Managing Project Risks: Tools & Techniques, Risk Context, And Analysis
- December 21, 2023/ Uncategorized
Approach to Identify the Risks
The project of development of an e-commerce portal for the organization involved numerous internal and external stakeholders. It was necessary to educate and inform the stakeholders about the risk management processes and activities being followed and applied in the project.
For this purpose, communication and training methods were utilized. There is a weekly meeting that the Project Manager carries out with all of the project stakeholders. In this meeting, an overview of the risk management approach and methodology was discussed with the stakeholders. The use of web-based trainings was then done to educate the stakeholders about the details of the steps that were to be used and implemented. The project team was open to the changes and recommendations provided by the stakeholders.
Relation of Risk Management with Scope, Schedule, and Budget
Risk management is one of the knowledge areas under project management. It is closely linked with the other knowledge areas, such as scope management, schedule management, and budget management[1].
The identification of the project risks are required to be done for each of these three areas so that the estimates are adequately made. The inclusion of the risks and uncertainties while defining the project scope or while preparing the project schedule and budget would provide the project team with the ability to handle and mitigate the risks in case of their occurrence.
Tools & Techniques for Risk Management
There are qualitative and quantitative tools and techniques used in planning, analysing, and managing the project risks.
The techniques used for risks identification include information gathering techniques, such as observations, interviews, domain analysis, brainstorming, and group discussions. The analysis of the risks is done using the quantitative techniques, such as SWOT analysis and decision-tree analysis. The mitigation of the risks is done using varied set of tools as per the nature of the risks; for example, technical tools are used to control the security risks and attacks.
Task 2 – Portfolio of Evidence
Identify Project Risks
Risk Context
It is required for the project to adhere to the Information Security and Privacy laws & regulations, such as Data Protection Act, Intellectual Property Rights and IT Law to maintain the privacy and security of the information on the e-commerce portal. The risks have also been defined keeping the ethical and professional codes of conduct implemented in the organization[2].
The expectations, level of interests, and involvement of the internal and external stakeholders is also considered. The schedule and budget of the project can be varied by 6% as the tolerable limits.
Approach to Identify the Risks
The risks will be identified and managed for the project as per the risk management knowledge area defined under Project Management Body of Knowledge (PMBoK). The identification of the risks will be done using information investigation and gathering processes covering the techniques as observations, interviews, domain analysis, brainstorming, and group discussions. The analysis of the risks is done using the quantitative techniques, such as SWOT analysis and decision-tree analysis[3]. The next set of steps includes evaluation, mitigation, control, and closure of the risks.
Involvement of Project Team Members in Establishing Risk Context and Risk Planning
The team members involved in the project include Project Manager, Web Developer, Content Developer, Tester, and Graphic Designer. These resources will play a significant role in establishment of risk context, risk planning, and management.
Project Manager will take inputs from all the other resources on the regulations, policies, and methodologies applicable to their set of activities and the risk context will be defined accordingly. The risks specific to each of the project areas, such as project development, portal testing, portal design and implementation will be provided and illustrated by the resource assigned for the completion of the activity. The risk planning and management will be carried out accordingly.
Analysis of the Project
Risks as Opportunities
- Market Risks: There may be certain fluctuations in the market that may bring down the cost of the tools required to design, develop, test, and implement the project.
- Resource Risks: The effort and productivity estimation will be done for the resources in the initiation and planning phase of the project. However, the resources may exceed the expected levels[4].Consequences & Likelihood.
