Risk analysis in project
Risk analysis is an orderly process that is part of project planning and risk management in the project, which enables the project manager to identify, plan and manage risks in order to eliminate or reduce them to an acceptable level.
Risk analysis processes include:
- Risk identification
- Risk estimation and evaluation
- Planning risk responses
Risk identification
Risk identification is the process of detecting risk sources and categorizing them. It is an iterative process, which means that it is performed many times during the project. The materials needed to identify risk are:
- risk management plan
- documents resulting from project planning
- list of project stakeholders
- characteristics of the organization's environment
- list of organization procedures
Many techniques are used to identify risks. The most important of them are:
- documentation review
- information gathering techniques, including brainstorming, Delphi, surveys, root cause analysis
- checklists based on the analysis of similar projects from the past
- analysis of project assumptions
- techniques based on diagrams: diagram of causes and effects, influence diagrams, block diagrams.
- SWOT analysis
- expert assessment
As a result of risk identification, a list of identified risks and a list of potential responses to risks is obtained.
Risk estimation and evaluation
When estimating the risk, account should be taken of:
- the impact that the occurrence of a given risk will have on the project
- the probability of a given threat.
There are 3 methods for risk estimation:
Quantitative method of risk analysis
The quantitative method consists primarily in assessing the probability and the effects of the risk by giving them specific parameters. The effects can be described by assessing the results of events and expressed in different categories. The advantages of quantitative methods are the objectivity of results, thanks to which they can be compared and the results have a financial and percentage dimension.
The quantitative methods include, among others, the following techniques: event tree analysis, error tree and FMEA.
The event tree method consists in evaluating a given effect as a result of the sequence of events. It starts with the initiating event and then presents all possible sequences of events. The probability is obtained as a result of the product of probabilities of all events created on the tree.
The error tree is built in the opposite direction. It begins with the effect and the tree develops towards the preceding events.
FMEA in which the risk is assessed in terms of probability of occurrence, difficulty in detecting an error and impact on the project / client.
The quality method of risk analysis
The qualitative method is based on an individual risk assessment based on experience and good practices. This method uses subjective measures and evaluations such as descriptive values of levels. The benefits of the quality methods are:
- no need to quantify the effects and frequency of occurrence of hazards,
- an indication of the general risk areas for which attention is needed,
- the opportunity to include such as e.g. company image, organizational culture, etc.
the possibility to use in the absence of specific information and quantitative data or resources.
An example of risk category description using the qualitative method is presented in the table:
Low probability | Moderate probability | High probability | |
---|---|---|---|
Mild effects | Low risk | Low risk | Average risk |
Moderate effects | Low risk | Medium risk | High risk |
Severe effects | Medium risk | High risk | High risk |
Mixed method
The mixed method is a combination of quantitative and qualitative methods. it is used most often due to the possibility of using the advantages of both methods.
Disadvantages of risk analysis techniques
Most of the risk analysis methods used are characterized by such weaknesses as:
- incompleteness of the risk category
- insufficient data
- not taking into account the secondary risk
- not taking into account the threat caused intentionally
- the difficulty of unambiguously interpreting the results
Planning risk responses
Risk response planning is a process that aims to provide options and actions that reduce or eliminate risk if risk occurs. Scheduled reactions should be proportional to the effects of a given phenomenon and should be implemented in a timely and cost-effective manner. Several risk response strategies are widely used. The most popular are:
- risk avoidance - changing the design in such a way as to eliminate the given risk. This can be achieved, for example, by clarifying requirements, obtaining additional information, improving communication, reducing the scope of the project in order to avoid high-risk activities, adopting best practices instead of innovative methods, avoiding unproven contractors.
- risk transfer - transferring responsibility to another entity does not eliminate the risk but delegates the need to manage it to another entity. Activities and cost of transfer are included in the budget and project plan (insurance, guarantees, contracts, guarantees)
- risk mitigation - reducing the likelihood or impact of a given risk to an acceptable level. Risk mitigation is more effective than attempts to repair damage after the fact.
- risk acceptance - the conscious decision not to take any action in relation to risk may result from the fact that there is no appropriate strategy to mitigate the risk. There are 2 types of risk acceptance: active and passive. Active acceptance includes creating an emergency plan in case of risk. In the case of passive acceptance, no actions are taken to mitigate the risk.
- reserve plan - defined only for identified project risks. Its development can significantly reduce the cost of reacting to risk.
Risk analysis in project — recommended articles |
Design risk assessment — Logic matrix — Evaluation of risk — Project risk assessment — Risk evaluation — Scenarios of processes in environment — Risk management process — System safety — Residual risk |
References
- McNeil, A. J., Frey, R., & Embrechts, P. (2005). Quantitative risk management: Concepts, techniques and tools (Vol. 3). Princeton: Princeton university press.
- Embrechts, P., McNeil, A., & Straumann, D. (2002). Correlation and dependence in risk management: properties and pitfalls. Risk management: value at risk and beyond, 1, 176-223.
- Jüttner, U., Peck, H., & Christopher, M. (2003). Supply chain risk management: outlining an agenda for future research. International Journal of Logistics: Research and Applications, 6(4), 197-210.