1.1 Purpose of Risk Management
1.1.1 Knowing and Controlling Risks to Project Assets
The process of Risk Management instituted tothe Project with knowledge and control over the risk position of the project. Not all identified risks can be removed. The likelihood of surpassing requirements can be traded off against the risk of surpassing the budget constraints. Risk Management is a process used to balance the project risk position across all project resource areas, controlling the distribution and magnitude of the identified risks against the cost constraints while obtaining the best possible confidence in achieving high project performance return. 1.2 Risk Management is a Project Team Effort
1.2.1 Integral Part of Project Implementation
It is intended that Risk Management be an essential element in the Project Manager’s tool kit. This involves considering risk at the very beginning of the project conceptualization. The key features of risk management (RM) activity within the project are: 1.Managed risks are essential elements of the project management control process 2.Cognizant personnel accept the time imposed to develop and maintain the risk list 3.Project Management Team plans the effort and the Project Manager takes ownership of the plan 4.Risk status reports are integral to the project review process 5.Effective metrics are identified and delivered per the plan to all stakeholders These activities require require commitment from the project manager, and the Risk Representative.
1.2.2 A Team Effort
Risk Management is a team effort. The project Risk Representative is the coordinator of the risk management activity. All members of the project team have important roles in identifying, assessing, and tracking risk, and in identifying the possible approaches to dealing with risks that are necessary for the project to make good risk decisions. Risk decisions are supported by analyses and recommendations from the project team, but are ultimately made by the Project Manager in the same manner as all cost, schedule and performance impact decisions are made.
1.2.3 Integrated Risk View
The Risk List developed and managed through the RM Process is a composite of the risks being managed by all elements of the project. It includes in one place the management view for risks from independent assessments, reviews, QA inspections, principles and policy, risk reviews, and residual risks from all project actions. Only in this way can it be managed as a comprehensive assessment of the liens on all project resource reserves, which allows optimized decisions to use these reserves to mitigate risks.
2.1 Objectives of Risk Management
The overall objective of Risk Management is to identify and assess the risks to achieving project success, and to balance the mitigation of these risks (and hence the additional cost) against the acceptance and control of these risks (and hence a possible higher degree of project performance objectives). To further these objectives, the Project Management process involves identifying risks to the success the project, understanding the nature of these risks, individually and in total, and acting to control their impact on the success of the project.
3. RISK MANAGEMENT OVERVIEW
Risk is defined as:
The combination of the likelihood of occurrence of an undesirable event and the consequence of the occurrence. This combination results in a risk severity, which is: A measure of the risk magnitude. The higher risks dictate greater attention and urgency for action to mitigate. Risk severity is also influenced by the urgency of applying effective mitigations. Primary Risk is:
A risk which rates high on the severity scale – generally high levels of likelihood and consequence A specific risk to a project, identified in this process as a risk item, has four components, namely the undesirable event
the likelihood of occurrence
the severity of the consequences of the occurrence
the timeframe in which mitigation decisions are required
Residual Risk is:
An accepted performance or safety risk, which remains after all possible or practical measures have been taken to reduce the severity. The term is especially used in identifying the risk remaining from all discrepancies dispositioned as “Use As Is” or “Repair” and accepted single failure points, or other decisions made which leave less than complete closure.
The project risk position is defined as:
The aggregate of the assessments of the individual risk items for the project, including the decisions made to mitigate, accept and control, or take additional risk. It is a goal that this risk position be measurable relative to project reserves. 3.1.2Risk Management
In this context, risk management is defined as:
An organized means of planning the risk management activity (Planning), identifying and measuring risks relevant to the Project (Identification and Assessment), identifying, selecting and implementing measures for controlling these risks so as to control the project risk position (Decision-Making), and tracking the decisions made and the evolving risk status (Tracking). Project reserves can be identified in different ways and are managed by a number of effective tools and methods. The Risk Management methodology looks at two aspects of the Project risk position – the risk to resource reserves and the measure of the project success criteria. The Risk Management methodology is based on the project risk position, which is the understanding of the “knowable” risk, while acknowledging that there are inherent “unknown” risk possibilities in any project, and must be acknowledged when judging adequacy of the reserves.
3.1.3 Significant Risk
A significant risk is a risk considered by the Project Manager to require focused attention by the Project Management Team on a regular basis. This group is largely but not necessarily identically the group of yellow and red risks in the 5X5 risk matrix, although some green risks may be included if their mitigation time frame is near-term. These are also generally the risks which are reported at the regular monthly status reviews. The Significant Risk List (SRL) is the subset of all the project isks which are significant risks. Not all risks in the project risk are significant risks, but all risks should be rated according to the 5X5 matrix
3.2 Consequence Categories of Risk
Risk consequences are assessed against three fundamental categories – called consequence categories
1.The threat to achieving schedule
2.The threat to achieving Scope or Project Performance Success Criteria
3. The threat to the project budget
These categories may be expanded or added-to – for instance, impact on facilities, or church activities ..etc.
