RISK is any uncertain event (fire, flood) or condition (unavailability of resources) that might affect your project by changing the outcome of your project activity. Not all risks are negative, so they are called opportunities - for example, lower prices.
Dealing with risk: Avoid - To completely prevent a risk from happening Transfer - To pay someone else to accept the risk for you - usually via insurance Mitigate - Taking steps to reduce the damage to your project - for example, breaking your fall by placing an object below the cliff Accept - You let the risk happen when the above 3 options are not possible. You understand the impact and are willing to let it happen
PLAN RISK MANAGEMENT TOOLS & TECHNIQUESWhat Tools do you need to accomplish this?You plan for risks from the beginning and keep coming back to it throughout the course of your project to update the risk register. You do this by Planning Meetings & Analysing the results of the meetingsTechniques: Analytical Techniques Expert Judgment Meetings
PLAN RISK MANAGEMENT INPUTSWhat you need to plan for risks? Organizational Process Assets - Standard templates, roles and responsibilities, risk categories, may be associated with risk planning in the organization. You would need to bring these people on board Enterprise Environmental Factors - What is the company's general attitude towards risk? Are staff a bunch of risk takers or not? Project Management Plan - Contains details of how you will manage risks (The risk management plan is also a component of the project management plan) Project Charter - This will guide you in determining the risks that will affect your project (high-level risks, high-level project descriptions, and high-level requirements) Stakeholder Register
PLAN RISK MANAGEMENT OUTPUTWhat is the result of this planning?Only one output here: Risk Management PlanTells how: To manage risks on the project You will assess risks and who is responsible Often you will plan for risks May Contain: Categories for grouping risks Risk Breakdown Structure for managing categories - Like a WBS. You use an RBS to organize your risk categories even before you start identifying them. Then you decompose the categories into individual risks as part of RISK IDENTIFICATION Guidelines for assessing the impact of a risk, for example, how do you determine how to categorise a risk as low impact or very high impact? Guidelines for assessing the probability of a risk, for example, how do you determine how likely some risks are? Roles and responsibilities. Timing Budgeting: establishes protocols for application of contingency and management reserves. Methodology
Processes Involved in Risk Management1. Plan Risk ManagementAll about Planning for risks at the start of the project to ensure that you can deal with them when they do happen.You define how to conduct risk management activities for a project.2. Identify RisksGathering the team together and coming up with a list of all the possible risks and documenting their characteristics - save your analysis till later.Identify risks is an iterative process3. Perform Qualitative Risk AnalysisYou assign a probability and impact to each risk based on your subjective assessment, as a way of prioritizing the risk4. Perform Quantitative Risk AnalysisHere, you're backing up your qualitative assessment with hard factsYou use numbers to identify the effect of identified risks on project objectives5. Plan Risk ResponsesHere, you decide how to respond to each risk - are you going to avoid, mitigate, transfer or accept the risk?At this point, you should be able to inform the Change Control Board what your risk responses are. 6. Control RisksRisk responses are treated just like changes. You monitor the project at every status meeting to see how the risks are affecting it.Involves implementing risk response plans, tracking risks, monitoring residual risks, identifying new risks and evaluating risk process effectiveness throughout the project
IDENTIFY RISKS INPUTSWhat you need to identify risks? Organizational Process Assets - Examine lessons learnt from past projects to identify what could go wrong this time Enterprise Environmental Factors - What are the factors around you that could lead to risks? Published information, including commercial databases, benchmarking, industry studies, etc Scope Baseline- This will guide you in determining the risks that will affect your project. Project assumptions are found in the project scope statement. Uncertainty in project assumptions should be evaluated as potential causes of project risk. Risk Management Plan Cost Management Plan Schedule Management Plan - Provides a baseline of quality measures and metricsfor use in identifying risks. Quality Management Plan Human Resource Management Plan Activity Cost Estimates Activity Duration Estimates Stakeholder register Project documents Procurement documents
IDENTIFY RISKS OUTPUTOnly one output here: Risk RegisterIt's a list of all the risks and initial ideas on how you will respond to them as well as their root causes.
