Risk Management?

What is Risk?

A probability
that
something
will go wrong!
What is Risk?
What is Risk?
• A risk is an uncertain potential condition or event that, if it
occurs and is not mitigated, may have negative or positive
impact on the project objectives.”
OR
“An event that poses a potential threat or potential opportunity.”

• Not all risks are bad, and not all risks have negative impacts. Some risks
are actually opportunities in disguise.
• For example, agreeing to take on and complete a new project is a risk,
since one of the definitions of a project is creating a unique product or
service, the project itself is a risk that’s taken on to exploit an opportunity.
 Positive Risks & Negative Risks

• Negative Risk (threat): “Each day that a critical piece of equipment

is late in reaching the site, will throw the start up schedule off by
these days.”
• Positive Risk (opportunity):“If we buy pumps for all our facilities
bundled together in one purchase order, we can obtain a volume
discount.”
• In general, we find that a positive risk is an opportunity to be
pursued, while a negative risk is an issue to avoid or mitigate.
What is
Risk Management?
What is Risk Management?
“Practices and procedures that enable managers to identify,
assess, categorize, monitor, control, and mitigate risk before or
while it is transitioning to a problem.”
Risk Management Processes / Steps

Steps involved in Risk Management:

• Risk Management Planning

– Deciding how to approach and plan the risk management activities

• Risk identification (Qualitative & Quantitative)

– determining which risks might affect the project and documenting their characteristics.
– identify project, product and business risks;

• Qualitative risk analysis

– Performing a qualitative analysis of risks and conditions to prioritize their effects on project
objectives;
Risk Management Processes / Steps
• Quantitative risk analysis
– numerically analyzing the effect on overall project objectives of identified risks. Or
– Measuring the probability and consequences of risks and estimating their implications for project
objectives

• Risk Response planning

– Draw up plans to avoid or minimize the effects of the risk; Or
– developing plans and actions to enhance opportunities, and to reduce threats to project objectives.

• Risk Monitoring & Control

– Monitor the risks throughout the project;
Risk Management Processes / Steps
 Risk Planning
& its Tools/Techniques
Risk Planning – Tool / Technique

1.Risk categories
Risk Breakdown Structure (RBS):
The RBS is a hierarchical structure of potential risk sources. Just as the WBS
forms the basis for many aspects of the project management process, so the
RBS can be used to structure and guide the risk management process.

• A good practice is to review the risk categories during the Risk

Management Planning process prior to their use in the Risk Identification

process.
Risk Planning
Tool - RBS
Risk Planning Tool - RBS
Qualitative Risk Identification – Tools & Techniques

• Risk identification tools and techniques include:

–Brainstorming
–The Delphi Technique
–Interviewing
–SWOT analysis
Qualitative Risk Identification – Tools & Techniques
Brainstorming
• A technique by which a group attempts to generate ideas or find a
solution for a specific problem by gathering ideas spontaneously
and without judgment
• An experienced facilitator should run the brainstorming session
Qualitative Risk Identification – Tools & Techniques
Delphi Technique

• The Delphi technique is a way to get opinions and ideas from experts.
• This is another technique that uses a facilitator, but instead of gathering
team members in a room, they send questionnaires to experts asking
about important project risks.
• They take those answers and circulates them all to the experts—but each
expert is kept anonymous so that they can give honest feedback.
• Uses repeated rounds of questioning and written responses and avoids
the biasing effects possible in oral methods, such as brainstorming
Qualitative Risk Identification – Tools & Techniques
Interviews

Interviews are a really important part of identifying risk. Try to find everyone
who might have an opinion and ask them about what could cause trouble on
the project. The sponsor or client will think about the project in a very
different way than the project team.
Qualitative Risk Identification – Tools & Techniques
SWOT Analysis
• SWOT analysis (strengths, weaknesses, opportunities, and threats)
can also be used during risk identification

• Helps identify the broad negative and positive risks that apply to a
project
Risk Identification– Output
Risk Register
• The main output of the risk identification process is a list of identified risks
and other information needed to begin creating a risk register
–A document that contains the results of various risk management
processes and that is often displayed in a table or spreadsheet format
–A tool for documenting potential risk events and related information
Risk Register Contents
Risk Register (Probability Impact Matrix)
• Assess probability and impact of each risk
– Probability scale: values from “very unlikely” to “almost certainty”
– Impact Scale: “very low,” “low,” “moderate,” “high,” and “very high,”
– can assign numerical probability and impact on a linear scale (e.g., 0.1, 0.3, 0.5, 0.7, 0.9)
or nonlinear scale (e.g., 0.05, 0.1, 0.2, 0.4, 0.8)

