Education Edge PMP Prep Course Office Read Risk Knowledge Area


Project Risk Management




§  Project Risk Management is involved in risk identification, management and response strategy impacts every area of the project management lifecycle


§  risk = uncertainty


§  risk management= increase the probability of project success by minimizing/eliminating negative risks (threats) and increasing positive events (opportunities)


§  everyone is responsible for identifying risks for the project


§  risk has one or more causes and has one or more impacts


§  risk attitudes (EEF): risk appetite (willingness to take risks for rewards), tolerance for risk (risk tolerant or risk-averse), risk threshold (level beyond which the organization refuses to tolerate risks and may change its response)


§  pure (insurable) risk vs business risk (can be +ve or -ve)


§  known risks that cannot be dealt with proactively (active acceptance) should be assigned a contingency reserve or if the known risks cannot be analyzed, just wait for its happening and implement the workaround (which is considered passive acceptance)
Plan Risk Management


§  Inputs: Project Charter, Project Management Plan, Project Documents, EEF, OPA


§  Tools & Techniques: Expert Judgement, Data Analysis, Meetings


§  Outputs: Risk Management Plan


§  The Plan Risk Management process is involved in defining and providing resources and time to perform risk management.


§  including methodology, roles and responsibilities, budget, timing (when and how often), risk categories (e.g. risk breakdown structure RBS), definitions, stakeholder tolerances (an EEF), reporting and tracking


§  performed at project initiation and early in the Planning process


§  failure to address risks early on can ultimately be more costly later on in the project


§  Data Analysis techniques include stakeholder risk profile analysis (using the stakeholder register), strategic risk scoring sheets, etc.


§  risk breakdown structure (RBS) (included in the PM Plan) – risks grouped by categories and occurring areas


§  key risk categories:


§  scope creep


§  inherent schedule flaws


§  employee turnover


§  specification breakdown (conflicts in deliverable specifications)


§  poor productivity




Identify Risks


§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA


§  Tools & Techniques: Expert Judgement, Data Gathering, Data Analysis, Interpersonal and Team Skills, Prompt Lists, Meetings


§  Outputs: Risk Register, Risk Report, Project Document Updates


§  to find out and document all risks affecting the project from all aspects of the project, including:


§  agreements/contracts within/outside of the organization


§  procurements


§  requirements, schedule, cost, resource, quality, scope, etc. from the project management plan


§  Data Gathering Techniques: brainstorming, checklists, interviews, Delphi technique [a panel of independent experts, maintain anonymity, use questionnaire, encourage open critique],


§  Data Analysis Techniques:


§  root cause analysis [performed after an event to gain understanding to prevent similar events from occurring], SWOT analysis, assumption and constraint analysis


§  root cause analysis: safety-based (prevent accidents), production-based, process-based (include business process), failure-based, systems-based (all above)


§  root cause analysis tools: FMEA, Pareto Analysis, Bayesian Inference (conditional probability), Ishikawa Diagrams, Kepner-Tregoe


§  Monte Carlo analysis can identify points of schedule risks


§  Prompt List


§  The prompt list (newly added in PMBOK® Guide 6th Edition) is a predetermined list of risk categories that are at the lowest level of the risk breakdown structure which is used to assist in identifying risks of the projects


§  examples of prompt lists:


§  PESTLE (political, economic, social, technological, legal, environmental)


§  TECOP (technical, environmental, commercial, operations, political)


§  VUCA (volatility, uncertainty, complexity, ambiguity)


§  Risk Register (typically not including the risk reserve)


§  The Risk Register may include a risk statement


§  any risk with a probability of >70% is an issue (to be dealt with proactively and recorded in the issue log)


§  The Risk Report (new in PMBOK® Guide 6th Edition) is a document used to present information (e.g. no. of identified threats and opportunities, distribution of risks across risk categories, metrics and trends) on overall project risk. It also includes a summary information on individual project risks.




Perform Qualitative Risk Analysis


§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA


§  Tools & Techniques: Expert Judgement, Data Gathering, Data Analysis, Interpersonal and Team Skills, Risk Categorization, Data Representation, Meetings


§  Outputs: Project Document Updates (e.g. Risk Register)


§  prioritizing risks for further analysis/action and identify high priority risks


§  risks requiring near-term responses are more urgent to address


§  need to identify bias and correct it (e.g. risk attitude of the stakeholders)


§  Data Analysis Techniques include:


§  Risk data quality assessment


§  Risk probability and impact assessment


§  Assessment of other risk parameters (e.g. urgency, proximity, dormancy, manageability, controllability, detectability, connectivity, strategic impact, propinquity)


§  Data Representation Tools:


§  qualitative risk assessment matrix (format described in the Risk Management Plan)


§  hierarchical-type charts


§  the risk register is updated along the following processes: Perform Qualitative Risk Analysis, Perform Quantitative Analysis, Plan Risk Responses and Monitor & Control Risks




Perform Quantitative Risk Analysis


§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA


§  Tools & Techniques: Expert Judgement, Data Gathering, Interpersonal and Team Skills, Representation of Uncertainty, Data Analysis


§  Outputs: Project Document Updates


§  the cost, schedule and risk management plan contains guidelines on how to quantitatively analyze risks


§  involves mathematical modelling for forecasts and trend analysis


§  Representation of Uncertainty (probability distribution) reflects the risks as a probability distribution, which can be in the following distribution types:


