ECOTrans case study


Module Seven: Project Risk Management

Copyright © 2014 MindEdge Inc. All rights reserved. Duplication prohibited.

Module Seven: Project Risk Management

An effective project management plan must include efficient risk management practices—a project that does not proactively identify, analyze, and respond to risks is doomed to failure. The risks that could impact a project may appear, change, or disappear on a daily basis so practitioners must be prepared for continuous review and response planning to shape any influence these factors may have.

Risk management strategies may require that risks be prioritized to guarantee that the "right" issues are the highest priorities and that they are managed appropriately and productively to the benefit of the project.

Learning Objectives

After completing this module, you should be able to:

1. Describe the techniques involved in risk identification and analysis 2. Describe how to make project decisions when outcomes are complex and are affected by

uncertainty 3. Explain how risk analysis and risk response planning contribute to project success 4. Explain how risk events can be prioritized to ensure effective risk management strategies

are completed

Identifying and Documenting Project Risks

Risk management practices are designed to help practitioners identify risk, ensure that a project's risk stays within acceptable levels, and increase the chances that events that are good for the project will happen while decreasing the chances that events that are bad for the project will happen. Furthermore, given that whether events happen or not is often out of the range of control of project participants, good project risk management seeks to limit the impact of possible negative events and increase the impact of positive events.

Probably the most important risk management tool used by project practitioners is the risk register described in the Planning section of this course. As you recall, the risk register lists the project's risks and all of the potential responses to those risks.

The risk register is a "living document" that must be continuously reviewed and updated throughout the project life cycle to ensure that risks are constantly identified and managed, to keep the project on track and to ensure project success. The register can be a short, simple document or a more-complex record of project risks, depending on the needs of the project. A simple risk register that displays only the risks associated with a project and the effects if those risks occur is displayed below; more-elaborate registers can be created as the need arises.

Ref # Event Effect Owner 352 cell towers could be damaged

during earthquake reception would not be maximal for release of new coverage plan

John Anderson

353 printer might finish marketing materials a week early

we could send out notification of new plan to customers earlier

Yoon Kwon

354 competitor might release its new phone

potential customers might be swayed away from our new plan

Brittany Toomey

Identification Techniques

There are several techniques that practitioners can use to identify which risks to include in a risk register and to determine possible responses to those risks. The following techniques provide a starting point for project participants to use to create their risk registers and begin their risk identification activities:


Brainstorming refers to generating ideas in a free-flowing, associative manner. Practitioners may need to facilitate the group of people who are brainstorming by focusing their attention on a framework such as a risk breakdown structure.

Delphi technique

The Delphi technique is based on gaining consensus from experts without bringing them together in face-to-face meetings. A facilitator gathers ideas separately from experts using a standard questionnaire, then summarizes returned responses—without attribution —and resends them to the experts for additional comments. This method is particularly useful for virtual teams or teams in which one or a few members have undue influence.


Through interviewing, practitioners can identify possible risks by questioning stakeholders about the risks that they perceive.

Root cause analysis

Root cause analysis seeks to identify the underlying causes of risk so that the risk can be prevented or eliminated.

SWOT analysis

SWOT analysis is a technique that identifies risk (threats and weaknesses) and measures them against the strengths and opportunities of the organization and the project.

Companies often use a framework called SWOT analysis to assess internal (company) and external (industry) factors that may impact their business. The approach provides

participants with a straightforward way to organize and evaluate information, enabling them to make well-informed strategic decisions.

SWOT stands for Strengths (company), Weaknesses (company), Opportunities (industry), Threats.

Checklist analysis

Checklist analysis uses checklists that are based on historical information or risks identified in a risk breakdown structure. The simplicity of checklists can lead to oversimplification of project risks so care must be taken when using these lists. Practitioners must remember that general checklists will never anticipate every risk that a project faces, so the team will need to continually brainstorm to expand the checklist during the project and update checklist templates with lessons learned after each project.

Assumptions analysis

In assumptions analysis, practitioners re-examine the assumptions under which the project was planned. New information might be available that shows that assumptions made may have suffered from incompleteness, inaccuracy, inconsistency, or instability, and the project may be facing risk because of its underlying assumptions.

