Call NowRegister

Education Edge PMP Prep Course Office Read Risk Knowledge Area

Project Risk Management


§  Project Risk Management is involved in risk identification, management and response strategy impacts every area of the project management lifecycle

§  risk = uncertainty

§  risk management= increase the probability of project success by minimizing/eliminating negative risks (threats) and increasing positive events (opportunities)

§  everyone is responsible for identifying risks for the project

§  risk has one or more causes and has one or more impacts

§  risk attitudes (EEF): risk appetite (willingness to take risks for rewards), tolerance for risk (risk tolerant or risk-averse), risk threshold (level beyond which the organization refuses to tolerate risks and may change its response)

§  pure (insurable) risk vs business risk (can be +ve or -ve)

§  known risks that cannot be dealt with proactively (active acceptance) should be assigned a contingency reserve or if the known risks cannot be analyzed, just wait for its happening and implement the workaround (which is considered passive acceptance)
Plan Risk Management

§  Inputs: Project Charter, Project Management Plan, Project Documents, EEF, OPA

§  Tools & Techniques: Expert Judgement, Data Analysis, Meetings

§  Outputs: Risk Management Plan

§  The Plan Risk Management process is involved in defining and providing resources and time to perform risk management.

§  including methodology, roles and responsibilities, budget, timing (when and how often), risk categories (e.g. risk breakdown structure RBS), definitions, stakeholder tolerances (an EEF), reporting and tracking

§  performed at project initiation and early in the Planning process

§  failure to address risks early on can ultimately be more costly later on in the project

§  Data Analysis techniques include stakeholder risk profile analysis (using the stakeholder register), strategic risk scoring sheets, etc.

§  risk breakdown structure (RBS) (included in the PM Plan) – risks grouped by categories and occurring areas

§  key risk categories:

§  scope creep

§  inherent schedule flaws

§  employee turnover

§  specification breakdown (conflicts in deliverable specifications)

§  poor productivity


Identify Risks

§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA

§  Tools & Techniques: Expert Judgement, Data Gathering, Data Analysis, Interpersonal and Team Skills, Prompt Lists, Meetings

§  Outputs: Risk Register, Risk Report, Project Document Updates

§  to find out and document all risks affecting the project from all aspects of the project, including:

§  agreements/contracts within/outside of the organization

§  procurements

§  requirements, schedule, cost, resource, quality, scope, etc. from the project management plan

§  Data Gathering Techniques: brainstorming, checklists, interviews, Delphi technique [a panel of independent experts, maintain anonymity, use questionnaire, encourage open critique],

§  Data Analysis Techniques:

§  root cause analysis [performed after an event to gain understanding to prevent similar events from occurring], SWOT analysis, assumption and constraint analysis

§  root cause analysis: safety-based (prevent accidents), production-based, process-based (include business process), failure-based, systems-based (all above)

§  root cause analysis tools: FMEA, Pareto Analysis, Bayesian Inference (conditional probability), Ishikawa Diagrams, Kepner-Tregoe

§  Monte Carlo analysis can identify points of schedule risks

§  Prompt List

§  The prompt list (newly added in PMBOK® Guide 6th Edition) is a predetermined list of risk categories that are at the lowest level of the risk breakdown structure which is used to assist in identifying risks of the projects

§  examples of prompt lists:

§  PESTLE (political, economic, social, technological, legal, environmental)

§  TECOP (technical, environmental, commercial, operations, political)

§  VUCA (volatility, uncertainty, complexity, ambiguity)

§  Risk Register (typically not including the risk reserve)

§  The Risk Register may include a risk statement

§  any risk with a probability of >70% is an issue (to be dealt with proactively and recorded in the issue log)

§  The Risk Report (new in PMBOK® Guide 6th Edition) is a document used to present information (e.g. no. of identified threats and opportunities, distribution of risks across risk categories, metrics and trends) on overall project risk. It also includes a summary information on individual project risks.


Perform Qualitative Risk Analysis

§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA

§  Tools & Techniques: Expert Judgement, Data Gathering, Data Analysis, Interpersonal and Team Skills, Risk Categorization, Data Representation, Meetings

§  Outputs: Project Document Updates (e.g. Risk Register)

§  prioritizing risks for further analysis/action and identify high priority risks

§  risks requiring near-term responses are more urgent to address

§  need to identify bias and correct it (e.g. risk attitude of the stakeholders)

§  Data Analysis Techniques include:

§  Risk data quality assessment

§  Risk probability and impact assessment

§  Assessment of other risk parameters (e.g. urgency, proximity, dormancy, manageability, controllability, detectability, connectivity, strategic impact, propinquity)

§  Data Representation Tools:

§  qualitative risk assessment matrix (format described in the Risk Management Plan)

§  hierarchical-type charts

§  the risk register is updated along the following processes: Perform Qualitative Risk Analysis, Perform Quantitative Analysis, Plan Risk Responses and Monitor & Control Risks


Perform Quantitative Risk Analysis

§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA

§  Tools & Techniques: Expert Judgement, Data Gathering, Interpersonal and Team Skills, Representation of Uncertainty, Data Analysis

§  Outputs: Project Document Updates

§  the cost, schedule and risk management plan contains guidelines on how to quantitatively analyze risks

§  involves mathematical modelling for forecasts and trend analysis

§  Representation of Uncertainty (probability distribution) reflects the risks as a probability distribution, which can be in the following distribution types:

