The Monitor Risks process involves monitoring risks throughout a project to determine if risk responses are effective, the level of overall project risk has changed, new risks have emerged, and project assumptions remain valid. It uses inputs like the risk management plan, risk register and work performance data, along with tools like data analysis and risk reviews. The key outputs are updated project documents and risk management plans, as well as change requests if risk response adjustments are needed.
2. Monitor Risks
Coincides with PMBOK 11.7
Process Group and Knowledge Area Mapping
Knowledge Areas Initiating Planning Process Group Executing Process Group Monitoring and Controlling Process Group Closing Process Group
4. Project Integration
Management
4.1 Develop Project Charter
4.2 Develop Project Management
Plan
4.3 Direct and Manage Project Work
4.4 Manage Project Knowledge
4.5 Monitor and Control Project Work
4.6 Perform Integrated Change Control
4.7 Close Project or Phase
5. Project Scope
Management
5.1 Plan Scope Management
5.2 Collect Requirements
5.3 Define Scope
5.4 Create WBS
5.5 Validate Scope
5.6 Control Scope
6. Project Schedule
Management
6.1 Plan Schedule Management
6.2 Define Activities
6.3 Sequence Activities
6.4 Estimate Activity Durations
6.5 Develop Schedule
6.6 Control Schedule
7. Project Cost Management
7.1 Plan Cost Management
7.2 Estimate Costs
7.3 Determine Budget
7.4 Control Costs
8. Project Quality
Management
8.1 Plan Quality Management 8.2 Manage Quality 8.3 Control Quality
9. Project Resource
Management
9.1 Plan Resource Management
9.2 Estimate Activity Resources
9.3 Acquire Resources
9.4 Develop Team
9.5 Manage Team
9.6 Control Resources
10. Project Communications
Management
10.1 Plan Communications
Management
10.2 Manage Communications 10.3 Monitor Communications
11. Project Risk
Management
11.1 Plan Risk Management
11.2 Identify Risks
11.3 Perform Qualitative Risk Analysis
11.4 Perform Quantitative Risk
Analysis
11.5 Plan Risk Responses
11.6 Implement Risk Responses 11.7 Monitor Risks
12. Project Procurement
Management
12.1 Plan Procurement Management 12.2 Conduct Procurements 12.3 Control Procurements
13. Project Stakeholder
Management
13.1 Identify Stakeholders 13.2 Plan Stakeholder Engagement
13.3 Manage Stakeholder
Engagement
13.4 Monitor Stakeholder Engagement
3. What is it?
Monitor Risks is the process of monitoring the implementation of
agreed-upon risk response plans, tracking identified risks, identifying
and analysing new risks, and evaluating risk process effectiveness
throughout the project.
Why?
The key benefit of this process is that it enables project decisions to
be based on current information about overall project risk exposure
and individual project risks.
Monitor Risks
Coincides with PMBOK 11.7
4. Monitor Risks
Coincides with PMBOK 11.7
Inputs Tools & Techniques Outputs
1. Project management plan
• Risk management plan
2. Project documents
• Issue Log
• Lessons learned register
• Risk register
• Risk report
3. Work performance data
4. Work performance report
1. Data Analysis
• Technical performance analysis
• Reserve analysis
2. Audits
3. Meetings
1. Work performance information
2. Change requests
3. Project management plan
updates
• Any component
4. Project documents updates
• Assumption log
• Issue log
• Lessons learned register
• Risk register
• Risk report
5. Organizational process assets
updates
Inputs, Tools & Techniques, Outputs
5. Monitor Risks
Coincides with PMBOK 11.7
11.7 Monitor
Risks
Project
Management
Plan
• Issue Log
• Lessons learned register
• Risk register
• Risk report
• Work performance reports
Project
Documents
• Change Requests
• Risk management plan
4.6 Perform
Integrated
Change Control
Project
Documents
• Assumption log
• Issue log
• Lessons learned register
• Risk register
• Risk report
4.5 Monitor and
Control Project
Work
• Work performance
information
Project
Management
Plan
Enterprise/Orga
nization • Organizational
process assets
• Any Component
4.3 Direct and
Manage Project
Work
4.5 Monitor and
Control Project
Work
• Work performance data
6. Overview
The Monitor Risks process uses performance information generated during project execution
to determine if:
• Implemented risk responses are effective
• Level of overall project risk has changed
• Status of identified individual project risks has changed
• New individual project risks have arisen
• Risk management approach is still appropriate
• Project assumptions are still valid
• Risk management policies and procedures are being followed
• Contingency reserves for cost or schedule require modification
• Project strategy is still valid
Coincides with PMBOK 11.7
Monitor Risks
7. Monitor Risks - Inputs
Coincides with PMBOK 11.7
Project Management Plan
• Project management plan components include but are not limited to
the risk management plan.
• The risk management plan provides guidance on how and when risks
should be reviewed, which policies and procedures should be
followed, the roles and responsibilities in the monitoring process, and
reporting formats.
