You are here

Risk Evaluation

19 January, 2016 - 17:35

After the potential risks have been identified, the project team then evaluates each risk based on the probability that a risk event will occur and the potential loss associated with it. Not all risks are equal. Some risk events are more likely to happen than others, and the cost of a risk can vary greatly. Evaluating the risk for probability of occurrence and the severity or the potential loss to the project is the next step in the risk management process. Having criteria to determine high-impact risks can help narrow the focus on a few critical risks that require mitigation. For example, suppose high-impact risks are those that could increase the project costs by 5% of the conceptual budget or 2% of the detailed budget. Only a few potential risk events meet these criteria. These are the critical few potential risk events that the project management team should focus on when developing a project risk mitigation or management plan. Risk evaluation is about developing an understanding of which potential risks have the greatest pos-sibility of occurring and can have the greatest negative impact on the project (Figure 16.3 Risk and Impact ). These become the critical few.

media/image11.png
Figure 16.3 Risk and Impact 
 

There is a positive correlation—both increase or decrease together—between project risk and project complexity. A project with new and emerging technology will have a high-complexity rating and a correspondingly high risk. The project management team will assign the appropriate resources to the technology managers to ensure the accomplishment of project goals. The more complex the technology, the more resources the technology manager typically needs to meet project goals, and each of those resources could face unexpected problems.

Risk evaluation often occurs in a workshop setting. Building on the identification of the risks, each risk event is analyzed to determine the likelihood of occurrence and the potential cost if it did occur. The likelihood and impact are both rated as high, medium, or low. A risk mitigation plan addresses the items that have high ratings on both factors—likelihood and impact.

Example: Risk Analysis of Equipment Delivery

A project team analyzed the risk of some important equipment not arriving at the project on time. The team identified three pieces of equipment that were critical to the project and would significantly increase costs if they were late in arriving. One of the vendors, who was selected to deliver an important piece of equipment, had a history of being late on other projects. The vendor was good and often took on more work than it could deliver on time. This risk event (the identified equipment arriving late) was rated as high likelihood with a high impact. The other two pieces of equipment were potentially a high impact on the project but with a low probability of occurring.

Not all project managers conduct a formal risk assessment on a project. One reason, as found by David Parker and Alison Mobey in their phenomenological study of project managers, was a low understanding of the tools and bene fits of a structured analysis of project risks (2004). The lack of formal risk management tools was also seen as a barrier to implementing a risk management program. Additionally, the project manager’s personality and management style play into risk preparation levels. Some project managers are more proactive and develop elaborate risk management programs for their projects. Other managers are reactive and are more confident in their ability to handle unexpected events when they occur. Yet others are risk averse, and prefer to be optimistic and not consider risks or avoid taking risks whenever possible.

On projects with a low-complexity profile, the project manager may informally track items that may be considered risk items. On more complex projects, the project management team may develop a list of items perceived to be higher risk and track them during project reviews. On projects of even greater complexity, the process for evaluating risk is more formal with a risk assessment meeting or series of meetings during the life of the project to assess risks at different phases of the project. On highly complex projects, an outside expert may be included in the risk assessment process, and the risk assessment plan may take a more prominent place in the project implementation plan.

On complex projects, statistical models are sometimes used to evaluate risk because there are too many different possible combinations of risks to calculate them one at a time. One example of the statistical model used on projects is the Monte Carlo simulation, which simulates a possible range of outcomes by trying many different combinations of risks based on their likelihood. The output from a Monte Carlo simulation provides the project team with the probability of an event occurring within a range and for combinations of events. For example, the typical output from a Monte Carlo simulation may indicate a 10% chance that one of the three important pieces of equipment will be late and that the weather will also be unusually bad after the equipment arrives.