If you have taken a risk management class or worked on a risk register, you would have covered the Expected Monetary Value (EMV) formula when trying to associate a cost or time amount to a specific risk. Although it is really easy to master and it is as simple as can be, this formula can provide a false or warped sense of a risk’s impact which can lead to issues down the road.
I have worked on projects for years and used the expected monetary value (EMV) formula, instinctively I know how to interpret the data from it. It wasn’t until I started to teach it that I realized the potential of a simple calculation setting people up for issues when using it without other considerations. The fact that we are using a formula to calculate the potential value in time or cost of an estimated impact based on an estimated probability does not mean that we should take the numbers at their face value without considering others elements at play. You need to look beyond the formula and data for better results.
In a course on risk management at College, we go through the processes used to perform risk management based on the PMI Body of Knowledge. We talk about identification, qualification, and quantification as well as responses to risks. It is at the quantification process that we look at the EMV formula. For most students, an exercise yields a simple series of numbers that are the result of our impact on money or time multiplied by our probability or a percentage that our risk might occur. All the data for this exercise is very subjective; as most of the time, it comes from asking questions about the risk to a set of stakeholders, each with a different risk tolerance levels and perspectives of the project.
What I have noticed is that when doing this in class, students don’t go beyond the numbers or calculations and often won’t question the data. The results are most of the time exaggerated amounts that just don’t seem right.
So, for example, if you have a 50% chance of a risk event occurring with a potential impact of $10,000, you apply expected monetary value which would mean that for this risk you would potentially have $5,000 as expected monetary value. Looking at an entire project, you would not need a lot of risks before all of them add up to a considerable amount. The students just leave it there, turn around add everything up, and before you know it, they are requesting a $30,000 contingency reserve amount to deal with risks on a $40,000 project. So, what’s missing?
First a key understanding of risk’s essential premise: it may or may not happen. One really needs to have a clear view of understanding the risks and the environment we are working on our project in. Do we have a real assessment of the probability set for our risks? Do we have a clear view of what may or may not occur?
Second, our issue is related to our estimates of impact. In quite a lot of instances, we tend to over or underestimate things we don’t fully understand. It is therefore not rare that our estimates are not up to par with the true cost or time to work and deal with specific risks. It also takes time, often more than we have, to come up with good estimates. No to mention that not every risk translates nicely to an amount of time or cost. How do you quantify “user-friendliness” or “customer happiness”?
What does one need to do?
Well, you need to basically justify or do due diligence on your risk data so that the data that is generated from the process is as close to reality as can be.
Imagine if every project’s contingency reserves were close to or more than the cost of the project itself? That would more than likely shut down many projects. We need to have a better understanding of risk overall to ensure we are covered and not delusional about our projects.