What is the source of project risks in the school. How to prevent project risks from affecting the business. Project Risk Management Concept: Key Elements

Chapter 10. Project Risk Management

The goal of risk management is to reduce the impact of events that threaten the successful implementation of the project, that is, fraught with a disruption to the schedule, violation of the budget, failure to meet the assigned tasks, as well as low customer satisfaction. With regard to issues such as labor protection (that is, health and safety) and environmental protection, etc., other processes are designed for this. Risk management focuses on issues outside your project plan and beyond your control.

Risk management is part of the project planning processes. After all, it is necessary to develop and include in the plan measures to respond to risks. By making this or that assumption, you are already at risk, because you think that your assumption will turn out to be correct. If your expectations are not met, you face a self-realized risk.

According to RMVOK, both negative (threats) and positive unplanned events can be classified as risks. If you see potential opportunities that, for whatever reason, cannot be realized in the baseline, add them to the risk register. By planning certain activities, you will be able to, perhaps, increase the likelihood of an occurrence or positive consequences in the implementation of these "positive risks" and thereby obtain additional benefits for the project. I advise you to keep a separate register of "positive risks", that is, the so-called favorable opportunities. Please remember that when dealing with "positive risks", all relevant rules are applied in a mirror image.

There are several ways to respond to risks:

1. Take measures to prevent the risk (for example, reduce the consumption of combustible materials to avoid a fire).

2. Identify and track symptoms for early diagnosis of the onset of risk (eg, study forecasts and monitor actual weather).

3. Take measures to mitigate the potential consequences of the occurrence of the risk (for example, create embankments to prevent the spread of oil spills).

4. To insure against the occurrence of risks.

5. Develop measures to combat the emerging risk (for example, contact the fire department).

6. Accept risk.

The critical chain approach takes a simplified approach to risk management, as risks are only understood as specific causes of variability. With regard to common causes, the CCPM proposes special, effective and sufficient measures to combat their effect on the schedule, costs, and also - to some extent - on the content of the project. The project quality management process is also in its own way a risk management method that protects the content of the project.

In describing risk management, neither the RMVOC, nor its related publications, nor many other authors on management, distinguish between general and specific causes of variability. As we mentioned in section 2.5, Deming, the father of TQM, called this a fatal error.

10.1. What is risk management in a project

Risks have two characteristics - the likelihood of an event occurring and its impact on the project. The severity of the risk can be assessed simply by multiplying these two parameters.

There are the following types of risks:

The risk of incorrectly defining the scope of the project: fraught with customer dissatisfaction. Examples: the client's needs are not clear; the boundaries of the content are not fully understood (that is, what tasks the project is designed to solve); the initial assumptions and assumptions made during planning did not come true.

Business risks: can affect the value of the project for the business as a whole. Examples: financial risks, threat to the company's reputation.

Risks associated with technical difficulties in the implementation of the project assignment: accompany the development or use of new rare technologies. Examples: An unexpected side effect found in the development of a new drug.

The risk of unforeseen expenses: under their influence, you have to spend more than a third of the provided buffer on unforeseen expenses.

Risks of non-compliance with the schedule: under their influence on the execution of work, the entire buffer is spent on path merging or more than a third of the project buffer.

Occupational Health and Safety Risks: A potential hazard to the health and safety of the public or the project team exceeding the standard acceptable level.

Risks associated with negative impact on environment: some natural environmental factors that can affect the observance of the basic conditions for the successful implementation of the project (content, time, money).

Risks associated with legislative framework in the state: a change in certain standards set from the outside, for example, new requirements for the safety of goods, a requirement to obtain a new permit document, or a delay in updating an existing one permitting document that may affect compliance with the basic conditions for the successful implementation of the project.

10.2. Risk management process

In fig. 10.1 presents a diagram of the risk management process. First, you need to determine what risks you may face in the implementation of the project.

Risks can be assessed in terms of both quality and quantity. Quantification techniques include Failure Mode and Consequence Analysis, Monte Carlo Method, Design Simulation, PERT, Probable Safety Assessment, and Risk Tree. For risks that can be described numerically (for example, when it comes to costs or the number of days in the schedule), the consequences of their occurrence can be expressed by multiplying the “cost” of the risk by the probability. For example, if the probability of a budget overrun by $ 100,000 is 50%, then the risk is "worth" $ 50,000. Such calculations can give a relative idea of the risk rank, but the figure itself is needed only if you intend to insure the risk. Because if nothing happens, then you will not spend anything, and if it does, you will lose all $ 100,000, but not $ 50,000.

I prefer qualitative analysis and distribution of risks by ranks more. Because there is usually not enough data to make a reliable quantification. At the same time, the derivation of some numbers nevertheless gives a feeling of false reliability of the analysis.

10.2.1. RISK MATRIX

Tab. 10.1 presents the basic matrix used in risk management. It contains a list of risks, the result of the assessment, actions to monitor, prevent or mitigate the consequences of the occurrence of risks. Populating the table is just an example. Your projects may have their own characteristics and risks. However, I strongly recommend grouping risks of the same type so that the final list is of a reasonable size - no more than 10-12 points. More precisely, the number of risks must be estimated based on the scale of your project and the conditions for its implementation. The list of risks for projects worth less than several million dollars and lasting up to a year should not exceed 10 points. If it seems to you that according to your - relatively small - project, the most probable and tangible risks alone are much more than 10, you should think about whether it is necessary to undertake such a project at all.

