Project

Management
 Waterfall Processes
Process Group
Knowledge Area
Initiating Planning Executing Monitoring & Controlling Closing
4.5. Monitor & Control
4.3.Direct & Manage Project 4.7. Close
4. Project Integration 4.1. Develop project 4.2. Develop project management Project Work
Work Project or
Management charter plan 4.6. Perform Integrated
4.4.Manage Project Knowledge Phase
Change Control
5.1. Plan Scope Management
5.Project Scope 5.2. Collect Requirements 5.5. Validate Scope
Management 5.3. Define Scope 5.6. Control Scope
5.4. Create WBS

6.1. Plan Schedule Management.

6.2. Define Activities
6. Project schedule
6.3. Sequence Activities 6.6. Control Schedule
Management
6.4. Estimate Activity Durations
6.5. Develop Schedule

7.1. Plan Cost management

7.Project Cost
7.2. Estimate Costs 7.4. Control Costs
Management
7.3. Determine Budget
8. Project Quality
8.1. Plan Quality management 8.2. Manage Quality 8.3. Control Quality
Management
9.3. Acquire Resources
9. Project Resource 9.1. Plan Resource Management
9.4. Develop team 9.6. Control Resources
Management 9.2. Estimate Activity Resources
9.5. Manage team
10. Project
10.1. Plan Communications 10.3. Monitor
Communication 10.2. Manage Communications
Management Communications
Management
11.1. Plan Risk Management
11.2. Identify Risks
11.3. Perform Qualitative Risk
11. Project Risk 11.6. Implement Risk
Analysis 11.7. Monitor Risks
Management Responses
11.4. Perform Quantitative Risk
Analysis
11.5. Plan Risk Responses
12. Project Procurement
12.1. Plan Procurement Management. 12.2. Conduct Procurements 12.3. Control Procurements
Management
13. Project Stakeholder 13.1. Identify 13.3. Manage Stakeholder 13.4. Monitor Stakeholder
13.2. Plan Stakeholder Engagement
Management Stakeholders Engagement Engagement

2 24 10 12 1
Hazard
 Each time we smoke, we
might get cancer.

 Smoking is a Hazard.

 The likelihood we get cancer is

RISK.

 Each time you drive the car

while using mobile we might
have an accident.

 Careless driving is a “Hazard”.

 The probability or likelihood to

have an accident is the RISK.
RISK?
 Risk has to do with

PROBABILITY + IMPACT

 We need to differentiate between

Cause, Event & Impact.

 A box of Konafa. All sugar-free

except ONE.

 Cause: Having a non-sugar free

Konafa in the box

 Event: Selecting that one

 Impact: Gaining Weight!

 Risk
 Uncertain event or
Opportunity
+ condition that, if
occurs, has an effect
(impact) on at any of
Cause
Impact
the project objectives

Event (Time, Cost, Quality,

(Condition)
Scope)

 Impact could be +ve

-
Threat or –ve
 Project Risk
• Uncertain event or condition that, Cause Event Impact

if occurs, has an effect (impact) on Need to have Permit is

Schedule slippage
a permit delayed
at any of the project objectives
FOREX rate
Buying in $ Budget slippage
(Time, Cost, Quality, Scope) change

• Impact could be “Positive” +ve or Someone trips

Cable on floor Schedule slippage
& falls
“Negative” –ve
FOREX rate Budget gain
Buying in €
change (savings)
• Why accept a risk with a negative
No lessons Facing a new Reinventing the
impact? learned problem wheel

• Known vs. unknown Technology is

System
Customer
becomes
new dissatisfaction
• Personal perception of risk unstable
 Risk Tolerance
• Risk tolerance address the level of
risk a project manager or a key
stakeholder is willing to take when
money at stake is compared to the
potential payoff.

