SlideShare a Scribd company logo

PM Notebook - Chapter 11: Risk Management

Mohammad Elsheimy, profile picture
Mohammad Elsheimy

This document provides an overview of key concepts in risk management for project management. It defines common terms like risk, risk tolerance, risk levels and sources. It also outlines the seven steps of the risk management process: 1) plan risk management, 2) identify risks, 3) analyze risks qualitatively, 4) analyze risks quantitatively, 5) plan risk responses, 6) implement responses, and 7) monitor risks. Quantitative analysis techniques are discussed like expected monetary value analysis and qualitative techniques like risk priority assessment. Response strategies and closing of risks are also covered.

Leadership & Management
1 of 19
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
PM Notebook Summarizing Project Management Concepts for the PMP Exam Mohammad Elsheimy Road to PMP
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | KEY TERMS DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 1 DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA/INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA/INFORMATION IS A PROPERTY OF THE AUTHOR. NONE IS INTENDED TO MAKE A PROFIT IN ANY WAY. THIS IS FOR PERSONAL USE ONLY.
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | KEY TERMS DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 2 No great man ever complains of want of opportunity. Ralph Waldo Emerson
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | KEY TERMS DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 3 Table of Contents Chapter 11 – Risk Management ........................................................................................................................... 4 Key Terms ............................................................................................................................................................... 4 Risk Appetite vs. Risk Tolerance ..................................................................................................................... 4 Risk Levels........................................................................................................................................................... 5 Risk Sources........................................................................................................................................................ 5 Processes................................................................................................................................................................ 6 1 – Plan Risk Management (Planning).......................................................................................................... 6 2 – Identify Risks (Planning) ............................................................................................................................. 7 3 – Perform Qualitative Risk Analysis (Planning).......................................................................................... 8 4 – Perform Quantitative Risk Analysis (Planning)....................................................................................... 9 5 – Plan Risk Responses (Planning) .............................................................................................................. 10 6 – Implement Risk Responses (Executing) ................................................................................................ 11 7 – Monitor Risks (Monitoring & Controlling) .............................................................................................. 12 Perspective Project Examination / Prompt Lists (Identification)................................................................ 13 Risk Parameter Assessment (Qualitative)....................................................................................................... 13 Sensitivity Analysis (Quantitative) .................................................................................................................... 14 Expected Monetary Value (Quantitative) .................................................................................................... 14 Risk Types.............................................................................................................................................................. 15 Event-Based Risks............................................................................................................................................ 15 Nonevent-Based Risks.................................................................................................................................... 15 Risk Response Strategies ................................................................................................................................... 16 Negative Risks (Threats)................................................................................................................................. 16 Positive Risks (Opportunities) ........................................................................................................................ 17 Contingent Response Strategy vs. Fallback Plan ........................................................................................ 17 Contingency Reserve vs. Management Reserve ........................................................................................ 17 Scales.................................................................................................................................................................... 18 Additional Terms ................................................................................................................................................. 18
