Project Assessments & Framework | Project Management | Business Analysis | Project Staffing | Offshore Services
About | Business Analysis | Solution Analysis | Business Analysis | Technology Analysis | Risk Analysis | Financial Analysis | Development Planning

Risk Analysis

Risk is an inherent part of any capital investment. Project risk, left unattended can be costly. However, project risk can be mitigated. Identifying and controlling project risk during the proposal development stage can have a significant impact on the project's overall success. AnalysisPlus defines six significant risk components: Technical, Vendor, Organizational, Financial, Operational, and Legal & Contractual.

AnalysisPlus™ Risk Analysis Services

To best identify and mitigate risk Inish provides these primary services:

1. Risk Assessment

Realizing product architectures, technology, and internally developed technology is not enough to insure a successful product. All of the product and market analysis in the world is fine, but meaningless if the technology is inherently risky, or the vendors who support the products are inherently risky. An identified technology may, on paper, perfectly satisfy your requirements, but if the technology is fragile, immature, or if the company developing the technology is on the verge of bankruptcy, the risks in incorporating the technology may in outweigh the benefits. Conversely, it may happen that the risks warrant implementing the technology, but at least the decision can be based on sound information and evidence.

At the end of the day, what are the combined risk factors of the project? Are the proposed features and underlying technology too risky? Are the resources too risky? Does the cost of the project have to be rigidly maintained? Is the schedule realistic? Ultimately, managers need to choose what is the most important: the schedule, the budget, or the product's feature set. A detailed risk analysis provides decision makers with information to properly evaluate tradeoffs.

Once risks have been identified, AnalysisPlus determines the level of impact and likelihood of those risks on a given project. Examining the impact and likelihood will result in a risk factor, which can be applied to each risk that was originally identified.

First, determine the impact that a particular risk would have on the project if it were realized. This rating will occur on a scale of 1 through 3, with one implying minimal impact and three implying a catastrophic impact. Second, determine the likelihood of risk occurrence. While the impact of a particular risk may be high, the likelihood of it taking place may be minimal. Use a probability of impact where 1 indicates minimal likelihood of occurrence and 3 indicates a certainty of occurrence. Finally, multiply the two together to arrive at a risk factor for each risk identified. That is:

Impact x Likelihood = Risk Factor

Using this same scale across all identified risks to an alternative, and subsequently summing all risk factors will provide the analyst with a final Risk Rating for a particular project alternative. Taking the risk rating and dividing by the number of identified risks yields a Risk Score.

The use of the risk score has two benefits. The first is that it encourages users to include all identified risks. Using only the risk rating would discourage this practice since the higher the score, the higher the penalty. The second benefit is a more accurate overall picture of the project risk. Several low-impact, low likelihood risks may be less dangerous than a single high impact, high likelihood risk. This is captured in the risk factor.

Gap and Hole Analysis

As a result of the Risk Assessment, six artifacts are created:

- Technical Risk Assessment

- Vendor Risk Assessment

- Organizational Risk Assessment

- Financial Risk Assessment

- Operational Risk Assessment

- Legal & Contractual Risk Assessment

Risk Examples

 

 

In addition, Inish provides a valuable assessment: The Risk Control Plan.

2. Risk Control Plan

One cannot discuss risk without also discussing controls. Controls are procedures or activities put into place which mitigate (or minimize) risks. Rarely can risk be completely eliminated; however, it can be controlled. Inish can suggest many risk mitigation strategies that reduce the likelihood of risk occurrence. If these controls are in place in a project plan, the likelihood of risk decreases and the alternative becomes more attractive. Table 4 illustrates an example of the risk summary. The individual risk elements of the risk categories are tabulated and summarized. The quantity of individual risk elements are listed, as well as the average likelihood of the risk occurring, the average impact of the risks, the average Risk Score, and the sum of the Risk Scores.

Risk may also be represented graphically. The bubbles the figure represent the combined risk of the risk categories. The sizes of the bubbles represent the number of risk elements within the risk category. The larger the bubble, the more risk elements need monitoring.

AnalysisPlus Risk Analysis Deliverables

As a result of the risk analysis, one artifact is created:

Risk Assessment & Mitigation Report

 

Details