§  Triangular


§  Normal (bell-shaped curve)


§  Lognormal


§  Beta


§  Uniform


§  Discrete


§  Data Analysis Techniques:


§  sensitivity analysis (using the tornado diagram as presentation) for determining the risks that have the most impact on the project


§  Failure Modes Effects Analysis (FMEA)


§  FMEA for manufactured product or where risk may be undetectable, Risk Priority Number (RPN) = severity (1-10) x occurrence ([0.07%] 1-10 [20%]) X detectability (1-10 [undetectable]), also a non-proprietary approach for risk management


§  Expected Value / Expected Monetary Value (EMV), probability x impact (cost/effort lost), opportunities (+ve values), threats (-ve values)


§  Simulations/Monte Carlo Analysis – by running simulations many times over in order to calculate those same probabilities heuristically just like actually playing and recording your results in a real casino situation, ‘S’ curve (cumulative distribution) will result, may use PERT/triangular distribution to model data, may use thousands of data points (a random variable), for budget/schedule analysis


§  Decision Tree Analysis – another form of EMV, branching: decision squares (decision branch – options), circles (uncertainty branch – possible outcomes)


§  Influence Diagram – graphical representations of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes




Plan Risk Responses


§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA


§  Tools & Techniques: Expert Judgement, Data Gathering, Interpersonal and Team Skills, Strategies for Threats, Strategies for Opportunities, Contingent Response Strategies, Strategies for Overall Project Risks, Data Analysis, Decision Making


§  Outputs: Change Requests, Project Management Plan Updates, Project Document Updates


§  plan response to enhance opportunities and reduce threats


§  each risk is owned by a responsible person


§  the watch list is the list of low priority risks items in the risk register


§  fallback plan will be used if 1) risk response not effective, 2) accepted risk occurs


§  Negative Risk Strategies:


§  eliminate/avoid (not to use, extend the schedule)


§  transfer (outsource, warranty, insurance)


§  mitigate (reduce the risk of more testing/precautionary actions/redundancy)


§  accept (passive – do nothing or active – contingency)


§  escalate (escalates a risk to the appropriate party — can be deleted from the risk register or retain in the risk register with a remark)


§  Positive Risk Strategies:


§  exploit (ensure opportunity by using internal resources e.g. reduce cost/use of top talents/new tech)


§  share (contractor with specialized skills, joint venture)


§  enhance (increase likelihood / impact e.g. fast-tracking, add resources etc.)


§  accept


§  passive risk acceptance to be dealt with when the risk occurs


§  Strategies for Overall Project Risk


§  the PM needs to address the overall project risks with one of the following strategies:


§  Avoid


§  Exploit


§  Mitigate/Enhance


§  Accept


§  Contingency Plan (contingent response strategies) (plan A) are developed for specific risk (when you have accepted a risk) with certain triggers vs Fallback Plan (plan B)


§  Residual Risks – risks remain after the risk response strategy was implemented, may be identified in the planning process (may subject to contingency/fallback planning) They don’t need any further analysis because you have already planned the complete response strategy you know in dealing with the risk that came before them.


§  Secondary Risks –  risk arises when the risk response strategy was implemented


§  Reserve Types


§  Contingency Reserve: known unknowns (determined risk), part of cost baseline


§  Management Reserve: unknown unknowns (discovery risk), part of project budget


§  The Risk Register is now completed with: risks and descriptions, triggers, response strategy, persons responsible, results from qualitative and quantitative analysis, residual and secondary risks, contingency and fallback, risk budget/time




Implement Risk Responses (new in PMBOK® Guide 6th Edition)


§  Inputs: Project Management Plan, Project Documents, OPA


§  Tools & Techniques: Expert Judgement, Interpersonal and Team Skills, Project Management Information System


§  Outputs: Change Requests, Project Document Updates


§  in the Executing process group


§  implementing risk responses is the responsibilities of the risk owners


§  to ensure that agreed upon risk responses (as from the Plan Risk Response process) are executed as planned to


§  address overall project risk exposure


§  minimize individual project threats


§  maximize individual project opportunities


§  the Project Management Information System provides the information to allow agreed-upon risk response plans and associated activities to be executed alongside other project activities




Control Risks


§  Inputs: Project Management Plan, Project Documents, Agreements, Work Performance Data, Work Performance Reports


§  Tools & Techniques: Data Analysis, Audits, Meetings


§  Outputs: Work Performance Information, Change Requests, Project Management Plan Updates, Project Document Updates, OPA Updates


§  when all the above risk planning processes have been performed with due diligence, the project is said to have a low-risk profile


§  responsibilities include:


§  to check if assumptions are still valid, procedures are being followed and any deviance


§  to identify new risks and evaluate effectiveness of risk response plan


§  any need to adjust contingency and management reserves


§  to re-assess the individual risk response strategies to see if they are effective


§  risk audits deal with the effectiveness of risk response and the risk management process


§  risk audits are usually performed by experts outside project team for the whole risk management process


§  Data Analysis Techniques:


§  reserve analysis – apply only to the specific risks of the project for which they were set aside


§  technical performance analysis


§  workaround: when no contingency plan exists, executed on-the-fly to address unplanned events – still need to pass through normal change control if change requests are needed


§  determine the workaround is performed in control risks


Share your love

Leave a Reply

Your email address will not be published. Required fields are marked *