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | KEY TERMS DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 4 Even the most carefully planned project can run into trouble. Key Terms Risk – Anything that might occur on your project and change the outcome of a project activity. It is not always bad.  Threat – Negative risk.  Opportunity – Positive risk. Events and conditions that can help your project. Risk Priority – Likelihood of a risk to occur (i.e. probability) and its projected impact. Risk Urgency – Time criticality of a risk to occur. Risk Severity – the combination of impact and probability. Trigger / Event / Early Warning Signs – An indicator that a risk event could occur. Risk Exposure – a quantified loss potential of business. Risk exposure is usually calculated by multiplying the probability of an incident occurring by its potential losses. Risk Efficiency – How quickly an organization identifies, analyzes, and create risk responses. Uncertainty – A lack of knowledge about an event that reduces confidence in conclusions drawn from the data. Risk Owner – The individual or entity who is responsible for monitoring and responding to an identified risk. Risk Appetite vs. Risk Tolerance Risk Appetite – the amount and type of risk that an organization is willing to take in order to meet their strategic objectives. Some organizations might be willing to take a high risk if the reward is high; others may want to play safe or go conservatively. An example is a sponsor who is willing to accept little risk to the schedule of the project. Risk Tolerance – It is the degree, amount, or volume of the risk that an organization or individual will withstand. Risk tolerance tells you how sensitive the organization or people are to risks. High tolerance means people are willing to take a high risk, and low tolerance means people are not
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | KEY TERMS DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 5 willing to take many risks. Tolerance is more specific than appetite. An example is a sponsor who is willing to accept schedule risk up to 1 days on the project.  The more important the project, the lower the stakeholder tolerance is. Risk Threshold – means the amount of risk that is acceptable to an organization. E.g. 14 days delay in the schedule. Risk Aversion / Utility Function – a way it express risk tolerance. It is the behavior of humans (especially consumers and investors), when exposed to uncertainty, in attempting to lower that uncertainty. Risk Averse – Someone who does not want to take risks. Risk Neutral – a person/or an organization which is indifferent to the risk. Risk Prone / Risk Seeker – Someone who is willing to take risks at high-level. Risk Levels Individual Project Risk – the risks that we identify in the project. Overall Project Risk – the effect of uncertainty on the project as a whole. It is the joint effect of all risks in the project and other sources of uncertainty. Risk Sources  The customer or customer’s customers.  Lack of project management effort.  Lack of knowledge of project management.  Suppliers.  Resistance to change.  Cultural differences.  Schedule, cost, quality, scope, and resources.  Customer/Stakeholder satisfaction.
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 6 Processes 1 – Plan Risk Management (Planning)  Created by PM, project team, key stakeholders, risk management team, and persons of authority.  Risks may be delegated to the project team or escalated to higher levels.  Define how key stakeholders will identify risks, analyze risks, create risk responses, and control risks.  Should include consideration of potential subcontracts based on capability and cost- savings.  Roles and responsibilities  Enterprises might have pre-defined approach to risk management.  Document costs of risk elements.  Assignment of risk responsibilities.  Risk probability and impact matrix definitions.  Resources and funds needed for the risk management plan.  Risk response planning procedures.  Risk management process should result in decreases to the project’s estimated time and cost.  Risk categories.  Due to uncertainty, risks are higher when the project starts and they decrease as the project moves further.  Risk impact (i.e. amount of stake) is lower when the project starts and it increases as the project moves further. Inputs 1. Project Charter 2. Project Management Plan 3. Project Documents  Stakeholder Register 4. OPAs 5. EEFs Tools 1. Data Analysis Techniques  Stakeholder Analysis 2. Expert Judgment 3. Meetings Outputs 1. Risk Management Plan  Risk Categories  Risk Breakdown Structure (RBS)  Methodology – Methods and approaches to identifying and handling risks.
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 7  Definitions of Probability and Impact  Roles and Responsibilities 2 – Identify Risks (Planning)  Ongoing activity throughout the project.  The most important thing to address in project team meetings.  Starts from the initiating phase. Project Charter lists high-level risks. Inputs 1. Project Management Plan  Risk Management Plan  Cost Management Plan  Schedule Management Plan  Quality Management Plan  Resource Management Plan 2. Project Documents  Scope Baseline  Cost Baseline – 1) Lists project assumptions that should be analyzed for risk. 2) Estimates that are aggressive or developed with a limited amount of information are even more likely to entail risk.  Schedule Baseline  Activity Cost Estimates  Activity Duration Estimates  Issue Log  Stakeholder Register  Resource Requirements 3. Procurement Documents 4. Agreements 5. OPAs 6. EEFs Tools 1. Data Gathering Techniques  Interviews – with SMEs, stakeholders, and other experts.  Brainstorming  Delphi Technique  Checklists – can be developed based on historical information and knowledge that has been accumulated from previous similar projects and from other sources of information. 2. Data Analysis Techniques  Root Cause Analysis (RCA) – Ishikawa diagram as an example. 3. Risk Identification Tools 4. Interpersonal/Team/Soft Skills 5. Documentation Review – An ongoing iterative activity that checks project plan, scope, project files, and other project documents for risks.
