Risk analysis (in investment design) - the process of studying the external and internal environment investment process, carried out in order to identify risks, assess their parameters, as well as predict the state of an enterprise operating under risk conditions after a certain point in time by evaluating key performance indicators as random variables. The results of the analysis are used to make decisions and to develop measures to protect against possible losses.

Project risk analysis can be divided into two complementary types: qualitative and quantitative.

Qualitative analysis can be relatively simple, its the main task- identify risk factors, stages of work, during which the risk arises, i.e. identify potential areas of risk, and then identify all possible risks.

Qualitative analysis implies the identification of risks inherent in the project, their description and grouping. Usually, specific risks are identified that are directly related to the implementation of the project (project), as well as force majeure, managerial, legal. For the convenience of further tracking, project risks should be taken into account by stages: initial (pre-investment), investment (construction) and operational. The result of the qualitative risk analysis stage should be a project risk map.

The description of risks at the stage of qualitative analysis does not provide information about possible losses or their probability, it serves as the basis for a quantitative risk analysis.

There are the following methods of qualitative risk analysis:

method of expert assessments - a set of procedures aimed at identifying, ranking and qualitatively assessing the likely risks for the project based on the expert opinions of people with significant experience in project activities;

· SWOT-analysis - allows you to visually contrast the strengths and weaknesses of the project, its opportunities and threats based on a qualitative risk assessment;

risk spiral ("rose") - an illustrated ranking of risks based on qualitative assessments of risk factors;

· the method of analogies or conservative forecasts - the study of accumulated experience on projects in order to calculate the probabilities of losses.

It is necessary to note one important specific feature of the qualitative analysis of project risks, which consists in its quantitative result: the process of conducting a qualitative analysis of project risks should include not only a purely descriptive, “inventory” aspect of determining certain specific types of risks this project, detection possible causes from the occurrence, analysis of the expected consequences of their implementation and proposals for minimizing the identified risks, but also a cost estimate of all these measures minimizing the risk of a particular project.

Conducting a quantitative analysis of project risks is a continuation of a qualitative study and assumes the existence of a certain basic option (expected profitability, cash flow calculations for the project, equipment operation time, etc.), which may change as a result of the implementation of each of the noted risks. The task of quantitative analysis is to numerically measure the degree of influence of project risk factors on the behavior of the performance criteria of the entire investment project. Thus, quantitative risk assessment is a numerical determination of the impact of individual project risks.

The quantitative risk analysis process includes the following steps:

creation of a predictive model;

definition of risk variables;

· determination of the probability distribution of the selected variables and determination of the range of possible values ​​for each of them;

Establishing the presence or absence of correlations among risk variables;

Model runs (determining the characteristics of the resulting values ​​as random variables);

analysis of the results (construction of risk levels).

Risk variables are variables that are critical to the viability of the project, i.e. even small deviations from its expected value negatively affect the project. Sensitivity and uncertainty analysis is used to select variables. Sensitivity analysis measures the response of project results to a change in one or another project variable. The disadvantage of this analysis is that it does not take into account the realism or unrealism of the expected changes in the value of the analyzed variables. In order for the results obtained from a sensitivity analysis to be meaningful, the effect of the uncertainty surrounding the variables being tested must be taken into account.

For example, a small deviation in the purchase price of a certain type of equipment per year X is very important for project revenue, but the probability of this deviation may be small if the supplier is tied certain conditions contract. Therefore, the risk posed by this variable is negligible.

To assess the degree of acceptability of the project risk, it is necessary to allocate risk zones depending on the expected amount of losses.

Table 1. Characteristics of risk zones

The assumptions made are controversial to a certain extent and not always valid for all types of risks, but on the whole quite correctly reflect the most general patterns of change in project risk and make it possible to construct a profit loss probability distribution curve, which is called the risk curve (Fig. 1.4).

The main thing in the quantitative assessment of project risk is the ability to build a risk curve and determine zones and indicators of acceptable, critical and catastrophic risks.

Figure 2. - Risk curve

Currently, the following methods of risk analysis are the most common:

1) statistical;

2) expert assessments;

3) sensitivity analysis;

4) estimates financial stability and solvency;

5) assessing the feasibility of costs;

6) analysis of the consequences of risk accumulations;

7) method of using analogues;

8) combined method.

1. Statistical method consists in studying the statistics of losses and profits that have taken place in a given or similar enterprise in order to determine the likelihood of an event, to establish the magnitude of the risk. Probability means the possibility of obtaining a certain result. For example, the probability of successful promotion of a new product on the market during the year is 3/4, and failure is 1/4. The magnitude, or degree of risk, is measured by two indicators: the average expected value and the volatility (variability) of the possible outcome. The mean expected value is related to the uncertainty of the situation. It is expressed as a weighted average of all possible outcomes, E(x), where the probability of each outcome, A, is used as the frequency, or weight, of the corresponding value of x.

The probabilistic risk assessment is mathematically sufficiently developed, but relying only on mathematical calculations in the analysis of project risks is not always sufficient, since the accuracy of the calculations largely depends on the initial information.

2. The method of expert assessments differs from the statistical method only in the method of collecting information to build a risk curve. This method involves the collection and study of estimates made by various specialists ( this enterprise) concerning the probability of occurrence of different levels of losses. Expert assessment is the opinion of experts on a specific issue identified by a special methodology.

A variation of the expert method is the Delphi method. It is characterized by anonymity and controlled feedback. The anonymity of the members of the commission is ensured by their physical separation, which does not give them the opportunity to discuss the answers to the questions posed. The purpose of such separation is to avoid the "traps" of group decision-making, the dominance of the leader's opinion. After processing the result through a managed feedback the generalized result is reported to each member of the commission. The main purpose of such an action is to allow one to get acquainted with the assessments of other members of the commission, without being subjected to pressure due to the knowledge of who specifically gave this or that assessment. After that, the assessment can be repeated.

3. The project sensitivity analysis consists of the following steps:

the choice of a key indicator with respect to which the sensitivity is assessed (net present value NPV, internal rate of return IRR and so on.);

choice of factors (inflation rate, state of the economy, etc.);

· calculation of key indicator values ​​at different stages of project implementation (purchase of raw materials, production, sales, transportation, capital construction, etc.);

Sensitivity analysis is based on a sequential-single change in the variables tested for riskiness. At each step, only one of the variables changes its value by the predicted percentage (±5%, ±10%, ±15%, etc.), which leads to a recalculation of the final values ​​for the project. The sequences of costs and receipts of financial resources formed in this way make it possible to determine the flows of funds of funds for each moment (or period of time), i.e. define performance indicators. Diagrams are constructed that reflect the dependence of the selected resulting indicators on the value of the initial parameters. Comparing the obtained diagrams with each other, it is possible to determine the so-called key indicators, which have the greatest impact on the assessment of project profitability.

Sensitivity analysis involves the following procedures:

1) Form a project justification model in the form of a set of budgets using MS excel, project Expert any other specialized software.

