PROJECT RISK

MANAGEMENT
 Introduction
 This knowledge area includes the
processes of conducting:
1. Risk management planning.
2. Identification.
3. Analysis.
4. Response planning.
5. Response implementation.
6. Monitoring risk on a project.
Increase the probability and/or
impact of positive risks

Optimize
the chances
of project
success
Decrease the probability and/or
impact of negative risks
 Effectively manage risk
Key concepts Risk exposure
An aggregate measure of the
potential impact of all risks

Organizations address risks in a Risk exposure

controlled and intentional manner Risk thresholds The measure of acceptable variation around
an objective that reflects the risk appetite

Risk appetite
The degree of uncertainty an organization or individual is willing to
accept in anticipation of a reward.
Overall project risk
Is the effect of uncertainty on the project as a whole,
arising from all sources of uncertainty & represent the
exposure of stakeholders. Both positive and negative.
Individual project
risk Threat. A risk that would have a negative effect on
Is an uncertain event or condition that, if it
occurs, has a positive or negative effect on one one or more project objectives.
or more project objectives.
Opportunity. A risk that would have a positive effect
on one or more project objectives.
 Non-event risk
Practice trends
1 Variability risk, Ambiguity risk

Project resilience
2 Contingency, flexible process,
empowered team, early warnings

3 Integrated risk management

Enterprise risk management
 Agile/Adaptive Environments

 Agile practice in risk knowledge area:

1. More uncertain & risky.

2. Frequent reviews of incremental work products

3. Knowledge sharing.

4. Requirements are kept as a living document.

Project Risk Management Processes
Monitoring
Monitoring &
Initiation Planning Execution and Closing
Controlling
Controlling
Plan Risk Management

11.1
 Defining how to conduct risk
management activities for a project

 It ensures that :
1. The degree
2. the type.
3. The visibility of risk management.
 are proportionate to both risks and the
importance of the project to the
organization and other stakeholders
 11.1 Plan Risk Management
Inputs Tools & Outputs
techniques

.1 Project charter .1 Expert judgment .1 Risk

.2 Project .2 Data analysis management
management plan .3 Meetings plan
.3 Project
documents
.4 Enterprise
environmental
factors
.5 Organizational
process assets
 11.1.1 Plan Risk Management: Inputs
11.1.1.1 Project Charter 11.1.1.2 Project 11.1.1.3 Project Documents
Management Plan
All approved subsidiary Mgmt. plans Stakeholder register

1. High-level project description.

• Organizational risk thresholds
11.1.1.4
2. High-level project boundaries.
3. High-level requirements • Stakeholder risk thresholds
4. High-level risks.
EEF
• Organizational risk policy

11.1.1.5 •
•
•
Risk categories
Common definitions
Risk statement format

OPA
• Templates
• Roles and responsibilities
• Lessons learned repository
11.1.2 Plan Risk Management: Tools and Techniques
11.1.2.1 Expert Judgment 11.1.2.2 Data Analysis
 Stakeholder analysis:
Organization’s  Determine the risk appetite of
approach to
managing risk project stakeholders.

11.1.2.3 Meetings
Tailoring risk
management  Kick-off meeting
 Attendees may be from inside &
outside the org.

Types of risk
 11.1.3 Plan Risk Management: Outputs
11.1.3.1 Risk Management Plan

Risk strategy Funding

Methodology Timing.

Roles & Risk categories

responsibility
Stakeholder risk appetite
Probability and impact matrix
Definitions of risk
Reporting formats Tracking probability and impacts
Definitions of risk probability and impacts Probability and impact matrix

 Specific to project context.  Prioritization rule.

 Can start with org. definition, then  Tailored to project context.
develop project specific definition  Descriptive terms or numeric values.
 Reflect the risk appetite and thresholds  Numeric values generate risk score.
Identify Risks

11.2
1. Identifying:
a. Individual project risks .
b. Sources of overall project risk.
2. documenting their characteristics.

 The documentation of existing individual

project risks and the sources of overall
project risk.
 Brings together information to allow team
to respond appropriately to identified risks.
 Risk owners could be nominated.
 (Preliminary) Risk responses could be
• The person responsible for:
identified & recorded.
1. Selecting and implementing an
appropriate risk response strategy.
 For individual risks, consistent format 2. Monitoring the risks .
should be used for risk statements. 3. Reporting on progress.
 11.2 Identify Risks
Inputs Tools & techniques Outputs

.1 Project .1 Expert judgment .1 Risk register

management plan .2 Data gathering .2 Risk report
.2 Project documents .3 Data analysis .3 Project
.3 Agreements .4 Interpersonal and team documents
.4 Procurement skills updates
documentation .5 Prompt lists
.5 Enterprise .6 Meetings
environmental
factors
.6 Organizational
process assets
 11.2.1 Identify Risks: Inputs
11.2.1.1 Project Management Plan 11.2.1.2 Project Documents
Requirements management plan
Requirements documentation
• Risky project objectives
Schedule management plan
• Areas subject to uncertainty or ambiguity. Lessons learned register.
Cost management plan
• Areas subject to uncertainty or ambiguity. Resource requirements
Quality management plan
• Areas subject to uncertainty or ambiguity.
Duration estimates
Risk management plan
• How to identify risks, roles & responsibilities
Resources management plan Assumption log.
• Areas subject to uncertainty or ambiguity.
Scope baseline Cost estimates
• Risky deliverables and criteria, WBS used as framework.
Schedule baseline
Issue log
• Milestone & due dates that are subject to uncertainty or ambiguity.
Cost baseline
• Identify costs or funding requirements that are subject to uncertainty Stakeholder register
or ambiguity.
 11.2.1.3 Agreements 11.2.1.4 Procurement Documentation
1. Can increase or decrease
1. Contract type. overall project risk
2. Awards and penalties. 2. Can introduce additional
3. Acceptance criteria individual project risks

11.2.1.5 EEF 11.2.1.6 OPA

• Published material.
• Academic studies
• Benchmarking results
• Industry studies.
• Project files.
• Organizational and
project process controls.
• Risk statement formats.
• Checklists from previous
similar projects.
 11.2.2 Identify Risks: Tools and Techniques
11.2.2.1 Expert Judgment 11.2.2.2 Data Gathering

 To obtain a comprehensive list of:

1. Individual project risks
Specialized Brainstorming 2. Sources of overall project risk.
Benchmarking
knowledge
 List of items, actions, or points to
Checklists be considered

Be caution about expert bias Interview  Interviewing experienced stakeholder.

s
Be caution about bias
 11.2.2.3 Data Analysis
 Root cause analysis:
Identify the underlying causes.
Develop prevention action.
 Tips:
S W
• Start with problem statement, to
identify threat.
• Start with benefit statement, to
Project / org. / business area 11.2.2.4 Interpersonal
and Team Skills
 Facilitation:
 Improves other techniques.
1. Ensure clear risk
descriptions.
2. Identify and overcome
sources of bias.

O T
identify opportunity. 3. Resolve any
 Assumption and constraint disagreements that may
analysis: arise
 Examine validity
 Document analysis:
 Threats identified from:
1. Uncertainty.
1. Inaccuracy.
2. Ambiguity
2. Instability.
3. Inconsistencies
3. Inconsistency.
4. Incompleteness.
 Opportunities identified from:
1. Removing a limiting factor
2. Relaxing a limiting factor
 11.2.2.5 Prompt Lists 11.2.2.6 Meetings

 List of risk categories used as a framework  Risk workshop:

to aid in idea generation. E.g.:  Right people should participate.

1. Lowest WBS.  Skilled facilitator is required.

2. Strategic frameworks:  Can include brainstorming.

a. PESTLE

b. TECOP

c. VUCA
 11.2.3 Identify Risks: Outputs
11.2.3.3 Project
11.2.3.1 Risk Register 11.2.3.2 Risk Report Documents
 Can be limited or extensive info. Updates
about:
Qualitative Information on:
1. List of identified risks. Lessons learned register
Quantitative 1. sources of overall
2. Potential
Plan response risk owners. project.
3. List
Implement of potential
response risk responses. 2. Risk summary Assumption log
Monitor risk identified individual
project risks .
Issue log
Perform Qualitative Risk
Analysis
11.3
 Prioritizing individual project risks by
assessing:
1. Probability.
2. Impact
3. Other characteristics
 for:
1. Further analysis.
2. Action

 It focuses efforts on high-priority risks.

 Assign risk owner:
1. Plan risk response.
2. Ensure risk response is implemented.

 Subjective assessments based on stakeholders

perceptions of risk.
 Attention to identifying bias and correcting it.
 11.3 Perform Qualitative Risk Analysis
Inputs Tools & techniques Outputs

.1 Project .1 Expert judgment .1 Project

management plan .2 Data gathering documents
.2 Project documents .3 Data analysis updates
.3 Enterprise .4 Interpersonal and team
environmental skills
factors .5 Risk categorization
.4 Organizational .6 Data representation
process assets .7 Meetings
 11.3.1 Perform Qualitative Risk Analysis: Inputs
11.3.1.1 Project Management Plan 11.3.1.2 Project Documents
Roles and responsibilities
Stakeholder register
Risk Mgmt. plan

Budgets for risk management.

Schedule activities for risk Assumption log

management.
Risk categories.

Definitions of probability and impact. 11.3.1.3 11.3.1.4

Risk register
EEF OPA
Industry Lesson
Probability and impact matrix. studies. learned

Published
Stakeholders’ risk thresholds. material.
 11.3.2 Perform Qualitative Risk Analysis: Tools and
11.3.2.1 Expert Judgment Techniques 11.3.2.3 Data Analysis

11.3.2.2 Data Gathering

 Interviews: Risk data quality
Previous
similar 1. Structured or semi- assessment
projects
structured.
2. To assess the probability &
impact. Risk probability
and impact
assessment

Qualitative Assessment of other

risk analysis.
risk parameters
Risk data quality
assessment Low quality
Risk data quality

Accuracy Reliability No benefit

Gather
better data

Completeness Objectivity Relevancy Timeliness

 Risk probability and Assessment of other
impact assessment risk parameters

 Probability = likelihood
 Impact = effect Urgency Proximity Dormancy
 Impact can be (+) /(-).
 Here (definitions of risk
probability and impacts) will be
Manageability Controllability Connectivity
used.
 low probability and impact will
included as part of a watch list
Strategic
Detectability Propinquity
impact
11.3.2.4 Interpersonal and Team
Skills
 Facilitation:
 Improves process effectiveness,
by help participants:
1. Focus on risk analysis.
2. Accurately follow the method.
3. Reach consensus
4. Identify and overcome sources
of bias
5. Resolve any disagreements
11.3.2.5 Risk Categorization
 Type of categories:
1. Sources of risk categorization (RBS)
2. Area of the project affected (WBS)
3. Common root causes
4. Other categorization
 Benefits:
1. Development of more effective risk
responses
2. Developing generic risk responses
 11.3.2.6 Data Representation 11.3.2.7 Meetings
Probability and impact matrix
 Risk workshop:
 Review identified risks.
 assessment of probability, impacts & other
parameters.
 Categorization.
 prioritization.
 Allocate risk owner for each risk.

 Separate probability and impact matrix

for each objective
 An org. can develop ways to determine
one overall priority level for each risk

Hierarchical charts

 more parameters
11.3.3 Perform Qualitative Risk Analysis: Outputs
11.3.3.1 Project Documents Updates

Assumption log Issue log Risk register Risk report

• New assumptions. • New issues • Assessments of • Most important
• New constraints. • Changes in currently probability & impacts individual project risks
• Revisit and change logged issues for each individual • Prioritized list of all
existing assumptions project risk identified risks
or constraints • Priority level • Summary conclusion
• Nominated risk owner
• Risk urgency
• Risk categorization
• Requiring further
analysis
• Watch list
Perform Quantitative Risk
Analysis
11.4
 Numerically analyzing the combined
effect of:
1. Identified individual project risks .
2. Other sources of uncertainty on overall
project objectives.

 Quantifies overall project risk exposure.

 Additional quantitative risk information.
 To perform this process, It requires:
1. High-quality data
2. Sound underlying project baseline
3. Specialized risk software
 Can be performed after plan response
process too
 This process is not projects. requirements
required for every 3. Strategic  consumes
project. usually important additional time
projects. and cost.
for:
4. Contractually
1. Large projects.
required.
2. Complex
 11.4 Perform Quantitative Risk Analysis

Inputs Tools & techniques Outputs

.1 Project .1 Expert judgment .1 Project

management plan .2 Data gathering documents
.2 Project documents .3 Interpersonal and team skills updates
.3 Enterprise .4 Representations of
environmental uncertainty
factors .5 Data analysis
.4 Organizational
process assets
 11.4.1 Perform Quantitative Risk Analysis: Inputs
11.4.1.1 Project Management Plan 11.4.1.2 Project Documents
Assumption Basis of Cost
log estimates estimates
Risk management plan
Duration Resource
Milestone list
Scope baseline estimates requirements

Schedule baselin Risk register Risk report

Schedule
forecasts

Cost baselin 11.4.1.3 EEF 11.4.1.4 OPA

Industry studies
Info from similar
Published material project
11.4.2 Perform Quantitative Risk Analysis: Tools
11.4.2.1 Expert Judgment and Techniques 11.4.2.4 Representations of
Uncertainty
Translating 11.4.2.2 Data Gathering
information into  Quantitative risk analysis
numeric inputs
 Interviews: requires inputs to
 Generate inputs probability distribution
Representation  Drawing on inputs model.
model selection
 With experts.  Most common forms are:
1. Triangular.
2. Normal.
Appropriate model 11.4.2.3 Interpersonal and 3. Lognormal.
technique
Team Skills 4. Beta.
5. Uniform.
 Facilitation: 6. Discrete.
 Generate inputs during  Branches are for discrete
Appropriate tools
risk workshop. risks.
 Improve effectiveness  Correlation are for
related risks.
Interpretation
 11.4.2.5 Data Analysis

Simulation Simulation

 Monte Carlo analysis

Sensitivity  Generates a quantitative
risk analysis model.
analysis  Generated by software.
 Simulates the combined
effects of:
Decision tree  individual project risks
analysis  other sources of uncertainty
 Uses cost estimates and/or
duration estimates.
 Can run criticality analysis
Influence  Outputs e.g.:
diagrams 1. Histogram.
2. Cumulative probability
distribution.
 11.4.2.5 Data Analysis

Sensitivity
analysis
 Help determine most potential impact on
project outcomes from:
1. individual project risks.
2. other sources of uncertainty
 Common representation is tornado
diagram
 Elements can be:
1. individual project risks.
2. highest degrees of variability activities .
3. specific sources of ambiguity
 11.4.2.5 Data Analysis
Decision tree
analysis
 Used to support selection of the best of
several alternative courses of action. A new company in agriculture with unexperienced staff
 Alternatives are decisions or events. would like to buy harvest machine for their first season.
 Alternatives represented by branches.
 Each branch can have associated costs and Use failure 20%
related individual project risks. Failure cost 50,000 $
 Branches end-points are their outcome. Buy best in class 20%*50000= 10000 $
 Expected Monetary Value (EMV). machine (295,000)$
 The estimated value of an outcome expressed in Pass impact
monetary terms.
 EMV = P * I
Buy New or 295000 + 10000 =305000 $
 E.g.: Work package (A) has threat with 15% common
probability & 3000$ impact as well as Use failure 45%
opportunity with probability 20% & 10000$ New Failure cost 65,000 $
impact. Buy already
45%*65000= 29250 $
 EMV = .15 * 3000 = -450 $ common machine
 EMV = .2 * 10000 = 2000 $ (280,000)$ Pass no impact
 Aggregated = 2000 – 450 = 1550 $
280000 + 29250 =309250 $
 11.4.2.5 Data Analysis
Influence
diagrams
 graphical representation of situations showing:
1. Causal influences.
2. Time ordering of events.
3. Other relationships among variables & outcomes.
 Exposes key risk drivers
 The influence diagram evaluated using a simulation
technique
 Outputs from an influence diagram are similar to
other quantitative risk analysis methods, including S-
curves and tornado diagrams.
11.4.3 Perform Quantitative Risk Analysis: Outputs
11.4.3.1 Project Documents Updates

 Risk report:
 Assessment of overall project risk exposure
Two key measures:
1. Chances of project success
2. Degree of inherent variability
 Detailed probabilistic analysis of the project
Presentation + narrative interpretation, with
the following outputs:
1. Amount of contingency
2. Individual risk or sources of risks with the
greatest effect
3. Major drivers of overall project risk
 Prioritized list of individual project risks
 Trends in quantitative risk analysis results
 Recommended risk responses
Plan Risk Responses

11.5

 Developing options, selecting strategies,
and agreeing on actions to:
 Address overall project risk exposure, by:
1. Reduce overall project risk exposure
 To treat individual project risks, as
following:
1. Minimize individual threats
2. Maximize individual opportunities
 nominated risk owner for addressing every
sufficiently important individual project
risk
 Project manager respond appropriately to
the current level of overall project risk.
 The strategy or mix of strategies responses
should be characterized with the following:
1. Appropriate.
2. cost-effective.
3. Realistic.
4. agreed upon.
5. owned by a responsible person
 It identifies appropriate ways to
address overall project risk and
individual project risks.
 Allocates resources and inserts
activities into project documents and
the project management plan as
needed
A contingency reserve:
Allocated for time or cost
Secondary risks:
Risks that arise as a direct result of
implementing a risk response
Residual risk:
The risk that remains after risk responses
have been implemented.
 11.5 Plan Risk Responses
Inputs Tools & techniques Outputs

.1 Project management .1 Expert judgment .1 Change requests

plan .2 Data gathering .2 Project
.2 Project documents .3 Interpersonal and team skills management plan
.3 Enterprise .4 Strategies for threats updates
environmental .5 Strategies for opportunities .3 Project documents
factors updates
.6 Contingent response strategies
.4 Organizational process .7 Strategies for overall project
assets
risk
.8 Data analysis
.9 Decision making
 11.5.1 Plan Risk Responses: Inputs
11.5.1.1 Project Management Plan
Resource management plan
• The coordination between
resources allocated to agreed-upon
risk responses & other project
resources
11.5.1.2 Project Documents
11.5.1.3 EEF
Project team assignments
risk appetite and thresholds
Lessons learned register
Resource calendars

Risk management plan

Project schedule 11.5.1.4 OPA
• Roles and responsibilities and risk
Templates
thresholds are used in this process.
Risk register Historical databases
Cost baseline Lessons learned
Risk report repositories
• Info on the contingency fund that is
allocated to respond to risks.
Stakeholder register
 11.5.2 Plan Risk Responses: Tools and Techniques
11.5.2.1 Expert Judgment 11.5.2.2 Data Gathering 11.5.2.3 Interpersonal and
 Interviews: Team Skills
Threat
response  With risk owner or other  Facilitation:
strategies
stakeholders.  Improves effectiveness of
 Structured or semi- developing responses.
structured interviews.  Skilled facilitator can help
Opportunity
response
risk owner in developing
strategies responses.

Contingent
response
strategies

Overall
project risk
response
strategies.
 threat is outside the scope of the project or that the
Escalate proposed response would exceed the project manager’s
authority.

Avoid eliminate the threat or protect the project from its impact.
11.5.2.4 Strategies
for Threats

shifting ownership of a threat to a third party to manage the

Transfer
risk and to bear the impact if the threat occurs.

reduce the probability of occurrence and/ or impact of a

Mitigate
threat.

Actively accepting a risk can

include developing a
acknowledges the existence contingency plan
Accept of a threat, but no
proactive action is planned.
passive acceptance, means
doing nothing.
 an opportunity is outside the scope of the project or that
Escalate the proposed response would exceed the project manager’s
authority.

the project team acts to ensure that an opportunity

11.5.2.5 Strategies

Exploit
for Opportunities

occurs.

allocating ownership of an opportunity to a third party who

Share is best able to capture the benefit of that opportunity.

increase the probability of occurrence or impact of an

Enhance opportunity.

accepting an opportunity acknowledges its existence but no

Accept proactive action is planned.
11.5.2.6 Contingent Response Strategies
 Contingency plans:
 Designed for use only if certain events
occur.
 A response plan is executed under certain
predefined conditions, such as
1. If the selected strategy turns out not
to be fully effective.
2. An accepted risk occurs
 Define & track triggers.
11.5.2.7 Strategies for Over all Project
Risk
 The same risk response strategies used
to individual project risks can also be
applied to overall project risk
• Significantly negative overall project risk which
Avoid. exceeds threshold.
• Significantly positive overall project risk which
Exploit. exceeds threshold.

• Third party may be involved to manage the risk on

Transfer/share behalf of the organization

• Changing the level of overall project risk to optimize

Mitigate/enhance the chances of achieving the project’s objectives.

• The organization may choose to continue with the

Accept. project as currently defined,
11.5.2.8 Data Analysis 11.5.2.9 Decision Making

 Multicriteria decision analysis:

 Help prioritize risk response strategies,
Cost- by:
benefit 1. Uses a decision matrix.
analysis 2. Evaluating and ranking alternatives.
3. Selecting a preferred option.
 Decision criteria may include:
1. Cost of response.
Alternatives
2. Resource availability.
analysis
3. Timing constraints
4. Level of impact if the risk occurs.
5. Effect of response on related risks.
6. Introduction of secondary risks.
 11.5.3 Plan Risk Responses: Outputs
11.5.3.1 Change Requests 11.5.3.2 Project Management Plan Updates
 Planned risk responses may change: Schedule management plan
1. Baselines
2. Components of the project Cost management plan
management plan
Quality management plan

Resource management plan

Procurement management plan

Scope baseline

Schedule baseline

Cost baseline
 11.5.3.3 Project Documents Updates

New assumptions new

constraints revisit or Assumption log Risk register
rechange assumptions &
constraints.
1. Agreed-upon response strategies & its
related actions.
May change as a result Cost forecasts
of planned risk 2. Trigger conditions
responses
3. Budget and schedule activities
required
Updated with information
Lessons learned 4. Contingency plans and risk triggers.
about risk responses register 5. Fallback plans .
6. Residual risks
7. Deliberately accepted risk.
Activities relating to
agreed-upon risk Project schedule 8. Secondary risks
responses may be added
to the project schedule. Risk report
1. Updated to present agreed-upon
The necessary
resources will be
allocated to each action
Project team responses to the current overall project
risk.
associated with a risk
response plan
assignments 2. Expected changes as a result of
Implement Risk Responses

11.6
 Implementing agreed-upon risk response
plans.

 It ensures that agreed-upon risk responses

are executed as planned in order to:
1. Address overall project risk exposure.
2. Minimize individual project threats.
3. Maximize individual project opportunities

 It notices that after great work in planning

for risks, no action is taken to manage the
risk
 11.6 Implement Risk Responses
Inputs Tools & Outputs
techniques

.1 Project .1 Expert judgment .1 Change

management plan .2 Interpersonal and team requests
.2 Project skills .2 Project
documents .3 Project management documents
.3 Organizational information system updates
process assets
 11.6.1 Implement Risk Responses: Inputs
11.6.1.1 Project Management Plan 11.6.1.2 Project Documents
 Risk management plan: Lessons
learned Lesson learned from previous
1. Roles and responsibilities register exercises
2. Level of detail
3. Risk thresholds
Risk
register
Agreed-upon risk responses

Risk report

11.6.1.3 OPA • Assessment of the current overall project risk exposure

• Agreed-upon risk response strategy
• Major individual project
• Risks with their planned responses.
 Lesson learned repository
From similar completed projects that
indicate the effectiveness of particular risk
responses.
 11.6.2 Implement Risk Responses: Tools
11.6.2.1 Expert Judgment and Techniques 11.6.2.3 PMIS
11.6.2.2 Interpersonal and
 Software:
Validate Team Skills  Integrate agreed-
risk
 Influencing: upon risk response
responses
 Risk owner could be: plans into project.
1. Outside the immediate project  Systems can include:
team. 1. Schedule.
2. Have other competing demands 2. Cost
 Facilitation: 3. Resources.
 Skilled facilitator can
encourage risk owner to
Modify take necessary action where
risk required
responses
 11.6.3 Implement Risk Responses: Outputs
11.6.3.1 Change Requests 11.6.3.2 Project Documents Updates
1. Suitably qualified
and experienced

 Changes to:
Project team assignments personnel.
1. Challenges 2. Specific budget
encountered 3. Specific time
1. Cost baselines. 2. Approaches that allowance
worked well

2. Schedule baselines.
Lessons learned register

3. Other components of

the project
Issue log.
Reflect any changes • Identified &
agreed-upon risk recorded in the
management plan. responses for individual issue log.
risks.
Risk register
Reflect any changes
agreed-upon risk
responses to overall
project risk exposure Risk report.
Monitor Risks

11.7
1. Monitoring the implementation of agreed-
upon risk response plans.
2. Tracking identified risks.
3. Identifying and analyzing new risks.
4. Evaluating risk process effectiveness
throughout the project

 It enables project decisions to be based on current

information about overall project risk exposure and
individual project risks.
 Uses information to determine if:
1. Implemented risk responses are effective.
2. Level of overall project risk has changed.
3. Status of identified individual project risks has changed.
4. New individual project risks have arisen.
5. Risk management approach is still appropriate.
6. Project assumptions are still valid.
7. Risk management policies and procedures are followed.
8. Contingency reserves for cost or schedule require
modification.
9. Project strategy is still valid.
 11.7 Monitor Risks
Inputs Tools & techniques Outputs

.1 Project .1 Data analysis. .1 Work

management plan .2 Audits performance
.2 Project documents .3 Meetings information
.3 Work performance .2 Change
data requests
.4 Work performance .3 Project
reports management
plan updates
.4 Project
documents
updates
.5 Organizational
process assets
updates
 11.7.1 Monitor Risks: Inputs
11.7.1.1 Project Management Plan
 Risk management plan:
 Provides guidance on :
1. How and when risks should be
reviewed.
2. Which policies and procedures
should be followed
3. Roles and responsibilities
4. Reporting format.
11.7.1.2 Project Documents
Issue log
• Updated open issues and their associated update to the risk register
Lessons learned register
• Risk-related lessons from earlier in the project
Risk register
• Identified individual
• Project risks.
• Risk owners.
• Agreed-upon risk responses
Risk report
• Current overall project risk exposure.
• The agreed-upon risk response strategy
11.7.1.3 Work Performance Data 11.7.1.4 Work Performance Reports

 Implemented risk responses.  Provide information from performance

 Occurred risks . measurement, including:

 Active risks . 1. Variance analysis.

 Closed risks. 2. Earned value data.

3. Forecasting data.
 11.7.2 Monitor Risks: Tools and Techniques
11.7.2.1 Data Analysis 11.7.2.2 Audits 11.7.2.3 Meetings
 Project manager
Contingency responsibility.
reserves  Conducted as defined in  Risk review:
remaining Technical  Examine and
against the risk management plan.
performance document the
amount of risk analysis  Format & objectives
remaining should be clearly defined. effectiveness of risk
 Used to consider the responses
Reserve
effectiveness of the risk
analysis
management process.
 Can be conducted by:
1. Routine project review
meetings.
Compare actual results against 2. risk review meeting.
targets, e.g.:
3. separate risk audit
1. Weight.
2. Transaction times. meetings.
3. Number of delivered
defects.
4. Storage capacity
 11.7.3 Monitor Risks: Outputs
11.7.3.1 Work Performance Information 11.7.3.2 Change Requests
 Reflect the effectiveness of the response  Planned risk responses may change:
planning and response implementation 1. Baselines
 Compare: 2. Components of the project
 The occurrence of risks vs the management plan
expectation of how they would occur.
11.7.3.5
11.7.3.3 Project Management OPA
updates
Plan Updates RBS
 Any component of the project
management plan 11.7.3.4 Project Documents
Updates Templates
Lessons
Assumption Risk
Issue log learned Risk report
log register
register