PRINCE2_LESSON_08.pdf

PRINCE2® Foundation Lesson 8—Risk Theme

Based on AXELOS PRINCE2® material. Material is reproduced under licence from AXELOS Limited. All rights reserved. PRINCE2® is a [registered] trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved. AXELOS® is a [registered] trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved.

1 The Swirl logo™ is a trade mark of AXELOS Limited, used under the permission of AXELOS Limited. All rights reserved.

Copyright 2014, Simplilearn, All rights reserved. Copyright 2014, Simplilearn, All rights reserved.

Objectives After completing this lesson, you will be able to:

2

●

Define Risk theme

●

Explain PRINCE2® approach to Risk theme

●

Define the roles and responsibilities in Risk theme

Copyright 2014, Simplilearn, All rights reserved.

Purpose of Risk Theme The purpose of the Risk theme is to identify, assess and control uncertainty and, as a result, improve the ability of the project to succeed.[1]

Risk identification 3

Copyright 2014, Simplilearn, All rights reserved.

Risk Terms—Definitions Risk: A risk is an uncertain event or set of events that may have an effect on the achievement of

objectives. Threat: An uncertain event that could have a negative impact on objectives. Opportunity: An uncertain event that could have a favorable impact on objectives. It is the project’s objectives that are at risk. These include completing the project by covering a number of targets such as time, cost, quality, scope, benefits and risks.

4

Copyright 2014, Simplilearn, All rights reserved.

Risk—Example

When the project began for the construction of the Sydney Opera House in March 1959, one of the risks identified was that the change in government could affect the project. As it turned out, in 1965, the new Australian government forced design changes in the Sydney Opera house’s architecture, leading to the resignation of Jorn Utzon, the architect who designed it.

5

Copyright 2014, Simplilearn, All rights reserved.

Risk Management The term risk management refers to the systematic application of procedures to the tasks of identifying and assessing risks, and then planning and implementing risk responses.[2] For effective risk management, risk needs to be identified, assessed and controlled. ● Management of risk is a continual activity. ● Risk management applies from the strategic, operational, project and programme perspective.

Figure 8.1. Organisational perspectives. Copyright © AXELOS Limited 2013. Material is reproduced under licence from AXELOS. All rights reserved.

6

Copyright 2014, Simplilearn, All rights reserved.

PRINCE2® Approach to Risk Risk management in projects: ●

Identify whether there are any corporate or programme policies and processes that need to be applied. This information may be in the form of a risk management policy and/or risk management process guide.

●

Should describe the series of steps and their respective associated activities necessary to implement risk management.

●

Should communicate how risk management will be implemented throughout the organisation.

! 7

PRINCE2®’s approach to the Management of Risk (M_O_R®) is based on AXELOS’s publication Management of Risk (M_o_R®) - Guidance for Practitioners 3rd Edition (TSO, 2010). Copyright 2014, Simplilearn, All rights reserved.

Risk Management Strategy Risk Management Strategy explains how risk management activities will be embedded in the project management activities. ●

Risk Management Strategy should have the Project Board’s attitude towards risk taking, which is captured in the form of risk tolerances.

●

Risk appetite varies with organisation, culture, industry, etc.

●

While performing various risk management activities, the detailed information about the threats and opportunity needs to be documented.

! 8

For composition of Risk Management Strategy, please refer PRINCE2® Manual Appendix A. Copyright 2014, Simplilearn, All rights reserved.

Risk Register The purpose of the Risk Register is to capture and maintain information of all the identified threats and opportunities relating to the project. ●

Project support will typically maintain the Risk Register on behalf of the Project Manager.

●

Each risk in the Risk Register is described as:

! 9

o

Unique identifier

o

Who raised the risk

o

When it was raised

o

Category of risk

o

Description of risk For composition of Risk Register, please refer PRINCE2® Manual Appendix A. Copyright 2014, Simplilearn, All rights reserved.

Risk Register (contd.) Each risk in the Risk Register is also described as:

10

Copyright 2014, Simplilearn, All rights reserved.

Risk Management Procedure PRINCE2® recommends a risk management procedure comprising five steps. ●

The five steps are Identify (context and risks), Assess (i.e. Estimate and Evaluate), Plan, Implement and Communicate.

●

The first four steps in risk management procedure are sequential with the communicate step running

in parallel. Figure 8.2. The risk management procedure. Copyright © AXELOS Limited 2013. Material is reproduced under licence from AXELOS. All rights reserved.

11

Copyright 2014, Simplilearn, All rights reserved.

Risk Management Procedure—Identify Identify is the first of the four sequential steps of the risk management procedure. Identify steps includes two sub steps: identify context and identify risks.