• It’s measured in terms of the amount

of satisfaction or pleasure the
individual receives from PAYOFF.
What is your Risk Tolerance?
• Usually is defined organization wide.
 Risk Attitudes

Risk Averter Risk Neutral Risk Seeker

Tolerance to risk is
proportional to the
amount of money at stake
Not likely to take a Prefers an uncertain
outcome and may be
risk that is considered willing to pay a penalty
a high risk to take a high risk

(Financial markets, IRR,

Interest, ROI)
Organizations’ Risk Tolerance
Risk tolerance
 “ The degree , amount , or
volume of risk that an
organization or individual will
withstand “ PMBOK ® Guide
Definition

How to assess risk tolerance ?

 EEF , OPA , stakeholder register
and management strategy
 Project Risk Management
Plan Risk Management (1)
Identify Risks (2)
Perform Qualitative RA (3)
Perform Quantitative RA (4)
Monitor Risks
Plan Risk Responses (5) Implement Risk Responses

Monitor
Initiation Planning Executing Closing
&Control

Change Requests
Project Documents Updates
Risk Management Plan (1)

Risk Register (2)

Work Performance Information
Risk Report
Change Requests
Project Document Updates
(3)

Project Document Updates

(4)

Project Management Plan

Updates (5)
Project Documents Updates
 Key Concepts For Project Risk Management
Organizations should choose to take project risk in a controlled and
intentional manner in order to create value while balancing risk and reward

Project Risk Management aims to identify and manage risks that are not
addressed by the other project management processes.

Risk exists at two levels within every project:

Individual project risk Overall project risk

• an uncertain event or • the effect of uncertainty on the

condition
• if it occurs has a positive or
negative effect on one or
more project objectives
project as a whole
• arising from all sources of
uncertainty including individual
risks
• representing the exposure of
stakeholders to the implications of
variations in project outcome,
both positive and negative.
 Trends & Emerging Practices In Risk

• Some risks identified at

higher levels will be
delegated to the project • Variability risk.
Integrated risk
team for management, management. Non-event risks • Ambiguity risk.

• some project risks may be

escalated to higher levels if
they are best managed
outside the project Project
resilience

• Right level of budget and schedule contingency for emergent risks,

• Flexible project processes that can cope with emergent risk;
• Empowered project team that has clear objectives
• Frequent review of early warning signs to identify emergent risks
• Clear input from stakeholders to clarify areas where the project scope or strategy can be
adjusted in response to emergent risks.
 Tailoring Considerations
Does the project’s size in terms of budget, duration, scope, or team size require
Project size a more detailed approach to risk management? Or is it small enough to justify
a simplified risk process?

Is a robust risk approach demanded by high levels of innovation, new

technology, commercial arrangements, interfaces, or external dependencies
Project complexity
that increase project complexity? Or is the project simple enough that a
reduced risk process will suffice?

How strategically important is the project? Is the level of risk increased for this
project because it aims to produce breakthrough opportunities, addresses
Project importance
significant blocks to organizational performance, or involves major product
innovation?

Is this a waterfall project, where risk processes can be followed sequentially

Development approach and iteratively, or does the project follow an agile approach where risk is
addressed at the start of each iteration as well as during its execution?
 Considerations for Agile/ Adaptive Environments

High-variability environments incur more uncertainty and risk.

To address this, projects managed using adaptive approaches make use of frequent reviews of incremental work products
and cross-functional project teams to accelerate knowledge sharing and ensure that risk is understood and managed

Risk is considered when selecting the content of each iteration, and risks will also be identified, analyzed, and managed
during each iteration

Planning for physical and human resources is much less predictable in projects with high variability so agreements for fast
supply and lean methods are critical to controlling costs and achieving the schedule

Additionally, the requirements are kept as a living document that is updated regularly, and work may be reprioritized as the
project progresses, based on an improved understanding of current risk exposure
 Plan Risk Management
Plan Risk Management (1)
Identify Risks (2)
Perform Qualitative RA (3)
Perform Quantitative RA (4)
Monitor Risks
Plan Risk Responses (5) Implement Risk Responses

Monitor
Initiation Planning Executing Closing
&Control

• The process of defining how to conduct risk management activities for a project.
• This process is performed once or at predefined points in the project.
 Plan Risk Management

