Risk Project Analysis (RIPRAN) Project Management Lucie Reczzkova B304 Reczkova@opf.slu.cz Office hours: Wednesday 10-11.30 Contents 1.PART •The importance of risk analysis in project management, definition of risk matrix, risk mitigation. • 2. PART •Presentation of the individual steps of the RIPRAN method. • 3. PART •A practical example of the application of the RIPRAN method. Final RECAP. • • • • • Learning objectives After studying this topic, you should be able to: •To classify project risks and determine which of them should be tracked closely. • •Use tools and techniques to determine the likelihood and impact of project risks that have been previously identified. • •Apply the RIPRAN method to your project. • • • • • Learning readings and tutorials You can find support in the following sources : •Video - Risk Assessment https://youtu.be/r5ZrPeQW8HQ • •Kerzner, H., Project management, chapter 17, p. 551 • • • What is project risk analysis? •There are many project risks that can affect your project and, as a project manager, you’re responsible for the risk analysis process. • •It allows project managers to classify project risks and determine which of them should be tracked closely. •Risk analysis helps project managers decode the uncertainty of potential risks and how they would impact the project in terms of schedule, quality and costs if, in fact, they were to show up. • Give examples of risks that may occur in a project... The risk management framework 1.Continuous risk identification 2. 2.Risk evaluation 3. 3.Risk mitigation and contingency measure definition 4. 4.Risk monitoring, reporting and control Step 1: Risk Identification The first step in the risk management process is to identify all the events that can negatively affect the objectives of the project: 1. 1.Project milestones 2.Financial trajectory of the project 3.Project scope These events can be listed in the risk matrix and later captured in the risk register. Step 1: Risk Identification A risk matrix is a tool that is normally used to assess the level of risk and assist the decision-making process. It takes into consideration the category of probability, or likelihood, against the category of consequence severity. Step 1: Risk Identification •A risk is characterized by its description, causes and consequences, qualitative assessment, quantitative assessment and mitigation plan. •It can also be characterized by who is responsible for its action. Each of these characteristics are necessary for a risk to be valid. Examples of tools to help identify risk: •Analysis of existing documentation •Interviews with experts •Conducting brainstorming meetings •Using the approaches of standard methodologies – such as Failure Modes, Effects and Criticality Analysis (FMECA), cause trees, etc. •Considering the lessons learned from risks encountered in previous projects •Using pre-established checklists or questionnaires covering the different areas of the project (Risk Breakdown Structure or RBS). Step 2: Risk Assessment •There are two types of risk assessments: qualitative and quantitative. • •A qualitative assessment analyzes the level of criticality based on the event’s probability and impact. • •A quantitative assessment analyzes the financial impact of the event. Step 2: Risk Assessment Qualitative Assessment •The Risk Owner and the Risk Manager will rank and prioritize each identified risk by occurrence probability and impact severity, according to the project’s criticality scales. • Evaluating occurrence probability (P): •This is determined preferably based on experience, the progress of the project, or else by speaking to a risk expert, and is on a scale of 1 to 99%. •For example, suppose the risk that: “the inability of supplier X to supply certain component by the end of 2025” is 50% probable. This could be determined from feedback and analysis of the supplier’s workload. Step 2: Risk Assessment Evaluating impacts severity (I): •To assess the overall impact, it is necessary to estimate the severity of each of the impacts defined at the project level. A scale is used to classify the different impacts and their severities. This ensures that the assessment of the risk and opportunity is standardized and reliable. •The criticality level of a risk is obtained by the equation: Criticality = P x I •The purpose of the qualitative assessment is to ensure that the risk management team prioritizes the response on critical items first. Step 2: Risk Assessment Quantitative Assessment To evaluate the additional costs incurred by financially reviewing, for example: –Hours of internal engineering –Hours of subcontracting –Additional work to do –Amendments and/or claims made to contracts –Etc. •To calculate the costs of the undesired event’s consequences by adding these values. •This step will make it possible to estimate the need for additional budget for risks of the project Step 3: Risk Treatment The objective of the risk treatment plan is to reduce the probability of occurrence of the risk (preventive action) and/or to reduce the impact of the risk (mitigation action). 