System Integration|Chapter 19 (Notes)

---

Previous article: Chapter 18, Safety Management
Next article: Chapter 20, Closing Management

Chapter 19 Risk Management

---

19.1 Overview of risk management and related concepts

risk:

• Overview:

  • Narrow sense: uncertainty of loss, manifested as negative impact
  • Broad meaning: the possibility of loss, but also the opportunity for profit

• Classification:

  • Divide according to nature
    • Pure risk: refers to the risk that only has the possibility of loss but no possibility of profit.
    • Speculative risk: Relative to pure risk, it refers to the risk that there is both the possibility of loss and the opportunity for profit.
  • Divided according to causes
    • natural risks
    • social risk
    • political risk
    • economic risk
    • technology risk
  • software risk
    • Project risks: current demand risks, planning risks, personnel risks, organizational management risks, development environment risks, customer risks, process risks, etc.
    • Technical risk: refers to risks existing in design, implementation, interface, verification, maintenance, ambiguity of specifications, technical uncertainty, obsolete technology, etc.
    • Business risk: mainly includes market risk, strategic risk, sales risk, management risk, budget risk (not guaranteed by budget or related resources)

• nature:

  • 1) Objectivity: Risk is an objective existence that is independent of human will and independent of human consciousness.
  • 2) Contingency: Due to information asymmetry, it is difficult to predict whether future risk events will occur.
  • 3) Relativity: The nature of risks will change due to changes in various factors in time and space.
  • 4) Sociality: The correlation between the consequences of risks and human society determines the sociality of risks, which has great social influence.
  • 5) Uncertainty: Uncertainty in the time of occurrence.

• Identifying features:

  • (1) All-inclusiveness
  • (2) Systematic
  • (3)Dynamic
  • (4) Information dependence
  • (5) Comprehensive

Project risk management includes various processes such as planning risk management, identifying risks, conducting risk analysis, planning risk responses, and controlling risks. The goal of project risk management is to increase the probability and impact of positive events in the project and to reduce the probability and impact of negative events in the project.

1. Plan Risk Management: The process of defining how project risk management activities will be implemented.
2. Identify Risks: The process of determining which risks may affect a project and documenting their characteristics.
3. Implement qualitative risk analysis: It is a process of assessing and comprehensively analyzing the probability and impact of risks, and prioritizing risks to provide a basis for subsequent analysis or actions.
4. Conduct Quantitative Risk Analysis: It is the process of quantitatively analyzing the impact of identified risks on the overall project objectives.
5. It is the process of formulating plans and measures to improve opportunities and reduce threats based on project goals.
6. It is the process of implementing a risk response plan throughout a project, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating the effectiveness of the risk process.

Goal: Increase the probability and impact of positive events in the project, and reduce the probability and impact of negative events in the project.

Risk attitude factors that influence the organization and its stakeholders:

• (1) Risk preference: The degree of uncertainty an entity is willing to tolerate in order to achieve expected returns.
• (2) Risk tolerance: the degree, amount or container of risk that an organization or individual can bear.
• (3) Risk threshold: The specific degree of uncertainty or impact that stakeholders are particularly concerned about. If it is lower than the risk threshold, the organization will accept the risk; if it is higher than the risk threshold, the organization will not be able to bear the risk.

---

19.2 Main processes

include:

• Planning Risk Management (Planning Process Group)
• Identify Risks (Planning Process Group)
• Conduct Qualitative Risk Analysis (Planning Process Group)
• Conduct Quantitative Risk Analysis (Planning Process Group)
• Plan Risk Responses (Planning Process Group)
• Control Risk (Monitoring Process Group)

---

19.2.1 Planning risk management

Overview : The nature of risk will change due to various factors in time and space.

Role : Ensures that the degree, type and visibility of risk management matches the risk and project importance to the organization.