2) They consider such a model as a “black box”, a system that is fed with project input data (for example, product price, expected sales volume, discount interest rate, loan rate, estimated inflation rate, etc.), on the output of the "black box" "remove" only one parameter. Most often they are the value NPV

3) The justification of the project is calculated several times, using the generated model with different values ​​of the initial data. In this case, the initial data set is formed as follows: all parameters of the initial data, except for one, are left unchanged, one parameter is considered variable, generating several of its values ​​​​at once (usually five) with a certain step of relative changes. Changes, for example, can be: - 20%; - 10%; 0%; + 10%; + 20%. The model is calculated several times for various changes in the variable parameter.

4) Calculate the relative growth rates of the obtained values ​​of the net present value in relation to NPV base variant.

5) Compare the obtained values ​​of the specific increase NPV with a specific increase in the variable parameter.

6) The procedure set out in paragraphs. 3-5 are repeated for other initial parameters, taking each of them separately as variables and fixing the others.

One of the disadvantages of sensitivity analysis is the premise that each input parameter changes independently of the others. Scenario analysis helps to correct this situation when a group of interdependent indicators changes at once.

The sensitivity analysis has a serious drawback - it is not comprehensive and does not specify the likelihood of alternative projects. The sensitivity analysis of the investment project is based on the analysis of changes in one factor, which is a significant limitation of this method. Overcoming this problem is carried out within the framework of the method of statistical tests and the method of scenarios, which are the development of the methodology of sensitivity analysis.

4. Method of analogies. When analyzing the risk of a new project, data on the impact of adverse risk factors on other projects can be very useful. When using analogues, databases on the risk of similar projects are used, research work design and survey institutions, surveys of project managers. The data obtained in this way is processed to identify dependencies in completed projects in order to take into account the potential risk in the implementation of new projects.

When using the analogy method, some caution should be exercised. Even in the most correct and well-known cases of unsuccessful completion of projects, it is very difficult to create the prerequisites for future analysis, i.e. prepare a comprehensive and realistic set of possible project failure scenarios. The fact is that most of the negative consequences are characterized by certain features.

5. Simulation modeling (Monte Carlo method). IN Lately the method of statistical testing became popular - the Monte Carlo method. Simulation modeling is a targeted series of multivariate studies performed on a computer using mathematical models. This direction corresponds to the main idea of ​​system analysis - a combination of human capabilities as a carrier of values, a generator of ideas for decision-making with formal methods that provide the possibility of using computers. Its advantage is the ability to analyze and evaluate various "scenarios" of the project and take into account different risk factors within the same approach. different types projects have different risk vulnerabilities, which is revealed in the simulation.

These parameters are used in simulation modeling, the algorithm of which can be represented as the following sequence of steps:

1) As in the previous case, a project justification model is formed in the form of a set of budgets using project Expert or other specialized software.

2) Similar to the corresponding step in the simulation sensitivity analysis algorithm, a model such as a “black box” is also considered, a system that receives project input data (for example, product price, estimated sales volume, discount interest rate, credit rate, expected inflation rate, etc.). At the output of the black box, only one parameter is “removed”. Most often they are the value NPV, which generates a project with such initial data.

3) A variable factor is selected and, if necessary, the rest are fixed, but unlike the previous method, half of the model is calculated as follows. The model is “bombarded” with random numbers with a distribution law characteristic of the behavior of the initial variable parameter with other fixed values. A series of random numbers can be sequences consisting of several thousand and even tens of thousands of values ​​simulating a change in a variable parameter, while during the sensitivity analysis such a series consisted of only five values.

4) The received values ​​of the resulting parameter are processed (for example, NPV) in order to determine the characteristics of the behavior of the resulting quantity. The asymmetry and kurtosis of the resulting parameter is determined.

5) The corresponding laws of behavior of the initial parameters are compared with the law of behavior of the resulting value. Changes in the distribution parameters of the resulting parameter in relation to the parameters of the behavior of the initial factor will indicate the significance, risk level and tendency to change the resulting project parameter.

6) Appropriate conclusions are drawn and a risk factor management plan is drawn up.

The disadvantage of this method is that it uses probabilistic characteristics for estimates and conclusions, which is not very convenient for direct application and does not satisfy project managers. However, despite indicated deficiencies, this method makes it possible to identify the risk associated with those projects for which decision will not change. It should be noted that, in general, this method is quite laborious, because it involves cyclic repetition of the same calculations according to the model many thousands of times in the process of substituting series of random numbers as initial data, due to which the method received a second name - the Monte method. Carlo. Practice shows that the use of Monte Carlo simulation is justified, first of all, for large and expensive projects.

6. Scenario method. Scenario methods include the following steps:

· a description of the entire set of possible conditions for the implementation of the project in the form of appropriate scenarios or models that take into account the system of restrictions on the values ​​of the main technical, economic, etc. project parameters;

· conversion of initial information about uncertainty factors into information about the probabilities of individual implementation conditions and the corresponding performance indicators or about the intervals for their change;

· Determining the performance indicators of the project as a whole, taking into account the uncertainty of the conditions for its implementation.

As a result of the scenario analysis, the impact on indicators is determined economic efficiency investment project simultaneous changes in all other variables of the project, characterizing its cash flows. The advantage of this method is that the parameter deviations are calculated taking into account their interdependencies (correlations).

When building models, it is necessary to actively engage in the collection and formalization of expert assessments, especially in relation to production and technological risks. The main advantage of using expert assessments lies in the possibility of using the experience of experts in the process of project analysis and taking into account the influence of various qualitative factors.

As a result, it is advisable to build at least three scenarios: pessimistic, optimistic, and the most probable (realistic or average). The main problem of the practical use of the scenario approach is the need to build a model of an investment project and identify the relationship between variables.

The disadvantages of the scenario approach include:

· the need for significant qualitative research of the project model, i.e. creation of several models corresponding to each scenario, including extensive preparatory work on the selection and analytical processing of information;

· Insufficient uncertainty, blurring of scenario boundaries. The correctness of their construction depends on the quality of the model construction and the initial information, which significantly reduces their predictive value. When constructing estimates of the values ​​of variables for each scenario, some voluntarism is allowed;

the effect of a limited number of possible combinations of variables, concluded that the number of scenarios to be detailed is limited, as well as the number of variables to be varied, otherwise it is possible to obtain an excessively large amount of information, the predictive power and practical value of which is greatly reduced .

The scenario method for the examination of project risks has the following features that can be considered as its advantages:

Accounting for the relationship between variables and the influence of this dependence on the values ​​of integral indicators;

construction various options project implementation;

In conclusion, it should be noted that the choice of specific methods for assessing the risks of real investment is determined by a number of factors:

1. Type of investment risk.

2. Completeness and reliability information base, formed to assess the level of probability of various investment risks.

3. The level of qualification of investment managers who carry out the assessment.

4. Technical and software equipment of investment managers, the ability to use modern computer technology conducting such an assessment.

5. The possibility of involving qualified experts in the assessment of complex investment risks, etc.

Consider the process project risk identification .

