Project risks analysis risk management. Types of project risks and risk factors. Quantitative risk analysis

Project risk management includes processes related to risk management planning, identification and analysis, risk response, monitoring and project risk management. Most of these processes will need to be updated during the course of the project. The objectives of project risk management are to increase the likelihood and impact of favorable events and reduce the likelihood of occurrence and impact of unfavorable events for the project. In fig. 11-1 provides an overview of the project risk management processes, and Fig. 11-2 shows a diagram of the dependencies of these processes and their inputs, outputs, and other processes from this knowledge area. Project risk management processes include the following:

11.1 Risk management planning- choice of approach, planning and
execution of project risk management operations.

11.2 Risk identification- determining what risks may affect
for the project, and documenting their characteristics.

11.3 Qualitative risk analysis- location of risks according to their degree
priority for further analysis or processing by evaluation and
summing up the likelihood of their occurrence and impact on the project.

11.4 Quantitative risk analysis- quantitative analysis of potential
the impact of the identified risks on the overall objectives of the project.

11.5 Risk response planning- development of possible
options and actions to enhance favorable
opportunities and mitigation of threats to achieve the goals of the project.

11.6 Monitoring and risk management- tracking
identified risks, monitoring of residual risks,
identification of new risks, execution of risk response plans and
assessment of their effectiveness throughout the life cycle of the project.

These processes interact both with each other and with processes from other areas of knowledge. Depending on the needs of the project, one or more people or groups can participate in each process. Each process takes place at least once during each project, and if the project is divided into phases, then in one or more phases of the project. Although processes are presented in this guide as discrete elements with well-defined interfaces, in practice they can overlap and interact; such overlays and interactions are not described here. Process interactions are discussed in detail in Chapter 3.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

A project risk is an uncertain event or condition that, if it occurs, has a positive or negative impact on at least one of the project objectives, such as timing, cost, content or quality (i.e., depending on the specific project: when the project objective is defined as delivery of results according to a certain schedule or as delivery of results that do not exceed the agreed budget in cost, etc.). The risk can be caused by one or more reasons and, if it does occur, it can influence one or more factors. For example, the reason for the risk may be the need to obtain permission from the local Environmental Protection Committee or the lack of personnel involved in the development of the project. The onset of risk in these cases will be a delay in the issuance of a permit or a shortage of personnel involved in the development of the project. The occurrence of any of these unknown in advance events can affect the cost of the project, its schedule or implementation. Risk conditions can also include aspects of the organization's or project's external environment that increase the risk (for example, poor choice of methods in project management, lack of common management systems, simultaneous execution of several projects, or dependence on external project participants that cannot be controlled).

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition
238 © 2004 Project Management Institute, Four Campus Boulevard, Newtown Square, PA USA

Figure 11-1. General scheme project risk management

Management To Vault knowledge on management projects (ManagementPMBOK® )

Chapter 11 - Project Risk Management

The reason for the risk is the uncertainty that is present in all projects. Known risks are those that have been identified and analyzed. Responding to these risks can be planned using the processes described in this chapter. But for unknown risks, it is impossible to plan a response. In such cases, it is a prudent decision for the project team to set aside a general contingency reserve that will include these unknown risks, as well as any known risks for which it is not cost effective or feasible to develop specific responses.

Organizations consider risks to the extent that they relate to project threats or opportunities that increase the likelihood of a project being successful. Risks that pose a threat to the project can be accepted if the risk is commensurate with the benefit that can be obtained by accepting the risk. For example, accepting a "fast track" schedule (Section 6.5.2.3) that can be violated is a risk taken to end the project earlier. Risks that represent opportunities (for example, speeding up work by bringing in additional staff) can be taken to best achieve project objectives.

The perception of risk by individuals and, on a larger scale, by organizations is driven by their understanding of risk and their response to the occurrence of risk. Where possible, attitudes towards risk should be expressed explicitly. For each project, a consistent approach to risk should be developed to suit the organization's requirements, and information about risk and its management should be open and reliable. Risk responses reflect how an organization understands the balance between risk taking and risk aversion.

To be successful throughout the project, the organization must take proactive and consistent risk management measures.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition
240 © 2004 Project Management Institute, Four Campus Boulevard, Newtown Square, PA USA

Note: Not all process interactions and not all data flows between

processes.

Figure 11-2.Diagramdependenciesprocessesforprocessmanagementrisks

the project

Chapter 11 - Project Risk Management

11.1 Planning management risks

Careful and detailed planning increases the likelihood of successfully achieving the results of the other five risk management processes. Risk management planning is the process of defining the approach and planning of risk management activities for a project. Planning risk management processes helps ensure that the level, type and transparency of risk management is proportionate to both the risk itself and the value of the project to the organization, as well as to allocate sufficient time and resources to carry out risk management operations and to establish a common basis for risk assessment. The risk management planning process should be completed early in the planning phase of a project as it is critical to the success of the other processes described in this chapter.

Figure 11-3. Risk Management Planning: Inputs, Tools and Techniques,

11.1.1 Planning management risks: entrances

The risk attitude and risk tolerance of the organizations and individuals involved in the project influences the project management plan (Section 4.3). Risk attitudes and risk tolerance can be embodied in a statement of basic principles or manifested in specific actions (section 4.1.1.3).

Organizations can have predefined approaches to risk management, such as risk categories, general definitions of concepts and terms, standard templates, role and responsibility schemes, and certain levels of decision-making authority.

.4 Project Management Plan

See section 4.3 for a description.

11.1.2 Plan Risk Management: Tools and Techniques

.1 Planning meetings and review

The project team holds meetings to develop a risk management plan. Meetings may include the project manager, individual project team members and project participants, representatives of the organization responsible for risk planning and response operations, and others as needed.

At such meetings, basic plans for conducting risk management operations are drawn up. Risk cost elements and planned operations are also developed and included in the project budget and schedule, respectively. The distribution of responsibility in the event of a risk is approved. Common templates available in the organization regarding risk categories and definitions of terms (for example, risk levels, probability of occurrence of risks by type, consequences of risks for project goals by type of goal, and a matrix of probability and consequences) are tailored for each specific project, taking into account its specifics. ... The outputs of these operations are summarized in a risk management plan.

11.1.3 Plan Risk Management: Outputs

.1 Risk management plan

The risk management plan contains descriptions of the project's risk management structure and the procedure for its implementation within the project. This plan is included in the project management plan (section 4.3). The risk management plan includes the following elements:

Methodology. Definition of approaches, tools and data sources,
which can be used to manage risks in a given project.

Distribution of roles and responsibilities. List of execution positions,
support and risk management for each type of operation,
included in the risk management plan, the appointment of employees to these
positions and clarification of their responsibilities.

Development of a budget. Resource Allocation and Cost Estimation
activities required to manage risks. This data
included in the baseline at the cost of the project (section 7.2.3.1).

Timing. Determining the timing and frequency of the management process
risks throughout the entire life cycle of the project, and
identification of risk management operations that are necessary
include in the project schedule (section 6.5.3.1).

Risk categories. The structure on the basis of which the
systematic and comprehensive identification of risks with the required
the degree of detail; such a structure helps to increase
the effectiveness and quality of risk identification. The organization can
use the previously developed classification of typical risks.
Such a structure can be developed by composing
hierarchical structure of risks (RIS) (Fig. 11-4), but the same task
can be solved simply by listing the various aspects of the project. IN
the risk identification process, the risk categories can
revised. It is good practice to review categories.
risks during risk management planning before these
the categories will be used in the risk identification process. Before
than to accept the risk classification for use in the current project,
based on previous projects, it will probably need to be clarified,
change or adapt to the specifics of the new project.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

Chapter 11 - Project Risk Management

Determination of the likelihood of risks and their consequences. Conscientious and reliable qualitative risk analysis assumes that different levels of risk probability and impact have been identified. The generic definitions of likelihood and impact levels are adapted for each project separately during the risk management planning process and then used in the qualitative risk analysis process (Section 11.3).

Figure 11-4. Example of a risk breakdown structure (RBS)

You can use a relative scale on which probability is indicated descriptively, ranging from "extremely unlikely" to "almost certain." You can also use a general scale on which the probabilities correspond to a numerical value, for example: 0.1 - 0.3 - 0.5 - 0.7 - 0.9. Another way of calibrating likelihood is to create descriptions of the state of the project that is relevant to the risk being considered (for example, the degree of completion of the product design).

The impact rating scale reflects the significance of the impact (negative for threats or positive for opportunities) of the risk if it occurs. The scale of impact assessment can vary depending on the potentially affected goal, the type and size of the project, the organization's strategies and financial health, and the sensitivity of the organization to a particular type of impact. The relative scale of consequences contains only descriptive labels, such as “very low,” “low,” “medium,” “high,” and “very high,” ranked in ascending order of maximum impact strength as defined by the organization. The same can be done differently by assigning numeric values to these consequences. These digital values can be linear (for example, 0.1 - 0.3 - 0.5 - 0.7 - 0.9) or non-linear (for example, 0.05 - 0.1 - 0.2 - 0.4 - 0.8). A non-linear scale can reflect an organization's intention to avoid threats with a serious impact or to seize the most favorable opportunities, even if the likelihood of them occurring is relatively low. When using a non-linear scale, it is important to understand what the numbers mean and how they relate to each other, how these numbers are derived, and how they might affect the various goals of the project.

In fig. 11-5 provides an example of negative impact definitions that can be used to assess the impact of risks on the four project objectives. The figure shows both relative and digital (in this case, non-linear) designation methods. The purpose of this figure is not to show that relative and numeric designations are the same, but to illustrate two possibilities in one table rather than two.

Probability and Consequence Matrix. The prioritization of risks corresponds to the potential degree of significance of their consequences for the achievement of project objectives. A typical way to prioritize risks is to use a look-up table or probability-impact matrix (see Figure 11-8 and Section 11.3.2.2). Typically, the organization itself establishes the combinations of probability and impact, on the basis of which the degree of risk is determined as "high", "medium" or "low", which in turn determines the significance for planning the response to this risk (Section 11.5). These combinations in the risk management planning process can be revised and adapted to a specific project.

Figure 11-5. Determining the Impact Assessment Scale for the Four Project Objectives

Chapter 11 - Project Risk Management

Clarified risk tolerance of project participants. During
risk management planning process risk tolerance
project participants can be adjusted in relation to
specific project.

Reporting forms. Describes the content and format of the risk register
(Sections 11.2, 11.3, 11.4 and 11.5) and any other required reports
by risks. Contains a definition of how
documenting, analyzing and sharing information on the results of the process
risk management.

Tracking. Documents the registration procedure for all aspects
risk operations in the interests of this project, as well as for future
projects and inclusion in lessons learned documents.
Documents when and how process audits will be conducted
risk management.

Identification risks

Risk identification involves identifying risks that may affect the project and documenting their characteristics. If necessary, the following can participate in the operations to identify risks: the project manager, members of the project team, the risk management team (if one is established), experts in certain areas who are not part of the project team, customers, end users, other project managers, project participants, etc. risk management experts. Although the main role in the identification of risks belongs to these professionals, the participation of all personnel in this process should be encouraged.

Risk identification is an iterative process, as new risks may be identified as the project progresses through its life cycle (Section 2.1). The frequency of iteration and the composition of the participants in the execution of each cycle in each case may be different. Project team members should be involved in this process so that they develop a sense of “ownership” and responsibility for risks and actions to respond to them. Project participants who are not part of the project team can provide additional objective information. Typically, the risk identification process is followed by a qualitative risk analysis process (Section 11.3). Where risk identification is under the direction of an experienced risk manager, the identification can be followed directly by a quantitative risk analysis (Section 11.4). In some cases, the very identification of the risk can determine the response; these measures should be recorded for further analysis and implementation during the risk response planning process (section 11.5).

11.2.1 Risk identification: inputs

.1 Factors of the external environment of the enterprise

When identifying risks, it may be useful information from open sources, including commercial databases, scientific papers, benchmarking and other research work in this area (section 4.1.1.3).

.2 Assets organizational process

Information about the implementation of previous projects can be available in the archives of previous projects, both in its original form and in the form of accumulated knowledge (section 4.1.1.4).

.3 Project Scope Description

Design assumptions are provided in the project scope statement (Section 5.2.3.1). Uncertainty in design assumptions should be considered as a potential source of project risks.

.4 Risk management plan

The key inputs to the risk identification process from the risk management plan are the distribution of roles and responsibilities, the reserve for risk management operations in the budget and in the schedule, and the risk categories (Section 11.1.3.1). These activities are sometimes reflected in the resource hierarchy (Figure 11-4).

.5 Project Management Plan

The risk identification process also requires an understanding of the scheduling, cost and quality management plans that go into the project management plan (Section 4.3). Process outputs from other areas of expertise should be analyzed to identify potential risks throughout the project.

11.2.2 Risk identification: tools and techniques

1 Documentation analysis

A structured review of project documentation can be performed, including plans, assumptions, previous project history, and other sources. The quality of the plans, as well as the consistency of the plans and their compliance with the requirements and assumptions of the project, can serve as indicators of the potential for risk in the project.

.2 Methods of collecting information

The following methods of collecting information can be used to identify risks:

Brainstorm. The purpose of the brainstorming session is to create a detailed list of project risks. Typically, the brainstorming session is conducted by the project team, often in collaboration with non-team experts from different fields. Ideas for project risks are generated under the guidance of a facilitator. A system of risk categories (Section 11.1) can be taken as a basis, for example, a hierarchical structure of risks. Further, the risks are subject to identification and categorization by type, and their definitions are subject to clarification.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

Chapter 11 - Project Risk Management

Delphi method. The Delphi Method is a way to achieve consensus between
experts. This method assumes that the subject matter experts
project risks participate in it anonymously. Through
In the questionnaire, the facilitator collects ideas about the important risks of the project.
A summary of the answers is compiled, which are then returned to the experts
for further comments. Consensus can be achieved in a few
cycles of this process. Delphi method helps to overcome
bias in evaluating data and eliminating excess influence
individuals on the result of work.

Polls. Conducting surveys among experienced staff who host
participation in the project, among the project participants and experts in this field,
can help identify risks. Survey results
are one of the main sources of information in the process of collecting
risk identification data.

Identification of the root cause. This is the identification of the most
significant causes of project risks. This allows you to give
more precise definitions of risks and group risks by reasons, their
callers. Risk response can only be effective
when it is aimed at eliminating the root cause
risk occurrence.

Analysis of strengths, weaknesses, opportunities and threats (analysisSWOT) This method allows you to analyze the project from the perspective of each of
the above parties, which gives a more complete picture of the risks
project.

.3 Reviewing Checklists

Risk identification checklists can be developed based on historical information and knowledge gained from previous similar projects, as well as from other sources. You can also use the lowest level of the resource hierarchy as a risk checklist. While the checklist may be simple and easy to complete, it is not possible to create an exhaustive checklist. Particular attention should be paid to issues that are not reflected in the checklist. When a project is closed, the checklist should be revised to optimize it for use in future projects.

.4 Analysis of assumptions

Each project is conceived and developed based on a number of hypotheses, scenarios and assumptions. Assumption Analysis is a tool for assessing the reasonableness of assumptions as they are applied in a project. This analysis identifies project risks arising from inaccuracies, incompatibilities or incomplete assumptions.

.5 Methods of display using diagrams

Methods for displaying risks in the form of diagrams include:

Causal Diagrams(Section 8.3.2.1). These graphs,
also known as Ishikawa diagram or fisheye diagram
skeleton "are used to identify the causes of risks.

System diagram or process flow diagram. This kind
graphical display demonstrates the order of interaction
various elements of the system among themselves and their cause-and-effect
communication (section 8.3.2.3).

Influence charts. Graphical presentation of situations,
reflecting mutual influences, temporal connections of events and others
the relationship between variables and outcomes.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition
248 © 2004 Project Management Institute, Four Campus Boulevard, Newtown Square, PA USA

11.2.3 Risk identification: outputs

Typically, the outputs of the risk identification are contained in a document that can be called a risk register.

.1 Risk register

The main outputs of the risk identification process are the initial entries in the risk register, which becomes part of the project management plan (Section 4.3). Ultimately, the outputs of other risk management processes are recorded in the risk register as they are completed. The preparation of the risk register begins with the risk identification process, during which the register is filled with the information below. This information is then made available to other processes related to project management or project risk management.