Inputs for planning risk management:

• 1) Project management plan
• 2) Project charter
• 3) Stakeholder register
• 4) Business environment factors
• 5) Organizational process assets

Tools and techniques for planning risk management:

• ① Analysis technology
• ② Expert judgment
• ③ Meeting

Outputs of planning risk management:

• ① Risk management plan
  • Overview: The risk management plan is an integral part of the project management plan and describes how risk management activities will be arranged and implemented.
  • content:
    • (1) Methodology: Determine the methods, tools and data sources that will be used for project risk management
    • (2) Roles and responsibilities: Identify the responsible persons and supporters of each activity in the risk management plan, as well as members of the risk management team, and clarify their responsibilities
    • (3) Budget
    • (4) Timing: Determine the time and frequency of implementing the risk management process during the project life cycle
    • (5) Risk category
    • (6) Definition of risk probability and impact
    • (7) Probability and influence matrix
    • (8) Revised stakeholder tolerance
    • (9) Report form
    • (10) Tracking

---

19.2.2 Identify risks

Overview : It is the process of determining which risks may affect a project and documenting their characteristics

Role : Document the identified risks and build knowledge and skills for the project team to predict future events

Related concepts:

• risk accident
• risk event
• risk factors
• risk hazard

in principle:

• (1) From coarse to fine, from fine to coarse
• (2) Strictly define risk connotations and consider the correlation between risk factors
• (3) Suspicious first, then rule out
• (4) Pay equal attention to exclusion and confirmation. Risks that definitely cannot be ruled out but are not certain and have been confirmed will be considered as confirmed
• (5) If necessary, experimental demonstration can be done

Inputs to identify risks:

• 1) Risk management plan
• 2) Cost management plan
• 3) Progress management plan
• 4) Quality management plan
• 5) Human resources management plan
• 6) Scope benchmark
• 7) Activity cost estimation
• 8) Activity duration estimation
• 9) Stakeholder register
• 10) Project files
• 11) Procurement documents
• 12) Business environment factors
• 13) Organizational process assets

Tools and techniques for identifying risks:

• ① Document review
  • Overview: Conduct a structured review of project documents (including various plans, assumptions, previous project documents, agreements and other information) to identify inconsistencies and potential risks.
• ②Information collection technology
  • include:
    • Brainstorming
    • Delphi technique
    • Interview
    • Root Cause Analysis
• ③ Checklist analysis
  • Overview: Prepare a risk identification checklist based on historical information and knowledge from previous similar projects and other sources
• ④ What-if analysis
• ⑤ Graphical technology
  • include:
    • (1) Cause-and-effect diagram: also called Ishikawa diagram or fishbone diagram, used to identify the causes of risks
    • (2) System process flow chart: shows the interconnection and causal transmission mechanism between the various elements of the system
    • (3) Image diagram: Graphically represent the causal relationship between variables and results, the time sequence of events and other relationships
• ⑥ SWOT analysis
  • Overview: Strengths; Weaknesses; Opportunities; Threats
• ⑦ Expert judgment

Output for identifying risks:

• ① Risk register
  • include:
    • List of identified risks
    • List of potential countermeasures

---

19.2.3 Conduct qualitative risk analysis

Overview : It is a process of assessing and comprehensively analyzing the probability and impact of risks, and prioritizing risks to provide a basis for subsequent analysis or activities.

1. Conducting qualitative risk analysis is the process of assessing and comprehensively analyzing the probability and impact of risks, prioritizing risks, and thus providing a basis for subsequent analysis or action. The main effect of this process is to enable the project manager to reduce the level of uncertainty in the project and focus on high priority risks.
2. Perform qualitative risk analysis on the probability or likelihood of occurrence, the corresponding impact on project objectives if the risk occurs, and other factors (such as response time requirements, organizational risk tolerance related to constraints such as project cost, schedule, scope, and quality) to determine Assessment to identify prioritization of risks.
3. Conducting qualitative risk analysis can often quickly and cost-effectively establish priorities for developing risk responses. The basis can be laid for conducting quantitative risk analysis (if required).