Diagramming techniques

Diagramming techniques include various types of diagrams that aim to show the relationship between events and their effects. Diagram types include cause-and-effect diagrams, system or process flowcharts, and influence diagrams. By diagramming parts of a project, practitioners may expose risks that would otherwise not have been uncovered.

Expert judgment

Project practitioners should invite experts—those with experience relevant to the project —to join other stakeholders in identifying risks. Experts should be given as much information about the project as possible so that they can understand all of the factors in the project's success. The biases of all who provide opinions should be identified by the project management team and weighed against project goals.

Analyzing Risks

The goal of risk analysis is to develop greater insight into the nature of different project risks. More specifically, risk analysis helps to identify the impact that a risk may have on a project. With that knowledge, project practitioners can decide how to control the risk.

There are two different approaches that project teams can take to evaluate the risks in their projects: qualitative risk analysis and quantitative risk analysis. Qualitative assessment is typically less complex than quantitative techniques and therefore requires less effort. In most small- and medium-sized projects, qualitative risk assessment methods will be sufficient. In contrast, quantitative risk assessment methods offer more precise information.

The ultimate purpose of both qualitative and quantitative risk analysis is the same—to update the risk register and to help practitioners manage project risk. However, qualitative risk analysis tends to be less time- and resource-intensive than quantitative risk analysis so it should be considered first to narrow down the number of risks that will need to be further evaluated.

Qualitative Risk Analysis

Effective risk analysis begins with an assessment of each risk's severity. The severity associated with a risk is derived from two key pieces of information:

the probability of the risk occurring the impact that the risk will have on the project if it does occur.

Risk Probability

When project practitioners assess risk probability qualitatively, they develop probability ranges or rating scales and then assign each risk to one of the ranges. For example, a qualitative evaluation of risk probability might use three ratings:

Qualitative Risk Probability Rating Scale

Using a rating scale for qualitative assessments of risk probability helps to remove some of the subjectivity from what is an inherently subjective process. In some cases, the project's team members will develop the rating scale, while in other cases, the performing organization may have scales already developed that are used throughout the organization.

Risk Impact

When risk impact is evaluated qualitatively, the approach is very similar to that of assessing risk probability. A rating scale is used that measures the magnitude of the risk impact. An example of a three-level rating scale for risk impact might include the following:

Qualitative Risk Impact Rating Scale

Probability Likelihood

High Probability 50% or higher likelihood of occurring

Medium Probability 10% to 50% likelihood of occurring

Low Probability 10% or lower likelihood of occurring

Impact Significance

High Impact

The project success is at risk and the project cannot continue without modifications to scope, schedule, or resources.

Medium Impact

The project can continue, but repeat planning will be necessary to ensure success.

Low Impact

The project need not change. The risk can be addressed through minor adjustments.

Risk-related Assets

The project management team can also use historical information, lessons learned, and other risk-related assets from previous projects to help them assess whether an event should be considered low, moderate, or high priority based. Risk-related assets can include a look-up table or a probability and impact matrix (which is usually tailored to the particular project during the Planning process).

While conducting qualitative risk analysis, project practitioners should take into account as many relevant factors as possible to determine the priority of risk events. The quality of data should be assessed and stakeholders' and experts' biases should be identified and weighed.

As well, project participants will want to conduct a risk urgency assessment, which will help them determine whether certain risk events may need to be placed at a higher priority in the short-term or whether certain phases of the project are more likely to encounter risk. Risks that are identified as moderate or high priority may be then further analyzed employing quantitative analysis.

The Probability and Impact Matrix

A probability and impact matrix is a tool that helps project practitioners determine whether a risk is considered low, moderate, or high by combining the two dimensions of a risk: its probability of occurrence and its impact on objectives if it occurs.

This matrix indexes the calculated risk score of a risk event against the priority that the project management team should assign the risk. The risk score of a risk event is determined by multiplying the probability that the event will occur by the impact on schedule, quality, cost, or performance, represented numerically:

(RS = P * I)

With this risk score in mind, project practitioners will turn to the organizational probability and impact matrix and determine whether the risk event should be considered low, moderate, or high risk based on the organization's classification system.

