Risk Management

Table of Contents

I Introduction II Stakeholders Engagement

› Types of Risk › Risk Appetite

› Risk Categories › Risk Tolerance
› Risk Identification

Risk Management
III Procedure IV Tools & Practices

› Risk Planning › Impact &Probability Analysis

› Risk Identification › Risk Mitigation Strategies
› Risk Assessment › Qualitative Analysis
› Risk Monitoring › Quantitative Analysis
› Risk Tracking
Introduction
 Operational
Strategic › Cost Overrun
› Operational Controls
› Demand Shortfall › Capacity management
› Customer retention › Supply Chain Issues
› Integration problems › Employee Issues incl. fraud
› Pricing pressure › Bribery and Corruption
› Industry downturn › Commodity prices
› JV or partner losses

Types of Risks
› Macroeconomic
› Political Issues
› Legal Issues › Debt and interest rates
› Terrorism › Financial management
› Natural disasters › Asset losses
› Goodwill and amortization
› Accounting problems
Hazard
Financial
 Internal & External Risks

Internal Risks
External Risks
Strategic Operational Enablers

Demand Governance Access to Services People

Regulatory
Strategic Planning Processes Financial
Economical
Ethics & Values Business Interruption Technology
Socio- Political

Environment Stakeholder Relations Emergency Response Infrastructure

 Risk Categories

Product Design System/ Software Manufacturing All Other Project Management Quality

Product Performance Data Accuracy Assembly Consumer service Teamwork Quality system

Design Security Tools Environment Product cost Sigma Levels

Your text here Your text here Your text here Your text here Your text here Your text here

Your text here Your text here Your text here Your text here Your text here Your text here

Your text here Your text here Your text here Your text here Your text here Your text here
 Identification of Risk Categories

Risk Category Financial Financial Operational Operational Strategic Strategic

Customer Demand
Risk Subcategory Funding Capacity Capacity Availability
Retention Shortfall

Likelihood 2 3 3 4 5 5

Risk level
Profitable Growth

Low Price

Develop New product

Leverage Technology

Risk Score by Risk Category

 Risk Severity Dial

Medium
This slide is 100% editable. Adapt
it to your needs and capture
your audience's attention.

Low High
This slide is 100% editable. Adapt This slide is 100% editable. Adapt
it to your needs and capture it to your needs and capture
your audience's attention. your audience's attention.
Stakeholders
Engagement
 Risk Appetite

High

Exceeding Risk Appetite

Medium
Impact

Within Risk Appetite

Obtain an estimate of the risk appetite of the
Low

shareholders with the help of the below bar graph.

This will help in assessing the acceptable risk level

Low Medium High

Likelihood
 Risk Tolerance

Very Low Low Moderate High Very High

0.7 0.2 0.1 0.9 0.5

Insignificant 10- 20% cost 20- 25% cost

Cost <10% cost increase > 25% cost increase
increase increase increase

Insignificant fall <7% schedule 7-10% schedule 10-15% schedule 15-20% schedule
Schedule in schedule slippage slippage slippage slippage

Insignificant scope Minor areas of Major areas of Reduction Project end item
Scope decrease scope affected scope affected unacceptable is useless

Only demanding
Barely noticeable Reduction requires Reduction Project end item
Quality degradation
applications are
approval unacceptable is unusable
affected
 Risk Tolerance

Impact

Loss of key managers

Business continuity
problems Supplier default
IT problems

Product or
Loss of key partnerships
service quality

Poor project
management

Likelihood
Risk Management
Procedure
 Procedure for Managing Risks

Risk Planning Risk Register

Risk Monitoring

Risk Tracking Risk Assessment Risk Identification

 Risk Assessment
Risk Rating Guide
Probability Impact Impact

Very
› Major uncertainties remain › Performance, quality, cost or safety impacts Low Med High
High
High (5) › No or little prior experience or data resulting in major redesign and program delay
› Infrastructure and/or resources not in place
Very Show
1 3 5 R
High stopper

› Some uncertainties remain › Performance, quality, cost and/or safety Significant

Medium (3) › Some experience and data exist impacts resulting in minor redesign and High 5 15 25 O