List of identified risks. This list contains
list and descriptions of identified risks, including the main
the reasons for their occurrence and the uncertain project assumptions.
Almost any project topic can be subject to certain
risks. Here are some examples. Several types of production work
large component parts that require a long time,
are located on the critical path of the project. The risk may arise then,
when disagreements in industrial relations in the port may
lead to a delay in the supply of components, and, therefore,
to a delay in the completion of construction. Another example would be
find yourself in a situation where the project management plan is foreseen
staff of ten performers, and available resources
there are only six. Lack of resources can lead to
an increase in the period of time required to complete the work and to
delay in the execution of planned operations.

List of potential response actions. Potential
risk responses can be identified during the identification process
risks. These actions, when defined, can be useful in
as inputs to the risk response planning process (Section 11.5).

The main causes of the risk. Such reasons
represent underlying conditions or events, understanding
which can serve as a key to identifying a particular risk.

Clarification of risk categories. In the process of identification, the list
risk categories can be replenished with new categories. Perhaps on
based on the outputs of the risk identification process,
expand or refine the hierarchical structure of resources,
developed in the risk management planning process.

11.3 Qualitative analysis risks

Qualitative risk analysis involves the prioritization of identified risks, the results of which are used subsequently, for example, in quantitative risk analysis (Section 11.4) or risk response planning (Section 11.5). Organizations can dramatically improve project execution efficiency by focusing on the highest priority risks. In a qualitative risk analysis, the priorities of the identified risks are determined based on the likelihood of their occurrence, their impact on the achievement of project objectives in the event of these risks, as well as taking into account a number of other factors (for example, the time frame and risk tolerance inherent in the project cost constraints, schedule, content and quality).

By determining the degree of probability and impact, as well as data obtained from interviews with experts, it is possible to correct the bias of data that often occurs during this process. In the presence of planned operations, the implementation of which is very tightly tied to certain time intervals and exposed to risk, the degree of importance of the risk increases many times over. Evaluating the quality of the information available related to project risks can also help to understand the significance of the risk in a given project.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

Chapter 11 - Project Risk Management

Qualitative risk analysis is usually a quick and inexpensive way to prioritize risk response planning and, if necessary, serves as the basis for quantitative risk analysis. A good risk analysis should be refined throughout the project life cycle and should reflect any changes related to project risks. To conduct a qualitative risk analysis, outputs from the risk management planning (section 11.1) and risk identification (section 11.2) processes are required. Once the qualitative risk analysis is complete, you can move on to quantitative risk analysis (Section 11.4) or directly to risk response planning (Section 11.5).

Figure 11-7. Qualitative Risk Analysis: Inputs, Tools & Techniques, and Outputs

11.3.1 Qualitative Risk Analysis: Inputs

Qualitative risk analysis can draw on risk data from previous projects and a knowledge base.

In standard or recurring projects, each time there are more well-understood risks. Projects that are based on the latest technology or are new to any technology, or very complex projects, are characterized by a high degree of uncertainty. The degree of uncertainty can be estimated by examining the project scope statement (Section 5.2.3.1).

.3 Risk management plan

For a qualitative risk analysis, the following elements of the risk management plan are essential: 1) distribution of roles and responsibilities in risk management, budget and planned risk management operations; 2) categories of risks; 3) determination of the likelihood of occurrence and possible consequences; 4) a matrix of likelihood and consequences; and 5) refined risk tolerance of project participants (as well as environmental factors of the enterprise, see section 4.1.1.3). Typically, these inputs are adapted to a specific project during the risk management planning process. If these inputs are not available, they can be developed during the qualitative risk analysis process.

.4 Risk register

A key element in the risk register for conducting a qualitative risk analysis is the list of identified risks (Section 11.2.3.1).

11.3.2 Qualitative Risk Analysis: Tools and Techniques

.1 Determining the likelihood and impact of risks

Determining the likelihood of a risk arising involves conducting research to determine the degree of likelihood of a particular risk occurring in the course of the project. The impact assessment of a risk identifies the potential effect it can have on a project's objective (for example, time, cost, content, or quality), including negative impacts for threats and positive impacts for opportunities.

The likelihood and impact are assessed for each identified risk. Risk assessment can be based on the results of surveys or joint meetings with experts selected for their knowledge of risk categorization. Interviewees may include members of the project team and possibly individuals who are not involved in the project but have broad knowledge of the area. Expert assessments are necessary as it may turn out that there is not enough information about risks found in the databases of organizations and related to past projects. Discussions may require the assistance of an experienced facilitator, as participants may have insufficient experience in risk assessment.

Based on the results of interviews or meetings, the likelihood of occurrence and the impact of each risk on the goals of the project is determined. Explanatory information is also recorded, including the assumptions used to determine the risk levels. The likelihood of occurrence and impact of risks are ranked according to the definitions provided in the project management plan (Section 11.1.3.1). In some cases, risks with a clearly low degree of probability of occurrence and impact are not included in the risk rating, but are included in the list of risks that are subsequently monitored.

.2 Probability and Consequence Matrix

Risks are prioritized for subsequent quantitative analysis (section 11.4) and response (section 11.5) based on the risk rating. The assignment of a risk to a specific location is based on estimates of their probabilities of occurrence and consequences (Section 11.3.2.2). The assessment of the severity of the risks, and therefore the priority for treatment, is usually done using a look-up table or probability-and-consequence matrix (Section 11-8). Such a matrix contains combinations of likelihood and impact, by which the risks are assigned a certain rank: low, medium or high priority. Depending on the preference of the organization, the matrix can contain descriptive terms or numbers.

The organization should determine which combinations of probability and impact correspond to high risk ("red zone"), medium risk ("yellow zone"), or low risk ("green zone"). In a black-and-white matrix, these conditions can be indicated by different shades of gray. In the matrix shown in Fig. 11-8, a dark gray area (highest numeric values) indicates a high level of risk, an area of medium gray intensity (lowest numeric values) indicates a low level of risk, and a light gray area (medium value numerals) indicates medium level of risk. Typically, these risk rating rules are established in the organization prior to the start of the project and included in the organizational process assets (Section 4.1.1.4). The rules for determining the ranking of risks can be finalized for each specific project during the planning of risk management (Section 11.1).

For these purposes, a probability and consequences matrix is also often used, for example, the one shown in Fig. 11-8.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

Chapter 11 - Project Risk Management

Figure 11-8. Probability and Consequence Matrix

As shown in fig. 11-8, an organization can rank each risk separately for each purpose (eg, cost, time, or content). In addition, the organization can establish how to determine overall rating for every risk. Finally, threats and opportunities can be managed using the same matrix and definitions. different levels consequences.

Risk rank helps manage risk response. For example, for risks that, in the event of a negative impact on the project objectives (threats), and therefore located in the high-risk zone (dark gray) of the matrix, preventive operations and an aggressive response strategy are required. Threats located in a low-risk area (medium gray in intensity) may not require preventive action. It is enough that they are placed on the watch list or added to the contingency pool.

The same goes for opportunities: those that are easiest to obtain and that promise the most benefit (they are in the high-risk zone - dark gray) should be given the highest priority. Opportunities in the low-risk area (medium-gray) should be monitored.

Assessing the quality of risk data

For qualitative risk analysis results to be reliable, accurate and unbiased data is essential. Risk data quality analysis is a technique for evaluating the usefulness of risk data for project management. The analysis includes examining the depth of understanding of the risk, as well as the accuracy, quality, reliability and integrity of the risk data.

The use of low quality risk data may result in the results of a qualitative risk analysis being of little use for the project. In the absence of good quality data, it may be necessary to collect new, higher quality data. Collecting risk information is often difficult and requires more time and resources than originally planned.

.4 Risk classification

To identify project areas that are most vulnerable to uncertainty, project risks can be classified by the source of risk (for example, using the RIS), by the project area affected by the risk (for example, using the WBS), or by some other criterion (for example, by phase of the project). An effective system Risk responses can be designed based on the grouping of risks by their root causes.

.5 Assessing the urgency of the risk

Risks requiring an immediate response can be considered the most urgent to respond. Priority indicators can include risk response time, risk symptoms and signs, and risk rank.

11.3.3 Qualitative Risk Analysis: Outputs

The creation of a risk register begins with the risk identification process. The risk register is updated based on information obtained from the qualitative risk analysis, and then the updated risk register is included in the project management plan. Updates to the risk register based on information obtained from a qualitative risk analysis include:

Relative ranking or prioritization of risks project. To classify risks according to their individual
the significance can use a matrix of likelihood and consequences.
The project manager can then use the risk list,
prioritized to focus particular attention
on those of them that are of high importance for the project, and
responding to risks can yield the best results. Risks can
be prioritized separately for cost, time,
content, and quality, as organizations can
evaluate the significance of some project goals in relation to others.
The description of the basis for assessing the likelihood and impact should be
included in the list of assessed risks as it is important for the project.

Risks grouped by category. Grouping risks by
categories can identify common underlying causes or
areas of the project to focus on.
Identifying risk concentration improves efficiency
responding to risks.

List of risks requiring immediate response. Risks
requiring immediate response, and risks, the response to which
can be performed later, can be placed in different groups.

List of risks for additional analysis and response. Some risks may require additional consideration
(including quantitative risk analysis), as well as additional
response actions.

List of low priority risks that need to be monitored. Risks that did not receive as a result of a qualitative risk analysis
high priority, can be listed for further
constant monitoring of them.

Trends in the results of qualitative risk analysis. As you progress
reanalysis may reveal the trends of certain risks, which
can serve as a basis for determining the urgency of responding to these
risks or the need for additional consideration.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

Chapter 11 - Project Risk Management

11.4 Quantitative analysis risks

Quantitative analysis is carried out in relation to those risks that, in the process of qualitative risk analysis, were qualified as potentially or significantly affecting the competitive properties of the project. In the process of quantitative risk analysis, the effect of such risk events is assessed and a digital rating is assigned to such risks. This analysis also provides a quantitative approach to decision making in the face of uncertainty. This process uses techniques such as Monte Carlo simulations and decision tree analysis; they are used to:

Determining the number of possible project outputs and their degree
probabilities

Estimates of the likelihood of achieving specific project objectives

Identifying the risks requiring the most attention by
quantifying their relative contribution to the overall project risk

Defining realistic and achievable cost targets,
schedule or content taking into account the risks of the project

Determining the best project management solution in a situation where
some conditions or outputs remained undefined

Quantitative risk analysis is usually performed after qualitative risk analysis, although experienced project managers sometimes perform quantitative analysis immediately after risk identification. In some cases, quantitative risk analysis is not required to develop effective risk responses. The choice of method (s) of analysis in each specific project is determined by the availability of time and budget, as well as the need for a qualitative or quantitative statement of risks and their consequences. To determine how successfully (and if) the overall risk of the project has been reduced, after planning the risk response, it is necessary to re-quantitatively analyze the risks, as well as part of the monitoring and risk management. Analysis of trends may indicate the need for a larger or smaller risk management operation. This is the input to the risk response planning process.

11.4.1 Quantitative Risk Analysis: Inputs

.1 Organizational Process Assets

Information about previous similar projects, the results of studies of similar projects by risk specialists and risk databases that may be available from industrial or private sources.

.2 Project Scope Description

See section 5.2.3.1 for a description.

.3 Risk management plan

For quantitative risk analysis, the following elements of the risk management plan are essential: 1) distribution of roles and responsibilities in risk management, budget and planned risk management operations; 2) categories of risks; 3) hierarchical structure of resources; and 4) refined risk tolerance of project participants.

.4 Risk register

The key elements of a risk register for quantitative risk analysis are: a list of identified risks, a relative ranking or priority list of project risks, and risks grouped by category.

.5 Project Management Plan

The project management plan includes:

Project Schedule Management Plan. Schedule Management Plan
the project establishes the format and criteria for development and controlling
project timetable (see the aquatic part of chapter 6 for a description).

Project cost management plan. Cost management plan
the project establishes the format and criteria for planning,
structuring, estimating, budgeting and cost controlling
project (see description in the aquatic part of chapter 7).

11.4.2 Quantitative Risk Analysis: Tools and Techniques

.1 Methods for collecting and reporting data

Polls. Polls are used to quantify likelihood
the occurrence and impact of risks on the goals of the project. Required
information depends on the type of probabilistic
distribution. For example, for some commonly used models
distributions it is necessary to collect information about the optimistic (low),
pessimistic (high) and the most likely scenario, and for others
models - information about mean and standard deviations. Examples of
The three-point estimates for the valuation are shown in Fig. 11-10.
Documenting the rationale for ranking risks is essential
component of risk surveys, as these documents can
contain information on the reliability and validity of analyzes.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

Chapter 11 - Project Risk Management

Figure 11-10. The range of project cost estimates based on the survey results

Probability distribution. Continuous probability distribution represents the uncertainty of values, for example, the duration of scheduling activities and the cost of project items. A discrete distribution, such as test results or a possible scenario of a decision tree, can be used to represent undefined events. In fig. 11-11 show two examples of commonly used continuous distributions. These skewed distributions describe forms that are compatible with data typically obtained from project risk analysis. Uniform distribution can be used in cases where there is no preferred value between the specified upper and lower bounds, which happens, for example, at an early design stage.

Expert review. Experts in this area, whether they are employees of the organization or outsourced (for example, experts in the field of engineering or statistics), validate the data and methods.

.2 Quantitative risk analysis and modeling techniques

The most common quantitative analysis methods are:

Sensitivity analysis Sensitivity analysis helps
determine which risks have the greatest potential impact
per project. During the analysis, it is established to what extent
the uncertainty of each element of the project is reflected in the investigated
project goals if the remaining undefined elements take
base values. One of the typical ways to display results
sensitivity analysis is a tornado chart that is useful in
comparing the relative importance of variables with high
the degree of uncertainty, with other, more stable variables.

Analysis of the expected monetary value. Analysis of the expected cash
value (ODS) is a statistical concept by which
the average result is calculated for cases where the future includes
scenarios that cannot be predicted with certainty (i.e. analysis in
conditions of uncertainty). Usually ODS of Opportunity
is expressed in positive values, and risks - in negative
quantities. The ODS is calculated by multiplying the value of each
possible result on the probability of its occurrence, and then the obtained
the values are summed up. Most often, this type of analysis is used in
analysis of the decision tree (Fig. 11-12). To analyze the risks of value and
it is recommended to use simulation, since this method
more efficient and less susceptible to the likelihood of wrong
application than the analysis of the expected monetary value.

Decision tree analysis. Usually the structure of a decision tree analysis
is built on the basis of the decision tree diagram (Fig. 11-12), which
describes the situation under consideration, taking into account each of the available
choices and possible scenarios. It brings value together
every choice, the probability of each
possible scenario, as well as rewards for each alternative
logical path. Building a decision tree makes it possible to carry out
analysis of ODS (or other activities of interest to
organization) for each alternative, provided that all
rewards and related decisions already have a quantitative
expression.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

Chapter 11 - Project Risk Management

Figure 11-12. Decision tree diagram

Modeling and imitation. A project simulation uses a model to determine the impact of the detailed uncertainties on the overall project outcomes. Simulations are usually done using the Monte Carlo method. In the simulation, the project model is calculated many times (iteratively), with the inputs randomized from a probability distribution function (for example, the cost of project items or the duration of scheduling operations) selected for each iteration from the probability distribution of each variable. A probability distribution is calculated (for example, total cost or completion date).

In cost-of-risk analysis, the traditional WBS (Section 5.3.3.2) or the hierarchical cost structure can be used as a model for modeling. To analyze the risks of the schedule, a diagram constructed using the precedence method (Section 6.2.2.1) is used. The results of modeling cost risks are shown in Fig. 11-13.

Figure 11-13. Results of modeling cost risks

11.4.3 Quantitative Risk Analysis: Outputs

.1 Risk Register (Updates)

The formation of the risk register begins during the risk identification process (section 11.2), and during the qualitative risk analysis (section 11.3) it is updated. Further updating of the risk register occurs during the quantitative risk analysis. The risk register is a component of the project management plan. The following main elements are subject to update:

Probabilistic analysis of the project. In the process of probabilistic analysis
the project evaluates the potential outputs of the project schedule
and cost, a list of completion milestones is drawn up and
cost, as well as this information are assigned the appropriate
privacy levels. This output, usually expressed as
cumulative probability distribution, used in conjunction with
risk tolerance of project participants to quantify
cost and time components of the contingency reserve
circumstances. Such contingency reserves
are necessary to reduce to an acceptable level of risk for the organization
cost overruns in relation to the stated goals of the project. For example, on
rice. 11-13 75th percentile contingency cost
is $ 9, or about 22% compared to the amount of $ 41, which
is obtained from the estimates of the highest probability.

