MSP® Foundation and Practitioner

Certification Training
5340 Learners
View Course Now!

Introduction to Risk Management Tutorial

1 Introduction to Risk Management

This lesson focuses on risk management. Let us begin with the objectives of this lesson in the next screen.

2 Objectives

By the end of this lesson, you will be able to: ? Describe the various arrangements used in managing risks in a programme Let us move on to the next screen where we will focus on managing risks in a programme.

3 Managing Risks in a Programme

Before the risk management cycle can operate, specific arrangements are made for managing risks. The following are the various arrangements used in managing risks in a programme: Risk management strategy Risk appetite and tolerance thresholds Assumptions, early warning indicators and risk register Threats and opportunities Evaluating risks Risk aggregation Proximity and progress reporting These are explained in detail in the forthcoming screens. Let us begin with risk management strategy in the next screen.

4 Risk Management Strategy

Risk management strategy is created and approved in ‘defining a programme’ and describes the approach to risk management in a programme. The following are a few functions of risk management strategy: The risk management strategy should reflect the organisation’s risk policies and process guidance. These may define the priorities to be observed by the programme to ensure it is compliant with the organisation’s risk governance arrangements. Building on corporate standards, the programme has to set its own risk appetite and culture for managing risks. Risk management strategy should clarify how opportunities will be managed and describe how the interface with benefits management approach will be handled as defined in the benefits management strategy. Risk management strategy should clarify and explain how information flows will work in the programme. It also manages project assumptions by defining how projects will manage their risks. It also defines how project, programme and operation work together to manage risks as described in risk management strategy, and ensures awareness of the risk impact and its response. In the next screen, we will discuss risk appetite and tolerance thresholds.

5 Risk Appetite and Tolerance Thresholds

The following are a few facts about risk appetite and tolerance thresholds. Let us begin with risk appetite. It is the amount of risk that an organisation is willing to accept. It helps in defining the tolerance levels. It is essential for a programme to understand the corporate risk appetite to devise a successful risk management strategy, steer project risk activities and define aggregation and escalation rules. Now, let us understand tolerance thresholds. It translates the risk appetite into guidelines that steer programme and project behaviour. Tolerance thresholds define the exposure to risks on one level that, if exceeded, requires escalation and reaction from higher hierarchy. In the following screen, we will discuss assumptions, early warning indicators and risk register.

6 Assumptions, Early Warning Indicators and Risk Register

Following are some important information about assumptions, early warning indicators and risk register. Let us begin with assumptions. They are defined as the boundary of the programme or the projects in business case and provide for uncertainties outside its immediate area of influence. Assumptions are the result of an uncertainty and should be treated as sources of risk. A false assumption can have serious effects on the programme and each assumption should be recorded as risk in risk register. It is always advisable to review project assumptions at programme level to ascertain if they should be treated as risks. Next, let us discuss early warning indicators. Risk management needs to be proactive to anticipate potential problems. Early warning indicators provide advance warning of trends or events that can adversely affect the programme’s outcomes. These indicators can be used to track sensitive risks. Some examples of these indicators are requests to change key programme information, delays in delivery of expected or planned benefits, increase in aggregated risks, changes to organisational structure, services and processes. Early warning indicators should be able to measure valid indicators, reviewed on a regular basis and they should use accurate information. This ensures that the early warning indicators are working effectively. Next, let us discuss the risk register. It is a repository used to capture information on risks in a consistent and structured manner. It is created during ‘defining a programme’. The risk management strategy defines the content and purpose of the risk register. Projects maintain their own repository and programmes coordinate the activities with a separate register. The risk management strategy also defines how risks will be escalated from the project to programme level. In the next screen, we will focus on threats and opportunities.

7 Threats and Opportunities

The following are a few facts about threats and opportunities. Risks are normally threats or negative impact on a programme but some risks actually provide opportunities to improve a programme’s outcomes. It means that such risks have a positive impact. The same event can have a different impact on different constituent projects. Also, aggregation of threats or opportunities at the programme level may change the resulting effects again. There can be multiple triggers for a single threat or opportunity. It is important to differentiate between threat and opportunity to focus on risk response as both will have a different type of response. Risk management and benefits management can overlap in a scenario, where an opportunity becomes a potential benefit. It may not be possible to remove the threat or opportunity always, however, it might be possible to avoid or remove events that will trigger the risk. Let us next focus on risk evaluation in the subsequent screen.

