11- Risk

Management
Unit

11
- 11
11-

Agenda

1.
2.
3.
4.
5.
6.

.
.

.

.
.

.

1. Plan Risk
Management .
2. Identify Risks .
3. Perform
Qualitative Risk
Analysis.
4. Perform
Quantitative Risk
Analysis .
5. Plan Risk
Responses.

11 - Project Risk Management

11 -
1 11

2 -11

3 -11

11-4

5 -11

6 11

11.1 Plan Risk Management

The process of defining how to conduct
risk management activities for a project.

11.2 Identify Risks

The process of determining which risks
may affect the project and documenting
their characteristics.

11.3 Perform Qualitative Risk

Analysis
The process of prioritizing risks for
further analysis or action by assessing
and combining their probability of
occurrence and impact.

11.4 Perform Quantitative Risk

Analysis
The process of numerically analyzing
the effect of identified risks on overall
project objectives.

11.5 Plan Risk Responses

The process of developing options and
actions to enhance opportunities and to
reduce threats to project objectives.

11.6 Monitor and Control

Risk Event

A discrete
possible future
occurrence that
may affect the
project for better
or worst.
Can have :
Positive outcome
(Opportunities).
Negative outcome
( Risks).

Can be evaluated
by combining its
probability of

.
:
. ( )
. ( )

.
4

Why Do We Have Risks In

Projects

Every projects has

risks.
Changing
business
environment.
Risky
opportunities.
Risky decisions.
:
Projects
Past Are
experience
1. Temporary
may
repeat.
2. not
Unique

.
.
.
.

.
:
. 1.
. 2.
5

Benefits of Risk Management

Prevent surprises
and problems.
Prevent
management by
crises.
Increase
probabilities of
project success.
Increase
profitability.
Decrease overall
project variances.
Gain competitive

.
.

.
.
( )
.
.

Uncertainty

) ( :


:

)( .
)( .

.
)
( .

)
( .

Certainty:
when one can specify
exactly what will happen
during the period of time
covered by the decision.
This situation is not
happen very often in
project management .

Risk:
Risk has a place in a
calculus of probabilities
and lend itself to
quantitative expressions.

Uncertainty:
A situation in which there
are no historic data or
previous history relating
the situation being
considered by decision
-maker.

Uncertainty
) )
Many decisions are
taken while most of
the information are
not complete.
Decisions should be
taken with certain
amount of
uncertainty.
Only when things
are certain, the
decision will be to be
found wrong or
right.
There are not wrong
decisions !!

.

) (
. ( )

,
.

.!!!

Risk Tolerances and Thresholds

Tolerance :
Are the areas of risk that
are acceptable or
unacceptable . It can
include any project
constraints ( scope, cost,
time , quality ..) as well
as intangibles that may
affect the customers .
Example : If this risk will
affect our image will not
be acceptable .

Thresholds :
Is the point at which a
risk become
unacceptable .
Example : If there is a
delay for 3 weeks or
less , then go on .

: ( )

.
, , )
( ...... ,

.
:
.

:

.
:
. ,

Plan Risk Management 11.1

( Planning )
) ) 11-1

Risk
Management
Planning is the
process of
deciding how to
approach and
conduct the risk
management
activities for a
project.

.
10

Known / Unknown Risks

/
Known risks:
Are those that have
been identified and
analyzed.
It may be possible to
plan for known risks.

Unknown risks:
Cannot be managed.
Project managers
may address them by
applying a general
contingency plan,
based on past
experience with
similar projects.

:
.

.

:
.


,
.
11

Threats and Opportunities

Organizations
perceive risk as:
Threats to project
success
Opportunities to
enhance chances of
project success

Risks that are

threats to the
project may be
accepted if the risk
is in balance with
the reward that may

:
.

.

.
12

Plan Risk Management 11.1

11 1
Tools & Techniques

Inputs
1.
2.
3.
4.

Project scope statement

Cost management plan
Schedule management plan
Communication management
plan
5. Enterprise environmental
factors
6. Organizational process assets

1. Planning meetings and

analysis

Tools & Techniques

Inputs
.
.
.
.

.
.
13

1.
2.
3.
4.
5.

1.

6.
Source: PMBOK Guide Fourth Edition,
page 227

Outputs
1. Risk management plan

Outputs

1.
.

Plan Risk Management ( Planning ) 11.1

) ) 11 1
1.
2.
3.
4.
5.

6.

Project scope
statement
Cost management
plan
Schedule
management plan
Communication
management plan
Enterprise
environmental
factors
Organizational
process assets

.
.
.
.

.
.

1.
2.
3.
4.
5.
6.
14

Planning Meetings and Analysis

Project teams hold
planning meetings
to develop the risk
management plan.
Attendees at these
meetings may
include:

Project manager.
Selected project team
members.
Stakeholders.
Anyone in the
organization with
responsibility to
manage the risk
planning and
execution activities.
Others, as needed.

.

:
.

.
.


.
.

15

Planning Meetings and Analysis

General
organizational
templates for risk
categories and
definitions of terms
will be tailored to
the specific project
such as:

Levels of risk.
Probability by type of
risk.
Impact by type of
objectives.
Probability and
impact matrix.

The outputs of these

activities will be
summarized in the

:
.
.
.
.

.
16

Risk Management Plan

.

.
17

The risk
management
plan describes
how risk
management
will be
structured and
performed on
the project.
It becomes a
subset of the
project

Risk Management Plan

Contents

Methodology
.

Roles and
responsibilities
Budgeting
Timing
Risk categories
Definitions of risk
probability and impact
Probability and impact
matrix
Revised stakeholders
tolerances
Reporting formats
Tracking

.
.
.
.
.
.

.
.
.

18

) 11.2 Identify Risks ( Planning

) ) 11- 2

.
19

Identify
Risks
determines
which risks
might affect
the project
and
documents

Risk Categories
) (
:

20

: ,,
, .
: ,,
, )
( ,
,,
, ,
... .
: .
:
%10 .

By source of
risks :
External :
regulatory,
environmental,
government, market
shifts.
Internal : time, cost,
scope changes,
inexperience, poor
planning, people,
staffing, materials,
equipments Etc..
Technical : changes
in technology .
Unforeseeable :

Risk Categories
) (
Caused or
generated by
risks :
The customer .
Lack of project
management efforts .
Lack of knowledge of
project
management .
The customers
customer .
Suppliers .
Resistance to

:
.