Target risk identification- make the most full list project risks (first of all, the most dangerous risks).

Risks are usually hidden (like an underwater rock), and they can only be identified based on previous experience, as well as by identifying and analyzing various factors that may be the causes of risks. To do this, the project manager must understand the possible sources of risks, own certain methods for identifying risks and be able to use the knowledge and experience of specialists.

Features of risk management in projects:

1) risks may be associated with different elements of the project and the conditions for its implementation (sources of risks may be the customer's expectations and restrictions, the provision of the project with resources and the qualifications of the performers, the actions of competitors, etc.);

2) as project plans are developed and refined, new sources of risk associated with specific technologies, solutions and performers may appear;

3) the general trend of change in risk factors as the project is implemented is associated with a gradual decrease in the number and probability of possible risk events and in parallel with an increase in the magnitude and cost of the remaining risks;

4) not all risks are identifiable and manageable.

Risk sources subdivided into:

1) external sources - legislation, market reaction to manufactured products, actions of competitors, etc.;

2) internal - special requirements and limitations of the project, technological solutions used, competence of performers, project management features, etc.

Risks resulting from external causes are generally less manageable than internal risks.

Risks may also be:

1) famous - those that can be identified, assessed, analyzed and developed response plans;

2) unknown are those that are impossible or very difficult to foresee, evaluate and, accordingly, it is impossible to develop response plans.

Consequences of risks can be reduced to the impact on the most significant parameters of the project: the timing, cost, quality of results or targets.

To ensure a clear and unambiguous understanding of risks, they are usually formulated by highlighting the source of the risk, the risk itself and the consequences of the risk.

Sometimes project documents state that the risk of the project is “over budgeting the project”. This is an incorrect wording, since exceeding the project budget is the result of a number of risks.

For example, a source of risk may be the lack of interest of staff in the implementation of a new automated system.

The risk lies in the possible sabotage of project work by personnel.

Then the wording of the risk could be as follows: "The risk of sabotage due to the lack of interest of personnel in the implementation of the new system."

The consequences of this risk will be associated with delays in the implementation of the project.

In addition to the source and the risk itself, signs of risks are often formulated.

Risk symptoms (triggers)- these are indirect manifestations that warn (signal) about the possible onset of risk.

For example, a sign of the onset (or imminent onset) of the risk of sabotage may be the negative statements of employees about the project.

Imagine risk classification .

Until now, there is no single standardized risk classification that would be equally applicable to all projects in all areas of activity.

It's connected with:

The presence of a large number of risks specific in nature to specific projects and areas;

The impossibility in some cases to draw a clear line between different types of risks.

Mostly risks offered classify By:

1) sources;

2) consequences;

3) compensatory measures.

At the risk identification stage, the first approach is more useful, proposing to analyze possible risks in relation to the origins (causes) of each type of risk.

The second and third approaches can be useful for analyzing risks and deriving generalized assessments of the impact of risks on the goals of the project, its time and cost parameters.

Depending on the uniqueness of the risk factors, can be risks:

1) common for different types of projects- do not depend on the specific content of the project (for example, insufficient elaboration of plans for the implementation of the project, inconsistency of plans by the participants);

2) specific to certain types of projects(for example, the types and risk factors of a construction project are different from the risk factors of an implementation project information system; the risk factors of an internal investment project of the organization are different from the risk factors of a project executed under a contract for an external customer);

3) specific to a particular project(for example, the risks associated with the use specific technologies and their integration within a specific project).

By types of risk sources can be:

1) technical;

2) marketing and commercial;

3) financial and investment;

4) risks of project participants;

5) social;

6) macroeconomic;

7) political;

8) legal.

May stand out risks associated with various project implementation stages:

1) planning;

2) design;

3) implementation;

4) commissioning.

Assigning an identified specific risk to a particular category of classification is not always unambiguous. What is important is not so much this "binding" as the "self-discovery" of a specific risk and further work to reduce or compensate for it.

More important in relation to planning risk management activities is the classification of risks according to the degree of manageability.

One of the most important tasks in risk identification is the identification of ultimate (or simple) risks.

Associated risks - groups of risks that lead to different consequences depending on whether the risk events occurred together or separately.

All possible project participants should take part in the risk identification process: project manager, project team, experts, customers, investors, etc.

An initial list of risks is developed by the project manager. The main group of project participants is involved in clarifying and supplementing the list.

In order to form an objective assessment, independent specialists may participate at the final stage of the formation of the list of risks.

To implement the procedure risk identification methods and tools:

1) review of project documentation;

2) analysis of assumptions;

3) SWOT analysis of the project;

4) methods of collecting information and working with experts:

Method " brainstorming»;

Delphi method;

Interview;

5) control tables and charts.

Documentation reviews and SWOT analyzes of a project are typically performed to identify major areas of uncertainty and develop an initial list of project risks.

Documentation overview involves a review of existing documents by the project manager and the working group (including a structured analysis of the project plan and available proposals (constraints) both at the level of the entire project and at the level of individual works).

When auditing project documents, analysis of assumptions.

Each project is based on a set of hypotheses, scenarios and assumptions. Assumption analysis examines their correctness, and then identifies project risks (based on the correctness, completeness, and consistency of the assumptions). This allows you to formulate potential risks based on the fact that the assumption made about the project may turn out to be incorrect.

If possible, it is also useful to study archived documentation on other similar projects and their risks.

SWOT analysis– analysis of the strengths and weaknesses of the project, opportunities and threats for its implementation (see Figure 1).

It allows you to see the main risk areas of the project, which can result both from project weaknesses and external threats, and from opportunities (because opportunities are usually associated with new solutions and can be sources of risk).

Figure 1 - SWOT analysis of the project

"Brainstorm" - the fastest method for identifying risks. Its purpose is to compile a broad list of all possible risks, from which the main risks of the project can later be selected.

The disadvantages of "brainstorming" are related to the fact that it is difficult to gather all the experts at the same time, ensure the independence of their opinions and avoid pressure from authorities.

Brainstorming can be more successful if participants prepare in advance by selecting certain categories of risks, and discussion management techniques are used during the meeting.

Delphi method- a method that allows you to reduce the influence of the opinions of more authoritative experts on the rest.

All participants in the survey are identified in advance, but in the examination they speak anonymously, without meeting each other.

Expertise is carried out in several stages.

The expert examiner sends out the questionnaire, collects and processes the answers.

The results obtained are sent to the experts for clarification, taking into account the opinions of other experts.

Each expert has the opportunity to get acquainted with the comprehensive results of the examination, and then give a new, more balanced assessment.

An agreed list of risks can be obtained as a result of several iterations of absentee approvals.

This method allows you to reduce the bias, bias of the analysis and the premature influence of individual members of the group on the opinions of other experts.

The main disadvantage of this method is the duration. In a real project, as a rule, there is not enough time for a full-fledged implementation of this method.

Individual interviews used when brainstorming fails (or in addition to brainstorming). Risks can be identified through surveys, interviews conducted by project risk management specialists.

