Back to Subject

Unit 4 - Notes

CSEB422 14 min read

Unit 4: Project Execution and Risk Management

1. Project Risk Identification and Analysis

1.1. Understanding Project Risk

A project risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, and quality.

  • Threat (Negative Risk): A risk that would have a negative impact on a project objective. The goal is to avoid or mitigate these.
  • Opportunity (Positive Risk): A risk that would have a positive impact on a project objective. The goal is to exploit or enhance these.
  • Risk vs. Issue: A risk is a potential future event. An issue is a risk that has materialized or a problem that is happening now.

1.2. Risk Identification Process

The process of determining which risks may affect the project and documenting their characteristics. This is an iterative process performed throughout the project lifecycle.

Common Identification Techniques:

  • Brainstorming: A team-based technique to generate a comprehensive list of potential risks.
  • Delphi Technique: An anonymous method where a facilitator uses a questionnaire to solicit ideas about important project risks from a panel of experts. Responses are summarized and recirculated for further comment, leading to a consensus.
  • Interviews: Directly interviewing experienced project participants, stakeholders, and subject matter experts.
  • Root Cause Analysis: A technique used to identify the fundamental reasons behind a problem or risk. It helps in understanding the underlying causes rather than just the symptoms.
  • SWOT Analysis: Examining the project from the perspective of Strengths, Weaknesses, Opportunities, and Threats to identify risks originating from within and outside the project.
  • Checklist Analysis: Using a pre-developed checklist based on historical information and knowledge from similar previous projects.
  • Assumption and Constraint Analysis: Examining the project's assumptions and constraints to identify risks associated with their inaccuracy, instability, or incompleteness.

The primary output of this process is the Risk Register, a living document that logs all identified risks.

2. Qualitative and Quantitative Risk Analysis

After identifying risks, they must be analyzed to prioritize them for further action.

2.1. Qualitative Risk Analysis

This process involves prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact. It is a rapid, subjective, and cost-effective method to establish priorities.

Key Activities & Tools:

  • Probability and Impact Assessment:
    • Probability: The likelihood that a specific risk will occur. Often rated on a scale (e.g., 1-5 or Low, Medium, High).
    • Impact: The potential effect on a project objective if the risk occurs. Also rated on a scale.
  • Probability and Impact Matrix (P-I Matrix): A grid for mapping the probability of each risk's occurrence against its potential impact on an objective. Risks in the high-probability/high-impact zone are given the highest priority.
Example P-I Matrix: Probability Low (1) Medium (3) High (5)
High (0.9) Medium High Critical
Medium (0.5) Low Medium High
Low (0.1) Very Low Low Medium
  • Risk Data Quality Assessment: Evaluating the degree to which the data about risks is useful for risk management. High-quality data is accurate, unbiased, and reliable.
  • Risk Categorization: Grouping risks by source (e.g., technical, external, organizational) using a Risk Breakdown Structure (RBS). This helps in identifying common root causes.
  • Risk Urgency Assessment: Prioritizing risks that require near-term responses.

2.2. Quantitative Risk Analysis

This process numerically analyzes the combined effect of identified individual project risks on overall project objectives. It is not required for all projects and is often used for large, complex, or strategically important projects.

Key Techniques:

  • Monte Carlo Simulation: A computer-based simulation that uses a model of the project's schedule or cost. It runs the model hundreds or thousands of times, each time using random values for uncertain variables (like task duration or cost estimates) based on their probability distributions. The output is a probability distribution of possible project completion dates or costs.
  • Decision Tree Analysis: A diagramming method used to evaluate decisions with multiple options under conditions of uncertainty. It calculates the Expected Monetary Value (EMV) for each path to help choose the option that maximizes value or minimizes cost.
    • EMV = Probability * Impact
  • Sensitivity Analysis (Tornado Diagram): A technique used to determine which individual project risks have the most potential impact on project outcomes. The results are often presented in a tornado diagram, which shows the risks with the widest range of potential impact at the top.

3. Risk Monitoring and Management

3.1. Risk Response Planning

The process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks.

Strategies for Threats (Negative Risks):

  • Avoid: Change the project plan to eliminate the threat entirely.
  • Transfer: Shift the ownership and impact of a threat to a third party (e.g., through insurance, warranties, or contracts).
  • Mitigate: Take action to reduce the probability of occurrence and/or impact of a threat.
  • Accept: Acknowledge the risk but take no action unless the risk occurs. Can be passive (do nothing) or active (develop a contingency reserve).

Strategies for Opportunities (Positive Risks):

  • Exploit: Ensure the opportunity is realized. Change the plan to make its probability 100%.
  • Enhance: Increase the probability and/or the positive impacts of an opportunity.
  • Share: Allocate some or all of the ownership of the opportunity to a third party who is best able to capture the benefit.
  • Accept: Be willing to take advantage of the opportunity if it arises, but not actively pursue it.

3.2. Risk Monitoring

The process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.