.

.
.
.
.
.

21

Examples of Risks - Project Management

Perspective

Scope Risks:
Risks associated
with changes of
scope, or the
subsequent need
for Fixes to
achieve the
required technical
deliverables.

Quality risks:
Failure to complete
tasks to the
required level of

:

,


.

:


.
22

Risk Categories
) (

,
300 .

)
( :

23

.

. $ 12,000

.
%25
.

Scope :
We may not have
prepare a good
statement of work for
building the ramp . That
will delay us more four
days and cost more
$12,000 .

Resources :
The experienced
engineer will not arrive
until next week , this
can add 300 working
hours to the schedule .

Customer
satisfaction
( Stakeholder
satisfaction ) :
If our customer was not
satisfied for the results
of submitted work . It
may increase our

Types of Risks Another Way

) ( :

:
.

)
( :

24

.
.
:
.

.
.
:
)( .
.

Knowns (Known Risks):

Items or situations
containing no uncertainty.
Risks that where identified.
Example : Death It will
happen & there is no
uncertainty about it.

Known Unknowns:

Exist but how do they affect

?us
Example : Electricity Bill
we know we will get one
next month, but we dont
know how much it will be.

Unknown Unknowns
(Unknown Risks):
Neither know about them
nor know about effects.
Risks that where not
identified.
Example : before the first

Risk Categories - Risk

Identification

Technical quality, or
performance risks:

Project management
Risks:

Examples : Poor allocation of time

and resources, inadequate quality
of the project plan, Poor use of
project management disciplines.

Organizational Risks:

Examples : Reliance on unproven

or complex technology, unrealistic
performance goals, changes to
the technology used or industry
standards during the project.

Examples : Cost, time & scope

objectives that are internally
inconsistent, lack of prioritization
of projects, inadequacy or
interruption of funding, resources
conflicts with other projects.

External Risks:

Examples : Shifting legal or

regulatory environment, labor
issues, changing owner priorities,

,
:

:
, ,

.

:
, :

,
.

:
, :
, ,
........ , ,( )

:
,, :
, ,
,
.

25

Types of risks Corporate Business management

Perspective

Business Risks:
Normal risk of doing
business.
Includes the inherent of
both profit or loss
association with the
business.
Organizations employ
professionals to
increase the chances of
profits & reduce the
chance of loss.
Objective : maximize
profit.

Pure ( Insurable )
Risks:
Risks that presents

:

.

.


.
. :

)
: (

.
. :

26

Insurable Risks Pure Risks

Direct Property Risks (Insurance

against Assets):

indirect Property Risks

(Consequential) Risk
(Insurance against Impact on
3ed. Parties):

Extra expenses associated with renting

alternative temporary accommodation
or equipment following its damage or
destruction.
Loss due to business interruption due to
unavailability of equipment
replacement.

Legal Liability (Insurance

against a Person Filing a
Lawsuit .Professional
Protection):

(Auto collision, fire, theft, flood, wind

storm,...Etc.).

Design errors, project performance

failure, personal injury or property
damage against the contractors.

Personal (Staff Protection):

)
: (
, , , () )
. (... ,

)
( )
:

)(
.

.

: ( )
.

)
: ( .....
, ,

. )(

27

Example Risk Breakdown Structure , Risk

management Plan
,

28

Example Risk Breakdown Structure , Risk

management Plan
,

29

Identify Risk Team

Participants in risk
identification
activities can
include the
following:
Project manager
Project team members
Risk management team
(if assigned)
Subject matter experts
from outside the project
team
Customers
End users
Other project managers
Stakeholders
Risk management
experts

:
.
.
. ( )
.

.
.
.
.
.

30

Identify Risk is Iterative

Identify Risk is an iterative

process because new risks may
become known as the project
progresses through its life cycle.
The frequency of iteration and
who participates in each cycle will
vary from case to case.
The format of the risk statements
should be consistent to ensure the
ability to compare the relative
effect of one risk event against
others on the project.
The project team should be
involved in the process so that
they can develop and maintain a
sense of ownership of, and
responsibility for, the risks and
associated risk response actions.
Stakeholders outside the project
team may provide additional
objective information.

.

.


.



.


.

31

11.2 Identify Risks

11- 2
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.

Risk MP
Activity cost estimates
Activity duration estimates
Scope baseline
Stakeholder register
Cost MP
Schedule MP
Quality MP
Project documents
Enterprise env. factors
Organizational process assets

1.

1. Documentation reviews
2. Information gathering
techniques
3. Checklist analysis
4. Assumptions analysis
5. Diagramming techniques
6. SWOT analysis
7. Expert judgment

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.

.
.
.
.
.

.
.

Risk register

Outputs

Tools & Techniques

Inputs
.
.
.
.
.
.
.
.
.
.
.
32

Outputs

Tools & Techniques

Inputs

1.
2.
3.
4.
5.
6.
7.

Source: PMBOK Guide Fourth Edition,

page 282

1.

11.2 Identify Risks ( Planning )

11- 2 ) )
1.
2.
3.

Risk management plan

Activity cost estimates
Activity duration
estimates
4. Scope baseline
5. Stakeholder register
6. Cost management
plan
7. Schedule management
plan
8. Quality management
plan
9. Project documents
10. Enterprise
environmental factors
11. Organizational process
assets

.
.
.
.
.
.
.
.
.

.
.

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
33

11.2 Identify Risks

11- 2
1. Documentation
reviews
2. Information
gathering
techniques
3. Checklist analysis
4. Assumptions
analysis
5. Diagramming
techniques
6. SWOT analysis
7. Expert judgment

.
.
.
.
.

.
.

1.
2.
3.
4.
5.
6.
7.
34

Documentation Reviews

A structured review
may be performed of
project
documentation,
including:

Plans
Assumptions
Prior project files
Contracts .
Other information

The quality of the

plans, as well as
consistency between
those plans and with
the project
requirements and
assumptions, can be

:
.
.
.
.
.

35

36

Information gathering
techniques

Brainstormin
.
g
.
Delphi
.
technique.
.
Interviewing .
Root cause

analysis .
.
SWOT

Information Gathering
Techniques

Brain storming :
:
Done in a meeting where one
idea helps generate another .