Ranking systems generally use the following categories for ranking risk scores:

Red: high risk Yellow: moderate risk Green: low risk

The categories and acceptable risk scores for particular project objectives and the project as a whole will depend on the particular organization running the project and the preferences of the project stakeholders. In general, risks with lower priority are added to a watch list so that project participants can focus on higher priority risks.

Qualitative Risk Assessment: Tools and Techniques

Once the probability and impact of a project's risks have been analyzed, project practitioners can use several tools to help them sort and prioritize project risks, including sequenced lists and a risk assessment matrix.

Sequenced List

The sequenced list is the simplest and most basic approach for identifying the severity of risks. It enumerates the risks, ordering them by their risk score and/or severity.



Risk event Rank this month

Rank last month

Number of months in top ten

Risk resolution progress Risk owner


Delayed construction materials

1 2 3 Twice-weekly conference call with vendors on delivery progress; revising schedule estimates

Frank Merriweather


Inaccurate cost estimates on electrical contract work

2 1 4 Revising cost estimates Abigail Chang

4 Delay in local building permit

3 2 2 Local attorney working with building department; revising cost estimates

Smathers, Franklin & Worell


Possible skilled labor shortage for masonry

4 5 3 Working with local contractors to ensure enough masons are available

Frank Merriweather

The Risk Assessment Matrix

A risk assessment matrix places the probability ratings in rows and the impact ratings in columns (or vice versa). Then each risk is placed in the correct cell of the matrix, based on its probability and impact. Typically these matrices are structured in a way that places high severity risks in the upper right corner.

Limitations of Qualitative Ratings

Some risk management experts argue that "high," "medium," and "low" risk scales are too imprecise, especially when calculating risk severity. If a project team is ranking risk events, it can be difficult to settle ties or to sort through numerous risks. That's why these risk management experts argue for the use of numbered scales or percentages.

One way to address this is to expand the scale and convert "subjective" ratings into percentages, as can be seen in this chart:

Rating Percentage

Very low 0-5%

Low 6-20%

Medium 21-49%

High 50-80%

Very high 81-100%

Quantitative Risk Assessment

Once a project's risks have been run through a qualitative analysis process, those risks that require further analysis can then be put through a quantitative analysis.

Quantitative risk analysis assesses the overall level of risk exposure and highlights specific areas of risk, allowing practitioners to develop appropriate responses to those risks.

Quantitative risk analysis can become complex because a single risk event can have multiple possible effects on a number of systems and processes. Project practitioners must also remain alert to the dangers of relying on mathematical techniques for risk analysis and making assumptions that may be false about their precision and reliability.

Also, with a quantitative approach, risk impact can be difficult to measure quantitatively when there is more than one factor that is impacted. For example, a single risk may result in impacts on the project schedule and the project cost; it can be difficult to capture both of these in a single, quantitative impact measure.

Quantitative Risk Assessment: Tools and Techniques

Similar to those used in qualitative analysis, there are several tools and techniques that practitioners can use to sort the results of their quantitative analysis. These include:

The sequenced list Two-dimensional quantitative analysis Decision tree analysis and expected monetary value analysis Sensitivity analysis and tornado diagrams Simulations and the Monte Carlo technique

Each of these will be explained in greater detail in the upcoming assignment of this module.

The Sequenced List and Two-dimensional Quantitative Analysis

Just like qualitative analysis, quantitative analysis can use a sequenced list and a two- dimensional graphic to order and prioritize risks.

The Sequenced List

A simple sequenced list can be used with numerical estimations in place rather than qualitative ratings. Further, project risk severity can be calculated by summing all of the risk event severity numbers.

A B C D 1 Risk Probability Impact Severity

2 QA delays .80 .90 .72

3 Server crash .30 .80 .24

4 Software incompatibility .10 .40 .04

5 Loss of key team member .05 .35 .017

6 Severity Total 1.017

Two-dimensional Quantitative Analysis

Like the risk assessment matrix used in qualitative analysis, risks can also be documented visually using two-dimensional quantitative analysis. Once again, two perpendicular axes are used—one axis measures the risk probability while the other measures the risk impact. Each risk is plotted, based on its combination of probability and impact characteristics. And again, risks that are most severe (high probability and high impact) are typically located in the upper right portion of the graph.

