Project risk assessment

From CEOpedia | Management online
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Project risk assessment is part of project risk management process, which includes: risk identification, risk analysis and risk evaluation. This definition is similar in ISO 31000:2009 standard and PRINCE2 methodology. The PMBoK treats risk assessment as only one of the tools of project risk management. Instead it distinguishes quantitative and qualitative risk analysis.

Project risk assessment should be performed not only at the beginning of the project, but also in each phase. This is necessary because it is often impossible to identify all the risks before the phase initiation.

Risk identification

Identification of risks includes finding:

  • sources of risk,
  • areas of impact,
  • events (incidents) and their causes,
  • potential consequences.

The result of risk identification should be a list of risks with description (risk register). If this step is performed at planning stage of the project, it should include: risk management plan and other plans (if available), activity duration and cost estimates and other project documents.

The simplified identification is performed during the project implementation. Usually employees report possible risks or events to project manager. The project manager decides whether to add them to risk register.

The techniques used in risk identification are:

Risk analysis

Risk analysis should lead to better understanding of the risk. It includes consideration of:

  • causes,
  • sources,
  • positive and negative consequences,
  • factors that affect consequences,
  • factors that affect likelihood,
  • affected project objectives.

Each risk can affect multiple objectives, and have multiple consequences.

Consequences and likelihood analysis

The consequences usually impact on costs or time. As the time can be presented as money value, the consequences are described using currency. The impact value describes how severe will be occurrence of the risk.

The likelihood can be described in percent (100% - the occurrence is certain). The likelihood can be assessed based on data from other project, experts judgement or other sources. Product of likelihood and consequences gives expected value. That is expected impact on the project defined in monetary value (risk level).

The extended analysis should be performed during planning phase. During the project implementation often there is no need for such analysis. Many project managers limit analysis to 3 or 5 points scale of likelihood and consequences. It's faster, easier and gives the same effect.

The risks can be presented in risk assessment matrix.

Risk evaluation

The risk evaluation is to help making decisions based on risk analysis. The evaluation returns information about which risks need treatment and what are the priorities. The decisions should take into account wide context of the risk, as well as tolerance of the risk in the project.

The risk evaluation in planning phase of the project can lead to determining overall impact of risks and opportunities on the project. It can help plan time and budget reserves.

Examples of Project risk assessment

  • Risk Identification: This is the process of identifying potential risks that could potentially impact the successful completion of the project. Identification of risks can involve brainstorming sessions with team members, interviews, reviews of existing documents and analysis of past projects.
  • Risk Analysis: Risk analysis is the process of evaluating the identified risks to determine the likelihood and potential impact of each risk. This assessment can involve structured techniques such as failure modes and effects analysis (FMEA) or decision tree analysis.
  • Risk Evaluation: Risk evaluation is the process of assessing the likelihood and potential impact of each risk. This assessment is typically done using a matrix that assigns a numerical value to each risk based on the probability of occurrence and potential severity of the impact.
  • Risk Response Planning: Risk response planning is the process of determining how to best address the identified risks. This can include risk avoidance, risk acceptance, risk mitigation, and risk transfer.
  • Risk Monitoring: Risk monitoring is the process of tracking and evaluating the effectiveness of risk management strategies. This can involve setting up triggers that alert project managers to any changes in the risk environment and can help to ensure that risks are managed effectively.

Advantages of Project risk assessment

Project risk assessment is a process of identifying, analyzing and evaluating potential risks that could affect the successful completion of a project. It can provide a number of advantages to project managers, such as:

  • Improved decision making: By assessing potential risks, project managers can make informed decisions on how to best manage their project and mitigate potential losses.
  • Increased visibility: Identifying risks early on in the project allows project managers to be proactive in responding to potential issues and to anticipate any potential problems.
  • Reduced Uncertainty: Risk assessment can provide project managers with the information they need to develop contingency plans and minimize the impact of any risks that may arise during the project.
  • Improved Communication: Through the risk assessment process, project managers can communicate the potential risks to all stakeholders involved in the project. This helps ensure that everyone is aware of the potential risks and can work together to create plans to minimize their impact.

Limitations of Project risk assessment

  • Project risk assessment may not identify all risks associated with a project. There are many unpredictable risks that can come up in the course of a project, and not all of them can be identified in advance.
  • Project risk assessment is only as good as the data and information used to conduct it. If the data used to assess risk is incomplete, inaccurate or outdated, the risk assessment process will be of limited value.
  • Project risk assessment can be time-consuming. Depending on the complexity of the project and the number of risks involved, it can take a significant amount of time to accurately assess all of the potential risks.
  • Project risk assessment may not identify the best solutions for mitigating or avoiding risks. The effectiveness of the risk management process ultimately depends on the quality of the risk-mitigation strategies used.

Other approaches related to Project risk assessment

  • Sensitivity Analysis: This is a quantitative technique used to identify and measure the impact of changes in the parameters of a system on its output.
  • Decision Tree Analysis: This is a quantitative technique used to analyze the potential outcomes of a decision with certain risks and rewards.
  • Scenario Analysis: This is a qualitative technique used to analyze the probability of a certain outcome based on a set of assumptions.
  • Root Cause Analysis: This is a qualitative technique used to identify the root cause of a problem or to determine the underlying cause of a risk.
  • Risk Register: This is a tool used to track and manage all identified risks and their associated responses.

In summary, other approaches related to project risk assessment include Sensitivity Analysis, Decision Tree Analysis, Scenario Analysis, Root Cause Analysis, and Risk Register. Each of these approaches can be used to help project managers identify, analyze and respond to risks in a proactive and effective manner.


Project risk assessmentrecommended articles
Project risk analysisEvaluation of riskProject cost managementQualitative risk analysisRisk management methodologyDesign risk assessmentRisk assessment frameworkRisk management processRisk evaluation

References

Author: Slawomir Wawak