INPUTS
INPUTS T&T OUTPUTS

1. Project charter 1. Expert judgment 1. Risk management Plan

2. Project management Plan 2. Data analysis
T&T
• All components
OUTPUTS
• Stakeholder analysis
3. Project documents 3. Meetings
• Stakeholder register
4. Enterprise Environmental
Factors (EEF)
5. Organization Process Assets
(OPA)
Plan Risk Management: Data Flow Diagram
 Risk Management Plan

How risk management will be structured and performed on the project

 Sample Risk Management Plan
Roles and
Required Work Time Methodology Budget
Responsibilities

Identify Risks Mohamed 3 weeks Brainstorming $2000

Perform Qualitative Risk

Salma 2 weeks P & I assessment $4000
Analysis

Perform Quantitative Risk Omar

1 week Monte Carlo $2500
Analysis

Ayman Response
Plan Response to Risks 2 week $6000
strategies

Monitoring & Control Ahmed

All Project period Audit $18,000
Risks
 Plan Risk Management (Output)

Impact Very Low Low Moderate High Very High

Probability

Very High

High

Moderate

Low

Very Low
“Clearly” define risk categories (RBS)
 Identify Risks
Plan Risk Management (1)
Identify Risks (2)
Perform Qualitative RA (3)
Perform Quantitative RA (4)
Implement Risk Responses Monitor Risks
Plan Risk Responses (5)

Monitor
Initiation Planning Executing Closing
&Control

• Which Risks may affect the project and documenting their characteristics

• Participants include Project Manager, Project Team, customers, SME, users, stakeholders,
risk management experts

• Iterative process

• Important to ensure risk is fully understood

• Team must have sense of ownership and responsibility

 Identify Risks
INPUTS T&T OUTPUTS
INPUTS
1. Project manage. Plan
• Requirements management Plan 1. Expert judgment 1. Risk register
• Schedule manage. Plan 2. Data gathering 2. Project documents updates
• Cost manage. Plan • Brainstorming • Assumption log
• Quality manage. Plan T&T OUTPUTS
• Resource manage. plan
• Checklists • Issue log
• Risk manage. Plan • Interviews • Lessons learned register
• Scope baseline 3. Data Analysis
• Schedule baseline • Assumption & constraint
• Cost baseline analysis
2. Project documents • Root cause analysis
• Assumption log
• SWOT analysis
• Cost estimates
• Duration estimates • Document analysis
• Issue log 4. Interpersonal & teams skills
• Lessons learned register • Facilitation
• Requirement's documentation
• Resource requirements
5. Prompt lists
• Stakeholder register 6. Meetings
3. Agreements
4. Procurement doc.
5. EEF
6. OPA
 Identify Risks:
Data Flow Diagram
 T&T: Checklists
Checking against OPAs from previous
projects, other risk breakdown
structures, to discover applicable risks.
 T&T: Data Analysis
• Assumption & constraint • SWOT analysis
analysis – Plot Strengths, Weaknesses,
– Validating the assumptions and Opportunities, and Threats.
constraints.
 T&T: Prompt lists
A predetermined list of risk categories that
is used to identify the project risks.

It’s the lowest level in the risk

breakdown structure.
Examples : PESTLE(Political, Economic,
Social, Technological, Legal Environmental),
TECOP(Technical, Environmental,
Commercial, Operational, Political) and
VUCA(Volatility, Uncertainty, Complexity
and Ambiguity)
Delphi Technique:
A form of gathering
expert opinions in
which members of a
group are asked or
polled anonymously.

The Delphi method is used to establish a consensus opinion by seeking

mutual agreement from a group of experts in the relevant field.
 Outputs
• Risk Register • Risk Report
– List of identified risks: Triggers - Event may – It includes sources, summary
occur information, metrics, trends on
– List of potential responses & Risk owners identified project risks. This
report is progressively
developed.
 Perform Qualitative Risk Analysis
Plan Risk Management (1)
Identify Risks (2)
Perform Qualitative RA (3)
Perform Quantitative RA (4)
Monitor Risks
Plan Risk Responses (5) Implement Risk Responses