Identify context

The goal of the identify context step is to obtain information about the project to understand the specific objectives that are at risk and to formulate the Risk Management Strategy for the project.

12

Identify risks

The goal of the identify risks step is to recognise the threats and opportunities that may affect the project’s objectives.

Copyright 2014, Simplilearn, All rights reserved.

Risk Identification Techniques Risk identification techniques are: ●

Review lessons

●

Risk checklists

●

Risk prompt lists

●

Brainstorming

●

Risk breakdown structure

Figure 8.3. Example of a risk breakdown structure. Copyright © AXELOS Limited 2013. Material is reproduced under licence from AXELOS. All rights reserved.

13

Copyright 2014, Simplilearn, All rights reserved.

Identify—Example

The objective of the Maasvlakte 2 project at the Port of Rotterdam was to increase the capacity of Europe’s largest port (Identify Context). Dutch House of

Representatives, one of the stakeholder’s of the project, cited inability to meet deadlines, scope creep and over-expensive budgets as risks (Identify Risks).

14

Copyright 2014, Simplilearn, All rights reserved.

Risk Cause, Risk Event and Risk Effect Risk cause, risk event and risk effect help in getting a better understanding about

the risk. ●

Risk cause is the event or situation that gives rise to risk.

●

Risk event is the area of uncertainty in terms of the threat or the opportunity.

●

Risk effect describes the impact(s) that the risk would have on the project objectives.

15

Figure 8.4. Risk cause, event and effect. Copyright © AXELOS Limited 2013. Material is reproduced under licence from AXELOS. All rights reserved.

Copyright 2014, Simplilearn, All rights reserved.

Example of Risk Cause, Risk Event and Risk Effect

Due to heavy rainfall this year (risk cause), National Institute of Malaria Research has opined that there is a possibility of more people being effected by malaria (risk event) which will affect its project to control malaria (risk effect).

16

Copyright 2014, Simplilearn, All rights reserved.

Risk Management Procedure—Assess The assess step of the Risk Management Strategy has two steps: estimate and evaluate.

Estimate

The primary goal of the estimate step is to assess the threats and the opportunities to the project in terms of their probability and impact.

17

Evaluate

The primary goal of the evaluate step is to assess the net effect of all the identified threats and opportunities on a project when aggregated.

Copyright 2014, Simplilearn, All rights reserved.

Probability Impact Grid Probability impact grid is a popular technique of estimating the Risk.

Figure 8.5. Probability impact grid. Copyright © AXELOS Limited 2013. Material is reproduced under licence from AXELOS. All rights reserved.

18

Copyright 2014, Simplilearn, All rights reserved.

Risk Management Procedure—Plan The primary goal of the plan step is to prepare specific management responses to the threats and opportunities identified, ideally to remove or reduce the threats and to maximise the opportunities. ●

Risk responses do not necessarily remove the inherent risks in its entirety, leaving residual risks.

●

In some cases, implementing a risk response may lead to secondary risk, i.e. risks that may occur

as a result of revoking a risk response.

19

Copyright 2014, Simplilearn, All rights reserved.

Threat and Opportunity Responses The types of responses for threats and opportunity are: Threat responses

Opportunity responses

Avoid

Exploit

Reduce (probability and/or impact)

Enhance

Fallback (reduces impact only) Transfer (reduces impact only, and often only the financial impact) Share

Accept

Reject

Figure 8.7. Threat and opportunity responses. Copyright © AXELOS Limited 2013. Material is reproduced under licence from AXELOS. All rights reserved.

20

Copyright 2014, Simplilearn, All rights reserved.

Example of Risk Responses

Scenario: None of the Ministry of Petroleum ’s (MP) employees on the project management team has any experience in reorganisation. In this case they can: ● Hire experienced reorganisation contractors to assist MP staff throughout the project (Reduce). ● Include a clause in the agreement with the selected external supplier stating that, if the full functionality of the software solution is not delivered, the selected external supplier will reduce their fees consequently (Transfer). ● Rely on the selected external supplier to provide advice that will protect MP’s interests (Accept). ● Request assistance from federal government if difficulties arise in understanding what is happening (Fallback).

21

Copyright 2014, Simplilearn, All rights reserved.

Example of Risk Responses (contd.)

Scenario: A project to manufacture a smartphone handset is in stage 2. The Project Manager has heard about the possibility of a competitor mobile handset developer launching a similar product earlier than the target date for this project. In this case they can: ● Decide not to compete and cancel the project (Avoid). ● Wait for confirmation of the rival’s product and, if required, include additional gifts, e.g. mobile covers, screen guards, etc. with the handset as an extra incentive (Fallback).

22

Copyright 2014, Simplilearn, All rights reserved.

