Lonergan, Joseph PMAN 637 Section 9042 - Individual Paper 1: Risk Identification

PMAN 637 Section 9042– Individual Paper 1: Risk Response

Joseph A. Lonergan

University of Maryland University College

Fall 2010
 Lonergan, Joseph PMAN 637 Section 9042 - Individual Paper 1: Risk Identification

Risk Management Process

Risk Identification is part of the Risk Management Process examined within detail within PMI's

(Project Management Institute) Practice Standard for Project Risk Management. It is the first step within

the Project Risk Management Knowledge Area as defined within PMI's

PMBoK. This paper shall examine the whole risk management process as

defined by PMI and identify how Risk Identification fits into PMI's Risk

Management process.

1) Step 1: Risk Identification:

The risk identification process "involves identifying all the risks that

may impact the project, documenting them and documenting their

characteristics" (Heldman, 2009, p. 240). If risks cannot be identified

then they cannot be effectively managed, consequently Risk

Identification aims to identify "all the knowable risks to project

objectives" (Standard for Project Risk Management, 2009, p. 25). It is

however impossible to identify all risk at the start of a project. The

primary purpose though is to identify risk to the maximum extent that is

practicable. This process is meant to be iterative and repeating to

identify and find new risks as they become evident.

PMI's Practice Standard for Project Risk Management identifies three Figure 1 : PMI's Project Risk
Management Process
tools and techniques used to identify risk.

a) Historical Reviews: These are reviews which examine past projects of a similar and comparable

nature.

b) Current Assessments: Based purely on

Risk categories
the examination of the project to be

executed, analysis is conducted to

identify areas of uncertainty.

Identified Risks

Figure 2 : Example of a Risk Break Down Structure

 Lonergan, Joseph PMAN 637 Section 9042 - Individual Paper 1: Risk Identification

c) Creativity Techniques: Tools such the "use of a risk breakdown structure which organizes the

categories of potential risk on the project, prompt list, or a set of generic list categories may assist

in ensuring that as many sources of risk as practicable have been addressed..." ( Standard for

Project Risk Management, 2009, p. 25). The use of a Risk Breakdown Structure (RBS) "reduces

the chance a risk event will be missed" and is one of the most commonly used tools to identify

and document project risks. (Gray & Larson, 2009, p. 200).

The deliverable from this step should be the creation of an RBS similar to figure 2.

2) Step 2: Risk Assessment

Step one within the risk management process identified and produced a list of potential project

risks. Not all of these risks though may be applicable to

the project being executed. Some may be trivial and

pose little consequence to the project while others are

serious threats to project completion. The second

phase of the risk management process, Risk

Assessment, evaluates risks identified in step 1, in

terms of the "likelihood the event is going to occur and

the impact of consequences of its occurrence" (Gray &

Larson, 2009, p. 202).

PMI's Practice Standard for Project Risk

Management divides the Risk Assessment process into Figure 3 : Example of a cardinal scale definitions

two subcategories, Qualitative Risk

Analysis and Quantitative Risk

Analysis. Figure 4 : Example of Risk Assessment Form utilizing scale definitions

a) Qualitative Analysis: This

analysis process adds structure "to the list of undifferentiated risks into categories of priority.

Priorities are usually based on the risk's probability of occurring and its potential impact on
 Lonergan, Joseph PMAN 637 Section 9042 - Individual Paper 1: Risk Identification

specific project objectives or on the whole project" (Standard for Project Risk Management, 2009,

p. 35). Figures 3 and 4 are examples of Qualitative Risk Analysis.

The risk analysis process requires "that the different levels of risk probabilities and

impacts be defined. These definitions vary and should be tailored to the specific nature and

needs of the project" (Gray & Larson, 2008, p. 202). Shown within figure 3 are cardinal scales

which define a numerical value for the impact, likelihood and detection difficulty. These scale

definitions can then be incorporated in a risk assessment form, as shown in figure 4. The risks

within the risk assessment form are the risks which were identified within step 1, Risk

Identification and the creation of a RBS.

b) Quantitative Analysis: This analysis process "provides a numerical estimate of the overall effect of

risk on the objectives of the project" (Standard for Project Risk Management, 2009, p. 35). It is

used to "evaluate the likelihood of success in achieving project objectives and to estimate

contingency reserves, usually for time and cost that are appropriate to both the risk and the risk

tolerance of project stakeholders" (Standard for Project Risk Management, 2009, p. 35). An

example of Quantitative Analysis would probability distribution analysis tools such as PERT

(Program Evaluation and Review Technique).