Key Activities:

  • Risk Audits: Examining and documenting the effectiveness of risk responses in dealing with identified risks and their root causes.
  • Variance and Trend Analysis: Using project performance data (e.g., Earned Value Management) to compare planned results to actual results, which can indicate potential deviation from the baseline and signal the emergence of risks.
  • Technical Performance Measurement: Comparing technical accomplishments during project execution to the schedule of planned technical achievements.
  • Reserve Analysis: Monitoring the status of contingency and management reserves to see if they are sufficient or if more are needed.
  • Risk Reassessment: Periodically re-evaluating risks, closing outdated risks, and identifying new ones.

3.3. The Risk Management Plan

A component of the project management plan that describes how risk management activities will be structured and performed.

Contents of a Risk Management Plan:

  • Methodology: Defines the approaches, tools, and data sources for risk management.
  • Roles and Responsibilities: Defines the lead, support, and risk management team members for each type of activity in the risk management plan.
  • Budgeting: Assigns resources and estimates costs needed for risk management.
  • Timing: Defines when and how often the risk management processes will be performed.
  • Risk Categories: Provides a structure for identifying risks systematically (e.g., a Risk Breakdown Structure).
  • Definitions of Risk Probability and Impact: Ensures a common understanding and consistent assessment of risks.
  • Probability and Impact Matrix: The predefined matrix used for qualitative analysis.
  • Reporting Formats: Describes the content and format of the risk register and other risk reports.
  • Tracking: Documents how risk activities will be recorded and how risk processes will be audited.

4. Project Quality Management

4.1. Core Concepts

Project Quality Management includes the processes for incorporating the organization's quality policy regarding planning, managing, and controlling project and product quality requirements in order to meet stakeholders’ objectives.

  • Quality: The degree to which a set of inherent characteristics fulfills requirements.
  • Grade: A category assigned to deliverables having the same functional use but different technical characteristics. Low quality is always a problem; low grade may not be.
  • Precision: A measure of exactness.
  • Accuracy: A measure of correctness.

4.2. Quality Characteristics

Also known as the "Dimensions of Quality," these are attributes used to evaluate the quality of a product or service.

  • Performance: A product's primary operating characteristics.
  • Features: The "bells and whistles" or secondary aspects of performance.
  • Reliability: The probability of a product malfunctioning or failing within a specified time period.
  • Conformance: The degree to which a product's design and operating characteristics meet pre-established standards.
  • Durability: A measure of product life.
  • Serviceability: The speed, courtesy, competence, and ease of repair.
  • Aesthetics: How a product looks, feels, sounds, tastes, or smells.
  • Perceived Quality: Inferences about quality based on brand name, reputation, advertising, etc.

4.3. Cost of Quality (CoQ)

A methodology that allows an organization to determine the extent to which its resources are used for activities that prevent poor quality, appraise the quality of the organization’s products or services, and result from internal and external failures.

Two Main Categories:

  1. Cost of Conformance (Cost of Good Quality): Money spent during the project to avoid failures.

    • Prevention Costs: Costs related to preventing defects and errors (e.g., training, process documentation, quality planning, equipment calibration).
    • Appraisal Costs: Costs related to assessing, measuring, and auditing products to ensure they conform to standards (e.g., testing, inspections, quality audits).

  2. Cost of Non-Conformance (Cost of Poor Quality): Money spent during and after the project because of failures.

    • Internal Failure Costs: Costs associated with defects found before the customer receives the product (e.g., rework, scrap, downtime).
    • External Failure Costs: Costs associated with defects found after the customer receives the product (e.g., warranty work, repairs, handling complaints, product recalls, loss of business).

The fundamental principle of CoQ is that it is often less costly to prevent defects than to correct them.

4.4. Quality Policy, Assurance, and Control

  • Quality Policy: A formal statement from senior management that expresses the organization's overall intentions, direction, and objectives related to quality. It provides a framework for quality planning and management.

  • Quality Assurance (QA):

    • Focus: Process-oriented. Ensures the processes used to create deliverables are effective.
    • Goal: To prevent defects.
    • Activities: Auditing quality requirements, process analysis, confirming that the team is following defined standards and procedures. It asks, "Are we doing the right things?"
    • Timing: Proactive, performed throughout the project.

  • Quality Control (QC):

    • Focus: Product-oriented. Examines specific project deliverables to ensure they meet quality standards.
    • Goal: To identify and correct defects.
    • Activities: Inspections, testing, peer reviews, measuring deliverables against acceptance criteria. It asks, "Did we get the right results?"
    • Timing: Reactive, performed during and after the creation of deliverables.