Delphi technique :

Used to build consensus of

experts who participate
anonymously.
A request for information sent
to the experts , there responses
are compiled , the results are
sent back to them until
consensus . This technique can
be used in cost and time
estimation .

Interviewing (expert
interviewing):
Team or project manager
interviewing project
participants, stakeholders , or
experts to identify risks on the
project or specific element of
work .

:

.

,
.
.

:

.

: ( )

. , ,
.

Root cause analysis :

Recognizing the identified risks
by their root causes will help

37

Checklist analysis

Risk identification
checklists can be
developed based on
historical information
and knowledge that has
been accumulated from
previous similar projects
and from other sources
of information.
The lowest level of the
RBS can also be used as
a risk checklist.
While a checklist can be
quick and simple, it is
impossible to build an
exhaustive one.
Care should be taken to
explore items that do
not appear on the
checklist.
The checklist should be
reviewed during project
closure to improve it for
use on future projects.

.


.


.

.


.

38

Assumptions analysis

39

.


.



.

Every project is
conceived and
developed based on a
set of hypotheses,
scenarios, or
assumptions.
Assumptions analysis
is a tool that explores
the validity of
assumptions as they
apply to the project.
It identifies risks to the
project from
inaccuracy,
inconsistency, or

Diagramming techniques

Cause and effect

diagrams :
These are also known as
Ishikawa or fishbone
diagrams, and are useful for
identifying causes of risks.

System or process
flow charts:

These show how various

elements of a system
interrelate, and the
mechanism of causation

Influence diagrams:
These are graphical
representations of situations
showing causal influences,
time ordering of events, and
other relationships among
variables and outcomes.

:



.

:


.

.




.

40

SWOT Analysis
,,

This technique examines the project

from each of the SWOT (strengths,
weaknesses, opportunities, and
threats) perspectives to increase
the breadth of identified risks by
including internally generated risks.
The technique starts with
identification of strengths and
weaknesses of the organization,
focusing on either the project
organization or the wider business.
These factors are often identified
using brainstorming.
SWOT analysis then identifies any
opportunities for the project that
arise from organizational strengths,
and any threats arising from
organizational weaknesses.
SWOT analysis also examines the
degree to which organizational
strengths offset threats and
opportunities that may serve to

.


.

.



.




.

41

SWOT Analysis
,,

42

.
.
.
.

Strengths
Weaknesse
s
Opportuniti
es
Threats

Internal Components Strengths and

weaknesses

Strengths and

weaknesses are

internal to your
, (
project and
organization, and
:
can be assessed

through:
.
Internal surveys
Focus Groups
.
Open Forums

,
,
:

Internal reports:
. ,
finance,
performance,
quality, production
capabilities

43

External Components Opportunities

and Threats

Opportunities and
threats are external
to your project
and/or organization,
and can be assessed
through:
Internal and external
surveys
Industry research on
global trends and
competition
Marketing research
on customer needs
and preferences

)
(
:

.

.

. ( )
44


,,

SWOT

Risk register

The primary outputs from

Identify Risks are the initial
entries into the risk register.
The risk register ultimately
contains the outcomes of the
other risk management
processes as they are
conducted, resulting in an
increase in the level and type of
information contained in the
risk register over time.
The preparation of the risk
register begins in the Identify
Risks process with the following
information, and then becomes
available to other project
management and Project Risk
Management processes.
Risk register include :
List of identified risks.
List of potential

.




. ( )




.
:
.
.

46

Perform Qualitative Risk Analysis 11.3

( Planning )
) ) 11- 3

Perform
Qualitative
Risk Analysis
includes
methods for
prioritizing the
identified risks
for further
action, such as
Quantitative
Risk Analysis or

,


.
47

Example Risk Breakdown Structure , Risk

management Plan
,

The Risk Breakdown

Structure (RWBS):
Is lists the categories
and sub categories
within which risks
may arise for a
typical project.
Different RWBS will
by appropriate for
deferent types of
projects and
deferent types of
organizations.

)(

.



.
48

11.3 Perform Qualitative Risk

Analysis
113

Outputs
Inputs
Tools & Techniques

1.
2.
3.
4.

Risk register
Risk management plan
Project scope statement
Organizational process
assets

1. Risk probability and impact

assessment
2. Probability and impact
matrix
3. Risk data quality
assessment
4. Risk categorization
5. Risk urgency assessment
6. Expert judgment

Inputs

Tools & Techniques

.
.
.

.

49

1.
2.
3.
4.

.
.
.
.
.
.

1. Risk register updates

Outputs
1.
2.
3.
4.
5.
6.

Source: PMBOK Guide Fourth Edition,

page 289

1.
.

Qualitative Risk Analysis Tools and

Techniques

Risk probability & Impact

Assessment:
Both can be described in
qualitative terms such as ,
Very High, High, Moderate,
Low, And Very Low.
Both are applied to
specific risk events, not to
the overall project.
Helps to identify those
risks should be managed.
Risk Probability :
Is the likelihood that a risk will
occur.
Risk Impact (Consequence /
Amount at Stake )
Is the effect on project
objectives if the risk event occur.

.

, , ,
. ,

.

.

:
.
/ )
. (
.
50

11.3 Perform Qualitative Risk Analysis

11- 3

1. Risk register
2. Risk
management
plan
3. Project scope
statement
4. Organization
al process
assets

.
.
.

.

1.
2.
3.
4.

51

11.3 Perform Qualitative Risk Analysis

( Planning )
11- 3

1. Risk probability
and impact
assessment
2. Probability and
impact matrix
3. Risk data
quality
assessment
4. Risk
categorization
5. Risk urgency
assessment

.

.

.
.
.
.

1.
2.
3.
4.
5.
6.

52

Risk Probability and Impact

Assessment

Risk probability
assessment
investigates the
likelihood that each
specific risk will
occur.
Risk impact
assessment
investigates the
potential effect on a
project objective
such as time, cost,
scope, or quality,
including both
negative effects for
threats and positive

.






.
53

Probability and Impact Matrix

Risks can be
prioritized for further
quantitative analysis
and response, based
on their risk rating.
Ratings are assigned
to risks based on their
assessed probability
and impact.
Evaluation of each
risks importance and,
hence, priority for
attention is typically
conducted using a
look-up table or a
probability and impact
matrix.

