2. 11. RISK MANAGEMENT: KEY CONCEPTS
According to the PMBOK® Guide, once a negative risk event occurs, it's considered an issue and is no longer a
risk.
Risk attitude consists of three elements:
Risk appetite is the level of uncertainty the stakeholders are willing to accept in exchange for the
potential positive impacts of the risk.
Risk tolerance is that balance where stakeholders are comfortable taking a risk because the known
benefits to be gained outweigh what could be lost—or just the opposite.
Risk thresholds are measures or levels of uncertainty or impact the organization is willing to operate
within.
Risk Trigger: An event, condition, or something that generate the occurrence of a risk. They are warning
signs or symptoms that a risk event is about to occur.
11. 11.1.4 PLAN RISK
MANAGEMENT:
QUESTIONS
What is the key input to the Plan Risk Management
process that contains high-level risks for a Project?
Which hierarchical structure defines the risk categories
may be sources of project risks?
Which matrix considers both the probability and the
impact of each risk so it can be scored for prioritization?
Where is the format and other details of the Risk Register
and the Risk Report defined?
16. 11.2.3 IDENTIFY RISKS: OUTPUTS
1. Risk Register
List of identified risks
Potential risk owners
List of potential responses
ID Risk Trigger Event Cause Impact Owner Response Plan
1 Infrastructure
team is not
available when
needed.
Predecessor
tasks not
completed
on time
Operating
System
Upgrade
delayed
Equipment
was not
delivered on
time
Schedule
delay
Brown Compress the
schedule by
beginning tasks in the
next milestone while
working on operating
system upgrade
18. 11.2.4
IDENTIFY
RISKS:
QUESTIONS
Name some of the tools and techniques used
in the Identify Risks process.
What are the 2 key outputs of the Identify
process?
SWOT stands for:
Which document has details about specific
identified in the Project?
21. 11.3.2 PERFORM
QUALITATIVE
RISK ANALYSIS:
TOOLS AND
TECHNIQUES
1. Expert Judgment
2. Data Gathering (Interviews)
3. Data Analysis
Risk Data Quality Assessment (accurate info)
Risk Probability Impact Assessment
Assessment of other Risk Parameters
22. 11.3.2 PERFORM
QUALITATIVE
RISK ANALYSIS:
TOOLS AND
TECHNIQUES
4. Interpersonal and Team Skills
Facilitation
5. Risk Categorization
6. Data Representation
Probability and Impact Matrix
Hierarchical Charts
7. Meetings
23. 11.3.2 PERFORM QUALITATIVE RISK ANALYSIS: TOOLS
AND TECHNIQUES
Probability & Impact Assessment (Example)
25. 11.3.4
PERFORM
QUALITATIVE
RISK
ANALYSIS:
QUESTIONS
The impact of a risk affects objectives such as scope,
cost, quality, and _______.
During which process is a risk owner assigned to
manage a risk?
Which technique ensures that risk information is
accurate and reliable?
Probability and impact priority levels are assessed
which tool?
32. 11.4.3 PERFORM QUANTITATIVE RISK
ANALYSIS: OUTPUTS
1. Project Documents Updates
Probabilistic analysis of the project.
Probability of achieving cost and time objectives.
Prioritized list of quantified risks.
Trends in quantitative risk analysis results.
33. 11.4.4
PERFORM
QUANTITATIVE
RISK
ANALYSIS:
QUESTIONS
Probability x Impact (quantified in $) = _________.
Monte Carlo is a ____________ technique.
____________ Analysis helps determine which risks have
the most potential impact or a project outcome.
EMV can be used to help make project decisions. This
analysis is called a __________.
36. 11.5.2 PLAN
RISK
RESPONSES:
TOOLS AND
TECHNIQUES
Expert Judgment
Data Gathering (Interviewing)
Interpersonal and Team Skills (Facilitation)
Strategies for Threats
Strategies for Opportunities
Contingent response strategies
37. 11.5.2 PLAN RISK RESPONSES: TOOLS
AND TECHNIQUES
Strategies for Threats
Escalate
Avoid.
Transfer.
Mitigate.
Accept.
Strategies for Opportunities
Escalate
Exploit.
Share.
Enhance.
Accept.
42. 11.5.4 PLAN
RISK
RESPONSES:
QUESTIONS
Avoid, Transfer, and Mitigate are part of
which group of risk response strategies?