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 8 6. Expert Judgment 7. Assumptions Analysis –  Assumption Stability – Determines how reliable is the information that led to this assumption  Assumption Consequences  False Assumption Effect 8. Perspective Project Examination / Prompt Lists Outputs 1. Risk Register – Documents risk identification, status, progress, responses, trigger, outcomes, risk owner, WBS references, timing, deadlines, etc. 2. Risk Report – A report that shows the overall project risk. 3. Project Document Updates 3 – Perform Qualitative Risk Analysis (Planning)  Classifying into categories of likelihood (probability of occurrence) and impact, and then ranking according to priority.  Fast, and subjective approach to analysis.  Can be done as risks are identified.  You can use a cardinal or ordinal scale to indicate the seriousness of the risk.  The odds of project success increase the closer you get to the end of the project.  Imminent risks are usually higher urgency that distant risks.  High priority risks that require an immediate response are moved on through the risk process, low-priority risks are moved to the watchlist. Inputs 1. Project Management Plan  Risk Management Plan 2. Project Documents  Risk Register  Scope Baseline  Stakeholder Register 3. EEFs 4. OPAs Tools 1. Qualitative Tools  Risk Data Quality Assessment – Looking into the accuracy, reliability, quality and integrity of the data concerning the risk.  Risk Parameter Assessment  Risk Urgency Assessment – to identify those that have a high likelihood of happening sooner rather than later. It is combined with the risk ranking to give a final risk severity ranking.  Risk Categorization  Risk Probability and Impact Assessment
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 9  Risk Prioritization 2. Expert Judgment 3. Data Gathering Techniques 4. Data Analysis Techniques 5. Data Representation Techniques  Probability and Impact Matrix  Risk Acceptability Bubble Charts – Represent risks by their impact, probability, and proximity. Outputs 1. Project Document Updates  Risk Report  Risk Register – List of prioritized risks that will move forward into quantitative analysis. 2. Watchlist – A list of noncritical risks for later review during the Control Risks process. 4 – Perform Quantitative Risk Analysis (Planning)  Analyzing risks according to their impact to the project budget, schedule, or any other part of the project.  Determine cost and schedule reserves. Inputs 1. Project Management Plan  Risk Management Plan  Cost Management Plan  Schedule Management Plan 2. Project Documents  Cost Baseline  Risk Register  Cost Estimates  Cost Forecasts  Duration Estimates  Resource Requirements
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 10 3. EEFs 4. OPAs Tools 1. Data Gathering Techniques  Interviewing 2. Interpersonal/Team/Soft Skills 3. Data Representation Techniques  Probability Distribution (Curves( 4. Data Analysis Techniques  Simulations  Sensitivity Analysis / Tornado Diagram  Expected Monetary Value (EMV) Analysis  Modeling and Simulation / Monte Carlo Analysis 5. Expert Judgment Outputs 1. Project Document Updates  Risk Report  Risk Register 2. Initial amount of contingency time and cost reserves 5 – Plan Risk Responses (Planning)  Risk Response Strategies – are the approaches we can make to dealing with the risks we have identified and quantified.  Enhance opportunities.  Reduce or eliminate risks.  Document risk responses.  Tracks outcomes for lessons learned.  Multiple plan strategies can be selected for a single risk.  Analyzing cost of prevention vs. cost of responding is required.  Team, other stakeholders, and experts should be involved in selecting a strategy.  Risk response strategies must be communicated to management, stakeholders, and the sponsor. Inputs 1. Project Management Plan  Risk Management Plan  Resource Management Plan  Cost Baseline 2. Project Documents  Risk Register  Risk Report  Lessons Learned Register  Resource Calendars
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 11 3. EEFs 4. OPAs Tools 1. Risk Response Strategies 2. Contingent Response Strategies – Fallback plan or contingency plan. 3. Justifying Risk Reduction – Examination of the cost to eliminate the risk altogether in proportion to the probability and impact and the risk score. 4. Data Gathering Techniques 5. Data Analysis Techniques  Alternatives Analysis  Cost-Benefit Analysis 6. Decision-Making Techniques 7. Interpersonal/Team/Soft Skills 8. Expert Judgment Outputs 1. Project Management Plan Updates 2. Project Document Updates  Risk Register – residual and secondary risks must be documented and reviewed throughout the project.  Risk Report 3. Change Requests 4. Final Contingency and Fallback Plans 6 – Implement Risk Responses (Executing)  PM makes certain that the responses are carried out.  Risk owners empowered to do risk responses. Inputs 1. Project Management Plan  Risk Management Plan 2. Project Documents  Risk Register  Risk Report  Lessons Learned Register  Project Team Assignments 3. OPAs Tools 1. Expert Judgment 2. Interpersonal/Team Skills 3. Project Management Information System (PMIS)