Persons responsible for risk identification identify specialists in various functional areas of the project. Specialists giving interviews are based on their experience, information about the project and other sources.

To improve the efficiency of working with experts, various diagrams And control tables.

Checklists are lists of typical risks for a given class of projects, structured in accordance with the accepted classification.

Checklists may be developed based on experience gained from previous similar projects or other sources.

The advantage of using checklists is the ability to build on previous experience and structure discussions with experts.

Their disadvantage is the impossibility of compiling a complete, exhaustive control table, tk. user limited existing species risks. Checklists should be used in the initial risk planning phase.

From diagrams most commonly used causal (Ishikawa diagram), which allows you to organize and visualize the view of risks by type and source.

The output of the risk identification procedure should be a list of risks indicating specific sources and, if possible, symptoms of risks.

Practical experience shows that for a sufficiently large and complex project, at least 50 risks must be identified.

Risk identification should be carried out several times during the implementation of the project, as the situation in the project and its environment changes, which leads to a change in the list of risks.

Now consider the process project risk analysis and assessment .

The purpose of risk analysis and assessment is to rank the identified risks and identify the most dangerous of them.

Risk analysis can be qualitative and quantitative.

Qualitative Risk Analysis– the process of expert assessment of the impact and likelihood of identified risks.

Quantitative risk analysis - allows for more precise quantitative indicators the probability of occurrence of individual risks and their impact on the costs and timing of the project, as well as calculate the main parameters of the entire project, taking into account the risks.

Qualitative analysis provides quick but rough estimates, while quantitative analysis provides more accurate estimates but requires considerable effort and time to perform.

Quantitative risk analysis requires reliable input information, good statistical data and mathematical models that allow analysis.

Often, risk management can be limited to only qualitative analysis.

IN analysis identified risks(qualitative and quantitative) can be obtained:

1) list of risks grouped by priority(e.g. high, low, medium).

Risks can also be grouped depending on the urgency of the response: risks that require immediate response, and risks that can be delayed for some time;

2) a list of risks requiring additional analysis.

Risks with high or medium priority, for which there is insufficient information, which may require additional analysis, including additional analysis of causes and consequences;

3) a generalized assessment of the riskiness of the project, which allows you to assess the riskiness of the project as a whole in comparison with other projects.

Methods qualitative risk analysis based on expert opinions and require tools to ensure unified approaches to analysis by various experts, presentation and comparison of estimates.

Experts evaluate two main parameters for each risk:

1) risk probability;

2) the impact of risk on project parameters.

The likelihood and impact of risk can be determined qualitative assessments(such as very high, high, medium, low, very low).

However, in order for experts' assessments to be comparable, they must be based on common scales and criteria. To do this, experts need to be provided with uniform scales and principles of assessment.

Table 1 and Table 2 show examples of assessing the likelihood and impact of a risk on a project.

Table 1 - Evaluation of the likelihood of project risk

Table 2 - Assessment of the impact of risk on the project

Based on expert assessments, a risk map project in the form likelihood/impact matrices(See Figure 2).

The measure of risk (danger risk) is calculated as the product of the probability index by the impact index.

Each cell of the matrix corresponds to a certain value of the risk hazard indicator.

Figure 2 – Project Risk Map (Probability/Impact Matrix)

All project risks are distributed over the cells of the matrix. The project manager gets a clear picture of the risk distribution of the project according to the level of danger.

Risks with high probability and high impact require a priority response. Often such risks are unacceptable for the project, and the condition for the further implementation of the project are actions to minimize these risks.

The risks that low level of danger(unlikely, not having a special impact on the project), can be excluded from further detailed study, limited to less costly response measures.

Levels separating project risks into unacceptable, medium and insignificant (threshold risk levels), are determined for each project individually, depending on the importance of the project for the customer and his willingness to take risks.

In addition to the main risk parameters (probability and impact), it is important to determine risk management capability.

Depending on the type of sources, risks are divided into managed, partially managed and unmanaged.

If dangerous unmanageable risks are found in the project, then these risks must be discussed at the level of the customer and investor.

The presence of dangerous unmanaged risks can cause the project to be stopped and closed (see Figure 3).

Risk analysis requires reliable data. The use of inaccurate data with an incomplete understanding of the risk leads to its incorrect assessment. If there is no confidence in the quality of the input data, it may be necessary to further assess the degree of understanding of the risks by experts and obtain additional information.

Based on the results of a qualitative risk analysis, you can proceed to the development risk response plan.

However, in order to calculate more accurate assessments of risks and their impact on the project, quantitative risk analysis.

Figure 3 - Algorithm for making a decision based on the results of the analysis

Quantitative Analysis carried out for the purpose definitions:

1) the probability of achieving the goals of the project, taking into account the complex impact of risks on the project;

2) realistic costs and deadlines for completing the project for a given level of risk;

3) the total amount of reserves that may be needed.

To implement the quantitative analysis procedure, it is proposed to use modeling methods and tools.

Modeling implies building project models, which reflects the possible fluctuations in the parameters of the project tasks in their impact on the entire project.

For execution quantification risk is usually required to collect additional (quantitative) information about risk parameters(for example, optimistic and pessimistic estimates of the parameters of work, the nature of the distribution of probabilistic estimates).

When conducting cost analysis risks as such a model can be used hierarchical structure works. Network diagrams and tools are used to model the time parameters of the project, taking into account risks. scheduling.

One of the simplest and most common methods for modeling a project, taking into account uncertainty, is the scheduling method. PERT (Program Evaluation and Review Technique). When using the PERT method, the expected duration of the project is determined on the basis of three expert estimates: optimistic, pessimistic and most probable. The calculation is made taking into account the weighting factors (see Figure 4).

As a result, the weighted average (most expected) duration of work with an aggregate level of risk is calculated.

Figure 4 – PERT Grading Scheme

This allows the project manager to build several project schedules:

1) optimistic;

2) pessimistic;

3) the most probable;

4) expected PERT.

Thus, the PERT method allows you to determine expected duration project work based on three probabilistic time estimates:

1) optimistic assessment;

2) pessimistic assessment;

3) the most probable estimate.

The expected duration of the project is determined by the formula:

,

Where OP- the expected duration of the project;

OO– optimistic estimate;

HBO– the most probable estimate;

BY is a pessimistic assessment.

The risks of changing the composition or logical structure of work in the PERT method are not taken into account.

More accurate risk-based project modeling is done using Monte Carlo method, which allows you to create and simulate a variety of scenarios consistent with the given constraints of the original variables.

The method makes it possible to take into account different kinds uncertainties that the project may face.

In contrast to PERT methods, different forms of distribution of random variables (uniform, normal, triangular, beta distribution) can be specified in the model for various probabilistic estimates.

For each risk category, its own type of distribution function is selected, which characterizes the frequency of occurrence of each value of the variable from the domain of definition. The choice is made on the basis of statistical data or expert assessments. Determining the shape of the distribution for each random variable is one of the most difficult tasks to be solved in modeling.

