Concept of Risk Quantification and Methods used in Project Management
Line 33: | Line 33: | ||
===Purpose and Concept === | ===Purpose and Concept === | ||
− | [[File:Risk Matrix of a project.jpg|thumb| |upright=2||right||Figure 1: Example of risk matrix of a project | + | [[File:Risk Matrix of a project.jpg|thumb| |upright=2||right||Figure 1: Example of risk matrix of a project [http://www.cbisco.com.au/wp-content/uploads/2014/06/aa.jpg]]] |
<div style="text-align: justify;">The objective of risk quantification is to prepare contingencies in terms of costs, time, or human resources and prioritize them in terms of their severity and likelihood, so that appropriate action can be taken accordingly<ref name=Duncan2013/> <ref name=ISO31000/> <ref name=PRINCE2/>. In order to quantify risk, it needs to be identified first. Once risk is identified then it is analyzed in terms of probability of occurrence and impact that it could print on the outcome. The probability is assigned either based on intuition or the previous data of failure rates available for similar events in datasheets. Once probabilities of all events are calculated, a criterion for the likelihood of all the events is defined<ref name=ISO31000/>. For example, if a specific event may occur in exceptional circumstances, like for example less than 3% chance of occurrence, then its likelihood can be assigned as “Rare”. In a similar way, severity or consequence of the events on a project is also classified. For example, if an event may result in abandonment of project then it can be classified as “Catastrophic” or if it may result in a delay of 50% of schedule or 50% of additional cost then it may be classified as “Major”. The risk(R) is calculated by multiplying probability(P) with the impact(I) or severity.</div><br /> | <div style="text-align: justify;">The objective of risk quantification is to prepare contingencies in terms of costs, time, or human resources and prioritize them in terms of their severity and likelihood, so that appropriate action can be taken accordingly<ref name=Duncan2013/> <ref name=ISO31000/> <ref name=PRINCE2/>. In order to quantify risk, it needs to be identified first. Once risk is identified then it is analyzed in terms of probability of occurrence and impact that it could print on the outcome. The probability is assigned either based on intuition or the previous data of failure rates available for similar events in datasheets. Once probabilities of all events are calculated, a criterion for the likelihood of all the events is defined<ref name=ISO31000/>. For example, if a specific event may occur in exceptional circumstances, like for example less than 3% chance of occurrence, then its likelihood can be assigned as “Rare”. In a similar way, severity or consequence of the events on a project is also classified. For example, if an event may result in abandonment of project then it can be classified as “Catastrophic” or if it may result in a delay of 50% of schedule or 50% of additional cost then it may be classified as “Major”. The risk(R) is calculated by multiplying probability(P) with the impact(I) or severity.</div><br /> | ||
Line 41: | Line 41: | ||
===Importance=== | ===Importance=== | ||
− | [[File:Why projects fail.png|thumb| |upright=2||right||Figure 2: Causes of project failure | + | [[File:Why projects fail.png|thumb| |upright=2||right||Figure 2: Causes of project failure [http://media.licdn.com/mpr/mpr/shrinknp_800_800/AAEAAQAAAAAAAAg4AAAAJDVlMzhiNDM5LWJlMWUtNGU5Zi05ZTY4LTAzYWRhODM5YjhmYQ.png]]] |
<div style="text-align: justify;">The term risk or risk assessment may sound like a modern scientific concept, but the idea of risk is as old as recorded human history. The gambling, the very essence of risk, was a popular pastime that inspired Pascal and Fermat’s revolutionary breakthrough into laws of probability <ref>[''Bernstein P.L., “Against the Gods: The remarkable story of risk”, John Wiley & Sons, New York, (1996).''] </ref>. However, Risk as a scientific field is quite young. Around 30-40 years ago scientific journals, papers, and conferences started to cover this idea and principles on how to assess and manage risk <ref>[''Aven T., “Risk assessment and risk management: Review of recent advances on their foundation”, European journal of operational research, (2016), Vol. 253, No. 1, pp. 1-13.'']</ref>. One of the main reasons of project failures is inadequate risk management. Figure 2 shows that 17% of projects fail due to inadequate risk management. Moreover, according to Standish Group (2013)<ref>[Standish. THE CHAOS MANIFESTO. Standish Group, Boston (2013).]</ref>, 59% of IT projects overrun by original cost estimate and 74% are overrun by original time estimate. In software or IT projects, a number of factors contribute to the uncertain outcome of a project. Nogueira et al. (2014)<ref>[Nogueira, Marcelo, and Ricardo J. Machado. “Importance of Risk Process in Management Software Projects in Small Companies.” Ifip Advances in Information and Communication Technology, Vol. 439, No. 2, (2014), pp. 358–365. Web.]