Risk Assessment

---

Risk management is one of IPS’ strengths in delivering projects by formally integrating risk management into all aspects of the project delivery process. The tools and techniques used for risk identification, analysis, response planning, monitoring, and control are appropriately selected to meet the specific needs of the project. At each step of the risk management process, the results are documented in a form that allows the results to be used as an input into the next step and for proactive Project Delivery.

Risk management is the systematic application of management policies, procedures, and practices to the tasks of identifying, analyzing, assessing, and controlling risks to protect employees, the public, the environment, and company assets. It includes maximizing the results of positive events and minimizing the consequences of adverse events. 

Risk management planning focuses on how to approach and plan the risk management activities for a project. The risk management process includes the following steps:

Ø Defining the scope and objectives, 

Ø Defining the main outcomes desired, 

Ø Identifying the important stakeholders and their roles, 

Ø Identifying the critical project success factors and their characteristics, 

Ø Defining the risk attributes to be considered, 

Ø Defining the scales to be used for estimating the likelihood of occurrence and the severity of the consequences, 

Ø Defining the key elements for structuring the analysis, Defining evaluation criteria, and

Ø Defining the general approach and procedures

Ø Risk identification determines which risks might affect the project and document their characteristics. Risk identification answers the questions “what can happen?” and “how could it happen?”

Ø Qualitative risk analysis analyses risks to rank them in terms of their effect on project objectives. It analyses each risk in terms of existing controls, likelihood of occurrence, severity of the consequences, the precision with which the risk is understood, and the level of risk

Ø Quantitative risk analysis measures the probability and techniques to enhance opportunities and reduce threats to the project’s objectives. Strategies are identified and evaluated, and the best strategy selected and implemented.

Typical deliverables from the risk management process include:

Ø A risk management plan defining methodology, roles and responsibilities, budgeting, timing, scoring and interpretation, thresholds, reporting formats, and tracking

Ø Risk assessment report for each risk providing: risk number, risk name, risk owner, date of last update, revision number, statement of risk, description of the project objective impacted, rating and definition of the severity of the consequences, rating and definition of the likelihood of occurrence and intervention difficulty, rating and definition of the precision with which the risk is understood and the position of the risk on the likelihood/consequence matrix. The report documents the detailed results of the analysis.

Ø Likelihood/consequence matrix showing the location of each risk identified. The matrix is used to show the overall risk profile, assess the relative priority of the risks and demonstrate the effectiveness or risk response strategies

Ø Risk response plan for each major risk providing risk number, risk name, risk owner, date opened, date of last update, revision number, statement of risk, risk narrative, description of the project objective impacted, closure criteria and action number/action description/actionee/due date for each action in the response plan. The report is used for ongoing monitoring and control

Ø Action item log providing for each action item for each major risk: action number, risk number, risk name, action, actionee and due date. The log is used for ongoing monitoring and control

Ø Plots of cumulative probability versus actual value of a project objective being at or under a given value. These plots are used to select the contingency reserve to be included in capital cost estimates, select the reserve to be included in project duration or estimate the cost or duration at completion

We develop periodic sensitivity analyses and follow-up with the view to estimate the probability of occurrence and the consequences to:

Ø Establish the contingency reserve to be included in capital cost estimates

Ø Establish the reserve to be included in the project schedule

Ø Forecast the estimated cost at completion or project duration

Risk response-planning uses techniques to identify specific risk response strategies. Generic risk response strategies are:

Ø Avoid the risk by eliminating the cause

Ø Abate the likelihood of occurrence or make the risk irrelevant

Ø Mitigate the consequences

Ø Transfer the risk to another stakeholder (e.g., insurance)

Risk monitoring and control depend on periodic project risk reviews. Risk is an agenda item at all team meetings. In addition, risk response audits, earned value analysis, and technical performance analysis are used to identify significant deviations from the baseline. Significant deviations trigger another iteration of risk identification, analysis and response planning.