After determining the probability estimates and their distribution functions, the procedure is applied for each job simulation modeling Monte Carlo. During simulation calculations, the parameters of each job are selected randomly in accordance with the type of distribution and within the specified range.

As a result, the probabilistic values ​​of the parameters characterizing the project as a whole (costs and deadlines for the implementation of the main stages and the entire project) are calculated. Carrying out computational iterations is a fully computerized part of the method (the greater the number of runs, the higher the accuracy of the results).

Another type of quantitative risk analysis of the project is sensitivity analysis, which allows you to identify the risks that have the greatest impact on the project. This calculates the impact of changing one of the project input parameters on one of the performance parameters, while the other input parameters remain unchanged.

A fairly simple tool for making decisions on a project, taking into account probabilities, is “ decision tree". The construction of this tree helps to identify possible alternative ways of implementing the project. At the same time, the development of each project development option is accompanied by an assessment of risks and costs, which facilitates the decision-making process, because helps to determine the most profitable solution in terms of cost and probability of occurrence of a risk event. The calculation can be carried out taking into account the probability of one or more successive events occurring on the project. In addition to the integral assessment of the attractiveness of the project as a whole, the parameters of the effectiveness of each option are calculated.

The composition and level of danger of risks will change as the project progresses. At the beginning of a project, when uncertainty is particularly high, the number of potential risk events and their likelihood are also high. But the potential damage from each risk event at the beginning of the project is relatively small.

As the project progresses, the level of uncertainty will decrease and the number of risk events will decrease. However, the magnitude of the potential damage from risks that may occur in the later stages of the project will increase. This means that the project manager must perform a risk analysis and assessment several times during the course of the project.

Risks can be controlled, partially controlled or uncontrolled, depending on the reasons for their occurrence.

External risks, as a rule, cannot be fully controlled.

Internal risks can be partially or completely controlled.

Examples of external and internal risks are presented in Table 3.

Table 3 - External and internal risks of the project (in terms of controllability)

Development of a risk response plan; project risk monitoring and control

Based on the results of the risk analysis, a risk response plan .

Risk response planning– development of measures to ensure general increase the probability of successful completion of the project due to:

Minimizing the likelihood and mitigating the negative consequences of risk events (having a negative impact on the project);

Maximize the likelihood and enhance the positive consequences of risk events (having a positive impact on the project).

This process includes the planning of specific actions to reduce the impact of risks on the project, as well as the distribution of responsibility among project participants for timely response to risk events.

The effectiveness of the developed response measures is determined by reducing the number of risks, reducing the severity of their consequences and increasing the opportunities for more efficient project implementation.

The response planning strategy should be appropriate to the importance of the project, the level of risks, and also take into account the cost-effectiveness of resources and time requirements.

Risk response plan contains a detailed description of the response to identified risks and may include the following sections and documents:

1) a list of project risks, their description, causes and degree of impact of risks on the project;

2) owners of risks and distribution of responsibility;

3) results of qualitative and quantitative risk assessment;

4) the level of risks (probability of occurrence and impact) that is expected to be achieved as a result of the application of response measures;

5) response (avoidance, transfer, minimization or acceptance) for each risk;

6) specific actions within the implementation of the chosen response method;

7) budget and response time;

8) contingency plan, neutralization plan, anti-crisis plan.

In addition to the response plan in progress developing responses the following can be obtained results:

1) List of residual risks(which remain after avoiding, transferring or minimizing risks).

These may be minor risks for which no response plans have been developed. It is usually required to provide additional reserves, taking into account the number of residual risks;

2) secondary risks, arising as a result of the application of response measures to previously identified risks.

Secondary risks must also be identified and require the development of response measures;

3) Additions to contracts, agreements stipulating liability for risks.

Risks can be significantly reduced by involving external organizations in the project or risk insurance;

4) Contingency reserve - these are reserves in case of exceeding the previously determined risk indicators and unforeseen risks.

Basic ways to respond to risks include:

1) for risks with negative consequences:

Risk avoidance;

Transfer of risks;

Risk minimization;

Acceptance of risks;

2) for risks with positive consequences:

Usage;

Sharing with partners;

Gain;

Adoption.

Let's consider in more detail ways to respond to risks with negative consequences(See Figure 5).

Risk avoidance involves changing the project plan and taking actions to completely eliminate the source of the risk or the risk itself.

Some of the reasons for the appearance of risks at the initial stages of the project can be eliminated by changing the requirements for the project, obtaining additional information, changing technical solutions, developing new methods, and attracting experts.

Passive risk avoidance is associated with the rejection of the most risky goals and parts of the project, from the use of new technologies. Passive avoidance of risks can lead to a decrease in the effectiveness of the project as a whole.

Figure 5 - Ways to respond to risks

Risk minimization involves reducing the likelihood of occurrence and the degree of impact of risk on the project to acceptable limits.

It is possible to reduce the likelihood of risks arising as a result of additional research, staff training, the use of various financial instruments and management decisions.

In addition to minimizing the likelihood of risks occurring, attempts are being made to reduce the impact they have by rescheduling projects and using reserves.

If possible, risks and measures to respond to them can be transferred to third parties.

Risk transfer does not completely avoid their impact, it only shifts the responsibility for the risks to other project participants.

The transfer of risks to a third party, as a rule, is accompanied by additional payments associated with the transfer of obligations, powers and guarantees.

In a situation where project participants cannot ensure the implementation of the project in the event of certain risk events, it is effective risk insurance.

Legislation allows you to insure:

Buildings, equipment;

Production capacity;

Staff;

The onset of certain events, etc.

Deductions for business risk insurance can be included in the cost of production within a certain limit.

In addition to shifting financial responsibility for risk to insurance company Maybe distribution (transfer) of risks between project participants. The distribution of risks between the participants occurs when contracts are signed.

The transfer of responsibility for the risk to another participant is usually accompanied by a corresponding redistribution of the benefits (payment for work, profit) of the project in favor of the owner of the risk.

Responsibility for risk is most effectively transferred to those project participants who have the ability to most clearly, efficiently and effectively manage these risks.

Risk taking used due to the impossibility or unreasonable application of any other response measures.

In this case, the decision is made not to change the project plan in advance, but to develop a plan for responding to the occurrence of a risk, the appearance of symptoms of risks, or a plan to neutralize the consequences of the risk. In this case, all response measures are carried out after the occurrence of a risk or after the appearance of signs of a risk.

Neutralization plan risks - one of the tools to minimize the impact of the risks that have occurred, which determines the reserve of time and other resources in case of a risk.

Anti-crisis plan is developed if the identified risks have too significant an impact on the results of the project or if the chosen strategy does not allow one to be 100% sure that it is effective. This plan may involve a change in the goals or strategy of the project.

In the case of choosing the option of accepting risk as a way of responding, it becomes necessary reservation of funds on measures to respond to the consequences of risks. Some Western and Russian sources indicate the possibility of reserving from 7% to 15% of the project funds for possible risks and overcoming their consequences.