In the second column of the table. 10.1 describes the risks. To begin with, you can list all the situations that come to mind for you and your colleagues, and then group them for further analysis. Risks can be classified according to their likelihood and importance (next two columns). For example, you have one weather-related event with high impact and one low impact on your list. Why should you separate them? Because there must be different responses to them.

David Hilson suggested a very convenient format for recording risks: “As a result< причина >may come< consequence>, which will lead to certain consequences ”. The use of this formulation is demonstrated in table. 10.1: The causes are written in bold, their effects are in italics, and the final consequences are in standard form.

Columns 3, 4, 5 give the relative quantitative characteristics of the risks. Risk is interesting to us for its probability and consequences. At the bottom of the table, the accepted designations are interpreted and one of the options for categorizing risks by probability and by consequences for the project is also indicated. With this method of assessment, you can assign a risk to a rank from 1 to 9. Note: Probability refers to the likelihood of the risk occurring during the project. The maximum degree of probability here is 50%. If you are more than 50% sure of the inevitability of an event, it must be taken into account when drawing up a project plan. That is, all risks with a probability of more than 50% should be considered as initial assumptions already when creating a baseline work plan. The consequences of such risks will be offset by a project buffer and, if necessary, a contingency buffer.

There may be other types of risks in your table, such as those related to health and safety or public reactions. Additional Information for qualitative and quantitative risk analysis is given in section 10.3.

The sixth column lists the parameters to be monitored continuously. It is necessary to regularly assess the situation: it may be time to re-evaluate the risk rating or activate a contingency plan in case of unforeseen situations. Of course, you should, as far as possible, establish in advance what exactly should serve as an alarming symptom for you.

Columns 7 and 8 are the most important. This is a list of actions to prevent or reduce the consequences of the onset of risks. Actions can affect both likelihood and consequences. For example, a system to prevent the spread of an oil leak reduces the level of consequences, not the likelihood of a leak. A double-walled tank is a measure to reduce the likelihood of leakage. Risk prevention activities should be part of your project management plan. You may also need to plan for mitigation actions, such as training or urgent procurement of components from another supplier.

10.2.2. RISK ASSESSMENT

AS PART OF THE PROJECT MANAGEMENT PROCESS

What matters is not the risk assessment itself, but how you use it. Of course, if you just list the risks, you can then say: "I told you!" But then the question arises, why did you do nothing yourself? Risk analysis will make sense only when you take any action based on the results of this analysis. This could be:

Preventing or reducing the likelihood of a risk occurrence (for example, dividing the project into phases or more thoroughly analyzing ambiguities in order to improve the accuracy of estimates and forecasts);

Transfer of risk (for example, you can give part of the work to subcontractors);

Monitoring the situation to identify an increase in the likelihood of a risk occurrence (for example, to identify the symptoms of an undesirable event and control their occurrence);

Prevention of the consequences of the risk, if it does occur;

Risk insurance;

Reducing the consequences of the risk, if it does occur.

You can use various combinations of these actions - for example, in accordance with table. 10.2.

10.3. Risk identification

10.3.1. RISK REGISTER

There are different ways to identify risks. One way is to consider all the assumptions and assumptions that were used to estimate the duration or cost of the work. Potentially, any of these assumptions may fail - this is a risk. You can use checklists. An example of such a list can be found in Appendix A of Max Weidmann's work. Someone resorts to the help of special computer programs... Another way that I usually use is just to get the whole project team together and make a list of risks.

by the method of brainstorming. You can remember what problems arose on similar projects earlier. Usually, there is no problem with creating a list of risks. However, no one knows how to look into the future, so the risk register will never be complete. You can fantasize endlessly, there is not much sense in this. You need a list of the types of risks that are most likely for your particular project.

10.3.1.1. Project assumptions

Many of the assumptions you make can turn into risks if things don't turn out in life as you intended. For example, suppose you assumed that an inspection would likely take 60 days, or 30 days in the average. If, in fact, it lasts more than two-thirds of the project buffer, there is a risk that threatens the success of the project. Based on this experience, on another project involving the same inspection body, you will already be prepared for the fact that the inspection may be delayed.

At the same time, too many assumptions should be avoided. Rely on common sense in formulating assumptions and associated risks.

10.3.1.2. Checklists

Checklists help you determine if you are missing something important. However, they have two disadvantages:

1) pre-developed checklists may contain seemingly significant and significant risks that are actually not significant for your project;

2) focusing on checklists instills a false sense of confidence that you have considered and planned everything, and limits your thinking.

Again, rely on common sense.

10.3.1.3. Thinking critically about the plan

Your plan needs to be reviewed critical glance and think about what might go wrong at key stages. This is a help in compiling a list of risks. At the stage of risk identification, boldly write down everything that comes to mind. In the future, you will group the same type of risks.

10.3.1.4. Risk grouping

If the list is too long, you should first combine similar items and only then begin to develop a response. Your task is to get a manageable amount of probable risks. As the list becomes more detailed, the accuracy of your predictions will not increase. Indeed, in fact, the number of potential risks is infinite. You can never list them all. It is much more important to take into account the most significant of the threats and establish a system for monitoring and responding to the events that have occurred. It is impossible to concentrate when there are too many details, as it is impossible to plan adequate responses to everything. It is necessary to reduce the list to at least a couple of dozen items. And when the project is not the largest (that is, with a budget of less than $ 10 million and a duration of 1-2 years), the list should consist of no more than 10 items. Otherwise, it is probably better not to start such a project.

10.3.2. RISK CLASSIFICATION BY PROBABILITY

In order to find the right responses to a risk, it is necessary to assess the likelihood of its occurrence during the project. There is no point in wasting resources to protect against events that are unlikely to happen. At the same time, it is necessary to take measures to prevent the onset of risks, the likelihood of which is high, and prepare a response plan for situations, although unlikely, but fraught with serious consequences for the project.