</ref> concluded that when a scope is defined and software production teams are guided through the risk process then it becomes easier to take a rational decision. Present decisions may result in future losses or gains. If there is no risk assessment then banks will not be able to make decisions on which projects to finance and which not<ref>[Bernadete Junkes, M., Anabela P. Tereso, and Paulo S. L. P. Afonso. “The Importance of Risk Assessment in the Context of Investment Project Management: a Case Study.” Procedia Computer Science 64 (2015): pp. 902–910. Web.]</ref>. Many construction projects fail to achieve their time, cost and quality goals due to several unforeseeable uncertain events like weather conditions, subcontractor failure, or different site conditions<ref>[Mustafa, Mohammad A., and Jamal F. Al-Bahar. “Project Risk Assessment Using the Analytic Hierarchy Process.” Ieee Transactions on Engineering Management, Vol. 38, No.1, (1991), pp. 48-50. Print.]</ref>. Comprehensive risk assessment can help an organization to quantify risks and prepare contingencies beforehand so that projects can be completed in their original time, cost, and quality estimates. | <div style="text-align: justify;">The term risk or risk assessment may sound like a modern scientific concept, but the idea of risk is as old as recorded human history. The gambling, the very essence of risk, was a popular pastime that inspired Pascal and Fermat’s revolutionary breakthrough into laws of probability <ref>[''Bernstein P.L., “Against the Gods: The remarkable story of risk”, John Wiley & Sons, New York, (1996).''] </ref>. However, Risk as a scientific field is quite young. Around 30-40 years ago scientific journals, papers, and conferences started to cover this idea and principles on how to assess and manage risk <ref>[''Aven T., “Risk assessment and risk management: Review of recent advances on their foundation”, European journal of operational research, (2016), Vol. 253, No. 1, pp. 1-13.'']</ref>. One of the main reasons of project failures is inadequate risk management. Figure 2 shows that 17% of projects fail due to inadequate risk management. Moreover, according to Standish Group (2013)<ref>[Standish. THE CHAOS MANIFESTO. Standish Group, Boston (2013).]</ref>, 59% of IT projects overrun by original cost estimate and 74% are overrun by original time estimate. In software or IT projects, a number of factors contribute to the uncertain outcome of a project. Nogueira et al. (2014)<ref>[Nogueira, Marcelo, and Ricardo J. Machado. “Importance of Risk Process in Management Software Projects in Small Companies.” Ifip Advances in Information and Communication Technology, Vol. 439, No. 2, (2014), pp. 358–365. Web.]</ref> concluded that when a scope is defined and software production teams are guided through the risk process then it becomes easier to take a rational decision. Present decisions may result in future losses or gains. If there is no risk assessment then banks will not be able to make decisions on which projects to finance and which not<ref>[Bernadete Junkes, M., Anabela P. Tereso, and Paulo S. L. P. Afonso. “The Importance of Risk Assessment in the Context of Investment Project Management: a Case Study.” Procedia Computer Science 64 (2015): pp. 902–910. Web.]</ref>. Many construction projects fail to achieve their time, cost and quality goals due to several unforeseeable uncertain events like weather conditions, subcontractor failure, or different site conditions<ref>[Mustafa, Mohammad A., and Jamal F. Al-Bahar. “Project Risk Assessment Using the Analytic Hierarchy Process.” Ieee Transactions on Engineering Management, Vol. 38, No.1, (1991), pp. 48-50. Print.]</ref>. Comprehensive risk assessment can help an organization to quantify risks and prepare contingencies beforehand so that projects can be completed in their original time, cost, and quality estimates. | ||
This implies that the importance of risk assessment cannot be overlooked. First, risk quantification help in preparing contingencies for time and cost estimates. Second, It helps organizations in taking a rational decision in the presence of uncertainty. And third, it provides confidence of dealing unforeseeable events in future rather than acting irrationally. | This implies that the importance of risk assessment cannot be overlooked. First, risk quantification help in preparing contingencies for time and cost estimates. Second, It helps organizations in taking a rational decision in the presence of uncertainty. And third, it provides confidence of dealing unforeseeable events in future rather than acting irrationally. | ||
Line 54: | Line 54: | ||
[[File:Risk management principles.png|thumb| |upright=15|center||Table 2: Risk Management Principles]] | [[File:Risk management principles.png|thumb| |upright=15|center||Table 2: Risk Management Principles]] | ||
− | = | + | =Application= |
===Methods=== | ===Methods=== | ||