3) Step 3: Risk Response Development

The risk response process determines the effective response actions that are appropriate to the

priority of the risks identified within step one, Identifying Risks of the risk management process. A risk

response matrix is created within this process as shown within figure 5.

The risk response matrix is utilized to identify how project team members will address identified

risks if they occur during project execution. PMI's PMBok and Practice Standard for Project Risk

Management identifies four methods for address risks as they are encountered.
 Lonergan, Joseph PMAN 637 Section 9042 - Individual Paper 1: Risk Identification

a) Avoiding Risk: With risk avoidance the risk is eradicated by eliminating its cause. It requires the

project team to "evade it altogether, eliminate the cause of the risk event, or change the project

plan to protect the project objectives from the risk event" (Heldman, 2009, p. 265).

b) Transferring Risk: To transfer project risk means to pass it on to a third party. This is usually

accomplished with the purchase of insurance or the use of contracting. The risk is still present,

but its ownership has transferred to another party. Other forms of risk transferring are "warranties,

guarantees, and performance bonds" (Heldman, 2009, p. 266).

c) Mitigating Risk: A risk is mitigated when the project team attempts to "reduce the probability that a

risk will occur and reduce the impact of the risk to a level where" the project team can accept it

and its outcomes (Heldman, 2009, p. 266). Examples of risk mitigation include performing tests,

and creating prototypes.

d) Accepting Risk: The acceptance strategy "applies when other strategies are not considered

applicable or feasible" (Standard for Project Risk Management, 2009, p. 47).

Shown below is an example of a Risk Response Matrix which takes the identified risk,

assigns a response and a contingency plan. The Risk response matrix also identifies the

triggering event which will announce the presence of the identified risk, along with identifying who

is responsible for executing any plans associated to the risk.

Figure 5 : Example of Risk Response Matrix

4) Step 4: Monitor and Control Risks

Risk monitoring is the "process of implementing risk response plans, tacking identified risk,

monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout

the project” (PMBoK, 2008, p. 308). It is aim is to ensure risk response plans are executed at the
 Lonergan, Joseph PMAN 637 Section 9042 - Individual Paper 1: Risk Identification

correct time and to evaluate their effectiveness (Standard for Project Risk Management, 2009). In

addition it is also responsible for identifying and planning for new risks as they become evident, it is a

continual processes of monitoring and improving.

Several tools and techniques identified by PMI within Practice Standard for Project Risk

Management to evaluate the status of projects and risk posture are the following:

a) Managing Contingency Reserves: Project trends and forecast outcomes are required to be

monitored to determine if the resource reserves set aside for a project will remain sufficient until

project completion.

b) Tracking Trigger Conditions: Continually refining metrics to allow for the proper verification of

risks identified for a project.

c) Tracking Overall Risk: Reviewing risk responses and ensuring they are having the expected

effect on a project’s risk level.

d) Tracking Compliance: Develop metrics to assess the execution of risk related plans.
 Lonergan, Joseph PMAN 637 Section 9042 - Individual Paper 1: Risk Identification

References

Gray, Clifford F., Larson Erik W. (2008) Project Management the managerial process 4e. New
York, NY: McGraw-Hill Irwin.

Heldman, Kim. (2009). PMP Project Management Professional Exam Study Guide 5th Edition.
Wiley Publishing Inc., Indianapolis, Indiana

Marchewka, Jack (2009) Information Technology Project Management Third Edition. Wiley and Sons,
Inc. Hokboken, NJ

Project Management Institute.(2008). A Guide to the Project Management Body of Knowledge

(PMBOK Guide) Fourth Edition. Newton Square, Pennsylvania: Project Management Institute. Project
Management Institute.

Project Management Institute. (2009). Practice Standard for Project Risk Management. Newton
Square, Pennsylvania: Project Management Institute. Project Management Institute.

U.S Department of Defense Extension to: A Guide to the Project Management Body of
Knowledge (PMBOK Guide) First Edition Version 1.0 June 2003). (2003). Defense Acquisition University
Press, Fort Belvoir, VA.