Peter Bernstein notes: "The essence of risk management is to expand the areas under our control and to narrow the areas where the logic of events is not known to us and does not lend itself to our influence." He goes on to say that insurance is only available where the law of large numbers is in effect (see the fourth item on the list below). That is where probability theory works for the insurer. In this case, it follows from the very definition of risk that we are dealing with an unlikely event.

Our ability to assess probabilities does not stand up to scrutiny. When assessing the likelihood of an event, people most often fall into a network of logical biases and errors. As studies show, at the same time, we, unfortunately, hold an unjustifiably high opinion about our own knowledge and abilities. Here is a list of the most common misconceptions and mistakes so you can be aware of them. How to overcome them is a topic for a separate discussion.

Failure to understand the rules for combining probabilities. The probability of the occurrence of two independent events follows from the probabilities of the occurrence of each of the events. Since these values are always less than one, the cumulative probability of the occurrence of two events will be invariably less than the probability of each of them separately.

Ignoring baseline probability. This refers to the inability to take into account the distribution of the sample. Let's imagine that from a box with beads, in which 90% of the beads are white, we pulled out one bead. The probability that in twilight lighting we correctly guess the color of the bead is 50%. The one who pulled the bead says: "It is black." What is the likelihood that she is really black? Almost everyone answers - 50%. The correct answer is only 5%.

Existing experience. Often we are biased in assessing the likelihood of an event based on recent experience or popular opinion.

Ignorance of the law of large numbers. Based on a small number of cases, people habitually draw conclusions about the entire array of elements. It is not taken into account that the variability in a small sample is much greater than in a large sample.

Substitution of the base. People mistake "most typical" for "most likely." For example, a description of a person contains characteristics that make people associate with a school teacher. People are asked to choose one option in response to the question “Who would it most likely be - a school teacher? An employee of the institution? " In response, we get that, most likely, this is a teacher. However, school teachers also fall into the category of “employees of the institution”. Therefore, it is much more likely that the described "employee of the institution" than specifically the teacher.

Fixation. People tend to stick to the position once expressed (their own or someone else's), especially when it comes to numbers. That's why the influence is so strong public opinion... If you need independent appraisal, do not ask the person to look at and evaluate someone else's result, because then he will concentrate only on this someone else's result, fix on it.

Search for confirmations. After expressing their opinion, people tend to look for examples that confirm its correctness. Unfortunately, examples like this are not scientific evidence. You need to look not for confirmation, but for the refutation of your hypotheses. This type errors are often observed during testing. This makes the tests completely useless. The right thing to do when testing is to try to disprove, not prove.

Based on these points, you can critically evaluate your list of risks and their ranking by likelihood and impact.

Ask yourself if you have made any of these mistakes.

10.3.2.1. High probability (3)

Events with a probability higher than 50% should not be included in the risk register.

Of course, such risks also need to be considered - but as assumptions when creating a project baseline. A high probability is a probability between 50% and a moderate probability (5-15%).

10.3.2.2. Average probability (2)

In a simplified form, the average is a probability that is less than high, but more than low. These are events that can actually happen, although in a bet you would not fight for it (or rather, you would only if the rates are really attractive).

10.3.2.3. Low probability

Unlikely risks are events that most likely will not happen during the implementation of your project. The probability of their occurrence is less than 5%. This, of course, includes situations, the probability of which is practically zero (1% and lower). The unlikely risks should be taken into account in the design of the project result, if necessary (for example, the product should be resistant to earthquakes and adverse weather conditions). However, this has nothing to do with the risk assessment of the project itself. An exception may be insurance against natural disasters (hurricanes, floods) of the results of construction projects.

10.3.3. RISK CLASSIFICATION BY CONSEQUENCES

When describing a risk, we multiply the probability of its occurrence by the degree of its impact on the project. Therefore, it is necessary to assess the consequences of the risks - in terms of meeting the schedule, adhering to the budget or the projected return on investment. The CCPM offers a unique classification of risks based on their impact on the project buffer and the contingency buffer. Buffer size is an indicator of the likelihood of risks posed by common causes of variability. Therefore, it provides a reasonable basis for measuring such variability.

10.3.3.1. High Impact (3)

A high risk exposure to a project implies consequences such as exceeding the project or contingency buffer, and low client or project team satisfaction with the outcome of the project.

10.3.3.2. Medium Impact (2)

The medium impact has a risk that the consequences of which will cause the loss of one to two thirds of the design buffer or one third to the full size of the path merge buffers.

10.3.3.3. Low Impact (1)

The consequences of such risks will reduce buffers by no more than one third and will not cause client or team dissatisfaction.

10.4. Risk management planning

10.4.1. RISK MONITORING

You need to plan activities to track the status of those risks that you have left in your project's risk register. This means that the list should be reviewed at least regularly at project meetings (that is, once a week or a month). It should be checked whether there is a recurrence of symptoms of already existing risks or whether a new risk is expected to occur. Sometimes it is necessary to establish a more formal process for monitoring the risk situation.

10.4.2. PREVENTIVE MEASURES

The measures you have developed to prevent the occurrence of risks are included in the project plan. Then, as part of the project evaluation and monitoring process, it should be verified that these measures are being implemented.

10.4.3. RESPONSE

Response measures (that is, mitigating the consequences of realizing risks) should also be part of your project plan. The verification of the readiness of these measures should be carried out as part of the project evaluation and monitoring process (for example, fire safety inspections, drills). Such routine checks do not need to be included in the project plan.

