Project risk analysis
|Project risk analysis|
Project risk analysis is a step in risk management process, a part of project risk assessment. It is a two dimensional analysis where likelihood and consequences of risks (or opportunities) are examined. The step consists of:
- understanding the risks
- analysis of consequences
- analysis of likelihood
- presentation e.g. in risk matrix
Understanding the risks
Risk analysis should lead to better understanding of the risk. It includes consideration of:
- positive and negative consequences,
- factors that affect consequences,
- factors that affect likelihood,
- affected project objectives.
Each risk can affect multiple objectives, and have multiple consequences.
The consequences can be related to:
- project, e.g. costs, time, integrity, staff, health and security, reputation
- product, e.g. reliability, durability, achieving objectives
- surroundings, e.g. politics, local community, natural environment, legislation
The analysis leads to quantification of consequences on scale:
The consequences usually can be presented as a monetary value. Therefore, to each level on the scale a financial impact should be added. The impact value describes how severe will be occurrence of the risk.
The likelihood can be described in percent (100% - the occurrence is certain). The likelihood can be assessed based on data from other project, experts judgement or other sources. If presentation in percent scale is impossible due to lack of data, the likelihood is quantified on scale:
- rare (e.g. less than once in 40 years)
- unlikely (e.g. once in 10-40 years)
- moderate (e.g. once in 1-10 years)
- likely (e.g. once a year)
- certain (e.g. several times a year)
Risk level calculation
The risk level is a product of likelihood and consequences.
If consequences are in monetary value and likelihood is in percent, the product of them shows expected impact on the project, e.g.:
- consequences = $40000 * likelihood = 1% * expected impact value = $40000 * 1% = $400
If the consequences and likelihood are described in 1-5 scale, the product is the risk level, e.g.:
- consequences = level 3
- likelihood = level 2
- risk level = 2 * 3 = 6 (maximum: 25)
In case of multiple consequences of the risk all monetary impact values should be added before calculating expected impact value. In case of using 1-5 scale, usually the highest level of all consequences is used.
The risks can be presented in risk assessment matrix, where on horizontal axis the consequences are shown and on vertical - the likelihood.
|1 insignificant||2 minor||3 moderate||4 major||5 catastrophic|
Each risk can be shown in the matrix. The green zone is an acceptable risk level, the yellow one is increased risk level, while the red one is unacceptable risk level. The project team should aim at lowering risk level from red zone to yellow and green by decreasing the likelihood od consequences.
The quick and simple approach to risk analysis
The extended analysis should be performed during planning phase. During the project implementation often there is no need for such analysis. Many project managers limit analysis to 3 points scale of likelihood and consequences. It's faster, easier and gives the same effect. However it should be limited to project implementation phase only.
- ISO 31000:2009 Risk Management - Principles and Guidelines, Geneva:ISO
- PMI Standards Committee, & PMI Standards Committee. (1996). A guide to the project management body of knowledge. Project Management Institute.
- Siegelaub, J. M. (2004, January). How PRINCE2 can complement PMBOK and your PMP. In PMI global congress proceedings.
Author: Slawomir Wawak