Monday, August 20, 2012

Section Summary – Overview of Risk Analysis


In this section we took a very high-level look at the Risk Analysis domain of the PMI Risk Management Professional certification examination. Let us now quickly summarize what we have learnt so far.
• Analyzing Risks is the next logical step a risk manager has to perform after risks are identified
• Risk Analysis is used to gauge the impact and probability of the risk to shortlist a few critical risks that may affect our project so that we can concentrate on those risks
• Risk Analysis includes two sub tasks - Qualitative Risk Analysis and Quantitative Risk Analysis
• Risk Analysis increases the team and the managers confidence level in dealing with risks
• It allows us to control risks with a greater success rate
• It helps us to create better responses to the risks
• Risk analysis is not a onetime activity. It is repetitive and we can send a risk for further analysis from both the Respond to Risks process as well as the Monitor & Control Risks process
• Both Risk Analysis and Risk Management are an integral part of project risk management. That is why the PMI RMP exam gives this domain a 30% weightage in terms of no. of questions that appear on the exam

Prev: Risk Analysis & Project Management

Next: Qualitative Analysis - An Intro

Risk Analysis and Project Management


The purpose of this chapter is to understand how Risk Analysis and Risk Management fit into the overall scheme of things in Project Management. Actually speaking, risk management is an integral part of project management. Unless we identify risks and manage them effectively, there is no way we can manage our project properly, much less make the project a success. Since risk analysis is an integral part of risk management, we can safely say that risk analysis too is an integral part of project management.

Look at the image below:


This is a simple illustration of how the various items in a project are connected/related to one another.

1. The Project Management Plan and Scope are in the center – This is because the whole project revolves around these two entities. You can’t manage a project without the PM Plan or without knowing the scope of work to be done. So, they take their rightful place in the center.
2. Schedule, Budget, Resources, Procurements are all in the bottom because they are influenced by both the PM Plan and the scope
3. Communication, Quality and Risk are on top of the triangle. Can you guess why??? Many Project Managers feel that these items Communication, Quality and Risk are not so important or view them as additional no-value-add activities on the project and hence ignore them to a great extent. Unfortunately these activities are vital to the overall success of the project and that is why they intentionally placed at the top of the triangle. They can have a direct bearing on all aspects of the project and hence they are rightfully on top of everything else.

Risk Analysis & Management not only considers what is happening inside the project. They also consider outside elements that may influence/impact the project. As risks are analyzed, more details like “when we can expect an activity to finish?” become clear. This information is usually fed-back into other processes so that they will know when to start/stop. Risk Management is literally connected to every single activity that happens in a project. That is why Risk Management is so important.

To summarize – Risk Analysis & Risk Management:

• Help control project outcome
• Consider both internal and external factors
• Has a dynamic relationship with almost all elements of the project
• Have a direct bearing on the overall success of the project

In short – Improper Risk Analysis can directly result in Project Failure. Now, can you understand why the PMI has given the highest weightage to the Risk Analysis domain in the exam from the no. of questions perspective?

Trivia:
Risk Analysis contributes 30% of the questions in the exam. You can revise the exam objectives of the Risk Analysis domain by Clicking Here

Prev: Overview of a Risk Analysis Model

Next: Section Summary

Overview of a Risk Analysis Model


You may find a plethora of books on the topic of Project Risk Management. Each of these may portal the topic of risk analysis in a different way. For the PMI RMP Exam, we are more concerned about PMBOK’s interpretation of risk analysis and hence we are going to look at the risk analysis model as the PMBOK suggests.

Look at the picture below:


This is the high-level model for Risk Analysis.

As you can see, the output of the Identify Risks process (risks) are sent as the input to the Analyze Risks process. The analyze risks process has two sub components which are the Qualitative Risk Analysis and Quantitative Risk Analysis. Qualitative Risk Analysis deals with assessing and prioritizing a risk while Quantitative Risk Analysis deals with numerical analysis of the risk. At the end of the day, both these processes focus on the risk’s impact and probability and in almost all cases, both of these analysis steps happen if risk management is to happen in an efficient way in our project.

Once the risk analysis is over, as you can see the output is sent as the input to the Plan Risk Responses process. If you look at the image closely you can see an arrow going from the Analyze Risks process to the Monitor & Control Risks process. This is because, at the end of our analysis we will create a “Watchlist” which contains the list of low priority risk items which we feel are not significant at this juncture. So, we send this watchlist to the Monitor & Control Risks so that we can keep an eye on these low priority items.

Another thing you might have noticed in the image is that, you can see arrows going from both the Monitor & Control Risks process as well as the Respond to Risks process. This means that the risk analysis process is iterative and happens multiple times during the course of a projects risk management activities.

Are you wondering if both Qualitative & Quantitative analysis happen for all risks?

If you are, the answer is No. Not all risks go through both analysis phases. We typically first do the Qualitative Risk Analysis and if we need to analyze it further we send it to the Quantitative Risk Analysis process. Look at the image below:


Once Quantitative Risk Analysis is complete, the output of the overall analysis is sent to the Respond to Risks process. Let me repeat – NOT ALL RISKS ARE ANALYZED BOTH QUALITATIVELY AND QUANTITATIVELY.

The PMBOK says that if we need any further details while formulating responses for the risks in the Respond to Risks process, we can send those risks back to the risk analysis process. Remember that I said risk analysis is iterative just a few paragraphs ago?

Look at the picture below:


Lower priority risks are usually put into a watchlist and sent as input to the Monitor & Control Risks process where they will be constantly monitored to ensure that their priority or impact hasn’t changed since we put them there. This is done to ensure that, any changes to the probability or impact or priority of the risk does not take the project by surprise.