Monitor
Initiation Planning Executing Closing
&Control

• Qualitative risk analysis is the process of assessing the likelihood and impact of
identified risks and prioritizing them according to their potential effect on project
objectives.
• Where risk approaches introduce bias attention should be paid to identifying bias
and correcting it
• Cost Effective
• Lays foundation for Quantitative risk Assessment
 Perform Qualitative Risk Analysis

INPUTS T&T OUTPUTS

INPUTS

1. Project manage. Plan 1. Expert judgment 1. Project documents updates

• Risk manage. Plan 2. Data gathering • Assumption log
2. Project documents • Interviews
T&T • Issue log
OUTPUTS
• Assumption log 3. Data analysis • Risk register
• Risk register • Risk data quality assessment • Risk report
• Stakeholder register • Risk probability & impact
3. EEF assessment
• Assessment of other risk
4. Organizational process
parameters
assets (OPA)
4. Interpersonal & teams' skills
• Facilitation
5. Risk categorization
6. Data representation
• Probability & impact matrix
• Hierarchal charts
7. Meetings
Perform Qualitative Risk Analysis: Data Flow Diagram
 T&T: Data analysis
1. Risk Data Quality Assessment: The method to evaluate
whether the data about the project risks is accurate or not.
Stakeholders are requested to fill the questionnaire and, on
the characteristics, to generate the overall quality score.

2. Risk Probability and Impact Assessment: Risk probability is

the possibility of a particular risk to occur. Impact
assessment is to evaluate the potential effect of risks on
the project objectives.

3. Assessment of other Risk Parameters: Project team can

also consider other factors like Urgency, Proximity,
Dormancy, Manageability, Controllability, Detectability,
Connectivity, Strategic Impact, Propinquity.
 Urgency: The period within which a response to the risk is to be implemented in order to be effective. A
short period indicates high urgency.

Proximity: The period before the risk might have impact on one or more objectives. A short period indicates high proximity.
Dormancy. The period that may elapse after a risk has occurred before its impact is discovered. Short period indicates low
dormancy.
Manageability: The ease with which the risk owner (or owning organization) can manage the occurrence or impact of a risk.
Where management is easy, manageability is high.
Controllability: The degree to which the risk owner (or owning organization) is able to control the risk’s outcome. Where
the outcome easily controlled, controllability is high.
Detectability: The ease with which the results of the risk occurring, or being about to occur, can be detected and
recognized. Where the risk occurrence can be detected easily, detectability is high.
Connectivity: The extent to which the risk is related to other individual project risks. Where a risk is connected to many
other risks, connectivity is high.
Strategic impact: The potential for the risk to have a positive or negative effect on the organization's strategic goals. Where
the risk has a major effect on strategic goals, strategic impact is high.
Propinquity: The degree to which a risk is perceived to matter by one or more stakeholders. Where a risk is perceived as
very significant, propinquity is high.
 T&T: Data Representation
Probability Impact
1. Probability and Impact Matrix: A probability and impact
of Occurring on Project
matrix is a grid for mapping the probability of each risk

✓
High High
occurrence and its impact on project
Med

✓
Med
2. objectives if that risk occurs. This matrix specifies
combinations of probability and impact that allow Lo Low
w
individual project risks to be divided into priority groups.

2.Hierarchical Charts: If more than two parameters are used to

categorize risk then bubble charts (For 3 Parameters) are used.
Bubble is considered as a risk and x axis; y axis and the bubble
size are the three parameters.
 Perform Quantitative Risk Analysis
Plan Risk Management (1)
Identify Risks (2)
Perform Qualitative RA (3)
Perform Quantitative RA (4)
Monitor Risks
Plan Risk Responses (5) Implement Risk Responses

Monitor
Initiation Planning Executing Closing
&Control

• The process of numerically analyzing the effect of identified risks

on overall project objectives.

• Purpose of this process

– Determine which risk events warrant a response.
– Determine overall project risk (risk exposure).
– Determine the quantified probability of meeting project objectives.
– Determine cost and schedule reserves.
– Identify risks requiring the most attention.
– Create realistic and achievable cost, schedule, or scope targets.
 Perform Quantitative Risk Analysis

INPUTS
INPUTS T&T OUTPUTS

1. Project manage. Plan

• Risk manage. Plan 1. Expert judgment
• Scope baseline 2. Data gathering
1. Project documents updates
• Schedule baseline T&T
• Interviews OUTPUTS
• Risk report
• Cost baseline 3. Interpersonal & team skills
2. Project documents • Facilitation
• Assumption log 4. Representations of
• Basis of estimates uncertainty
• Cost estimates 5. Data analysis
• Cost forecasts • Simulations
• Duration estimates • Sensitivity analysis
• Milestone list • Decision tree analysis
• Resource requirements • Influence diagrams
• Risk register
• Risk report
• Schedule forecasts
3. EEF
4. OPA
Perform Quantitative Risk Analysis: Data Flow Diagram
 Representations of Uncertainty
Quantitative Analysis
• Operate on those risks prioritized by it

• Quantify contribution of each risk on overall project.

• Assign a NUMERICAL value to the impact of each

risk.

• Where the duration, cost, or resource requirement

for a planned activity is uncertain, the range of
possible values can be represented in the model as
a probability distribution.

• Most used are “triangular, normal, lognormal, beta,

uniform, or discrete distributions”.
 Task/ Action/
Probability Consequence Expected Value
Expected Monetary
Event Value (EMV)
A 20% €100,000

B 10% €2,000,000

C 50% € - 200,000

• Probability
Status Probability Payoff • x
Good Market – Good Quality 15% 80,000 • Consequence
Good Market – Poor Quality 45% 50,000 (€$)
Poor Market – Good Quality 25% 20,000 • Calculated for a
Poor Market – Poor Quality 15% -20,000 single task or a
group of tasks or
EMV (Good market) = 0.15*80,000 + 0.45*50,000 = 34,500 events.

EMV (Good quality) = 0.15*80,000 + 0.25*20,000 = 17,000

EMV (Overall) = 0.15*80,000 + 0.45*50,000 +

0.25*20,000 + 0.15* (-20,000) = 36,000
 Decision Tree
Analysis
• An effective mind tool

• Help you CHOOSE between

different courses of action.

• Explore options & investigate

possible outcomes
associated with each.

• Help you to FORM A

BALANCED PICTURE of the
risks and rewards associated
with each possible course of
action.
• Decision Nodes: squares

• Chance Nodes: circle

• End Nodes: triangles

 60,000 , 80%

51k

31k 15,000 , 20%

Main
Decision
????

18k
40,000 , 60%

28k

10,000 , 40%
 Monte Carlo Technique
• A statistical method used in simulation of data.

• SIMULATION: a method that utilizes sequences of

random numbers as data.

• First used 1944 with atomic bomb.

• Establish a model

• Use the model to study the uncertainties specified at

a detailed level using impact on project objectives

• Monte Carlo technique

• Cost Risk Analysis use WBS as Model for cost

analysis.

• Schedule Risk Analysis use PDM, a model for

schedule analysis.
Cost Risk Simulation Results
 Sensitivity Analysis
• Tornado Diagram

• Examines the extent to which the

uncertainty of each project
element affects the objective
being examined WHEN all other
elements are held fixed
(invariable).
Example of Tornado Diagram
 Plan Risk Responses
• The process of developing
options, selecting strategies and
agreeing on actions to address
overall project risk exposure as
well as to treat individual project
risks.

Plan Identify Qualitative Quantitative Responses Implement Monitor


INPUTS
INPUTS
1. Project manage. Plan
• Resource manage. plan
• Risk manage. Plan
• Cost baseline
2. Project documents
• Lessons learned register
• Project schedule
• Project team assignments
• Resource calendars
• Risk register
• Risk report
• Stakeholder register
3. EEF
4. OPA
Plan Risk Responses
T&T OUTPUTS
1. Expert judgment 1. Change requests
2. Project management plan
2. Data gathering
• .Interviews updates
T& T OUTPUTS
• Schedule manage. Plan
3. Interpersonal & teams' skills
• Cost manage. Plan
• Facilitation
• Quality management Plan
4. Strategies for threats • Resource management plan
5. Strategies for opportunities • Procurement management plan
6. Contingent response • Scope baseline
strategies • Schedule baseline
7. Strategies for overall project • Cost baseline
risk 3. Project documents updates
8. Data analysis • Assumption log
• Alternative analysis • Cost forecasts
• Cost-benefits analysis • Lessons learned register
• Project schedule
9. Decision making
• Project team assignments
• Multi-criteria decision analysis
• Risk register
• Risk report
Plan Risk Responses: Data Flow Diagram
 Risk Management STRATEGIES