|
Risk |
Consequence rating |
Description of possible consequences |
|
Schedule Overrun |
4 |
The delay in the due dates of project deliverables will deteriorate the customer trust and engagement and will bring down the reputation of the organization in the market. |
|
Technical Faults |
3 |
There may be unwanted delays that the team may have to go through because of the technical faults ad failures |
|
Security Attacks |
5 |
The security and privacy of the information and data sets may be negatively impacted which may lead to legal obligations as well along with the deteriorate end user satisfaction |
|
Market Risks |
3 |
The budget of the project may come down with the decrease in the costs of the tools and the remaining cost may be utilized in the betterment of other project areas |
|
Resource Risks |
3 |
The resources may be able to finish the project activities before the due dates and the improvements and quality enhancements activities may be done in a better manner |
|
Quality Risks |
5 |
Non-adherence to the project quality standards will lead to poor customer satisfaction and will also negatively impact the goodwill of the organization |
|
Ethical Risks |
5 |
Non-adherence to the project ethical standards will lead to poor customer satisfaction and will also negatively impact the goodwill of the organization[5] |
|
Scope Inflation |
4 |
The budget and schedule of the project will be negatively impacted with too many changes and re-work. The resource engagement and motivation levels will also be poorly impacted. |
|
Legal Risks |
5 |
Non-adherence to the project legal standards will lead to poor customer satisfaction and may also lead to legal obligations and punishments |
|
Health & Safety Issues |
5 |
The resources may suffer from temporary or permanent injuries |
|
Risk |
Likelihood rating |
Explanation of likelihood rating |
|
Schedule Overrun |
4 |
There may be changes in the project as demanded by the client or technical faults that may lead to unwanted delays. |
|
Technical Faults |
3 |
There are several technical tools that will be used in the project and may show certain errors and faults. |
|
Security Attacks |
5 |
There will be too many access points available to the attackers which may allow them to easily give shape to network-based attacks, malware attacks, data breaches and leakage. |
|
Market Risks |
2 |
The market inflation rate is low and the chances of the risk will also be low as a result[6]. |
|
Resource Risks |
2 |
The assignment of resources has been done on the basis of their skill sets and the effort required. It is less likely to change during the project timeline. |
|
Quality Risks |
1 |
There will be reviews and audits done by the management on the aspect of project quality and therefore, the likelihood of this risk is very low. |
|
Ethical Risks |
1 |
There will be reviews and audits done by the management on the aspect of project ethics and therefore, the likelihood of this risk is very low. |
|
Scope Inflation |
3 |
There may be changes in technology, customer expectations, and requirements that may come u and alter the project scope at regular intervals |
|
Legal Risks |
1 |
There will be reviews and audits done by the management on the aspect of legal compliance and therefore, the likelihood of this risk is very low. |
|
Health & Safety Issues |
1 |
The company has a healthy work environment, work culture and atmosphere developed and implemented so the chances of the risk are very low |
Quantitative Risk Analysis
|
List: SWOT (Strengths, Weaknesses, Opportunities, Threats) Analysis, Decision-tree analysis |
|
Description: SWOT analysis of the risks will provide the severity levels of the risks and the ability of the organization to deal with these risks. Decision-tree analysis will provide clarity on the likelihood and impact levels involved with the risk[7]. |
Reflection Prioritization of Risks
|
Risk |
Combined Rating Total |
Risk Priority |
Rationale for Prioritisation |
|
Schedule Overrun |
16 |
2 |
On the basis of the risk rating calculated as per consequence and likelihood scores |
|
Technical Faults |
9 |
4 |
On the basis of the risk rating calculated as per consequence and likelihood scores |
|
Security Attacks |
25 |
1 |
On the basis of the risk rating calculated as per consequence and likelihood scores |
|
Market Risks |
6 |
6 |
On the basis of the risk rating calculated as per consequence and likelihood scores |
|
Resource Risks |
6 |
5 |
On the basis of the risk rating calculated as per consequence and likelihood scores |
|
Quality Risks |
5 |
9 |
On the basis of the risk rating calculated as per consequence and likelihood scores |
|
Ethical Risks |
5 |
10 |
On the basis of the risk rating calculated as per consequence and likelihood scores |
|
Scope Inflation |
12 |
3 |
On the basis of the risk rating calculated as per consequence and likelihood scores |
|
Legal Risks |
5 |
8 |
On the basis of the risk rating calculated as per consequence and likelihood scores |
|
Health & Safety Issues |
5 |
7 |
On the basis of the risk rating calculated as per consequence and likelihood scores |
Risk Response Strategies
|
Risk |
Option |
Explanation of treatment |
Rationale for treatment |
|
Schedule Overrun |
Avoidance & Mitigation |
Audits, reviews, and inspections |
Risk Management approach using PMBoK methodology |
|
Technical Faults |
Transfer |
To third-party vendors |
Risk Management approach using PMBoK methodology |
|
Security Attacks |
Avoidance & Mitigation |
Administrative, technical, and physical security controls |