.


.



.
54

Probability and Impact Matrix

Such a matrix
specifies combinations
of probability and
impact that lead to
rating the risks as low,
moderate, or high
priority.
The organization
should determine
which combinations of
probability and impact
result in a
classification of high
risk red condition,
moderate risk yellow
condition, and low
risk green condition.
Impact can be ordinal
(low, moderate, high,
and very high ) or

.




. (
)
( , , ,

. (0.1,0,3,0,5,0.7,0.9 )

55

Risk data Quality Assessment

A qualitative risk
analysis requires
accurate and
unbiased data if it is
to be credible.
Analysis of the
quality of risk data is
a technique to
evaluate the degree
to which the data
about risks is useful
for risk
management.
It involves
examining the
degree to which the
risk is understood
and the accuracy,

.



.



.
56

Risk Urgency Assessment

.





.
57

Risks requiring
near-term
responses may
be considered
more urgent to
address.
Indicators of
priority can
include time to
affect a risk

Risk Register Updates

The risk register
is initiated during
the Risk
Identification
process.
The risk register
is updated with
information from
Qualitative Risk
Analysis and the
updated risk
register is
included in the
project

"
."



"
"

.
58

Risk Register Updates

"
":

59

.
.

.

.

.

.

.

The risk register

updates from
Qualitative Risk
Analysis include:
Relative ranking or priority
list of project risks
Risks grouped by
categories
Causes of risks or project
areas requiring particular
attention
List of risks requiring
response in the near-term
List of risks for additional
analysis and response
Watchlist of low priority
risks
Trends in qualitative risk

Prioritized Risks

*

RISK Item

Overall
Prb. Impact
Risk

1 understanding of customers requirements

Poor
L

2
Unavailable
H/W before 3rd party arrival

3
Unavailable
resources during Ramadan

4
Hardware
component de-release

5
Management
change

6
Requirements
Change

60

Prioritized Risks

6
61

11.4 Perform Quantitative Risk Analysis

( Planning )
11- 4 ) )

Perform Quantitative Risk

Analysis is performed on
risks that have been
prioritized by the
Qualitative Risk Analysis
process as potentially and
substantially impacting the
projects competing
demands.
The Perform Quantitative
Risk Analysis process
analyzes the effect of
those risk events and
assigns a numerical rating
to those risks.
It also presents a
quantitative approach to
making decisions in the

"
"

""


.
"
"

.

.

62

11.4 Perform Quantitative Risk

Analysis
11- 4

Tools & Techniques

Outputs

Inputs

1. Risk register
2. Risk management plan
3. Cost management
plan
4. Schedule management
plan
5. Organizational process
assets

1. Data gathering and

representation
techniques
2. Quantitative risk
analysis and modeling
techniques
3. Expert judgment

Inputs

Tools & Techniques

63

.
.
.

.

.

1.
2.
3.
4.
5.

1.
.
2.

.
. 3.
Source: PMBOK Guide Fourth Edition,
page 295

1. Risk register update

Outputs

1.
.

11.4 Perform Quantitative Risk Analysis

11- 4

1. Risk register
2. Risk
management
plan
3. Cost
management
plan
4. Schedule
management
plan
5. Organizational

.
.
.

.

.

1.
2.
3.
4.
5.
64

11.4 Perform Quantitative Risk Analysis

11- 4

1. Data
gathering
and
representatio
n techniques
2. Quantitative
risk analysis
and modeling
techniques
3. Expert
judgment

1.
.
2.

.
. 3.
65

Data Gathering And Representation

Techniques

Interviewin
g.
Probability
distribution
s.
Expert

.

.
.
66

Interviewing




.


.
.

67

Interviewing
techniques are
used to quantify
the probability and
impact of risks on
project objectives.
The information
needed depends
upon the type of
probability
distributions that
will be used

Probability distributions

Continuous
probability
distributions
represent the
uncertainty in
values, such as
durations of
schedule activities
and costs of project
components.
Discrete
distributions can be
used to represent
uncertain events,
such as the outcome
of a test or a

.



.
68

Probability distributions

Distribution Type Description
Uniform

Normal

Triangular

All values are

likely to occur
(straight line
display)
Most values in a
sampling are close
to the mean (bellshaped density
curves with a
single peak
display)
Most optimistic,
most likely, and
most pessimistic
values are
analyzed (triangleshaped display)

)
. (

)

. (

,
,
.

69

Determine Quantitative Probability and

Impact

Various ways ;
Interviewing .
Cost and time
estimates.
Delphi technique .
Use of historical
records from
previous projects .
Expert judgments .
Expected monetary
value analysis .
Decision tree .

:
.
.
.

.
.
.
.

70

Probability Analysis Some

basics

Mean :
Sum of exposures
divided by the
number of exposures.

Median:
The mid point in a
range of exposures.

Mode:
The most frequently
occurring values.

Probability:
Probability of
occurrence as
estimated.

: ( )

.

:
.

:

.
71

Probability Analysis Some

basics

72

,17 ,22 ,25 ,26, 22 ,12

. 27 , 22 , 26 , 22 , 24
= 245
= 11
= = 245/11
22,27
) (
22
22
.

We have the
following
numbers
12,22,26,25,22,17,24
,22,26,22,27 .
Sum = 245
Number of reading
= 11
= Mean = 245L11
22.27
Median = 22
Mode = 22

Probability

Frequency of Relevant Events

Probabili
ty = Total Number Of Possible Events
=

( )

73

Probability Multiplication Rule

Multiplication Rule :
Probability of one event
and another event occurring
is equal to the production of
their individual probabilities
of occurring :
Pr ( A and B ) = Pr (Both
Events) = Pr(A) X Pr(B)
Multiplication Rule :
The probability of not
occurring the event = 1
probability of its occurring .
= 1- A
Example:

Pr (Scope defined next month) = 0.80

Pr (We will get approval) =0.70
Pr (Both will happen) = 0.80 X 0.70 =
0.56
Pr (Scope defined & No approval) =
0.80 X 0.30 = 0.24
Pr (Scope defined & approval) = 0.20 X
0.70 = 0.14
Pr (No Scope defined & No approval ) =
0.2X0.3 = 0.06