Risk Management Procedure—Implement An important part of the Implement step is to ensure that there are clear roles and responsibilities allocated to support the Project Manager in the management of project risks. ●

The primary goal of the Implement step is to ensure that the planned risk responses are actioned,

their effectiveness is monitored and corrective action is taken where responses do not match expectations.

23

●

The main roles in this theme are risk owner and risk actionee.

●

In many cases, the risk owner and risk actionee are likely to be the same person.

Copyright 2014, Simplilearn, All rights reserved.

Example of Implement

A multinational bank identified one of its suppliers, an IT service provider, as a potential risk after a corporate scandal was detected in the latter’s organisation. A commercial director at the bank was appointed as a risk owner. One of the risk responses identified was to terminate the contract with the IT service provider and find an alternate supplier. The Procurement Manager for the project was made the risk actionee.

24

Copyright 2014, Simplilearn, All rights reserved.

Risk Management Procedure—Communicate The Communicate step should ensure that information related to the threats and opportunities faced by the project is communicated both within the project and externally to stakeholders. The main forms of communication are the following:

25

●

Checkpoint reports

●

Highlight reports

●

End Stage Report

●

End Project Report

●

Lessons reports Copyright 2014, Simplilearn, All rights reserved.

Risk Budget Risk budget is a sum of money included within the project budget set aside to fund specific management responses to the project’s threats and opportunities. Risk budget is: ●

the Expected Monetary Value (EMV) for responses and impacts for a set of risks determines the

risk budget.

26

●

a part of the project budget.

●

influenced by the risk appetite of the organisation sponsoring the project.

Copyright 2014, Simplilearn, All rights reserved.

Roles and Responsibilities in Risk Theme The table depicts the responsibilities of Corporate or programme management, Executive, Senior User, Senior Supplier in Risk theme. Role

Responsibilities

Corporate or programme management

●

Executive

●

Senior User

●

Ensure that risks to the users are identified, assessed and controlled (such as the impact on benefits, operational use and maintenance).

Senior Supplier

●

Ensure that risks relating to the supplier aspects are identified, assessed and controlled (such as the creation of the project’s products).

Provide the corporate risk management policy and risk management process guide (or similar documents).

Be accountable for all aspects of risk management and in particular, ensure a project Risk Management Strategy exists. ● Ensure that risks associated with the Business Case are identified, assessed and controlled. ● Escalate risks to corporate or programme management as necessary.

Text in box is from Managing Successful Projects with PRINCE2®. Copyright © AXELOS Limited 2013. Material is reproduced under licence from AXELOS. All rights reserved.

27

Copyright 2014, Simplilearn, All rights reserved.

Roles and Responsibilities in Risk Theme (contd.) The table depicts the responsibilities of Project Manager, Team Manager, Project Assurance and Project Support in Risk theme. Role

Responsibilities

Project Manager

●

● ●

Create the Risk Management Strategy. Create and maintain the Risk Register. Ensure that the project risks are being identified, assessed and controlled throughout the project lifecycle.

Team Manager

●

Participate in the identification, assessment and control of risks.

Project Assurance

●

Review risk management practices to ensure that they are performed in line with the project’s Risk Management Strategy.

Project Support

●

Assist the Project Manager in maintaining the project’s Risk Register.

Text in box is from Managing Successful Projects with PRINCE2®. Copyright © AXELOS Limited 2013. Material is reproduced under licence from AXELOS. All rights reserved.

28

Copyright 2014, Simplilearn, All rights reserved.

Quiz

29

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Which of the following steps of risk management procedure runs in parallel to the other steps?

1

a.

Communicate

b. Identify

30

c.

Assess

d.

Plan

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Which of the following steps of risk management procedure runs in parallel to the other steps?

1

a.

Communicate

b. Identify c.

Assess

d.

Plan

Answer: a. Explanation: The first four steps in risk management procedure (i.e., identify, assess, plan and implement) are sequential, with the communicate step running in parallel. 31

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

The purpose of the ___________ is to capture and maintain information on all of the

2

identified threats and opportunities relating to the project. a.

Risk Management Strategy

b. opportunities

32

c.

Risk Register

d.

threats

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

The purpose of the ___________ is to capture and maintain information on all of the

2

identified threats and opportunities relating to the project. a.

Risk Management Strategy

b. opportunities c.

Risk Register

d.

threats

Answer: c. Explanation: The purpose of the Risk Register is to capture and maintain information on all of the identified threats and opportunities relating to the project. 33

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Who is responsible for carrying out a risk response action or actions to respond to a

3

particular risk or set of risks? a.

Risk owner

b. Risk actionee

34

c.

Project Assurance

d.

Project Manager

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Who is responsible for carrying out a risk response action or actions to respond to a

3

particular risk or set of risks? a.

Risk owner

b. Risk actionee c.

