Education Edge PMP Prep Course Office Read Risk Knowledge Area

 

Project Risk Management

 

 

 

§  Project Risk Management is involved in risk identification, management and response strategy impacts every area of the project management lifecycle

 

§  risk = uncertainty

 

§  risk management= increase the probability of project success by minimizing/eliminating negative risks (threats) and increasing positive events (opportunities)

 

§  everyone is responsible for identifying risks for the project

 

§  risk has one or more causes and has one or more impacts

 

§  risk attitudes (EEF): risk appetite (willingness to take risks for rewards), tolerance for risk (risk tolerant or risk-averse), risk threshold (level beyond which the organization refuses to tolerate risks and may change its response)

 

§  pure (insurable) risk vs business risk (can be +ve or -ve)

 

§  known risks that cannot be dealt with proactively (active acceptance) should be assigned a contingency reserve or if the known risks cannot be analyzed, just wait for its happening and implement the workaround (which is considered passive acceptance)
Plan Risk Management

 

§  Inputs: Project Charter, Project Management Plan, Project Documents, EEF, OPA

 

§  Tools & Techniques: Expert Judgement, Data Analysis, Meetings

 

§  Outputs: Risk Management Plan

 

§  The Plan Risk Management process is involved in defining and providing resources and time to perform risk management.

 

§  including methodology, roles and responsibilities, budget, timing (when and how often), risk categories (e.g. risk breakdown structure RBS), definitions, stakeholder tolerances (an EEF), reporting and tracking

 

§  performed at project initiation and early in the Planning process

 

§  failure to address risks early on can ultimately be more costly later on in the project

 

§  Data Analysis techniques include stakeholder risk profile analysis (using the stakeholder register), strategic risk scoring sheets, etc.

 

§  risk breakdown structure (RBS) (included in the PM Plan) – risks grouped by categories and occurring areas

 

§  key risk categories:

 

§  scope creep

 

§  inherent schedule flaws

 

§  employee turnover

 

§  specification breakdown (conflicts in deliverable specifications)

 

§  poor productivity

 

 

 

Identify Risks

 

§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA

 

§  Tools & Techniques: Expert Judgement, Data Gathering, Data Analysis, Interpersonal and Team Skills, Prompt Lists, Meetings

 

§  Outputs: Risk Register, Risk Report, Project Document Updates

 

§  to find out and document all risks affecting the project from all aspects of the project, including:

 

§  agreements/contracts within/outside of the organization

 

§  procurements

 

§  requirements, schedule, cost, resource, quality, scope, etc. from the project management plan

 

§  Data Gathering Techniques: brainstorming, checklists, interviews, Delphi technique [a panel of independent experts, maintain anonymity, use questionnaire, encourage open critique],

 

§  Data Analysis Techniques:

 

§  root cause analysis [performed after an event to gain understanding to prevent similar events from occurring], SWOT analysis, assumption and constraint analysis

 

§  root cause analysis: safety-based (prevent accidents), production-based, process-based (include business process), failure-based, systems-based (all above)

 

§  root cause analysis tools: FMEA, Pareto Analysis, Bayesian Inference (conditional probability), Ishikawa Diagrams, Kepner-Tregoe

 

§  Monte Carlo analysis can identify points of schedule risks

 

§  Prompt List

 

§  The prompt list (newly added in PMBOK® Guide 6th Edition) is a predetermined list of risk categories that are at the lowest level of the risk breakdown structure which is used to assist in identifying risks of the projects

 

§  examples of prompt lists:

 

§  PESTLE (political, economic, social, technological, legal, environmental)

 

§  TECOP (technical, environmental, commercial, operations, political)

 

§  VUCA (volatility, uncertainty, complexity, ambiguity)

 

§  Risk Register (typically not including the risk reserve)

 

§  The Risk Register may include a risk statement

 

§  any risk with a probability of >70% is an issue (to be dealt with proactively and recorded in the issue log)

 

§  The Risk Report (new in PMBOK® Guide 6th Edition) is a document used to present information (e.g. no. of identified threats and opportunities, distribution of risks across risk categories, metrics and trends) on overall project risk. It also includes a summary information on individual project risks.