:

:
) ( =
X =
:
1
:
1 =

:
0,80 = ( )
0,70 =
( )
0,80X 0,70 = 0,56 = ( )
0,80X 0,30 = = ( )
0,24
0,20X 0,70 = = ( )
0,14
X 0,30 = 0,20= ( )
74
0,06

Probability Summation Rule

:
/
= 100% = 1

: 1

75

0,25 = 1
0,30 = 2
0,45 = 3
= 1,00

: 2
+
= 1,00
)
( = 0,70
)
( =
0,30 = 0,70 1,00

Summation Rule :
Sum of Probabilities of
alternatives for a given event /
decision :
= 1 = 100%

Example 1 :
) Probability ( Alternative 1
=0.25
) Probability ( Alternative 2
=0.30
) Probability ( Alternative 3
=0.45
Total
= 1.00

Example 2 :
= ) Pr ( No Event ) + Pr ( Event
1.00
Probability that we get
approval for our project next
= month
Pr( Approval ) = 0.70 = 70%

Quantitative Risk Analysis And Modeling

Techniques

Sensitivity
analysis
Expected
monetary
value analysis
Decision tree
analysis
Modeling and
simulation

.

.
.
.

76

Sensitivity Analysis

Sensitivity analysis
helps to determine
which risks have the
most potential impact
on the project.
It examines the extent
to which the
uncertainty of each
project element
affects the objective
being examined when
all other uncertain
elements are held at
their baseline values.

.





.
77

78

Expected Monetary Value

Analysis

Expected monetary value

" "

) (.




.



.

(EMV) analysis is a
statistical concept that
calculates the average
outcome when the future
includes scenarios that
may or may not happen
The EMV of opportunities
will generally be expressed
as positive values, while
those of risks will be
negative.
EMV is calculated by
multiplying the value of
each possible outcome by
its probability of
occurrence, and adding
them together.

Expected Monetary Value

analysis

Example
:
Work
packa
ge
A
B

Proba
bility

8%
35 %

57 %

Expec
ted
impac
monet
t
ary
value

8%

$30,0
00

$
2,400

35 %

$75,0
00

$
26,25
0

57 %

$48,0
00

$
27,36
0

$30,0
00

$
2,400

$75,0
00

$
26,25
0

$
27,36
0

$48,0
00

79

Quantitative Risk Analysis Modeling Techniques - Tools

& Techniques of Quantitative Risk Analysis

Decision Tree
Analysis:
Is a diagram
that describes a
decision under
consideration
and the
implications of
choosing one or
another of
available
alternatives.

.
80

Decision Tree Analysis

Decision tree analysis is

usually structured using a
decision tree diagram that
describes a situation under
consideration, and the
implications of each of the
available choices and possible
scenarios.
It incorporates the cost of each
available choice, the
probabilities of each possible
scenario, and the rewards of
each alternative logical path.
Solving the decision tree
provides the EMV for each
alternative, when all the
rewards and subsequent
decisions are quantified.

)
, (
.
) (
,

.

,

.

81

Decision Tree Analysis

Takes into account
future events in
trying to make a
decision today .
It calculates the
expected monetary
value ( P X I ) in
more complex
situations than the
expected monetary
value example
previously
presented .

.

X )
(


.
82

Quantitative Risk Analysis Modeling Techniques Tools & Techniques of Quantitative Risk Analysis

Decision Tree : select
the path with
maximum Expected
monetary value (EMV):
Chance
Event

Decision
Point

:
.

Outcome
100,00
0.70
s
s
e
c
Suc 0
0
0,7
Failu
re 0
0,30 .30

0. 40
s
s
e
c
Suc

0,40
Failu
re 0
0,60 .60

- 30,000
200,00
0
40,000

EVM
100
k X 0.70
= 70 k
100 k X 0.30
= - 9 k 61
k
200 k X 0.40
= 80 k
-40 k X 0.60
= 24 k
56
k
83

Decision Tree Analysis

Example

$ 242,000

5%
3
y
e
ur bilit ,00
l
i
Fa oba 000
pr $ 12 ct
d
pa
n
m
A
I
Pass
: No
Impa
ct

et
s
e
yp
t
o
ot up
r
P
00

0
00,
$2
Do
n

t P
r
set ototy

pe
u p

$0

Prototype - -

70%
e
r
lu
it y
Fai babil 000
,
pro 450
$
t
d
A n mpa c
I Pa
s
Imp s No
a ct

35% X $ 120,000
42,000

=$

$42,000+$200,000 = $
242,000
Dont Prototype

70% X $450,000

=$

84

Decision Tree Analysis

Example

e
m
i
T
On 90%

eA0
n
i
0
rl
Ai $ 9
e
Fe

$ 1,300
Air
Fee line B
$3
00

Late
$ 4 ,0
00

im e
T
On 0%
7
Lat
$4 e
,00
0

85

Modeling and Simulation

A project
simulation uses a
model that
translates the
uncertainties
specified at a
detailed level of
the project into
their potential
impact on project
objectives.
Simulations are
typically performed
using the Monte
Carlo technique.

.


.
86

Monte Carlo analysis

Done with a computer based

.
Evaluate the overall risks in a
project .
Provide the probability of
completing the project on any
specific day , or for any
specific cost .
Provide the probability of any
activity being actually on the
critical path .
Take into account path
convergence ( places in the
network diagram where many
paths converge into one
activity ).
Can be used to assess cost
and schedule impacts .

.
.

.

.

)

. (

.
.

87

Risk Register (Updates)

The risk register is
initiated in the Risk
Identification
process and updated
in Qualitative Risk
Analysis.
It is further updated
in Quantitative Risk
Analysis.
The risk register is a
component of the
project management

.


.


