*6.2.1.1 Classification and reference*

Classification is an aid to identifying the source of risk. Examples are furnished below (**Table 5**).

Referencing refers to unique reference number given for each of the identified risks.

#### *6.2.1.2 Description of the risk*

This involves giving a brief description of the risk. The description must be unique in order to avoid confusion with similar risks in the risk management process.


**Table 5.** *Classification of risk and its reference.*

### *6.2.1.3 Relationship to other risks*

In any project, it is extremely rare that any activity is independent of activities which occurs concurrently or consequentially and this will always be the case for risks also for successful implementation of risk management,

#### *6.2.1.4 Potential impact (I)*

Impact of risk on a project is measured in terms of cost and quality. Since this assessment is done at an early stage of the project, information may not be available to accurately predict the impact of risk on the project. At this stage, the risk is classified suitably and accordingly high impact risks are to be given more fundamental consideration than that of medium/low/negligible risks by ranking the impact of risks on a scale of 1 (low) to 10 (high).

#### *6.2.1.5 Likelihood of occurrence (P) and calculation of risk factor (RF)*

Based on intuition and experience, the likelihood of occurrence (P) of risks and its impact (I) is to be given on a suitable scale ex. 1–10 (1 refers to low probability and 10 refers to high probability). The risk factor for each of the identified risks is calculated by the formula RF = P + I – (P\*I) (where the values of P and I are brought on a scale of 0–1 by dividing the values with 10).

#### *6.2.1.6 Risk response/mitigation strategy*

This action is taken to reduce, eradicate or to avoid the identified risks. The most common among the risk mitigation methods are risk avoidance, risk transfer, risk reduction and risk sharing. Based on the competency in handling the risks, the identified risks are allocated to respective stakeholders who will be responsible for addressing those risks.

#### **6.3 Quantitative risk assessment**

This risk assessment is normally taken for such of those risks which are classified are high/critical/unmanageable as per the qualitative risk assessment. The purpose of this assessment is to find the amount of contingency to be inserted in the estimate for the risks undergoing this assessment so that in case the risks occur, there would be sufficient budgeted amount to overcome the extra expenditure.

Quantitative methods need a lot of analysis to be performed. This analysis should be weighed against the effort and outcomes from the chosen method. Complex and larger projects require more in depth analysis as compared to projects which are small in size. The purpose of carrying out quantitative analysis is to estimate the impact of a risk in a project in terms of scope, time, cost and quality. The suitability of this analysis is more for medium and large projects as these projects have more complex risks as compared to smaller projects.

The detailed quantitative assessment of risk is the one which is identified as risk analysis. In undertaking quantitative assessment, the potential impact of risks in terms of time, cost and quality is quantified. While preparing the estimate, it is generally split into two distinct elements, namely (1) base estimate of those items which are known and a degree of certainty exists and (2) contingency allowance for all uncertain elements of a project. Historically, contingencies have been calculated on a rule of thumb basis varying from 5 to 10% on risk-free base estimate. By adopting risk management approach, contingencies are set up to reflect realistically the

**191**

*6.3.3 Decision tree*

*Process of Risk Management*

*DOI: http://dx.doi.org/10.5772/intechopen.80804*

*6.3.1 Scenario technique: Monte Carlo simulation*

*6.3.2 Modelling technique: sensitivity analysis*

risk assessment are described below.

risks that are inherent in the project. When used correctly, contingency allowances ensure that expenditure against risks is controlled. The methods for quantitative

The Monte Carlo method is based on statistics which are used in a simulation to assess the risks. This is a statistical technique whereby randomly generated data is used within predetermined parameters and produce realistic project outcomes. The overall project outcome is predicted by randomly simulating a combination of values for each risk and repeating the calculation a number of times and all outcomes are recorded. After completing the simulations required, the average is drawn from all of the outcomes, which will constitute the forecast for the risk. It is important to realise that parameters and appropriate distribution within which the random data is simulated is itself a series of subjective inputs. Accurate and realistic project outcomes will not be generated if inaccurate parameters are set. Different scenarios are generated by simulation are used for forecasting, estimations and risk analysis. Data from already executed projects is normally collected for simulation purpose. The data for variables is presented in terms of pessimistic, most likely and optimistic scenarios depending upon the risks encountered, i.e. pessimistic value means lot of risks and optimistic value means least risks. The result from this method is a probability of a risk to occur is often expressed as percentage. The most common way of performing the Monte Carlo simulation is to use the program Risk Simulator

Palisade Software, where more efficient simulations can be performed.

order to focus on critical areas during the execution of the project.