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 12 Outputs 1. Change Requests 2. Project Document Updates 7 – Monitor Risks (Monitoring & Controlling)  Constantly monitor how your project is doing compared to your risk register.  Evaluate risk response effectiveness.  Review risk approach, assumption validity, risk management policy effectiveness, procedures followed, and project strategy validity.  Constantly look for the occurrence of risk triggers.  Monitor residual risks.  Collect and communicate risk status.  Revisit the watchlist.  Recommend corrective actions.  Use contingency reserves and adjust for approved changes.  Closing of risks that are no longer applicable. Associated risk reserve of closed risks must be returned to the company.  Workarounds – unplanned responses developed to deal with the occurrence of unanticipated events or problems on a project (or to deal with accepted risks.) Workarounds are commonly developed in monitor risks process. Inputs 1. Project Management Plan  Risk Management Plan 2. Project Documents  Risk Register  Risk Report  Issue Log 3. Work Performance Data 4. Work Performance Reports Tools 1. Data Analysis Techniques  Variance and Trend Analysis  Contingency Reserve Analysis – Checking how much reserve remains and how much might be needed.  Technical Performance Analysis – 1) Compares technical accomplishments to date to the project plan’s schedule of technical achievement. 2) Deviation can help to forecast the degree of success in achieving the project scope. 2. Risk Audits –
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PERSPECTIVE PROJECT EXAMINATION / PROMPT LISTS (IDENTIFICATION) DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 13  Task-by-task, risk-by-risk analysis. Involves examination and documentation of the effectiveness of responses in dealing with identified risks and their root causes in addition to the effectiveness of risk management plan.  More exhaustive and usually done by external party.  A schedule for implementing risk audits must be defined in the risk management plan.  A review is conducted by the team and should be scheduled regularly. 3. Risk Reassessment –  Ongoing activity aims to find any new risks that have come up.  Regularly scheduled. 4. Meetings Outputs 1. Work Performance Information 2. Change Requests 3. Project Management Plan Updates 4. Project Document Updates  Closing of risks  Workarounds 5. OPA Updates Perspective Project Examination / Prompt Lists (Identification) Prompt List – A predetermined list of risk categories that might give rise to individual project risk and that could also act as sources of overall project risk. SWOT – Strengths, Weaknesses, Opportunities, and Threats PEST/PESTEL – Political, Economic, Social, Technological, Legal and Environmental TECOP – Technical, Environmental, Commercial, Operational, and Political VUCA – Volatility, Uncertainty, Complexity, and Ambiguity Risk Parameter Assessment (Qualitative) Connectivity – Determines how connected a risk is to the other risks with the project. Controllability – Determines how easily the outcome of the risk event can be controlled. Detectability – Determines how easily the evidence of a risk’s occurrence be detected. Dormancy – Determines how long after the risk has occurred before its impact is noticed. Manageability – Determines how easily the risk be managed.
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | SENSITIVITY ANALYSIS (QUANTITATIVE) DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 14 Propinquity – Determines the risk perception by key stakeholders. Proximity – Determines how long before the risk will affect a project objective. Strategic Impact – Determines the size of impact the risk will have on the strategic goals. Urgency – Assessing the time criticality of a risk to occur using factors – 1. Time available 2. warning signs 3. risk rating score Sensitivity Analysis (Quantitative) Sensitivity Analysis is a study where we see the real impact/effect of one risk on the project goals. Usually it creates tornado diagram.  Examines each project risk on its own.  Goal is to determine which individual risks have the greatest impact.  Can examine how the risk affect the NPV, IRR, etc. Expected Monetary Value (Quantitative) Expected Monetary Value (EMV) Analysis lets you examine costs of all the paths you might take through the project and assign monetary value to each decision. Implies decision tree analysis.  Uses probability-impact matrix and risk exposure.  Results in contingency reserve estimates.  Performed during quantitative risk analysis and revised during risk response planning when calculating contingency reserves. Formula – 𝑬𝒙$𝑽 = ∑ 𝑽𝒊 𝑷𝒊 𝒏 𝒊=𝟏 Where – Vi = The monetary value of event i. Pi = Probability of occurrence of event i.
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | RISK TYPES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 15 Risk Types Event-Based Risks Normal Risks Business Risk – Might have positive outcome. Examples are stocks and investments. Pure / Insurable Risks – Risks that have only negative outcome. Examples are natural disasters, thefts, and fires. Residual Risks – Risks that are expected to remain after the planned response of risk has been taken, as well as those that have been accepted. Secondary Risks – Risks which arise as direct outcome of implementing a response for another risk. Nonevent-Based Risks Ambiguity Risks / Epistemic Uncertainty – Risks that have an uncertain, unclear nature, such as new laws or regulations, complexity of project, and the marketplace conditions. Emergent Risks / Ontological Uncertainty / Unknown Unknowns / Black Swans – They arise from limitations in our conceptual frameworks or world-view. These are risks which we are unable to see because they are outside our experience or mind set, so we don’t know that we should be looking for them.  Unknown-but-knowable unknowns – There are some uncertainties that we currently do not know, but which we could find out about. This is where the risk process can help. The aim is to expose those unknowns that could be known, so we can deal with them effectively.  Unknown-and-unknowable unknowns – These are much more difficult to deal with, since by definition we can never discover them unless and until they happen. They are genuine emergent risks, which we could not predict with even the best risk process.