IDENTIFY RISKS TOOLS & TECHNIQUESWhat Tools do you need to accomplish this? You need a risk register for documenting all your risks. You would use the Risk Register to record all the risks RISK IDENTIFICATION TECHNIQUES Information Gathering Techniques Brainstorming Interviews Delphi Technique - send questionnaires to experts and compile the responses without saying who suggested what; then send back the responses to the same experts for analysis. Experts supply their opinions of risks anonymously without the chance of influencing one another Interviews Root Cause Analysis Other Techniques Documentation Reviews Assumptions Analysis Checklist Analysis : Using a checklist that you designed to help you find risks. Examples of stuff on the checklist include: document you need to review, people you need to talk to, etc Diagramming Techniques - Ishikawa Diagram/Fishbone Diagram, Process Flow Charts, Influence Diagrams SWOT Analysis Expert Judgment
Typical Sources of Risk You can’t always depend on all promised resources Assumptions made for the sake of coming up with an estimate Activities on the critical path, if they go wrong, will delay the project Look outside - examine regulations, law, prices, etc
PERFORM QUALITATIVE RISK ANALYSIS INPUTS Organizational Process Assets - A great way to find out the probability of a risk. Has it happened before? Scope Baseline - Does the scope of the project involve new technology or is the project very complex? These qualities will help you determine the probability of a risk occurring Risk Register - Contains all the risks you need to analyze Risk Management Plan - All the stuff on risk categories and definitions will come in handy here Enterprise Environmental Factors
PERFORM QUALITATIVE RISK ANALYSIS OUTPUTThe only output here is an updated risk register, because now you have more information on the probability and impact of each riskOutput: Project Documents Updates (Risk Register)
PERFORM QUALITATIVE RISK ANALYSIS STUFFTools & Techniques Risk data quality assessment: Making sure the information you are using for your risk assessment is accurate Risk urgency assessment: Finding out how soon you need to take care of a risk Risk Probability and Impact assessment: What is the probability that a risk will occur? what is the cost if it does? Probability and impact matrix which indicates the ones that should be focused on ASAP Risk Categorization: Grouping risks so that you can design a better strategy for managing them - you can group by project phase or by the source of the risk Expert Judgment
WATCHLIST contains a list of risks you don't want to forget about but which you need to monitor closely. You just check it from time to time to keep an eye on things.TRIGGERS are the conditions that cause a risk
PERFORM QUANTITATIVE RISK ANALYSIS INPUTS Organizational Process Assets - A great way to find out the probability of a risk. Has it happened before? Risk Register - Contains all the risks you need to analyze and the updated results from the qualitative assessment Risk Management Plan - How will you analyze risk? Cost Management Plan Schedule Management Plan Enterprise Environmental Factors
PERFORM QUANTITATIVE RISK ANALYSIS STUFFTools & Techniques What goes on in here? Gathering & Representing Data: Interview, probability distribution & expert judgement (experts in statistics and risk analysis) Analyze Risks: Sensitivity Analysis: here, you look at the effect of one variable in isolation - a tornado diagram depicts this. Expected Monetary Value Analysis: A type of this is the Decision Tree Analysis which helps you to figure out how much the risks will cost your project. Modeling and distribution: Running project risks through modelling programs, for example Monte Carlo analysis, which allows you to model random data using software.