.
88

Quantified Risks

*

RISK Element

Overall
Risk
Prb. Impact

1Wrong Track 2 Data on Credit Card

50%

1,000 500

2Installing Cables by Unqualified Team

40%

2,000 800

3Delay in Visa Certification

30%

1,500 500

4In-Operable Encryption S/W

40%

2,000 800

5In-Availability of Comms from PM

30%

1,000 300

TOTAL
89

2,900

Quantified Risks

500

1,000

50%

800

2,000

40%

500

1,500

30%

800

2,000

40%

300

1,000

30%

2,900

TOTAL
90

Perform Quantitative Risk

Analysis

Involves numerical analysis of the

probability and impact of the risk .
Determine which risk event
warrant a responses .
Determine overall project risks .
Determine the quantified
probability of meeting project
objectives ( e.g. we have an 80%
chance to completing the project
within the six months required by
the customer , or we have an 60%
chance to completing the project
within the $345,000 budget .
Determine cost and schedule
reserves .
Identify the risks required the
most attention .
Create realistic an achievable cost
, schedule, or scope targets .

.
.
.

: )
%80
%60 ,
$ 345,000
.

.

.

. ,

91

11.5 Plan Risk Responses

( Planning )
11- 5 ) )

Risk Response
Planning is the
process of
developing
options, and
determining
actions to
enhance
opportunities
and reduce
threats to the
projects

.
92

11.5 Plan Risk Responses

11- 5
Inputs

Tools & Techniques

1. Risk register
2. Risk management plan

1. Strategies for negative

risks or threats
2. Strategies for positive
risks or opportunities
3. Contingent response
strategies
4. Expert judgment

Inputs

Tools & Techniques

. 1.
2.
.
93

.

.

.
.

Outputs
1. Risk register updates
2. Risk-related contract
decisions
3. Project management
plan updates
4. Project document
updates

Outputs
1.
2.
3.
4.

Source: PMBOK Guide Fourth Edition,

page 302

.

.

.

.

1.
2.
3.
4.

11.5 Plan Risk Responses

11- 5

1. Risk
register.
2. Risk
manageme
nt plan .

. 1.
2.
.

94

11.5 Plan Risk Responses

11- 5
1. Strategies for
negative risks
or threats
2. Strategies for
positive risks
or
opportunities
3. Contingent
response
strategies
4. Expert
judgment

1.

.
2.

.
3.
.
95

96

Strategies for Negative risks or

Threats

)(.
)( .
)(.
.

Avoid .
Transfer .
Mitigate .
Accept .
Contingent
Response
Strategy.

Risk Avoidance
) )
Eliminate the threat
by eliminating the
causes .
Is changing the
project plan to
eliminate the risk or
condition or to
protect the project
objectives from its
impact.
Although the project
team never eliminate all
risks events, some
specific risks may be
avoided.

Eliminating a specific
threats usually by
eliminating the cause.
Remove a work

.



.


)(
.

.
.

97

Risk Avoidance
) )
Examples :
Some risk event that
arise early in the
project can be dealt
with by clarifying
requirements, obtaining
information, improving
communication, or
acquire expertise.
Reducing scope or re
scoping to avoid high
risk activities .
Adding resources or
time.
Adopting a familiar
approach instead of an
innovative one.
Adopting an unfamiliar
subcontractor.

:


,

.

.
.

. ( )

. ()
.

98

Risk Transference
) )

Is seeking to shift the

consequence of a risk to a third
party together with ownership of
the response.
Give another party responsibility
for its management; it does not
eliminate it.
Nearly always involves payments
of risk premium to the party
taking on the risk.
Risk transference requires shifting
the negative impact of a threat,
along with ownership of the
response, to a third party.
Transferring the risk simply gives
another party responsibility for its
management; it does not
eliminate it.
Transferring liability for risk is
most effective in dealing with

)(
.

. ,

) (
.


.

. -


.

99

Risk Mitigation
) )

Risk mitigation implies a

reduction in the probability
and/or impact of an
adverse risk event to an
acceptable threshold.
Taking early action to
reduce the probability of a
risks occurrence or its
impact on the project is
more effective than trying
to repair the consequences
after its occurred.
Seek to reduce the
probability and/or
consequences of an
adverse risk event to an
acceptable threshold.
Mitigation costs should be
appropriate, given the likely
probability of the risk and
its consequences.

/
.



.
/

.

,
.

100

Risk Mitigation
) )

Implementation of a
new course of action to
reduce the problem:
Example : adopting less
complex processes,
conducting more seismic or
engineering tests, or
choosing a more stable
sellers.

Changing conditions to
reduce probability of
the risk:
Example : adding resources
or time to the schedule (Not
to the degree of avoidance).

Prototype development
to reduce the risk of
scaling up from a bench
scale model.
Targeting linkages that
determine the severity:

:
, :
. ,

:
:
. ()

.
)(
:
:

.

101

Risks Acceptance

strategy that is
adopted because it
is seldom possible
to eliminate all risk
from a project.
This strategy
indicates that the
project team has
decided not to
change the project
management plan
to deal with a risk,
or is unable to
identify any other
suitable response

.






.
102

Risks Acceptance

Indicates two
things:
The project team has
decided not to change
the project plan to deal
with a risk.
Is unable to identify any
other suitable response
strategy.

Two types:
Active acceptance:
May include having a
contingency reserve.

Passive acceptance:
Require no action,
leaving the project team
to deal with the risk as

:

.

.

:
: ( )

: ( )

.
103

Strategies for Positive risks or Opportunities

Opportunity
Handling
Techniques
1.Exploit ( the
reverse of avoid ).
2.Enhance ( The
reverse of
mitigate ) .
3.Share.

4. Acceptance.
5. Contingent
Response
Strategy.

:
. ( ) 1.
. ( ) 2.
. ( )3.

4.
5.

.
104

Risk Exploiting
) )

Reverse of avoid .
This strategy may be selected for risks
with positive impacts where the
organization wishes to ensure that the
opportunity is realized.
This strategy seeks to eliminate the
uncertainty associated with a
particular upside risk by making the
opportunity definitely happen.
Sharing a positive risk involves
allocating ownership to a third party
who is best able to capture the
opportunity for the benefit of the
project.
Examples :
Forming Risk Sharing
partnerships, teams, special
purpose companies, or joint
ventures, which can be
established with the express
purpose of managing
opportunities.
Team work Or Joint Venture .
Assigning more talented resources
to the project to reduce the time
to completion, or to provide better
quality than originally planned.

.


.


.


.
:
, ,
,
.
. ( )


.

. ) (

105

Risk Enhancing
) , ) -
.

/
.



.