<div style="text-align: justify;">Several tools and techniques are used in order to apply risk quantification in projects. PMBOK <ref name=Duncan2013 /> provides 5 methods that can be used in risk quantification process. These tools and techniques are described briefly below, along with application, advantages, and disadvantages of each tool. </div><br /> | <div style="text-align: justify;">Several tools and techniques are used in order to apply risk quantification in projects. PMBOK <ref name=Duncan2013 /> provides 5 methods that can be used in risk quantification process. These tools and techniques are described briefly below, along with application, advantages, and disadvantages of each tool. </div><br /> | ||
Line 105: | Line 105: | ||
=Annotated Bibliography= | =Annotated Bibliography= | ||
+ | <div style="text-align: justify;"> | ||
+ | #'''Luko, Stephen N. “Risk Management Principles and Guidelines.” Quality Engineering, Vol. 25, No. 4, (2013), pp. 451-454. Web.''' This article analyzes principles and guidelines for risk management as outlined by international standards i.e. ISO 31000-2009 and ANSI/ASSE Z690.2-2011. This article provides deep review of effective risk management and its processes. It highlights the importance of risk management in quality management of an organization. | ||
+ | #'''Jamshidi, Afshin et al. “Risk Assessment in ERP Projects Using an Integrated Method.” 3rd International Conference on Control, Engineering and Information Technology (ceit 2015), (2015), 7233184. Web.''' This article highlights the importance of risk assessment in Enterprise Resource Planning (ERP) projects and reasons on why these projects fail. This article proposes a framework based on Fuzzy Failure Mode Effect Analysis (FFMEA) and Grey Rational Analysis (GRA) tools that intends to help managers in identifying and mitigating risks in ERP projects. This framework also provides risk evaluation and help in listing critical risks. This framework can be easily expanded and modified. This article may prove useful for supply chain professionals interested in risk management in ERP. | ||
+ | #'''Milena CHOLES ARVILLA, Sandra. “RISK ASSESSMENT IN PROJECT PLANNING USING FMEA AND CRITICAL PATH METHOD.” Scientific Papers Series : Management, Economic Engineering in Agriculture and Rural Development, (2014).''' The goal of this article is to analyse current risk management methodologies and integrate its elements to create a new agile risk management methodology. The focus of this article is software projects. This article discusses the elements of quality assurance tools that could meet agile development and discusses the possibility of using risk estimation in agile projects. It uses concept of failure mode effect analysis (FMEA) into life cycle of agile projects and produces a metamodel. This article might be useful for readers interested in application of risk assessment in agile projects. | ||
+ | #'''Bogumil, R. J. “Limitations of Probabilistic Risk Assessment.” Ieee Technology and Society Magazine, Vol. 1, No. 3, (1982), pp. 24-28. Web.''' This article provides critical analysis of probabilistic risk assessment techniques. This article argues that probabilistic techniques attempt to quantify likelihood of events on mathematically generated physical model, but fundamental social issues remain unresolved. Hence, proposes a need of prospective risk/benefit analysis. | ||
+ | |||
+ | </div><br /> | ||
==References== | ==References== | ||
<references /> | <references /> |
Revision as of 23:29, 30 September 2017
Contents |
Introduction
Definition
Inputs and Outputs of Risk Quantification
In risk quantification process of a project, there are inputs that should be considered with delegate care and as a result of risk quantification process, outputs are generated. According to PMBOK[1], following inputs are considered and outputs are produced in risk quantification process of any project:
Inputs | Outputs |
---|---|
Stakeholder Risk Tolerance: Every organization and different individuals may have different tolerance for risk value | Opportunities to Pursue, Threats to Respond to: The list of opportunities that should be pursued and threats that should be taken care of. |
Sources of Risks: Categories of possible risk events that may negatively affect the outcome of a project. For example, designs errors, stakeholder actions, or poor estimates etc. | Opportunities to Ignore, Threats to Accept: List of opportunities that can be ignored and threats that can be accepted. |
Potential Risk Events: Discrete occurrences that can occur during a project that may affect the outcome of the project. Such as natural disaster or departure of key member etc. | |
Cost Estimates: Assessment of likely cost required to complete the project activities. | |
Activity Duration Estimate: Quantitative assessment of likely number of work period required for activities of a project |
Purpose and Concept
Importance
This implies that the importance of risk assessment cannot be overlooked. First, risk quantification help in preparing contingencies for time and cost estimates. Second, It helps organizations in taking a rational decision in the presence of uncertainty. And third, it provides confidence of dealing unforeseeable events in future rather than acting irrationally.
Analysis of Risk Management Principles and Processes
Figure 3 represents risk management processes of three standards. It can be seen that there is a small difference between processes of these standards, but when the definition of each step is critically analyzed, it can be realized that the basic concept behind all of these standards is not different. This implies different standards divide the risk management process into different steps but the core concepts remain the same. For example, PMBOK[1] defines the third step as risk response development which means categorizing of assessed risks into acceptable or unacceptable risks and developing of responses accordingly. Whereas, almost the same definition exists for risk evaluation step in ISO 31000[2].
Application
Methods
1. Expert Opinion
2. Expected Monetary Value (EMV)
3. Statistical Sums
4. Monte Carlo Analysis or Simulation
Monte Carlo simulation is usually used in cost and schedule estimation. It can also be used in large projects or programs. The benefits of using Monte Carlo are easiness of tool, numerical estimation, and greate level of confidence [17]. Whereas drawbacks or challenges are the use of right distribution as wrong distribution may lead to wrong results, input estimates as right estimates are required to produce right results, and use of right mathematical formula in the software.[18]
5. Decision Trees
Selection of Technique
- Resources and capabilities required to execute a certain risk quantification method[2]
- Degree of uncertainty in the project[2]
- Complexity of the project[2]
- Availability of the past data
Table 3 shows a framework for selecting the right method based on the nature of the project. (This framework provides author’s subjective analysis and hence prone to disagreement.)
Limitations and Challenges
Both Modeling of the system and quantification of probabilities associated are tricky and prone to uncertainty especially when a complex system is under study[17]. In probabilistic risk assessment, the subjective probability is used rigorously which means it is subject to human intuition and may vary from person to person [17] [18]. Further, availability of past data poses another limitation as many experts tend to use probabilistic values of similar past events due to the scarcity of the data. Although, methods or tools that are used in risk quantification process of a project, as mentioned in section 3, try to reduce the uncertainty level to some extent and help in building up confidence level, but the inputs to these methods are also prone to limitations of intuition and hence pose challenges in accurate risk assessment. Several researchers provide guidelines to deal with uncertainty in quantifying risks [19][17]. But, All these facts, makes one question that when risk assessment or quantification cannot guarantee the success of a project then why do managers invest so much effort and money into risk assessment. If risk assessment cannot accurately predict the future, then why to do it in the first place. The answer lies in a famous phrase “better than nothing”. It is always better to perform risk assessment beforehand and be prepared for uncertain events than drastically act on them unprepared when they occur. Moreover, more and extra care is required in assigning probabilities and impacts to get a more accurate risk assessment.
Conclusion
Annotated Bibliography
- Luko, Stephen N. “Risk Management Principles and Guidelines.” Quality Engineering, Vol. 25, No. 4, (2013), pp. 451-454. Web. This article analyzes principles and guidelines for risk management as outlined by international standards i.e. ISO 31000-2009 and ANSI/ASSE Z690.2-2011. This article provides deep review of effective risk management and its processes. It highlights the importance of risk management in quality management of an organization.
- Jamshidi, Afshin et al. “Risk Assessment in ERP Projects Using an Integrated Method.” 3rd International Conference on Control, Engineering and Information Technology (ceit 2015), (2015), 7233184. Web. This article highlights the importance of risk assessment in Enterprise Resource Planning (ERP) projects and reasons on why these projects fail. This article proposes a framework based on Fuzzy Failure Mode Effect Analysis (FFMEA) and Grey Rational Analysis (GRA) tools that intends to help managers in identifying and mitigating risks in ERP projects. This framework also provides risk evaluation and help in listing critical risks. This framework can be easily expanded and modified. This article may prove useful for supply chain professionals interested in risk management in ERP.
- Milena CHOLES ARVILLA, Sandra. “RISK ASSESSMENT IN PROJECT PLANNING USING FMEA AND CRITICAL PATH METHOD.” Scientific Papers Series : Management, Economic Engineering in Agriculture and Rural Development, (2014). The goal of this article is to analyse current risk management methodologies and integrate its elements to create a new agile risk management methodology. The focus of this article is software projects. This article discusses the elements of quality assurance tools that could meet agile development and discusses the possibility of using risk estimation in agile projects. It uses concept of failure mode effect analysis (FMEA) into life cycle of agile projects and produces a metamodel. This article might be useful for readers interested in application of risk assessment in agile projects.