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | RISK RESPONSE STRATEGIES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 16 Emergent risks can be handled by developing strong project resilience. Project Resilience / Bounce-back Ability – The awareness of unknowable-unknowns (risks that can be identified after they happen.) It is the art of noticing, interpreting, preparing, containing and recovering from risks. It can also defined as the capacity to maintain core purpose and integrity in the face of external or internal shock and change.  Right level of budget and schedule contingencies.  Flexible project processes.  Frequent reviews of early warning signs. Project scope or strategy can be adjusted as part of risk response. Variability Risks / Aleatoric Uncertainty – A type of risk based on the variations that may occur in the project, such as production, number of quality errors, the number of system trial days, exchange rates, and unseasonal weather conditions. Risk Response Strategies Negative Risks (Threats) Acceptance – For low-level risks or for risks that you have little control over (like weather) or when the cost to mitigate or avoid a risk is the same as negative consequences if the risk even occurs. Using the acceptance strategy means that the severity of the risk is lower than our risk tolerance level.  Active Acceptance – to make a plan for what to do when and if the risk occurs. Much more effective. o Involves the creation of contingency plans. o Implies a secondary risk – the wrong thing that can be done to solve the problem because its solution was not clearly thought out under pressure in the heat of the moment.  Passive Acceptance – leaves actions to be determined as needed (workarounds). It is when the cost of developing a plan and documenting it can be higher than the cost of dealing with the risk without preparation. The cost of developing a plan and documenting it can be higher than the cost of dealing with the risk without preparation. Please note that a decision to accept a risk must be communicated to stakeholders. Avoidance –  Eliminate the threat by eliminating the cause. An example is removing the work package or person.  Reducing the impact of a risk event by reducing the possibility of its occurrence.  Expanding the scope of the project to eliminate the cause. An example is adding additional level of testing to prevent the threat.
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | CONTINGENT RESPONSE STRATEGY VS. FALLBACK PLAN DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 17 Escalation – For risks out of PM’s ability to respond. Mitigation / Reduction –  Taking some sort of action to reduce the probability and impact of event.  May involve prototypes to reduce the risk of scaling up from a bench-scale model of a process or product. Transference / Procurement / Deflecting / Allocating – Make another party responsible for the risks by purchasing insurances or warranties or by outsourcing the work.  Insurance exchanges an unknown cost impact of a known risk for a known cost impact. For example, the cost impact of a risk of fire becomes known; it is the cost of the insurance.  Transferring a risk will leave some risk behind. For example, when outsourcing the other party might run into trouble or schedule delays. Positive Risks (Opportunities) Accepting Enhancing – Making the opportunity more probable by influencing its triggers. Escalating – For opportunities out of PM’s ability to respond. Exploiting – Make full use of the opportunity. Sharing – When it is hard to take the advantage on your own. Contingent Response Strategy vs. Fallback Plan Contingent Response Strategy – A planned and prepared response to an unplanned risk occurring. As with a fallback plan, the contingent response strategy is a critical communication tool to ensure that all team members know what actions to take when the specified risk event occurs. Fallback Plan – Developed in advance of a risk event occurring and is designed to be used when the primary risk response proves not to be effective. Think of the fallback plan as the Plan B. Contingency Reserve vs. Management Reserve Contingency Reserve – The kind of reserve for identified risks.  Included in cost and schedule baselines.  It may be percentage of the estimation, a fixed number, or may be developed by using quantitative analysis methods such as Monte Carlo simulation.
PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | SCALES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 18  Would be incorrect to start with a zero value for contingency reserve.  For known unknowns.  If risks do not occur, the associated time or cost reserves should be returned to the company, rather than used to address other issues on the project. Management Reserve – Company’s project reserve for unexpected, unplanned overruns or risks.  Not part of cost or schedule baselines.  Part of total cost budget.  PM needs management permission to use this reserve.  For unknown unknowns. Scales Cardinal Scales – A ranking approach to identify the probability and impact by using a numerical value, from 0.01 (very low) to 1.0 (certain). Ordinal Scales – A ranking approach that identifies and ranks the risks from very high to very unlikely or to some other value. Red, Amber, and Green (RAG) Rating – An ordinal scale that uses red, amber, and green to capture probability, impact and risk score. Additional Terms Fait Accompli – a thing that has already happened or been decided before those affected hear about it, leaving them with no option but to accept it.

