StudyDaddy Management Write a summary on the attachment

Write a summary on the attachment


5.1 

Introduction to Risk Analysis

 

Exam Objectives

5. Domain 5: Perform Specialized Risk Analyses

5.1. Task 1 Evaluate the attributes of identified risks using advanced quantitative tools and specialized qualitative techniques in order to estimate overall risk exposure of the project.

Risk analysis is the process of identifying and assessing factors that may jeopardize the success of a project or the achievement of a goal. Risk analysis should be performed as part of the risk management process for each project. The outcome of the risk analysis would be the creation or review of the risk register to identify and quantify risk elements to the project and their potential impact.
This analysis can also be used to determine business needs to start a project. It is a procedure to identify threats and vulnerabilities, analyze them for ascertaining the exposures and highlighting how the impact can be eliminated or reduced. It is used in risk management to clarify the threats that are relevant to the operational processes and to identify the risks. The types of risk analysis are as follows:

  • Qualitative risk analysis

  • Quantitative risk analysis

When to Use Risk Analysis

 

The following are situations when risk analysis is useful, for instance:

  • Planning projects to anticipate and neutralize possible problems

  • Deciding whether or not to move forward with a project

  • Improving safety and managing potential risks in the workplace

  • Preparing for events, such as equipment or technology failure, theft, staff sickness, or natural disasters

  • Planning for changes in the environment, such as new competitors coming into the market, or changes to government policy

Steps to Perform Risk Analysis

 

The following are the steps for performing risk analysis:

  • The first step is to assess risk and this is performed by assigning a probability rating and an impact rating, based on the documented definitions included within the risk management plan.

  • In the second step, the probability and impact rating should be combined into an overall score. This is commonly done using a probability and impact matrix.
    The risk impact/probability chart provides a useful framework that helps in deciding which risks need attention. It is based on the principle that a risk has two main dimensions:

    • Probability: A risk is defined as an event that may occur. The probability of its occurrence can range anywhere from just above 0 percent to just below 100 percent.

    • Impact: A risk, by its very nature, always shows a negative impact. However, the size of the impact varies in terms of cost and impact on health, human life, or some other critical factor.

  • The third step involves quantifying risks. By using several quantitative risk analysis tools, such as Monte Carlo technique and sensitivity analysis, overall project risks can be derived.

Risk Analysis Techniques

 

Risk analysis techniques are as follows:

  • Delphi: It is a group of experts who used to rate independently and rate business risk of an organization. Each expert analyzes the risk independently and then prioritizes the risk, and the results are combined into a consensus.

  • Brainstorming: It is used extensively in formative project planning. It can also be used to identify and postulate risk scenarios for a particular project.

  • Sensitivity analysis: It examines the extent to which the uncertainty of each element affects the object under consideration when all other uncertain elements are held at their baseline values.

  • Probability analysis: It overcomes the limitations of a sensitivity analysis technique by specifying a probability distribution for each variable, and then considering situations where any or all of these variables can be modified at the same time.

  • Utility theory: It provides a methodological framework for the evaluation of alternative choices made by individuals, firms and organizations.

  • Decision theory: It is a technique for assisting in reaching decisions under uncertainty and risk.

Risk Analysis Methodologies

 

Here are the risk analysis methodologies:

  • PRA (preliminary risk analysis) or hazard analysis: It is a qualitative risk analysis technique that involves a disciplined analysis of the event sequences that could transform a potential hazard into an accident. This technique first identifies the possible undesirable events and then analyzes the events separately. Also, possible improvements or preventive measures are formulated for each undesirable events or hazards.

  • HAZOP (hazard and operability studies): It is a qualitative technique for identifying and evaluating problems that may represent risks to personnel or equipment, or prevent efficient operation. This technique is carried out by a multi-disciplinary team (HAZOP team) during a set of meetings.

  • FMEA/FMECA (failure mode and effects analysis/ failure mode and effects criticality analysis): It is a procedure by which each potential breakdown approach in a system is analyzed to establish its effect on the system and to classify it according to its severity. When the FMEA is extended by a criticality analysis, the technique is then called failure mode and effects criticality analysis (FMECA). It is used in discovering high-impact risk types. It is one of the tools used within the six sigma methodology to design and implement a robust process to identify failure modes and establish a risk priority so that corrective actions can be put in place to address and reduce the risk.