10.5. Outcomes

Risk management addresses variability due to specific causes and includes monitoring, preventing, mitigating or insuring risk. In this chapter, we have covered the following key ideas:

The CCPM simplifies the risk management process by removing the need - as part of the process - to tackle common causes of variability. Risk management in CCPM targets only specific causes of variability.

The risk management process should be incorporated into the project management plan. The scope of this process should be commensurate with the scale and level of riskiness of the project.

It is necessary to define a list of risks, assess their likelihood and impact on the project.

The project buffer in the CCPM project plan helps assess the impact of risk on the entire project.

The project team determines the strategy for responding to risks, such as prevention, reduction, insurance, tracking, ignoring.

LITERATURE

1. PMI, A Guide to the Project Management Body of Knowledge, Newton Square, PA: PMI, 2000 projects, 2004. - 2000 edition; Guide to the body of knowledge on project management. - Project Management Institute, 2004. - 2004 edition).

2. Wideman, R. Max, Project and Program Risk Management, A Guide to Managing Project Risk and Opportunities, Newtown Square, PA: PMI, 1992.

3. Meredith, Jack R. and Samuel J. Mantel, Project Management, A Managerial Approach, New York: John Wiley and Sons, 1985, p. 68-71.

4. Wysocki, Robert K., Robert Beck Jr., and Daid B. Crane, Effective Project Management, New York: John Wiley & Sons, 1995.

5. Deming, W. Edwards, The New Economics, Cambridge, MA: MIT Press, 1993 (in Russian translation: Deming W. Edwards. New Economics. - M .: Eksmo, 2006).

6. Hilson, David. “When Is a Risk Not a Risk: Part 2,” on the website http: //www.risk-doctor... com / pdf-briefings / risk-doctor07e.pdf (material for the book was taken from the site on June 22, 2004).

7. Risk Trak, Risk Services & Technology, Amherst, NH, 03031.

8. Bernstein, Peter L., Against the Gods, The Remarkable Story of Risk, New York: John Wiley and Sons, 1996.

9. Kahneman, Daniel, Paul Slovic, and Amos Tversky, Judgment under Uncertainty: Heuristics and Biases, Cambridge: Cambridge University Press, 1982.

10. Belsky, Gary, and Thomas Gilovich, Why Smart People Make Big Money Mistakes, and How to Correct Them, New York: Simon & Schuster, 1999.

11. Russo, J. Edward, and Paul J.H. Schoemaker, Decision Traps, The Ten Barriers to Brilliant Decision Making, and How to Overcome Them, New York: Simon & Schuster, 1989.

This text is an introductory fragment.

From the book Project Management for Dummies the author Portney Stanley I.

Identifying and Managing Risks Risk is the likelihood that you will not achieve results, disrupt work schedules, or overspend due to unexpected and unplanned difficulties. Since the future cannot be fully foreseen, risk is present in all

From the book Risk management of the organization the author Ermasova Natalia B.

Project Risk Management Identifying project risks is just the first step to getting them under control. Then you need to develop appropriate plans to limit their

Risks are caused by the uncertainties that exist in each project. Risks can be “known” - those that are identified, assessed, for which planning is possible. “Unknown” risks are those that are not identified and cannot be predicted. Although the specific risks and conditions for their occurrence are not defined, project managers know from past experience that most of the risks can be foreseen.

Implementing projects with a high degree of uncertainty in elements such as goals and technologies for achieving them, many companies pay attention to the development and application corporate practices risk management. These methods take into account both the specifics of projects and corporate management methods.

The American Project Management Institute (PMI), which develops and publishes standards in the field of project management, has significantly revised the sections governing risk management procedures. IN new version The PMBOK (expected to be adopted in 2000) describes six risk management procedures. In this article, we suggest short review risk management procedures (no comment).

Management of risks- these are processes associated with the identification, analysis of risks and decision-making, which include maximizing the positive and minimizing the negative consequences of the occurrence of risk events.

The project risk management process typically includes the following procedures:

- selection of approaches and planning of project risk management activities.
Risk identification- identifying risks that could affect the project and documenting their characteristics.
Qualitative risk assessment- a qualitative analysis of risks and the conditions for their occurrence in order to determine their impact on the success of the project.
Quantification- quantitative analysis of the likelihood and impact of the consequences of risks on the project.
- determination of procedures and methods to mitigate the negative consequences of risk events and use the potential benefits.
Monitoring and control of risks- risk monitoring, identification of remaining risks, implementation of the project risk management plan and assessment of the effectiveness of actions to minimize risks.

All of these procedures interact with each other as well as with other procedures. Each procedure is performed at least once in every project. Although the procedures presented here are considered discrete elements with well-defined characteristics, in practice they may overlap and interact.

Risk management planning

Risk management planning- the process of making decisions on the application and planning of risk management for a specific project. This process may include organizational decisions, staffing of project risk management procedures, selection of preferred methodology, data sources for risk identification, time frame for situation analysis. It is important to plan risk management appropriate to both the level and type of risk and the importance of the project to the organization.

Risk identification

Risk identification identifies which risks are likely to affect the project and documents the characteristics of these risks. Risk identification will not be effective if it is not carried out regularly throughout the project.

Risk identification should involve as many participants as possible: project managers, customers, users, independent specialists.

Risk identification is an iterative process. Initially, risk identification can be done by a part of the project managers or by a group of risk analysts. Further identification can be handled by the core group of project managers. Independent specialists can participate in the final stage of the process to form an objective assessment. A possible response can be determined during the risk identification process.