A sample problem on decision tree is given in **Table 6**.

This is a method used to demonstrate the variable impact on the whole caused by a change in one or more element or risk. It is used to test the robustness of choices made where rankings have been established, particularly when those rankings are considered to be marginal. It can identify the point where variation in one parameter will affect decision making. A typical method for carrying out sensitivity analysis is by use of a spider diagram which shows the areas in the project which are the most critical and sensitive The higher the level of uncertainty a specific risk has, the more sensitive it is concerning the objectives. In other words, the risk events which are the most critical to the project are the most sensitive and appropriate action needs to be taken (Heldman, 2005). Disadvantage with this analysis is that the variables are considered separately, which means that there is no connection between them (Perry, 1986 and Smith et al.. 2006). The method requires a project model in order to be analysed with computer software. According to Smith et al. (2006), the project stands to be benefited if the analysis is carried out in the initial phases of a project in

Decision tree analysis is commonly used when there is sequence of interrelated

possible courses of action and future outcomes in terms of time and cost. This method of analysis is commonly used when certain risks have an exceptionally high impact on the two main project objectives, i.e. time and cost. Where probabilities and values of potential outcomes are known or can be estimated, they are used for quantification to provide a more informed basis for decision making. Each decision process expected value (EV) which forms the basis for decision making process.

*Perspectives on Risk, Assessment and Management Paradigms*

risks also for successful implementation of risk management,

*6.2.1.5 Likelihood of occurrence (P) and calculation of risk factor (RF)*

In any project, it is extremely rare that any activity is independent of activities which occurs concurrently or consequentially and this will always be the case for

Impact of risk on a project is measured in terms of cost and quality. Since this assessment is done at an early stage of the project, information may not be available to accurately predict the impact of risk on the project. At this stage, the risk is classified suitably and accordingly high impact risks are to be given more fundamental consideration than that of medium/low/negligible risks by ranking the impact of

Based on intuition and experience, the likelihood of occurrence (P) of risks and its impact (I) is to be given on a suitable scale ex. 1–10 (1 refers to low probability and 10 refers to high probability). The risk factor for each of the identified risks is calculated by the formula RF = P + I – (P\*I) (where the values of P and I are brought

This action is taken to reduce, eradicate or to avoid the identified risks. The most common among the risk mitigation methods are risk avoidance, risk transfer, risk reduction and risk sharing. Based on the competency in handling the risks, the identified risks are allocated to respective stakeholders who will be responsible for

This risk assessment is normally taken for such of those risks which are classified are high/critical/unmanageable as per the qualitative risk assessment. The purpose of this assessment is to find the amount of contingency to be inserted in the estimate for the risks undergoing this assessment so that in case the risks occur, there

would be sufficient budgeted amount to overcome the extra expenditure.

have more complex risks as compared to smaller projects.

Quantitative methods need a lot of analysis to be performed. This analysis should be weighed against the effort and outcomes from the chosen method. Complex and larger projects require more in depth analysis as compared to projects which are small in size. The purpose of carrying out quantitative analysis is to estimate the impact of a risk in a project in terms of scope, time, cost and quality. The suitability of this analysis is more for medium and large projects as these projects

The detailed quantitative assessment of risk is the one which is identified as risk analysis. In undertaking quantitative assessment, the potential impact of risks in terms of time, cost and quality is quantified. While preparing the estimate, it is generally split into two distinct elements, namely (1) base estimate of those items which are known and a degree of certainty exists and (2) contingency allowance for all uncertain elements of a project. Historically, contingencies have been calculated on a rule of thumb basis varying from 5 to 10% on risk-free base estimate. By adopting risk management approach, contingencies are set up to reflect realistically the

*6.2.1.3 Relationship to other risks*

*6.2.1.4 Potential impact (I)*

risks on a scale of 1 (low) to 10 (high).

*6.2.1.6 Risk response/mitigation strategy*

**6.3 Quantitative risk assessment**

addressing those risks.

on a scale of 0–1 by dividing the values with 10).

**190**

risks that are inherent in the project. When used correctly, contingency allowances ensure that expenditure against risks is controlled. The methods for quantitative risk assessment are described below.