Risk Risk Probability Impact Risk Score

# (P) (I) (P*I) • The risk management policies that your
1 Snow on the night .80 .60 .48
of the event organization has in place (or that you
2 Not all the .40 .40 .16 establish) may dictate that all risks with
employees show
up overall risk scores greater than or equal
3 Employees get
food poisoning at
.05 .20 .01 to .30 need risk response plans. This means
the dinner
that both the snow risk event and the
4 Banquet hall not .40 .80 .32
set up properly for banquet hall risk event need risk response
awards
presentation plans.
 PARTNER RELATIONSHIP MODULE (PRM) RISK REGISTER
CURRENT RISK
S.no Description OWNERSHIP PROBABILI IMPACT RESPONSE
STATUS FACTOR
TY
Backup remote servers should be activated, DB
team would shift load to remote servers and
100 Database Link Failure Database Team A 0.45 0.75 0.338
monitor performance for slots of 2 hours for 12
hours
Soft reset the VPN tunnel and intimate Emirates
101 Virtual Machine Failure Network Team A 0.4 0.45 0.180
Data Clearing House for a reset at their end too
Mediation team to raise a Critical Trouble Ticket
102 Failure of Encode and Decode Huawei A 0.1 0.6 0.060 and HQ needs to investigate and provide a fix, in
case of revenue leakage Huawei to bear the cost
103 Physical Damage to the Module Planning Team M 0.1 0.7 0.070 Will get insurance of the equipment
Shift the operations to Old PRM module within 1
104 Fire Incident Infrastructure Team M 0.2 0.75 0.150
hour of the incident reported
Maintain Call data records and Revenue Details of
Revenue the outage window and report all information to
105 Revenue Leakage due to Outage Assurance/Billing M 0.6 0.7 0.420 Billing Team, Billing Team needs to ensure that all
Team the CDRs provided gets rated, charged and billed
by the end of a billing cycle
Revenue Revenue Assurance should highlight the leakage to
106 Incorrect Charging Assurance/Billing D 0.5 0.55 0.275 the billing team an billing will need to configure the
Team Tax and charge info according to the agreed rates
Send stress call and sms to concerned Roaming
Fraud Management
107 NRTRDE File Send/Receive Failure D 0.55 0.45 0.248 Partner and Intimate/Report the issue to Emirate
Team
Data Clearing House for its Resolution
Marketing Team will make sure that Standard
Uncertainity/Unavailability of Charging
108 IR Marketing Team D 0.2 0.35 0.070 AA.14 Document is followed in events of
Data
uncertainity till the issue of charging is resolved
 Risk Response
Planning

Positive Risk
Planning

Negative Risk
Planning
Risk Response Planning- Negative Risks
There are four basic strategies for handling negative risks:
1. Avoid:
The best thing that you can do with a risk is avoid it—if you can
prevent it from happening, it definitely won’t hurt your project.

2. Mitigate:
If you can’t avoid the risk, you can mitigate it. This means taking
some sort of action that will cause it to do as little damage to your
project as possible.
Risk Response Planning- Negative Risks
There are four basic strategies for handling negative risks:
3.Transfer:
One effective way to deal with a risk is to pay someone else to
accept it for you. The most common way to do this is to buy
insurance.

4.Accept:
When you can’t avoid, mitigate, or transfer a risk, then you
have to accept it. But even when you accept a risk, at least
you’ve looked at the alternatives and you know what will
happen if it occurs.
Risk Response Planning- Positive Risks
There are four basic strategies for handling positive risks:
1.Exploit :
This is when you do everything you can to make sure that you take advantage of an opportunity. You
could assign your best resources to it. Or you could allocate more than enough funds to be sure that
you get the most out of it.
2.Share :
Sometimes it’s harder to take advantage of an opportunity on your own. Then you might call in
another company to share in it with you.
3.Enhance :
This is when you try to make the opportunity more probable by influencing its triggers. If getting a
picture of a rare bird is important, then you might bring more food that it’s attracted to.
4.Accept:
Just like accepting a negative risk, sometimes an opportunity just falls in your lap. The best thing to
do in that case is to just accept it!
What is Risk Mitigation?

• Risk Mitigation must not be confused with the Planning component. Mitigation
actions are proactive to prevent a risk from occurring and impacting the project or
reducing the impact of the risk. Plans are prepared for execution after a risk occurs,
becomes a problem and starts to impact the project.

• Risks can be mitigated not only by eliminating the risk but also by reducing their
degree of Occurrence and/or lessen the Impact to the project.
What is Risk Mitigation?
Accordingly Risk Mitigation can be broken down into three components:

1.Risk Elimination
2.Risk Reduction
3.Risk Deflection
What is Risk Mitigation?

1.Risk Elimination:
Aggressive, proactive risk mitigation for top priority(1) risks is essential to achieve the full benefits of
Risk Management. For these critical risks it is ideal if the risks can be eliminated entirely as they will
have the greatest negative impact to the project.
Risk Elimination requires carrying out the necessary action(s) to completely remove the identified
issue or problem from the project.

Risk Project Manager has not been appointed

Priority 1-High impact to the success of the project.
Mitigation Appoint an executive member, with
available time to devote to the
project as Project Manager
What is Risk Mitigation?
2. Risk Reduction:
A reduction of the degree of occurrence, or lessening of the impact, can be attained by actions early
in the project.

Risk A new technical environment may not be

suitable or appropriate for the project.
Priority 2-Low Likelihood and High Impact.
Mitigation Conduct a prototype or proof of concept to
ensure that the technology will be able to
deliver the required functionality.

3. Risk Deflection:
Transfer the risk (in part or whole) to another party (already discusses in prev slides)
 Class Activity

Make Risk Register for your

semester projects
Discussion / Questions
?