PMI CAPM – Administer Project Risk Management Part 3

4. Perform Project Risk Analysis

Performing project risk analysis really leads us to how will we do risk responses. We have two flavors of risk analysis that we’re going to talk about in this lecture. So we want to analyze the risk for probability and impact hacked on project success. So this is PMBOK eleven three. First off we’ll talk about performing qualitative risk analysis, qualitative, qualifies risk events. We’re just seeing what’s the validity of this even being a risk to worry about in our project. It’s a fast subjective approach to analysis. All that you’re doing is you qualify the risk for more analysis. So this can be done as you identify risk or you can do your brainstorming or delphi technique or however you identify risk and then do qualitative risk analysis. But you can use a cardinal or an Ordinal scale.

And we’ll look at that coming up. Our edo for perform qualitative risk analysis. We’ll use our risk management plan, the scope baseline scope statement, WBS, WBS dictionary, the risk register and EEF and OPA tools and techniques. We’re going to do a probability and impact assessment of all of our risk that will help us create this probability and impact matrix. We’ll do risk data quality assessment, risk categorization, our urgency assessment, those risks that are most prominent or most imminent I should say, in our project, and then those risks that have a high probability and high impact. And we’ll use expert judgment. Our outputs here will be project document updates like the risk register and our risk response planning, which is coming up.

So we have some layers to this next several processes. This is the probability impact matrix. First column we have all of our risk identified. Next column is the probability. What are the odds of that risk happening, the impact of the event? And that leads us to a risk score. It’s a subjective score. So what we do is we say, okay, in this case we’re using an Ordinal scale and you can see their data loss is low, its impact would be high. So we’ll give it a moderate score. We don’t really dig in to see really what is the probability. We’re just kind of quickly with our subject matter experts like our project team members getting a quick judge of probability and impact.

So you could do ordinal like very low to very high. Or you could do a rag rating, red, amber, green, where you color code the different risk. Or you could do a cardinal scale, like on a scale of one to ten. So if we had a probability of four and an impact of eight, you would say, okay, that gets a score of 32. So you multiply it across, you could have all the way up to a score of 100, would be really severe. But it’s quick, it’s subjective. All that you’re doing is you’re saying these events that have maybe a moderate and greater impact, or I shouldn’t say impact risk score, a moderate or greater risk score.

Those will go on to quantitative analysis where we’re really going to study probability and impact. So qualitative, qualifies, some other qualitative tools that you can use. Risk data quality assessment. How reliable is the data that you’re making these judgments on right now? It’s pretty unreliable because it’s gut feeling, but it might be from past projects. So we have proof already similar risk, we already have evidence of what happened in the past. Risk categorization helps me find trends. So if I can identify a trend, there might be a common cause that we can attack. Risk. Risk urgency assessment. That’s hard to say. Risk urgency assessment means how urgent is it that we do something about this risk right now? Is it going to happen next week or any moment in the project? It could also be this is an urgent risk that immediately requires more analysis.

We’re going to promote it right up to what we’re talking about next. Quantitative analysis because it has a high probability, high impact, and then expert judgment. The project team is often your expert judgment because they are the individuals closest to doing the work. But it could also be stakeholders or consultants or industry groups that you bring in to help do the analysis of your risk. Now in reality, because qualitative is so subjective, you may not be bringing in paying a lot of money for consultants and SME’s in qualitative, more likely in quantitative.

So let’s look at quantitative. Now this is quantifying the identified risk. We qualify and now we quantify. This is usually for more serious risk events. Again, we’re going to use a probability and impact, but it’s not fast like we did in qualitative. Now we’re doing a study of really trying to prove probability and impact. So it takes more time to do quantitative risk analysis. But this helps with decision making for our risk response. Let’s look at our edo here for quantitative. The risk management plan, cost management plan, the Schedule management plan, your risk register, enterprise, environmental factors and OPA. Those are all inputs, our tools and techniques, data gathering and representation techniques.

And then what we’ll talk about in a moment are quantitative risk analysis and modeling techniques, expert judgment, and then our output here will be project document updates because it’s leading us to an understanding of probability and impact and that will help us create a contingency reserve. So what we’re going to look at in just a couple of moments, the goals of quantitative analysis is to first say what’s the likelihood of being successful in the project?

So our key performance indicators, what about reaching a specific project object objective? What is the project’s overall risk exposure? What is this contingency reserve? How much do we set aside just for risk events? We want to find the risks that have the largest impact. How do we manage those and then determine realistic time, cost and scope targets? So what are our goals here for time, cost, and scope and consideration of risk events.

So to go about doing quantitative analysis, well, the first step is interviewing stakeholders and experts, getting their opinion on the risk based on their experience. It’s not just what do they think, it’s based on their experience. So it’s an example of expert judgment. I want to look at risk distribution. If you remember, we could have an S curve in our project.