You should be able to calculate EMV based on a decision tree for the examRemember that risks (costs) are negative numbers while opportunities (savings) are positive numbers and you will do well
PERFORM QUANTITATIVE RISK ANALYSIS OUTPUTThe only output here is an updated risk register, because now you have more information on the probability and impact of each riskOutput: Project Documents Updates (Risk Register)
The main output of all risk management planning processes is an updated risk register Qualitative and Quantitative analysis are all about ranking risks based on their impact Qualitative analysis is where you take the categories in your risk plan and assign them to each of the risks Quantitative analysis focuses on gathering numbers to help evaluate risks and make decisions about how best to handle them Decision Tree adds up all the costs of a decision to see the value of the risk responses All the processes in this KA are in the planning process group - you would typically plan for risks before you start executing! An unplanned event on your project is no longer a risk but a problem that needs to be solved
PLAN RISK RESPONSES INPUTSRisk Register - Contains all the risks that require a responseRisk Management Plan - Contains who is responsible for what and guidelines for setting risk priorities
PLAN RISK RESPONSE TOOLS & TECHNIQUES1. The strategies for handling negative and positive risks are the tools and techniques for the Risk Response Planning processPositive Risks:Exploit - You take steps to take advantage of an opportunityShare - You call in another company or individual to share the benefits with youEnhance - You make the opportunity more likely to occur by influencing its triggersAccept - No need to do anything extra. Just accept the opportunity!Negative Risks: Avoid - To completely prevent a risk from happening Transfer - To pay someone else to accept the risk for you - usually via insurance Mitigate - Taking steps to reduce the damage to your project - for example, breaking your fall by placing an object below the cliff Accept - You let the risk happen when the above 3 options are not possible. You understand the impact and are willing to let it happen 2. Contingent Response Strategies: Some responses are designed for use only if certain events occur. For some risks, it is appropriate for the project team to make a response plan that will only be executed under certain predefined conditions3. Expert Judgment
PLAN RISK RESPONSES STUFFWhat Else Goes on Here?Secondary Risks - these are risks that come from a response to another risk.Residual Risks - these are risks that remain after the risk response has been implemented
PLAN RISK RESPONSES OUTPUTSProject Management Plan Updates - So that Integrated Change Control can include the risk responsesProject Documents Updates - Contract (Sometimes, you need to change the contract to account for risks), Updated Risk Register (All the risk responses need to be added to the risk register), Change Requests for resources, activities, estimates, etc, Assumptions Log Updates
RISK MANAGEMENT is not only about what can go wrong - it's also about what can go right. You think about all these things and how you will deal with them if and when they do happen
CONTROL RISKS INPUTS Risk Register - Contains all the risks that require a response Project Management Plan - You compare all actual data to the plan using the Risk Register and the PM PlanWork Performance Reports - Status reports and other work outputs can be reviewed to see if new risks are Work Performance Reports - Status reports and other work outputs can be reviewed to see if new risks are developing. Work Performance Data - Deliverable Status, Schedule progress, costs incurred
CONTROL RISKS STUFFWhat Else Goes on Here?Some Tools & Techniques to use: Risk Reassessment - Keep assessing risks to see if anything has changed. The main goal is to find any new risks that may have come up and see if previously identified risks are still valid Variance and Trend Analysis - Comparing Actual to Planned is a great way to see if something is going wrong. Look for any variance in defects, schedule and cost to help you identify risks that may have cropped up Reserve Analysis - Keeping tabs on the money you have set aside for risk response - Also known as a contingency reserve. Running low on this means that you may not have enough funds to cover the remaining risks. While the Management Reserve is for managing unknown unknowns, the contingency reserve is for known unknowns Risk Audits - An outside party comes in to take a look at your risk response strategy and how effective they are. They check to see that your response addresses the root cause. They will also how look at how effective your risk planning processes are. Technical Performance Measurement - Checking the performance information of your project to see if it measured up to plan. Status Meetings - Every status meeting must review risks. They can help to: head off problems, initiate a risk response on time and identify an opportunity that needs to be exploited. The people on ground will be better off at identifying risks because they are the ones doing the job.
CONTROL RISKS OUTPUTS Change Requests (Recommended Corrective Actions and Recommended Preventive Actions) Project Documents Updates (Risk Register) Work Performance Information Project Management Plan Updates Organizational Process Assets Updates
RISK ATTITUDES of both the organization and the stakeholders may be influenced by 3 factors:Risk appetite - the degree of uncertainty an entity is willing to take on in anticipation of a rewardRisk tolerance - the degree, amount, or volume of risk that an organization or individual will withstand.Risk threshold - Below that risk threshold, the organization will accept the risk. Above that risk threshold, the organization will not tolerate the risk.
COLOUR CODES Text explaining the different KAs have been coloured differently Any text in red implies the need for more research Feel free to add questions, comments and any extra information on this KA
Exam Bullet Points
1.Plan Risk Management 2. Identify Risks
3. Perform Qualitative RA 4. Perform Quantitative RA
5. Plan Risk Response 6. Control Risks