## S

FIGURE 17-5. Life-cycle risk analysis.

• Requirements documents

• Lessons learned files

• Assumption analysis

• Technical performance measurement (TPM) planning/analysis

• Models (influence diagrams)

• Decision drivers

• Brainstorming

• Expert judgment

Expert judgment techniques are applicable not only for risk identification, but also for forecasting and decision-making. Two expert judgment techniques are the Delphi method and the nominal group technique. The Delphi method has the following general steps:

• Step 1: A panel of experts is selected from both inside and outside the organization. The experts do not interact on a face-to-face basis and may not even know who else sits on the panel.

• Step 2: Each expert is asked to make an anonymous prediction on a particular subject.

• Step 3: Each expert receives a composite feedback of the entire panel's answers and is asked to make new predictions based upon the feedback. The process is then repeated as necessary.

Closely related to the Delphi method is the nominal group technique, which allows for face-to-face contact and direct communication. The steps in the nominal group technique are as follows:

• Step 1: A panel is convened and asked to generate ideas in writing.

• Step 2: The ideas are listed on a board or a flip chart. Each idea is discussed among the panelists.

• Step 3: Each panelist prioritizes the ideas, which are then ranked mathematically. Steps 2 and 3 may be repeated as necessary.

Expert judgment techniques have the potential for bias in risk identification and analysis. Factors that can introduce a bias include:

• Overconfidence in one's ability

• Insensitivity to the problem or risk

• Proximity to project

• Motivation

• Recent event recall

• Availability of time

• Relationship with other experts

There exist numerous ways to classify risks. In a simple business context, risk can be defined as:

• Insurable risk

Business risks provide us with opportunities of profit and loss. Examples of business risk would be competitor activities, bad weather, inflation, recession, customer response, and availability of resources. Insurable risks provide us with only a chance for a loss. Insurable risks include such elements as:

• Direct property damage: This includes insurance for assets such as fire insurance, collision insurance, and insurance for project materials, equipment, and properties.

• Indirect consequential loss: This includes protection for contractors for indirect losses due to third-party actions, such as equipment replacement and debris removal.

• Legal liability: This is protection for legal liability resulting from poor product design, design errors, product liability, and project performance failure. This does not include protection from loss of goodwill.

• Personnel: This provides protection resulting from employee bodily injury (worker's compensation), loss of key employees, replacement cost of key employees, and several other types of business losses due to employee actions.

On construction projects, the owner/customer usually provides "wrap-up" or "bundle" insurance, which bundles the owner, contractor, and subcontractors into one insurable package. The contractor may be given the responsibility to provide the bundled package, but it is still paid for by the owner/customer.

The Project Management Institute categorizes risks as follows:

• External-unpredictable: Government regulations, natural hazards, and acts of God

• External-predictable: Cost of money, borrowing rates, raw material availability

The external risks are outside of the project manager's control but may affect the direction of the project.

• Internal (nontechnical): Labor stoppages, cash flow problems, safety issues, health and benefit plans

The internal risks may be within the control of the project manager and present uncertainty that may affect the project.

• Technical: Changes in technology, changes in state of the art, design issues, operations/maintenance issues

Technical risks relate to the utilization of technology and the impact it has on the direction of the project.

• Legal: Licenses, patent rights, lawsuits, subcontractor performance, contractual failure

To identify risk issues, evaluators should break down program elements to a level where they can perform valid assessments. The information necessary to do this varies according to the phase of the program. During the early phases, requirement and scope documents, and acquisition plans may be the only program-specific data available. They should be evaluated to identify issues that may have adverse consequences.

Another method of decomposition is to create a Work Breakdown Structure (WBS) as early as possible in a program, and use this to evaluate potential candidate risk categories against candidate system or lower level designs. To use this approach, each element at level three of the WBS is further broken down to the fourth or fifth level and evaluated for candidate risk issues.

Another approach is to evaluate risk associated with some key processes (e.g., design and manufacturing) that will exist on a project. Information on this approach is contained in the government DoD directive 4245.7-M, which provides a standard structure for identifying technical risk areas in the transition from development to production. The structure is geared toward programs that are mid-to-late in the development phase but, with modifications, could be used for other projects. The directive identifies a template for each major technical activity. Each template identifies potential areas of risk. Overlaying each template on a project allows identification of mismatched areas, which are then identified as "at risk," and thus candidate risk issues.

The value in each of these approaches to risk identification lies in the methodical nature of the approach, which forces disciplined, consistent evaluation of risk issues. However, using any method in a "cookbook" manner may cause unique risk aspects of the project to be overlooked, and the project manager must review the strengths and weaknesses of the approach and identify other factors that may introduce technical, schedule, cost, program, or other risks.