21 December 2024

Risk Management : Tools and Techniques

Tools for risk planning

  • Planning meetings
  • Expert judgment
  • Analytical techniques
    • How sensitive you are to risks (Risk Tolerance) ?
    • How much risks your project are exposed to ?

Tools for Risk Identification

  • Documentation review
  • Information gathering
    • Brainstorming
    • Delphi technique
      • Advantage
        • Unlike brainstorming, participants are not under group pressure, since some people can be afraid of disagreeing with others or are too shy to express their opinions freely.
      • Disadvantage
        • It is time consuming.
    • Interview
      • Very effective from expert
    • Root cause identification
      • The advantage of knowing the basic cause is that, although at the surface many risks will seem to be caused by different factors; in reality, many will share the same basic cause(s).
      • By using root cause identification, you can control many risks with the same response; thus hitting several birds with one stone.
    • SWOT analysis
      • SWOT analysis is useful for stimulating your thinking and will make you consider the positive risks as well.
    • Checklist analysis
      • Your organization might use risks that were identified in previous projects to make a checklist of risks.
      • A readymade list can also be used.
      • The checklist helps to remind the project team of common and repeated risks in project management as well as of specific risks involving a particular type of project.
      • You should update the company’s risk checklist with new risks identified from your project at the closeout phase.
    • Assumption analysis
      • In assumption analysis, you need to verify the rationality of the assumptions made.
    • Diagramming techniques
      • Ishikawa diagram
        • The fishbone diagram lets you systematically find the causes of a problem arising from different factors.
    • Process flowcharts
      • A flowchart is just a drawing of how a system operates.
      • It helps you see the whole process and the links between its elements, thus making it easier to identify possible problems (risks).
    • Influence diagram
      • It is a technique for identifying risks involving how elements of a system can influence each other.

Tools for Qualitative Risk Assessment

  • Risk Matrix and Risk Assessment
    • Risk assessment is the tool that you use to prioritize the risks so that you would be able to develop a more efficient and effective risk response.
    • Usually, you use a risk matrix to conduct risk assessment.
    • The risk matrix is based on the risk formula: Risk exposure = Probability x Severity
  • Assessment of the Quality of the Risk Data
    • Data quality assessment is concerned with how confident you are about the risk facts.
  • Risk categorization
    • In risk categorization, you group risks under common sources (categories).
    • Risk categorization is based on the Risk Breakdown Structure (RBS), which looks similar to the WBS.
    • You can make an RBS for your project, or find a general one that is adopted by the organization.
      • Risk categorization can help you in two areas
        • Risk Identification
          • Because you can use the RBS as a checklist to make sure that you have systematically gone over all the possible sources of risks.
        • Risk Response
          • When similar risks are grouped together, you may be able to identify common responses to them.
  • Risk urgency assessment
    • This is another way of prioritizing risks (remember, prioritizing risks is the purpose of risk assessment).
    • Here, you will rank risks based on how urgent they are.
    • If you believe that a risk will happen early on in your project, you have to give it more weight.

Tools for Quantitative Risk Analysis

  • Interviews and Expert Judgment
    • You sit with experienced people and ask them to provide estimations on probability and severity for risks.
  • Sensitivity analysis
    • This technique is adopted to identify the risks that have the strongest effect on a project.
    • Sensitivity analysis is usually represented by a tornado diagram.
  • Expected Monetary Value and Decision Tree Analysis
    • These techniques provide you with the anticipated cost(s) of risks.
    • Once you know how much each risk may cost, you will be able to compare and rank them.
  • Simulation
    • You use simulation to evaluate the effect of risks on the project as a whole.
    • In simulation, you use mathematical calculations and computers to predict how your project will perform.
    • Based on the simulation result(s), you might find that your budget and/or timeframe are not realistic, giving you an opportunity to amend them before embarking on the project.
    • You apply simulation to your project with the identified risks before you make a plan to respond to them.
    • After making a response plan, incorporate your responses in the simulation model and run it again to see if the result improves (which indicates a good response plan).