§  Triangular

§  Normal (bell-shaped curve)

§  Lognormal

§  Beta

§  Uniform

§  Discrete

§  Data Analysis Techniques:

§  sensitivity analysis (using the tornado diagram as presentation) for determining the risks that have the most impact on the project

§  Failure Modes Effects Analysis (FMEA)

§  FMEA for manufactured product or where risk may be undetectable, Risk Priority Number (RPN) = severity (1-10) x occurrence ([0.07%] 1-10 [20%]) X detectability (1-10 [undetectable]), also a non-proprietary approach for risk management

§  Expected Value / Expected Monetary Value (EMV), probability x impact (cost/effort lost), opportunities (+ve values), threats (-ve values)

§  Simulations/Monte Carlo Analysis – by running simulations many times over in order to calculate those same probabilities heuristically just like actually playing and recording your results in a real casino situation, ‘S’ curve (cumulative distribution) will result, may use PERT/triangular distribution to model data, may use thousands of data points (a random variable), for budget/schedule analysis

§  Decision Tree Analysis – another form of EMV, branching: decision squares (decision branch – options), circles (uncertainty branch – possible outcomes)

§  Influence Diagram – graphical representations of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes


Plan Risk Responses

§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA

§  Tools & Techniques: Expert Judgement, Data Gathering, Interpersonal and Team Skills, Strategies for Threats, Strategies for Opportunities, Contingent Response Strategies, Strategies for Overall Project Risks, Data Analysis, Decision Making

§  Outputs: Change Requests, Project Management Plan Updates, Project Document Updates

§  plan response to enhance opportunities and reduce threats

§  each risk is owned by a responsible person

§  the watch list is the list of low priority risks items in the risk register

§  fallback plan will be used if 1) risk response not effective, 2) accepted risk occurs

§  Negative Risk Strategies:

§  eliminate/avoid (not to use, extend the schedule)

§  transfer (outsource, warranty, insurance)

§  mitigate (reduce the risk of more testing/precautionary actions/redundancy)

§  accept (passive – do nothing or active – contingency)

§  escalate (escalates a risk to the appropriate party — can be deleted from the risk register or retain in the risk register with a remark)

§  Positive Risk Strategies:

§  exploit (ensure opportunity by using internal resources e.g. reduce cost/use of top talents/new tech)

§  share (contractor with specialized skills, joint venture)

§  enhance (increase likelihood / impact e.g. fast-tracking, add resources etc.)

§  accept

§  passive risk acceptance to be dealt with when the risk occurs

§  Strategies for Overall Project Risk

§  the PM needs to address the overall project risks with one of the following strategies:

§  Avoid

§  Exploit

§  Mitigate/Enhance

§  Accept

§  Contingency Plan (contingent response strategies) (plan A) are developed for specific risk (when you have accepted a risk) with certain triggers vs Fallback Plan (plan B)

§  Residual Risks – risks remain after the risk response strategy was implemented, may be identified in the planning process (may subject to contingency/fallback planning) They don’t need any further analysis because you have already planned the complete response strategy you know in dealing with the risk that came before them.

§  Secondary Risks –  risk arises when the risk response strategy was implemented

§  Reserve Types

§  Contingency Reserve: known unknowns (determined risk), part of cost baseline

§  Management Reserve: unknown unknowns (discovery risk), part of project budget

§  The Risk Register is now completed with: risks and descriptions, triggers, response strategy, persons responsible, results from qualitative and quantitative analysis, residual and secondary risks, contingency and fallback, risk budget/time


Implement Risk Responses (new in PMBOK® Guide 6th Edition)

§  Inputs: Project Management Plan, Project Documents, OPA

§  Tools & Techniques: Expert Judgement, Interpersonal and Team Skills, Project Management Information System

§  Outputs: Change Requests, Project Document Updates

§  in the Executing process group

§  implementing risk responses is the responsibilities of the risk owners

§  to ensure that agreed upon risk responses (as from the Plan Risk Response process) are executed as planned to

§  address overall project risk exposure

§  minimize individual project threats

§  maximize individual project opportunities

§  the Project Management Information System provides the information to allow agreed-upon risk response plans and associated activities to be executed alongside other project activities


Control Risks

§  Inputs: Project Management Plan, Project Documents, Agreements, Work Performance Data, Work Performance Reports

§  Tools & Techniques: Data Analysis, Audits, Meetings

§  Outputs: Work Performance Information, Change Requests, Project Management Plan Updates, Project Document Updates, OPA Updates

§  when all the above risk planning processes have been performed with due diligence, the project is said to have a low-risk profile

§  responsibilities include:

§  to check if assumptions are still valid, procedures are being followed and any deviance

§  to identify new risks and evaluate effectiveness of risk response plan

§  any need to adjust contingency and management reserves

§  to re-assess the individual risk response strategies to see if they are effective

§  risk audits deal with the effectiveness of risk response and the risk management process

§  risk audits are usually performed by experts outside project team for the whole risk management process

§  Data Analysis Techniques:

§  reserve analysis – apply only to the specific risks of the project for which they were set aside

§  technical performance analysis

§  workaround: when no contingency plan exists, executed on-the-fly to address unplanned events – still need to pass through normal change control if change requests are needed

§  determine the workaround is performed in control risks

Share on: