Friday, February 24, 2012

Risk Register

By With 2 comments:
Risk register is created at the end of the Identify Risks process and this is the only output of the process. At this stage, the risk register is created only with initial entries. But, as other risk management processes happen we will see an increase in level and type of information and the risk register will get updated accordingly.

The Risk register at this stage contains:
  • List of identified risks: Identified risks are described in as much detail as possible
  • List of potential responses: The actual responses for identified risks will only be finalized during the “Plan Risk Responses” process. But, it is good to discuss potential responses while identifying the risks and the contributor to the risk identification would be in a good position to provide some input based on his/ her experience in other projects. This also will be useful as inputs to “Plan Risk Responses” process at a later stage.
  • The main aim of the Risk Register at the end of “Identify Risks” process is to identify and record all the risks that can be foreseen. But, as we might have gone through some of the analysis like Cause and Effect Diagram or Root Cause Analysis or Influence Diagram or SWOT Analysis and so on, it would be good if we can include other information like “Root causes” in the risk register

A sample Risk Register is shown below with three identified risks in a construction project. Please take note that in a real project there may be many more risks that have to be identified.

Thursday, February 23, 2012

Diagramming Techniques

By With 2 comments:
Diagramming Techniques are used to identify risks in a project. Some of the diagramming techniques that are included in PMBOK/ PMP are Cause and effect diagram, System or process flow charts and influence diagrams.

Cause and effect diagram

This diagram is also known as Ishikawa diagram or Fish-bone diagram. It is referred to as the "Ishikawa diagram" because Dr. Kaoru Ishikawa, a Japanese quality control statistician, developed this diagram. The name "fishbone diagram" is derived from the fact that the entire diagram resembles a fish skeleton. The diagram illustrates the main causes and sub causes leading to an effect. It is used to identify potential root causes to problems.

You may also be interested in:

System or process flow charts

System flow charts are very helpful to show how various elements of a system interrelate. They can be used to analyze an entire process by following the logical steps leading to an outcome or an objective. Flow charts are acclaimed for their ability to identify bottlenecks and superfluous processes.

You may also be interested in:

Influence diagram

Influence diagrams are graphical representations of situations showing causal influences, time ordering of events and other relationships among variables and outcomes. Influence diagrams show how risks influence one another.

Wednesday, February 22, 2012

SWOT Analysis

By With 3 comments:
SWOT Analysis is one of the tools and techniques recommended in PMBOK/ PMP for the identification of risks in a project. It is a strategic planning tool used to evaluate the strengths, weaknesses, opportunities, and threats to a project. SWOT Analysis can assist you in recognizing opportunities that you are well placed to exploit. It also helps the project manager in understanding the weaknesses of the project so that they can be managed to eliminate threats which otherwise would not have been foreseen/ identified.

As you can see, SWOT Analysis is a framework to identify strengths and weaknesses in a project. This is typically done in interactive groups, like brainstorming sessions, where people can discuss, assess, and elaborate on the identified SWOT elements and analyzing them in depth. It is also a method for maximizing the positive risks (opportunities) and minimizing the negative risks (threats). The analysis and deliberation are designed in such a way to identify avenues to take advantage of strengths and exploit opportunities, as well as minimize the impacts of weaknesses and protect the project against threats.

Tuesday, February 21, 2012

Assumptions Analysis

By With 2 comments:
Assumptions analysis is one of the tools and techniques of Identify Risks process. This analysis explores the validity of all the assumptions that are identified and documented during the project planning processes.

Assumptions analysis identifies risks to the project from inaccuracy, instability, inconsistency or incompleteness of assumptions. It is preferable to have the assumptions accurate, complete and consistent; but, in practice, it is not always possible. So, it is important for the project management team to review the justification or strength or support of the assumptions made. The risks are directly proportional to the consequences or the impacts to the project objectives if the assumption turns out to be wrong.

Checklist Analysis

By With No comments:
Checklist analysis is one of the tools and techniques of the Identify Risks process. Checklist Analysis can provide ideas for risks on a current project. Checklists can be developed based on historical information, knowledge from previous similar projects and from other sources of information. It is also possible to use the lowest level of Risk Breakdown Structure (RBS) as a checklist.

Checklist analysis is quick and simple; can be used by team members who have relatively less experience in similar projects. But, the project manager has to understand that it is impossible to build an exhaustive checklist. So, care should be taken to also explore risks that do not appear on the checklist, because even highly similar projects will have their own, unique and different risks.

Checklists should be reviewed during project closure to incorporate any new lessons learned and also to improve the checklists for future projects.

Monday, February 20, 2012

Documentation Reviews to Identify Project Risks

By With No comments:
Documentation reviews are carried out for getting ideas on risks that may be existing/ foreseen in the project. Documentation reviews involve reviewing the project documentation, including plans, assumptions, project files, and other information in order to identify areas of inconsistency or lack of clarity. The documentation is comprehensively reviewed for completeness, accuracy and consistency. Missing, inaccurate or incomplete information and inconsistencies can be indicators of risks in the project.

The documents that could be reviewed include, but not limited to:
  • Project charter
  • Project scope statement
  • Work Breakdown Structure (WBS)
  • Project schedule
  • Cost estimates
  • Procurement plan
  • Assumptions log

Saturday, February 18, 2012

Information gathering techniques

By With 1 comment:
Information gathering includes various techniques like brainstorming, Delphi technique, interviews and root cause analysis. The ultimate aim of all these techniques is to identify and prepare a comprehensive list of risks in the project.

It is one of the most widely used techniques to identify risks in a project. Project team usually performs brainstorming, often with subject matter experts, risk management experts and other important stakeholders who can contribute to the risk identification. It allows people to come up with risks. During brainstorming sessions there should be no criticism of ideas. The main focus is to open up possibilities of risk. Judgments and analysis at this stage inhibit idea generation. Ideas should only be evaluated at the end of the brainstorming session. Brainstorming sessions always have a facilitator to lead the team and help turn their ideas into a list of risks

Delphi technique
This technique is used to build consensus of experts who participate anonymously. A facilitator uses a questionnaire to solicit ideas about important project risks. The questionnaire is often designed with forced choices that require the experts to select between various options. The responses are summarized and re-circulated to the experts for further review until consensus on the final list of risks is reached. Delphi technique helps reduce bias in the data and keeps any one person from having undue influence on the outcome.

Interviewing is generally a face-to-face meeting that includes question and answer sessions. The interviews are conducted with project manager, project team, stakeholders, subject-matter experts, and individuals who may have participated in similar, past projects. Interviews help us to get first-hand information about others' experience and knowledge.

Root cause analysis
Root cause identification is a technique for identifying essential causes of risk. Reorganizing the identified risks by their root causes will help to identify more risks. This technique enables you to understand the risk more clearly so that responses can be planned to prevent recurrences.

Thursday, February 16, 2012

Identify Risks: ITTO

By With No comments:
Identify Risks is the second project management process in the Project Risk Management knowledge area. It follows the process Plan Risk Management .

In my opinion, Identify Risks is the most important process in the risk management knowledge area. All the processes that follow will be effective only if the risks are identified properly. So, a project manager or his/ her project team should devote their maximum effort to identify as many risks as possible at the initial stages of the project.

Generally, the participants in this process will include the project manager, project team members, risk management team, customers, end users, stakeholders, domain experts and risk management experts. It is a good practice to encourage all project personnel to identify risks. A good project manager will involve the entire project team in identifying the risks as it instills a sense of ownership and responsibility for the risks. This also will help in implementing associated risk response actions at a later stage.

Please take note that Identify risks is an iterative process throughout the entire life cycle of the project as new risks may appear or become known as the project progresses.