4.5. Key Quality Control Tools

  • Cause-and-Effect Diagram (Ishikawa or Fishbone Diagram): Helps trace an undesirable effect back to its root cause. Causes are often grouped into major categories like People, Methods, Machines, Materials, Measurement, and Environment.
  • Control Charts: A graph used to study how a process changes over time. It has a central line for the average, an upper line for the upper control limit, and a lower line for the lower control limit. A process is "in control" if data points fall between the limits.
  • Pareto Diagram: A type of bar chart where the bars are ordered by frequency or cost, showing which factors are the most significant. It operates on the Pareto principle (80/20 rule), which states that roughly 80% of the problems come from 20% of the causes.
  • Checklists (Tally Sheets): A simple tool for gathering data about the frequency of occurrences, often used as a first step before creating a Pareto chart or control chart.
  • Histograms: A bar graph showing the distribution of numerical data.
  • Scatter Diagrams: A graph that plots pairs of numerical data, one variable on each axis, to look for a relationship between them.

5. Controlling Change

Change is inevitable in projects. Uncontrolled change ("scope creep") is a major cause of project failure. A formal change control process is essential.

Integrated Change Control Process:

  1. Submit a Change Request: Any stakeholder can formally request a change. The request should detail the proposed change, the reason for it, and the expected benefits.
  2. Log the Request: All requests are logged in a change request log for tracking.
  3. Impact Analysis: The project manager and team analyze the impact of the proposed change on all project constraints:
    • Scope: How does it affect deliverables?
    • Schedule: Will it add or save time?
    • Cost: What is the financial impact?
    • Quality: Will quality standards be affected?
    • Risk: Does it introduce new risks or alter existing ones?
    • Resources: Are different or additional resources needed?
  4. Review by Change Control Board (CCB): The CCB, a formally constituted group of stakeholders, reviews the change request and the impact analysis. They have the authority to approve, reject, or defer the change.
  5. Decision and Communication: The CCB's decision is formally documented and communicated to all relevant stakeholders.
  6. Update and Implement: If approved, the project manager updates the project management plan, baselines (scope, schedule, cost), and other relevant documents. The change is then implemented.

6. Project Issues and Project Closing

6.1. Managing Project Issues

An issue is an unplanned event, problem, or question that has already occurred and requires a decision or action.

Issue Management Process:

  1. Identify and Log: Any team member or stakeholder can identify an issue. It is immediately logged in the Issue Log.
  2. The Issue Log: A project document used to track and monitor issues. Each entry typically includes:
    • Issue ID
    • Description of the issue
    • Date identified
    • Identified by
    • Assigned owner (responsible for resolution)
    • Priority/Urgency
    • Status (Open, In Progress, Resolved, Closed)
    • Resolution plan and date
  3. Analyze and Prioritize: The project manager and owner analyze the issue's impact and prioritize it.
  4. Assign and Resolve: The issue is assigned to an owner who is responsible for developing and implementing a resolution plan.
  5. Monitor and Report: The project manager monitors the progress of all open issues and reports their status to stakeholders.
  6. Close: Once the issue is resolved and verified, it is marked as closed in the issue log.

A RAID Log is a common tool that tracks Risks, Assumptions, Issues, and Dependencies in one document.

6.2. Project Closing

The final phase of the project life cycle. It involves formally finalizing all project activities, and it is a critical step that should not be overlooked.

Key Closing Activities:

  • Obtain Formal Acceptance: The project sponsor or client formally accepts the final product, service, or result. This is often done through a formal sign-off document.
  • Transfer Deliverables: The ownership of the project's deliverables is officially transferred to the client or operations team.
  • Financial Closure: All financial matters are closed out. This includes verifying all invoices have been paid, closing project accounts, and finalizing the project budget.
  • Contract Closure: All contracts with vendors, suppliers, and contractors are formally closed according to their terms and conditions.
  • Release Project Resources: The project team members are formally released and reassigned to other projects or their functional roles. Their performance is often documented.
  • Final Project Report: A summary of the project's performance is created, including performance against baselines (scope, schedule, cost), successes, and challenges.
  • Archive Project Documents: All project records (plans, reports, logs, contracts, etc.) are systematically archived for future reference.
  • Celebrate Success: Acknowledging the team's effort and celebrating the completion of the project is important for morale.

6.3. Project Post-Mortem (Lessons Learned)

A process conducted at the end of a project (or a major phase) to review what was successful, what could have been improved, and how to incorporate those lessons into future projects.

Purpose:

  • To identify best practices and successes to be replicated.
  • To identify failures and challenges to be avoided in the future.
  • To improve organizational processes and project management methodologies.
  • To create a knowledge base (Lessons Learned Repository) for future projects.

The Post-Mortem Meeting:

  • Participants: Should include the core project team, the project manager, and key stakeholders.
  • Agenda: A structured agenda that focuses on objective analysis, not blame.
  • Key Questions:
    • What went well? Why?
    • What went wrong? Why?
    • What did we learn?
    • What would we do differently on the next project?
    • Were our estimation, planning, and management processes effective?

The output is a Lessons Learned Report, which becomes a key Organizational Process Asset (OPA) and provides invaluable input for future project planning.

Previous
Unit 3
Next
Unit 5