2. Risk Management
Chapter 11
“… increase the likelihood & impact of positive events & decrease the likelihood & impact of negative events in
the project.”
• “Risk is an uncertain event that if it occurs, has a positive or negative effect on 1 or more of the project
objectives of scope, schedule, cost & quality.”
• Planned Risk Response: Known risks that are identified & analyzed
• Contingency Reserve : Assigned for KNOWN risks that cannot be managed proactively
• Management Reserve : Assigned for UNKNOWN risks that cannot be managed proactively
• Positive risks = Opportunities
• Negative risks = Threats 90% of Threats can be eliminated => if occur are known as Issues
• Levels of Risks: Appetite, Tolerance, Threshold, Averse
Process Process Group Key Deliverables
11.1 Plan Risk Management Planning Risk Management Plan
11.2 Identify Risks Planning Risk Register
11.3 Perform Qualitative Risk Analysis Planning Project Documents updates
11.4 Perform Quantitative Risk Analysis Planning Project Documents updates
11.5 Plan Risk Responses Planning Project Management Plan updates
11.6 Implement Risks Responses Executing Change requests
11.7 Monitor Risks Monitoring & Controlling Change requests
3. Risk Management
Chapter 11
Organization’s Risk Attitude
How much overall project risk is the organization willing to accept?
Risk-averse
Risk-seeking
Risk-neutral
Risk Appetite Risk Tolerance Risk Threshold
Degree of risk the
organization is
willing to take on
Organization’s
readiness to bear
the risk
Organization’s chosen
level above or below
which a risk should be
addressed
4. Risk Management
Chapter 11
Plan Risk Management
Process 1 Key Points
“… process is vital to communicate with & obtain agreement & support from all stakeholders to ensure
risk mgmt process is supported & performed over the project life cycle.”
Risk Mgmt Plan: Methodology, Roles & responsibilities, Budget, Timing, Risk Categories, Definitions of
probability & impact (low to high/numerical), Stakeholder tolerances, Reporting & Tracking
Risk Categories aka Sources of Risks: external, internal (constraints), technical, unforeseeable (10%)
5. Risk Catergories
Risk Breakdown Structure (RBS)
Source: Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK® Guide)—Sixth Edition, Project Management Institute, Inc., 2017,
Figure 11-4, Page 406. Material from this publication has been reproduced with the permission of PMI.
Risk Management
Chapter 11Plan Risk Management
Process 1
6. Probability and Impact Matrix
Very Low
(10%)
Low
(30%)
Moderate
(50%)
High
(70%)
Very
High
(90%)
5% 9% 18% 36% 72%
4% 7% 14% 28% 56%
3% 5% 10% 20% 40%
2% 3% 6% 12% 24%
1% 1% 2% 4% 8%
Low
(10%)
Moderate
(20%)
High
(40%)
Very
High
(80%)
Very
High
(80%)
High
(40%)
Moderate
(20%)
Low
(10%)
Very
Low
(5%)
= Exploit, enhance, or share
= Use expert judgment
= Accept
Avoid, transfer, or mitigate =
Use expert judgment =
Accept =
Risks (Threats) Opportunities
56% 28% 14% 7% 4%
40% 20% 10% 5% 3%
24% 12% 6% 3% 2%
8% 4% 2% 1% 1%
72% 36% 18% 9% 5%
Probability
Impact
Very
Low
(5%)
Source: Adapted from Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK® Guide)—Sixth Edition, Project Management Institute, Inc., 2017,
Figure 11-5, Page 408. Material from this publication has been reproduced with the permission of PMI.
Risk Management
Chapter 11Plan Risk Management
Process 1
7. Risk Management Plan
Risk strategy
Methodology
Roles and responsibilities
Funding
Timing
Risk categories
Stakeholder risk appetite
Definitions of risk probability
and impacts
Probability and impact matrix
Reporting and tracking
Plan components:
Risk Management
Chapter 11Plan Risk Management
Process 1
8. Risk Management
Chapter 11Identify Risks
Process 2 Key Points
“… process of documenting existing risks & the knowledge & ability it provides the project team to
anticipate events.”
“… is an iterative process, because new risks may evolve or become known as the project progresses.”
Tools: Info Gathering (see Scope tools), Diagramming (see Quality tools), SWOT
Risk Register: lists of risks, potential responses, root causes & updates
9. Risk Register
Living document that includes:
All identified risks
Risk analysis results
Planned responses
Issues/response outcomes
Risk Management
Chapter 11Identify Risks
Process 2
10. Risk Management
Chapter 11
Perform Qualitative Risk Analysis
Process 3
Not all risks are created equal
Some are more likely than others.
Some are more urgent than others.
Some have a greater impact than others.
Ranking of
HIGH, MEDIUM, LOW
Project Risk Evaluators
11. Risk Management
Chapter 11
Key Points
“… process of prioritizing risks by assessing their probability of occurrence & impact… to reduce the
level of uncertainty & to focus on high-priority risks.”
Cost-Effective: way to quickly prioritize risks
Short-Listed Risks: those risks that have a high impact on project & warrant a response
Risk Urgency: those high impact risks that may occur soon and/or take a long time to plan a response
Risk Probability & Impact / Matrix: is Subjective, varies on the risk bias of the person doing the rating!!
Watch List: non-critical risks that are documented on the Risk Register & reviewed in Control Risks
Perform Qualitative Risk Analysis
Process 3
12. Risk Management
Chapter 11
Project Risk Evaluators
Perform Quantitative Risk Analysis
Process 4
Ranking of
NUMERICAL RATING
Numerical analysis of risks
Quantified according to their expected monetary value (EMV)
Reduces project uncertainty through better decision making
13. Risk Management
Chapter 11
Key Points
“… process of assigning a numerical priority rating to those risks prioritized in Qualitative Risk Analysis.”
Risk Assessment is Objective: each risk based on actual probability of occurring & the impact (amount at stake)
Risk Analysis Tools: Sensitivity/Tornado Diagram, Expected Money Value (EMV=PxI), Monte Carlo/Probability
Perform Quantitative Risk Analysis
Process 4
14. Risk Management
Chapter 11
Perform Quantitative Risk Analysis
Process 4
EMV = Probability × Impact
Expected Monetary Value (EMV)
Principal method for quantifying risk in a project
Example 1:
A risk with a 30 percent chance of occurring that could increase budgeted costs by US$100,000.
Example 2:
A corresponding opportunity with a 70 percent chance of decreasing budgeted costs by US$400,000.
EMVRisk = 0.3 × – $100,000 = – $30,000
EMVOpportunity = 0.7 × $400,000 = $280,000
Net EMV = –$30,000 + $280,000 = $250,000
15. Risk Management
Chapter 11
Qualitative Risk Analysis - Risk Probability & Impact Matrix
IMPACT
Quantitative Risk Analysis – Expected Money Value (EMV)
RISKS PROBABILITY IMPACT
High Winds 30% Cost $500 to replace equipment
Landslide 5% Lose $80,000 in damage costs
Wind generator is usable 20% Save $8,000 in battery costs
Truck rental unavailable 10% Cost $300 for last-minute rental
Wild animals eat rations 10% Costs $100 for replacements
Unseasonably warm weather 15% Saves $50,000 in excavation costs
RISKS PROBABILITY IMPACT
Landslide .1 .9
Winds .7 .9
No Truck .3 .7
Storms .5 .3
Supplies .1 .5
Illness .1 .1
Probability & Impact Matrix
.9 .09 .27 .45 .63 .69
.7 .07 .21 .35 .49 .63
.5 .05 .15 .25 .35 .45
.3 .03 .09 .15 .21 .27
.1 .01 .03 .05 .07 .09
.1 .3 .5 .7 .9
16. You are managing a facility renovation project. There is an 80
percent chance that supplier availability will cause a two-day delay
costing US$9,000. There is also a 30 percent chance that the price of
building materials will drop, which could save you US$15,000.
What is the project’s EMV?
A. –$7,200
B. –$2,700
C. $4,500
D. $11,700
Discussion Question
Answer: B
EMVRisk = 0.8 × –$9,000 = –$7,200
EMVOpportunity = 0.3 × $15,000 = $4,500
Net EMV = –$7,200 + $4,500 = –$2,700
Chapter 11, Topic 4
17. Tornado Diagram
Source: Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK® Guide)—Sixth Edition, Project Management Institute, Inc., 2017, Figure 11-14, Page 434. Material
from this publication has been reproduced with the permission of PMI.
