Risk Management - Useful Tools and Techniques

In this section, the tools and methodologies that you can use during various phases of managing a risk are briefly described.

Risk Identification

There are many tools and techniques for Risk identification. Documentation Reviews

• Information gathering techniques
• Brainstorming
• Delphi technique – here a facilitator distributes a questionnaire to experts, responses are summarized (anonymously) & re-circulated among the experts for comments. This technique is used to achieve a consensus of experts and helps to receive unbiased data, ensuring  that no one person will have undue influence on the outcome
• Interviewing

• Root cause analysis – for identifying a problem, discovering the causes that led to it and developing preventive action

• Checklist analysis

• Assumption analysis -this technique may reveal an inconsistency of assumptions, or uncover problematic assumptions.

• Diagramming techniques

• Cause and effect diagrams

• System or process flow charts

• Influence diagrams – graphical representation of situations, showing the casual influences or relationships among variables and outcomes

• SWOT analysis

• Expert judgment – individuals who have experience with similar project in the not too distant past may use their judgment  through interviews or risk facilitation workshops

Risk Analysis

Tools and Techniques for Qualitative Risk Analysis 

• Risk probability and impact assessment – investigating the likelihood that each specific risk will occur and the potential effect on a project objective such as schedule, cost, quality or performance (negative effects for threats and positive effects for opportunities), defining it in levels, through interview or meeting with relevant stakeholders and documenting the results.
• Probability and impact matrix – rating risks for further quantitative analysis using a probability and impact matrix, rating rules should be specified by the organization in advance. See example in appendix B.
• Risk categorization – in order to determine the areas of the project most exposed to the effects of uncertainty. Grouping risks by common root causes can help us to develop effective risk responses.
• Risk urgency assessment - In some qualitative analyses the assessment of risk urgency can be combined with the risk ranking determined from the probability and impact matrix to give a final risk sensitivity rating. Example- a risk requiring a near-term responses may be considered more urgent to address.
• Expert judgment – individuals who have experience with similar project in the not too distant past may use their judgment  through interviews or risk facilitation workshops. 

Tools and Techniques for Quantities Risk Analysis 

• Data gathering & representation techniques
• Interviewing–You can carry out interviews in order to gather an optimistic (low), pessimistic (high), and most likely scenarios.

•  Probability distributions– Continuous probability distributions are used extensively in modeling and simulations and represent the uncertainty in values such as tasks durations or cost of project components\ work packages. These distributions may help us perform quantitative analysis. Discrete distributions can be used to represent uncertain events (an outcome of a test or  possible scenario in a decision tree)

• Quantitative risk analysis & modeling techniques- commonly used for event-oriented as well as project-oriented analysis:

• Sensitivity analysis – For determining which risks may have the most potential impact on the project. In sensitivity analysis one looks at the effect of varying the inputs of a mathematical model on the output of the model itself. Examining the effect of the uncertainty of each project element to a specific project objective, when all other uncertain elements are held at their baseline values. There may be presented through a tornado diagram.

• Expected Monetary Value analysis (EMV) – A statistical concept that calculates the average outcome when the future includes scenarios that may or may not happen (generally: opportunities are positive values, risks are negative values). These are commonly used in a decision tree analysis.

• Modeling & simulation – A project simulation, which uses a model that translates the specific detailed uncertainties of the project into their potential impact on project objectives, usually iterative. Monte Carlo  is an example for a iterative simulation.

• Cost risk analysis - cost estimates are used as input values, chosen randomly for each iteration (according to probability distributions of these values), total cost will be calculated.

• Schedule risk analysis - duration estimates & network diagrams are used as input values, chosen at random for each iteration (according to probability distributions of these values), completion date will be calculated. One can check the probability of completing the project by a certain date or within a certain cost constraint.

•  Expert judgment – used for identifying potential cost & schedule impacts, evaluate probabilities, interpretation of data, identify weaknesses of the tools, as well as their strengths, defining when is a specific tool more appropriate, considering organization’s capabilities & structure, and more.

 Risk Response Planning 

• Risk reassessment – project risk reassessments should be regularly scheduled for reassessment of current risks and closing of risks. Monitoring and controlling Risks may also result in identification of new risks.
• Risk audits – examining and documenting the effectiveness of risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process. Project Manager’s responsibility is to ensure the risk audits are performed at an appropriate frequency, as defined in the risk management plan. The format for the audit and its objectives should be clearly defined before the audit is conducted.
• Variance and trend analysis – using performance information for comparing planned results to the actual results, in order to control and monitor risk events and to identify trends in the project’s execution. Outcomes from this analysis may forecast potential deviation (at completion) from cost and schedule targets.
• Technical performance measurement – Comparing technical accomplishments during project execution to the project management plan’s schedule. It is required that objectives will be defined through quantifiable measures of technical performance, in order to compare actual results against targets.
• Reserve analysis – compares the amount of remaining contingency reserves (time and cost) to the amount of remaining risks in order to determine if the amount of remaining reserves is enough.
• Status meetings – Project risk management should be an agenda item at periodic status meetings, as frequent discussion about risk makes it more likely that people will identify risks and opportunities or advice regarding responses.