Risk Management approach using PMBoK methodology |
|
Market Risks |
Acceptance |
Accepted since positive risk |
Risk Management approach using PMBoK methodology |
|
Resource Risks |
Acceptance |
Accepted since positive risk |
Risk Management approach using PMBoK methodology |
|
Quality Risks |
Avoidance & Mitigation |
Quality audits, reviews, and inspections |
Risk Management approach using PMBoK methodology |
|
Ethical Risks |
Avoidance & Mitigation |
Ethics audits, reviews, and inspections |
Risk Management approach using PMBoK methodology |
|
Scope Inflation |
Share |
Communication with project sponsor as the risk will occur due to changes laid out by the sponsor |
Risk Management approach using PMBoK methodology |
|
Legal Risks |
Avoidance & Mitigation |
Legal audits, reviews, and inspections |
Risk Management approach using PMBoK methodology |
|
Health & Safety Issues |
Avoidance & Mitigation |
Health and safety audits, reviews, and inspections |
Risk Management approach using PMBoK methodology |
Risk Register & Action Plan
|
Risk No |
Risk Category |
Risk Explanation including existing Risk Controls |
Likelihood |
Impact |
Rating |
Mitigation Approach/Reaction |
Likelihood |
Impact |
Rating |
|
|
Initial |
|
Residual |
||||||
|
1 |
Schedule Overrun |
The delay in the due dates of project deliverables will deteriorate the customer trust and engagement and will bring down the reputation of the organization in the market[8]. Daily and weekly meetings |
4 |
4 |
16 |
Avoidance & Mitigation |
2 |
2 |
4 |
|
2 |
Technical Faults |
There may be unwanted delays that the team may have to go through because of the technical faults ad failures. Technical reviews |
3 |
3 |
9 |
Transfer |
2 |
3 |
6 |
|
3 |
Security Attacks |
The security and privacy of the information and data sets may be negatively impacted which may lead to legal obligations as well along with the deteriorate end user satisfaction. Intrusion detection systems |
5 |
5 |
25 |
Avoidance & Mitigation |
3 |
4 |
12 |
|
4 |
Market Risks |
The budget of the project may come down with the decrease in the costs of the tools and the remaining cost may be utilized in the betterment of other project areas. Market studies |
2 |
3 |
6 |
Acceptance |
2 |
3 |
6 |
|
5 |
Resource Risks |
The resources may be able to finish the project activities before the due dates and the improvements and quality enhancements activities may be done in a better manner. One on One discussions with resources |
2 |
3 |
6 |
Acceptance |
2 |
3 |
6 |
|
6 |
Quality Risks |
Non-adherence to the project quality standards will lead to poor customer satisfaction and will also negatively impact the goodwill of the organization. Quality management plan |
1 |
5 |
5 |
Avoidance & Mitigation |
1 |
4 |
4 |
|
7 |
Ethical Risks |
Non-adherence to the project ethical standards will lead to poor customer satisfaction and will also negatively impact the goodwill of the organization[9]. Compliance checks |
1 |
5 |
5 |
Avoidance & Mitigation |
1 |
4 |
4 |
|
8 |
Scope Inflation |
The budget and schedule of the project will be negatively impacted with too many changes and re-work. The resource engagement and motivation levels will also be poorly impacted. Weekly meeting with sponsor of the project. |
3 |
4 |
12 |
Share |
2 |
3 |
6 |
|
9 |
Legal Risks |
Non-adherence to the project legal standards will lead to poor customer satisfaction and may also lead to legal obligations and punishments. Compliance checks |
1 |
5 |
5 |
Avoidance & Mitigation |
1 |
4 |
4 |
|
10 |
Health & Safety Issues |
The resources may suffer from temporary or permanent injuries. Audits and reviews |
1 |
5 |
5 |
Avoidance & Mitigation |
1 |
5 |
5 |
Risk Categories
Risk Rating Scales and Overall Rating
|
Risk Action Plan 1 |
|||||
|
Risk No/Item No: 1 |
Risk Description: Schedule Overrun |
||||
|
Risk Rating: 16 |
Risk Category: Schedule Risks |
Risk Treatment: Avoidance & Mitigation: |
|||
|
Action Plan: |
|||||
|
Proposed Action: Audits, reviews, and inspections on project progress |
|||||
|
Resource Requirements : Project Manager |
|||||
|
Responsibilities: Project Manager |
|||||
|
Scope Impact: Project scope unaltered |
|||||
|
Time Impact: Project time unaltered |
|||||
|
Cost Impact: project costs unaltered |
|||||
|
Reporting and Monitoring: Risk review report, risk closure report, audit report |
|||||
|
Prepared by: Project Manager |
Date: 30-08-2018 |
Reviewed by: Project Sponsor |
Date: 30-08-2018 |
||
|
Risk Action Plan 2 |
|||||
|
Risk No/Item No: 3 |
Risk Description: Security Attacks |
||||
|
Risk Rating: 25 |
Risk Category: Security Risks |
Risk Treatment: Avoidance & Mitigation |
|||
|
Action Plan: |
|||||
|
Proposed Action: Administrative, technical, and physical security controls |
|||||
|
Resource Requirements: Web Developer, Tester |
|||||
|
Responsibilities: Web Developer, Tester |
|||||
|
Scope Impact: Unaltered |
|||||
|
Time Impact: Unaltered |
|||||
|
Cost Impact: Cost of technical security tools and controls |
|||||
|
Reporting and Monitoring: Risk review report, risk closure report, security audit report |
|||||
|
Prepared by: Project Manager |
Date: 30-08-2018 |
Reviewed by: Project Sponsor |
Date: 30-08-2018 |
||
Monitor & Control Project Risks
Monitor Risk Atmosphere
The monitoring of the risk environment has been done through the risk reviews and control processes. There is a risk status report that is submitted every week that indicates the percentage of activities completed to treat the risk and the ones pending.
There is also a weekly meeting that is organized by the Project Manager with all the team members to obtain and monitor the project risks.
Outcome of Review & Management of Changes
The review outcomes have shown that there is a change in the risk likelihood and impact that will change the risk management approach as well. There are newer risks, such as operational errors that are also observed. The risks will be managed by using a phased approach covering change identification, execution, management, and closure[10].
Assess Risk Management Outcomes
Project Performance in terms of Risk Management – Effectiveness of the Procedures
The project is performing well in terms of risk management as the majority of the risks are in their closure state.
The procedures will be considered as the project is on-track in terms of schedule, budget, scope, ethics, quality, and regulatory policies.
Risk Management Problems
|
Date |
Description of problem/opportunity |
Recommended Action for next time/project |
Lesson Learnt Raised By |
|
28-08-2018 |
Communication problems while information gathering for risk identification |
Development of communication management plan in advance |
Project Manager |
|
30-08-2018 |
Difficulty in analysis of the huge data sets |
Use of data analytics tools |
Project Manager |
References
Ahmed, Ammar, Berman Kayis, and Sataporn Amornsawadwatana. “A Review Of Techniques For Risk Management In Projects”. Benchmarking: An International Journal 14, no. 1 (2007): 22-36. doi:10.1108/14635770710730919.
Carvalho, Marly Monteiro de, and Roque Rabechini Junior. “Impact Of Risk Management On Project Performance: The Importance Of Soft Skills”. International Journal Of Production Research 53, no. 2 (2014): 321-340. doi:10.1080/00207543.2014.919423.
Pekkinen, Leena, and Kirsi Aaltonen. “Risk Management In Project Networks: An Information Processing View”. Technology And Investment 06, no. 01 (2015): 52-62. doi:10.4236/ti.2015.61005.
Pimchangthong, Daranee, and Veera Boonjing. “Effects Of Risk Management Practice On The Success Of IT Project”. Procedia Engineering 182 (2017): 579-586. doi:10.1016/j.proeng.2017.03.158.
Rabechini Junior, Roque, and Marly Monteiro de Carvalho. “Understanding The Impact Of Project Risk Management On Project Performance: An Empirical Study”. Journal Of Technology Management & Innovation 8 (2013): 11-12. doi:10.4067/s0718-27242013000300006.
Sanchez, Hynuk, Benoit Robert, Mario Bourgault, and Robert Pellerin. “Risk Management Applied To Projects, Programs, And Portfolios”. International Journal Of Managing Projects In Business 2, no. 1 (2009): 14-35. doi:10.1108/17538370910930491.
Serpella, Alfredo Federico, Ximena Ferrada, Rodolfo Howard, and Larissa Rubio. “Risk Management In Construction Projects: A Knowledge-Based Approach”. Procedia – Social And Behavioral Sciences 119 (2014): 653-662. doi:10.1016/j.sbspro.2014.03.073.
Sharma, Satyendra Kumar, and Niranjan Swain. “Risk Management In Construction Projects”. Asia Pacific Business Review 7, no. 3 (2011): 107-120. doi:10.1177/097324701100700310.
Teller, Juliane. “Portfolio Risk Management And Its Contribution To Project Portfolio Success: An Investigation Of Organization, Process, And Culture”. Project Management Journal 44, no. 2 (2013): 36-51. doi:10.1002/pmj.21327.
Thamhain, Hans. “Managing Risks In Complex Projects”. Project Management Journal 44, no. 2 (2013): 20-35. doi:10.1002/pmj.21325