Escalate
Mitigation
(Corrective action)

Avoidance Acceptance
(Prevention) (Accept consequences)
Transference
(Shift Responsibility)
 Risk Escalate

• Appropriate when the

project team or the
project sponsor
agrees that a threat is
 Escalated risks are managed at the program level, portfolio level,
or other relevant part of the organization, and not on the project outside the scope of
level.
 The project manager determines person or part of the the project or that the
organization notified them about the threat and communicates proposed response
the details.
 The ownership of escalated threats is accepted by the relevant would exceed the
party in the organization.
 Threats are usually escalated to the level that matches the project manager’s
objectives that would be affected if the threat occurred.
authority
Escalated threats are not monitored further by the project team
after escalation.
 Risk Avoidance

• Involves changing the

project plan to prevent
a potentially
detrimental risk
condition or event from
happening.

The product description for an elementary social sciences education • MIGHT involve
multimedia program references stock video clips of children riding bikes • Reduce/Change Scope
and roller skating without helmets or knee pads. During risk
• OR
identification , the project team reviewed the product description and
• Change way of
identified a potential risk of school administration not buying the program
meeting the
because it appears to advocate unsafe activities. Team avoided this risk
requirements
by changing the project scope so that it did not include the videos.
 Risk Mitigation

• Reduce probability OR if
not possible, the impact of
a potential risk event to an
acceptable level.

• May involve implementing

a new courses of action in
An example of risk mitigation is the develop of design model , or an effort to reduce the
prototype, the earlier this can be done in a project, the lower the risk , problem or changing the
Mock-ups , which are similar to prototypes, can test user interaction
current conditions so that
with system or products. The project team can make changes to the
the probability of the risk
design based on early test result, thereby reducing the probability of a
occurring is reduced.
problem once the product is released to market.
 Risk
Transference
• Shifting the impact of a
risk event and ownership
of the risk response to a
third party.

Organizations often transfer responsibility for the risk of an employee • Typically is used in
getting injured on the job by paying a premium for worker’s connection with financial
compensation insurance. The insurance company assumes liability of risk exposure and most
the risk and is responsible for covering the injured worker’s medical often involves payment of
bills and / or partial wages depending on the circumstances.
a risk premium to the
Because the initial organization has transferred part of the financial
party assuming the risk.
liability to the insurance company and they now share the risk. This
would be an example of both risk sharing and risk transference.
 Risk
Acceptance
• The decision not to change
the project plan to deal with
a risk.
• WHY
• Extremely low possibility of
occurrence
You own a business on a hill in an area that floods relatively often.
• No suitable risk response
Because of your location, you decide not to buy flood insurance.
strategy is identified.
Instead , you set aside money that is earmarked for the repair of
• HOW
water damage in case of flooding.
• Passive: do nothing!
Here, you are employing a risk acceptance strategy by establishing
• Actively: Plan B
a contingency reserve for an emergency . Although you aren’t
(contingency plan)
ignoring the risk , you will spend money only if the risk event occurs.
 Other Strategies for Positive Risks …

Escalate sharing

Enhancement Exploitation

accept
 Five Strategies dealing with Opportunities

Escalate Exploit Share Enhance Accept

an opportunity is increase the
outside the scope To fully realize a Partnering up probability that
no proactive
of the project positive risk with another an opportunity
action is taken
party will occur
Focusing on trigger
managed at the condition of the
program level, opportunity
Hire best expert,
portfolio level optimize their
get most advance chances for adopted where it
Joint ventures are
technologies, occurrence is not possible or
The project common example
acquire another cost-effective
manager firm, etc. Maximize the
determines probability of the
ownership opportunity event Passive
opportunities are Ensure allocate all or part acceptance
not monitored by opportunity is of the ownership Maximize the involves no
the project team realized to third party impact of the proactive action
after escalation opportunity event apart
Strategies for Overall Project Risk