Reservation algorithm includes the following steps:

1) assessment of the consequences of the occurrence of a risk event;

2) determination of the structure of the reserve to cover the consequences of a risk event;

3) allocation of funds;

4) control over the use of the formed reserve.

Now consider the process risk monitoring and control project.

Risk monitoring and control are maintained throughout the project and include monitoring the status of identified risks and identifying new risks, as well as ensuring the implementation of the risk management plan and evaluating its effectiveness.

In progress risk monitoring define the following:

1) Are proper risk management procedures in place?

2) Has the risk response been carried out as planned?

3) Are risk response measures effective enough, is there a need to develop new measures?

4) Are the previous assumptions correct?

5) Have symptoms of risks emerged?

6) Has the impact of risks on the project changed compared to the forecast, what is the trend of change?

7) Is there a need to change risk response plans in accordance with emerging new information?

To implement procedures monitoring and control it is suggested to use the following tools:

1) audit of project risk response measures - verification and documentation of the effectiveness of response measures and actions of risk owners;

2) periodic review of project risks - re-identification and risk assessment to identify remaining and newly emerging risks;

3) additional response planning – may be required if the originally planned response is ineffective.

The implementation of control and monitoring of risks may entail the selection of alternative measures to respond to risks, the implementation of corrective actions, and rescheduling of the project.

Results of risk monitoring and control may be the following:

1) Redesigned Risk Response Plan(in case of new risks, which should be documented and "linked" to the project plan and risk response plan);

2) corrective action, carried out according to the plan, in case of unforeseen circumstances or in accordance with the revised risk response plan;

3) Change Requests(the need to make changes to the project plan and other documents in the process of project implementation);

4) Report on the implementation of the risk response plan(the risks that have occurred and the response measures must be documented

completed and evaluated; unrealized risks should be documented, but they can be excluded from the risk response plan);

5) Risk databases(in the process of project risk management, information is collected, accumulated and analyzed; the created risk database can later be used in the implementation of other projects);

6) Questionnaire update(the generated questionnaires containing information on typical project risks should be updated based on the results of the project and can be used in risk management of other projects).

Chapter 10. Project Risk Management

The task of risk management is to reduce the impact of events that threaten the successful implementation of the project, that is, fraught with disruption of the schedule, violation of the budget, non-fulfillment of tasks, as well as low customer satisfaction. As for issues such as labor protection (that is, health and safety) and environmental protection, etc., other processes are designed for this. Risk management focuses on issues that are not included in your project plan and are beyond your control.

Risk management is part of the project planning processes. After all, it is necessary to develop and include in the plan measures to respond to risks. By making this or that assumption, you are already at risk, because you think that your assumption will turn out to be correct. If your expectations are not met, you will face a realized risk.

According to PMBOK, risks can include both negative (threats) and positive unplanned events. If you see potential opportunities that for some reason cannot be realized in the baseline, add them to the risk register. By planning certain activities, you may be able to increase the likelihood of occurrence or positive consequences in the implementation of these "positive risks" and thereby receive additional benefits for the project. I advise you to keep a separate register of "positive risks", that is, the so-called favorable opportunities. Please keep in mind that when dealing with “positive risks”, all relevant rules apply in reverse.

There are several ways to respond to risks:

1. Take measures to prevent the risk (for example, reduce the consumption of combustible materials to avoid a fire).

2. Identify and monitor symptoms for timely diagnosis of the onset of risk (eg study forecasts and monitor actual weather).

3. Take action to reduce potential consequences risk (for example, to create embankments that protect against the spread of oil leaks).

4. Insure against the onset of risks.

5. Develop measures to combat the risk that has occurred (for example, contact the fire department).

6. Embrace the risk.

The critical chain method uses a simplified approach to risk management, as risks are understood to be only specific causes of variability. As far as common causes are concerned, the SSRM proposes specific effective and sufficient measures to deal with their impact on the schedule, costs, and, to some extent, the scope of the project. The project quality management process is also a risk management method in its own way that protects the scope of the project.

In describing risk management, neither the PMBOK, nor its related publications, nor many authors of other management writings make a distinction between general and specific causes of variability. As we mentioned in section 2.5, Deming, the father of TQM, called this the fatal error.

10.1. What is risk management in a project

Risks have two characteristics - the probability of an event occurring and its impact on the project. The weight of the risk can be estimated by simply multiplying these two parameters.

There are the following types of risks:

Risk of incorrect definition of the scope of the project: fraught with customer dissatisfaction. Examples: customer needs are not clear; the boundaries of the content are not fully understood (that is, what tasks the project is intended to solve); the initial installations and assumptions made during planning did not materialize.

Business risks: can affect the value of the project for the business as a whole. Examples: financial risks, a threat to the company's reputation.

Risks associated with technical difficulties in the implementation of the project assignment: accompany the development or use of new rare technologies. Examples: An unexpected side effect found during the development of a new drug.

Contingency risk: under their influence, more than a third of the provided buffer has to be spent on contingencies.

Risks of non-compliance with the schedule: under their influence on the execution of work, the entire buffer for merging paths is spent, or more than a third of the project buffer.

Occupational health and safety risks: a potential threat to the health and safety of the public or the project team that exceeds the standard acceptable level.

Risks associated with a negative impact on environment: some natural environmental factors that can affect the observance of the basic conditions for the successful implementation of the project (content, time, money).

Risks associated with legislative framework in the state: a change in certain standards that are set from outside, for example, new requirements for product safety, a requirement to obtain a new permit document, or a delay in updating an existing one permit document which may affect the fulfillment of the basic conditions for the successful completion of the project.

10.2. Risk Management Process

On fig. 10.1 is a diagram of the risk management process. First you need to determine what risks you may face in the implementation of the project.

Risks can be assessed both in terms of quality and quantity. Quantification techniques include: failure mode and effects analysis, Monte Carlo method, design simulation, PERT, assessment of probable safety and risk tree. For risks that can be described numerically (for example, when it comes to costs or the number of days in the schedule), the consequences of their occurrence can be expressed by multiplying the “cost” of the risk by the probability. For example, if there is a 50% chance of overspending by $100,000, then the risk is "worth" $50,000. Such calculations can give a relative indication of the rank of the risk, but the figure itself is only needed if you are going to insure the risk. Because if nothing happens, then you will not spend anything, and if it does happen, you will lose all $100,000, but not $50,000.

I prefer qualitative analysis and distribution of risks by ranks. Because, as a rule, there is not enough data to conduct a reliable quantitative assessment. At the same time, the derivation of some figures nevertheless gives a feeling of false reliability of the analysis.

10.2.1. RISK MATRIX

Tab. 10.1 represents the basic matrix used in risk management. It contains a list of risks, the result of the assessment, actions to monitor, prevent or reduce the consequences of the occurrence of risks. Populating the table is just an example. Your projects may have their own characteristics and risks. However, I strongly recommend grouping risks of the same type so that the final list is of reasonable size - no more than 10-12 points. More precisely, the number of risks must be estimated based on the scale of your project and the conditions for its implementation. The list of risks for projects worth less than several million dollars and lasting up to a year should not exceed 10 points. If it seems to you that according to your - relatively small - project, the maximum probable and tangible risks alone are much more than 10, it is worth considering whether it is necessary to take on such a project at all.