The Decision Tree

A more-complex quantitative analysis approach involves a tool called a decision tree.

A decision tree is a decision analysis tool that shows a number of options, the paths by which each of these options may be reached, and the possible consequences of choosing each option. A decision tree analysis is designed to establish a logical sequence for decisions, to consider the decision alternatives available, and to evaluate the results they will produce.

Decision trees are valuable for risk assessment when a limited number of potential outcomes are possible. Decision trees use the weight of each risk and estimates to determine the potential impact for various alternatives. When there is a point in a project where several options are possible, practitioners analyze each option and assign it a probability. The probabilities for all the options should total 100%.

Typically decision trees are used with risks that affect the project schedule or project costs. Through a decision tree analysis, project participants can select the option that has the lowest possible impact.

Decision trees can be applied using, or not using, probabilities. One technique with probabilities is the expected value approach that will be described in the next assignment. (Non-probability techniques include minmax regret, maximum regret, and maximum payoff.)

Decision trees can help select the best course of action in situations of uncertainty.


Here is an example of how a decision tree analysis is performed.

Suppose a luxury car dealer must decide how many European sports cars to order for the coming year. It costs her $25,000 to keep each unsold car in inventory and her gain (profit) is $50,000 on each car sold.

Further, suppose that the car dealer can order 0, 1, 2, or 3 cars. Here is her decision table, showing the potential pay-offs for any given course of action.

How can this car dealer figure out how many sports cars to order? She looks at market research and historical trends to develop a table of the probabilities of the annual demand for the cars.

Actual Annual Demand

Decision: Order 0 Cars

Decision: Order 1 Car

Decision: Order 2 Cars

Decision: Order 3 Cars

0 Cars 0 ($25,000) ($50,000) ($75,000)

1 Car 0 $50,000 $25,000 0

2 Cars 0 $50,000 $100,000 $75,000

3 Cars 0 $50,000 $100,000 $150,000

Combining the probabilities with the potential pay-offs allows the car dealer to come up with the expected value of each decision.

Based on these expected values, the car dealer would order 2 sports cars; that is the decision with the highest expected value.

How would this same information look in a decision-tree format? First, it is helpful to understand decision tree terminology. A decision-tree consists of nodes and links that connect nodes.

Decision nodes represent points at which the decision-maker has to choose one alternative from a number of possible alternatives.

Probability nodes represent points at which chance, or probability, plays a dominant role and reflect alternatives over which the decision-maker has (effectively) no control.

Terminal nodes represent the ends of paths.

Probability Demand

.05 (5%) 0 Cars

.30 (30%) 1 Car

.35 (35%) 2 Cars

.30 (30%) 3 Cars

Projected Annual Demand

Decision: Order 0 Cars

Decision: Order 1 Car

Decision: Order 2 Cars

Decision: Order 3 Cars

0 Cars (5%)

0 5% x ($25,000) = ($1,250)

5% x ($50,000) = ($2,500)

5% x ($75,000) = ($3,750)

1 Car (30%)

0 30% x $50,000 = $15,000

30% x $25,000 = $7,500

30% x 0 = 0

2 Cars (35%)

0 35% x $50,000 = $17,500

35% x $100,000 = $35,000

35% x $75,000 = $26,250

3 Cars (30%)

0 30% x $50,000 = $15,000

30% x $100,000 = $30,000

30% x $150,000 = $45,000

EV=0 EV of 1 Car = $46,250

EV of 2 Cars = $70,000

EV of 3 Cars = $67,500

Here is how one branch of the car dealer's decision tree would look:

The key assumptions behind the decision tree analysis technique include the following:

Decisions are sequential. Decisions today can influence decisions tomorrow. Decisions or chance occurrences tomorrow can impact the results of decisions made today. While decision makers may have no control over decisions or chance occurrences in the future, knowing their probability can help in making decisions now.

At the same time, anyone using a decision tree must be aware that these probabilities and their impact on cash-flow (or pay-off or gain) are estimates. There are two ways to arrive at these estimates—by relying on the subjective assessment of those closest to the decision (or "experts") or by using historical data of prior events.