Role : The project manager is able to reduce the level of uncertainty in the project and focus on high-priority risks

Inputs for conducting qualitative risk analysis:

• 1) Risk management plan
• 2) Scope benchmark
• 3) Risk register
• 4) Business environment factors
• 5) Organizational process assets

实施定性风险分析的工具与技术：

• ① Risk probability and impact assessment
• ② Probability and influence matrix
• ③ Risk data quality assessment
• ④ Risk classification
• ⑤ Risk urgency assessment
• ⑥ Expert judgment

Outputs from performing qualitative risk analysis:

• ① Project file update
  • risk register
  • What-if log

---

19.2.4 Implement quantitative risk analysis

Overview : It is the process of quantitatively analyzing the impact of identified risks on the overall project objectives

1. Quantitative risk analysis is the process of quantitatively analyzing the impact of identified risks on the overall project objectives. The function of this process is to generate quantitative risk information to support the decision-making system and reduce project uncertainty.
2. Quantitative risk analysis is performed on risks identified during the qualitative risk analysis process as having a significant potential impact on the competing needs of the project. The implementation of quantitative risk analysis process is to analyze the impact of these risks on project objectives, and is mainly used to evaluate the overall impact of all risks on the project. When performing quantitative analysis, individual risks can also be assigned a priority value.
3. Real-time quantitative risk analysis is generally carried out after implementing the qualitative risk analysis process. When there is insufficient data to build a model, quantitative analysis may not be implemented.

Function : Generate quantitative risk information to support the decision-making system and reduce project uncertainty

Inputs for conducting quantitative risk analysis:

• 1) Risk management plan
• 2) Cost management plan
• 3) Progress management plan
• 4) Risk register
• 5) Business environment factors
• 6) Organizational process assets

Tools and techniques for conducting quantitative risk analysis:

• ① Data collection and display technology
  • (1) Interview
  • (2) Probability distribution (three-point estimation PERT)
• ② Quantitative risk analysis and modeling technology
  • (1) Sensitivity analysis
  • (2) Expected Monetary Value Analysis (EMV)
  • (3) Modeling and simulation
    • Monte Carlo analysis method: Monte Carlo analysis is also called stochastic simulation method. Its basic idea is to first establish a probability model or stochastic process so that its parameters are equal to the solution of the problem, and then calculate the result by observing the model or process. Statistical characteristics of parameters, and finally an approximation of the problem is given, and the accuracy of the solution can be expressed by the standard error of the estimated value. You can remember the keywords of Monte Carlo analysis, "random", "model", and "statistical characteristics".
• ③ Expert judgment

Output from performing quantitative risk analysis:

• ① Risk register update
  • Project probability analysis
  • Probability of achieving cost and time targets
  • Quantitative Risk Prioritization Checklist
  • Trends in Quantitative Risk Analysis Results

---

19.2.5 Planning risk responses

Overview : It is the process of developing plans and measures to improve opportunities and reduce threats based on project goals. This process is also called "formulating risk response measures, or developing a risk response plan."

Role : Develop response measures based on the priority of risks, and add the management resources and activities required for risk response into the project's budget, schedule and project management plan.

People with different attitudes towards risk:

1. Disgusting (negative)
2. Promotional (positive)
3. Intermediate (middle)

Inputs for planning risk responses:

• 1) Risk management plan
• 2) Risk register

Tools and techniques for planning risk responses:

