow chart•Judgement based on knowledge and experience•System analysis•Scenario analysis (what-if)

Misinterpreting the Scope of Work

Misinterpreting the Scope of Work is a common cause of project failure. Others include:•Mixing and confusing; tasks, specifications, approvals and special instructions•Using imprecise or vague language, example; nearly, optimum, about or approximately•No pattern, structure, or chronological order. The WBS and CPM techniques have not been used. •Wide variation in size of tasks and work packages•Wide variation in how to describe work details •Failing to get third-party review or verification

Source: Rory Burke (1999). Project Management: Planning and control techniques. Chapter 22. Toronto: Willey.

Other Common Reasons for Project Failure

• Not working closely with the client• Poor estimating• Inadequate planning• Insufficient reviews and control• Lack of commitment buy all stakeholders• Incomplete information• Incomplete design o the project• Little information, wrong information

Disaster Recovery Planning

A disaster is a sudden, unplanned catastrophe.The objectives of disaster recovery management is to reduce the consequence of a disaster to an acceptable level. This is the ultimate contingency plan!Disaster recovery planning is essentially a contingency response from the risk management planning, but due to the unique nature and size of the problems it is probably best managed separately-as a project. The Management of the disaster recovery plan should be assigned to a manager with responsibility to set up a team to: •develop the disaster recovery plan•Control the disaster plan•And when the time comes- implement the disaster recovery plan quickly and effectively

Disaster Recovery Implementation • When a disaster happens, now is the time to implement carefully developed and

updated disaster recovery plan. • The fist step is to mobilise the disaster recovery team, set an office with necessary

equipment, information, and communications are ready. • Communicate the disaster recovery plan to all the key people and stakeholders.

This includesEmployees, clients, suppliers, and media

• It is necessary relocate the office near the catastrophe area• Recover the critical data which should have been regularly backed up and stored

off site• Develop recovery plan and disseminate it to the related staffs. • Accurately tell clients how long it will take to go back to offer normal services

Reference: Burke, Rory (2001). Project Management: Planning & Control Techniques. Chichester: John Wiley & Sons Ltd.