In the second column of Table. 10.1 describes the risks. To begin with, you can list all the situations that come to mind for you and your colleagues, and then group them for further analysis. You can classify risks according to their degree of probability and significance (next two columns). For example, you might have one weather-related event with big impacts and one with small impacts. Why should they be divided? Because they should have different response measures.

David Hilson proposed a very convenient format for recording risks: “As a result< причина >may come< consequence> which will lead to certain consequences. The use of this formulation is shown in Table. 10.1: causes are written in bold, their effects are in italics, and the final consequences are in standard form.

Columns 3, 4, 5 give relative quantitative characteristics of risks. We are interested in risk because of its probability and consequences. At the bottom of the table, the accepted designations are interpreted and one of the options for categorizing risks by probability and by consequences for the project is also indicated. With this scoring method, you can assign a risk a rank from 1 to 9. Note that probability refers to the likelihood that a risk will occur during the course of a project. The maximum degree of probability here is 50%. If you are more than 50% sure that an event is inevitable, it must be taken into account when drawing up a project plan. That is, all risks with a probability of more than 50% should be considered as initial assumptions already when creating a baseline work plan. The impact of such risks will be offset by a project buffer and, where appropriate, a contingency buffer.

There may be other types of risks in your spreadsheet, such as those related to health and safety or public reaction. Additional information on qualitative and quantitative risk analysis is given in section 10.3.

The sixth column lists the parameters to be continuously monitored. It is necessary to regularly assess the situation: it may be time to revise the risk rating or activate a contingency plan in case of unforeseen situations. Of course, you should, as far as possible, establish in advance what exactly should serve as an alarming symptom for you.

Columns 7 and 8 are the most important. This is a list of actions to prevent or reduce the consequences of the occurrence of risks. Actions can affect both likelihood and consequences. For example, a system to prevent the spread of an oil spill reduces the level of consequences, not the likelihood of a spill. And a double-walled tank is a measure to reduce the chance of leakage. Risk prevention activities should be part of your project management plan. It may also be necessary to plan mitigation actions, such as trainings or urgent purchase of components from another supplier.

10.2.2. RISK ASSESSMENT

AS PART OF PROJECT MANAGEMENT PROCESSES

It's not the risk assessment itself that matters, but how you use it. Of course, if you just list the risks, you can then say: “I told you!” But then the question arises, why didn't you do something yourself? The meaning of risk analysis will only be when you take some action based on the results of this analysis. It could be:

Preventing or reducing the likelihood of a risk occurring (for example, dividing the project into phases or analyzing unclear points more carefully to improve the accuracy of estimates and forecasts);

Transfer of risk (for example, you can give part of the work to subcontractors);

Monitoring the situation to identify an increase in the likelihood of a risk occurring (for example, identify the symptoms of an undesirable event and control their occurrence);

Prevention of the consequences of the risk, if it does occur;

Risk insurance;

Reducing the consequences of the risk, if it does occur.

You can use various combinations of these actions - for example, in accordance with Table. 10.2.

10.3. Risk identification

10.3.1. REGISTER OF RISKS

There are different ways to identify risks. One way is to consider all the assumptions and assumptions against which you estimated the duration or cost of the work. Potentially, any of these assumptions may not be justified - this is a risk. You can use checklists. An example of such a list can be found in Appendix A of Max Weidmann's work. Someone resorts to the help of special computer programs. Another way I usually use is to just get the whole project team together and make a list of risks

brainstorming method. You can remember what problems arose on similar projects earlier. Usually there are no problems with creating a list of risks. However, no one knows how to look into the future, so the risk register will never be complete. You can fantasize endlessly, there is not much point in this. You need a list of the risk types that are most likely to apply to your project.

10.3.1.1. Project Assumptions

Many of the assumptions you make can turn into risks if life doesn't turn out the way you thought it would. For example, you assumed that an inspection would most likely take 60 days, or 30 days on average. If, in fact, it lasts longer than two-thirds of the project buffer, there is a risk that threatens the success of the project. Based on this experience, when doing another project involving the same inspection body, you will already be prepared for the fact that the inspection may be delayed.

At the same time, avoid too a large number assumptions. Rely on common sense when formulating initial assumptions and the risks associated with them.

10.3.1.2. Checklists

Checklists help you find out if you missed something important. However, they have two drawbacks:

1) pre-designed checklists may contain seemingly weighty and significant risks that are not really significant for your project;

2) Orientation to checklists instills a false sense of confidence that you have taken everything into account and provided for, limits your thinking.

Again, use common sense.

10.3.1.3. Critical reflection on the plan

You need to take a critical look at your plan and think about what could go wrong at key stages. This is an aid in compiling a list of risks. At the risk identification stage, feel free to write down everything that comes to mind. In the future, you will group the same type of risks.

10.3.1.4. Risk Grouping

If the list is too long, you should first combine similar items and only then proceed to develop responses. Your task is to get a manageable amount of possible risks. As the list becomes more detailed, the accuracy of your forecasts will not become higher. After all, in fact, the number of potential risks is infinite. You will never list them all. It is much more important to take into account the most significant of the threats and establish a system for monitoring and responding to the events that have occurred. It is impossible to concentrate when there are too many details, just as it is impossible to plan an adequate response to everything. It is necessary to reduce the list to at least a couple of dozen items. And when the project is not of the largest (that is, with a budget of less than $10 million and a duration of 1-2 years), the list should consist of no more than 10 items. Otherwise, such a project is better, perhaps, not to start.

10.3.2. CLASSIFICATION OF RISKS BY PROBABILITY

In order to select the right risk response measures, it is necessary to assess the likelihood of its occurrence during the execution of the project. There is no point in wasting resources on protecting against events that are unlikely to happen. At the same time, it is necessary to take measures to prevent the occurrence of risks, the probability of which is high, and to prepare a response plan for situations, although unlikely, but fraught with serious consequences for the project.

Peter Bernstein notes: “The essence of risk management is to expand the areas under our control and narrow the areas in which the logic of events is not known to us and cannot be influenced by us.” He goes on to say that insurance is available only where the law of large numbers is in effect (see the fourth item in the list below). That is, where the theory of probability works for the insurer. In this case, it follows from the very definition of risk that we are dealing with an unlikely event.

Our ability to estimate probabilities does not stand up to scrutiny. Estimating the probability of an event, people most often fall into the network of logical biases and errors. At the same time, studies show, unfortunately, we hold an unreasonably high opinion of our own knowledge and abilities. I will list the most common misconceptions and mistakes so that you can be aware of them. How to overcome them is a topic for a separate discussion.

Failure to understand the rules for combining probabilities. The probability of the occurrence of two independent events follows from the probabilities of the occurrence of each of the events. Since these values ​​are always less than unity, the combined probability of the occurrence of two events will invariably be less than the probability of each of them separately.