- Bogumil, R. J. “Limitations of Probabilistic Risk Assessment.” Ieee Technology and Society Magazine, Vol. 1, No. 3, (1982), pp. 24-28. Web. This article provides critical analysis of probabilistic risk assessment techniques. This article argues that probabilistic techniques attempt to quantify likelihood of events on mathematically generated physical model, but fundamental social issues remain unresolved. Hence, proposes a need of prospective risk/benefit analysis.
References
- ↑ 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 [Duncan W. R., “A Guide to Project Management Body of Knowledge (PMBOK)”, PMI Standards Committee, (2013).]
- ↑ 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 [ISO 31000: Risk Management - Principles and Guidelines. (2009).]
- ↑ 3.0 3.1 3.2 3.3 [PRINCE2: A Practical Handbook, PRINCE2. (2009). Prince2: a Practical Handbook. Butterworth-Heinemann.]
- ↑ [Bernstein P.L., “Against the Gods: The remarkable story of risk”, John Wiley & Sons, New York, (1996).]
- ↑ [Aven T., “Risk assessment and risk management: Review of recent advances on their foundation”, European journal of operational research, (2016), Vol. 253, No. 1, pp. 1-13.]
- ↑ [Standish. THE CHAOS MANIFESTO. Standish Group, Boston (2013).]
- ↑ [Nogueira, Marcelo, and Ricardo J. Machado. “Importance of Risk Process in Management Software Projects in Small Companies.” Ifip Advances in Information and Communication Technology, Vol. 439, No. 2, (2014), pp. 358–365. Web.]
- ↑ [Bernadete Junkes, M., Anabela P. Tereso, and Paulo S. L. P. Afonso. “The Importance of Risk Assessment in the Context of Investment Project Management: a Case Study.” Procedia Computer Science 64 (2015): pp. 902–910. Web.]
- ↑ [Mustafa, Mohammad A., and Jamal F. Al-Bahar. “Project Risk Assessment Using the Analytic Hierarchy Process.” Ieee Transactions on Engineering Management, Vol. 38, No.1, (1991), pp. 48-50. Print.]
- ↑ [Yildiz A. Z. et al, “Using expert opinion for risk assessment: a case study of a construction project utilizing a risk mapping tool “, Procedia - Social and Behavioral Sciences, (2014), Vol. 119, pp. 519-528.]
- ↑ [Ahmed, A. et al. (2003a), “A conceptual framework for risk analysis in concurrent engineering”, (R1.6 Paper No. 86), Proceedings of the 17th International Conference on Production Research, 4-7 August, Blacksburg, Virginia, USA.]
- ↑ [Clemen, R.T., Making Hard Decisions: An Introduction to Decision Analysis, Druxbury Press, New York, NY. (1996).]
- ↑ [Russell, R.S. and Taylor, B.W. III, Operations Management, Prentice-Hall Inc., Upper Saddle River, NJ, (2000).]
- ↑ [Clemen, R.T. and Reilly, T., Making Hard Decisions with Decision Tools, Druxbury Thomson Learning, Toronto, (2001).]
- ↑ [Perry, J.G. and Haynes, R.W., “Risk and its management in construction projects”, Proceedings of Institution of Civil Engineers, (1985), pp. 499-521.]
- ↑ [Ahmed, Ammar, Berman Kayis, and Sataporn Amornsawadwatana. “A Review of Techniques for Risk Management in Projects.” Ed. by S.C.L. Koh. Benchmarking, Vol. 14, No.1, (2007), pp. 22–36. Web.]
- ↑ 17.0 17.1 17.2 [Winkler, RL. “Uncertainty in Probabilistic Risk Assessment.” Reliability Engineering and System Safety, Vol. 54, No. 2-3, (1996), pp.127-132. Web.]
- ↑ [Gelman, A., Carlin, J.B., Stern, H.S. & Rubin, D.B., Bayesian Data Analysis, Chapman and Hall, London, (1995)]
- ↑ [Bolger, F. “Uncertainty: A Guide to Dealing with Uncertainty in Quantitative Risk and Policy Analysis - Morgan,MG, Henrion,M.” Journal of Behavioral Decision Making, Vol. 9, No. 2, (1996), pp. 147-148. Print.]