• Book Reviews
• Cultural Diversity
• Project Management
• Risk
• Technology

You are here:

1. Home »
2. PM Topics »
3. Impact of Risks on Perceived Project Value

Impact of Risks on Perceived Project Value

With the writing of this fifth article, I consider that our journey down the risk road is about half over.  So, this seems a reasonable time to review the road we have already traversed.

Review

In article #1 I defined critical terms, outlined how risks can be identified, described and managed, and introduced the fundamental drivers for observed human behaviors related to risk assessment and management.  I concluded that article by proposing steps that might be taken to modify behaviors.  In article #2, I delineated in detail many of the behaviors that, in a company, impede the introduction and implementation of a comprehensive risk assessment/management process.  Article #3 centered on communication and the importance of establishing a common risk-related set of terms and definitions.  Tips were given regarding how to establish such a glossary and the importance of doing so.  The theme of article #4 was metrics.  I reviewed the disparate views of risk taken by various parts of a corporation, the different formats that can be used to express risk, and the fundamentals of the risk monetization process.

In this fifth article I attempt to elucidate how risks can individually and in confluence impact the perceived value of a project, how risks can be displayed, and will introduce the concept of how the entire risk assessment process can be the cornerstone of the risk management decision making process.  The risk management process will be the focus of article #6.

In article #4, I described how we might translate a political risk, for example, into metrics that could be used as input to a spreadsheet economic model (SEM).  For the sake of consistency, I will here repeat that translation.  The threat was:
Government red tape might delay the issuance of critical permits.  If the permits are not issued on schedule, significant capex will need to be spent to implement back-up plans.

Facilitated conversations with the risk owner would ensue to establish ranges for:

• Probability that the threat will materialize;
• Delay (in days or weeks or whatever "time chunks" are pertinent to the SEM);
• Cost per time period.

Risk Monetization

 On each iteration of a Monte Carlo process, a probability value would be drawn from the probability range and tested against an iteration-specific random number (between 0 and 1, or, between 0 and 100).  If the random number is equal to or less than the probability value drawn from the threat-related probability distribution, then the threat is considered to have "happened" and a political-threat cost value would be calculated using the following simple equation:
Political Risk Capex = (Value from Delay Range) * (Value from Cost/Time Period Range)

We would apply the impact of each risk to the SEM (see article #4 for an example of a schedule threat and how it can be "monetized" to impact the SEM).  In the Monte Carlo model, we can apply each of these risks one at a time.  We are assuming here that the risks are independent - that is - not correlated.  Correlated risks can be handled, but that process is too lengthy to be addressed in this short article.  See my book "Risk Assessment and Decision Making in Business and Industry:  A Practical Guide - 2nd Edition" for direction with regard to correlated risks.

In Figure 1, we can see the result of applying the impact of each risk.  The SEM deterministic (i.e., single valued) NPV is labeled "Base Case" and has, conveniently for this example, a value of $100MM (one hundred million dollars).  Application of the first threat diminishes the mean NPV of the project to $84MM.  The vertical bar represents the range of value created by application of this threat.  Clicking (with the computer mouse) on the vertical bar can display the actual distribution as shown in Figure 2.

 

 

Each threat is applied, one at a time.  After all threats are probabilistically applied, we can see that the potential value of the project - if we do nothing to mitigate the threats - is likely to be around $41MM.  Capturing the two opportunities that were identified and monetized could raise the NPV to around $108MM.  The table shown in Figure 3 is simply the impact - in NPV - of each threat and opportunity shown in Figure 1 (the value in the table is the difference between the consecutive mean values in Figure 1).  The reader should know that because the risks are independent, the values in the table in Figure 3 would not change with a change in the order in which the risks were applied.

 


The information in Figure 1 clearly illustrates the impact of each risk and the cumulative (integrated) impact of all risks.  I have performed many of these types of risk monetization processes, and the project team is always amazed at the value impact of the integrated risks.  Typically, for example, a project lawyer might express that there is a small chance of a threat materializing that might impact project value by $XMM (X millions of dollars).  The security expert might also claim that there is a medium-probability threat that might diminish project value by $YMM, and so on.  Each of these threats, considered in isolation, might not cause alarm.  However, when all threats (and opportunities) are integrated and probabilistically applied, the result is always, shall we say, sobering!  A detailed description of this monetization process - in story form and layman's language - is given in my book "Modern Corporate Risk Management:  A Blueprint for Positive Change and Effectiveness" referenced below.

NPV-impact values in the Figure 3 table clearly illustrate where money and effort should be spent.  This type of analysis is invaluable to project teams in directing their work and expenditures.  Ranking risks based on impact on value - rather than, for example, cost - is critical to project success.


Introduction to Risk Management

Well, we have now just about come to the end of our risk assessment phase of these articles.  I always liken the risk assessment/risk management link to a person having to cross a yard in which there is a vicious dog.  The risk assessment part might include queries such as:

• When does the dog sleep?
• How fast is the dog?
• How fast am I?

And so on.

Once you have the answers to all of the critical risk assessment issues, the risk management part ensues.  Now you might brainstorm ways to manage the situation, that is, how to get across the yard knowing what you now know.  Some risk management possibilities might be:

• Wait until the dog falls asleep and take my chances;
• Drug the dog;
• Somehow distract the dog;
• Don stilts and saunter across the yard.

And other really good ideas.

Obviously, this is a boneheaded example, but it does clearly illustrate the difference between risk assessment and risk management.  As I said above, we are now about done with the risk assessment diatribes and in article #6, I will begin to address the somewhat complex world of risk management.

By:  Glenn R. Koller

References:
Koller, G.R., Modern Corporate Risk Management - A Blueprint for Positive Change and Effectiveness, J. Ross Publishing, Ft. Lauderdale, FL, 2007.

Koller, G. R., Risk Assessment and Decision Making in Business and Industry, A Practical Guide:  2nd Edition, Chapman & Hall/CRC Press, Boca Raton, FL, 2005.

Koller, G. R., Risk Modeling for Determining Value and Decision Making, Chapman & Hall/CRC Press, Boca Raton, FL, 2000.