- +
Escalate Escalate

Avoid Exploit

Transfer Share

Mitigate Enhance

Accept Accept
 Contingent response strategy T&T
 Risk responses identified using this technique are often called contingency
plans OR fallback plans and include identified triggering events that set the
plans in effect.

 Is designed for use only if certain events occur.

 The response plan will be executed only under certain predefined conditions.

 The response plan will be executed upon certain warning signs or triggers.

 For example: a particular risk response strategy may be triggered only if a

specific milestone is missed.
 T&T: Contingent Response Strategies

• Defining a risk response, but only implementing

• Key Terms:
the plan if a trigger event occurs. You often use
contingency and fallback plan in this scenario:
1. Contingency Plan: Contingency plan is used for
events which may or may not occur. It has step by
step procedures if the risk has happened or it will
happen soon.
2. Fallback Plan: You will use this plan if contingency
plan has failed or is not that effective. It will
describe the step-by-step procedure on the
required next steps.
– Residual Risk: The risk that
remains after the response was
implemented
– Secondary Risks: The risk that
arises after implementing of a risk
response
– Trigger conditions: are the events
that trigger the contingency
response
 Risk Register Updates
• Contingency plan
• IDENTFIED risks

• How to deal with thins before things go wrong to reducing its overall impact.

• MIGHT include a Fallback Plans (Plan B )for risks with high impact. The fallback
plan is implemented if the primary response plan is ineffective in responding to
the risk event..

• These plans are specifically for the Residual Risks

• Contingency reserve
• UKNOWN and ACCEPTABLE KNOWN

• NOT just money, but also additional time or resources

• The amount of the reserve is determined by the potential impact of the risk

• Should include enough to implement any contingency plans as well as a buffer

for dealing with unidentified risks.
Management Reserves
These are for

“unknown-unknowns”

Usually, the management reserves a

certain amount (say5% of the
project cost baseline) for
unforeseen events.

The project Manager is NOT

authorized to approve the use of
MR.

Only MANAGEMENT approval is

required to use such funds
 Implement Risk Responses

• The process of
implementing agreed-upon
risk response plans

• ( It is performed throughout
the project )

Plan Identify Qualitative Quantitative Responses Implement Monitor

 Implement Risk Responses

INPUTS
INPUTS T&T OUTPUTS

1. Project manage. Plan 1. Change requests

1. Expert judgment
• Risk management Plan 2. Project documents updates
2. Interpersonal & teams' skills
2. Project documents T&T • Issue log
• Influencing OUTPUTS
• Lessons learned register • Lessons learned register
3. Project management • Project team assignments
• Risk register
information system • Risk register
• Risk report
• Risk report
3. Organizational process
assets (OPA)
Implement Risk Responses: Data Flow Diagram
 Monitor Risks

The process of monitoring the implementation of agreed-upon risk response plans, tracking
identified risks, identifying and analyzing new risks, & evaluating risk process effectiveness
throughout the project

Plan Identify Qualitative Quantitative Responses Implement Monitor

 Monitor Risks
INPUTS
INPUTS T&T OUTPUTS

1. Data analysis 1. Work performance info.

1. Project manage. Plan
• Risk manage. Plan • Technical performance 2. Change requests
T& T OUTPUTS
3. Project management plan
2. Project documents analysis
• Issue log • Reserve analysis updates
• Lessons learned register 2. Audits • Any component
• Risk register 3. Meetings 4. Project documents updates
• Risk report • Assumption log
3. Work performance data • Issue log
4. Work performance reports • Lessons learned register
• Risk register
• Risk report
5. OPA updates
Monitor Risks: Data Flow Diagram
 T&T: Audits
• An examination of the effectiveness of risk response plans and the performance of the
risk owner.

• May be conducted by a third party, the project’s risk officer, or other qualified
personnel.

• Project Risk Response Audit Process

• Gather relevant project data regarding work results including risk database.

• Review the risk response plans and implementation of the plans.

• Prepare a report of the findings and distribute to the project team and key
stakeholders.

• Workaround
– Unplanned responses to emerging risks that were previously unidentified or
unexpected.
 Risk Register

As a team, outline some potential risk on the project, using the

below template.

Impact
Risk
T/O Risk description Risk Category Probability Score Risk Owner Response
ID Schedule Cost Scope

R-1 O Reuse previous Technical

design

R-2 T Long lead item delay Management

20 Min 
 Project Management Plan Vs Project Documents
Project Management Plan Project Documents
1. Scope management plan 1. Activity attributes 18. Quality control measurements
2. Requirements management plan 2. Activity list 19. Quality Metrics
3. Schedule management plan 3. Assumption log 20. Quality report
4. Cost management plan 4. Basis of estimates 21. Requirements documentation
5. Quality management plan 5. Change log 22. Requirements traceability matrix
6. Resource management plan 6. Cost estimates 23. Resource assignments
7. Communication management plan 7. Cost forecasts 24. Recourse breakdown structure
8. Risk management plan 8. Duration estimates 25. Resource calendars
9. Procurement management plan 9. Issue log 26. Resource requirements
10. Stakeholder engagement plan 10. Lessons learned register 27. Risk register
11. Change management plan 11. Milestone list 28. Risk report
12. Configuration management plan 12. Physical resource assignments 29. Schedule data
13. Scope baseline 13. Project Calendar 30. Schedule forecasts
14. Schedule baseline 14. Project communications 31. Stakeholder register
15. Cost baseline 15. Project schedule 32.Team Charter
16. Performance measurement baseline 16. Project schedule network diagram 33.Test and evaluation documents
17. Project life cycle description 17. Project scope statement
18.Development approach
QUESTIONS
Q1- If a project has a 60 percent chance of a US $100,000 profit
and a 40 percent chance of a US $100,000 loss, the expected
monetary value for the project is:

A. $100,000 profit.

B. $60,000 loss.

C. $20,000 profit.

D. $20,000 loss.
Q2-If a risk event has a 90 percent chance of occurring, and the
consequences will be US $10,000, what does US $9,000
represent?
A. Risk value.

B. Present value.

C. Expected monetary value.

D. Contingency budget.
Q3- Purchasing insurance is BEST considered an
example of risk:

A. Mitigation.

B. Transfer.

C. Acceptance.

D. Avoidance.
Q4- Workarounds are determined during which risk
management process:

A. Identify Risks.

B. Perform Quantitative Risk Analysis.

C. Plan Risk Responses.

D. Monitor Risk.
Q5- During which risk management process is
a determination to transfer a risk made?

A. Identify Risks.

B. Perform Quantitative Risk Analysis.

C. Plan Risk Responses.

D. Monitor Risks.
Q6- Monte Carlo analysis is used to:

A. Get an indication of the risk involved in the project.

B. Estimate an activity’s length.

C. Simulate the order in which activities occur.

D. Prove to management that extra staff is needed.

Q7- A watch list is an output of which risk
management process?
A. Plan Risk Responses.

B. Perform Quantitative Risk Analysis.

C. Perform Qualitative Risk Analysis.

D. Plan Risk Management.

Q8- Which of the following MUST be an agenda item
at all team meeting?

A. Discussion of project risks.

B. Status of current activities.

C. Review of project problem.

D. Identification of new activities.

Q9- The target against which the project team will
measure the effectiveness of its execution of the risk
response plan is based on the:

A. Acceptable threshold for risk.

B. Risk score.

C. Probability/impact risk rating.

D. Overall risk ranking for the project.

Q10- Projects are particularly susceptible to risk because:

A. Murphy’s law states that “if something can go wrong, it will”

B. Each project is unique in some measure

C. Project management tools are generally unavailable at the

project team level

D. There are never enough resources to do the job