3.3 The 5X5 Matrix
This project has adapted the 5X5 Risk Matrix, which defines the criteria for assessing risk likelihood and consequence for both project and implementation risk. Primary risks are generally considered to be those in the red zone of the 5X5 matrix.
3.4 The Elements of the Risk Management Process
The Activities of the Risk Management Process for this project are described as:
1.Identifying and characterizing risks
2.Prioritizing or ranking risks
3.Developing potential project responses to risks
4.Making decisions utilizing existing resources to restructure the program to reduce the potential effect of the risks 5.Tracking the evolving risk exposure and iterating the above actions as needed
6.Developing a plan for the above activities throughout the project life-cycle Each element of the Risk Management process requires interactions among the project team, and the process provides methodology and tools to enable effective communication and documentation. The Figure Below shows a process flow for the activity of risk management in the process.
3.5 Risk Management in the Project Life-Cycle
The figure above shows the periods of activity, and generally the times of inputs/outputs of the Risk Management Process, within the project life-cycle. Each Risk Management element extends through the entire life-cycle, and the majority of effort shifts from planning through identification and assessment, decision making, to tracking as the project risk position changes and evolves. While the risk management process is serial, there is significant iteration and updating as the project progresses and matures and thus the identified risks change, are realized or retired, and new risks arise. As risk matures, probability of occurrence and/or impact will change.
Risks can reduce to the level of insignificance, where they are retired, or can increase to point of occurrence, or realization. Also, new risks can and will be identified throughout the project life-cycle. The Risk Management process considers and responds to all of these outcomes by returning to earlier activities for reconsideration and update. The project’s Risk Management process can change significantly for operations, since more of the risk attention will be associated with human factors, and an update to the RM Plan may be needed.
4. THE RISK MANAGEMENT PROCESS IN PLANNING
4.1 Understanding Risk in the Planning/ Proposal Phase
The Project Management Team works to define the requirements and time frames of the project. The pre-project activity involves concept defininition and exploratation with decisions made in the Project team as to the scope and budget with which the “Plan & Design” Stage Begins. In the Plan & Design Stage Each Project Task is analyzed by the Project Team and “Make Or Buy” Decisions are Madke based on the availibillity of Qualified Volunteers in the church community. Buy Decisions are made for each outstanding activity. Rough Designs are formulated by the project team calling on Subject Matter Experts as required. Rough Order of Magnitude estimations are made on the cost of each task. RFPs are released to potential contract or volunteer candidates. Proposals are received and Reviewed by the Project Team.
The Designs are finalized, Schedules and budgets made and the Work Break down sturcture and Gant Charts are updated with the project “Base Line” is established. It is at this point that the Risk List is established by the Project Team, Pulling inforomation from contractors, Subject Matter Experts and the Experience and judgement of the Project Team. The Risk List can then be used to identify the most attractive of a number of options in contractor selection, Design Changes, Scope Schedule, Buget Needs. In addition to performance and needed resources, risk should be a major consideration in justifying the chosen options. This requires specific identification of the apparent risks in each option – mitigating them if possible in the process of maturing each option The relative weights of the risks combine with the weights of the performance and resource assessments in selecting the option to go forward.
Fig 4-1 Accounting for Risk in Project Formulation
4.2 Using Risk in Establishing Reserves
In establishing the budget reserves for the project to be confirmed at the “Permitting” Phase, risks are used to define the risk exposure of the budget. Rrisks that are identified in the Planning Phase can be assessed for the potential cost, should they occur. This requires quantification of the risk consequence (in $) and the risk likelihood.
4.5The Preliminary Risk Management Plan
At the end if Planning Phase, Preliminary RM Plan is drafted. The plan will consist of all of the Risks associated with the poject and a specific plan for controlling Each SRL risk identified
5. RISK MANAGEMENT IN IMPLEMENTATION
5.1 Risk Management Planning
The SRL will be reviewed and updated weekly by the Project Management Team. Montly Status will be reported to all of the stakeholders. New Risks will probably imerge as the project progresses. Oportunity will be made to the Project Management Team Includint the Projec QA representative to add new risks the project Risk List. 5.1.1 Risk Mitigations
The following subjects are considered when documenting Risk Mitigations. a)Map the project success criteria and project objectives into an overall approach to risk Reflecting the prioritization of performance of project objectives and constraints, and weights the emphasis on the following: avoiding risk, by minimizing risk through redesign, alternative developments, parallel developments, large margins, additional equipment to buffer constrained schedules, etc.; accepting risk, by developing contingency plans and margin management criteria for exercising those plans, and/or allowing descope/ reduction in Project Performance return to trade against cost, schedule, and other resources; or taking risk, by finding and incorporating high potential performance/cost/schedule benefits with acceptable additional risk to reserves or margins. .
5.2 Risk Identification and Assessment
5.2.1 Identification and Assessment Requirements
The requirements in identification and assessment are to identify the risk items, to describe them sufficiently to allow assessment and decision-making, to identify practical mitigation approaches, and to develop the Significant Risk List (SRL), which is a list of the identified risks to the project and their decision-enabling data 5.2.2 Risk Description
Effective risk descriptions identify the root source of the risk concern (the Risk Condition), the event that is feared (Risk Event), and the risk Consequence to the project. The format is generally: “Because of (the condition giving risk to the risk), it is possible that (such and such event) will occur, with the consequence that (describe the impact – e.g. delivery “n” weeks late, loss of “xyz” performance capability, need to build another component, etc.)” Another, less favored, descriptive format sometimes used is: “If (such and such an event) occurs due to (the condition that …), then (describe the impact…)” Sometimes there will be further words needed to describe the uncertainty, explain why the condition is present, and what other factors are need to be considered and why.
When the pre-formulation or early formulation phase feasibility demonstration and scope definition results have been approved, the required inputs for Risk Identification can be assembled. The information needed for identifying and assessing risk include at least preliminary versions of:
Requirements and Project Success Criteria
Project Management Plan
Risk Management Plan
Staffing Plan/ key personnel
Schedule/ Schedule drivers
Budget/ budget drivers
5.2.4 Identifying Risk Items
126.96.36.199 Risk Identification Methodology
The first step in developing the risk list is generally a brain-storming activity where potential risk items are identified by the key project personnel. These risks are characterized by two parameters – the likelihood of an adverse event and the consequences of that event. Whenever a potential risk is submitted for consideration, it is accompanied by estimates of these two parameters. The risks are identified by the “experts” in the specific subject of the risk item – that is, the key personnel submit candidate risks in their project areas of expertise. Risks may be suggested in areas outside their expertise, but they should be then presented to the expert in that area for concurrence. As these risk items are characterized, other data are needed which are described below.
The mechanism for obtaining these submissions will vary. The brain-storming may occur as a group, or by e-mail, or separately in one-to-one discussions. The submissions should be “standardized” to remove very disparate interpretations of the rules before the first group consideration takes place. The following characteristics should be observed in the process. The candidate risks submitted by the team should be inclusive – if the item might be a risk, input it. The Project Manager will work with the submitter to delete inappropriate risks or modify the assessment as needed. They should have a common basis for interpretations. This is accomplished by the Project Manager iterating with the specific group members The Project Manager may use team discussion to assess the risk list, and remove differences of understanding.
188.8.131.52 Resources for Identifying Potential Risks
Risks to the project may be identified through experiences of other projects, or the Construction industry in general
Sources and resources available within Church Comunity or within the project management team which are used to develop inputs to the Risk Identification and Assessment element include: Expert Judgment
The RM risk identification and assessment process relies heavily on the expert judgment of the project implementers and their peers Schedule, WBS, Work Agreement Assessments
One can systematically examine the planned work and identify uncertainties to which the project has high sensitivity, which can result in risk items to be assessed. Technical, and Design Organization Assessments
Functional Block Diagrams, Requirements Flow-Down, Fault Trees, etc. are all systematic organizations of the planned product which can be examined comprehensively for risk items. Review Board Reports
Review Board reports include recommendations and issues, as well as RFAs. Review Board can also consist of members or contracting companies.
Residual risks, which are identified in many activities within the project as unavoidable risk remaining after all reasonable actions have been taken, should be carried in the risk data base. They should be considered for inclusions in the SRL if applicable, such that they would be reported at monthly and quarterly management reviews as accepted risk. Early in the project design activity, decisions such as allowing selected single failure points or marginal design against worst case possibilities may be made with due consideration of the risk taken. These considerations should be retained in the residual risk descriptions and rationales.
184.108.40.206 Categories of Risk
Categorization can be used to allow the aggregation of subsets of risks, and so provide insight into major risk areas in the project. Risk Source Categories
A useful set of risk source categories identifies areas of the project where potential risk might reside – for example performance, cost, Or schedule, constraints within which the project must work, to be considered. Other risk source categorizations which might provide insight include: The project systems or subsystem area in which the risk is manifested, The WBS element primarily involved, Technology areas (if breaking technolgy is used with appliances etc..) Risk Source Categorization is optional.
220.127.116.11 Risk Status
Risk status is the process for configuration management of the risks, and also an indicator to external reviewers of the projects plans to deal with each risk.. For Risks that have been dispositioned, there are status classifications definitions are shown in the table below. –RESEARCH – A research category is assigned when more knowledge is required about the risk or the mitigation options. The objective is to move to mitigate, watch, or accept as soon as possible
–ACCEPT – A risk is accepted if there are no practical mitigations identified. Depending on the severity of the risk, it may be needed to justify acceptance to the CMC as a Primary Risk. The risk is tracked for changes as the project matures
–MITIGATE – A risk is in the mitigate category if there are funded actions under way to reduce the risk. This may have future decision milestones, or milestones where the mitigation risk reductions may be claimed -WATCH – A risk in the watch category has known future points of change, and requires tracking and possible future reassessments. Candidate mitigation options may be carried, and the risk may be re-categorized as the project evolves.
5.2.5 Risk Item Descriptors
The draft SRL should list each identified risk item, and for each item should include as a minimum: Description of the adverse event (Condition, event, consequence) Context of the Risk (If warranted)
Categorization in the categories chosen
Implementation Risk Assessment
-Likelihood of occurrence
Project Risk Assessment
-Likelihood of occurrence
(If quantified assessment is used)
-Level of impact on resources (technical, cost and schedule) -WBS elements primarily affected
-Task/ schedule elements primarily affected
– Description of potential mitigation for consideration
– Costs of identified mitigation options
– Urgency of decisions for mitigation effectiveness
Time window of potential occurrence – if applicable
Resulting reductions in risk likelihood and impact if mitigation option is implemented Project personnel who are identifying risk items will record as much of this as is available at the time a risk is input to the project. Recording the likelihood and consequence descriptors require that the thought processes of risk assessment (described below) be gone through, and in general a first cut at each can be entered with the other data.
Risk Description Data
Implementation (Schedule Or Cost) Risk
Project Scope Risk
Near-term, mid-term, or far-term
ImplementationConsequence (Cost to recover)
Project Consequence (loss of performance)
Figure 5‑ Sample Risk Identification and Assessment Data Sheet
Risk Number:An ID number which can be used to find data in a data base. The number can be indexed to indicate updates Title:A short reference for reports, etc. Description:Text describing the condition or root cause, the feared event, and the consequence. (additional columns can be added here to denote classification schemes to be used. Some risk managers add a time-frame classification to highlight near-term risks from long-term risks. Impact:Text that describes the change to the project due to the event described above. For implementation impact, the description might indicate what would be necessary to recover. For a Project risk, the description might indicate the reduction in project capability to return Project results. Implementation Consequence: A measure against the 5X5 assessment criteria (qualitative) or in resources expenditures (e.g. $) as a result of the impact described to get back on track.
Implementation Likelihood: A measure against the 5X5 assessment criteria (qualitative) or in percent (quantitative) of the described consequence being realized. Risk Cost:For quantitative assessment, the product of the consequence in resource measure and the probability (e.g. $) Project Consequence: A measure against the 5X5 assessment criteria of the degradation of Project return due to the event occurring. Project Likelihood: A measure against the 5X5 assessment criteria (qualitative) or in percent (quantitative) of the described consequence being realized. Mitigation Options:A description of one (or more) possible approaches to mitigating the risk Mitigation Cost:An estimate of the cost in project resources to implement the mitigation Risk Reduction:A description of the effect of the mitigation on the original risk assessments
5.2.6 Risk Item Assessment
18.104.22.168 Qualitative Assessment
Qualitative Risk Assessment is the assignment of adjective ratings to the degree of significance of either likelihood or consequence of occurrence. Criteria like “High, Medium, and Low” are generally used. Scales can have fewer gradations (i.e. high and low) or more (e.g. very high, high, significant, moderate, and low). Definition of these levels is essential, and some iteration and discussion will be needed before the team understands a common distinction between assessed levels. Consequence of Occurrence
LevelProject Risk Level Definitions
Very HighProject failure
HighSignificant reduction in project return
ModerateModerate reduction in project return
LowSmall reduction in project return
Very LowMinimal (or no) impact to project
LevelImplementation Risk Level Definition
Very HighOverrun budget and contingency, cannot meet schedule with current resources
HighConsume all contingency, budget or schedule
ModerateSignificant reduction in contingency or schedule slack
LowSmall reduction in contingency or schedule slack
Very LowMinimal reduction in contingency or schedule slack
The advantage of this qualitative approach is that, while subjective, the project team can quickly get in tune with the distinction between levels by working through a number of risks together, and can then assess their own risks fairly consistently. The disadvantage is that the system does not straightforwardly allow “adding-up” or otherwise aggregating the total risk. Rather, a risk distribution is used to display the project risk position, as will be seen below.