More Related Content

PDF
PM Notebook - Chapter 13 - Stakeholder Management
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 12 - Procurement Management
Mohammad Elsheimy
 
PPTX
Analysis of risk and uncertainity
sooraj yadav
 
PDF
Investment analysis and portfolio management quantitative methods of investme...
Arif Hossain FCA
 
PDF
Portfolio Management in the pharmaceutical industry by Dr John Bennett, 10th ...
Association for Project Management
 
PPT
Measuring risk
GALAXY GLOBAL GROUP OF INSTITUTIONS
 
PDF
Risk Series i+a
Sebastían Alejandro Pérez Duque
 
PDF
EUCI Presentation
blnoeide
 
PM Notebook - Chapter 13 - Stakeholder Management
Mohammad Elsheimy
 
PM Notebook - Chapter 12 - Procurement Management
Mohammad Elsheimy
 
Analysis of risk and uncertainity
sooraj yadav
 
Investment analysis and portfolio management quantitative methods of investme...
Arif Hossain FCA
 
Portfolio Management in the pharmaceutical industry by Dr John Bennett, 10th ...
Association for Project Management
 
Measuring risk
GALAXY GLOBAL GROUP OF INSTITUTIONS
 
Risk Series i+a
Sebastían Alejandro Pérez Duque
 
EUCI Presentation
blnoeide
 

What's hot (19)

PDF
advanced financial management unit 1 notes
Acharya Institute of Graduate Studies
 
PPTX
The role of trust in the informal investor’s
Annapurna Sinha
 
PDF
Gmo case-final
Rohan Khandelwal
 
PPTX
Security analysis'
Daksh Bhatnagar
 
PPTX
Fundamental analysis
Bhargavi Bhanu
 
PPT
Bhavishya- Fundamental analysis
shivamantri
 
PDF
Uncertainty
Jan Zika
 
PDF
Capital Adequacy Stress Tests: Pre-Provision Net Revenue and Scenario Design
CRISIL Limited
 
PPTX
Pm 6
Kinshook Chaturvedi
 
DOCX
Fm assignment
Saira Arshad
 
PDF
Active portfolio management (note)
swingerxman
 
PPTX
Traditional methods of security analysis - Fundamental Analysis
Shreya Agnihotri
 
PPTX
Program Management of SSA's Data Center OMB 300 Program
Brian Bissett
 
PPTX
Ratio analysis
Atul Mumbarkar
 
PPTX
Fundamental and technical analysis (sapm)
Gaurav Kumar Rai
 
PPTX
Factors affecting the investors decision making
Assad Rifat
 
PDF
Capital budgeting and risk ii
Uzma Yzaii
 
PDF
Security analysis of selected stocks with referance to information technology...
Riya Jaju
 
PDF
My 1999 stress testing of credit risk
Mohammad Ibrahim Fheili
 
advanced financial management unit 1 notes
Acharya Institute of Graduate Studies
 
The role of trust in the informal investor’s
Annapurna Sinha
 
Gmo case-final
Rohan Khandelwal
 
Security analysis'
Daksh Bhatnagar
 
Fundamental analysis
Bhargavi Bhanu
 
Bhavishya- Fundamental analysis
shivamantri
 
Uncertainty
Jan Zika
 
Capital Adequacy Stress Tests: Pre-Provision Net Revenue and Scenario Design
CRISIL Limited
 
Pm 6
Kinshook Chaturvedi
 
Fm assignment
Saira Arshad
 
Active portfolio management (note)
swingerxman
 
Traditional methods of security analysis - Fundamental Analysis
Shreya Agnihotri
 
Program Management of SSA's Data Center OMB 300 Program
Brian Bissett
 
Ratio analysis
Atul Mumbarkar
 
Fundamental and technical analysis (sapm)
Gaurav Kumar Rai
 
Factors affecting the investors decision making
Assad Rifat
 
Capital budgeting and risk ii
Uzma Yzaii
 
Security analysis of selected stocks with referance to information technology...
Riya Jaju
 
My 1999 stress testing of credit risk
Mohammad Ibrahim Fheili
 
Ad

Similar to PM Notebook - Chapter 11: Risk Management (20)

DOC
A study of categorization of investors into different risk profles
Himanshu Singh
 
PDF
11 risk management
Waseem Siddique
 
DOCX
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
JeniceStuckeyoo
 
PDF
Project Risk Management
Kelvin Fredson
 
PDF
Ch_1_PRM.pdf
AronHailesellasieAbr
 
PDF
grant-craft_assessing_risk
Tom Trinley
 
PDF
5 Project Risk Identification Tools I Use & How You Can Use Them Too
SHAZEBALIKHAN1
 
