This is “Project Risk and the Project Complexity Profile”, section 11.4 from the book Beginning Project Management (v. 1.1).
This book is licensed under a Creative Commons by-nc-sa 3.0 license. See the license for more details, but that basically means you can share this book as long as you credit the author (but see below), don't make money from it, and do make it available to everyone else under the same terms.
This content was accessible as of December 29, 2012, and it was downloaded then by Andy Schmitz in an effort to preserve the availability of this book.
Normally, the author and publisher would be credited here. However, the publisher has asked for the customary Creative Commons attribution to the original publisher, authors, title, and book URI to be removed. Additionally, per the publisher's request, their name has been removed in some passages. More information is available on this project's attribution page.
For more information on the source of this book, or why it is available for free, please see the project's home page. You can browse or download additional books there. You may also download a PDF copy of this book (55 MB) or just this chapter (2 MB), suitable for printing or most e-readers, or a .zip file containing this book's HTML files (for use in a web browser offline).
Risk seems to have a positive correlation to complexity. High-risk projects are in most cases highly complex. The process of conducting a risk analysis focuses on understanding what can go wrong and the likelihood that it will go wrong. The project team then develops a project mitigation plan that addresses the items that were identified as high risk. The complexity analysis explores the project from the perspective of what elements on the project add to project complexity. The result of this analysis is the information needed by the project leadership to develop an appropriate execution plan. This execution plan also contains the risk management plan.
Although increased complexity on a project increases the project risk profile, risk is only one component of the complexity profile, and the manageability of the risk is also reflected in the complexity level of the project. For example, the organizational component of the project may be extremely complex with decision making shared among several independent clients. The project management team will develop an execution plan that includes developing and maintaining alignment among the various clients. Although the organizational risk of the project decreases with the development of the execution plan, the organizational approach of the client did not change the complexity level of the project. If the Darnall-Preston Complexity Index (DPCI) is used to rate the project, high ratings in each category carry their own types of increased risks.
Projects that have a high score in the external complexity category in the DPCI are larger and longer than usual for the project management group and the project manager and the available resources are lacking. Due to lack of experience on this size project, unknown risks are significant. The inadequacy of resources will cause risks that are more predictable.
Projects with high scores for internal complexity have risks to the budget, schedule, and quality due to organizational complexity and changes of scope due to lack of clarity in project and scope statements.
High scores in technological complexity are associated with high levels of risk due to unknown flaws in the technology and lack of familiarity with it. These problems result in risks to the schedule, budget, and quality.
Environmental complexity includes legal, cultural, political, and ecological factors. High scores for complexity in this category imply high risks for delay and expensive resolution to lawsuits, public opposition, changes for political considerations, and unforeseen ecological impacts.
Identify a project with which you are familiar or one that has been in the news recently where the external environmental complexity caused increased costs or delays. Describe the impact of the risk, and the mitigation and its effectiveness. If the mitigation was ineffective, describe how you might have prepared a different mitigation plan.