Escolar Documentos
Profissional Documentos
Cultura Documentos
RiskManagement&thePMBOK
JohnH.Dittmer,VI
PMP, CISSPISSMP
PMP,CISSP
ISSMP
Disclaimer
Please
Pleasenotethattheviewsexpressedinthis
note that the views expressed in this
presentationarethepresentersonly.
Thesesviewsdonotrepresentanyofficial
Theses views do not represent any official
positionbyBoozAllenHamiltonoritsclients,
including any governmental agencies
includinganygovernmentalagencies.
Introduction to Risk
IntroductiontoRisk
Chapter11ofthe5thEditionofthePMBOK
p
GuidedealswiththeknowledgeareaofRisk
Management,asubjectofincreasingimportance
for project managers
forprojectmanagers.
Before
BeforeIdiscussindetailthesixproject
I discuss in detail the six project
managementprocessesinvolvedinthis
knowledgearea,Iwantedtotakesometimeout
to discuss some of the basic concepts of risk
todiscusssomeofthebasicconceptsofrisk
managementthatarediscussedatthebeginning
ofthischapter.
ISOssDefinitionofRisk
ISO
Definition of Risk
TheISO31000 (2009)/ISOGuide73:2002definitionof
riskisthe'effectofuncertaintyonobjectives'.Inthis
definition,uncertaintiesincludeevents(whichmayor
maynothappen)anduncertaintiescausedby
y
pp )
y
ambiguityoralackofinformation.
Italsoincludesbothnegativeandpositiveimpactson
objectives.
objectives.
Manydefinitionsofriskexistincommonusage,
howeverthisdefinitionwasdevelopedbyan
international committee representing over 30
internationalcommitteerepresentingover30
countriesandisbasedontheinputofseveralthousand
subjectmatterexperts.
PMIssDefinitionofRisk
PMI
Definition of Risk
According
Accordingto
to the 5thEditionofthePMBOK
5th Edition of the PMBOK
Guide,projectriskisanuncertaineventor
condition that if it occurs has a positive or
conditionthat,ifitoccurs,hasapositiveor
negativeeffectononeormoreproject
objectives such as scope schedule cost or
objectivessuchasscope,schedule,cost,or
quality.
KeystothePMIDefinition
PMIrecognizesthatthereissomedifferencebetweenthetechnical
definitionandtheordinarydefinitionofthewordrisk,becauseinthe
5thEditionofthe PMBOKGuidetherearealotofinstanceswhere
theywillusereducerisksandenhanceopportunities,the
opportunities,ofcourse,beingtheeventswhichimpacttheproject
f
b
h
h h
h
positivelyandtherisksbeingthosewhichimpactitnegatively.
Theyareconcedingtheeverydayusageofthewordriskinorderto
p
p
g
,
y
p
emphasizethepointbeingmade,thatyouhavetoreducetheimpact
orlikelihoodornegativeeventsandenhance thoseofpositiveeventsif
youaretrulydoingriskmanagement.
Thethirdkeypartofthedefinitionisthephraseifitoccurs. Ifariskthat
has been forecast actually occurs it is no longer a risk it is an issue We
hasbeenforecastactuallyoccurs,itisnolongerarisk,itisanissue.We
willdiscussawaytoquantifyitlater.
Iftheprobabilityis1,itisanissue.Thismeansthatrisk
If the probability is 1 it is an issue This means that risk
isalreadymaterialized.Iftheprobabilityiszero,this
meansthatriskwillnothappenandshouldberemoved
fromtheriskregister.
Causes of Risk
CausesofRisk
The
Thecausesofriskcancomefromvarioussources,
causes of risk can come from various sources
suchas:
A
Arequirement,suchaslegalrequirementimp0sedby
requirement, such as legal requirement imp0sed by
lawsorregulations
Anassumption,suchastheconditionsinthemarket
(whichmaychange)
Aconstraint,suchasnumberofpersonnelavailableto
workonanygivenphaseoftheproject,or
k
i
h
f th
j t
Acondition,suchasthematurityoftheorganizations
project management practices
projectmanagementpractices
Risk Attitude
RiskAttitude
Rememberthatriskhastwocomponents,the
uncertainty ofanevent,whichismeasuredbyits
of an event which is measured by its
probability,anditspotentialimpact ontheproject.
Amountofuncertaintythatanorganizationcanacceptis
measured by its risk appetite
measuredbyitsriskappetite
Amountofimpacttheorganizationcanacceptismeasured
byitsrisktolerance.
Th
Thecombinationoftheuncertaintyandtheprobability
bi i
f h
i
d h
b bili
cangiveyoutheamountthatneedstobeputasideto
handlethatrisk,sometimesreferredtoasthe reserve,
andtheamountofreservethattheorganizationcan
d h
f
h h
i i
acceptismeasuredbyits risk threshold. Itisthis
latterconceptwhichwilldeterminatewhatkindof risk
response theorganizationmaytake.
h
k
Risk Response
RiskResponse
Therearefourpossibleresponsestoarisk,depending
p
p
, p
g
onwhetherthereisloworhighprobabilityofits
occurring,andwhetherthefinancialimpactifitdoes
occurs is either high or low
occursiseitherhighorlow.
Avoid:Forhighprobability,highimpactevents
Transfer(suchaspurchasinginsurance):Forlow
probability,highimpactevents
Mitigate:Forhighprobability,lowimpactevents
Accept:Forlowprobability,lowimpactevents
Accept: For low probability low impact events
Thesearesomeoftheconceptsthatareusedwhen
planningriskmanagementonaproject.
IntroductiontothePMBOK(Part4)
PMBOKalsorecognizesthattherearetenknowledge
areasthatmustalsobeconsideredasapartofthis
projectdevelopmentprocess.Thesenineknowledge
areasinfluencetheproject'sdirectionandguidesthe
decisionmakingprocessforallkeystakeholders
involvedintheproject.Thetenknowledgeareasare:
ProjectIntegrationManagement
Project Scope Management
ProjectScopeManagement
ProjectTimeManagement
ProjectCostManagement
Project Quality Management
ProjectQualityManagement
ProjectHumanResourceManagement
ProjectCommunicationsManagement
ProjectRiskManagement
ProjectProcurementManagement
ProjectStakeholdersManagement(NEW!Addedin5thedition)
SummaryofMajorChangeswiththe
PMBOK5th Edition
d
ThecontentfromSection3TheStandardfor
f
ProjectManagementofaProjecthasbeen
movedtoAnnexA1.ThenewSection3addresses
project management processes and Process
projectmanagementprocessesandProcess
Groups.
The
TheadditionofanewKnowledgeArea
addition of a new Knowledge Area Project
Project
StakeholderManagement increasesthe
KnowledgeAreasfromninetoten.
Eachmajorknowledgeareahasbeenreinforced
intermsoftheirplanningprocesses.
31July2013
31
July 2013
01July2013
31 August 2013
31August2013
31August2013
31July2013
y
Theannualizedlossexpectancyistheproductoftheannual
p
y
p
rateofoccurrence(ARO)andthesinglelossexpectancy.
ALE=ARO*SLE
ALE
=ARO*SLE
Foranannualrateofoccurrenceofone,theannualizedloss
expectancyis1*$25,000,or$25,000.
ForanAROofthree,theequationis:ALE=3*$25,000.
Therefore: ALE = $75 000
Therefore:ALE=$75,000
Questions?
ThankYou!
JohnDittmer
Dittmer_John@bah.com