Lecture 33: Risk Management - Risk Assessment
Unit 4: Software Project Management (4353202)
Lecture Agenda
- Recap of Risk Identification
- What is Risk Assessment?
- Components of Risk Assessment: Probability
- Components of Risk Assessment: Impact
- Calculating Risk Exposure
- Risk Assessment Matrix
- Techniques for Risk Assessment
- Key Takeaways
Recap of Risk Identification
Risk Identification is the first step in risk management, focusing on discovering and describing potential risks (Project, Technical, Business, External) and documenting them in a Risk Register.
What is Risk Assessment?
Risk Assessment is the process of evaluating identified risks to determine their likelihood of occurrence and their potential impact on project objectives. It helps in prioritizing risks so that appropriate attention can be given to the most critical ones.
It answers the question: "How big of a problem is this risk?"
Components of Risk Assessment: Probability
Probability (Likelihood): The chance that a particular risk event will occur. It can be expressed qualitatively (e.g., low, medium, high) or quantitatively (e.g., a percentage or a numerical scale).
| Rating | Probability | Description |
|---|---|---|
| Very Low | < 10% | Unlikely to occur |
| Low | 10-30% | May occur, but not probable |
| Medium | 30-50% | Could occur |
| High | 50-70% | Likely to occur |
| Very High | > 70% | Almost certain to occur |
Components of Risk Assessment: Impact
Impact (Consequence): The effect a risk event would have on project objectives (e.g., schedule, budget, quality, scope) if it occurs. It can also be expressed qualitatively or quantitatively.
| Rating | Impact | Description |
|---|---|---|
| Very Low | Minimal | Negligible effect |
| Low | Minor | Small deviation, easily absorbed |
| Medium | Moderate | Noticeable effect, requires attention |
| High | Significant | Major disruption, serious consequences |
| Very High | Catastrophic | Project failure, severe damage |
Calculating Risk Exposure
Risk exposure (or risk score) is a quantitative measure that combines probability and impact to provide an overall indication of the risk's severity.
Risk Exposure = Probability × Impact
Using a numerical scale (e.g., 1-5 for both probability and impact), the risk exposure can range from 1 (very low) to 25 (very high).
Risk Assessment Matrix
A Risk Assessment Matrix is a visual tool used to plot risks based on their probability and impact, helping to prioritize them.
| Low Impact | Medium Impact | High Impact | |
|---|---|---|---|
| High Probability | Medium Risk | High Risk | Very High Risk |
| Medium Probability | Low Risk | Medium Risk | High Risk |
| Low Probability | Very Low Risk | Low Risk | Medium Risk |
Techniques for Risk Assessment
- Qualitative Risk Analysis: Prioritizing risks for further analysis or action by assessing their probability of occurrence and impact. (e.g., using a risk matrix)
- Quantitative Risk Analysis: Numerically analyzing the effect of identified risks on overall project objectives. (e.g., Monte Carlo simulation, decision tree analysis)
- Expert Judgment: Leveraging the experience of subject matter experts to assess risks.
- Historical Data Analysis: Using data from similar past projects to inform risk assessments.
Key Takeaways
- **Risk Assessment** evaluates the **probability** and **impact** of identified risks.
- **Risk Exposure** combines these two factors (Probability × Impact).
- A **Risk Matrix** helps in visualizing and prioritizing risks.
- Both **qualitative and quantitative** techniques can be used for assessment.
Next Lecture
Topic: Risk Management - Risk Control
Q & A
Questions & Discussion