Tree-Based Techniques in Risk Analysis

 

Here are the tree-based techniques in risk analysis:

  • FTA (fault-tree analysis): It is a logical diagram that shows the relation between system failures. This technique can be used in qualitative or quantitative risk analysis. Qualitative FTA is a deductive (top-down) approach that graphically and logically represents events at a lower level which can lead to a top undesirable event. In quantitative FTA, failure rates or probabilities are input into the tree and the probability of occurrence is computed for the top undesirable event.

  • ETA (event-tree analysis): It is a logical method of analyzing how and why a disaster could occur. It is used for illustrating the sequence of outcomes that may arise after the occurrence of a selected initial event.

  • CCA (cause-consequence analysis): It identifies chains of events that can result in undesirable consequences. This technique is a blend of fault tree and event tree analysis.

  • MORT (management oversight risk tree): It is a diagram that arranges safety program elements in an orderly and logical manner. Its analysis is carried out by means of fault tree. This technique gives an overview of the causes of the top event from management oversights and omissions or from assumed risks or both.

  • SMORT (safety management organization review technique): It includes data collection based on the checklists and their related questions, in addition to evaluation of results. This technique is a simplified modification of MORT and is structured by means of analysis levels with associated checklists.

Qualitative vs. Quantitative Risk Analysis

 

Qualitative and quantitative risk analysis both offer valuable information. It is recommended that risks be evaluated on a qualitative level first, and then quantitative as needed. Qualitative risk analysis is considered to be a quick and cost-effective form of risk analysis, whereas quantitative risk analysis requires additional expertise and tools. Another key difference between qualitative and quantitative risk analysis is that qualitative risk analysis focuses more on individual risks, and quantitative risk analysis focuses more on project risk.
Quantitative risk analysis analyzes numerically the effect of identified risk on overall project objectives and qualitative risk analysis includes judgment, intuition, and experience. Quantitative risk analysis is performed on risks that qualitative risk analysis has prioritized as potentially and substantially impacting the project's competing demands, and thus generally follows that process. Qualitative risk analysis enables an individual to identify the potential risks, and assets and resources which are vulnerable to these risks. It depends more on scenarios rather than calculations. It requires guesswork, makes use of opinions, and provides useful and meaningful results.


5.2 

Perform Qualitative Risk Analysis

 

Exam Objectives

5. Domain 5: Perform Specialized Risk Analyses

5.1. Task 1 Evaluate the attributes of identified risks using advanced quantitative tools and specialized qualitative techniques in order to estimate overall risk exposure of the project.

5.2. Task 2 Analyze risk data produced during the project using statistical analyses and expert judgment in order to determine strengths and weaknesses of risk strategy and processes and recommend process improvements when indicated.

5.3. Task 3 Perform specialized risk analysis using advanced tools and techniques in order to support stakeholder decision making for the project.

Perform Qualitative Risk Analysis is the process of prioritizing risks for further analysis and action. It combines risks and their probability of occurrences and ranks them accordingly. It enables organizations to improve the project's performance by focusing on high-priority risks. Perform Qualitative Risk Analysis is usually a rapid and cost-effective means of establishing priorities for plan risk responses. It also lays the foundation for Perform Quantitative Risk Analysis if this process is required. This process is performed throughout the project.
The inputs, tools and techniques, and outputs of the process are shown in Figure 5-1.

Write a summary on the attachment 1

Figure 5-1: Perform Qualitative Risk Analysis: Inputs, Tools and Techniques, and Outputs
Figure 5-2 shows the data flow diagram for the process.

Write a summary on the attachment 2

Figure 5-2: Perform Qualitative Risk Analysis: Data Flow Diagram
The Perform Qualitative Risk Analysis process involves determining what impact the identified risks will have on the project objectives and the probability they'll occur. It also ranks the risks in priority order according to their effect on the project objectives so that the project managers can spend their time efficiently by focusing on the high-priority risks. This helps the team in determining whether Perform Quantitative Risk Analysis should be performed or whether to skip right to developing response plans.
The Perform Qualitative Risk Analysis process is performed often throughout the project life cycle, as outlined within the risk management plan. Often, in an Agile development environment, the Perform Qualitative Risk Analysis process is conducted before the beginning of every iteration.