You may also be interested in:

The following are the Inputs, Tools & Techniques and Outputs (ITTO) of the process "Identify Risks",


1. Risk Management Plan
2. Activity cost estimates
3. Activity duration estimates
4. Scope baseline
5. Stakeholder register
6. Cost management plan
7. Schedule management plan
8. Quality management plan
9. Project documents
10. Enterprise environmental factors
11. Organizational process assets

Tools & Techniques

1. Documentation reviews
2. Information gathering techniques
3. Checklist analysis
4. Assumptions analysis
5. Diagramming techniques
6. SWOT analysis
7. Expert judgement


1. Risk Register

Tuesday, February 14, 2012

Probability and Impact Matrix

By With 3 comments:
Probability and Impact Matrix is a tool for the project team to aid in prioritizing risks. As you know, there may be several risks in any project. Depending on the size and complexity of the project in hand, the risks may vary somewhere from double digits to triple digits. But, do we have the time and money to look into all these risks, let alone the response action. The answer is NO; we do not have such luxury of time. So, it is necessary to find a way to identify those critical risks which needs the most attention from the project team.

Probability and Impact Matrix uses the combination of probability and impact scores of individual risks and ranks/ prioritizes them for easy handling of the risks. In other words, the probability and impact matrix helps to determine which risks need detailed risk response plans. It is vital to understand the priority for each risk as it allows the project team to appreciate the relative importance of each risk.

For example, a risk with a high probability/ likelihood of occurring and which will have a high impact on the project objectives will likely need a response plan.

You may also be interested in:

The matrix generally used is a 3x3 matrix (with Low, Medium, High rating for Probability and Impact) or 5x5 matrix (with Very Low, Low, Medium, High and Very High ratings for probability and impact).  A sample Probability-Impact Matrix is given below for your reference.

How to use this matrix? If a particular risk has a moderate probability and the estimated impact of this risk is major, then you look into the respective row and column to identify the risk rating. For a moderate probability and major impact, the risk rating in the above matrix is "Medium". The colors are visual indications of the seriousness of the risks.

We will use this matrix in the risk assessment process to determine the risk rating for each risk.

Monday, February 13, 2012

Risk Probability and Impact

By With 1 comment:
The concept of Risk Probability and Impact is the fundamental building block on which Project Risk Management is raised. In this article, we will try to understand what is risk probability and what is risk impact.

Risk Probability

Risk Probability (sometimes known as likelihood) describes the potential for the risk event occurring. The probability of a risk occurring can range anywhere between 0% and 100% or it can be expressed as a number between 0 to 1. But, it can neither be 0% nor be 100%. Can you see why not?

If the risk probability value is 100%, then it is certain to occur; and as such, it defeats the definition of risk, an uncertain event or condition that may or may not occur. It cannot also be 0% for the same reason, as it means it is certain not to occur.

You may also be interested in:

Risk Impact

Risk Impact describes the effects or consequences the project will experience if the risk event occurs. The impact may be in terms of money, time, organization's reputation, loss of business, injury to people, damage to property and so on.

Probability and impact scales can be defined in terms of relative or ordinal (High, Medium, Low), linear or cordinal (1, 2, 3, 4, 5) or non-linear (1, 2, 4, 8, 16).

Friday, February 10, 2012

Who is a risk owner?

By With 6 comments:
It is an essential part of risk management to assign an owner for each risk. Why is it so? Why do we need a risk owner? Are we passing on the risk to a particular team member? No, not really. Identifying and assigning a risk owner is to make it clear who is responsible for what risk.

A risk owner is any individual, generally a project team member, who is responsible for the management, monitoring and control of an identified risk, including the implementation of the selected responses.

The risk owner should be capable of managing the risk and have the knowledge, resources, and authority to deal with the risk. Selecting the risk owner thus usually involves considering the source of risk and identifying the person who is best placed to understand and implement what needs to be done. Risk owners should be added to the risk register.

You may also be interested in:

Risk owners would be required to assess their risk and report to the project manager on a regular basis the status of the risk. Depending on the project, there can be a separate risk register meeting (at defined intervals like fortnightly or monthly) or risks could be discussed as part of the weekly progress/ status meeting. The identified risk owners will provide the updates on the respective risks during these meetings.