Qualitative risk assessment

Qualitative risk assessment- presentation process qualitative analysis identification of risks and identification of risks requiring a quick response. This risk assessment determines the severity of the risk and chooses a response. The availability of accompanying information makes it easier to prioritize different categories risks.

Qualitative risk assessment is an assessment of the conditions for the occurrence of risks and determination of their impact on the project using standard methods and means. Using these tools helps to partially avoid the uncertainties that often occur in a project. During life cycle of the project, there must be a constant reassessment of risks.

Quantitative risk assessment

Quantitative risk assessment determines the likelihood of risks and the impact of the consequences of risks on the project, which helps the project management team to make correct decisions and avoid uncertainties.

A quantitative risk assessment allows you to determine:

the likelihood of achieving the ultimate goal of the project;
the degree of risk impact on the project and the amount of unforeseen costs and materials that may be needed;
risks requiring an early response and more attention, as well as the impact of their consequences on the project;
actual costs, estimated completion dates.

A quantitative risk assessment often accompanies a qualitative assessment and also requires a risk identification process. Quantitative and quantitative risk assessment can be used separately or together, depending on the available time and budget, the need for quantitative or qualitative risk assessment.

Risk response planning

Risk response planning is the development of methods and technologies to reduce the negative impact of risks on a project.

Takes responsibility for the effectiveness of protecting the project from exposure to risks. Planning involves identifying and categorizing each risk. The effectiveness of the response design will directly determine whether the impact of the risk on the project will be positive or negative.

The response planning strategy should be appropriate for the types of risks, ROI and timing. The issues discussed during the meetings should be adequate to the tasks at each stage of the project, and agreed with all members of the project management team. Typically, several options for risk response strategies are required.

Monitoring and control

Monitoring and control monitor the identification of risks, determine the residual risks, ensure the implementation of the risk plan and evaluate its effectiveness in view of the risk reduction. Risk indicators associated with the implementation of the conditions for the fulfillment of the plan are recorded. Monitoring and control accompanies the process of project implementation.

High-quality project control provides information to help make effective decisions to prevent risks. To provide complete information The implementation of the project requires interaction between all project managers.

The purpose of monitoring and control is to find out if:

The risk response system was implemented in accordance with the plan.
The response is effective enough or changes are needed.
The risks have changed from the previous value.
The onset of the influence of risks.
The necessary measures have been taken.
The exposure to the risks was planned or an accidental result.

Control can entail choosing alternative strategies, making adjustments, redesigning the project to achieve the baseline. There should be constant interaction between project managers and the risk group, all changes and phenomena should be recorded. Project progress reports should be generated regularly.

Project risks A project risk is an uncertain event or condition that, if it occurs, will have a positive or negative effect on at least one of the target parameters of the project (time, cost, content, quality). A risk can have one or more causes and, if it occurs, one or more consequences. 2

Business risk is a normal risk associated with entrepreneurial activity After burning, it implies a variety of potential for profit and loss.Net risk (subject to insurance) is: the risk that implies the possibility or probability of loss without any possibility of making a profit risk that needs to be prioritized risk that can be transferred to another party by: conclusion of a contract, issuance of a guarantee, insurance. Main types of risk 4

Project risk management is a systematic process of identifying, analyzing and responding to project risks; it includes processes that are related to: Conducting risk management planning Identity Analysis Response Monitoring and control on the project Objectives: To increase the likelihood and enhance the consequences of positive incidents Reduce the likelihood and mitigate the consequences of adverse incidents Project risk management 5

Risk management planning is the process that defines the approach, planning and implementation of risk management activities for a project: Planning risk management processes is important to: Ensure that the level, type, activity and visibility of risk management are comparable to both the risk itself and with the significance of the design organization; provide sufficient resources and time for project management operations; create a consistent framework for risk assessment; identify and approve methods and stakeholder statements regarding risks; create a risk management plan. Risk Management Planning 7

Risk identification is the process of determining which risks may affect a project and documenting their characteristics; for what it is necessary: to identify the risk that affects the project; indicate internal and external sources of risk; disclose the causes and consequences of the risk; involve relevant specialists in participation, stakeholders and external experts; classify risks into a specific category: project management risks, organizational risks, external risks Risk Identification Process Output - Risk Register Risk Identification 8

Conducting a qualitative risk analysis is the process of assessing and assessing the likelihood of occurrence of identified risks, as well as prioritizing risks in accordance with their potential impact on project objectives; for this it is necessary: to assess the likelihood of occurrence or non-occurrence of each identified risk; to determine the consequences of each risk event about what amount is in question, whether what can be lost; prioritize risks based on their likelihood / consequences; identify risks that can be managed (that can be mitigated). Conducting Qualitative Risk Analysis 11

Risk assessment Assessment factors include: Precedent (Has this risk occurred before?) Knowledge of the operation (Have you ever done this kind of work before?) Resources and skills Time, cost and quality Probability (How likely is the risk to occur?) Impact (What is its impact on the project or business?) 13

Measurement of probability Probability Value Low Schedule failure, cost increase, or potential deterioration in performance is unlikely Moderate Delay in schedule, cost increase, or deterioration in potential results possible High Schedule failure, cost increase, or potential deterioration in results is highly probable 15

1. Prioritize risks to decide if risk cases deserve your attention 2. Prioritize identified risks only after conducting a qualitative analysis 3. Identify top 10 risks Develop mitigation measures for each of them 4. Regularly review and assess top 10 risks 5 . Include Top 10 Risks on the Agenda of Regular Project Meetings Risk Prioritization 20

Rank the analyzed risk cases in order of importance - from high to low Use quantitative systematization tools whenever possible; otherwise, use a qualitative analysis Specify risk cases of similar severity separately Prioritize risk incidents with the whole team Do not plan response strategies as part of this process A practical approach to risk prioritization 21

Quantitative risk analysis is the process of numerically analyzing the likelihood of each risk and their implications for project objectives, as well as numerically analyzing the overall project risk; To do this, it is necessary to: calculate the severity of the risk (exposure to risk) based on the likelihood of the risk and its impact, which were determined at the stage of the qualitative risk analysis; prioritize numerically assessed risks; make a list of risks in descending order of their severity; identify risks that can be managed (that can be mitigated). Performing quantitative risk analysis 22

The main tools and methods for identifying risks include: Collecting data and methods of presenting them Polling - used to numerically analyze the likelihood and impact of risks on project goals Probability distribution - used to represent uncertainty in values (continuous quantities) or uncertain events (discrete quantities) Expert assessments- involve experts, both internal and external, to evaluate the data and methods obtained Quantitative analysis tools and methods 23

Quantitative analysis tools and techniques Perform quantitative risk analysis and modeling method Sensitivity analysis - helps determine which risks have the greatest potential impact on the project Expected cash value analysis is a statistical approach that calculates the average outcome based on future scenarios that may or may not happen Analysis decision tree - usually structurally represented as a branching decision diagram that describes the situation under consideration and the consequences that all possible choices may have Modeling - translates uncertainties given at the detailed project level into potential impact on project objectives 24

Risk Response Planning is the process of developing options and actions to empower and reduce threats to the project's objectives; for this it is necessary: to identify the risks and their description, the area of the project they affect, the causes of the risks and their possible impact on the goals of the project; determine who owns certain risks and bears responsibility for them; use the results of the qualitative and quantitative risk analysis processes; develop agreed response strategies for each risk in terms of risks; take specific actions to implement the selected response strategies; assess the level of expected residual risk after the strategy is implemented; determine the budget or time for response; assess potential losses and contingency plans. Known Risk Response Plan 26

1. Create a list of risks in terms of their priority for the risk analysis stage. 2. Think over the classes of risks so as not to spend unnecessary efforts. 3. Develop different response alternatives: evaluate alternatives and select the most appropriate alternative for each risk and risk class; include selected alternatives in the risk management plan, other project plans and WBS. 4. Report decisions taken relevant stakeholders. Risk reduction strategy (practical approach) 29

Avoid - Avoiding risk involves changing the project management plan to address a threat that comes from an unfavorable risk, isolating project objectives from the impact of the risk, or reducing a goal that is under threat Transfer - Risk transfer requires a transfer negative impact threats and the need to respond to third parties Reduce - risk reduction involves reducing the likelihood and / or impact of a negative risk event to an acceptable threshold Strategies for responding to negative risks and threats 30

Strategies for responding to unforeseen circumstances Plan for potential losses in case of risks: prepare an action plan in case of a risk occurrence Funds for possible losses or Risk reserve - The amount of money or time, in excess of planned, necessary to reduce the risk of exceeding the target parameters of the project to an acceptable level for the organization (the most typical adoption strategy) 33

Monitoring and risk management - the process of tracking identified risks, monitoring residual risks, identifying new risks, implementing risk response plans and assessing their effectiveness throughout the entire life cycle of the project, including: conducting control examinations by external specialists; identification of new risks that may arise as a result of changes; implementation of a plan to respond to risks in the event of their occurrence. Monitoring and risk management 34

Make sure risk management is really happening! Involve the team and stakeholders in the process, don't do it yourself. Incorporate risk management into project management planning processes. Choose the right risk management strategies (eg containment or back-up) for each risk case. Monitor and manage risks on a regular basis. Reevaluate the risk after each risky event to measure the likelihood, consequences and new incidents. Communicate risks to stakeholders appropriately. Ensure that the risk management plan is being followed Role of the project manager in risk management 35

Risk management is essential to project success Use risk management to maximize positive outcomes and minimize negative impacts Document risk management standards and procedures and revise them regularly with the project team Key messages 36

Key messages in this section Take steps to assess and control each element of risk Formally assess the outcome of each action Risk includes both the potential for profit and the potential for loss Risk management is an iterative process that occurs throughout the life of a project 37

The main and main reason why project risks arise is the uncertainty that accompanies each project. Some project risks may be known, these are those risks that have been identified, assessed and for which it is possible to develop a plan to manage these risks. But there are unknown project risks - these are risks that are not identified and cannot be assessed in this moment... Although the specific risks and the conditions for their occurrence are often not identified, experienced project managers know that a fairly large part of the risks can be foreseen.

Implementing projects with a high degree of uncertainty in areas such as goals and technologies to achieve them, many companies pay attention to the development and application of corporate project risk management methods. These methods take into account both the specifics of projects and the specifics of corporate management methods.

The American Project Management Institute (PMI), which develops and publishes standards in the field of project management, has significantly revised the sections governing risk management procedures. The new version of PMBoK (expected to be adopted in 2000) describes six risk management procedures. In this article, we will take a quick look at the risk management procedures.

Project Risk Management- these are processes associated with the identification, analysis of risks and decision-making, which include maximizing the positive and minimizing the negative consequences of the occurrence of risk events. The project risk management process typically includes the following procedures:

Risk management planning- selection of approaches and planning of project risk management activities.
Risk identification- identifying risks that could affect the project and documenting their characteristics.
- a qualitative analysis of risks and the conditions for their occurrence in order to determine their impact on the success of the project.
Quantification- quantitative analysis of the likelihood and impact of the consequences of risks on the project.
Risk response planning- determination of procedures and methods to mitigate the negative consequences of risk events and use the potential benefits.
Monitoring and control of risks- risk monitoring, identification of remaining risks, implementation of the project risk management plan and assessment of the effectiveness of actions to minimize risks.

Risk management planning

Risk management planning- the process of making decisions on the application and planning of risk management for a specific project. This process may include organizational decisions, staffing of project risk management procedures, selection of preferred methodology, data sources for risk identification, time frame for situation analysis. It is important to plan risk management appropriate to both the level and type of risk and the importance of the project to the organization.

Identification of project risks

Identification of project risks determines what risks can affect the project. It also documents the parameters of these risks. Risk identification will be ineffective if it is not done regularly. The most important condition successful work with risks is their constant identification, otherwise, the project manager runs the risk of missing important risks, which, in turn, can lead to the collapse of the entire project.

That is why the project manager, in order to identify the risks of the project, should involve as many participants as possible: the project team, customers, users, independent experts.

Qualitative assessment of project risks

- the process of qualitative analysis of identified risks and identification of risks requiring special attention or rapid response. A qualitative risk assessment determines the degree of importance of the risk and chooses a response method. The availability of accompanying information makes it easier to prioritize different risk categories.

A qualitative risk assessment helps to identify the conditions under which individual project risks arise, as well as to assess the degree of risk impact on the project. Using this method helps to partially avoid the ambiguities that often occur in a project. Project risks need to be reassessed throughout the entire project lifecycle.

Figure 1 - Qualitative risk assessment

Quantitative assessment of project risks

A quantitative risk assessment is necessary to determine the likelihood of risks occurring, as well as the impact of the consequences of risks on the project. This process is very important because helps the project management team make the right decisions and avoid ambiguities.

A quantitative assessment of project risks allows you to determine:

The likelihood of the project being successful;
The impact of risk on the project and the amount of additional costs that are required to work with risks;
Critical project risks requiring an urgent response from the project team;
Additional costs of the entire project associated with work with risks, as well as a forecast of the timing of the completion of the project.

A quantitative risk assessment usually accompanies a qualitative risk assessment; moreover, both of these processes, for their effective use, require a risk identification process.

Quantitative and quantitative risk assessment can be used separately or together, it all depends on the experience of the project management team, the available budget and time.

Fig. 2 - Quantitative risk assessment

Project Risk Response Planning

Risk response planning is finding and developing ways to reduce or increase the impact of risks on a project. Those project risks that negatively affect the project, the project team strives to reduce to zero, and the project risks that positively affect the project result, the team strives to bring closer and increase.

Project risk response planning involves identifying and ranking each risk by category. The effectiveness of this process determines to what extent the consequences of exposure to risks on the project will be positive or negative.

The response planning strategy should be appropriate to the types of risks, resource availability and time costs. Usually, for each of the important risks, several variants of strategies for responding to project risks are developed.

Monitoring and control of project risks

Monitoring and control - determine the residual risks of the project, ensure the implementation of the risk plan and assess its effectiveness, taking into account the risk reduction. Risk indicators associated with the implementation of the conditions for the fulfillment of the plan are recorded. Project risk monitoring and control should be carried out throughout the project.

A well-established process of monitoring and controlling project risks helps to make effective decisions to prevent the emergence of new risks. The project manager must always remember that effective risk monitoring requires interaction between all project participants.

The purpose of monitoring and control is:

How well the project risk response is applied;
Identification of changes in risks compared to the previous period;
Revealing the onset of risks;
Confidence that all necessary risk response measures have been taken;
The exposure to the risks was planned or an accidental result.

Figure 3 - Monitoring and control

Monitoring and control can entail the development of alternative strategies, the adoption of adjustments, or rescheduling of the entire project for the successful implementation of the project.

Andrius Kutis

Keywords: PROJECT MANAGEMENT; RISK; LIFE CYCLE OF THE PROJECT; MECHANISMS OF IMPACT; POSSIBLE RISKS; METHODOLOGY; PROJECT MANAGEMENT; RISK; PROJECT LIFE CYCLE; MECHANISMS OF ACTION; THE POTENTIAL RISKS; THE METHODOLOGY.

Annotation: The article describes possible risks in project management, recommendations are given when planning a project in order to identify all possible risks.

Today, when it comes to project management, it is unwittingly associated with the topic of possible risks. Every project, new or old, has its own life cycle. Thus, a project is born with planning, which is aimed at determining and agreeing on the best way of action to achieve the goals of the project, taking into account all the factors of its implementation. The planning process does not end with the development and approval of an initial project plan. So, for example, there can often be changes in the course of a project. Changes most often occur within the project, but they also tend to be in the external environment. As a result, the project is often rescheduled or the plans of the project being implemented are clarified, from this we can conclude that the planning process can exist throughout the entire life cycle of the project.

The project management methodology includes procedures, methods and tools for implementing the processes of initiation, planning, organization of execution, control of execution and completion of the project. Project initiation is a project management process, the result of which is the authorization of the start of a project or the next phase of its life cycle.

To achieve the goals of the project, you need to create special structures that will include: the project team and the project management team. In many ways, the success of the entire project will depend on the effectiveness of such structures.

It is worth noting about the possible risks that may be present along the path of the entire project life cycle. As defined by the American PMBOK Project Management Standard (2004), a project risk is an uncertain event or condition that, if it occurs, has a positive or negative impact on at least one of the project objectives, for example, timing, cost, content or quality. The risk can not only have negative consequences, but also positive ones, leading to an improvement in the quantitative and qualitative indicators of the characteristics of the final goals of the project being implemented. If we consider risk as an integral part in the life cycle of a project, then an analysis of possible project risks... Analyzes of project risks are ranked into qualitative and quantitative.

Qualitative risk assessment is a qualitative analysis process that requires a quick response. This risk assessment can determine the importance of the risk and how to respond to that risk. The availability of information on these risks will help prioritize different criteria and risk categories. Using these tools helps to partially avoid the uncertainties that often occur in a project. During the life cycle of a project, there must be an ongoing reassessment of risks.

A quantitative risk assessment determines the likelihood of risks occurring. It also helps the manager or his group led by him to make the right decisions - the impact of the consequences of risks on the project. Risk assessments such as quantitative and qualitative can be used separately or together. Depends on available budget, time and need for such risk assessments.

A section should be highlighted in the project plan for the results of the risk analysis, which will include a description of the risks, mechanisms of influence, measures to protect against anticipated risks. Risk factors mean events that can occur and have a deviating effect on the implementation of the intended project plan, or any conditions that cause uncertainty about the final result of the situation. Also, some of the events that were indicated could be foreseen, while others were impossible to predict. If we talk about risk analysis, then it is carried out from the point of view of: causes of occurrence, possible negative consequences, the forecast of specific measures to minimize the risk. The main results of a qualitative risk analysis are: identification of specific project risks and their causes; analysis and cost equivalent of hypothetical consequences of the possible realization of the noted risks; proposal of measures to minimize damage and their cost estimate. The risk associated with projects is characterized by the following factors: the likelihood of risk; risk event; cost, non-cost factors at risk.

Application of the method for constructing a project decision tree. When you have a small number of variables and the smallest number of project development scenarios for risk analysis, you can use this method. The great advantage of this method is its clarity. To build a decision tree in risk analysis, a sequential collection of data is carried out, which includes the following steps: determining the composition and duration of the phases of the project life cycle; identification of key events that may affect the further development of the project; determination of the time of occurrence of key events; formulation of all possible solutions that can be taken as a result of the occurrence of each key event; determining the likelihood of making each decision; determination of the cost of each stage of the project. By building a decision tree, you can understand the likelihood of each scenario.

To maximize the possible risks in the project, you can use the Monte Carlo simulation method. It is a collection of techniques for sensitivity analysis and scenario analysis. The result of this method is the likelihood of possible project outcomes. However, there is difficulty in applying this method due to variables that are incorrectly specified and can lead to inaccurate conclusions.

Speaking about the methods of risk reduction, we can say that all methods that allow minimizing project risks can be divided into three groups.

Risk sharing allows you to rank risks between project participants. This distribution between the project participants is effective way... This distribution of risks between project participants increases the reliability of achieving the result. It is most correct to make someone responsible for a specific type of risk, who can qualitatively control the given risk.

Reserve funds to cover sudden (unplanned) expenses. If the project participants cannot ensure the implementation of the project before the risk event themselves, then it is necessary to carry out risk insurance. Risk insurance - transfer of certain risks to an insurance company.

The effectiveness of methods to reduce all risks is determined using a certain algorithm: considering the risk that is of the greatest importance for the project; the cost overrun of these funds is determined, taking into account the likelihood of an adverse event; determination of cost overruns, taking into account the likelihood of an adverse event; a list of possible measures is determined that are aimed at reducing the likelihood and danger of a risk event; are determined additional expenses for the implementation of the proposed activities; comparison of the required costs for the implementation of the proposed measures with a possible cost overrun due to the occurrence of a risk event; a decision is made on the implementation or refusal of anti-risk measures; the process of compiling the probability and consequences of risk events with the costs of measures to reduce them is repeated for the next most important risk.

A comprehensive study of all kinds of risks at the initial stage of the project using these approaches and methods is undertaken not only in risk analysis. Through such research, conclusions are helpful during the project implementation phase, as the analysis of such project risks should not be limited to facts. In the process of risk management, certain steps are taken, such as: identifying the anticipated risks; analysis and assessment of project risks; selection of risk management choices; application of the selected methods; assessment of the results of risk management. Risk management is carried out at all stages of the project life cycle through monitoring, control and necessary corrective actions by the project manager.

Characterizing the aspects of project risk management methods, it is necessary to highlight a clear focus, which allows not only to highlight risk factors, but also to model the project implementation process. Assess the possible likelihood of one or another of the resulting consequences of an unfavorable situation. Propose measures that would compensate for the risks, select methods, track the actual dynamics of the project, and adjust the direction in order to improve. Also, at the initial stage of planning a project, its inception, it is necessary to apply all methods to the development of such a project. In order to minimize all possible risks that may arise during the implementation phase and after implementation, various measures should be applied to simulate risks (such as brainstorm, system analysis). The goal of project risk management is not only to deepen the analysis of the project, but also to increase the efficiency of decisions. The role of the main executor of all methods and decision-making related to risk management falls on the shoulders of the project manager or the team with his participation.

So, methods of management in conditions of risk (project risks) can be a powerful tool for the effective implementation of the projects themselves at all levels of management.

Bibliography

Burkov V.N., Novikov D.A. How to manage projects. // - M., 2004. - p. 56-57.
Baguli F. Project Management. // -M .: FAIR-PRESS, 2004 .-- S. 155.
Mazur I.I. Project management: textbook. manual for universities "Management org." // I.I. Mazur, V.D. Shapiro, under total. ed. I.I. Mazura. 2nd ed. - M .: Omega-L, 2004.S. 433-434.