7 Risk Response Strategies •Accept: Do not initiate any action but continue to monitor. •Mitigate/Enhance: Reduce the probability of occurrence and/or the severity of impact. •Transfer/Share: Transfer responsibility of a risk to a third party who would bear the consequences of the problem. •Avoid/Exploit: Entirely eliminate uncertainty. When does risk become an Issue? Step 4: Risk Monitoring and Reporting •Risks and their treatment plans need to be monitored and reported on. • •The frequency of this will depend on the criticality of risk. • •Developing monitoring and reporting structure will ensure there are appropriate forums for escalation and that appropriate risk responses are being actioned. PART 2 - RIPRAN The RIPRAN method is based on the principle of risk engineering, that for risk analysis it is necessary to first determine the following four and prepare their relevant list: • Threat - Scenario - Probability – Loss Threat - Danger that is threatening and that is the cause of the harmful consequences and difficulties in the project. (E.g. strong storm, insufficient loan, icing, currency devaluation, strike, dismissal of the project manager, bad subcontracting for the project, ...) Scenario - The event that we anticipate in the project as a result of the threat. (For example, we will not get a loan - we will not have financial coverage for the project, Tom will fall ill - we will lose the only employee who can do it for our project ...) Probability - Probability of scenario realization expressed in the interval <0-1> Loss - Loss for the project, caused by the implementation of the scenario. We usually express it in monetary units (but we can also say otherwise, the size of the time delay, the loss of workers' lives, etc.). PART 2 - RIPRAN • The whole process of risk analysis according to this method consists of four basic steps: 1.Identification of project hazards 2. 2. Quantification of project risks 3. Response to project risks 4. Overall project risk assessment. PART 2 - RIPRAN 1 STEP In this step, the project team identifies the hazards by compiling a list, preferably in the form of a table. The text of the row can be obtained either by looking for the answer to the question: What could happen in the project that is unfavorable if...? This is the procedure where we look for possible consequences to the threat: THREAT →SCENARIO We can also do the reverse and get the complete text of the line answering the question: What can cause such-and-such unfavorable thing to occur in the project? That is, the procedure where we look for the cause of the scenario: SCENARIO → THREAT Here, by threat we mean a specific manifestation of a hazard (e.g. a technical fault in an electrical installation). By scenario we mean an event that occurs as a result of the occurrence of a threat (e.g. a fire occurs in a wooden building under construction). It is important to realise that the threat is the cause of the scenario. PART 2 - RIPRAN 2 STEP In this step, risk quantification is performed. The table established in the first step is expanded by the probability of the scenario occurrence, the value of the impact of the scenario on the project and the resulting risk value in CZK, which is calculated: Risk value = scenario probability * impact value PART 2 - RIPRAN Step 3 Measures are drawn up to reduce the value of the risk to an acceptable level. Proposals for measures are usually tabulated. The RIPRAN method also allows for a textual form of capturing the results of the risk analysis in the following recommended form: Risk serial number: 1 -Threat: -Scenario: -Probability: -Impact: -Proposals for action, responsible, timeframe, cost, risk owner: -Resulting reduced value of risk: PART 2 - RIPRAN Step 4 Assess the overall level of risk and evaluate how high the risk is and whether the project can proceed without special measures. This method obviously requires working with a detailed analysis of threats, scenarios, probability values and impact values. It provides more accurate risk analysis results for the project and supports the team in finding risk reduction measures by offering typical risk reduction measures that help the team find specific measures more easily. PART 3 – RIPRAN summary and example • The whole process of risk analysis following the RIPRAN™ method consists of the following phases: 1. 1.Preparation of the risk analysis 2. 2.Identification of the risk 3. 3.Quantification of the risk 4. 4.Response to risk 5. 5.General assessment of risk RIPRAN – 4 steps completed