5
risk
› Infrastructure in place but under-resourced schedule adjustment

Proceed w/
Med 3 9 15 Y

3
caution
› Few uncertainties remain › Performance, quality, cost and safety
Low (1) › Significant experience and data exist requirements met within planned schedule
› Infrastructure in place and fully
Low 1 3 5 G No concern

1
Risk Scoring System
Consequences Likelihood of Occurrence Likelihood of Detection
1. No. direct effect on operating service level E. Probability of once in many years A. Detectability is very high
2. Minor deterioration in operating service level D. Probability of once in many operating months B. Considerable warning of failure before occurrence
3. Definite reduction in operating service level C. Probability of once in some operating weeks C. Some warning of failure before occurrence
4. Source deterioration in operating service level B. Probability of weekly occurrence D. Little warning of failure before occurrence
5. Operating service level approaches zero A. Probability of daily occurrence E. Detectability is effectively zero
 Risk Assessment (Cont.)
Consequences

Insignificant Minor Moderate Major Catastrophic

Likelihood 1 2 3 4 5

A. Almost Certain - - - - -

B. Likely - - - - -

C. Possible - - - - -

D. Unlikely - - - - -

E. Rare - - - - -

Extreme Risk High Risk Moderate Risk Low Risk

Immediate Action where senior Management responsibility Managed by specific Managed by
management get involved Should be specified responsible person routine process
 Risk Register
Probability Impact
Type Description of Risk Response Risk
of Risk Risk H M L Perf. Cost Time
Strategy Owner

Lack of acceptance by Market observation, alternative

Design 50k-500k Investor
investor of design proposals designing solutions

Earlier diagnosis of the situation in local

Delays and difficulties in
Design 500k-2m authorities offices, organization of Investor
obtaining opinions and permits
meetings preceding designing process

Conflict among designing Response of a team leader to all forms

Design 50k-500k Designer Office
team members of conflicts – mediation in a team

Proposing for employees to work

Overly optimistic assessment
Design 50k-500k overtime or ordering of part of work to Designer Office
of employee workload
another designing team

Incorrect information from Application to investor for extension of

Design investors and lack of clear 2m-5m time to complete a design due to Investor
guidance additional circumstances

Employment of new employees or

Acceptance of unrealistic
Time 2m-5m ordering part of work to another party Designer Office
deadlines in contact
during a contract

Underestimation of Limiting scope of design to

Budget 2m-5m Investor
design budget necessary minimum.
 Risk Management Plan

Proposed risk
Type of Existing risk treatment Additional Target Person
Outcome Rating treatment actions to
Risk actions in place Resources Date Responsible
mitigate risk

Detailed
Performance Proper assessment of John
Strategic risk 2 understanding Your text here 31/4/2018
Deterioration underlying strategies Smith
of the market

Detailed
Performance Proper assessment of John
Strategic risk 2 understanding Your text here 31/4/2018
Deterioration underlying strategies Smith
of the market

Detailed
Performance Proper assessment of John
Strategic risk 2 understanding Your text here 31/4/2018
Deterioration underlying strategies Smith
of the market

Detailed
Performance Proper assessment of John
Strategic risk 2 understanding Your text here 31/4/2018
Deterioration underlying strategies Smith
of the market
 Risk Identification

Time Cost
› Schedule overruns › Budget Exceeded
› Tasks omitted from Schedule › Unanticipated
› Opportunity to compress › Expenditure
Schedule

Resources
Communication Identify › Team is under-resourced
› Materials shortage
› Poor communication Risks › Machinery unavailable
(Stakeholder dissatisfaction) › Industrial Action
› Positive & timely › Skills gap
communications (positive
publicity)

Environmental
Scope
› Bad weather results in re-work
› Scope creep › Weather delays progress
› Scope poorly defined › Adverse effects occur
› Project changes poorly › Environmental approvals not
managed complied with
 Risk Identification
How Long Can You Contingency in case
Impact of Doing Without? Vulnerabilities?
Do Without? of a disaster?

Use paper reports for 5 days

Equipment After five days no way to schedule No UPS/ generator,
5 days then go manual for as many
(IT only) production or track orders MD hardware, SPOF SME
members as possible
Look for warehouse space,
Metal building, flood zone,
No production, potential for attempt to salvage
Facility 0 days poor maintenance, no perimeter
bankruptcy, IT non- existent equipment and restart
security, door lock broken
operation, file bankruptcy

Degraded operations, Best effort shifting of

Personnel 0 days Too many SPOF
low service levels available staff, temps

30 days before
Raw Materials None until on hard exhausted Single supplier relationship Search for alternatives supplier
new deliveries

Transportation 30 days in
No suppliers, No deliveries Location, design of entrance None
System 2 days out

Extrusion shuts down, lines cleaned,

0 hours/power Single power feed, no generator
Utilities waste collected and prepared for None
0 hours/water or backup water supply
grinder, IT non-existent

Vendors
4 hours No call center Mercy of vendor Being in-house
(Sourcing)
 Risk Analysis – Complex
Control Measures Risk Analysis Additional Control Risk Analysis (with additional controls)
Description of Risk (Detail any existing Controls)
(Detail additional to be
C L Risk Rating implemented Controls) C L Risk Rating

Step 1: Consider Step 2: Consider Likelihood Step 3: Calculation Risk

What is the consequence of the hazard occurring. Consider What is the likelihood of the hazard consequences occurring 1. Take Step 1 rating and select correct column
what is the most possible consequence with respect to work in Step1 2. 2. Take Step 2 rating and select correct row
3. 3. Use the risk score where the two ratings cross on the
Safety at work Regulatory Almost Is expected to occur in most matrix below.
Non H = High, S = Serious, M = Medium, L = Low
Extreme Sickness
compliance Certain Circumstances (once per year)
Min Maj Crit Ext
Critical Casualty Major non Likely Will probably occur once (every 5 year)
Almost Certain S(A4) S(A3) H(A2) H(A1)
compliance

Likelihood
Medical Possible Event might occur at some time (10years) Likely M(B4) S(B3) H(B2) H(B1)
Major Warning
treatment Possible L(C4) M(C3) S(C2) S(C1)
Minor non Unlikely/ Event expected to occur only in
Minor First aid compliance Rare exceptional circumstances (20+ years) Unlikely Rare L (D4) M(D3) M(D2) S(D1)
 Risk Analysis – Simplified
Impact to Priority
Risk Items (Potential Future Problems Likelihood of Risk
Project if Risk (Likelihood *
Derived from Brainstorming) Item Occurring
Item Does Occur Impact)

New operating system may be unstable 10 10 100

Communication problems over system issues 8 9 72

We may not have the right requirements 9 6 54

Requirements may change late in the cycle 7 7 49

Database software may arrive late 4 8 32

Key people might leave 2 10 20

 Almost Certain
Medium Risk High Risk

Risk Matrix
High Risk

Use the Risk Matrix during risk

Possible
Medium Risk
assessment to define the level of High Risk
Low Risk
risk by considering the category of
probability or likelihood against
the category of consequence
severity. This is a simple
mechanism to increase visibility of

Rare
risks and assist management Low Risk
decision making. Low Risk Medium Risk

Insignificant Moderate Significant

 Risk Response Matrix

Who is
Risk Event Response Contingency Plan Trigger
responsible

Mitigate: Test prototype Work around until

Interface Problems Not solved within 24 hours John
help comes

Mitigate: Test prototype

System Freezing Reinstall OS Still frozen after one hour Louise

Mitigate: Test Demonstration

User Backlash Increase Staff Support Call from top management Helen

Mitigate: Select Reliable Vendor

Hardware Malfunctioning Order replacement Equipment fails Tom
Transfer: Warranty
 Risk Tracker
Description
ID Impact Risk Response Risk Level Risk Owner Notes
of Risk
Confirm delivery dates
1 Supplier Delay Pushes Launch High John Add notes here
by Phase 2

2 Factory Availability Cost Overruns Stakeholder trip to China High Dave Add notes here

Steering Committee Delay Launch Define Marketing

3 Low Carey Add notes here
Unavailable Marketing Plans in March

10

11
 Risk Item Tracking

Monthly Ranking
Risk Items Risk Resolution
This Month Last Month # of Months

Inadequate Planning 1 2 4 Working on revising the entire project plan

Poor Definition of Scope Holding meetings with project customer

2 3 3
and sponsor to clarify scope

Absence of leadership Just assigned a new project manager to

3 1 2 lead the project after old one quit

Poor Cost Estimates 4 4 3 Revisiting cost estimates

Poor time Estimates 5 5 3 Revisiting schedule estimates

Tools & Practices
Tools & Practices
Quantitative
Analysis

Impact &
Probability Qualitative
Analysis Analysis

Risk Mitigation
Strategies
 Risk Impact & Probability Analysis
Impact Cost Time Quality

Manageable by exchange Slight slippage against Slight reduction in quality/scope,

Very Low against Internal budgets internal targets no overall impact

Require some additional Slight slippage against key Failure to include certain
Low funding from Institution milestones or published targets ‘nice to have’ elements

Requires Significant additional Delay affects key stakeholders – Significant elements of scope for
Medium funding from Institution loss of confidence in the project functionality will be unavailable.

Requires Significant Failure to meet key deadlines

Failure to meet the needs of a
High reallocation of Institutional in relation to academic year
large proportion of stakeholders
funds (or borrowing) or strategic plan

Increases threaten Delay jeopardizes Project outcomes

Very High viability of project viability of project effectively unusable
 Risk Mitigation Strategies

Technical Risks 1
• Emphasize team support and avoid stand-
alone project Structure
• Increase project manager authority
• Improve problem handling and communication
• Increase the frequency of project monitoring

2 Cost Risks
• Increase frequency of project monitoring
• Improve communication, project goals
understanding, and team support
• Increase project manager authority

Schedule Risks 3
• Increase the frequency of project monitoring
• Select the most experienced project manager
 Risk Mitigation Plan

Monitor any updates on

popular web browser
Update client more and / or bootstrap and
frequently along the way Perform periodical make sure all UI design
with project progress check on server status works as intended on
updated web browsers or
responsive bootstrap

Client Management Server Technical

Identified Risk Identified Risk Identified Risk
Miscommunication with sponsor Server is down which causes Popular web browsers may get
or client regarding project project to be slightly delayed due an update that will discontinue support
requirement and expectations to application not able to load for features used in our development
as we using responsive bootstrap.
 Qualitative Risk Analysis
Impact 1 2 3 4 5

Probability Negligible Minor Moderate Significant Severe

Low Moderate High

(81-100)% Extreme Risk Extreme Risk
Risk Risk Risk

Low Moderate High

(61-80)% Minimum Risk Extreme Risk
Risk Risk Risk

Low Moderate High High

(41-60)% Minimum Risk
Risk Risk Risk Risk

Low Low Moderate High

(21-40)% Minimum Risk
Risk Risk Risk Risk

Low Moderate High

(1-20)% Minimum Risk Minimum Risk
Risk Risk Risk

Project Risk (Threat & Opportunity) Matrix: Any Risk with a probability of over 80% will be treated as a fact and will be addressed in the Project
Management Plan and not in Risk management. Risk Threshold( which risks move forward) in the process and which one will be
 Quantitative Risk Analysis

Risk Title & Due Total Mitigation Contingency

Resp. Cat. Rating Prob. Impact
Description Date Score Actions Plan

Cost Risk
Borrow money from
Find a partner to
ABC 5/31 Cost High .80 4 3.20 help share costs
the bank or investor
Insufficient funds to to fund the effort
support the bid

Schedule Risk
Borrow additional Hire additional
BMC 6/1 Sched. Low .55 4 2.20 proposal staff from proposal staff or
Insufficient resources another division consultants
to finish work on time

Risk Score = Probability * Impact Risk Probability values are between

0.1 (Remote Chance) – 1.0 (Certain)

Risk Score values are between Risk Impact values are between
1-4 (with 4 being the highest risk) or red, yellow, green, blue. 1 (insignificant) - 4 (Unable to meet objectives)
34

Save hours of work and

impress the crowd next time
you put together a
presentation for your next
meeting. Fully customizable
and animated deck with
library of 1000+ QHSE slides
for just 50$

Pay using PayPal Here

Email: muhammed.mohsin01@[Link]