Inputs of the Perform Qualitative Risk Analysis Process

 

Here are the inputs of the Perform Qualitative Risk Analysis process:

  • Project management plan: It includes the risk management plan, which documents the roles and responsibilities of risk team members, budget and schedule factors for risk activities, the stakeholder risk tolerances, the definitions for probability and impact, and the probability and impact matrix, all of which should be utilized when prioritizing risks. These inputs are sometimes tailored to the project throughout the Plan Risk Management process. If these are not available, these are developed during the Perform Qualitative Risk Analysis process and will be presented to the project sponsor for approval before use.

  • Project documents: For this process, project documents that can be considered as inputs include:

    • Assumption log: It identifies, manages, and monitors key assumptions and constraints that may affect the project. These may update the assessment of the priority of individual project risks.

    • Risk register: It includes details of each identified individual project risk that will be assessed during the Perform Qualitative Risk Analysis process.

    • Stakeholder register: It includes details of project stakeholders who may be nominated as risk owners.

  • Enterprise environmental factors: These can influence the Perform Qualitative Risk Analysis process and include industry studies of similar projects, and published material, including commercial risk databases or checklists.

  • Organizational process assets: These can influence the Perform Qualitative Risk Analysis process and include information from similar completed projects.

Tools and Techniques of the Perform Qualitative Risk Analysis Process

 

Here are the tools and techniques of the Perform Qualitative Risk Analysis process:

  • Expert judgment: For the Perform Qualitative Risk Analysis process, expertise should have specialized knowledge or training in the topics such as previous similar projects and qualitative risk analysis. Expert judgment is commonly obtained through facilitated risk workshops or interviews. The possibility of expert views being biased should be taken under consideration in this process.

  • Data gathering: The data gathering technique that can be used for this process includes interviews. Structured or semi-structured interviews help in assessing the probability and impacts of individual project risks and other factors. The interviewer should promote an environment of trust and confidentiality in the interview setting for encouraging honest and unbiased assessments.

  • Data analysis: The data analysis techniques that can be used during this process include:

    • Risk data quality assessment: It involves determining the usefulness of the data gathered to evaluate risk. Most important, the data must be unbiased and accurate. The low-quality data will render the results from the Perform Qualitative Risk Analysis process almost useless. If the quality of data is unacceptable, it may be necessary to gather better data. The following elements need to be examined when using this tool and technique:

      • The quality of the data used

      • The availability of data regarding the risks

      • How well the risk is understood

      • The reliability and integrity of the data

      • The accuracy of the data

Risk data quality may be assessed via a questionnaire measuring the project's stakeholder perceptions of various characteristics such as completeness, objectivity, relevancy, and timeliness.

    • Risk probability and impact assessment: This tool and technique assesses the probability that the risk events you've identified will occur, and it determines the effect their impacts have on the project objectives, including time, scope, quality, and cost. Analyzing risks in this way allows you to determine which risks require the most aggressive management. When determining probabilities and impacts, you'll refer to the risk management plan element called "definitions of risk probability and impact."
      Risk probability refers to the likelihood that a risk will occur, and impact refers to the effect the risk will have on a project objective if it occurs. The probability for each risk and the impact of each risk on project objectives, such as cost, quality, scope, and time, must be assessed. The probability and impacts are assessed for each identified risk.
      Methods used in making the probability and impact assessment include holding meetings, interviewing, considering expert judgment, and using an information base from previous projects. A risk with a high probability might have a very low impact, and a risk with a low probability might have a very high impact. To prioritize the risks, both probability and impact need to be looked.

    • Assessment of other risk parameters: The project team needs to consider other characteristics of risk when prioritizing individual project risks for further analysis and action. Here are some of the characteristics:

      • Urgency: It is the period of time within which a response to the risk is to be implemented in order to be effective. A short period indicates high urgency.

      • Proximity: It is the period of time before the risk might have an impact on one or more project objectives. A short period indicates high proximity.