8 Evaluating Risks

The uncertainty associated with risks is expressed as their probability of becoming issues that can potentially impact a programme’s cost, time and benefits. Probability is defined as the chances of risk occurrence. The following are different ways to evaluate risks in a programme. Impact is the positive or negative effect of risk in a programme. These impacts can be shown in the form of probability impact grid, giving criteria to each level within a scale that is very high to very low. Probability and impact values can be attributed to these ratings so that the ranking values can be calculated for each cell of the grid. Expected value is a way of estimating the financial exposure of risks by discounting the total cost of their impact against the probability of their occurrence. It is calculated by multiplying the estimated average risk impact by the estimated probability to give a weighted risk. The other methods that can be used to evaluate risk include estimated monetary value calculation, which records the weighted average of the anticipated impact; net present value calculation, which uses an accepted discount rate and risk model, which aggregates the risks together using a simulation technique. In the following screen, let us learn about the probability impact grid in detail.

9 Probability Impact Grid

The image on the screen represents the probability impact grid. The following are a few important information about the probability impact grid. Probability impact grid contains ranking values that may be used to rank threats and opportunities qualitatively. The probability scales are measures of the probability of occurrence of the risk, expressed in percentages, and impact scales reflect the level of impact on a project. The values within grids are multiplication values of probability and impact. These are used to provide an assessment of the severity of the risks and rank them accordingly to help the management in making an informed decision. For example, the Programme Board may set a tolerance of 0.18 (read as zero point one eight), so all risks below this level will be managed by projects while risks above this level are escalated to the programme. We will next discuss risk aggregation in the following screen.

10 Risk Aggregation

Risks can be interdependent and have a cascading effect. They can grow and accumulate into a critical mass. At the project level, a small risk can have a limited impact but if the risk is combined with other risks in adjacent projects, it can produce a significant impact at the programme level. Also, in some cases, the sum of risks is smaller than the individual parts. Prepare a summary risk profile that provides a visual explanation of aggregations and interdependencies. When crafting a risk response, it is always useful to focus on the mitigation of root cause so that it lessens more than one risk at once. To manage aggregation, the Programme Manager should be aware of the level of risk impact on each operation or project. The Programme Manager should have details of the cost of contingency that needs to be planned. Mitigation plan should be prepared to minimise the risk. The Programme Office should play a central role in building and maintaining efficient, effective and consistent two-way flows of information between the programme and its projects. In the next screen, we will focus on summary risk profile.

11 Summary Risk Profile

The image on the screen represents the summary risk profile. A few facts about the summary risk profile are as follows: Summary risk profile helps to see the impact of project risks on a programme. The transparent circles represent the project risks while the red circles represent the programme risks. The grid provides the aggregation and interdependencies in visual representation. This shows how a particular risk can have an impact at the programme level. For example, risks related to interest rates may cancel out each other and reduce the programme risk while in some scenarios, they might aggregate the risk for the programme, such as, stakeholder dissatisfaction. In the next screen, we will discuss the two final arrangements required for managing risks, which are proximity and progress reporting.

12 Proximity and Progress Reporting

Following are a few facts about proximity and progress reporting: Let us begin with proximity. It reflects the fact that risks will occur at particular times in future and the expected value will vary according to their occurrence. It informs the management about when a risk will occur in future, which helps the management to realise the impending urgency of the risk and to formulate a timely response. Next, let us understand progress reporting. It monitors the evolution of overall risk exposure in a programme. A progress report, whether as a separate document or incorporated in other documents, acts as a useful tool to monitor oversight. Programmes should use progress report as an independent report aimed to monitor overall risk and issue trends across the programme. A well-defined and maintained progress report is the main control tool for programmes to manage their risks and issues. Typically, a progress report can include the progress of the planned risk management action, effectiveness of implemented actions, trend analysis of closed and new risks and issues, expenses against contingencies, emerging numbers in different risk or issue categories and projects, anticipated emerging or aggregated risks that require specific management attention and movement of risks against key programme objectives and benefits.

13 Summary

Let us summarise what we have learnt in this lesson: Risk management strategy describes the approach that will be taken to manage risks in a programme. Early warning indictors provide advance warning of trends or events that can adversely affect the programme’s outcomes. The various methods used in evaluating risk in a programme are probability impact grid, expected value, estimated monetary value, net present value calculation and risk model. Proximity informs the management about when a risk will occur in future, which helps the management to formulate a timely response. Next, we will focus on issue management.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Phone Number*
Job Title*