PDF
Quantitative risk analysis in project management
Alexei Sidorenko, CRMP
 
PDF
Risk taking in SME's
Brian Stevens
 
PPTX
#Contract Risk Management Part - 2# by SN Panigrahi,
SN Panigrahi, PMP
 
PPT
Risk management in software engineering
deep sharma
 
PDF
Risk Management Primer
David S. Lipien, PMP, MCP
 
PDF
PM Notebook - Chapter 9: Resources Management
Mohammad Elsheimy
 
PPTX
A world in which all projects succeed - but not without risk management, pres...
Association for Project Management
 
PPT
Portfolio analysis
Bhargavi Bhanu
 
PPTX
Envc (1)
Daisy Rani
 
PDF
Strengths And Methods Of Risk Analysis And Risk Management
Nina Vazquez
 
DOCX
Report - Risk Management in Banks
Sharad Srivastava
 
PPS
Risk Appetite & Risk Tolerance: Improving their application from Abstract to ...
Eric Campbell
 
DOCX
Ten rules of project risk management
Tony
 
A study of categorization of investors into different risk profles
Himanshu Singh
 
11 risk management
Waseem Siddique
 
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
JeniceStuckeyoo
 
Project Risk Management
Kelvin Fredson
 
Ch_1_PRM.pdf
AronHailesellasieAbr
 
grant-craft_assessing_risk
Tom Trinley
 
5 Project Risk Identification Tools I Use & How You Can Use Them Too
SHAZEBALIKHAN1
 
Quantitative risk analysis in project management
Alexei Sidorenko, CRMP
 
Risk taking in SME's
Brian Stevens
 
#Contract Risk Management Part - 2# by SN Panigrahi,
SN Panigrahi, PMP
 
Risk management in software engineering
deep sharma
 
Risk Management Primer
David S. Lipien, PMP, MCP
 
PM Notebook - Chapter 9: Resources Management
Mohammad Elsheimy
 
A world in which all projects succeed - but not without risk management, pres...
Association for Project Management
 
Portfolio analysis
Bhargavi Bhanu
 
Envc (1)
Daisy Rani
 
Strengths And Methods Of Risk Analysis And Risk Management
Nina Vazquez
 
Report - Risk Management in Banks
Sharad Srivastava
 
Risk Appetite & Risk Tolerance: Improving their application from Abstract to ...
Eric Campbell
 
Ten rules of project risk management
Tony
 
Ad

More from Mohammad Elsheimy (20)

PDF
Mohammad Elsheimy - Solution Developer (CV)
Mohammad Elsheimy
 
PDF
PM Notebook
Mohammad Elsheimy
 
PDF
PM Notebook - Appendix H - Formula Sheet
Mohammad Elsheimy
 
PDF
PM Notebook - Appendix G - Interpersonal/Team/Soft Skills
Mohammad Elsheimy
 
PDF
PM Notebook - Appendix F - Forecasting Methods
Mohammad Elsheimy
 
PDF
PM Notebook - Appendix E - Estimating Techniques
Mohammad Elsheimy
 
PDF
PM Notebook - Appendix D - Decision-Making Techniques
Mohammad Elsheimy
 
PDF
PM Notebook - Appendix C - Data Representation Tools
Mohammad Elsheimy
 
PDF
PM Notebook - Appendix B - Data Gathering Techniques
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 14 - Professional and Social Responsibility
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 10: Communication Management
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 8: Quality Management
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 7 - Cost Management
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 6 - Schedule Management
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 5 - Scope Management
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 4: Integration Management
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 3: The Process Framework
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 2: Organizations
Mohammad Elsheimy
 
PDF
PM Notebook - Chapter 1: Introduction
Mohammad Elsheimy
 
PPTX
What's New in Silverlight 5
Mohammad Elsheimy
 
Mohammad Elsheimy - Solution Developer (CV)
Mohammad Elsheimy
 
PM Notebook
Mohammad Elsheimy
 
PM Notebook - Appendix H - Formula Sheet
Mohammad Elsheimy
 
PM Notebook - Appendix G - Interpersonal/Team/Soft Skills
Mohammad Elsheimy
 
PM Notebook - Appendix F - Forecasting Methods
Mohammad Elsheimy
 
PM Notebook - Appendix E - Estimating Techniques
Mohammad Elsheimy
 
PM Notebook - Appendix D - Decision-Making Techniques
Mohammad Elsheimy
 
PM Notebook - Appendix C - Data Representation Tools
Mohammad Elsheimy
 
PM Notebook - Appendix B - Data Gathering Techniques
Mohammad Elsheimy
 
PM Notebook - Chapter 14 - Professional and Social Responsibility
Mohammad Elsheimy
 