 

 

 

Perform Qualitative Risk Analysis

 

§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA

 

§  Tools & Techniques: Expert Judgement, Data Gathering, Data Analysis, Interpersonal and Team Skills, Risk Categorization, Data Representation, Meetings

 

§  Outputs: Project Document Updates (e.g. Risk Register)

 

§  prioritizing risks for further analysis/action and identify high priority risks

 

§  risks requiring near-term responses are more urgent to address

 

§  need to identify bias and correct it (e.g. risk attitude of the stakeholders)

 

§  Data Analysis Techniques include:

 

§  Risk data quality assessment

 

§  Risk probability and impact assessment

 

§  Assessment of other risk parameters (e.g. urgency, proximity, dormancy, manageability, controllability, detectability, connectivity, strategic impact, propinquity)

 

§  Data Representation Tools:

 

§  qualitative risk assessment matrix (format described in the Risk Management Plan)

 

§  hierarchical-type charts

 

§  the risk register is updated along the following processes: Perform Qualitative Risk Analysis, Perform Quantitative Analysis, Plan Risk Responses and Monitor & Control Risks

 

 

 

Perform Quantitative Risk Analysis

 

§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA

 

§  Tools & Techniques: Expert Judgement, Data Gathering, Interpersonal and Team Skills, Representation of Uncertainty, Data Analysis

 

§  Outputs: Project Document Updates

 

§  the cost, schedule and risk management plan contains guidelines on how to quantitatively analyze risks

 

§  involves mathematical modelling for forecasts and trend analysis

 

§  Representation of Uncertainty (probability distribution) reflects the risks as a probability distribution, which can be in the following distribution types:

 

§  Triangular

 

§  Normal (bell-shaped curve)

 

§  Lognormal

 

§  Beta

 

§  Uniform

 

§  Discrete

 

§  Data Analysis Techniques:

 

§  sensitivity analysis (using the tornado diagram as presentation) for determining the risks that have the most impact on the project

 

§  Failure Modes Effects Analysis (FMEA)

 

§  FMEA for manufactured product or where risk may be undetectable, Risk Priority Number (RPN) = severity (1-10) x occurrence ([0.07%] 1-10 [20%]) X detectability (1-10 [undetectable]), also a non-proprietary approach for risk management

 

§  Expected Value / Expected Monetary Value (EMV), probability x impact (cost/effort lost), opportunities (+ve values), threats (-ve values)

 

§  Simulations/Monte Carlo Analysis – by running simulations many times over in order to calculate those same probabilities heuristically just like actually playing and recording your results in a real casino situation, ‘S’ curve (cumulative distribution) will result, may use PERT/triangular distribution to model data, may use thousands of data points (a random variable), for budget/schedule analysis

 

§  Decision Tree Analysis – another form of EMV, branching: decision squares (decision branch – options), circles (uncertainty branch – possible outcomes)

 

§  Influence Diagram – graphical representations of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes

 

 

 

Plan Risk Responses

 

§  Inputs: Project Management Plan, Project Documents, Agreements, Procurement Documentation, EEF, OPA

 

§  Tools & Techniques: Expert Judgement, Data Gathering, Interpersonal and Team Skills, Strategies for Threats, Strategies for Opportunities, Contingent Response Strategies, Strategies for Overall Project Risks, Data Analysis, Decision Making

 

§  Outputs: Change Requests, Project Management Plan Updates, Project Document Updates

 

§  plan response to enhance opportunities and reduce threats

 

§  each risk is owned by a responsible person

 

§  the watch list is the list of low priority risks items in the risk register

 

§  fallback plan will be used if 1) risk response not effective, 2) accepted risk occurs

