Broadleaf Capital International: Project Risk Management

Every project gives rise to fresh challenges and presents us with new uncertainties. Not only is each project unique, but budgets and schedules are invariably under pressure.

Projects are almost always risky for their sponsors and might threaten the careers of those charged with delivering them, so formal methods for understanding and managing project risks are being used with increasing frequency.

We have set out examples of some common risks and the links between them elsewhere on this site (see right).

The Importance of Cost-Effectiveness

Formal methods do not have to be complicated or time consuming. They must be well founded though and implemented cost-effectively. Ill conceived and ill informed attempts at risk management can absorb substantial resources for little or no gain.

It is useful to divide risk management on projects into two areas:

Understanding the individual risks;
Assessing the total risk that a project represents to an organisation or business.

ON THIS PAGE

Types of project risk
Cost-effectiveness
Individual risks
Overall risks
Project risk model
Value improving practices (VIPs)

Click anywhere in left or right borders to return to the top of this page.

TYPES OF RISK

Click on the image below for an illustrative analysis of different types of project risk, showing their inter-relationships and our suggested ways of addressing them.

Individual Risks

To formulate plans for managing risks, it is necessary to identify individual risks and then assess the priority they should be given within the project.

This can often be achieved using qualitative assessment techniques, drawing on quantitative information only when it is necessary to clarify the likelihood or potential consequences of a risk.

A well managed risk assessment can show which issues a team needs to focus on and help them develop strategies for addressing the risks much more cost-effectively than informal or ad hoc methods.

RISK MANAGEMENT OVERVIEW

Our tutorial on the Australia / New Zealand Risk Management Standard offers you an overview of the subject of risk management.

Just click on the image below to download it (40kb PDF).

We base our approach to risk identification, priority setting, treatment and monitoring on the Standard AS/NZS4360 (see left).

A structured approach to brainstorming risks ensures that:

effort is applied uniformly to all the areas requiring attention; and,
a meaningful result is produced in the time allotted to the exercise.

The output of a risk workshop is a set of risks in priority order, generally with someone's name against each of the most severe. The severity of risks is assessed by evaluating their likelihood and impact and using a classification matrix similar to that illustrated below.

Risks are usually assembled into a risk register detailing:

the nature of the risk;
what measures are already in place to control it;
the likelihood and impact of the risk;
its priority based on that likelihood and impact;
the name of the person responsible for monitoring and treating it.

After the initial workshop, either as part of their general duties or in another workshop, the team will develop risk treatment plans. See the description of the Standard AS/NZS4360 (above left).

Risks will usually then be reviewed at regular project meetings and subject to a major review every 6 to 12 months or at times of significant change and disruption.

Overall Risk

An assessment can be made of the overall risk associated with a project, generally in terms of its financial and schedule targets, given a defined scope and plans. Models can be used to represent individual uncertainties in terms of probabilities and distributions and link them to the uncertainty in the overall outcome of a project. These models are generally evaluated using Monte Carlo simulation, for which we usually use @RISK (see right).

Models simplify target setting and the establishment of realistic contingency holdings.

The output of a risk model offers a sound basis for negotiating commitments between customers and suppliers or between business managers and project managers.

The results can also be used to weigh the risk of a project against the general level of risk in an organisation's operations as a whole.

A typical risk model output is illustrated schematically below. It shows the range of realistically likely outcomes for a measure that you would generally want to minimise, such as the cost or duration of a project, and the likelihood of exceeding a target set somewhere in that range.

Many of our services are based on Palisade products, including @RISK. We are a Value Added Reseller for Palisade tools and we offer training in their use. Click on the image below for further information.

If you know what expectations already exist about a budget or completion date, you can use this to decide whether they are realistic.

If they are not realistic you might try to change the expectations or alter the approach to completing the work to make it quicker and cheaper.

If you have not yet bid for the work or decided to proceed, you could also decide to put your resources into something more likely to succeed.

This sort of analysis can be applied to measures other than the cost and duration of a project. NPV, payback, IRR, system throughput, productivity, cash flow over time and most other numerical measures of a business or project can be examined this way to help you understand and manage the uncertainty in them.

For further information about range analyses for projects, please see these links which are also found on the Tutorials page:

VALUE IMPROVING PRACTICES

Project risks may be significantly mitigated by implementing Value Improving Practices (VIPs) at the early stages of a project. Click on the image below for our PDF which explains the principles and processes of VIPs.