.
106

( The reverse of
) mitigate
This strategy is used
to increase the
probability and/or the
positive impacts of an
opportunity.
Identifying and
maximizing key
drivers of these
positive-impact risks
may increase the
probability of their
occurrence.
Examples of

Risk Enhancing
) - , )
A strategy to modify the
Size of an opportunity
by :
Increasing probability or /
and positive impacts.
Identifying and
maximizing key drivers
of the positive - impact
risks.

Seeking to facilitate or
strengthen the cause of
the opportunity , and
proactively targeting
and reinforcing its
trigger conditions ,
might increase
probability.
Impact drivers : can also
be targeted ,seeking to

:
/
.

.
,

. ,
:
,
.

107

Risk Share
) )
.





.








.

share.
Sharing a positive risk
involves allocating
some or all of the
ownership of the
opportunity to a third
party who is best able
to capture the
opportunity for the
benefit of the project.
Examples of sharing
actions include forming
risk-sharing
partnerships, teams,
special-purpose
companies, or joint
ventures, which can be
established with the
express purpose of
taking advantage of the

Risk Acceptance

Being willing

to take an

advantage of

the
opportunity

if it comes

along, but
.
will not
actively

109

110

Contingent Response
Strategies

.





.

) (
.

Some responses are

designed for use only
if certain events occur.
For some risks, it is
appropriate for the
project team to make
a response plan that
will only be executed
under certain
predefined conditions.
Events that trigger the
contingency response
(triggers), such as
missing intermediate
milestones.

Contingent Response
Strategies

Project team make

a response plan
that will only be
executed under
predefined
conditions, if is
believed that there
will be sufficient
warning to
implement the plan.
Examples of events
that trigger the
contingency
response:
Risk: Missing
intermediate
milestones.

,

.
:
:
:
.
:
.
111

Risk Response Strategies

Example

Description of strategy

Name of
risk
response
strategy

Notify management that

there could be a cost
increase if a risk occur
because no actions is being
taken to prevent the risk .

Accept .

Remove a troublesome
recourse from the project .

Avoid .

Provide a team member

who has limited experience
with additional training .
Outsource difficult work to a
more experienced
company .
Train the team on conflict
resolution strategies .

Mitigate
the
Probabili
ty .
Transfer .
Mitigate
the
impact .

) (
.

. ( )

112

Risk Response Strategies

Example

Description of strategy

Name of risk
response
strategy

Remove a work package or

activity from the project .

Avoid .

Assign a team member to

visit the sellers
manufacturing facilities
frequently to learn about a
problem with delivery as
early as possible .

Mitigat
e of
impact.

Move a work package to a

date when a more
experienced recourse is
available to assigned to the
project .

Exploit
.

Begin negotiation for the

equipment earlier than
planned so as to secure a
lower price .

Outsourcing a work package

Enhanc
e the
Impact
.

( )

.

.
113

Plan Risk Responses 11.5

11- 5
1. Risk register
updates .
2. Risk-related
contract
decisions .
3. Project
management
plan updates .
4. Project
document

.

.

.

.

1.
2.
3.
4.
114

Risk Register (Updates)

Identified risks, their
descriptions, area (s) of
the project (e.g., WBS
element) affected, their
causes (e.g., RBS
element), and how they
may affect project
objectives.
Risk owners and
assigned responsibilities.
Outputs from the
Qualitative and
Quantitative Risk
Analysis processes,
including prioritized lists
of project risks and
probabilistic analysis of
the project.
Agreed-upon response
strategies.
Specific actions to

()( )
)
(
.
.
"

.
.

.

115

Risk Register (Updates)

Symptoms and warning signs of

risks occurrence ( Risks
triggers ).
Budget and schedule activities
required to implement the chosen
responses.
Contingency reserves of time and
cost designed to provide for
stakeholders risk tolerances.
Contingency plans and triggers
that call for their execution.
Fallback plans for use as a
reaction to a risk that has
occurred, and the primary
response proves to be
inadequate.
Residual risks that are expected
to remain after planned responses
have been taken, as well as those
that have been deliberately
accepted.
Secondary risks that arise as a
direct outcome of implementing a
risk response.
Contingency reserves that are

)
.(

.

.


.


.

.


.

116

Monitor and Control Risks 11.6

) ( Controlling
)11- 6 )

:

.

.
.
.

.
117

Monitor and
Control Risks is the
process of:
Implementing risk
response plans
Tracking identified
risks
Monitoring residual
risks
Identifying new
risks
Evaluating risk

11.6 Monitor and Control Risks

11- 6
Inputs
1. Risk register
2. Project management
plan
3. Work performance
information
4. Performance reports

Inputs

.
.
.
.

118

1.
2.
3.
4.

Tools & Techniques

Outputs

1. Risk reassessment
2. Risk audits
3. Variance and trend
analysis
4. Technical performance
measurement
5. Reserve analysis
6. Status meetings

1. Risk register updates

2. Organizational process
assets updates
3. Change requests
4. Project management
plan updates
5. Project document
updates

Tools & Techniques

Outputs

.
.
.
.
.
.

1.
2.
3.
4.
5.
6.

Source: PMBOK Guide Fourth Edition,

page 308

.

.
.

.
.

1.
2.
3.
4.
5.

Actions In risk Monitoring and Control

Risks

119

) (
.
.
.
.
.
)
( .
.
.
.

.
) ( .

Look for the occurrence of risk

triggers .
Monitor residual risks .
Identify new risks and plan for
them .
Evaluate your risk
management plan .
Develop new risk responses .
Collect and documents risks
status .
Communicates with
stakeholders about risks .
Determine if assumptions still
valid .
Ensure proper risk
management are followed .
Revisit the Watchlist fore

Actions In risk Monitoring and Control

Risks

Look for any unexpected

effects of risk events .
Reevaluates the risk
identification , quantitative
and qualitative analysis
when the project deviated
from the baseline .
Updates of risk
management and response
plans .
Look at the changes
( Corrective Actions ) if are
leaded new risks .
Change PM plan and
Documents as more risks
appears .
Create a risk database to
be used throughout the
organization .
Use contingency reserves

.
,

.
.
( )
) (
.

.

.

.

120

11.6 Monitor and Control Risks

11- 6

1. Risk register
2. Project
management
plan
3. Work
performance
information
4. Performance
reports

.

.

.
.

1.
2.
3.
4.