The likelihood of achieving cost and time goals. When the project
faces risks through quantitative analysis
risks, you can assess the likelihood of achieving the goals of the project against the background
current targets. For example, in Fig. 11-13 probability
achieving a value estimate of $ 41 (Figure 11-10) is approximately 12%.

Chapter 11 - Project Risk Management

List of priority assessed risks. This list includes
risks that pose the greatest threat or best
favorable opportunities for the project. Among them there are risks that
require maximum funds for contingencies and those
which are most likely to have an impact on
critical path.

Trends in the results of quantitative risk analysis. As
reanalysis, trends may become more
obvious, and this can facilitate decision-making that affects
to react to risks.

Planning response on the risks

Risk response planning is the process of developing paths and identifying actions to increase opportunities and reduce threats to project objectives. This process begins after performing a qualitative risk analysis and a quantitative risk analysis. It includes identifying and appointing one or more Responsible Persons (“Risk Responders”) who are responsible for responding to each agreed and budgeted risk. Risk response planning considers risks according to their priorities; as needed, new resources and activities are added to cost, schedule, and project management plans.

Planned risk response operations should be appropriate to the severity of the risk, be cost effective in addressing the problem, timely, realistic in the context of the project and agreed with all stakeholders, and should be the responsibility of a responsible person. Choice is often required the best way responding to risks from several possible options.

The Risk Response Planning section presents the most commonly used approaches to risk response planning. Risks include threats and opportunities that can affect the success of a project, and responses are considered for each type separately.

Figure 11-14. Risk Response Planning: Inputs, Tools and Techniques,

11.5.1 Plan Risk Response: Inputs

.1 Risk management plan

Important elements of a risk management plan include: assignment of roles and responsibilities, definitions of risk analyzes, risk thresholds (low medium and high), time and budget required to carry out project risk management activities.

The outputs of the risk management planning process, which are important inputs for planning the risk response, include: probabilistic analysis of the project, the likelihood of achieving project objectives in terms of time and cost, a list of priority assessed risks, and trends found in the results of quantitative risk analysis.

.2 Risk register

Initially, the risk register is formed during the risk identification process, then it is updated during the qualitative and quantitative risk analyzes. When developing a risk response during the risk response planning process, it may be necessary to refer to information about identified risks, root causes of risks, a list of potential risk responses, a list of risk takers, symptoms and risk indicators.

Important inputs to the risk response planning process include: 1) a relative rating or list of project risks sorted by priority, 2) a list of risks requiring immediate response, 3) a list of risks that need additional analysis and response, 4) trends in quality outcomes. risk analysis, 5) root causes of risks, 6) risks grouped by category, and 7) a list of low priority risks that should be monitored. Further updating of the risk register takes place during the quantitative risk analysis.

11.5.2 Planning Risk Response: Tools and Techniques

There are several strategies for responding to risks. For each risk, it is necessary to choose a strategy or a combination of different strategies that seems to be the most effective for dealing with it. Risk analysis tools (for example, decision tree analysis) can be used to select the most appropriate way to respond to risks. Then it is necessary to develop specific measures for the implementation of the chosen strategy. It is possible to define the main and reserve strategies. In case the chosen strategy does not work or turns out to be ineffective, as well as if an accepted risk arises, you can develop and use a contingency plan. There is often a contingency reserve in time and cost. Finally, contingency plans can be developed along with the definition of the conditions under which these plans are triggered.

.1 Strategies for responding to negative risks (threats)

There are three typical strategies for responding to threats or risks that can negatively impact the achievement of project results. These strategies are: evasion, transfer or decline.

Evasion. Risk aversion involves modifying the project management plan in such a way as to eliminate the threat posed by negative risk, to shield the project objectives from the consequences of the risk, or to weaken the objectives that are at risk (for example, expand the scope of the schedule or reduce the scope of the project). Some of the risks that arise in the early stages of a project can be avoided by clarifying requirements, obtaining information, improving communication, or conducting due diligence.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

Chapter 11 - Project Risk Management

Broadcast. Risk transfer involves shifting negative consequences
threats with responsibility for responding to risk to a third party. Broadcast
risk simply transfers responsibility for its management to another party; risk
it is not eliminated. Risk transfer is the most
effective in relation to financial risks. Risk transfer is practically
always involves the payment of a risk premium to the party assuming
risk. Risk transfer instruments are many and varied; they
include, in particular, the use of insurance, performance guarantees
contract, warranty, etc. Terms of transfer of responsibility
for certain risks to a third party may be determined in the contract. In
in many cases in a contract with actual costs paid costs of risks
can be passed on to the buyer, and in a contract with a fixed price
the risk can be passed on to the seller if the development of the project is already
is in a stable condition.

Decrease. Reducing risks implies lowering the likelihood and / or
consequences of a negative risky event to acceptable limits.
Taking preventive measures to reduce the likelihood of an occurrence
risk or its consequences are often more effective,
rather than the efforts to eliminate negative consequences undertaken by
after the occurrence of a risk event. Examples of activities for
risk reduction can be achieved by: introducing less complex processes,
conducting more tests or choosing a supplier,
which supplies are more stable. To reduce risks
it may be necessary to develop a prototype, on the basis of which
there is a proportional increase in the probability of risk from
bench model before the process or product. If it is impossible to reduce
likelihood, risk mitigation should focus on consequences
risk, namely those connections that determine their severity.
For example, designing a redundant subsystem can reduce
the consequences of failure of the main system.

Strategies for responding to positive risks (opportunities) The following are three ways to respond to risks that have potentially positive implications for project objectives: use, share, and enhance.

Usage. This strategy can be chosen to respond to risks with
positive impact, if necessary, that this favorable
the opportunity would be guaranteed to be realized. This strategy
is designed to eliminate all uncertainties associated with risk
top level, using measures to ensure the emergence of this
opportunity in various forms. Among the measures of direct
responses to this opportunity include: getting involved in
the project of more talented personnel in order to reduce the time,
necessary for its completion, or ensuring a higher quality,
than the original plan.

Sharing. Sharing positive
risks involves the transfer of responsibility to a third party,
able to make the best use of the presented
opportunity for the benefit of the project. Activities with
sharing opportunities include:
formation of partnerships with joint responsibility for risks, teams,
specialized companies or joint ventures created
specifically for Opportunity Management.

Gain. When this strategy is applied, the "size" of the favorable
opportunities by increasing the likelihood of occurrence and / or
positive impact, as well as by identifying and maximizing
the main sources of these positive risks. To enhance this
probabilities, you can try to alleviate or strengthen the cause of
opportunity, and purposefully strengthen the conditions for its emergence.
Sources of exposure can also be influenced by trying to increase
the sensitivity of the project to this opportunity.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition
262 © 2004 Project Management Institute, Four Campus Boulevard, Newtown Square, PA USA

.3 General strategy for responding to threats and opportunitiesAdoption: This strategy is used in cases where it is unlikely to eliminate all risks from the project. This strategy means that the project team has decided not to change the project plan due to the risk, or has not found another suitable strategy for responding to risks. This strategy applies to either threats or opportunities. It can be either active or passive. Passive adoption of this strategy does not imply any preventive measures, leaving the project team the right to act at its own discretion in the event of a risk event. The most common form of active adoption of this strategy is the creation of a contingency reserve, which includes time, money, or resources to manage known — or, in some cases, potential and even unknown — threats and opportunities.

.4 Contingency Response Strategy

Some response methods are intended to be used only when certain events occur. For some risks, the project team can use a risk response plan, which can only be put into effect under predetermined conditions - if there is confidence and sufficient indications that the plan will be successfully implemented. You need to identify and track events that trigger the contingency response mechanism, such as the absence of interim milestones or the assignment of a high priority to a specific vendor.

11.5.3 Plan Risk Response: Outputs

.1 Risk Register (Updates)

Initially, the risk register is formed during the risk identification process, then it is updated during the qualitative and quantitative risk analysis. In the process of planning a response to risks, appropriate ways of responding to risks are selected, approved and included in the risk register. The risk register should be drafted in such a way that its level of detail is consistent with prioritization and planned risk response actions. Typically, high and medium priority risks are described in detail. Risks that are assigned a low priority level are listed for periodic monitoring. Elements of a risk register from this area may include:

Identified risks, their descriptions, project areas for which
they affect (for example, the WBS element), the causes of the risks (for example,
component of the ISRS) and how they can affect the objectives of the project

Persons responsible for risks, their responsibility

Outputs of qualitative and quantitative analyzes, including a list of risks
project ranked by priority and probabilistic analysis of the project

Agreed risk response strategies

Specific actions required to apply the chosen strategy
response

Symptoms and signs of risk

Budget and planning operations required to complete the selected
ways to respond to risks

Temporary and budgetary contingency reserves,
designed to provide risk tolerance for project participants

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

Chapter 11 - Project Risk Management

Contingency plans and conditions,
at which they are put into effect

Backup plans used in response to
the occurrence of a risk if the initial response to a risk
turned out to be inadequate

Residual risks remaining after a planned response to risks, and
also those that were deliberately taken

Secondary risks arising from the application of a response to
risks

Contingency provisions calculated on the basis of
quantitative project analysis data and organization risk thresholds.

.2 Project Management Plan (Updates)

The project management plan is updated as the planned risk response activities have been reviewed and ordered as part of the overall change management process (Section 4.6). Overall change management is undertaken as part of the Project Management and Management Process (Section 4.4) to ensure that the implementation and control of approved activities is part of the ongoing project. Once the risk response strategies have been approved, they should be fed back to the appropriate processes from other areas of expertise, including budget and schedule.

.3 Contractual Agreements Relating to Risks

To clearly define the responsibility of each of the parties in the event of each individual risk, contractual agreements are drawn up (for example, insurance contracts, services, etc.).

11.6 Monitoring and control risks

The planned risk response activities (Section 11.5) included in the project management plan are performed throughout the project life cycle, however, project activities should be continuously monitored and controlled to identify new and changed risks.

Risk Monitoring and Management (Section 4.4) is the process of identifying, analyzing and planning emerging risks, tracking identified risks and those that are listed for ongoing monitoring, and reviewing and executing risk response operations and assessing their effectiveness. Risk monitoring and management uses a variety of techniques, such as trend and variance analysis, which require performance data collected during project execution. Monitoring and managing risk, as well as other risk management processes, is an ongoing process that takes place throughout the entire life cycle of a project. Other objectives of the monitoring and risk management process should be determined if:

Project assumptions are still valid

Analysis of trends has shown that since the initial assessment, the state of
risk has changed

Management rules and procedures are properly followed
risks

Cost reserves and schedules must be updated at the same time
changes in project risks.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition
264 © 2004 Project Management Institute, Four Campus Boulevard, Newtown Square, PA USA

Monitoring and managing risk can include choosing alternative strategies, executing the contingency plan and contingency plan, taking corrective actions, and updating the project management plan. The Risk Responder should periodically report to the project manager on the effectiveness of the plan, any unforeseen effects and adjustments necessary to properly manage the risk. Monitoring and managing risk also includes updating the organizational process assets (Section 4.1.1.4), including a project knowledge base and risk management templates that will be needed for future projects.

Execution of work "href =" / text / category / vipolnenie_rabot / "rel =" bookmark "> execution of project work, for example, the results of analyzes that may affect the risk management process.

11.6.2 Monitoring and Risk Management: Tools and Techniques

.1 Risk review

In the process of monitoring and managing risks, it is often necessary to identify new risks and revise known risks using the processes described in this chapter. Risk reviews should be carried out regularly, according to a schedule. Project risk management should be one of the agenda items for all project team meetings. The amount and granularity of repetition will depend on the progress of the project in relation to the goals set. For example, if a risk arises that is not on the risk register or on the list of risks to be monitored, or if its impact on project objectives is different from what is expected, then the planned response to the risks may not be sufficient. In this case, risk management will require additional planning of measures to respond to risks.

.2 Risk audit

Risk audit involves the study and presentation in documentary form of the results of assessing the effectiveness of measures to respond to risks related to the identified risks, the study of the main causes of their occurrence, as well as an assessment of the effectiveness of the risk management process.

.3 Analysis of variances and trends

Trends in the course of project execution are validated using execution data. Earned value analysis (Section 7.3.2.4) and other methods of analyzing project variances and trends can be used to monitor the progress of the entire project. Based on the outputs of these analyzes, potential project deviations at the time of completion can be predicted in terms of cost and schedule. Deviations from the baseline can indicate impacts caused by threats or opportunities.

.4 Technical dimension of performance

In the technical measurement of performance, the technical results obtained during the implementation of the project are compared with the planned ones. Deviations, such as greater or lesser functionality in relation to what was planned at the time of the milestone, help to make it easier to predict the degree of success in meeting the project scope objectives.

.5 Analysis of reserves

Risks may arise during project execution that have a positive or negative impact on the budget or on contingency reserves (Section 11.5.2.4). When analyzing reserves, to determine the adequacy of the reserve balance, the volume of the remaining contingency reserves is compared with the number of remaining risks as at any point in the project execution process.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition
266 © 2004 Project Management Institute, Four Campus Boulevard, Newtown Square, PA USA

.6 Status meetings

Project risk management can be one of the agenda items of periodic meetings on current state... Depending on the identified risks, their priority and the difficulty of responding, this agenda item may be time consuming or not at all. The more often risk management is applied, the easier it is, and the frequent discussion of risk-related issues makes talking about risks, especially about threats, easier and more accurate.

11.6.3 Monitor and Risk Management: Outputs

.1 Risk Register (Updates)

The updated risk register includes the following:

Results of risk review, risk audit and periodic review
risks. These results may include updates by likelihood,
consequences, priorities, response plans, responsibility for risks and
other elements of the risk register. The results can also be
consider closed risks that no longer apply.

The actual results of project risks and the results of responding to
risks that can help project managers to form
risk plans throughout the organization, as well as when planning future
projects. This concludes the risk management document that
becomes an input to the project closing process (section 4.7) and part of
project closure documentation.

The use of fallback plans or walk-throughs often leads to the need to change the project management plan in response to the risk. The requested changes are prepared and submitted to the overall change management process (Section 4.6) as an output of the monitoring and risk management process. Approved change requests are documented and become inputs to the governance and management of project execution (Section 4.4) and the monitoring and risk management process.

Recommended corrective actions include contingency plans and bypass plans. The latter are not originally planned responses to risks, but they are necessary to manage risks that have not previously been identified or have been accepted passively. Workarounds should be properly documented and incorporated into the process for directing and managing project execution (Section 4.4) and in the process for monitoring and controlling project work (Section 4.5). The recommended corrective actions are inputs to the overall change control process (Section 4.6).

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition

Chapter 11 - Project Risk Management

.5 Organizational Process Assets (Updates)

The six project risk management processes provide information that can be used in future projects and should be part of the organizational process assets (section 4.1.1.4). At the end of the project, the risk management plan templates (including the likelihood and impact matrix) and the risk register can be updated. Risks can be documented and the resource hierarchy updated. The knowledge gained from the project's risk management operations can take its place in the organization's knowledge base. You can also add information about the actual cost and duration of project activities to your organization's databases. Organizational process assets also include the final version of the risk register, risk management plan templates, checklists, and risk hierarchies.

.6 Project Management Plan (Updates)

If the approved change requests affect the risk management processes, then the relevant parts of the project management plan should be updated and a new version prepared so that these approved changes are reflected there.

Management To Vault knowledge on management projects (ManagementPMBOK® ) Third edition
268 © 2004 Project Management Institute, Four Campus Boulevard, Newtown Square, PA USA

A year before the 2008 economic crisis, a Russian financial magazine, together with a corporate finance management company, held a business plan competition. After statistical processing of the declared works, it turned out that the most vulnerable part of them was the analysis of project risks. This oversight made it possible for investment errors to occur, which entailed significant potential losses. In most of the competitive business plans, there was an indication of the existence of potential hazards in the implementation of the project, however, a risk analysis and assessment was not carried out.

