Project Risk Assessment

A Project Risk Assessment is often required in the current environment when nearly all projects, particularly IT related ones, are at a high risk of failing to meet the defined project scope, budget for the project, project time, or business requirements documentation.

The key to managing IT projects successfully involves an intensive Project Risk Assessment at almost all stages of the project life cycle. This is because a Project Risk Assessment involves identifying all the risks that could have a negative or a positive impact on the project and devising ways to mitigate them.

Though all the project risks may not have a negative impact on the project in reality, all of the risks need to be treated as threats to the project. In project risk management you will identify all the project risks, rank them based on their impact on the project, and then determine the steps that need to be taken to avert these threats. While performing project risk assessment you will analyze the impact of the identified risks on the health of the project. Project risk assessment’s can therefore be either qualitative or quantitative. Each of these types of project risk assessments is discussed below.

1.0 Qualitative Risk Assessment

Quality risk assessment deals with assigning a relative rank to each risk by analyzing the impact and probability of risk occurrence. It is a cost-effective mechanism for assessing risks. It also saves a lot of time. The key requirements for performing a qualitative risk analysis are the project scope document, historical information and lessons learned from previous projects, risk management plan, and the risk register. The commonly used techniques for performing qualitative risk assessment are:

1.1 Probability and Impact Matrix

This matrix is created to rank the risks as high, moderate, and low. Values are assigned to risks based on their impact and accordingly a risk response plan is devised.

1.2 Risk Probability and Impact Assessment

Risk probability is typically arrived at by using expert judgment such as your internal IT QA function or even Internal Audit. The impact of the risk is analyzed by using the cardinal scale or the impact scale. Meetings are convened by inviting people having experience in dealing with similar risks on previous projects and the risk probability and impact are further analyzed.

1.3 Risk Categorization

In this technique, the project risks are categorized based on the areas of project that will be impacted and the project phase that will bear the impact of the risk.

2.0 Quantitative Risk Assessment

While performing a quantitative risk assessment you will typically assign numeric ratings to the identified risks to segregate high and low value risks. Once you are through with the process of quantitative risk assessment, you will have a prioritized risk of quantified risks and also a clear probability of meeting the project cost, schedule, and quality requirements.

To perform a quantitative analysis of the risks you need to have the consolidate list of all the project risks, the acceptable risk tolerance limits of the project stakeholders, and the cost and time estimate for completing the project. Some commonly used techniques for quantitative risk analysis are listed below:

2.1 Interviewing

Data around past project experiences and project risks is gathered by interviewing stakeholders and experienced project team members.

2.2 Simulation

The Monte Carol analysis is used to schedule simulations with the intention of quantifying schedule risks.

2.3 Expected Monetary Value Analysis

This technique of quantitative risk analysis involves calculating the product of probability of risk occurrence and the value of the risk event. Risks with a higher value of expected monetary value are addressed on a priority.

After you have analyzed risks both qualitatively and quantitatively, you need to take adequate measures to reduce the threats and maximize the outcome of the opportunities identified by the project risk assessment process. You should also get started with devising appropriate response plans for the risks identified.

Project Risk Assessment- Tip

The nature and complexity of the project that you are working on and the availability of time and project budget will ideally decide whether you need to perform both Qualitative and Quantitative risk assessments or just one of them. Whether you decide to perform one or both of them, risk identification and risk assessment should be an ongoing process as risks might occur at any stage of the project.