Tools for Risk Response Strategies for Threat and Opportunity

  • Threat or Opportunity, when to Use it ?
    • Avoid or Exploit
      • For risks that are too good to miss or too bad to let happen
    • Transfer or Share
      • For risks (good or bad) you cannot deal with by yourself and need the help of another party
    • Mitigate or Enhance
      • You balance between risks and resources.
      • You work on the components of risks (probability and impact) to reduce threats and improve opportunity as much as you can.
    • Accept
      • This is for risks that you cannot control through any of the above strategies.
      • If they happen, they happen.
      • However, you can put some money aside to deal with them (called contingency reserve).
  • Risk Response Strategies approach
    • It is better to use a mix of strategies.
    • You can use decision trees to choose between strategies.
    • You cannot always just choose any strategy you want.
      • There will be risks that you will not be able to avoid or transfer.
    • You can identify primary and secondary strategies.
      • For example, you plan to avoid a risk, but after initial failure, you try to mitigate it.
    • Risk response will require some change(s) in the project plan (resources, time, quality, contract terms, etc.).
    • If you accept a risk, you usually have to allocate a budget to deal with it if it occurs.
      • That budget is referred to as contingency reserve.
  • Strategies for threats
    • Avoid
      • Avoiding a risk means that you do not want it to happen, ever, and, hence, you try to eliminate it.
      • You will be willing to invest resources or change your project plan to do that.
    • Transfer
      • Transfer is a strategy that usually applies to threats that you do not have any experience dealing with.
      • You may also apply this strategy if you find it more practical to let others handle some of the project risks.
    • Mitigate
      • This strategy applies to risks that you cannot avoid or transfer.
      • It is like doing the best you can with the available resources to reduce the risks (by reducing their probability or severity or both).
  • Strategies for opportunities
    • Exploit
      • Here, you don’t want to lose an expected opportunity.
      • You try to manage your resources so that the opportunity will not be wasted.
      • You can think of it as the opposite of avoiding a risk.
    • Share
      • In your project, you can have an opportunity but do not have the expertise or resources to benefit from it.
      • In this case, it is better to share some of the benefits with someone who can actually make it happen than lose it all.
    • Enhance
      • Similar in concept to mitigation, you want to improve chances of an opportunity by increasing its probability or positive impact.
  • Strategy for both Threats and Opportunities
    • Accept
      • If there is no suitable strategy for dealing with threats or opportunities, then you may choose to accept them.
      • All strategies mentioned so far will involve some modification in the project plan, but if you accept a risk, you just let it happen (if it happens at all; remember that risks are in the future and they may or may not happen).
        • Passive Acceptance
          You do nothing regarding the risk; for example, if an equipment delivery is delayed, you just wait.
        • Active Acceptance
          • Contingency reserve
            • You assign extra money, time, resources aside, in order to deal with the risks.
            • This is called a contingency reserve; for example, if an equipment delivery is delayed, you rent one to perform the task.
          • Management reserve
            • It is money set aside for unplanned and unidentified changes to the project.
            • The project manager might need approval to use it.
            • This reserve is not part of the cost baseline.
            • The management reserve is usually predetermined in companies.
              • For example, it may be 2.5% of the budget for each project.
              • As for the contingency reserve, it is identified based on calculations and reasoning.
  • Contingency planning
    • Contingency planning is a risk response tool that is used when the risk actually happens.
    • It involves monitoring triggers.
    • Triggers are early indicators that a risk is going to happen.
  • Expert judgment
    • This is another tool that is used in risk response.
    • You might consult an expert to advise you on how to deal with risks and control them.
    • Using experts is justified because they have a better understanding of risks in their field of expertise.
    • Note that you use the judgments of experts at different times, when identifying risks, analyzing risks and responding to risks.

Tools for Risk Monitoring and Control

  • Risk Reassessment
  • Status Meetings
  • Risk Audits
    • Your goal is to verify that the risk identification, assessment and response activities done during the planning phase were adequate.
  • Reserve analysis
    • Here, you will simply investigate how much has remained and whether it will be enough to cover the remaining risks.
  • Performance measurement
    • If actual performance is poor compared to the planned performance, you should check for new risks or re-examine previously identified risks.
  • Variance and trend analysis
    • Variance and trend analysis are monitoring and forecasting methods used to monitor project performance.
    • They utilize techniques like the earned value analysis to predict future performance based on past and current one(s).

PMI-RMP Certification exam flashcards

Created : 22/05/2022

Leave a Reply

Your email address will not be published. Required fields are marked *