Let us first define what project risk is, project risk is an uncertain event that, if occurs, has a positive or a negative effect on at least one project objective. A risk may have one or more causes and, if it occurs, one or more impacts. Over here we will define what are the risks associated with a new project, how to define, measure and control those risk. This combine process is called risk management.
Identifying Risk
For any effective identification of the risk involved in a project, there has to be certain corporate culture:
1. The managers should support honest and realistic risk assessment, even if they indicate problems with the project.
2. The managers should be encouraged to talk openly about the risk involved without any fear of reprurcussions.
3. Create an atmosphere where, talking about any kind of risk is allowed.
4. Other key factor in risk assessment is collecting realistic and high quality data.
Creating the right kind of atmosphere is only the first step in risk identification. Overall risk identification is a process to identify various potential risks in a project. Ideally a project manager would create a project risk register, where he would include all the identified risk, he would also earmark the nature of each risk, the step in which it may occur, the kind of effect it may have on the project and the solution for it. This risk register is not static in nature but is dynamic and keeps on changing with each new step in the project. Risk identification is continuous process, new risks may come to light as the project progresses and previously-identified risks may drop out.
Another key to risk identification is involving the right kind of people in risk identification process. Some of the key person that should be involved in all the risk identification process are risk management team, project team (they should be involved in the process so that the project team can develop a sense of ownership of responsibilities for the risks involved) members, project manager, experts both from the project and from outside the project team, customers, end users, other project managers, stakeholders(Stakeholders outside the project team may provide additional objective information), and risk management experts. While these personnel are often key participants for risk identification, all project personnel should be encouraged to identify risks. The potential risk can be identified using:
- A risk break down structure, over here various risk are identified according to the stages of project cycle.
- Managers own knowledge of the previous projects and by cross referencing similar projects done by others.
- Consulting experts from the same field.
After proper identification of the risk, the next important step would be to determine the cause of the risk involved its impact on the project objective. The project risk register should ideally contain the identified risk followed by cause of the risk, the condition under which it may occur, the impact it may have on the project and finally the solution for it. Also it is important to note here that all type of risk should be identified, even the risk that can’t be tackled with like risk of project delay due to weather conditions. Some of the risks that may occur are:
Design Risks
This type of risk arise due to design of the project, some of the design risk are design incomplete, Inaccurate assumptions on technical issues in planning stage, surveys incomplete, hazardous waste site analysis incomplete, unforeseen design exceptions, Incomplete quantity estimates etc.
External Risks
This type of risk generally arise due to factors which are not directly related to the project, some example are landowners unwilling to sell land, local communities pose objections, threat of lawsuits, stakeholders request late changes, political factors or support for project changes etc.
Environmental Risks
Risk arising due to environmental factors like environmental analysis incomplete, environmental clearance for staging or borrow sites required, historic site, endangered species, riparian areas, wetlands and/or public park present etc
Organizational Risks
The risk arising due to company’s policies and structure, like inexperienced staff assigned, internal �red tape” causes delay getting approvals, decisions , priorities change on existing program, funding changes for fiscal year, Overlapping of one or more project limits, scope of work or schedule etc.
Project Management Risks
Risk inherent to the project due to poor management like project purpose and need is not well-defined, project scope definition is incomplete, no control over staff priorities, unresolved project conflicts not escalated in a timely manner etc.
Construction Risks
Risk in projects where construction is involved like: inaccurate contract time estimates, change requests due to differing site conditions, temporary construction easements expire, dewatering is required due to change in water table etc.
Engineering Services Risks
These are risk involved in projects where engineering work is done, like: hazardous materials in existing structure or surrounding soil; lead paint, contaminated soil, asbestos pipe, asbestos bearings and shims, Special railroad requirements are necessary including an extensive geotechnical report for temporary shoring system adjacent to tracks etc.
Financial Risk
Risk due to unforeseen financial problems like Capital budgeting problem, price rise of raw materials, delay in funding, currency fluctuations, interest rate fluctuations etc.
Measuring Risk
Risk can be measured either qualitatively or quantitatively. The measuring technique depends on the nature of the project and risk involved.
Qualitative Risk
Qualitative risk analysis assesses the risks using the probability of occurring of the risk, the corresponding impact on project objectives if the risks do occur, as well as other factors such as the time frame and risk tolerance of the project constraints of cost, schedule, scope, and quality.
Sometimes experts or functional units assess the risks in their respective fields and share these assessments with the team. Across the same project the definitions that will be used for levels of probability and impact should be the same. The organization’s management, project customer or sponsor has an important role in the Qualitative Risk Analysis process.
- The project sponsor defines for the risk analysis lead and team the levels of impact on time, cost, scope and quality that would qualify a risk as having a very low, low, moderate, high or very high impact on each objective.
- The project sponsor determines the combinations of probability and impact that make a risk low, moderate and high priority for each objective in light of the definitions just mentioned.
Once the definitions are in place, team members assess the identified risks’ probability and impact and then put them into high, moderate, and low risk categories for each project objective (time, cost, scope, quality). They rank risks by degrees of probability and impact, using the definitions in place, and include their assessment rationale. For more information and a sample, see Appendix E: Risk Ranking.
Team members revisit qualitative risk analysis during the project’s lifecycle. When the team repeats qualitative analysis for individual risks, trends may emerge in the results. These trends can indicate the need for more or less risk management action on particular risks, or whether a risk mitigation plan is working.
Quantitative Risk
Qualitative measurement of risk involves numerically estimating the probability that a project would meets its financial and time objective. Qualitative analysis involves evaluation of all the quantifiable risk and in most cases these risks identified are analyzed simultaneously to determine its affect on the project. The result is a probability distribution of the project’s cost and completion date based on the identified risks in the project. Quantitative risk analysis in general involves statistical technique called Monte Carlo simulation. Quantitative risk analysis starts with the model of the project, either its project schedule or its cost estimate depending on the objective. The degree of uncertainty in each schedule activity and each line-item cost element is represented by a probability distribution. The probability distribution is usually specified by determining the optimistic, the most likely and the pessimistic values for the activity or cost element – this is typically called the �3-point estimate.” The three points are estimated during an interview with subject matter experts who usually focus on the schedule or cost elements one at a time. The risks that lead to the three points are recorded for the quantitative risk analysis report and for risk response planning. For each activity or cost element a probability distribution type is chosen that best represents the risks discussed in the interview. Typical distributions usually include the triangular, beta, normal and uniform. A specialized Monte Carlo simulation software program runs (iterates) the project schedule or cost estimate many times, drawing duration or cost values for each iteration at random from the probability distribution derived from the 3-point estimates and probability distribution types selected for each element. The Monte Carlo software develops from the results of the simulation a probability distribution of possible completion dates and project costs. From this distribution it is possible to answer such questions as: