Professional Documents
Culture Documents
Risk
Risk
MANAGEMENT
Introduction
This knowledge area includes the
processes of conducting:
1. Risk management planning.
2. Identification.
3. Analysis.
4. Response planning.
5. Response implementation.
6. Monitoring risk on a project.
Increase the probability and/or
impact of positive risks
Optimize
the chances
of project
success
Decrease the probability and/or
impact of negative risks
Effectively manage risk
Key concepts Risk exposure
An aggregate measure of the
potential impact of all risks
Risk appetite
The degree of uncertainty an organization or individual is willing to
accept in anticipation of a reward.
Overall project risk
Is the effect of uncertainty on the project as a whole,
arising from all sources of uncertainty & represent the
exposure of stakeholders. Both positive and negative.
Individual project
risk Threat. A risk that would have a negative effect on
Is an uncertain event or condition that, if it
occurs, has a positive or negative effect on one one or more project objectives.
or more project objectives.
Opportunity. A risk that would have a positive effect
on one or more project objectives.
Non-event risk
Practice trends
1 Variability risk, Ambiguity risk
Project resilience
2 Contingency, flexible process,
empowered team, early warnings
3. Knowledge sharing.
11.1
Defining how to conduct risk
management activities for a project
It ensures that :
1. The degree
2. the type.
3. The visibility of risk management.
are proportionate to both risks and the
importance of the project to the
organization and other stakeholders
11.1 Plan Risk Management
Inputs Tools & Outputs
techniques
11.1.1.5 •
•
•
Risk categories
Common definitions
Risk statement format
OPA
• Templates
• Roles and responsibilities
• Lessons learned repository
11.1.2 Plan Risk Management: Tools and Techniques
11.1.2.1 Expert Judgment 11.1.2.2 Data Analysis
Stakeholder analysis:
Organization’s Determine the risk appetite of
approach to
managing risk project stakeholders.
11.1.2.3 Meetings
Tailoring risk
management Kick-off meeting
Attendees may be from inside &
outside the org.
Types of risk
11.1.3 Plan Risk Management: Outputs
11.1.3.1 Risk Management Plan
Methodology Timing.
11.2
1. Identifying:
a. Individual project risks .
b. Sources of overall project risk.
2. documenting their characteristics.
O T
identify opportunity. 3. Resolve any
Assumption and constraint disagreements that may
analysis: arise
Examine validity
Document analysis:
Threats identified from:
1. Uncertainty.
1. Inaccuracy.
2. Ambiguity
2. Instability.
3. Inconsistencies
3. Inconsistency.
4. Incompleteness.
Opportunities identified from:
1. Removing a limiting factor
2. Relaxing a limiting factor
11.2.2.5 Prompt Lists 11.2.2.6 Meetings
a. PESTLE
b. TECOP
c. VUCA
11.2.3 Identify Risks: Outputs
11.2.3.3 Project
11.2.3.1 Risk Register 11.2.3.2 Risk Report Documents
Can be limited or extensive info. Updates
about:
Qualitative Information on:
1. List of identified risks. Lessons learned register
Quantitative 1. sources of overall
2. Potential
Plan response risk owners. project.
3. List
Implement of potential
response risk responses. 2. Risk summary Assumption log
Monitor risk identified individual
project risks .
Issue log
Perform Qualitative Risk
Analysis
11.3
Prioritizing individual project risks by
assessing:
1. Probability.
2. Impact
3. Other characteristics
for:
1. Further analysis.
2. Action
Published
Stakeholders’ risk thresholds. material.
11.3.2 Perform Qualitative Risk Analysis: Tools and
11.3.2.1 Expert Judgment Techniques 11.3.2.3 Data Analysis
Gather
better data
Probability = likelihood
Impact = effect Urgency Proximity Dormancy
Impact can be (+) /(-).
Here (definitions of risk
probability and impacts) will be
Manageability Controllability Connectivity
used.
low probability and impact will
included as part of a watch list
Strategic
Detectability Propinquity
impact
11.3.2.4 Interpersonal and Team 11.3.2.5 Risk Categorization
Skills
Facilitation: Type of categories:
Improves process effectiveness, 1. Sources of risk categorization (RBS)
by help participants: 2. Area of the project affected (WBS)
1. Focus on risk analysis. 3. Common root causes
2. Accurately follow the method. 4. Other categorization
3. Reach consensus Benefits:
4. Identify and overcome sources 1. Development of more effective risk
of bias responses
5. Resolve any disagreements 2. Developing generic risk responses
11.3.2.6 Data Representation 11.3.2.7 Meetings
Probability and impact matrix
Risk workshop:
Review identified risks.
assessment of probability, impacts & other
parameters.
Categorization.
prioritization.
Allocate risk owner for each risk.
Hierarchical charts
more parameters
11.3.3 Perform Qualitative Risk Analysis: Outputs
11.3.3.1 Project Documents Updates
Industry studies
Info from similar
Published material project
11.4.2 Perform Quantitative Risk Analysis: Tools
11.4.2.1 Expert Judgment and Techniques 11.4.2.4 Representations of
Uncertainty
Translating 11.4.2.2 Data Gathering
information into Quantitative risk analysis
numeric inputs
Interviews: requires inputs to
Generate inputs probability distribution
Representation Drawing on inputs model.
model selection
With experts. Most common forms are:
1. Triangular.
2. Normal.
Appropriate model 11.4.2.3 Interpersonal and 3. Lognormal.
technique
Team Skills 4. Beta.
5. Uniform.
Facilitation: 6. Discrete.
Generate inputs during Branches are for discrete
Appropriate tools
risk workshop. risks.
Improve effectiveness Correlation are for
related risks.