Project Assurance

d.

Project Manager

Answer: b. Explanation: The risk actionee is responsible for carrying out a risk response action or actions to respond to a particular risk or set of risks. 35

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Which among the following risk responses can be a threat or opportunity?

4

a.

Enhance

b. Fallback

36

c.

Exploit

d.

Share

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Which among the following risk responses can be a threat or opportunity?

4

a.

Enhance

b. Fallback c.

Exploit

d.

Share

Answer: d. Explanation: Share response is a common response between threat or opportunity.

37

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Which of the following is not a step of risk management procedure?

5

a.

Identify

b. Check

38

c.

Plan

d.

Implement

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Which of the following is not a step of risk management procedure?

5

a.

Identify

b. Check c.

Plan

d.

Implement

Answer: b. Explanation: The five steps of risk management procedure are identify, assess, plan, implement and communicate. 39

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Risk budget, if used, is a sum of money included within the project budget.

6

a.

TRUE

b. FALSE

40

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Risk budget, if used, is a sum of money included within the project budget.

6

a.

TRUE

b. FALSE

Answer: a. Explanation: A risk budget, if used, is a sum of money included within the project budget and set aside to fund specific management responses to the project’s threats and opportunities. 41

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Who maintains the Risk Register on behalf of the Project Manager?

7

a.

Project Support

b. Quality Assurance

42

c.

Team Manager

d.

Project Assurance

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Who maintains the Risk Register on behalf of the Project Manager?

7

a.

Project Support

b. Quality Assurance c.

Team Manager

d.

Project Assurance

Answer: a. Explanation: Project Support will typically maintain the Risk Register on behalf of the Project Manager. 43

Copyright 2014, Simplilearn, All rights reserved.

A useful way of expressing risk considers which of the following aspects of each risk?

QUIZ

8

1. Risk cause, 2. Risk event, 3. Risk effect, 4. Risk tolerance a.

1,2,3

b. 2,3,4

44

c.

1,3,4

d.

1,2,3,4

Copyright 2014, Simplilearn, All rights reserved.

A useful way of expressing risk considers which of the following aspects of each risk?

QUIZ

8

1. Risk cause, 2. Risk event, 3. Risk effect, 4. Risk tolerance a.

1,2,3

b. 2,3,4 c.

1,3,4

d.

1,2,3,4

Answer: a. Explanation: Risk cause, risk event and risk effect are used together to effectively express risk. 45

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Which of the following management products is not used to communicate risks?

9

a.

Checkpoint Reports

b. Highlight Reports

46

c.

Lesson Reports

d.

Project Status Account

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

Which of the following management products is not used to communicate risks?

9

a.

Checkpoint Reports

b. Highlight Reports c.

Lesson Reports

d.

Project Status Account

Answer: d. Explanation: Risks are communicated as part of the following management products: Checkpoint reports, Highlight reports, End Stage Report, End Project Report and Lessons reports. 47

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

For risk management to be effective, risks need to be: 1. identified, 2. assessed, 3.

10

controlled, and 4. communicated. a.

1,2,4

b. 1,2,3

48

c.

2,3,4

d.

1,2,3,4

Copyright 2014, Simplilearn, All rights reserved.

QUIZ

For risk management to be effective, risks need to be: 1. identified, 2. assessed, 3.

10

controlled, and 4. communicated. a.

1,2,4

b. 1,2,3 c.

2,3,4

d.

1,2,3,4

Answer: b. Explanation: For risk management to be effective, risks need to be identified, assessed and controlled. 49

Copyright 2014, Simplilearn, All rights reserved.

Summary Here is a quick recap of what we have learnt in this lesson:

●

The purpose of the Risk theme is to identify, assess and control uncertainty and as a result, improve the ability of the project to succeed

●

A risk is as an uncertain event or set of events that may have an effect on the achievement of objectives

●

To apply risk management procedure in the project, it is important to

identify whether there are any corporate or programme policies and processes that need to be applied

50

Copyright 2014, Simplilearn, All rights reserved.

Thank You

Based on AXELOS PRINCE2® material. Material is reproduced under licence from AXELOS Limited. All rights reserved. PRINCE2® is a [registered] trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved. AXELOS® is a [registered] trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved. The Swirl logo™ is a trade mark of AXELOS Limited, used under the permission of AXELOS Limited. All rights reserved.

51

Copyright2014, 2014, Simplilearn, All rights reserved. Copyright Simplilearn, All rights reserved.

References [1] Based on Managing Successful Projects with PRINCE2®, by AXELOS. Risk, Purpose. [2] Based on Managing Successful Projects with PRINCE2®, by AXELOS. Risk, What is risk management?

52

Copyright 2014, Simplilearn, All rights reserved.