 

§  Negative Risk Strategies:

 

§  eliminate/avoid (not to use, extend the schedule)

 

§  transfer (outsource, warranty, insurance)

 

§  mitigate (reduce the risk of more testing/precautionary actions/redundancy)

 

§  accept (passive – do nothing or active – contingency)

 

§  escalate (escalates a risk to the appropriate party — can be deleted from the risk register or retain in the risk register with a remark)

 

§  Positive Risk Strategies:

 

§  exploit (ensure opportunity by using internal resources e.g. reduce cost/use of top talents/new tech)

 

§  share (contractor with specialized skills, joint venture)

 

§  enhance (increase likelihood / impact e.g. fast-tracking, add resources etc.)

 

§  accept

 

§  passive risk acceptance to be dealt with when the risk occurs

 

§  Strategies for Overall Project Risk

 

§  the PM needs to address the overall project risks with one of the following strategies:

 

§  Avoid

 

§  Exploit

 

§  Mitigate/Enhance

 

§  Accept

 

§  Contingency Plan (contingent response strategies) (plan A) are developed for specific risk (when you have accepted a risk) with certain triggers vs Fallback Plan (plan B)

 

§  Residual Risks – risks remain after the risk response strategy was implemented, may be identified in the planning process (may subject to contingency/fallback planning) They don’t need any further analysis because you have already planned the complete response strategy you know in dealing with the risk that came before them.

 

§  Secondary Risks –  risk arises when the risk response strategy was implemented

 

§  Reserve Types

 

§  Contingency Reserve: known unknowns (determined risk), part of cost baseline

 

§  Management Reserve: unknown unknowns (discovery risk), part of project budget

 

§  The Risk Register is now completed with: risks and descriptions, triggers, response strategy, persons responsible, results from qualitative and quantitative analysis, residual and secondary risks, contingency and fallback, risk budget/time

 

 

 

Implement Risk Responses (new in PMBOK® Guide 6th Edition)

 

§  Inputs: Project Management Plan, Project Documents, OPA

 

§  Tools & Techniques: Expert Judgement, Interpersonal and Team Skills, Project Management Information System

 

§  Outputs: Change Requests, Project Document Updates

 

§  in the Executing process group

 

§  implementing risk responses is the responsibilities of the risk owners

 

§  to ensure that agreed upon risk responses (as from the Plan Risk Response process) are executed as planned to

 

§  address overall project risk exposure

 

§  minimize individual project threats

 

§  maximize individual project opportunities

 

§  the Project Management Information System provides the information to allow agreed-upon risk response plans and associated activities to be executed alongside other project activities

 

 

 

Control Risks

 

§  Inputs: Project Management Plan, Project Documents, Agreements, Work Performance Data, Work Performance Reports

 

§  Tools & Techniques: Data Analysis, Audits, Meetings

 

§  Outputs: Work Performance Information, Change Requests, Project Management Plan Updates, Project Document Updates, OPA Updates

 

§  when all the above risk planning processes have been performed with due diligence, the project is said to have a low-risk profile

 

§  responsibilities include:

 

§  to check if assumptions are still valid, procedures are being followed and any deviance

 

§  to identify new risks and evaluate effectiveness of risk response plan

 

§  any need to adjust contingency and management reserves

 

§  to re-assess the individual risk response strategies to see if they are effective

 

§  risk audits deal with the effectiveness of risk response and the risk management process

 

§  risk audits are usually performed by experts outside project team for the whole risk management process

 

§  Data Analysis Techniques:

 

§  reserve analysis – apply only to the specific risks of the project for which they were set aside

 

§  technical performance analysis

 

§  workaround: when no contingency plan exists, executed on-the-fly to address unplanned events – still need to pass through normal change control if change requests are needed

 

§  determine the workaround is performed in control risks

 

 
Share your love

Leave a Reply

Your email address will not be published. Required fields are marked *