So if we have an S curve in our project, that’s from the very beginning of the project until the very end of the project is the S curve of our project. Now, risk distribution would say these different marks represent where risks are likely to happen in our project.

I’m not really worried right now about how serious or unserious they are. So remember that on the Y axis we have the cost of the project. And over here on my sloppy x axis is the timeline. But you get the idea. So we need to look at risk distribution because if a risk event happens, let’s say here this amount of money and this amount of time on the project, we have to pay for that risk event. Well, if we pay for that risk event, how much money is left to cover all of these other events still in our timeline in the project? So that’s the idea of risk distribution.

So this leads to expected monetary value. Modeling and simulation. What modeling and simulation means is we will go and run some tests. Perfect example. We’re going to work with a new type of drywall. It’s soundproof drywall, something I wish I had in this room. But we’ve never installed it. We’ve never worked with it before. So we really need to learn how to install this dry wall, the actual sheet rock or whatever you may call it, where you are, the actual physical wall that we put up. So we need some money to go purchase some samples to play with, to experiment with.

And we need a place and time to do that, to model what it’s going to look like when we go into production. So that’s modeling and simulations. We’re actually going to build a little room and run some tests and learn about the risk in using this new material. That’s modeling and simulation. It could be physical. You could also do it in software. You can play what if scenarios and so on. And that expert judgment is a great way to do some quantitative analysis. A term that you need to know for your exam is sensitivity analysis. What sensitivity analysis does is it says, what will this one risk event, what will it have as far as impact goes on the remainder of the project?

So I look at each risk event and I judge how damaging could this be if it happens in the project? So it identifies the risk with the most potential impact all the way down to the smallest. So you’re measuring and examining uncertainties about each risk. You could also do a tornado diagram. It’s where you look at different attributes of time and cost that impact probabilities and it looks like a funnel or a tornado. So sensitivity analysis, a probability impact matrix, just like we saw with qualitative, we can do here in quantitative. So it’s a cardinal scale. It shows our risk exposure for the project and it’s the sum of the risk exposure leads to our contingency reserve. What we’re doing here is we’re kind of hedging our bets that some risk will happen and some risk will not.

So let’s look at a probability impact matrix. So it’s very similar to what we saw in Qualitative. The difference being here, we’re always using a cardinal scale. So we have our risk in the first column, our probability, the odds of it happening, in the second, the impact, what’s it going to cost us. And the last column, that means the expected monetary value, ex dollar sign V, you just multiply it across probability times, impact will show you the expected monetary value. So risk A has 60% chance of happening. Its impact will be negative 10,000. So our expected monetary value is negative 6000. And you do that for each one of these risks. Look at risk C, there’s a 10% chance that it happens.

Its impact is positive $25,000. So this is a positive risk event. So our expected monetary value is $2,500. So you do have to include positive risk events. Pay attention to that on your exam. Think about a couple of things here. Quantitative analysis means we’ve really gone and studied these risks. So we really know this is the actual probability and the actual impact. But look at risk B, it has a 20% chance of happening. Its impact though is huge. It’s negative 75,000. So our expected monetary value is negative 15,000. That little bit of an ease that you feel that’s your utility function, your stakeholder tolerance.

If we add up that last column, all of the expected monetary value, it will total negative 52,500. That’s our risk exposure. Our contingency reserve is typically just the opposite of our exposure. So positive 52, five. What we use that 52 54 will be to respond to or to pay for these risk events should they happen. Now, I know what you’re thinking. If risk B happens, it will cost more than what we even have in the contingency reserve. So this gets back to your stakeholder tolerance, but it also gets back to how competent are you in that probability.

So quantitative analysis really proves 80% of the time this risk is not going to happen. 20% of the time it will. And if it does, it’s going to cost you $75,000. Come down to risk D, it has a 40% chance of happening and it will cost even more negative $85,000. Our expected monetary value is negative 34,000. So what this is introducing to us to here is a couple of things. One, how confident are you in your quantitative analysis? Two, can we buy our way out of that risk? If this is a high profile project like we started out this whole section talking about, I might say, yes, it is.

And instead of having an exposure of $34,000 right now, today, I can spend $12,000 and just make that risk go away. So that’d be a great solution. Or I might say I could spend 40,000. It’s more than our risk exposure, but I know when I spend this 40K, this risk will not happen. It’s going away, or it’s going to be mitigated. So this is setting us up for our future conversation about risk response planning.

On your exam, what I would imagine you might have to do is you’ll see a table like this where the last column is empty, and they’ll ask, what’s the contingency reserve? So you’ll multiply probability times impact for each of it, pay attention to positive risk, sum it up, and then you would find your contingency reserve. It’s going to be a positive number.

So the results of all of this business here in quantitative, we have a probabilistic analysis of the project. How likely are you to hit your time and cost objectives? We have a prioritized list of quantified risk, and then we’ve also identified trends in quantitative risk analysis. Okay, great job. Let’s keep moving forward. Next we’ll talk about risk response planning.