The benefits of employing decision tree analysis include:

Analyzing the possible consequences of a decision Graphically seeing the paths for decision-making Quantifying the values of outcomes and the probabilities of achieving them Allowing for the optimal decision on the basis of existing information

There are, however, shortcomings in decision tree analysis. It is hampered by its underlying assumptions: if the estimated probabilities of future events prove to be wrong, then the expected value outcomes will also be wrong. Further, decision tree analysis cannot account for natural disasters and other unforeseen events. Finally, decision tree analysis isn't adjusted for the risk tolerance of the decision-maker.

Expected Monetary Value

Expected monetary value (EMV) analysis is a statistical technique that calculates the average outcome when the future includes scenarios that may or may not happen. A common use of this technique is within decision tree analysis.

In EMV analysis, the value of each possible outcome is multiplied by its probability of occurrence, and the probability-weighted values of the possible outcomes are then added together.

A decision tree can be useful in clarifying a company's options, as well as determining which of those options is the most beneficial or least risky.

Navigate through the decision tree analysis and expected monetary value exercise below to learn more about creating and analyzing a decision tree. Using these tools, determine whether the company running the analysis below should purchase a new learning management system (LMS), or keep the one they currently use. If they decide to keep the system they currently use, should they develop enhancements for it or choose not to invest in any new development? If they decide to purchase a system, should they purchase Product X or Product Y?

A square represents a decision to be made. Each circle represents an uncertainty. Draw your decision tree so that each option is a clear branch on the tree. This is a picture of what your decision tree will look like.

Once you have charted each option on your tree, you are ready to analyze it. Start by estimating the payoff of each path, taking into account decisions made and the uncertainty that will affect the path of the project. This chart shows that the effectiveness of the resulting product is uncertain and will affect the outcome.

Then assess the probability of each possible uncertain outcome, and represent the probability in decimal form. The total probability for each chance node should equal 1. This means that there is a 100% probability that one of the outcomes will occur for each decision path.

To calculate the probability-weighted payoff value of each potential outcome, multiply the percentage probability by the estimated payoff of each result.

Then add the probability-weighted payoff value of each potential outcome of each decision path together to get each decision path's probability- weighted payoff.

Finally, write down the projected cost of each decision path. This cost should be subtracted from the path's probability-weighted payoff.

Subtract the path's cost from the path's probability-weighted payoff, and choose the option with the largest benefit.

Which option should the company choose? Consider your answer, then proceed to the next slide to see the answer.

The company should purchase a new learning management system. Specifically, product X has the highest expected monetary value, and chances are, it is the option that will have the highest net value to the company.

Sensitivity Analysis and Tornado Diagrams

Sensitivity analysis

A sensitivity analysis is the systematic and comprehensive analysis of changes in the results of mathematical models as variables or assumptions change. Sensitivity analysis is designed to identify which risks have the greatest potential impact on the project. It examines the extent to which the uncertainty of each project element affects the objective being examined, when all other uncertain elements are held at their baseline levels.

A sensitivity analysis allows a range of plausible inputs to be considered when there is uncertainty about the true value of an input. An example would be comparing results of a model using a range of discount rates—say, looking at the results using 2% as a discount rate compared to using rates of 5% and 10%.

Sensitivity analysis can also be used to assess the possible effects of project risk events. An analyst can change values of key variables one at a time, or in different combinations, to assess how overall results (for example, measured by the expected value) would be affected.

In those cases where the project is sensitive to changes in a variable that is uncertain, it may raise questions about the underlying assumptions. Whenever the probabilities of states of nature (events) and decision payoffs rest upon subjective derivation, sensitivity analysis can highlight the potential risks.

Sensitivity analysis can be used for:

1. Linear programming models, to analyze how changes in the constraints may change the optimal solution

2. Financial planning models (cash flow models; capital budgeting), to analyze changes in prices and/or resource costs

3. Discounted cash flow models, to analyze changes in discount rate or cash flows 4. CVP analysis, to calculate margin of safety

Sensitivity analysis provides valuable insight into the effect key decision variables have on the outcomes of decisions.