121

11.6 Monitor and Control Risks

11- 6

122

.
.

) ( .
.
.
.

1. Risk
reassessment
2. Risk audits
3. Variance and
trend analysis
4. Technical
performance
measurement
5. Reserve
analysis
6. Status

Risk Reassessment

123

.


.



.

Monitor and Control

Risks often results in
identification of new
risks, reassessment of
current risks, and the
closing of risks that
are outdated .
Project risk
reassessments should
be regularly
scheduled.
Project Risk
Management should
be an agenda item at

Risk Audits

:

,


.



.
124

A team auditors
conducts risks
auditing .
Checking for plans,
risk owners if they
take actions
regarding their
risks .
Arranged by
project manager
and results in
identification of
lesson learned

Risk Audits






) (

.
125

Risk audits
examine and
document the
effectiveness of
risk responses
in dealing with
identified risks
and their root
causes, as well
as the
effectiveness of
the risk

Variance And Trend Analysis

) )
Many control processes
employ variance
analysis to compare the
planned results to the
actual results.
Trends in the projects
execution should be
reviewed using
performance data.
Earned value analysis
and other methods of
project variance and
trend analysis may be
used for monitoring
overall project

.

,

.



.

126

Reserves

Reserves
( Contingency ) :
You cannot come with costs
or schedule without reserves
.
Two types of reserves :
Contingency Reserve :
Account for
Known Unknowns
or Known . These
are items you identified
in risk management .
They cover the residual
risks in the project .
Management Reserve :
Account for
Unknown Unknowns
or Unknowns .
Items you did not or
could not identified in
risk management .

: ( )

.
:

:

.

.
.

:


.
.

127

Reserves - Example
-
8 Cost Budget
7 Management Reserve

6 Cost Baseline
5 Contingency Reserve

4 Project Estimates

3 Control Account Estimates

2 Work Packages
Estimates

1 Activity Estimates
128

Project Data

Reserves - Example
-
Cost Contingency
reserve calculation

There is 30 %
probability of a delay
in the receipt of
parts , with cost of $
9,000 .

30 % X $ 9,000 = $
2,700
Add $ 2,700

There is 20 %
probability that parts
will cost of $ 10,000
less than expected .

20 % X $ 10,000 = $
2,000
Subtract $ 2,000

There is 25 %
probability that two
parts will not fit
together when
installing , with extra
cost of $ 3,500 .

25 % X $ 3,500 = $
$875
Add $ 875

There is 30 % that the

manufacturing may
be simple than
expected , with
saving of $ 2,500 .

30 % X $ 2,500 = $
2,000
Subtract $ 750

There is 5 %
probability of a
design defects, with

5 % X $ 5,000 = $
$250
Add $ 2500

%30

. $9,000

X $ 9,000 = $ % 30
2,700
2,700 $

%20

. $10,000

X $ 10,000 = $ % 20
2,000
2,000 $

%25

,
. $3,000

X $ 3,500 = $ % 25
$875
875 $

%30

. $2,500 ,

X $ 2,500 = $ % 30
2,000
750 $

%5
,
. $5,000

X $ 5,000 = $ % 5
$250
2500 $

1,075 $

129

Reserve Analysis

130

.





.

Throughout
execution of the
project, some risks
may occur, with
positive or negative
impacts on budget
or schedule
contingency
reserves.
Reserve analysis
compares the
amount of the
contingency
reserves remaining
to the amount of risk
remaining at any
time in the project,
in order to

Reserve Analysis

Implements during the project

work To know the remaining
of that reserves .
Reserves should be protected
throughout of the project life .
Using of reserves is not
allowed for spending on such
work not related to the
purpose of that reserve .
Project manager should have
corrective or preventive
actions instead of using the
reserves .
Reserves are not free
amounts of cost and time can
be used for any reasons .
It must be used for its
purpose and must be

.

.

,
.

) (
.


.

.

131

Status Meetings

132

.



.

.



.

Project risk management

can be an agenda item
at periodic status
meetings.
That item may take no
time or a long time,
depending on the risks
that have been
identified, their priority,
and difficulty of
response.
Risk management
becomes easier the
more often it is
practiced, and frequent
discussions about risk
make talking about
risks, particularly
threats, easier and more

11.6 Monitor and Control Risks

11- 6
1. Risk register
updates
2. Organizational
process assets
updates
3. Change requests
4. Project
management
plan updates
5. Project document
updates

.

.
.

.
.

1.
2.
3.
4.
5.

133

Requested Changes

Implementing
contingency plans or
workarounds frequently
results in a requirement
to change the project
management plan to
respond to risks.
Requested changes are
prepared and submitted
to the Integrated Change
Control process as an
output of the Risk
Monitoring and Control
process.
Approved change
requests are issued and
become inputs to the
Direct and Manage
Project Execution process
and to the Risk

.



.

( )


.

134

Recommended Corrective Actions

135

.





)
( .
.


.

This includes
contingency plans and
workaround plans.
The latter are
responses that were
not initially planned,
but are required to
deal with emerging
risks that were
previously unidentified
or accepted passively.
Workarounds should
be properly
documented.
Recommended
corrective actions are
inputs to the
Integrated Change
Control process

Workarounds


.



.



.
136

Contingency
responses are
developed in
advance.
Workarounds are
unplanned
responses
developed to deal
with the occurrence
of unanticipated risk
events .
Project manager
who do not perform
risk management

Recommended Preventive Actions

Recommende
d preventive
actions are
used to bring
the project
into
compliance
with the
project
management

.
137

Organizational Process Assets

((Updates

The six Project Risk

Management processes
produce information that
can be used for future
projects, and should be
captured in the
organizational process
assets.
The templates for the risk
management plan, including
the probability and impact
matrix, and risk register, can
be updated at project
closure.
Risks can be documented
and the RBS updated.
Lessons learned from the
project risk management
activities can contribute to
the lessons learned
knowledge database of the
organization.
Data on the actual costs and
durations of project
activities can be added to
the organizations
databases.
The final versions of the risk
register and the risk

,
.
,
,
.

.

.


.


.

138

Closing of Risks That Are No longer

Applicable
) (

It may allowed
team to
concentrates
on risks still
alive .
Closing a risk
event may
require to
retaining back
its reserve to

.



.
139

Questions
?

140