Risk Analysis

Risk analysis consists of nothing more than evaluating possible risks for the probability of them occurring, describing the potential impact, and estimating the severity of that impact. For each risk, the project manager should assign a probability ranking of avoidable, manageable, unavoidable, or unknown, along with the identification of the first possible impact date.

The risk analysis should describe the risk impact, or what will happen if the event does occur. Both tangible results (e.g., financial impacts) and intangible losses (e.g., reduced client satisfaction or team morale) should be considered in the description of the impact. This information may then be used to define impact severity.

■ A rating of low severity means "workarounds" are available.

■ A rating of medium severity indicates no workarounds are available; however, the risk item does not impact milestones or project targets.

■ A rating of high severity indicates that risks that do not have workarounds and will impact the project milestones, target, or success.

The risks should be prioritized, for further analysis and development, based on their probability, impact date, and severity. Table 3.5 shows the various risk avoidance techniques that can be used on a project.

Table 3.5: Risk avoidance techniques and methods

Risk Avoidance Techniques



Creating "worst case scenarios"

Hold project review with team


Hold individual meetings

Risk questionnaire

Develop and distribute risk questionnaire

Decision tree analysis

Use software tool or perform manual analysis

Risk log

Create and itemize all known risks

Risk Identification

Risk Identification

For the project manager, risks can come from many sources, but they can usually be categorized into several areas.

1. Technical risks. These risks to the project are technical in nature and are the result of complexity, integration issues, or technology. For this class of risk, project managers need to be certain that they have the required skills to deal with or mitigate any potential problems that may arise.

2. Financial risks. These risks include threats to the project budget—the danger of unforeseen events causing costs overruns.

3. Schedule risks. Schedule risks are factors that could cause delays in the project, potentially delaying the planned finish date. Often there is a relationship between financial and schedule risks in that delays often incur financial penalties and risks of delay can usually be removed—but at a financial cost.

4. Internal risks. Sometimes called project risks, these risks emanate from within the project itself. They include factors such as technical failures, delays in carrying out scheduled work, errors by project staff, and so on. Generally speaking, these are risks that the project manager can control and is in a position to do something about.

5. External risks. External risks, on the other hand, are threats to the project that come from the external environment. They are sometimes referred to as business risks and are outside the control of the project manager. Examples include legislative changes (which could render the project's products obsolete) or changing market conditions (which could render the business case invalid).

0 0

Post a comment