5 Risk Management

Risk analysis starts with a qualitative analysis which can be extended by a quantitative analysis

• Qualitative Risk Analysis: First Estimation of the probability of occurence and the impact of the individual risk

• Quantitative Risk Analysis: Numerical analysis of the probability of occurence and the impact of the identified risks

  • Often based on historical data

  • Due to high effort ususally only performed on important risks

  • Tools: Probability analysis, sensitivity analysis, modeling and simulation

Risk identification is performed throughout the entire project and is about identifying individual risks and documenting their traits

Risk Response Planning determines how to address overall project risk exposure and how to treat individual risks

• Activities:

  • Plan, agree on and assign activities to treat the identified risks

    • Activities should be reasonable in relation to the importance of the risk and have

    • Reasonable cost-benefit relation

    • Accepted by all parties

  • Identify and assign a responsible person for each risk and its adopted action plan (Risk Owner)

Risk Treatment Implementation means the execution of the activies and plans defined in the Risk Response Plan

• The Risk Owner is accountable for the execution of the plans, i. e. he / she can delegate them to one or more Risk Responsible

• These activities are NOT the activities executed when the risk becomes a problem → In this case there is another dedicated plan (e.g. plan B)

• Risk Assessment: Assess and analyze new risks or review known risks

• Risk Audit: Review of the effectiveness of the chosen policies and measures and the risk management process

• Variance and Trend analysis: e.g. Earned Value Analysis

• Technical Performance Measurement: Measurement of project progress based on concrete project results

• Reserve Analysis: Determining/Checking the reserves (Management and Contingency Reserve)

• Status Meetings: Risk Management could be on the agenda for each process status meeting

The Probability Impact Matrix provides a fast overview of the risks in a projects

• Can be provided after the qualitative risk analysis:

A risk is a problem that may occur. A problem is a risk that already occured.

• Document reviews (assumptions, estimates, potential issues, etc.)

• SWOT Analysis

• Techniques of information gathering: Brainstorming, Delphi etc.

• Interviews

• Expert judgment

• Reduce the probability and extent of negative events

• Increase the probability and extent of positive events

• Enable specification of achievable goals and deadlines

• Prevent the failure of the overall project if workstream or tasks fail

• Avoid: Completely eliminate the threat.

• Mitigate: Reduce the likelihood or / and the impact

• Transfer: Full or partial transfer of the risk impact to someone else

• Accept: • No treatment activities

  • Active Acceptance: Assigning emergency resources (budget, buffer on schedule, etc.)

  • Passive Acceptance: No activity

  
  

identify new risks and ensure the management of already identified risks

• Activities:

  • Identifiy new risk

  • Assess whether existing risks are still valid

  • Re-evaluate existing risks

  • Re-evaluate risk treatment

  • Track the status of risk management/treatment activities

  • Evaluate the effectivenes of the risk management process

risk response treatment —> handle risk while it is still a risk

emergency plan —> how to handle the problem (occuring risk)

Risk Management are all coordinated activities to direct and control an organization with regard to risk, performed during the entire project duration

The scope of risk response planning is the overall project risk as well as the individual risks