There are no risk-free projects. An increase in project complexity always increases the scale and number of associated risks in direct proportion. However, assessing the risks of project implementation is, albeit an obligatory, but an intermediate process, the result of which is a clear plan to reduce the degree of risk and a response plan in the event of a potential threat.

It is customary to understand opportunity - the likelihood of adverse situations that potentially lead to a deterioration in the final and intermediate indicators. In this case, the event itself can have a different degree of uncertainty and various reasons.

Risk management includes not only a statement of uncertainty and analysis of project risks, but also a set of methods for influencing risk factors to neutralize damage. Methods that are combined into a planning, tracking (monitoring) and correction (correction) system include:

Development of a risk management strategy.
Compensation methods, which include monitoring the external socio-economic and legal environment in order to forecast it, as well as the formation of a system of project reserves.
Localization techniques that are used in high-risk projects in a multi-project system. Such localization involves the creation of special units that are involved in the implementation of particularly risky projects.
Distribution methods using different parameters (time, composition of participants, etc.).
Methods for avoiding risks associated with replacing unreliable partners, introducing a guarantor into the process, risk insurance. Sometimes risk aversion means abandoning the project.

Undefined events that occur are not always accompanied by a negative effect. For example, leaving a team member from a project may result in a more skilled and efficient employee on the project. However, uncertain events with a positive (and “zero”) effect are not always accepted as a subject of consideration when assessing the risk of a project. The nature of uncertainty is associated with incurring losses due to internal and external circumstances.

The project specificity is also determined by the dynamism of the risk map with a change in riskiness as the transition from one project task to another:

In the early stages of a project, there is a high likelihood of threats with a low level of potential losses.
On the final stages the risk of threats being implemented decreases, but the magnitude of potential losses increases.

Taking this into account, it is advisable to carry out the analysis of project risks repeatedly, transforming the risk map as necessary. At the same time, this process is of particular importance at the stage of concept formation and design work - the creation of design documentation. For example, if an error in the choice of material is discovered in the early stages, this will lead to a delay in the deadline. If this error is discovered during execution, the damage will be much more significant.

Risk assessment by the project team and investors is based on the importance of the project, its specifics, the availability of sufficient resources to implement and finance the likely consequences of the risk manifestation. The degree of acceptable risk values depends on the planned level of profitability, the volume and reliability of investments, the familiarity of the project for the company, the complexity of the business model, and other factors.

The sequence of measures for assessing and managing project risks fits into a specific management concept, which includes a number of mandatory elements.

Project Risk Management Concept: Key Elements

Until recently, the norm in risk management methodology was passive. In its modern presentation, this methodology provides for active work with sources of threats and the consequences of detected risks. Risk management is interconnected processes, and it is not only the behavior of each stage that matters, but also their sequence. In general, this project management subsystem has the following structure:

Identification of risks and their identification.
Analysis of project risks and their assessment.
Selection of effective methods, commensurate with the risks.
Application of these methods in a risky situation and responding directly to the event.
Development of measures to reduce risks.
Decrease control and decision making.

Since today in project management most managers are guided by the format proposed by the PMBOK framework, it is more expedient to take a closer look at the 6 risk management processes that are proposed in the PMBOK:

Risk management planning.
Identification of factors influencing risks. At the same stage, their parameters are documented.
Qualitative assessment.
Quantitative assessment.
Response planning.
Monitoring and control.

After that, the cycle resumes again from the 2nd to the 6th point, since during the course of the project the context of the project's existence may change.

Project risks are managed by the project manager, but all project participants are involved to some extent in solving this problem (for example, during brainstorming, discussion, expert assessments, etc.). This is also important because the information context involves the identification of not only external risks (economic, political, legal, technological, environmental, etc.), but also internal ones.

In the future, to illustrate the implementation of the main elements of the control concept, examples from the project will be given, which have the following conditional characteristics. The jewelry factory, which introduces new gold chains to the market, purchases imported equipment for their production, installed in premises that have yet to be built. The price of gold as the main raw material is established based on the results of trading on the London Metal Exchange in US dollars. The planned sales volume is 15 kg of products per month, of which 4.5 kg (30%) are supposed to be sold through our own network of stores, and 10.5 kg (70%) - through dealers. The sale is subject to seasonal changes with activation in December and fading in April. The optimal period for launching equipment is the eve of the December peak in sales. The project implementation period is five years. The main indicator of the project's efficiency is NPV (net present value), which in the estimated plans is $ 1765.

Risk management planning

An introductory process in the list of procedures for dealing with design basis hazards is risk management planning. Since the same PMBOK is a framework, and it does not provide recommendations for working with a specific project, at this stage, methods and tools are specified that are appropriate to apply in a real starting project and in a real context. In an expanded form, the risk management plan contains the following sections as a document:

In the recommendations of the PMI Institute, this stage is necessary for the communication of all interested parties. At the same time, the company may already have established and proven risk management techniques, which, due to their familiarity, are preferable.

Identification of risk factors and the main types of project risks

The whole variety of uncertain events that can become risk factors is rather difficult to bring together and describe, so everyone and everything is involved for this. That is, not only the project manager and the team participate in the process of identifying factors, but also customers, sponsors, investors, users, specially invited experts.

Moreover, identification is an iterative (repeated throughout the entire life cycle) and combined with continuous analysis process. During the course of the project, new risks are often discovered or information about them is updated. Therefore, the composition of the expert commission may vary depending on the specific iteration, the characteristics of which, in turn, change depending on the specific risk situation and the type of threat. These types of risks can be classified according to different criteria, but the most practical are the criteria of controllability, sources of risk, its consequences, methods of reducing threats.

Not all threats are controlled, and some are also poorly classified as definitely controlled. Under a number of definitely uncontrollable factors, it is advisable to allocate resource reserves in advance.

In general, external risks are less well controlled than internal ones, and predictable ones are better than unpredictable ones:

Certainly uncontrollable external risks include government intervention, natural phenomena and natural disasters, and deliberate sabotage.
External predictable, but poorly controlled - social, marketing, inflationary and currency.
Partially controlled internal - risks associated with the organization of the project, the availability of funding and other resources.
Controlled - internal technical risks (associated with technologies) and contractual legal (patent, license, etc.).

The criterion of the source of threats is especially important in the first place. initial stages identification. Criteria for the consequences and methods of eliminating threats - at the stage of factor analysis. At the same time, it is important not only to identify, but also to correctly formulate the risk factor, so as not to confuse the source of risk with its consequences. Therefore, the very formulation of risk should be two-part: “source of risk + threatening event”.

To classify by risk sources, correct standardized pairs are compiled:

Technical factors - emergency situations and erroneous forecast as a type of risk.
Financial factors - unstable currency correlations.
Political - coups and revolutions, religious and cultural threats.
Social - strikes, terrorist threats.
Environmental - man-made disasters, etc.

But below, using the already mentioned example, not all are considered, but only the main types of controlled or partially controlled project risks.

Marketing Risk

This threat is associated with a loss of profit, which is caused by a decrease in the commodity price or sales volume due to the rejection of a new product by the consumer or an overestimation of the real sales volume. For investment projects, this risk is of particular importance.

The risk is called marketing risk, as it often arises from the flaws of marketers:

insufficient study of consumer preferences,
incorrect positioning of goods,
errors in assessing market competitiveness,
incorrect pricing,
the wrong way to promote the product, etc.

In the example of the sale of gold chains, an error in the planned distribution of sales volume in the ratio of 30% to 70% leads to the fact that the sale of a product through dealers in 80% of cases reduces the amount of profit received, since dealers purchase goods from a supplier at lower prices than retail consumer. An external factor in this example may be a situation in which the activity of visiting new stores in shopping centers depends on the "promotion" and popularity of the shopping centers themselves. The ways to reduce the risk in this situation will be a detailed preliminary analysis and a lease agreement with the introduction of a number of popularizing parameters: a convenient parking lot, a transport communication system, additional entertainment centers on the territory, etc.

General economic risks

Poorly controlled external risks associated with changes in the exchange rate, inflationary processes, an increase in the number of industry competitors, etc. pose a threat not only to the current project, but also to the company as a whole. In the case of the described example, the main of this group is the currency risk. If the final price of the product in rubles for the consumer does not change, but the purchase is made in dollars, then with an increase in the dollar exchange rate, there is an actual shortfall in profit in relation to the calculated values. Potentially, a situation is possible when, after the sale of the chain in rubles and the transfer of funds into dollars for which the gold is purchased, the actual amount of proceeds will be less than the amount required at least to renew the mass of commodities.

Risks associated with project management

These are not only threats associated with managerial errors, but also external risks, the reasons for which may be, for example, changes in customs legislation and cargo delays. Violation of the project schedule increases the payback period and lengthening the calendar period, and lost profit. In the example with gold chains, the delay is especially dangerous, since the product has a pronounced seasonality - after peak December it will be much more difficult to sell gold jewelry. This also includes the risk of budget increases.

In the practice of project management, there are simple ways to determine the real line (and cost) of a project. For example, PERT analysis, in which three terms (or costs) are set: optimistic (X), pessimistic (Y), and most realistic (Z). The expected values are entered into the formula: (X + 4x Z + Y) / 6 = planned date (or cost). In this scheme, the coefficients (4 and 6) are the result of a large array of statistical data, but this proven formula also works only if all three estimates can be correctly substantiated.

In cooperation with external contractors, to minimize risks, they negotiate special conditions... So, in the example of the launch of a new jewelry line, new buildings need to be built, the cost of which is determined at 500 thousand dollars, after which it is planned to receive a total profit of 120 thousand dollars per month with a profitability of 25%. If, through the fault of the contractor, there is a delay for a month, then the lost profit is easily calculated (120x25% = 30 thousand) and can be entered into the contract as compensation for the failure to meet the deadline. This compensation can be "tied" to the cost of construction. Then 30 thousand dollars will be 6% of the cost of work in 500 thousand.

The result of all this stage should be a hierarchical (ranked according to the degree of danger and magnitude) list of risks.

That is, the description should provide a way to compare the relative impact on project progress of all identified risks. Identification is made on the basis of the totality of all studies and risk factors identified on their basis.

The project risk analysis transforms the information gathered during identification into guidance that allows you to make responsible decisions even at the planning stage. In some cases, a qualitative analysis is sufficient. The result of this analysis should be a description of the uncertainties (and their causes) inherent in the project. To facilitate the procedure for identifying risks, special logical maps are used for analysis:

In Group " Market and consumers»Collects questions about the presence of unsatisfied consumer needs, market trends and whether the market will develop at all.
In Group " Competitors»The ability of competitors to influence the situation is assessed.
In Group " Company capabilities»Asks questions about marketing and sales competence, etc.

As a result of collecting answers, potential risks are identified associated with failure to achieve the sales plan due to:

incorrect assessment of consumer needs and market size,
lack of a sufficient product promotion system,
underestimating the capabilities of competitors.

As a result, a ranked list of risks is formed with a hierarchy according to the importance of threats and the magnitude of potential losses. So in the example with jewelry, the main group of risks included, in addition to not reaching the number of sales and reducing the financial volume due to a lower price, a decrease in the rate of return due to an increase in prices for raw materials (gold).

Quantitative risk analysis

Quantitative analysis is used to determine how the most significant risk factors can affect project performance. For example, it is analyzed whether a small (10-50%) change in sales volume will entail significant loss of profit, making the project unprofitable, or the project will remain profitable even if sold, for example, only half of the planned sales volume. There are a number of techniques for quantitative analysis.

Sensitivity analysis

This standard method consists in the substitution of various hypothetical values of the critical parameters into the financial model of the project and their subsequent calculation. In the example of launching a jewelry line, the critical parameters are the physical volume of sales, cost and selling price. It is assumed that these parameters will decrease by 10-50% and increase by 10-40%. After that, the "threshold" is calculated mathematically, beyond which the project will not pay off.

The degree of influence of critical factors on the final efficiency can be demonstrated on a graph that reflects the primary influence on the result of the selling price, then - the cost of production, and then - the physical volume of sales.

But the significance of the price change factor does not yet indicate the significance of the risk, since the probability of price fluctuations may be low. In order to determine this probability, a "probability tree" is formed step by step:

The total efficiency risk (NPV) is the sum of the products of the total probability and the value of the risk value for each deviation. The risk of changes in the sale price reduces the NPV of the project from the example by 6.63 thousand dollars: 1700 x 3% + 1123 x 9% + 559 x 18% - 550 x 18% - 1092 x 9% - 1626 x 3%. But after recalculating two other critical factors, it turned out that the most dangerous threat should be considered the risk of a decrease in the physical volume of sales (its expected value was 202 thousand dollars). The second most dangerous risk in the example was taken by the risk of changes in the cost price with an expected value of 123 thousand dollars.

This analysis allows you to simultaneously measure the magnitude of the risk of several critical factors. Based on the results of the sensitivity analysis, 2-3 factors are selected, which more than others have an impact on the result of the project. Then, as a rule, 3 development scenarios are considered:

Here, too, relying on expert substantiated assessments, the probability of its implementation is determined for each scenario. Numerical data for each scenario is substituted into the real financial model of the project, resulting in one comprehensive performance assessment. In the jewelry project example, the expected NPV is $ 1,572,000 (-1637 x 20% + 3390 x 30% + 1765 x 50%).

Simulation modeling (Monte Carlo method)

In cases where experts can name not accurate estimates of the parameters, but the estimated oscillation intervals, the Monte Carlo method is used. It is more often used in assessing currency risks (throughout the year), macroeconomic threats, risks of fluctuations in interest rates, etc. Calculations must simulate random market processes, therefore, special software or Excel functionality is used for analysis.

The application of the statistical rule of "three sigma" suggests that with a probability of 99.7% NPV will fall into the range of $ 1,725 thousand ± (3 x 142), that is, with a high probability, the project result in the example will be positive.

Anti-Risk Measures: Planning a Response

The result of the risk analysis can be a risk map with visualization of the ratio of probability and degree of impact on indicators. It facilitates the regulated planning of threat minimization.

The four main types of response include:

Acceptance, which presupposes a conscious willingness to take risks with a shift in efforts not to prevent, but to eliminate the consequences.
Minimization that works for controlled risks.
Transfer-insurance, when there is a third party willing to accept the risk and its consequences.
Avoidance, which assumes complete elimination of sources of risk. A passive and irrational form of avoidance is considered to be the rejection of certain elements of the project.

Modern software tools are designed for different levels of project management. For a large company with a large project portfolio, risk management automation tools are often incorporated directly into an integrated ERP-class package. For small and medium-sized businesses, the latest versions of MS Project are suitable, where it is possible to configure the risk management unit for the processes of identification, classification, as well as assessment and qualitative analysis of risks with the construction of a probability matrix. Simulation modeling can be carried out using the programs Project Expert, Alt-Invest.

Consider the process identification of project risks .

Target risk identification- compile the most complete list of project risks (first of all, the most dangerous risks).

Risks are usually hidden (like an underwater rock), and they can only be identified based on previous experience, as well as by identifying and analyzing various factors that may cause risks. To do this, the project manager must understand the possible sources of risks, be familiar with certain risk identification techniques and be able to use the knowledge and experience of specialists.

Features of risk management in projects:

1) risks can be associated with different elements of the project and the conditions for its implementation (the sources of risks can be the customer's expectations and limitations, the provision of the project with resources and the qualifications of the performers, the actions of competitors, etc.);

2) as the project plans are developed and refined, new sources of risks may appear associated with specific technologies, solutions and performers;

3) the general trend of change in risk factors as the project progresses is associated with a gradual decrease in the number and likelihood of possible risk events and in parallel with an increase in the magnitude and cost of the remaining risks;

4) not all risks are identifiable and manageable.

Sources of risks are subdivided into:

1) external sources - legislation, market reaction to manufactured products, actions of competitors, etc .;

2) internal - special requirements and limitations of the project, the technological solutions used, the competence of the performers, the features of project management, etc.

Risks resulting from external causes tend to be less manageable than internal risks.

Risks may also be:

1) famous - those that can be identified, assessed, analyzed and response plans developed;

2) unknown- these are those that are impossible or very difficult to foresee, assess and for which, accordingly, it is impossible to develop response plans.

Consequences of risks can be reduced to the impact on the most significant parameters of the project: timing, cost, quality of results or targets.

To ensure a clear and unambiguous understanding of risks, they are usually formulated by highlighting the source of the risk, the risk itself and the consequences of the risk.

Sometimes the project documents indicate that the risk of the project is “over budgeting the project”. This is an incorrect wording, since exceeding the project budget is a consequence of a number of risks.

For example, a source of risk may be the lack of interest of staff in the implementation of a new automated system.

The risk is the potential for personnel to sabotage the project.

Then the formulation of the risk may be as follows: "The risk of sabotage due to the lack of interest of the staff in the implementation of the new system."

The consequences of this risk will be associated with project delays.

In addition to the source and the risk itself, signs of risks are often formulated.

Risk symptoms (triggers)- these are indirect manifestations that warn (signal) the possible onset of risk.

For example, negative statements by employees about the project can be a sign of the onset (or imminent onset) of the risk of sabotage.

Imagine classification of risks .

Until now, there is no single standardized classification of risks that would be equally applicable to all projects in all areas of activity.

It's connected with:

The presence of a large number of risks that are specific in nature for specific projects and areas;

The impossibility in some cases to draw a clear line between different types of risks.

Basically risks offered classify on:

1) sources;

2) the consequences;

3) compensatory measures.

At the stage of risk identification, the first approach is more useful, which suggests analyzing possible risks in relation to the origins (causes) of each type of risk.

The second and third approaches can be useful for analyzing risks and deriving generalized estimates of the impact of risks on the goals of the project, its time and cost parameters.

Depending on the uniqueness of the risk factors, can be risks:

1) common to different types of projects- do not depend on the specific content of the project (for example, insufficient elaboration of plans for the implementation of the project, inconsistency of plans by the participants);

2) specific to certain types of projects(e.g. types and risk factors construction project differ from the risk factors of the implementation project information system; the risk factors of an organization's internal investment project differ from the risk factors of a project carried out under a contract for an external customer);

3) project-specific(for example, the risks associated with the use of specific technologies and their integration within a specific project).

By types of sources risks can be:

1) technical;

2) marketing and commercial;

3) financial and investment;

4) risks of project participants;

5) social;

6) macroeconomic;

7) political;

8) legal.

Can stand out risks related to various stages of project implementation:

1) planning;

2) design;

3) implementation;

4) commissioning.

The assignment of the identified specific risk to a certain category of classification is not always unambiguous. It is not so much this “linkage” that is important as the “self-detection” of a specific risk and further work to reduce or compensate for it.

More important in terms of planning risk management measures is the classification of risks according to the degree of controllability.

One of the most important tasks in risk identification is the identification of ultimate (or simple) risks.

Associated risks - groups of risks that lead to different consequences depending on whether the risk events occurred together or separately.

All possible project participants should be involved in the risk identification process: project manager, project team, experts, customers, investors, etc.

An initial risk list is developed by the project manager. The main group of project participants is involved to clarify and supplement the list.

To form an objective assessment at the final stage of the formation of the list of risks, independent specialists can participate.

To implement the procedure risk identification methods and tools:

1) review of project documentation;

2) analysis of assumptions;

3) SWOT analysis of the project;

4) methods of collecting information and working with experts:

Brainstorming method;

Delphi method;

Interview;

5) checklists and charts.

Documentation review and project SWOT analysis is usually performed to identify the main areas of uncertainty and to draw up an initial list of project risks.

Documentation overview involves a review of existing documents by the project manager and the working group (including a structured analysis of the project plan and existing proposals (restrictions) both at the level of the entire project and at the level of individual works).

When auditing project documents, analysis of assumptions.

Each project is based on a number of hypotheses, scenarios and assumptions. Analysis of the assumptions examines their correctness, and then identifies the risks of the project (based on the correctness, completeness and consistency of the assumptions). This allows you to formulate potential risks based on the fact that the assumption made about the project may turn out to be incorrect.

If possible, it is also useful to study archival documentation on other similar projects and their risks.

SWOT analysis- analysis of the strengths and weaknesses of the project, opportunities and threats for its implementation (see Figure 1).

It allows you to see the main areas of project risk, which can result from both project weaknesses and external threats, and from opportunities (since opportunities tend to be associated with new solutions and can be sources of risk).

Figure 1 - SWOT analysis of the project

"Brainstorm" - the fastest method for identifying risks. Its purpose is to compile a wide list of all possible risks, from which the main project risks can later be selected.

The disadvantages of "brainstorming" are associated with the fact that it is difficult to gather all experts at the same time, to ensure the independence of their opinions and to avoid pressure from authorities.

Brainstorming may be more successful if participants prepare in advance by selecting specific risk categories and use discussion-guiding techniques during the meeting.

Delphi method- a method to reduce the influence of the opinions of more authoritative experts on others.

All survey participants are determined in advance, but in the examination they act anonymously, without meeting each other.

Expertise is carried out in several stages.

The forensic expert sends out the questionnaire, collects and processes the answers.

The results obtained are sent to experts for clarification, taking into account the opinions of other experts.

Each expert has the opportunity to get acquainted with the complex results of the examination, and then give a new, more balanced assessment.

An agreed list of risks can be obtained as a result of several iterations of correspondence approvals.

This method helps to reduce bias, analysis bias and the premature influence of individual group members on the opinions of other experts.

The main disadvantage of this method is its duration. In a real project, as a rule, there is not enough time to fully implement this method.

Individual interviews are used when brainstorming fails (or in addition to brainstorming). Risks can be identified through surveys, interviews conducted by project risk management specialists.

Those responsible for risk identification identify specialists in the various functional areas of the project. Interviewers are based on their experience, information about the project and other sources.

To improve the efficiency of work with experts, various charts and checklists.

Checklists are lists of typical risks for a given class of projects, structured in accordance with the accepted classification.

Checklists can be developed according to lessons learned from previous similar projects or from other sources.

The advantage of using checklists is the ability to build on previous experience and structure discussion with experts.

Their disadvantage is the impossibility of compiling a complete, exhaustive checklist. the user is limited by the existing types of risks. Checklists should be used at the initial stage of risk planning.

From charts most commonly used causal (Ishikawa diagram), which allows you to organize and visualize the presentation of risks by type and source.

At the end of the risk identification procedure, a list of risks should be obtained, indicating specific sources and, if possible, symptoms of risks.

Practical experience shows that at least 50 risks should be identified for a sufficiently large-scale and complex project.

Risk identification should be carried out several times during the project implementation, since the situation in the project and its environment changes, which leads to a change in the list of risks.

Now let's look at the process analysis and assessment of project risks .

The purpose of risk analysis and assessment is to rank the identified risks and identify the most dangerous ones.

Risk analysis can be qualitative or quantitative.

Qualitative risk analysis- the process of expert assessment of the impact and likelihood of occurrence of the identified risks.

Quantitative risk analysis - allows you to determine more accurate quantitative indicators of the likelihood of individual risks and their impact on the costs and timing of the project, as well as calculate the main parameters of the entire project, taking into account the risks.

Qualitative analysis provides quick but rough estimates, while quantitative analysis provides more accurate estimates, but requires significant effort and time to carry out.

Quantitative risk analysis requires reliable input, good statistics, and mathematical models to enable the analysis.

Often, when managing risks, you can limit yourself only to conducting a qualitative analysis.

IN the analysis identified risks(qualitative and quantitative) can be obtained:

1) list of risks grouped by priority(e.g. high, low, medium).

Risks can also be grouped according to the urgency of the response: risks requiring an immediate response, and risks, the response to which can be postponed for some time;

2) list of risks requiring additional analysis.

Risks with high or medium priorities, for which there is insufficient information, which may require additional analysis, including additional analysis of causes and consequences;

3) generalized assessment of the riskiness of the project, which allows you to assess the riskiness of the project as a whole in comparison with other projects.

Methods qualitative risk analysis are based on expert assessments and require tools to provide uniform approaches to analysis by different experts, presentation and comparison of assessments.

Experts assess two main parameters for each risk:

1) the likelihood of risk;

2) the impact of risk on the parameters of the project.

The likelihood and impact of risk can be determined by qualitative estimates (such as very high, high, medium, low, very low).

However, in order for expert assessments to be comparable, they must be based on common scales and criteria. To do this, experts need to provide uniform scales and assessment principles.

Table 1 and Table 2 show examples of assessing the likelihood and impact of risk on a project.

Table 1 - Assessment of the likelihood of project risk

Risk probability,%	Qualitative characteristic	Assessment (rank)
1) Very small (less than 5%)	The event can happen in exceptional cases. The assumption is more theoretical than practical. In reality, such a risk did not happen.	0,01
2) Small (5-10%)	A rare event, but has already taken place (it happened once).	0,1
3) Medium (10-30%)	There is sufficient evidence to suggest the possibility of an event. The event happened 1-2 times on other projects.	0,2
4) High (30-60%)	The event is very likely. This happened a lot on previous projects. "More like" YES "than" NO "," 50 to 50 "and even more.	0,4
5) Very high (60-99%)	The event is likely to happen. There is almost certainty that this will happen.	0,8

Table 2 - Assessment of the impact of risk on the project

Index	Impact on the project
Very weak (rank 0.01)	Weak (rank 0.1)	Average (rank 0.2)	Strong (rank 0.4)	Very Strong (Rank 0.8)
1) Project objectives	Minor changes	Changes affected a small part	Most of the goals have been changed	Changes are not acceptable to the customer
2) Cost	Small increase in cost (up to 1%)	Increase in value by no more than 5%	Increase in cost by 5-10%	Increase in cost by 10-20%	Increase in value by more than 20%
3) Timing	Slight lag (up to 1%)	Lag up to 5%	Project backlog 5-10%	Project backlog 10-20%	Lagging more than 20%
4) Quality	Slight decrease in quality	A small part of the properties is affected	Decrease in quality requires customer approval	Decrease in quality is unacceptable for the customer	Continuing the project is pointless

Based on expert assessments, risk map project in the form probability / impact matrices(see figure 2).

The measure of risk (risk hazard) is calculated as the product of the probability indicator and the impact indicator.

Each cell of the matrix corresponds to a certain value of the risk hazard indicator.

Figure 2 - Project Risk Map (Probability / Impact Matrix)

All project risks are distributed across the cells of the matrix. The project manager gets a clear picture of the distribution of project risks by hazard level.

Risks with high probability and high impact require immediate response. Often such risks are unacceptable for the project, and a condition for the further implementation of the project is actions to minimize these risks.

Risks having negligible hazard(unlikely, having no particular impact on the project) can be excluded from further detailed study, limited to less costly response measures.

Levels dividing project risks into unacceptable, medium and insignificant (threshold levels of risk), are determined for each project individually, depending on the importance of the project for the customer and his willingness to take risks.

In addition to the main risk parameters (probability and impact), it is important to determine risk management capability.

Depending on the type of sources, risks are divided into manageable, partially managed and unmanaged.

If dangerous unmanageable risks are found in the project, then these risks must be discussed at the level of the customer and the investor.

The presence of dangerous unmanageable risks can cause the project to stop and close (see Figure 3).

Risk analysis requires reliable data. The use of inaccurate data with an incomplete understanding of the risk leads to an incorrect assessment. If there is no certainty about the quality of the initial data, additional assessment of the degree of understanding of the risks by experts and additional information may be required.

Based on the results of a qualitative risk analysis, you can proceed to the development risk response plan.

However, to calculate more accurate risk assessments and their impact on the project, a quantitative risk analysis.

Figure 3 - Algorithm for making a decision based on the analysis results

Quantitative analysis carried out in order definitions:

1) the likelihood of achieving the goals of the project, taking into account the complex impact of risks on the project;

2) realistic costs and timing of the project completion at a given level of risk;

3) the total amount of reserves that may be needed.

To implement the quantitative analysis procedure, it is proposed to use modeling methods and tools.

Modeling implies building project models, which reflects possible fluctuations in the parameters of the project tasks in their impact on the entire project.

To perform a quantitative risk assessment, it is usually required to collect additional (quantitative) information on risk parameters(for example, optimistic and pessimistic estimates of the parameters of work, the nature of the distribution of probabilistic estimates).

When conducting cost analysis risks, a hierarchical structure of work can be used as such a model. Network diagrams and tools are used to simulate the timing of the project, taking into account the risks. scheduling.

One of the simplest and most common methods for modeling a project with uncertainty in mind is the scheduling method. PERT (Program Evaluation and Review Technique)... When using the PERT method, the expected duration of project work is determined based on three expert estimates: optimistic, pessimistic and most probable. The calculation is carried out taking into account the weighting factors (see Figure 4).

As a result, the weighted average (most expected) duration of work with an aggregated level of risk is calculated.

Figure 4 - PERT scoring scheme

This allows the project manager to build several schedules for the project:

1) optimistic;

2) pessimistic;

3) the most probable;

4) expected PERT.

Thus, the PERT method allows you to determine expected duration project work based on three probabilistic time estimates:

1) optimistic assessment;

2) pessimistic assessment;

3) the most probable estimate.

The expected duration of the project is determined by the formula:

where OP- the expected duration of the project;

OO- optimistic assessment;

HBO- the most probable estimate;

ON- pessimistic assessment.

Risks of changes in the composition or logical structure of work are not considered in the PERT method.

More accurate modeling of the project taking into account risks is carried out using Monte Carlo method, which allows you to create and simulate many scenarios consistent with the given constraints of the initial variables.

The method allows for the fullest consideration of various types of uncertainties that a project may face.

In contrast to PERT methods, different forms of distribution of random variables (uniform, normal, triangular, beta distribution) can be specified in the model for various probabilistic estimates.

For each risk category, its own type of distribution function is selected, which characterizes the frequency of occurrence of each value of the variable from the domain of definition. The choice is made on the basis of statistical data or expert estimates. Determining the shape of the distribution for each random variable is one of the most difficult problems solved in modeling.

After determining the probabilistic estimates and their distribution functions for each work, the procedure is applied simulation Monte Carlo. In simulation calculations, the parameters of each job are randomly selected in accordance with the type of distribution and within the specified range.

As a result, the probabilistic values of the parameters characterizing the project as a whole are calculated (costs and timing of the main stages and the entire project). Conducting computational iterations is a fully computerized part of the method (the larger the number of runs, the higher the accuracy of the results).

Another type of quantitative analysis of project risks is sensitivity analysis, which allows you to identify the risks that have the greatest impact on the project. In this case, the impact of a change in one of the input parameters of the project on one of the performance parameters is calculated, while the other input parameters remain unchanged.

A fairly simple tool for making decisions on a project, taking into account probabilities is “ decision tree ". The construction of this tree helps to identify possible alternative ways of implementing the project. At the same time, the development of each option for the development of the project is accompanied by an assessment of risks and costs, which facilitates the decision-making process, since helps to identify the most profitable solution in relation to the cost and likelihood of a risk event. The calculation can be carried out taking into account the likelihood of one or more sequential events on the project. In addition to integral assessment the attractiveness of the project as a whole, the parameters of the effectiveness of each option are calculated.

The composition and hazard level of risks will change as the project progresses. At the beginning of a project, when the uncertainty is particularly high, the number of potential risk events and their likelihood are also high. But the potential damage from each risk event at the start of the project is relatively small.

As the project progresses, the level of uncertainty will decrease and the number of risk events will decrease. However, the magnitude of the potential damage from risks that may occur at later stages of the project will increase. This means that the project manager must perform a risk analysis and assessment several times during the course of the project.

Risks can be controlled, partially controlled or uncontrolled, depending on the reasons for their occurrence.

External risks, as a rule, cannot be completely controlled.

Internal risks can be partially or completely controlled.

Examples of external and internal risks are presented in table 3.

Table 3 - External and internal risks of the project (from the point of view of the possibility of control)

Risk type	Risk example
1) External unpredictable (uncontrollable my)	1.1) Unforeseen intervention states, change of regulation and introduction of special requirements in such areas as: - supply of raw materials; - ecology problems; - design and engineering standards; - production standards; - allocation of land plots; - sale (export) of services, products; pricing policy, etc.
1.2) Risks associated with natural and technogenic disasters: earthquakes; floods; hurricanes, etc.
1.3) Wrecking: riots; vandalism; sabotage, terrorist acts.
2) Externally predictable (partially controlled)	2.1) Marketing (market) risks: - unavailability or increase in the cost of raw materials; - changes in demand, including changes in customer / user requirements; - changes in requirements for customers / clients / users; - changes in the state of the economy; - increased competition; - loss of position in the market; - unwillingness of customers to adhere to procurement agreements.
2.2) Operational risks: - changing the goals of the investor / customer of the project; - impossibility of ensuring the required level of production by performers and partners; - Delays in terms and quality of deliveries.
2.3) Other risks: environmental impacts, social impacts, changes in the foreign exchange market, inflation, taxes, etc.
3) Internal, non-technical (partially controlled)	3.1) Management risks: - mismatch of personnel qualifications; - loss of controllability; - incompatibility of the goals of the project participants; - change of leading specialists;

	- absence or weak organizational structure; - lack or lack of instructions and procedures; - inadequate planning; - unrealistic terms; - lack of coordination of participants.
3.2) Production risks: - lack of performers; - low productivity of performers; - lack of materials; - unforeseen conditions of the project site; - accidents; - strikes.
3.3) Financial risks (associated with cash flow): - reduction in funding; - suspension of financing; - bankruptcy.
4) Internal technical (controlled)	4.1) Technological: - obsolescence and the need to replace part of the project technologies; - the complexity of the project as a result of the use of new technologies; - loss of quality due to a change in technology; - reduced performance and reliability.
4.2) Specific risks of the technology used in the project: - problems in integration with other project technologies; - problems in ensuring the operation of the product / system; - problems of implementation in operation.
4.3) Risks associated with the design: - inaccurate data; - lack of previous experience of the designer / contractor; - inadequacy of design; - the likelihood of changes during the implementation of the project; - the large scale and complexity of the project.
5) Internal legal / contract (controlled)	5.1) Legal: - licenses; - patent rights.
5.2) Contractual: - misinterpretation of the clauses of the contract; - misunderstanding of the contract; - errors in drawing up a contract.

Development of a risk response plan; monitoring and control of project risks

Based on the results of the risk analysis, a risk response plan .

Risk response planning- development of measures to ensure an overall increase in the likelihood of successful completion of the project by:

Minimizing the likelihood and mitigating the negative consequences of risk events (having a negative impact on the project);

Maximizing the likelihood and enhancing the positive consequences of risk events (having positive impact per project).

This process includes planning specific actions to reduce the impact of risks on the project, as well as the distribution of responsibility among the project participants for timely response to risk events.

The effectiveness of the developed response measures is determined by reducing the number of risks, reducing the severity of their consequences and increasing opportunities for more efficient project implementation.

The response planning strategy should be appropriate to the importance of the project, the level of risk, and take into account the cost-effectiveness of resources and time requirements.

Risk response plan contains a detailed description of responses to identified risks and may include the following sections and documents:

1) a list of project risks, their description, reasons and degree of risk impact on the project;

2) risk owners and distribution of responsibility;

3) results of qualitative and quantitative risk assessment;

4) the level of risks (likelihood of occurrence and impact) that is expected to be achieved as a result of the application of response measures;

5) how to respond (avoid, transfer, minimize or accept) for each risk;

6) specific actions in the implementation of the selected response method;

7) budget and response time;

8) an adverse event plan, a neutralization plan, an anti-crisis plan.

In addition to the response plan in progress developing responses the following can be obtained results:

1) List of residual risks(which remain after avoiding, transferring or minimizing risks).

These may be minor risks for which no response plans have been developed. It is usually required to provide additional provisions, taking into account the number of residual risks;

2) Secondary risks, arising as a result of the application of measures to respond to previously identified risks.

Secondary risks must also be identified and require the development of response measures;

3) Additions to contracts, agreements stipulating liability for risks.

Risks can be significantly reduced by involving external organizations in the project or by insuring risks;

4) Reserve stocks for contingencies - these are reserves in case of exceeding previously defined risk indicators and unforeseen risks.

Key ways to respond to risks include:

1) for risks with negative consequences:

Avoiding risks;

Transfer of risks;

Minimization of risks;

Risk taking;

2) for risks with positive consequences:

Usage;

Separation with partners;

Gain;

Adoption.

Let's consider in more detail ways to respond to risks with negative consequences(see figure 5).

Avoiding risk involves changing the project plan and taking actions to completely eliminate the source of risk or the risk itself.

Some reasons for the emergence of risks at the initial stages of a project can be eliminated by changing the requirements for the project, obtaining additional information, changing technical solutions, developing new methods, and attracting experts.

Passive risk avoidance is associated with the rejection of the most risky goals and parts of the project, from the use of new technologies. Passive risk avoidance can lead to a decrease in the effectiveness of the project as a whole.

Figure 5 - Methods of responding to risks

Minimizing risk implies reducing the likelihood of occurrence and the degree of impact of the risk on the project to acceptable limits.

It is possible to reduce the likelihood of risk occurrence as a result of additional research, staff training, the use of various financial instruments and management decisions.

In addition to minimizing the likelihood of risks arising, attempts are made to reduce the impact they have by changing the project plan and using reserves.

If possible, risks and measures for their response can be shifted to third parties.

Risk transfer does not allow to completely avoid their impact, it only shifts responsibility for risks to other project participants.

The transfer of risks to a third party, as a rule, is accompanied by additional payments associated with the transfer of obligations, powers and guarantees.

In a situation where project participants cannot ensure the implementation of the project when some risk events occur, it is effective risk insurance.

Legislation allows you to insure:

Buildings, equipment;

Production capacity;

Staff;

The onset of some events, etc.

Contributions for insurance of business risks can be included in the cost of production within a certain limit.

In addition to transferring financial responsibility for risk to insurance company Maybe distribution (transfer) of risks between project participants. The distribution of risks between the participants occurs when the contracts are signed.

The transfer of responsibility for risk to another participant is usually accompanied by a corresponding redistribution of benefits (payment for work, profit) of the project in favor of the owner of the risk.

Responsibility for risk is most effectively transferred to those project participants who have the ability to most clearly, efficiently and effectively manage these risks.

Risk taking is used due to the impossibility or unreasonableness of the application of any other response measures.

In this case, a decision is made not to change the project plan in advance, but to develop a response plan in the event of a risk occurrence, the appearance of risk symptoms, or a plan to mitigate the consequences of the risk. In this case, all response measures are carried out after the occurrence of a risk or after the appearance of signs of risk.

Neutralization plan risks - one of the tools to minimize the impact of the risks that have occurred, determining the reserve of time and other resources in the event of a risk.

Anti-crisis plan is developed in the event that the identified risks have a too significant impact on the results of the project or if the chosen strategy does not allow us to be 100% sure that it is effective. This plan may involve changing the goals or strategy of the project.

In the case of choosing the option of accepting risk as a method of response, it becomes necessary reserve funds on measures to respond to the consequences of risks. Some Western and Russian sources indicate the possibility of reserve from 7% to 15% of the project funds for possible risks and overcoming their consequences.

Redundancy Algorithm includes the following steps:

1) assessment of the consequences of the occurrence of a risk event;

2) determination of the structure of the reserve to cover the consequences of a risk event;

3) allocation of funds;

4) control over the use of the formed reserve.

Now let's look at the process monitoring and control of risks project.

Monitoring and control of risks are carried out throughout the project and include monitoring the status of identified risks and identifying new risks, as well as ensuring that the risk management plan is implemented and evaluating its effectiveness.

In the process risk monitoring define the following:

1) Are appropriate risk management procedures followed?

2) Was the risk response carried out as planned?

3) Are the risk response measures effective enough, is there a need to develop new measures?

4) Are the previous assumptions correct?

5) Are there any symptoms of risks?

6) Has the impact of risks on the project changed compared to the forecast, what is the trend of change?

7) Is it not necessary to change the risk response plans in accordance with the new information that has appeared?

To implement procedures monitoring and control it is proposed to use the following tools:

1) audit of project risk response measures - checking and documenting the effectiveness of response measures and actions of risk owners;

2) periodic review of project risks - re-identification and assessment of risks to identify remaining and newly emerging risks;

3) planning additional response measures - may be required if the originally planned response is ineffective.

Control and monitoring of risks may entail the choice of alternative measures to respond to risks, the implementation of corrective actions, and re-planning of the project.

Risk monitoring and control results there may be the following:

1) Reworked Risk Response Plan(in case of emergence of new risks, which should be documented and “tied” to the project plan and risk response plan);

2) Corrective action, carried out in accordance with the plan, in case of unforeseen circumstances or in accordance with the revised risk response plan;

3) Change requests(the need to make changes to the project plan and other documents in the process of project implementation);

4) Risk Response Plan Implementation Report(the risks encountered and the response measures should be documented

designed and evaluated; unrealized risks should be documented, but they can be excluded from the risk response plan);

5) Risk databases(in the process of project risk management, information is collected, accumulated and analyzed; the created risk database can be further used in the implementation of other projects);

6) Updating questionnaires(the generated questionnaires containing information on the typical risks of the project should be updated based on the results of the project and can be used in managing the risks of other projects).

Project Risk Management

1. Concept and essence of project risks

When analyzing production investments, the problem of uncertainty of costs, returns, measurement of risk and its impact on investment results arises. It is necessary to distinguish between the concepts of "risk" and "uncertainty".

Uncertainty assumes the presence of factors in which the results of an action are not deterministic, and the degree of possible influence of these factors on the results is unknown; it is incomplete or inaccurate information about the conditions for the implementation of the project. Uncertainties are classified as external and internal. External factors - legislation, market reaction to manufactured products, actions of competitors; internal - the competence of the personnel of the enterprise, the erroneous definition of the characteristics of the project, etc.

Risk is a potential, numerically measurable opportunity for loss. Project risk is the degree of risk to the successful implementation of the project. The concept of risk is characterized by the uncertainty associated with the possibility of adverse situations and consequences arising during the implementation of the project, while the cases of objective and subjective probabilities are distinguished.

You should also not confuse the concepts of "uncertainty" and "randomness". The concept of "randomness" is narrower, it is used when there are large statistics and for each of the possible combinations of costs and results of the project, the probabilities of their implementation are determined. The concept of "uncertainty" is broader, in addition to "probabilistic", there may be other types of uncertainty. Risk occurs when an action can lead to several mutually exclusive outcomes with a known distribution of their probabilities. If such a distribution is unknown, then the corresponding situation is considered as uncertainty.

Uncertainty is not the absence of any information about the conditions for the implementation of the project, but the incompleteness and inaccuracy of the available information. Uncertainties must be taken into account when preparing the initial information for the development of the project, when assessing the results of its implementation, when adjusting the implementation based on incoming new information.

The basis of the risk of real investment of an enterprise is formed by the so-called project risks, i.e. risks associated with the implementation of real investment projects of the enterprise. In the system of indicators for evaluating such projects, the level of risk ranks third in importance, complementing such indicators as the volume of investment costs and the level of net investment profit (net cash flow).

The risk of a real investment project (project risk) is understood as the likelihood of adverse financial consequences in the form of loss of expected income in situations of uncertainty in its implementation.

The risk of a real investment project is one of the most complex concepts associated with the investment activities of an enterprise. This risk has the following main features:

Integrated character. The risk of a real investment project is a cumulative concept that integrates numerous types of specific investment risks. Only on the basis of an assessment of these specific types of risk can the aggregate level of risk of an investment project be determined.

Objectivity of manifestation. Project risk is an objective phenomenon in the functioning of any enterprise that makes real investment. It accompanies the implementation of almost all types of real investment projects, in whatever form they are carried out. Although a number of parameters of project risk depend on subjective management decisions reflected in the process of preparing specific real investment projects, its objective nature remains unchanged.

The difference in the specific structure at different stages of the implementation of a real investment project. Each stage of the process of implementing a real investment project, as a rule, has its own specific types of project risks. Therefore, the assessment of the aggregate level of project risk is usually carried out at individual stages of the investment process.

High level connection with commercial risk. Investment income for a completed project is formed, as a rule, in the post-investment phase, i.e. in the course of the company's operating activities. Accordingly, the formation of a positive cash flow for the investment project occurs directly in the area commodity market, i.e. directly related to the efficiency and risk of the business of the enterprise. This determines the high degree of interconnection of project risk with the commercial risk of the enterprise.

High dependence on the duration of the project life cycle, the time factor has a significant impact on the overall level of project risk, determining various uncertainties of the consequences. For short-term investment projects, the determinability of external and internal factors allows you to select the parameters of their implementation that generate the lowest level of risk. At the same time, for long-term investment projects, the non-determinism of many factors and, accordingly, the uncertainty of the results of their implementation increases. The dependence of the overall level of project risk on the duration of the project life cycle is direct.

High level of risk level variability for similar projects. The level of project risk inherent in the implementation of even the same type of real investment projects of the same enterprise is not constant. It varies significantly under the influence of numerous objective and subjective factors that are in constant dynamics. Therefore, each real investment project requires an individual assessment of the level of risk in the specific conditions of its implementation.

Lack of sufficient information base to assess the level of risk. The uniqueness of the parameters of each real investment project and the conditions for its implementation does not allow the company to generate a sufficient amount of information that allows the use of economic-statistical, analogue and some other methods for assessing the level of project risk in a wide range. The search for the necessary information to calculate this indicator is associated with the implementation of additional financial costs for the preparation and evaluation of alternative real investment projects.

Lack of reliable market indicators used to assess the level of risk. If, in the process of financial investment, an enterprise can use a system of stock market indicators (such indicators are developed in each country and their dynamics are reflected for a rather long period), there are no such indicators for segments of the investment market associated with real investment. This reduces the ability to assess market factors in calculating the level of project risks.

The subjectivity of the assessment. Despite the objective nature of project risk as an economic phenomenon, its main estimated indicator - the level of risk - is subjective. This subjectivity, i.e. the unequal assessment of this objective phenomenon at specific enterprises is determined by the difference in the completeness and reliability of the information base used, the qualifications of investment managers, their experience in the field of risk management and other factors.

Thus, investments in any project are associated with a certain risk, which is reflected in the value of the interest rate: the project may fail, i.e. be unfulfilled, ineffective, or less effective than expected. The risk is associated with the fact that the income from the project is a random rather than a deterministic value (i.e., unknown at the time of making a decision to invest), as well as the amount of losses. When analyzing an investment project, one should take into account risk factors, identify as many types of risk as possible and try to minimize the overall risk of the project.

2. Classification of project risks

1.Negative (loss, damage, loss).

2. Zero.

.Positive (gain, benefit, profit).

Depending on the event, risks can be divided into two large groups: pure and speculative. Net risk means getting a negative or zero result. Speculative risks mean both positive and negative outcomes.

The risks accompanying investment activities form an extensive portfolio of enterprise risks, which is defined by the general concept - investment risk. It seems possible to propose the following classification of investment risks (Fig. 1.):

Figure 1. - Classification of investment risks

The subject of the analysis of this work is the investment project risk (the risk associated with the implementation of a real investment project) associated with investing in innovative activities, which can be defined as the likelihood of adverse financial consequences in the form of loss of all or part of the expected investment income from the implementation of a specific innovative project in a situation of uncertainty of the conditions for its implementation.

The project risks of the enterprise are characterized by a great variety and, in order to effectively manage them, are classified according to the following main features:

By types. This classification feature of project risks is the main parameter of their differentiation in the management process. Characteristics of a specific type of risk at the same time gives an idea of the factor that generates it, which makes it possible to “tie” the assessment of the degree of probability of occurrence and possible financial losses for this type of project risk to the dynamics of the corresponding factor. The species diversity of project risks in their classification system is presented in the widest range. It should be noted that the emergence of new design and construction technologies, the use of new investment goods and other innovative factors will, accordingly, generate new types of project risks. In modern conditions, the main types of project risks include the following:

· The risk of a decrease in financial stability (or the risk of upsetting the balance of financial development) of an enterprise. This risk is generated by the imperfection of the structure of the invested capital (an excessive share of used borrowed funds), which generates an imbalance in the positive and negative cash flows of the enterprise for the projects being implemented. In the composition of project risks in terms of the degree of danger (generating a threat of bankruptcy of an enterprise), this type of risk plays a leading role.

· The risk of insolvency (or the risk of unbalanced liquidity) of the enterprise. This risk is generated by a decrease in the level of liquidity of current assets, giving rise to an imbalance in the positive and negative cash flows for the investment project over time. In terms of its financial implications, this type of risk is also one of the most dangerous.

· Design risk. This risk is generated by the imperfection of the preparation of the business plan and design work for the object of the proposed investment, associated with a lack of information about the external investment environment, an incorrect assessment of the parameters of the internal investment potential, the use of outdated equipment and technology, which affects the indicators of its future profitability.

· Construction risk. This risk is generated by the selection of insufficiently qualified contractors, the use of outdated construction technologies and materials, as well as other reasons causing a significant excess of the stipulated terms of construction and installation works on the investment project.

· Marketing Risk. It characterizes the possibility of a significant reduction in the volume of sales of products provided for by the investment project, the price level and other factors leading to a decrease in operating income and profit at the stage of project operation.

· Project financing risk. This type of risk is associated with an insufficient total volume of investment resources from individual sources; an increase in the weighted average cost of capital attracted for investment; imperfection of the structure of sources of formation of borrowed funds.

· Inflationary risk. In an inflationary economy, it stands out as an independent type of project risk. This type of risk is characterized by the possibility of devaluation of the real cost of capital, as well as the expected income from the implementation of an investment project in an inflationary environment. Since this type of risk in modern conditions is permanent and accompanies almost all financial transactions for the implementation of a real investment project of an enterprise, constant attention is paid to it in investment management.

· Interest rate risk. It consists in an unforeseen increase in the interest rate in the financial market, leading to a decrease in the level of the project's net profit. The cause of this type financial risk(if we eliminate the previously considered inflationary component) is a change in the investment market environment under the influence of government regulation, an increase or decrease in the supply of free money resources and other factors.

· Tax risk. This type of project risk has a number of manifestations: the likelihood of introducing new types of taxes and fees for the implementation of certain aspects of investment activities; the possibility of increasing the level of rates of existing taxes and fees; changing the terms and conditions for making certain tax payments; the likelihood of the cancellation of the existing tax benefits in the field of real investment of the enterprise. Being unpredictable for the enterprise (as evidenced by the modern domestic fiscal policy), it has a significant impact on the results of the project.

· Structural operational risk. This type of risk is generated by ineffective financing of current costs at the stage of project operation, which causes a high proportion of fixed costs in their total amount. A high operating leverage ratio in the event of unfavorable changes in the commodity market and a decrease in the gross volume of positive cash flow from operating activities generates a significantly higher rate of decrease in the amount of net cash flow under the investment project.

· Criminal risk. In the field of investment activities of enterprises, it manifests itself in the form of a fictitious bankruptcy declaration by its partners, forgery of documents that ensure the misappropriation of monetary and other assets related to the implementation of a project by third parties, theft of certain types of assets by their own personnel, and others. Significant financial losses incurred by enterprises in this regard the present stage when implementing an investment project, they determine the allocation of crime risk into an independent type of project risk.

· Other types of risks. The group of other project risks is quite extensive; in terms of the likelihood of occurrence or the level of financial losses, it is not as significant for enterprises as those discussed above. These include the risks of natural disasters and other similar "force majeure risks", which can lead not only to the loss of the foreseen income, but also to a part of the company's assets (fixed assets, inventories), the risk of untimely settlement and cash transactions when financing of the project (associated with an unsuccessful choice of a servicing commercial bank) and others.

According to the stages of project implementation, the following groups of project risks are distinguished:

· Project risks of the pre-investment stage. These risks are associated with the choice of an investment idea, the preparation of business plans, recommended for the use of investment goods, the validity of the assessment of the main performance indicators of the project.

· Project risks of the investment stage. This group includes the risks of untimely implementation of construction and installation works on the project, ineffective control over the quality of these works; ineffective project financing by stages of its construction; low resource support of the work performed.

· Design work of the post-investment (operational) stage. This group of risks is associated with untimely production output at the intended design capacity, insufficient provision of production with the necessary raw materials and materials, irregular supply of raw materials and materials, low qualification of operating personnel; shortcomings in marketing policy, etc.

According to the complexity of the study, the following groups of risks are distinguished:

· Simple project risk. It characterizes the type of project risk, which is not subdivided into its individual subspecies. An example of a simple project risk is inflationary risk.

· Complex financial risk. It characterizes the type of project risk, which consists of a complex of its subspecies under consideration. An example of a complex project risk is the investment phase risk of a project.

According to the sources of occurrence, the following groups of project risks are distinguished:

· External, systematic or market risk (all of these terms define this risk as independent of the activities of the enterprise). This type of risk is typical for all participants in investment activities and all types of real investment transactions. It occurs when individual stages of the economic cycle change, changes in the investment market conditions and in a number of other similar cases that the enterprise cannot influence in the course of its activities. This group of risks can include inflation risk, interest rate risk, tax risk.

· Internal, non-systematic or specific risk (all terms define this project risk as dependent on the activities of a particular enterprise). It can be associated with unskilled investment management, ineffective structure of assets and capital, excessive adherence to risky (aggressive) investment operations with a high rate of return, underestimation of economic partners and other similar factors, the negative consequences of which can be largely prevented through effective project management. risks.

The division of project risks into systematic and non-systematic is one of the important prerequisites for the theory of risk management.

According to the financial consequences, all risks are divided into the following groups:

· A risk that only entails economic losses. With this type of risk, the financial consequences can only be negative (loss of income or capital).

· Lost profit risk. It characterizes a situation when an enterprise, due to the existing objective and subjective reasons, cannot carry out the planned investment operation (for example, if the credit rating is downgraded, the enterprise cannot receive the necessary credit to form investment resources).

· The risk entailing both economic losses and additional income. In the economic literature, this type of financial risk is often called “speculative”, since it is associated with the implementation of speculative (aggressive) investment operations (for example, the risk of realizing an investment project, the profitability of which at the operational stage may be lower or higher than the calculated level).

By the nature of the manifestation in time, two groups of project risks are distinguished:

· Permanent project risk. It is typical for the entire period of the investment operation and is associated with the action of constant factors. An example of such investment risk is interest rate risk.

· Temporary project risk. It characterizes the risk of a permanent nature that arises only at certain stages of the implementation of an investment project. An example of this type of financial risk is the risk of insolvency of an efficiently functioning enterprise.

By the level of financial losses, project risks are divided into the following groups:

· Design risk tolerance. It characterizes the risk, financial losses for which do not exceed the estimated amount of profit on the investment project being implemented.

· Critical design risk. It characterizes the risk, financial losses for which do not exceed the estimated amount of gross income for the investment project being implemented.

· Catastrophic project risk. It characterizes the risk, financial losses for which are determined by partial or complete loss equity capital(this type of risk may be accompanied by the loss of borrowed capital).

Whenever possible, project risks are divided into the following two groups:

· Predicted project risk. It characterizes those types of risks that are associated with the cyclical development of the economy, changing stages of the financial market conjuncture, predictable development of competition, etc. The predictability of project risks is relative, since forecasting with a 100% result excludes the phenomenon under consideration from the risk category. An example of predicted project risks are inflation risk, interest rate risk and some of their other types (of course, we are talking about predicting risk in the short term).

· Unpredictable project risk. It characterizes the types of project risks, characterized by complete unpredictability of manifestation. An example of such risks are the risks of a force majeure group, tax risk and some others.

According to this classification criterion, project risks are also subdivided into regulated and unregulated within the enterprise.

Whenever possible insurance, project risks are also divided into two groups:

· Insured project risk. These include risks that can be transferred through external insurance to the relevant insurance organizations (in accordance with the nomenclature of project risks that they accept for insurance).

· Uninsured project risk. These include those types for which there is no supply of relevant insurance products in the insurance market.

It should be noted that the given classifications cannot be comprehensive. They are determined by the goal formulated by the classification feature. Draw a clear line between separate types project risks are difficult enough. A number of risks are interrelated (these risks are correlated), changes in one of them cause changes in the other. In such cases, the analyst should use common sense and his own understanding of the problem.

3. Analysis and assessment of project risks

Risk analysis (in investment design) is a process of studying the external and internal environment of the investment process, carried out in order to identify risks, assess their parameters, as well as predict the state of an enterprise operating under risk conditions, after a certain point in time by assessing key performance indicators as random quantities. The results of the analysis are used to make decisions and to develop measures to protect against possible losses.

The analysis of project risks can be divided into two mutually complementary types: qualitative and quantitative.

Qualitative analysis can be relatively simple, its main task is to determine risk factors, stages of work, during which the risk arises, i.e. identify potential areas of risk, and then identify all possible risks.

Qualitative analysis implies the identification of risks inherent in the project, their description and grouping. Usually, specific risks are identified that are directly related to the implementation of the project (project), as well as force majeure, managerial, legal. For the convenience of further tracking, project risks should be taken into account in stages: initial (pre-investment), investment (construction) and operational. The result of the stage of qualitative risk analysis should be a risk map of the project.

The description of risks at the stage of qualitative analysis does not provide information about possible losses or their probability; it serves as the basis for a quantitative risk analysis.

There are the following methods for qualitative risk analysis:

· method of expert assessments - a set of procedures aimed at identifying, ranking and qualitatively assessing the likely risks of the project based on the expert opinions of people with significant experience in project activities;

· SWOT analysis - allows you to visually contrast the strengths and weaknesses of the project, its opportunities and threats based on a qualitative risk assessment;

· spiral (“rose”) of risks - illustrated ranking of risks based on qualitative assessments of risk factors;

· analogy method or conservative forecasts - a study of the accumulated experience on projects in order to calculate the probabilities of losses.

It is necessary to note one important specific feature of the qualitative analysis of project risks, consisting in its quantitative result: the process of conducting a qualitative analysis of project risks must include not only a purely descriptive, "inventory" aspect of determining certain specific types of risks of a given project, identifying possible causes of the occurrence, analysis of the expected consequences of their implementation and proposals for minimizing the identified risks, but also the cost estimate of all these measures that minimize the risk of a specific project.

Conducting a quantitative analysis of project risks is a continuation of a qualitative study and assumes the presence of a certain basic option (expected profitability, calculations of project cash flows, equipment operation time, etc.), which may change as a result of the implementation of each of the noted risks. The task of quantitative analysis is to numerically measure the degree of influence of the project's risky factors on the behavior of the efficiency criteria of the entire investment project. Thus, a quantitative risk assessment is a numerical determination of the impact of individual project risks.

The quantitative risk analysis process includes the following stages:

· creation of a forecast model;

· definition of risk variables;

· determining the probability distribution of the selected variables and determining the range of possible values for each of them;

· establishing the presence or absence of correlations among risk variables;

· model runs (determination of the characteristics of the resulting variables as random variables);

· analysis of results (construction of risk levels).

Risk variables are variables that are critical to the viability of the project, i.e. even small deviations from its intended value negatively affect the project. Sensitivity and uncertainty analyzes are used to select variables. Sensitivity analysis measures the reaction of project results to changes in a particular project variable. The disadvantage of this analysis is that it does not take into account the realistic or unrealistic expected changes in the value of the analyzed variables. For the results obtained from the sensitivity analysis to be meaningful, the effect of the uncertainty surrounding the variables being tested should be considered.

For example, a small variance in the purchase price of a certain type of equipment per year Xis very important to the revenue from the project, but the likelihood of this deviation may be small if the supplier is bound by certain terms of the contract. Therefore, the risk associated with this variable is negligible.

To assess the degree of acceptability of the project risk, risk zones should be identified depending on the expected amount of losses.

Table 1. Characteristics of risk areas

Project risk zone Characteristic Risk-free zone Guaranteed financial result in the amount of the estimated profit zone Acceptable risk zone Possible financial losses in the amount of the estimated profit zone Critical risk zone Possible financial losses in the amount of the estimated income zone Catastrophic risk Possible financial losses in the amount of equity capital

The assumptions made are, to a certain extent, controversial and not always true for all types of risks, but in general they fairly accurately reflect the most general patterns of changes in project risk and make it possible to construct a probability distribution curve for profit losses, which is called a risk curve (Fig. 1.4).

The main thing in the quantitative assessment of project risk is the possibility of constructing a risk curve and determining the zones and indicators of permissible, critical and catastrophic risks.

Figure 2. - Risk curve

Currently, the following methods of risk analysis are most common:

1) statistical;

2)expert assessments;

)sensitivity analysis;

)assessing financial stability and solvency;

)assessing the feasibility of costs;

)analysis of the consequences of risk accumulations;

)method of using analogs;

)combined method.

The statistical method consists in studying the statistics of losses and profits that took place at a given or a similar enterprise, in order to determine the probability of an event, to establish the magnitude of the risk. Probability means the possibility of getting a certain result. For example, the probability of successfully promoting a new product on the market within a year is 3/4, and failure is 1/4. The magnitude, or degree of risk, is measured by two indicators: the average expected value and the variability (variability) of the possible outcome. The average expected value is related to the uncertainty of the situation. It is expressed as a weighted average of all possible outcomes E (x)where the probability of each outcome is BUTis used as a frequency, or weight, corresponding to a value NS.

Probabilistic risk assessment is mathematically sufficiently developed, but relying only on mathematical calculations in the analysis of project risks is not always sufficient, since the accuracy of calculations largely depends on the initial information.

The method of expert assessments differs from the statistical one only in the method of collecting information to construct the risk curve. This method assumes the collection and study of estimates made by various specialists ( of this enterprise) concerning the likelihood of occurrence of different levels of losses. An expert assessment is an expert opinion on a specific issue identified using a special method.

A variation of the expert method is the Delphi method. It is characterized by anonymity and controlled feedback. The anonymity of the commission members is ensured by physically separating them, which prevents them from discussing the answers to the questions posed. The purpose of such a division is to avoid the "traps" of group decision-making, the dominance of the leader's opinion. After processing the result through controlled feedback, the generalized result is reported to each member of the commission. The main purpose of such an action is to allow one to get acquainted with the assessments of other members of the commission, without being subjected to pressure due to knowing who exactly gave this or that assessment. After that, the assessment can be repeated.

A project sensitivity analysis consists of the following steps:

· selection of a key indicator, against which the sensitivity is assessed (net present value NPV, internal rate of return IRR etc.);

· choice of factors (inflation rate, state of the economy, etc.);

· calculation of the values of the key indicator at different stages of the project (purchase of raw materials, production, sale, transportation, capital construction, etc.);

Sensitivity analysis is based on a sequential unit change of variables tested for riskiness. At each step, only one of the variables changes its value by the predicted number of percent (± 5%, ± 10%, ± 15%, etc.), which leads to the recalculation of the final values for the project. The sequences of costs and receipts of financial resources formed in this way make it possible to determine the flows of funds of funds for each moment (or period of time), i.e. define performance indicators. Diagrams are built, reflecting the dependence of the selected resulting indicators on the value of the initial parameters. Comparing the resulting diagrams with each other, it is possible to determine the so-called key indicators that most affect the assessment of the project's profitability.

Sensitivity analysis involves the following procedures:

1)Form a model of project justification in the form of a set of budgets using MS Excel, Project Expertany other specialized software.

2)Consider a model such as a "black box", a system at the input of which the initial data of the project (for example, the price of the product, the volume of expected sales, the discount rate, the rate on loans, the assumed inflation rate, etc.) are supplied, at the output " black box "" remove "only one parameter. Most often they are the meaning NPV

)The project rationale is calculated several times using the generated model for different values of the initial data. In this case, the set of initial data is formed as follows: all parameters of the initial data, except one, are left constant unchanged, one parameter is considered variable, generating several of its values (usually five) with a certain step of relative changes. Changes, for example, can be: - 20%; - 10%; 0%; + 10%; + 20%. The model is calculated several times for various changes in the variable parameter.

)Calculate the relative growth rate of the obtained values of the net present value in relation to NPVthe basic version.

)The obtained values of the specific growth are compared NPVwith a specific increase in the variable parameter.

)The procedure set out in paragraphs. 3-5 are repeated for other initial parameters, taking each of them separately as variables and fixing the others.

One of the disadvantages of sensitivity analysis is the premise that each input parameter changes independently of the others. Scenario analysis helps to correct this situation when a group of interdependent indicators changes at once.

Sensitivity analysis has a serious flaw - it is not comprehensive and does not specify the likelihood of alternative projects being implemented. The sensitivity analysis of an investment project is based on an analysis of changes in one factor, which is a significant limitation of this method. Overcoming this problem is carried out within the framework of the statistical test method and the scenario method, which are the development of the sensitivity analysis technique.

Analogy method. When analyzing the risk of a new project, data on the impact of adverse risk factors on other projects can be very useful. When using analogs, databases on the risk of similar projects, research work of design and survey institutions, and interviews with project managers are used. The data obtained in this way is processed to identify dependencies in completed projects in order to take into account the potential risk when implementing new projects.

Some caution should be exercised when using the analogy method. Even in the most correct and well-known cases of unsuccessful completion of projects, it is very difficult to create the prerequisites for future analysis, i.e. prepare an exhaustive and realistic set of possible scenarios for project failures. The fact is that for most of the negative consequences, certain features are characteristic.

Simulation modeling (Monte Carlo method). Recently, the method of statistical testing - the Monte Carlo method - has become popular. Simulation modeling is a targeted series of multivariate studies performed on a computer using mathematical models. This direction corresponds to the main idea of systems analysis - a combination of human capabilities as a bearer of values, a generator of ideas for making decisions with formal methods that provide the possibility of using computers. Its advantage is the ability to analyze and evaluate various "scenarios" of project implementation and take into account different risk factors within one approach. Different types of projects have different vulnerabilities from the side of risks, which is revealed during modeling.

These parameters are used in simulation modeling, the algorithm of which can be presented in the form of the following sequence of steps:

1)As in the previous case, a project justification model is formed in the form of a set of budgets using Project Expertor other specialized software.

2)Similarly to the corresponding step in the sensitivity analysis algorithm for simulation modeling, a model such as a "black box" is also considered, a system into which the initial data of the project are supplied (for example, the price of a product, the volume of estimated sales, the discount rate, the rate on loans, the estimated level inflation, etc.). At the exit of the black box, only one parameter is “removed”. Most often they are the meaning NPV, which generates a project with such initial data.

)A variable factor is selected and, if necessary, the rest are fixed, but unlike the previous method, half of the model is calculated as follows. The model is "bombarded" with random numbers with a distribution law characteristic of the behavior of the initial variable parameter for the rest of the fixed values. Series of random numbers can be sequences of several thousand or even tens of thousands of values simulating a change in a variable parameter, while in the sensitivity analysis such a series consisted of only five values.

)The resulting values of the resulting parameter are processed (for example, NPV) in order to determine the characteristics of the behavior of the resulting quantity. The asymmetry and kurtosis of the resulting parameter is determined.

)The corresponding laws of behavior of the initial parameters are compared with the law of behavior of the resulting quantity. Changes in the parameters of the distribution of the resulting parameter in relation to the parameters of the behavior of the initial factor will indicate the significance, level of risk and the tendency to change the resulting parameter of the project.

)Appropriate conclusions are drawn and a risk factor management plan is drawn up.

The disadvantage of this method is that it uses probabilistic characteristics for assessments and conclusions, which is not very convenient for direct application and does not satisfy project managers. However, despite the indicated disadvantages, this method makes it possible to identify the risk associated with those projects for which the decision will not change. It should be noted that, in general, this method is quite laborious, because it provides for the cyclical repetition of the same calculations on the model many thousands of times in the process of substituting a series of random numbers as input data, due to which the method received its second name - the Monte method. Carlo. Practice shows that the use of Monte Carlo simulation is justified, first of all, for large and expensive projects.

Scenario method. Scenario methods include the following steps:

· a description of the entire set of possible conditions for the implementation of the project in the form of appropriate scenarios or models that take into account the system of restrictions on the values of the main technical, economic, etc. project parameters;

· transformation of the initial information about uncertainty factors into information about the probabilities of individual conditions of implementation and the corresponding performance indicators or about the intervals of their change;

· determination of performance indicators of the project as a whole, taking into account the uncertainty of the conditions for its implementation.

As a result of the analysis of the scenarios, the impact on the indicators of the economic efficiency of the investment project of the simultaneous change in all other variables of the project, characterizing its cash flows, is determined. The advantage of this method is that the deviations of the parameters are calculated taking into account their interdependencies (correlations).

When building models, it is necessary to actively engage in the collection and formalization of expert assessments, especially in relation to production and technological risks. The main advantage of using expert assessments is the ability to use the experience of experts in the process of project analysis and taking into account the influence of various qualitative factors.

As a result, it is advisable to build at least three scenarios: pessimistic, optimistic, and the most probable (realistic or average). The main problem in the practical use of the scenario approach is the need to build a model of an investment project and identify the relationship between the variables.

The disadvantages of the scenario approach include:

· the need for significant qualitative research of the project model, i.e. creation of several models corresponding to each scenario, including extensive preparatory work for the selection and analytical processing of information;

· insufficient uncertainty, blurring of the boundaries of scenarios. The correctness of their construction depends on the quality of the construction of the model and the initial information, which significantly reduces their predictive value. When constructing estimates of the values of variables for each scenario, a certain voluntarism is allowed;

· the effect of a limited number of possible combinations of variables in that the number of scenarios to be worked out in detail is limited, as well as the number of variables to be varied, otherwise an excessive amount of information may be obtained, the predictive power and practical value of which is greatly reduced.

Scenario the method of examination of project risks has following features which can be considered as its advantages:

· taking into account the relationship between variables and the influence of this relationship on the values of integral indicators;

· construction of various options for the implementation of the project;

In conclusion, it should be noted that the choice of specific methods for assessing the risks of real investment is determined by a number of factors:

1.The type of investment risk.

2.The completeness and reliability of the information base formed to assess the level of probability of various investment risks.

.The qualification level of the investment managers performing the appraisal.

.The technical and software equipment of investment managers, the ability to use modern computer technologies for such an assessment.

.The ability to attract qualified experts, etc. to the assessment of complex investment risks.

4. Methods to reduce project risks

Understanding the nature of project risk and its quantitative assessment does not always allow for effective management of real investments. In this case, the methods and methods of direct impact on the level of risk with the aim of minimizing it, increasing the safety and financial stability of the design company are of particular importance.

Actions to reduce project risk are carried out in two directions:

1.Avoiding the appearance of possible risks.

2.Reducing exposure to risk.

The first is to try to avoid any possible risk for the firm. The decision to refuse risk can be made at the decision-making stage, as well as by giving up some type of activity in which the company is already involved. Avoiding the emergence of possible risks includes refusal to use high volumes of borrowed capital (avoiding financial risk is achieved), refusal from excessive use of investment assets in low-liquid forms (avoiding the risk of a decrease in liquidity). This direction of reducing the level of project risk is the simplest and most radical. It allows you to completely avoid possible losses, but also does not provide an opportunity to get the amount of profit that is associated with risky activities.

In order to reduce the impact of risks, there are two ways:

1.Take measures to ensure the fulfillment of contractual obligations at the stage of conclusion of contracts.

2.Exercise control over management decisions in the process of project implementation.

On the first path, there are several options:

·insurance;

· security (in the case of a loan agreement) in the form of a pledge, guarantee, surety, forfeit or retention of the debtor's property;

· stepwise unbundling of the project appropriation approval process;

· diversification of investments.

Variants of management decisions in order to reduce project risk can be carried out by the following methods:

1.Reserve funds to cover unforeseen expenses.

2.Loan restructuring.

Let's look at some of the ways to mitigate project risk.

One of the most important ways to reduce project risk is diversification, for example, the distribution of enterprise efforts among activities, the results of which are not directly related to each other. Any investment decision associated with a specific project requires the person making this decision to consider the project in conjunction with other projects and with the existing activities of the enterprise. To reduce the risk, it is desirable to plan the production of such goods and services, the demand for which changes in opposite directions.

The distribution of project risk among project participants is effective way its reduction, it is based on partial transfer of risks to partners in individual investment situations. At the same time, it is most logical to make responsible the participant who has the ability to more accurately and better calculate and control risk. Risk allocation is taken into account when developing the financial plan of the project and is documented in contract documents.

A possible way to reduce the risk is to insure it, which essentially consists of transferring certain risks to an insurance company. When deciding on external risk insurance, it is necessary to evaluate the effectiveness of this method of risk reduction, taking into account the following parameters:

1.The probability of an insured event occurring for this type of project risk.

2.The degree of insurance coverage for the risk, determined by the insurance ratio (the ratio of the insured amount to the size of the insurance property assessment).

.The size of the insurance rate in comparison with its average size in the insurance market for this type of insurance.

.The amount of the insurance premium and the procedure for its payment during the insurance period, etc.

Foreign insurance practice uses full insurance of investment projects. The conditions of Russian reality allow for the time being only partially to insure project risks: buildings, equipment, personnel, some extreme situations.

Type of costs Change in unforeseen expenses,% Costs / duration of work of Russian performers + 20 Costs / duration of work of foreign performers + 10 Increase in direct production costs + 20 Decrease in production - 20 Increase in interest for a loan + 20

In addition to reserving for force majeure circumstances, it is necessary to create a system of reserves at the enterprise for optimal cash flow management. We are talking about the formation of a reserve fund, a fund for repayment of bad accounts receivable, maintaining an optimal level of inventories and a standard balance of cash and cash equivalents. Funds reservation is, in fact, self-insurance (internal insurance) of the enterprise. It should be borne in mind that insurance reserves in all their forms, although they allow you to quickly compensate for the losses incurred, however, "freeze" the use of a fairly tangible amount of investment resources. As a result, the efficiency of using the company's own capital decreases, and its dependence on external sources of financing increases.

Limiting as a way to reduce risks is to establish a maximum allowable amount of funds by the enterprise for the performance of certain operations (or stages of the project), in the event of the loss of which this will not significantly affect the financial condition of the enterprise. Limiting is applied by banks when granting loans, industrial enterprises- when selling goods on credit, determining the amount of capital investment, determining the amount of borrowed funds, as well as in other situations.

The acquisition of additional information plays an important role in reducing project risks. The purpose of such an acquisition is to clarify some parameters of the project, increase the level of reliability and reliability of the initial information, which will reduce the likelihood of making an ineffective decision. Methods for obtaining additional information include purchasing it from other organizations, conducting an additional experiment, etc. Complete and reliable information is a special kind of product that you have to pay for, but these costs pay off as a result of obtaining significant benefits from a less risky investment.

Concluding the review of the main aspects of the theory of project risk management, the following should be noted. Identification of project risks, their accounting and analysis is part of common system ensuring the economic reliability of an economic entity.

Conclusion

In conclusion, the following main aspects should be noted.

Risk in a market economy accompanies any management decision. This is especially true for investment decisions, the consequences of which affect the activities of the enterprise over a long period of time.

Bibliography

1.Afonasova, A.M. Project analysis. Lectures [Electronic resource] / А.М. Afonasov. Access mode: # "justify"> 2. Blank, I.A. Investment management [Text]: training course / I.А. Form. - 2nd ed., Rev. and add. - K .: Elga-N, Nika-Center, 2007 .-- 448 p.

.Kalmykova, T.S. Investment analysis [Text] / T.S. Kalmykov. - M .: INFRA-M, 2009 .-- 240 p.

.V.V. Kovalev Introduction to financial management [Text] / V.V. Kovalev. - M .: Finance and statistics, 2008. - 786 p .: ill.

.Osipova, L.M. Economic assessment of investments [Text]: guidelines / L.M. Osipova. - Kemerovo: Printing house of GU KuzGTU, 2011 .-- 40 p.

.Kharlamenko, E.V. Quantitative analysis of investment project risks [Text] // E.V. Harlamenco. - Russian entrepreneurship. - 2009. - No. 5 (1).

.Tsarev, V.V. Evaluation of economic efficiency [Text] / V.V. Tsarev. - SPb .: Peter, 2007 .-- 464 p.

project risk investment sensitivity

Tutoring

Need help exploring a topic?

Our experts will advise or provide tutoring services on topics of interest to you.
Send a request with the indication of the topic right now to find out about the possibility of obtaining a consultation.

Risks are caused by the uncertainties that exist in each project. Risks can be “known” - those that are identified, assessed, for which planning is possible. “Unknown” risks are those that are not identified and cannot be predicted. Although the specific risks and conditions for their occurrence are not defined, project managers know from past experience that most of the risks can be foreseen.

Implementing projects with a high degree of uncertainty in such elements as goals and technologies for achieving them, many companies pay attention to the development and application of corporate risk management methods. These methods take into account both the specifics of projects and corporate management methods.

The American Project Management Institute (PMI), which develops and publishes standards in the field of project management, has significantly revised the sections governing risk management procedures. The new version of the PMBOK (expected to be adopted in 2000) describes six risk management procedures. In this article, we offer a brief overview of risk management procedures (no comments).

Management of risks- these are processes associated with the identification, analysis of risks and decision-making, which include maximizing the positive and minimizing the negative consequences of the occurrence of risk events.

The project risk management process typically includes the following procedures:

- selection of approaches and planning of project risk management activities.
Risk identification- identifying risks that could affect the project and documenting their characteristics.
Qualitative risk assessment- a qualitative analysis of risks and the conditions for their occurrence in order to determine their impact on the success of the project.
Quantification- quantitative analysis of the likelihood and impact of the consequences of risks on the project.
- determination of procedures and methods to mitigate the negative consequences of risk events and use the potential benefits.
Monitoring and control of risks- risk monitoring, identification of remaining risks, implementation of the project risk management plan and assessment of the effectiveness of actions to minimize risks.

All of these procedures interact with each other as well as with other procedures. Each procedure is performed at least once in every project. Although the procedures presented here are considered discrete elements with well-defined characteristics, in practice they may overlap and interact.

Risk management planning

Risk management planning- the process of making decisions on the application and planning of risk management for a specific project. This process may include organizational decisions, staffing of project risk management procedures, selection of preferred methodology, data sources for risk identification, time frame for situation analysis. It is important to plan risk management appropriate to both the level and type of risk and the importance of the project to the organization.

Risk identification

Risk identification identifies which risks are likely to affect the project and documents the characteristics of these risks. Risk identification will not be effective if it is not carried out regularly throughout the project.

Risk identification should involve as many participants as possible: project managers, customers, users, independent specialists.

Risk identification is an iterative process. Initially, risk identification can be done by a part of the project managers or by a group of risk analysts. Further identification can be handled by the core group of project managers. Independent specialists can participate in the final stage of the process to form an objective assessment. A possible response can be determined during the risk identification process.

Qualitative risk assessment

Qualitative risk assessment- the process of presenting a qualitative analysis of risk identification and identification of risks requiring rapid response. This risk assessment determines the severity of the risk and chooses a response. The availability of accompanying information makes it easier to prioritize different risk categories.

Qualitative risk assessment is an assessment of the conditions for the occurrence of risks and determination of their impact on the project using standard methods and means. Using these tools helps to partially avoid the uncertainties that often occur in a project. During the life cycle of a project, there must be an ongoing reassessment of risks.

Quantitative risk assessment

Quantitative risk assessment determines the likelihood of risks and the impact of the consequences of risks on the project, which helps the project management team to make correct decisions and avoid uncertainties.

A quantitative risk assessment allows you to determine:

the likelihood of achieving the ultimate goal of the project;
the degree of risk impact on the project and the amount of unforeseen costs and materials that may be needed;
risks requiring an early response and more attention, as well as the impact of their consequences on the project;
actual costs, estimated completion dates.

A quantitative risk assessment often accompanies a qualitative assessment and also requires a risk identification process. Quantitative and quantitative risk assessment can be used separately or together, depending on the available time and budget, the need for quantitative or qualitative risk assessment.

Risk response planning

Risk response planning is the development of methods and technologies to reduce the negative impact of risks on a project.

Takes responsibility for the effectiveness of protecting the project from exposure to risks. Planning involves identifying and categorizing each risk. The effectiveness of the response design will directly determine whether the impact of the risk on the project will be positive or negative.

The response planning strategy should be appropriate for the types of risks, ROI and timing. The issues discussed during the meetings should be adequate to the tasks at each stage of the project, and agreed with all members of the project management team. Typically, several options for risk response strategies are required.

Monitoring and control

Monitoring and control monitor the identification of risks, determine the residual risks, ensure the implementation of the risk plan and evaluate its effectiveness in view of the risk reduction. Risk indicators associated with the implementation of the conditions for the fulfillment of the plan are recorded. Monitoring and control accompanies the process of project implementation.

High-quality project control provides information to help make effective decisions to prevent risks. To provide complete information on the implementation of the project, interaction between all project managers is required.

The purpose of monitoring and control is to find out if:

The risk response system was implemented in accordance with the plan.
The response is effective enough or changes are needed.
The risks have changed from the previous value.
The onset of the influence of risks.
The necessary measures have been taken.
The exposure to the risks was planned or an accidental result.

Control can entail choosing alternative strategies, making adjustments, redesigning the project to achieve the baseline. There should be constant interaction between project managers and the risk group, all changes and phenomena should be recorded. Project progress reports should be generated regularly.