Interpretation
11.4.2.5 Data Analysis
Simulation Simulation
Sensitivity
analysis
Help determine most potential impact on
project outcomes from:
1. individual project risks.
2. other sources of uncertainty
Common representation is tornado
diagram
Elements can be:
1. individual project risks.
2. highest degrees of variability activities .
3. specific sources of ambiguity
11.4.2.5 Data Analysis
Decision tree
analysis
Used to support selection of the best of
several alternative courses of action. A new company in agriculture with unexperienced staff
Alternatives are decisions or events. would like to buy harvest machine for their first season.
Alternatives represented by branches.
Each branch can have associated costs and Use failure 20%
related individual project risks. Failure cost 50,000 $
Branches end-points are their outcome. Buy best in class 20%*50000= 10000 $
Expected Monetary Value (EMV). machine (295,000)$
The estimated value of an outcome expressed in Pass impact
monetary terms.
EMV = P * I
Buy New or 295000 + 10000 =305000 $
E.g.: Work package (A) has threat with 15% common
probability & 3000$ impact as well as Use failure 45%
opportunity with probability 20% & 10000$ New Failure cost 65,000 $
impact. Buy already
45%*65000= 29250 $
EMV = .15 * 3000 = -450 $ common machine
EMV = .2 * 10000 = 2000 $ (280,000)$ Pass no impact
Aggregated = 2000 – 450 = 1550 $
280000 + 29250 =309250 $
11.4.2.5 Data Analysis
Influence
diagrams
graphical representation of situations showing:
1. Causal influences.
2. Time ordering of events.
3. Other relationships among variables & outcomes.
Exposes key risk drivers
The influence diagram evaluated using a simulation
technique
Outputs from an influence diagram are similar to
other quantitative risk analysis methods, including S-
curves and tornado diagrams.
11.4.3 Perform Quantitative Risk Analysis: Outputs
11.4.3.1 Project Documents Updates
Risk report:
Assessment of overall project risk exposure
Two key measures:
1. Chances of project success
2. Degree of inherent variability
Detailed probabilistic analysis of the project
Presentation + narrative interpretation, with
the following outputs:
1. Amount of contingency
2. Individual risk or sources of risks with the
greatest effect
3. Major drivers of overall project risk
Prioritized list of individual project risks
Trends in quantitative risk analysis results
Recommended risk responses
Plan Risk Responses
11.5
It identifies appropriate ways to
Developing options, selecting strategies, address overall project risk and
and agreeing on actions to: individual project risks.
Address overall project risk exposure, by: Allocates resources and inserts
1. Reduce overall project risk exposure
activities into project documents and
To treat individual project risks, as
the project management plan as
following:
1. Minimize individual threats
needed
2. Maximize individual opportunities
nominated risk owner for addressing every A contingency reserve:
sufficiently important individual project Allocated for time or cost
risk Secondary risks:
Project manager respond appropriately to Risks that arise as a direct result of
the current level of overall project risk. implementing a risk response
The strategy or mix of strategies responses Residual risk:
should be characterized with the following: The risk that remains after risk responses
1. Appropriate. have been implemented.
2. cost-effective.
3. Realistic.
4. agreed upon.
5. owned by a responsible person
11.5 Plan Risk Responses
Inputs Tools & techniques Outputs
Contingent
response
strategies
Overall
project risk
response
strategies.
threat is outside the scope of the project or that the
Escalate proposed response would exceed the project manager’s
authority.
Avoid eliminate the threat or protect the project from its impact.
11.5.2.4 Strategies
for Threats
Exploit
for Opportunities
occurs.
Scope baseline
Schedule baseline
Cost baseline
11.5.3.3 Project Documents Updates
11.6
Implementing agreed-upon risk response
plans.
Risk report
Changes to:
Project team assignments personnel.
1. Challenges 2. Specific budget
encountered 3. Specific time
1. Cost baselines. 2. Approaches that allowance
worked well
2. Schedule baselines.
Lessons learned register
3. Other components of
the project
Issue log.
Reflect any changes • Identified &
agreed-upon risk recorded in the
management plan. responses for individual issue log.
risks.
Risk register
Reflect any changes
agreed-upon risk
responses to overall
project risk exposure Risk report.
Monitor Risks
11.7
1. Monitoring the implementation of agreed-
upon risk response plans.
2. Tracking identified risks.
3. Identifying and analyzing new risks.
4. Evaluating risk process effectiveness
throughout the project
Risk report
3. Forecasting data.
11.7.2 Monitor Risks: Tools and Techniques
11.7.2.1 Data Analysis 11.7.2.2 Audits 11.7.2.3 Meetings
Project manager
Contingency responsibility.
reserves Conducted as defined in Risk review:
remaining Technical Examine and
against the risk management plan.
performance document the
amount of risk analysis Format & objectives
remaining should be clearly defined. effectiveness of risk
Used to consider the responses
Reserve
effectiveness of the risk
analysis
management process.
Can be conducted by:
1. Routine project review
meetings.
Compare actual results against 2. risk review meeting.
targets, e.g.:
3. separate risk audit
1. Weight.
2. Transaction times. meetings.
3. Number of delivered
defects.
4. Storage capacity
11.7.3 Monitor Risks: Outputs
11.7.3.1 Work Performance Information 11.7.3.2 Change Requests
Reflect the effectiveness of the response Planned risk responses may change:
planning and response implementation 1. Baselines
Compare: 2. Components of the project
The occurrence of risks vs the management plan
expectation of how they would occur.
11.7.3.5
11.7.3.3 Project Management OPA
updates
Plan Updates RBS
Any component of the project
management plan 11.7.3.4 Project Documents
Updates Templates
Lessons
Assumption Risk
Issue log learned Risk report
log register
register