      • Dormancy: It is the period of time that may elapse after a risk has occurred before its impact is discovered. A short period indicates low dormancy.

      • Manageability: It is the ease with which the risk owner can manage the occurrence or impact of a risk. Manageability is high where management is easy.

      • Controllability: It is the degree to which the risk owner is able to control the risk's outcome. Controllability is high where the outcome can be easily controlled.

      • Detectability: It is the ease with which the results of the risk occurring, or being about to occur, can be detected and recognized. Detectability is high where the risk occurrence can be detected easily.

      • Connectivity: It is the extent to which the risk is related to other individual project risks. Connectivity is high where a risk is connected to many other risks.

      • Strategic impact: It is the potential for the risk to have a positive or negative effect on the organization's strategic goals. The strategic impact is high where the risk has a major effect on strategic goals.

      • Propinquity: It is the degree to which a risk is perceived to matter by one or more stakeholders. Propinquity is high where a risk is perceived as very significant.

  • Interpersonal and team skills: The interpersonal and team skills that can be used for this process include facilitation, which helps in improving the effectiveness of the qualitative analysis of individual project risks. A skilled facilitator can enable participants to stay focused on the risk analysis task, to follow the steps associated with the technique correctly, to reach consensus on assessments of probability and impacts, to recognize and overcome sources of bias, and to resolve any disagreements that may arise.

  • Risk categorization: The project risks can be categorized by the following to determine the areas of the project most exposed to the effects of uncertainty:

    • Sources of risk (for example, using the risk breakdown structure)

    • Area of the project affected (for example, using the work breakdown structure)

    • Other useful categories (for example, project phase, project budget, and roles and responsibilities) for determining the areas of the project most exposed to the effects of uncertainty.

Risks categorization can be done by common root causes. Also, the risk categories used for the project are described in the risk management plan.

  • Data representation: The data representation techniques that can be used during this process include:

    • Probability and impact matrix: It is a grid for mapping the probability of each risk occurrence and its impact on project. The outcome of a probability and impact matrix is an overall risk rating for each of the project's identified risks. The probability of occurrence for every individual project risk is assessed further as its impact on one or a lot of project objectives if it does occur, using definitions of probability and impact for the project as laid out in the risk management plan. Individual project risks are assigned to a priority level based on the combination of their assessed probability and impact, using a probability and impact matrix.

    • Hierarchical charts: The graphical representations are required where risks have been categorized using more than two parameters. A bubble chart can be used to display three dimensions of data, where each risk is plotted as a disk (bubble), and the three parameters are represented by the x-axis value, the y-axis value, and the bubble size.

  • Meetings: The specialized meeting (often called a risk workshop) is conducted by the project team to discuss about the identified individual project risks. The goals of this meeting include:

    • Review of previously identified risks

    • Assessment of probability and impacts

    • Categorization and prioritization

A risk owner, who has the responsibility to plan an appropriate risk response and to report progress on managing the risk, will be allocated to every individual project risk as part of the Perform Qualitative Risk Analysis process. The meeting might begin by reviewing and confirming the probability and impact scales to be used for the analysis. The meeting might also determine additional risks throughout the discussion, and this ought to be recorded for analysis. Use of a skilled facilitator can increase the effectiveness of the meeting.

Output of the Perform Qualitative Risk Analysis Process

 

For the Perform Qualitative Risk Analysis process, project documents that may be updated include:

  • Assumption log: During the Perform Qualitative Risk Analysis process, new assumptions may be created, new constraints may be identified, and existing assumptions or constraints may be revisited and adjusted. The assumption log ought to be updated with this new information.

  • Issue log: This document ought to be updated to capture any new issues uncovered or changes in presently logged issues.

  • Risk register: This document is updated with new information generated throughout the Perform Qualitative Risk Analysis process. Updates to the risk register may include:

    • Assessments of probability and impacts for every individual project risk

    • Priority level or risk score

    • The nominated risk owner, risk urgency information or risk categorization

    • A watch list for low-priority risks or risks requiring further analysis

  • Risk report: This document is updated for reflecting the most important individual project risks (usually those with the highest probability and impact), as well as a prioritized list of all identified risks on the project and a summary conclusion.

Knowledge Check

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!