Risk Management
Chapter 11
Perform Quantitative Risk Analysis
Process 4
18. Risk Management
Chapter 11
Key Points
“… process enhances opportunities & reduce threats by inserting resources & activities into the budget, schedule & project
management plan as needed.”
Tools:
Strategies for Negative Risks/Threats: Avoid or Mitigate (used for high priority/impact), Transfer, Accept (workarounds)
Strategies for Positive Risks/Opportunities: Exploit (take advantage), Enhance (influence triggers), Share, Accept
Outputs:
PMP Updates and Risk Register Updates: Residual Risks, Contingency Plans, Fallback Plans, Risk Owners, Secondary
Risks, Risk triggers, Contracts, Reserves (contingency)
* Management Reserves: generally are 5% of the project budget to cover Unknown Risks
Plan Risk Responses
Process 5
19. Response Strategies for Threats
•Higher-level authority accepts responsibility for risk/responseEscalate
•Eliminate threat by changing the plan.
•Isolate objectives from impact or change an objective in jeopardy.Avoid
•Third party knowingly accepts some or all of the risk/response.
•Usually requires a risk premium (e.g., insurance payments).Transfer
•Reduce probability and/or impact to within threshold limits.
•Respond early, before issue, for best effect.Mitigate
•Acknowledge the risk but do nothing because it has a low risk
rating or it has no viable or cost-effective response.Accept
Risk Management
Chapter 11Plan Risk Responses
Process 5
20. Response Strategies for Opportunities
Risk Management
Chapter 11Plan Risk Responses
Process 5
•Ensure that opportunity outside project scope is realized.
•Identify relevant higher-level authority and communicate details appropriately.Escalate
•Ensure that opportunity is realized by applying existing resources (e.g., available contingency
funds).
•Eliminate uncertainty and go for it.
Exploit
•Third party adds expertise to ensure that opportunity is realized for the benefit of the project.
•All parties can have a net gain, but rewards are shared.Share
•Increase probability and/or impact of opportunity by influencing root causes of
probability/impact (e.g., obtaining additional funding from management to increase current
and future capability/capacity).
Enhance
•Acknowledge the opportunity but do not actively pursue because it has a low rating or it has
no viable or cost-effective response.Accept
21. Which is not a valid way to respond to a threat?
A. Avoid
B. Exploit
C. Mitigate
D. Accept
Discussion Question
Answer: B
Exploit is a response strategy for handling opportunities, not
threats. It may be selected for risks with positive impacts,
where the organization wants to ensure that the opportunity
definitely happens.
Chapter 11, Topic 5
23. What is used to monitor low priority risks?
A. Delphi technique
B. Monte Carlo analysis
C. Watch list
D. Probability and impact matrix
Discussion Question
Answer: C
Risks with low ratings of probability and impact are
included in the risk register as part of the watch list for
future monitoring.
Chapter 11, Topic 5
24. Risk Management
Chapter 11
Key Points
“…implement agreed upon risk responses as planned to minimize project threats and maximize project
opportunities.”
Specific risk responses are executed as planned
Risk owner executes required action
Implement Risk Responses
Process 6
25. Risk Management
Chapter 11
Key Points
“… process of implementing risk response plans, tracking identified risks, monitoring residual risks &
identifying new risks throughout the project life cycle to continuously optimize risk response.”
Tools: Risk Audits (documented effectiveness of risk responses), Meetings (agenda item at status mtgs)
Monitor Risks
Process 7
26. Are assumptions still valid?
Have the risks become more or less probable?
Have the risks become more or less impactful?
Can any of the risks be retired?
Are there any new risks to be added?
Are the risk management policies and
procedures being followed?
Risk Management
Chapter 11Monitor Risks
Process 7
28. Meetings
Project risk management should be a regular
agenda item at project status meetings.
Status of risks and responses reviewed
and updated for
relevance and
priority level.
Risk Management
Chapter 11Monitor Risks
Process 7
29. Workarounds
– Unplanned corrective actions
– Address unknown risks
– Impromptu response
Retiring risks
– For risks no longer relevant
to the project
– Expired risks
– Related to events that have come to pass
Risk Management
Chapter 11Monitor Risks
Process 7
Risk Register Updates