• ① Coping strategies for negative risks or threats
  • 1) Avoidance : such as extending the schedule, changing the strategy or reducing the scope, etc. The most extreme avoidance strategy is to shut down the entire project. Certain risks that arise early in the project can be avoided by clarifying requirements, obtaining information, improving communication, or acquiring proprietary skills.
  • 2) Transfer : Risk transfer can use a variety of tools, including (but not limited to) insurance, performance bonds, guarantees and letters of guarantee, etc. Contracts or agreements can be used to transfer certain specific risks to another party. For example, if the buyer has certain capabilities that the seller does not possess, for the sake of prudence, part of the work and its risks can be transferred to the buyer through contractual provisions. In many cases, cost reimbursement contracts can transfer cost risk to the buyer, while lump sum contracts can transfer the risk to the seller.
  • 3) Mitigation : Examples of mitigation measures include adopting less complex processes, conducting more tests, or selecting more reliable suppliers. It may require developing prototypes to reduce scale-up from bench models to actual processes or product processes. risks of. If the risk probability cannot be reduced, it may be possible to start with the correlation points that determine the risk severity and take mitigation measures based on the risk impact. For example, adding redundant components to a system can mitigate the impact of a primary component failure.
  • 4) Acceptance : Risk acceptance refers to the project team's decision to accept the existence of risks. This strategy can be passive or active. The passive acceptance strategy does not take any action. It only needs to record this strategy without any other actions. When the risk occurs, it will be dealt with by the project team. However, regular review is required. To ensure that the threats have not changed too much. If you adopt a proactive acceptance strategy, you must develop a contingency plan before the risk occurs. The most common proactive acceptance strategy is to establish a contingency reserve, allocating a certain amount of time, money or resources to deal with risks.
• ② Active risk or threat response strategies
  • 1) Exploitation : This strategy can be adopted for risks that have a positive impact if the organization wants to ensure that opportunities are realized. This strategy is designed to remove the uncertainty associated with a particular positive risk, ensuring that opportunities will definitely arise. Direct development involves allocating the organization's most capable resources to the project to shorten completion time, or using new or improved technology to save costs and shorten the ongoing resources required to achieve project goals.
  • 2) Improve : This strategy aims to increase the probability of occurrence and positive impact of opportunities. Identify those key factors that influence the occurrence of positive risks and maximize these factors to increase the probability of the opportunity occurring. Examples of improving opportunities include adding resources to complete activities sooner.
  • 3) Sharing : The positive risk of sharing refers to assigning some or all of the responsibility for responding to opportunities to the third party who can best seize the opportunity for the project. Examples of sharing include forming partnerships and teams that share risks, and becoming companies or consortiums for special purposes to take advantage of opportunities to the benefit of all parties.
  • 4) Acceptance : Accepting opportunities means being willing to take advantage of opportunities when they occur, but not actively pursuing them.
• ③ Emergency response strategy
  • Overview: Some response measures can be designed specifically for certain events. For some risks, the project team can develop response strategies, that is, response plans that can only be implemented when certain predetermined conditions occur.
• ④ Expert judgment

Outputs from planning risk responses:

• ① Project management plan update
• ② Project file update

---

19.2.6 Controlling risks

Overview : It is the process of implementing a risk response plan throughout a project, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating the effectiveness of the risk process.

Role : Improve the efficiency of risk response throughout the project life cycle and continuously optimize risk response measures.

Inputs to control risk:

• 1) Project management plan
• 2) Risk register
• 3) Job performance data
• 4) Work performance report

Tools and techniques to control risk:

• ① Risk reassessment
  • Overview: In controlling risks, it is often necessary to identify new risks, reassess existing risks, and delete obsolete risks. Project risk reassessments should be carried out regularly, and the frequency and level of detail of repeated reassessments should be based on the project and its progress relative to project objectives.
• ② Risk audit
  • Overview: A risk audit is the examination and documentation of the effectiveness of risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.
• ③ Deviation and trend analysis
• ④ Technical measurement performance
  • Overview: Technical performance measurement is the comparison of technical results achieved during project execution.
• ⑤ Reserve analysis
• ⑥ Meeting

Control risk output:

• ① Work performance information
• ② Change request
• ③ Project management plan update
• ④ Project file update
• ⑤ Organizational process asset update

Related instructions

Delphi Technique : The Delphi Technique is a method of organizing experts to reach consensus. Project risk experts participated anonymously. Organizers use questionnaires to solicit opinions on important project risks, then summarize the experts' answers and feed the results back to the experts for further comments. After this process is repeated several times, a consensus may be reached. The Delphi technique helps mitigate bias in the data and prevents any individual from having an undue influence on the results.

Experts are hired in a back-to-back anonymous manner; experts' evaluation conclusions are obtained through questionnaires; questionnaire results are summarized and circulated among experts; experts adjust their own evaluation conclusions; and experts' unanimous opinions on project evaluation are obtained through multiple rounds of consultation.

---

Previous article: Chapter 18, Safety Management
Next article: Chapter 20, Closing Management