To Summarize – A Standard Risk Analysis model will involve the following steps:

1. First you Assess the risks
2. Then you prioritize them
3. Then you determine which risks are urgent
4. Then you determine which risks are low priority and need to be placed in a watchlist
5. Then you analyze certain high priority risks on a numerical level (Quantitative Risk Analysis)
6. Then you determine the probable outcomes of those risks that you analyzed quantitatively and plan a response for those risks.

This is just a high level overview of the risk analysis model. We will be covering more details of the individual steps of risk analysis in the subsequent chapters & sections

Prev: Goals & Benefits of Risk Analysis

Next: Risk Analysis & Project Management

Goals and Benefits of Risk Analysis


Risk Analysis as you might have seen in the previous chapter is very vital to efficient project risk management and as you might have guessed will have loads of benefits. The purpose of this chapter is to elaborate on Goals and Benefits of this process.

Goal of Risk Analysis

The goal of risk analysis is to analyze a risk and gather more information about the risk like its probability, impact, priority etc. so that we can appropriately address them.

The above is a very generalistic goal description of this process.

But, before we can analyze risks, we must first define the standard for risk impact and probability. This activity is called Risk Assessment. Everyone in the team including the stakeholders must be on the same page on how we gauge a risks probability or impact. We should not proceed to the risk analysis stage without this information.

Trivia:
I have used the term “Should Not” instead of “Cannot” in the previous statement about proceeding to risk analysis without risk assessment. Are you curious why I did that? Well, you can always proceed to risk analysis without this information. Nobody can stop you. But, how effectively you can analyze risks without this information is a very big question mark here. That is why I have said “Should Not”

Since Risk Assessment is a distinct subset of this risk analysis activity, let us first take a look at its benefits and then we will list down the benefits of risk analysis.

Benefits of Risk Assessment:

1. Allows the risk management team to focus on higher priority risks
2. Makes sure that everyone is on the same page in terms of dealing with risks
3. Forces organizations to define the guidelines for risk assessment and analysis
4. It considers risk impact and probability jointly
5. Etc.

Benefits of Risk Analysis:

The benefits of Risk Analysis include everything we saw as benefits of risk assessment plus

1. Provides clarity on the damage or the opportunities about the risk
2. Increases the confidence level of the team in dealing with risks
3. Arms us with enough information to deal with those risks in the best possible way
4. Allows us to control risks with a greater success rate
5. We can take better informed decisions about handling risks
6. We can create better responses for the risks
7. Helps us foresee what may happen in future which can help us decide better
8. Etc.


Do you remember that I talked about “Uncertainties” and their correlation to risks in one of our earlier chapters titled “Managing Uncertainty”? Uncertainties directly result in risks. Risk Analysis deals with reducing this uncertainty by analyzing and identifying more and more information thereby reducing the uncertainty about things which in turn reduces the risks.

Prev: Introduction to Risk Analysis

Next: Overview of a Risk Analysis Model

What is Risk Analysis?


In the previous sections we have taken a detailed look at the Risk Management Plan, Risk Register and almost everything else that you do in the starting stages of your projects risk management. You have identified the risks and have communicated it with your stakeholders. So, as per the risk management process flow, what will you do next?

Analyze those Risks

People easily confuse risk analysis and risk management. They think that analyzing risks is all risk management does. Unfortunately, they fail to realize that analyzing risks is only a part of risk management and there are a lot of activities after we actually finish analyzing the risks. In a majority of cases, people don’t do any dedicated risk management activity at all. So, I would say that, those who confuse these two activities and at least do perform risk analysis are better than those who don’t perform any risk management activities at all.

What is Risk Analysis?

If you ask this question to someone who has been working on multiple projects in their career, the will answer in either of the below ways:
a. It involves numerical analysis
b. It heavily revolves around the risk’s impact and probability
c. It requires expert judgment
d. It relies on stakeholder tolerance of risks
e. Etc.

Actually speaking all of these responses above is correct.

Yes, risk analysis involves numerical analysis. The person is probably referring to the Quantitative Analysis part of risk analysis. During the course of risk analysis we are always concerned about the chances as to whether a risk will happen or not and the impact of a risk if it happens. So, point no.2 is right as well. The whole risk analysis activity is not stand-alone. The project or the risk manager cannot do risk management by himself. He will enlist the help and expertise of SMEs both internal and external to the organization (as required) along with the help of risk experts who may be either within or outside the project. So, all in all, the whole risk management activity utilizes the expertise of numerous experts and hence point no.3 is right as well.

All said and done, the analysis we do and the steps we take to manage risks will all be guided by the “Stakeholder Risk Tolerance”. If your project sponsor or customer is old-school and doesn’t like taking chances, then in all probabilities you won’t be taking any major risks in your project. So, point no.4 is correct as well.

Risk Analysis typically involves:
a. Risk Identification
b. Risk Assessment and
c. Numerical Analysis of Risks

In the previous chapters we learnt about the creation of the Risk Register and the Risk Management Plan. Do you remember that the Risk Management Plan contains the Probability & Impact Matrix? This probability and impact matrix will be used in risk analysis. It is those risks that we identified and added to the Risk Register that will be analyzed in this stage. Risk Analysis tells us what areas of the project are prone to be affected by risks. It guides us in developing better responses. It also helps us understand which risks require a response, if so when along with details on how drastic a response is required for the risk. Unless we do proper risk analysis, there is no way we can come up with a proper response that can actually help us manage the risk.

Prev: Section Summary - Communicating Project Risks

Next: Goals & Benefits of Risk Analysis
© 2013 by www.getpmpcertified.blogspot.com. All rights reserved. No part of this blog or its contents may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the Author.

Followers

Popular Posts