Ignoring base probability. This refers to the inability to take into account the distribution of the sample. Imagine that from a box of beads, in which 90% of the beads are white, we pulled out one bead. The probability that in twilight lighting we correctly guess the color of the bead is 50%. The one who dragged the bead says: "It is black." What is the probability that she is really black? Almost everyone answers - 50%. The correct answer is only 5%.

Existing experience. We often prejudice the probability of an event based on recent experience or popular opinion.

Ignorance of the law of large numbers. Based on a small number of cases, people habitually draw conclusions about the entire array of elements. It is not taken into account that the variability in a small sample is much greater than in a large sample.

Base change. People mistake "most typical" for "most likely". For example, a description of a person contains characteristics that make people associate with a school teacher. People are asked to choose one option in response to the question “Who would it be most likely to be a school teacher? An employee of the institution? In response, we get that, most likely, this is a teacher. However, school teachers also fall into the category of "employees of the institution." Therefore, it is much more likely that an "employee of the institution" is described than a teacher specifically.

Fixation. People tend to stick to a position once expressed (either their own or someone else's), especially when it comes to numbers. That's why the influence is so strong public opinion. If you need an independent evaluation, don't ask the person to look and evaluate someone else's result, because then he will concentrate only on this someone else's result, fixate on it.

Search for confirmations. Having expressed their opinion, people tend to look for examples that confirm its correctness. Unfortunately, such examples are not proof from a scientific point of view. You need to look not for confirmation, but for refutation of your hypotheses. This type of error is often observed during testing. This makes the tests completely useless. Correct when testing - try to disprove, not prove.

Based on these points, you can critically evaluate the resulting list of risks and their ranking in terms of likelihood and impact.

Ask yourself if you have made any of these mistakes.

10.3.2.1. High probability (3)

Events with a probability higher than 50% should not be included in the risk register.

Of course, such risks also need to be taken into account - but as assumptions when creating a basic project plan. A high probability is a probability between 50% and a moderate probability (5-15%).

10.3.2.2. Average probability (2)

In a simplified form, the average is a probability that is less than high, but greater than low. These are events that can actually happen, although you wouldn’t bet on it (or rather, you would, only if the stakes are really attractive).

10.3.2.3. low probability

Unlikely risks are those events that most likely will not happen during the implementation of your project. The probability of their occurrence is less than 5%. Naturally, this also includes situations, the probability of which is practically zero (1% or less). Low-probability risks should be taken into account in the design of the project result, if necessary (for example, the product must be resistant to earthquakes and adverse weather conditions). However, this has nothing to do with the risk assessment of the project itself. An exception may be insurance against natural disasters (hurricanes, floods) of the results of construction projects.

10.3.3. CLASSIFICATION OF RISKS BY CONSEQUENCES

When describing a risk, we multiply the probability of its occurrence by the degree of its impact on the project. Therefore, it is necessary to evaluate the consequences of risks - in terms of meeting the schedule, meeting the budget or projected return on investment. The CCPM offers a unique classification of risks according to their impact on the project buffer and contingency buffer. The buffer size is an indicator of the degree of likelihood of risks caused by common causes of variability. Therefore, it provides a reasonable basis for measuring such variability.

10.3.3.1. High impact (3)

A high risk impact on a project implies such consequences as exceeding the project buffer or contingency buffer, as well as low satisfaction of the client or project team with the result of its implementation.

10.3.3.2. Medium impact (2)

The average impact is such a risk, the consequences of which will cause the loss of from one to two thirds of the design buffer, or from one third to the full value of the buffers for merging paths.

10.3.3.3. Low Impact (1)

The consequences of such risks will lead to a decrease in buffers by no more than one third and will not cause dissatisfaction of the client or team.

10.4. Risk management planning

10.4.1. RISK MONITORING

You need to plan activities to track the status of those risks that you have left in the risk register of your project. This means that the list needs to be reviewed at least regularly at project meetings (i.e. once a week or a month). It should be checked whether there is a recurrence of symptoms of already existing risks or whether a new risk is expected to occur. Sometimes it is necessary to establish a more formal process for monitoring the risk situation.

10.4.2. PREVENTIVE MEASURES

The measures you have developed to prevent the occurrence of risks are included in the project plan. Then, as part of the evaluation and monitoring process of the project, it should be checked whether these measures are being implemented.

10.4.3. RESPONSE MEASURES

Response measures (i.e., mitigation of the consequences of the realization of risks) should also be part of your project plan. Verification of the readiness of these measures should be carried out as part of the project evaluation and control process (example - fire safety inspections, drills). Such routine checks should not be included in the project plan.

10.5. Results

Risk management addresses variability due to specific causes and includes monitoring, avoiding, reducing or insuring risk. In this chapter, we covered the following main ideas:

The CCPM simplifies the risk management process because it eliminates the need, as part of the process, to deal with the common causes of variability. Risk management in the SSRM only targets specific causes of variability.

The risk management process should be included in the project management plan. The scope of this process should be commensurate with the scale and risk level of the project.

It is necessary to determine the list of risks, assess their likelihood and impact on the project.

The project buffer in the CCPM project plan helps to assess the impact of risk on the entire project.

The project team determines the strategy for responding to risks, such as prevention, mitigation, insurance, tracking, ignoring.

LITERATURE

1. PMI, A Guide to the project management Body of Knowledge, Newton Square, PA: PMI, 2000 to the body of knowledge on project management - Project Management Institute, 2004. - edition 2004).

2. Wideman, R. Max, Project and Program Risk Management, A Guide to Managing Project Risk and Opportunities, Newtown Square, PA: PMI, 1992.

3. Meredith, Jack R. and Samuel J. Mantel, Project Management, A Managerial Approach, New York: John Wiley and Sons, 1985, p. 68-71.

4. Wysocki, Robert K., Robert Beck Jr., and Daid B. Crane, Effective Project Management, New York: John Wiley & Sons, 1995.

5. Deming, W. Edwards, The New Economics, Cambridge, MA: MIT Press, 1993

6Hilson, David. “When Is a Risk Not a Risk: Part 2,” on the website http://www.risk-doctor. com/pdf-briefings/risk-doctor07e.pdf (material for the book taken from the site on June 22, 2004).

7. Risk Trak, Risk Services & Technology, Amherst, NH, 03031.

8. Bernstein, Peter L., Against the Gods, The Remarkable Story of Risk, New York: John Wiley and Sons, 1996.

9. Kahneman, Daniel, Paul Slovic, and Amos Tversky, Judgment under Uncertainty: Heuristics and Biases, Cambridge: Cambridge University Press, 1982.

10. Belsky, Gary, and Thomas Gilovich, Why Smart People Make Big Money Mistakes, and How to Correct Them, New York: Simon & Schuster, 1999.

11. Russo, J. Edward, and Paul J.H. Schoemaker, Decision Traps, The Ten Barriers to Brilliant Decision Making, and How to Overcome Them, New York: Simon & Schuster, 1989.