8. Monitor Risks - Inputs
Coincides with PMBOK 11.7
Project Documents
Project documents that should be considered as inputs for this process include:
• Issue Log
• Lessons learned register
• Risk register
• Risk report
9. Coincides with PMBOK 11.7
Work Performance Data
Work performance data contains data on project status such as risk
responses that have been implemented, risks that have occurred, risks
that are active and those that have been closed out.
Monitor Risks - Inputs
10. Coincides with PMBOK 11.7
Work Performance Reports
Work performance reports provide information from performance
measurements that can be analysed to provide project work performance
information including variance analysis, earned value data, and forecasting
data. This information could be relevant when monitoring performance-related
risks.
Monitor Risks - Inputs
11. Monitor Risks - Tools & Techniques
Coincides with PMBOK 11.7
Data Analysis
Data analysis techniques that can be used for this process include:
• Technical performance analysis
• Reserve analysis
12. Monitor Risks - Tools & Techniques
Coincides with PMBOK 11.7
Audits
• Risk audits are a type of audit that may be used to consider the effectiveness of the
risk management process.
• The project manager is responsible for ensuring that risk audits are performed at an
appropriate frequency, as defined in the project’s risk management plan.
• Risk audits may be included during routine project review meetings or may form
part of a risk review meeting, or the team may choose to hold separate risk audit
meetings.
13. Monitor Risks - Tools & Techniques
Coincides with PMBOK 11.7
Meetings
Meetings that can be used during this process include, risk reviews. Risk reviews are
scheduled regularly and should examine and document the effectiveness of risk responses in
dealing with overall project risk and with identified individual project risks. Risk reviews may
also result in:
• Identification of new individual project risks
• Reassessment of current risks
• The closing of risks that are outdated
• Issues that have arisen as the result of risks that have occurred
• Identification of lessons to be learned for implementation in ongoing phases in the current
project or in similar projects in the future.
14. Monitor Risks - Outputs
Coincides with PMBOK 11.7
Work Performance Information
Work performance information includes information on how project risk
management is performing by comparing the individual risks that have
occurred with the expectation of how they would occur. This information
indicates the effectiveness of the response planning and response
implementation processes.
15. Monitor Risks - Outputs
Coincides with PMBOK 11.7
Change Requests
• The Monitor Risks process may result in a change request to the cost and
schedule baselines or other components of the project management plan.
• Change requests are processed for review and disposition through the
Perform Integrated Change Control process.
• Change requests can include recommended corrective and preventive
actions to address the current level of overall project risk or to address
individual project risks.
16. Monitor Risks - Outputs
Coincides with PMBOK 11.7
Project Management Plan Updates
Any change to the project management plan goes through the
organization’s change control process via a change request. This may
affect any component of the project management plan.
17. Monitor Risks - Outputs
Coincides with PMBOK 11.7
Project Document Updates
Project documents that may be updated as a result of carrying out this process
include:
• Assumption log
• Issue log
• Lessons learned register
• Risk register
• Risk report
18. Monitor Risks - Outputs
Coincides with PMBOK 11.7
Organizational Process Assets
Organizational process assets that are updated as a result of the Monitor Risks
process include but are not limited to:
• Templates for the risk management plan, risk register, and risk report
• Risk breakdown structure.
Editor's Notes
This process is performed throughout the project
Issue log - The issue log is used to see if any of the open issues have been updated and necessitate an update to the risk register.
Lessons learned register - Risk-related lessons from earlier in the project can be applied to later phases in the project.
Risk register - The risk register has key inputs that include identified individual project risks, risk owners, agreed-upon risk responses, and specific implementation actions
Risk report - The risk report includes an assessment of the current overall project risk exposure as well as the agreed-upon risk response strategy. It also describes the major individual risks with planned responses and risk owners.
Technical performance analysis - Technical performance analysis compares technical accomplishments during project execution to the schedule of technical achievement.
Reserve analysis - Reserve analysis compares the amount of the contingency reserves remaining to the amount of risk remaining at any time in the project in order to determine if the remaining reserve is adequate.
The format for the risk audit and its objectives should be clearly defined before the audit is conducted.
The risk review may be conducted as part of a periodic project status meeting or a dedicated risk review meeting may be held, as specified in the risk management plan.
Assumption log - During the Monitor Risks process, new assumptions may be made, new constraints may be identified, and existing assumptions or constraints may be revisited and changed. The assumption log is updated with this new information.
Issue log - Where issues are identified as part of the Monitor Risks process, these are recorded in the issue log.
Lessons learned register - The lessons learned register is updated with any risk-related lessons learned during risk reviews so these can be used on later phases of the project or in future projects.
Risk register - The risk register is updated with information on individual project risks generated during the Monitor Risks process.
Risk report - The risk report may also include details of the top individual project risks, agreed- upon responses and owners, and conclusions and recommendations. It may also include conclusions from risk audits on the effectiveness of the risk management process.