Some of the benefits include:

Determining how sensitive output or outcome relates to various values of critical inputs Tracing the effect of changes in key decision variables Providing a less costly and time-consuming analysis than simulation analysis

Sensitivity analysis of the results of any quantitative risk assessment can be of significant value. Even when the probability of a particular risk cannot be determined precisely, sensitivity analysis can help determine which variables have the greatest influence on the risk.

One major drawback of sensitivity analysis is that it only assesses one variable at a time when often it is the combination of uncertainties of all relevant variables that are crucial. In addition, sensitivity analysis is generally based on subjective estimates of important decision variables, which introduces more potential error into the analysis.

Tornado diagrams

A common way to display a sensitivity analysis is with a tornado diagram, which ranks the factors affecting a project from the factors with the most uncertainty and impact to those with the least uncertainty and impact. This contrasts the relative importance and impact of variables that have a high degree of uncertainty to those that are more stable.

Here is an example of a tornado diagram:

Based on this tornado diagram, the greatest potential positive and negative impact (as measured in financial terms) for this project comes from scheduling risk. Remember that negative numbers (the left hand side of the scale) represent a reduction in project cost; positive numbers reflect increased project cost.

Simulations and the Monte Carlo Technique

Simulation and modeling are used to measure risks for the project as a whole, rather than for individual alternatives. Common project simulation tools include simulation models, what-if analysis, and Monte Carlo analysis.

Simulation Models

Simulation models use computer-based programs to predict the behavior of a system. The simulation acts as a similar but simpler model to represent a situation or problem in order to analyze possible outputs.

Mathematical expressions are used to describe the relationship between inputs and outputs in a simulation model. There are two types of inputs:

Controllable inputs: Inputs that are directly controlled by the company or individual. An example would be the decision by a company to invest in building a new production facility. Probabilistic inputs: Inputs that are outside the direct control of the company or

individual and take on different values. An example would be the costs of raw materials used in the new production plant the company had decided to build.

What-if Analysis

What-if analysis is a form of simulation analysis that involves selecting different values for the probabilistic inputs in a model and then computing the possible outputs.

For example, a company could use "what-if analysis" to model the outcomes (output) caused by altering the demand (a probabilistic input) for a new product. Or a company could assign a probability distribution to those inputs and then run the model with those new variable values and look at the output.

Monte Carlo Analysis

One form of simulation, the Monte Carlo technique, relies on statistical sampling to approximate solutions to quantitative problems.

These models are computerized probabilistic calculations that use random number generators to draw samples from probability distributions. It is possible, but impractical, to rely solely on a calculator to run a Monte Carlo simulation. But since the simulation is run 500 times or more, project teams turn to readily available software programs.

The objective of the simulation is to find the effect of multiple uncertainties on a value quantity of interest (such as the total project cost or project duration).

When Monte Carlo simulation software calculates the various possible outcomes, the results follow a continuous line. (On a continuous line, every point on the line is a possible result, even though not every point has equal possibility of being the correct value. Continuous lines are the opposite of discontinuous lines which have gaps. Discontinuous lines have ranges of possibilities that are discrete from each other. The probability line will be discontinuous if decisions must be made that will change the course of the project.)

When using the Monte Carlo technique, results or outcomes of the project can initially be chosen randomly and then plotted along the line. As more is known about the range and weight of possibilities, less of the simulation can be left up to chance, and more accurate predictions can be made with the line.

Monte Carlo methods have many advantages. They can determine risk effects for cost and schedule models that are too complex for common analytical methods. They can explicitly incorporate the risk knowledge of the project team for both cost and schedule risk events. They have the ability to reveal, through sensitivity analysis, the impact of specific risk events on the project cost and schedule.

However, Monte Carlo methods require knowledge and training for their successful implementation. Input to Monte Carlo methods also requires the user to know and specify exact probability distribution information, mean, standard deviation, and distribution shape. Nonetheless, Monte Carlo methods are commonly employed for project risk analysis because they provide detailed, illustrative information about risk impacts on the project cost and schedule.

In addition to graphically conveying information, a Monte Carlo simulation can produce numerical values for common statistical parameters, such as the mean, standard deviation, distribution range, and skewness.

Simulations: Advantages and Disadvantages

Simulation models have many benefits, including their:

Relative simplicity Ability to model and test the behavior of complex systems Flexibility Ability to employ a large number of probabilistic inputs Ability to compress time

Some of the drawbacks of simulations are their potential high cost, the considerable amount of programming and analysis time involved, and their risk of error.

A Monte Carlo Simulation Example (Total Project Cost)

The following histogram shows typical probability outputs from a Monte Carlo analysis. This information is useful for understanding the mean and standard deviation of analysis results.

Note that the bar graph appears generally bell-shaped and shows Distribution for Total Projects Costs in Current Dollars. The mean is 18.5, with a 90% probability range from 16.1 to 21.2, and a 5% probability above or below the range.

Monte Carlo Simulation Example (Cumulative Project Costs)

The following cumulative chart is useful for determining project budgets and contingency values at specific levels of certainty or confidence.

The diagonal curve gently levels out below the 400 and above the 600 range. The mean is 499.57, with a 90% probability range from 437.98 to 566.93, and a 5% probability above or below the range.

Monte Carlo Simulation Example (Cumulative Project Time)

The following chart, Cumulative Total Project Time, shows the probability of completing the project within a range of possible dates.

According to the results of this Monte Carlo simulation, there is a 50% confidence level that the project will be completed between August 20 and September 5.

Developing Risk Response Plans

Risk response planning explores response strategies for the high-risk items identified in the project's qualitative and quantitative risk analyses.

This planning also identifies and assigns parties to take responsibility for each risk response. It ensures that each risk requiring a response has an owner.

Three key questions can be posed for risk response:

What can be done about a given risk, and what responses are possible? What are the trade-offs in terms of the costs, benefits, and risks among the available options? What are the impacts of current decisions on future options?

Elements of Risk Response Plans

What are the key elements of risk response planning? The following chart summarizes these elements.

E l e m e n t s o f R i s k R e s p o n s e P l a n n i n g

Review risk causes and risk interactions

Identify alternative risk response strategies, methods, and tools for each major risk

Evaluate and prioritize risk response alternatives

Establish and commit required resources for specific risk response alternatives

Communicate risk response plans to project participants for implementation

Risk Response Triggers

When should project practitioners spend the time and money to develop risk responses? There are several triggers for response planning:

The risks should be significant and there should be cost-effective responses. The risks could have a high impact and therefore must be addressed—even if their probability of occurrence is low. Minor risks should have responses developed when these strategies are inexpensive and effective.

Risk Response Strategies

Negative Risk Responses

Project practitioners have four possible risk response strategies to draw upon for negative risks:

Strategy Description Examples

Avoidance This strategy seeks to eliminate threats or negative risks by preventing them from ever occurring.

Reducing or combining a number of activities in the project schedule

Mitigation This strategy seeks to reduce the impact of negative risks or threats.

Creating prototypes or interim deliverables that users can test during the project

Transference This strategy seeks to assign responsibility for negative-impact risks to a different organization (usually at an increased cost to the performing organization).

Purchasing insurance or a warranty for incomplete work or defective materials

Acceptance This strategy accepts that a negative risk may occur and the team will not plan a response because the response would not be feasible or cost-effective to implement.

Not having a plan to power your operations if a catastrophic event causes a regional power outage

Positive Risk Responses

There are also four response approaches to use to react to opportunities or positive risks:

Strategy Description Examples

Exploit This strategy seeks opportunities to exploit a positive risk event. The idea is to make sure that the opportunity definitely happens.

Assigning specialists to complete a project at lower cost

Share This strategy seeks to share positive-impact risks with third parties through partnerships, teams, special-purpose companies and joint ventures. This is similar to transferring risk.

Establishing a joint venture to share risk

Enhance This strategy seeks to increase the probability and/or the positive impacts of an opportunity. It involves identifying and making use of key drivers or root causes of positive-impact risks.

Recognizing that more resources will allow an early finish to an activity

Accept This strategy accepts opportunities as they arise but does not involve pursuing them.

Taking advantage of a positive-impact risk (lower- than-expected construction costs) to reduce overall project costs

The response chosen—for either positive risk or negative risk—will depend on the organizations involved, their structure, their culture, and other parameters associated with the project at hand.