Exploit, Share, and Enhance are part of
which group of risk response strategies?
A common strategy for both threats and
opportunities is:
Which types of reserves is used for
unknown-unknowns?
51. 11.7.3 MONITOR RISKS: OUTPUTS
1. Work Performance Information
2. Change Requests
3. Project Management Plan
Updates
4. Project Documents Updates
(Assumptions, Issues, Lessons,
Risk Register, Risk Report)
5. Organizational Process Assets
Updates
52. 11.7.4
MONITOR
RISKS:
QUESTIONS
Which technique assesses the
adequacy of reserves for taking care of
the remaining risks in the project?
Which analysis compares actual versus
planned technical accomplishments?
Which tool/technique examines the
effectiveness of the risk management
process?
54. Risk Mind Map
11.1
Plan Risk
Management
PMP
Project
Documents
- Exp. Judg.
- Data Analysis
- Meetings
Risk Mgmt.
Plan
Project Charter
11.2
Identify
Risks
Procurements
Documentation
Agreements
- Exp. Judg.
- Data Gathering
- Data Analysis
- ITS
- Prompt List
- Meetings
Risk Register
Risk Report
11.3
Perform
Qualitative
Risk
Analysis
- Exp. Judg.
- Data Gathering
- Data Analysis
- ITS
- Risk Categorization
- Data Representation
(P&I Matrix)
- Meetings
11.4
Perform
Quantitative
Risk
Analysis
- Exp. Judg.
- Data Gathering
- ITS
- Rep. of uncertainty
- Data Analysis
Decision Tree
Analysis (EMV)
11.5
Plan Risk
Responses
- Exp. Judg.
- Data Gathering
- ITS
- Strategies for threats
- Strategies for
opportunities
- Contingent Response
Strategies
- Strategies for overall
project risks
- Data Analysis
- Decision Making
Change
Requests
11.6
Implement
Risk
Responses
- Exp. Judg.
- ITS
- PMIS
Change
Requests
11.7
Monitor
Risks
WPD
- Data Analysis
- Audits
- Meetings
Change
Requests
WPI
WPR
Editor's Notes
Risks can have positive or negative impacts in projects.
Data Analysis in this case are understanding stakeholder risk appetites and tolerances, developing a method for scoring risks, and determining the risk exposure of the project.
Project Charter.
Risk Breakdown Structure (RBS).
Probability and Impact Matrix.
Risk Management Plan.
Prompt Lists: A prompt list is a predetermined list of risk categories that might give rise to individual project risks and that could also act as sources of overall project risk. The prompt list can be used as a framework to aid the project team in idea generation when using risk identification techniques. The risk categories in the lowest level of the risk breakdown structure can be used as a prompt list for individual project risks. Some common strategic frameworks are more suitable for identifying sources of overall project risk, for example PESTLE (political, economic, social, technological, legal, environmental), TECOP (technical, environmental, commercial, operational, political), or VUCA (volatility, uncertainty, complexity, ambiguity).
Brainstorming, Checklists, Interviews, RCA, AC Analysis, SWOT Analysis, Document Analysis, Prompt Lists, Meetings.
Risk Register, and Risk Report.
Strengths, Weaknesses, Opportunities, and Threats.
Risk Register.
Risk probability assessment investigates the likelihood that each specific risk will occur. Probability and impact are assessed for each identified risk.
Risk data quality assessment is a technique to evaluate the degree to which the data about risks is useful for risk management. It involves examining the degree to which the risk is understood and the accuracy, quality, reliability, and integrity of the data about the risk.
Time/Schedule.
Perform Qualitative Risk Analysis.
Risk Data Quality Assessment.
Probability & Impact Matrix.
Expected Monetary Value (EMV)
Simulation.
Sensitivity.
Decision Tree Analysis.
Strategies for Threats.
Strategies for Opportunities.
Accept or Escalate
Management Reserves.
Risk Owner.
Risk Register.
Control Risks often results in identification of new risks, reassessment of current risks, and the closing of risks that are outdated.
Risk audits examine and document the effectiveness of risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.
Technical performance measurement compares technical accomplishments during project execution to the schedule of technical achievement.
Reserve Analysis, throughout execution of the project, some risks may occur with positive or negative impacts on budget or schedule contingency reserves.