6 minutes reading time
Amongst the accepted project control disciplines is risk, issue and opportunity management. A risk is defined as ‘an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives’. An opportunity has a positive effect on project objectives – providing more effective project delivery. An issue is a risk with a probability of unity – a risk that has manifested itself into reality.
The international standard for risk management is ISO31000:2018. The purpose of ISO 31000:2018 is to provide principles and generic guidelines on risk management. ISO 31000:2018 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the assortment of previous standards and methodologies that differed between industries, subject matter areas and regions of the world.
Qualitative & Quantitative Risk Management
Imagine yourself as an Integrated Product Support (IPS) project manager working on a design project, building a new component to be inserted into a control system. It is likely that certain things will not go according to plan during the project. To stay in control of the project, you need to carry out risk management activities before the design begins.
The risk management process includes four main steps: identifying potential project risks, analysing these risks, selecting appropriate risk responses and monitoring the project. There are two approaches to risk analysis - quantitative and qualitative. Qualitative risk analysis is the process of assessing individual project risk characteristics - the probability of occurrence and the impact they would have on a project if happening - against a rating scale.
The rating scale used for the analysis groups project risks into three or more categories according to their impact; for instance, low, medium and high. The risk can impact numerous project elements: budget, schedule, deliverables, scope or available resources. The risk probability can be evaluated using the same or similar categories. The rating scale can be customized to fit organizational needs and then used across all projects within an organization for consistency.
In addition to assessing risk against a pre-defined scale, the qualitative risk analysis can also group them based on their source, like market risks or regulatory risks, or effect, like causing delay or increasing costs.
Quantitative Risk Management represents the discipline which deals with the ability of a project or organization to quantify and manage its risk. This scientific approach to business is becoming increasingly critical in today’s world as organizations need to satisfy stakeholders who demand it. Quantitative risk management is a process for assigning a numeric value to the probability of an adverse event based on known risks and available, objective data. Probabilities can be expressed as a percentage up to 99.99% or as a probability between 0 and 0.9999. It is used to determine potential direct and indirect costs and schedule effects based on values assigned to the risk.
In relation to an IPS program the underlying aims of the quantitative risk activity will be to undertake cost and schedule risk analysis to enable the production of ‘S’ curves providing 3-point estimates of the cost and schedule effects of the risks within the IPS program.
The benefits to an IPS program
Risk management is a core approach that ensures any potential threats to the success of the IPS program are identified and dealt with before they undermine the project. For an IPS project manager, risk management is a key process for project control. Armed with a risk register and a committed team, the IPS project manager can plan for any eventuality.
Risk management has extensive benefits that can fundamentally change how a project management team makes decisions. The following are some of the benefits of a robust approach to IPS risk management:
Cost & Schedule Risk Analysis
Cost Estimate Risk Analysis (CERA) comprises an in-depth review of the risks and uncertainties that influence cost estimate outcomes, followed by an assessment of the contingency, estimate accuracy, and management reserve required to execute the IPS project.
Schedule risk analysis is a planning procedure that aims to improve the predictability and performance of a project. As a result, it helps project managers assess the likely impact of uncertainty and of individual risks on time to completion.
Granularity in the cost and schedule risk analysis process is achieved by undertaking Monte-Carlo simulation on the risk data held in the Risk Register. By simulating the various outcomes suggested by the data S curves are created which will enable a 3-point estimate to be created against selected confidence levels (commonly, 20%, 50% and 90%) to provide a pessimistic, most likely and optimistic view. The figure below is an example of a cost risk S curve; similar S curves can be created for schedule analysis.
Tools to assist
There are several proprietary risk and project management tools available and some add-ons for Microsoft applications. Some of the more capable tools have embedded risk management functions within them which automatically carry out Monte-Carlo simulation and provide the S curves.
Risk, Issue & Opportunity management are key tools in the armoury of an IPS project manager. Whilst much of the risk assessment can be undertaken qualitatively, use of quantitative techniques enables the production of cost and schedule risk estimates which provide greater clarity to the project and enables the project manager to identify challenges before they manifest themselves.