PM Notebook - Chapter 10: Communication Management
Mohammad Elsheimy
 
PM Notebook - Chapter 8: Quality Management
Mohammad Elsheimy
 
PM Notebook - Chapter 7 - Cost Management
Mohammad Elsheimy
 
PM Notebook - Chapter 6 - Schedule Management
Mohammad Elsheimy
 
PM Notebook - Chapter 5 - Scope Management
Mohammad Elsheimy
 
PM Notebook - Chapter 4: Integration Management
Mohammad Elsheimy
 
PM Notebook - Chapter 3: The Process Framework
Mohammad Elsheimy
 
PM Notebook - Chapter 2: Organizations
Mohammad Elsheimy
 
PM Notebook - Chapter 1: Introduction
Mohammad Elsheimy
 
What's New in Silverlight 5
Mohammad Elsheimy
 

Recently uploaded (20)

PPTX
Empowering Project Management Through Servant Leadership - PMI UK.pptx
PMIUKChapter
 
PPTX
Chapter Three for international political
argachewbochena1
 
PDF
MANAGEMENT LESSONS FROM ANCIENT KNOWLEDGE SYSTEM-ARTHASHASTRA AND THIRUKKURAL...
HARINIS967745
 
PPTX
Mangeroal Finance for Strategic Management
hossammorsy1984
 
PPTX
TCoE_IT_Concrete industry.why is it required
kishorbhole1
 
PPTX
Project Management Methods PERT-and-CPM.pptx
Prashanth259415
 
PPTX
Effective_communication._(strategy).pptx
neathrajayabalan224
 
PDF
Phillips model training for evaluation pdf
Akshathaa21
 
PDF
The Cyber SwarmShield by Stéphane Nappo
Dr. Ludmila Morozova-Buss
 
PPTX
Supervisory Styles and When to Use Them!
LoriJOrdan14
 
PPTX
Leadership for Industry 4.0 And Industry 5.0
neham262006
 
PPTX
Human resources management -job perception concept
jayasrikanagaraj0
 
PPT
Claims and Adjustment Business_Communication.pptx.ppt
gayathriselvamani569
 
PDF
CHAPTER 14 Manageement of Nursing Educational Institutions- planing and orga...
anu7thomas
 
PDF
CISSP Domain 5: Identity and Access Management (IAM)
VICTOR MAESTRE RAMIREZ
 
PDF
ORGANIZATIONAL communication -concepts and importance._20250806_112132_0000.pdf
preethijothivel2006
 
PDF
The-Power-of-Communication (1).pdf......
RoobaV2
 
PDF
Leveraging Intangible Assets Through Campus Entrepreneurship and Tech Transfer
David Teece
 
PDF
Contemporary management and it's content
SushmithaaSubramania
 
PPTX
Chapter One an overview of political economy
argachewbochena1
 
Empowering Project Management Through Servant Leadership - PMI UK.pptx
PMIUKChapter
 
Chapter Three for international political
argachewbochena1
 
MANAGEMENT LESSONS FROM ANCIENT KNOWLEDGE SYSTEM-ARTHASHASTRA AND THIRUKKURAL...
HARINIS967745
 
Mangeroal Finance for Strategic Management
hossammorsy1984
 
TCoE_IT_Concrete industry.why is it required
kishorbhole1
 
Project Management Methods PERT-and-CPM.pptx
Prashanth259415
 
Effective_communication._(strategy).pptx
neathrajayabalan224
 
Phillips model training for evaluation pdf
Akshathaa21
 
The Cyber SwarmShield by Stéphane Nappo
Dr. Ludmila Morozova-Buss
 
Supervisory Styles and When to Use Them!
LoriJOrdan14
 
Leadership for Industry 4.0 And Industry 5.0
neham262006
 
Human resources management -job perception concept
jayasrikanagaraj0
 
Claims and Adjustment Business_Communication.pptx.ppt
gayathriselvamani569
 
CHAPTER 14 Manageement of Nursing Educational Institutions- planing and orga...
anu7thomas
 
CISSP Domain 5: Identity and Access Management (IAM)
VICTOR MAESTRE RAMIREZ
 
ORGANIZATIONAL communication -concepts and importance._20250806_112132_0000.pdf
preethijothivel2006
 
The-Power-of-Communication (1).pdf......
RoobaV2
 
Leveraging Intangible Assets Through Campus Entrepreneurship and Tech Transfer
David Teece
 
Contemporary management and it's content
SushmithaaSubramania
 
Chapter One an overview of political economy
argachewbochena1
 

PM Notebook - Chapter 11: Risk Management

  • 1. PM Notebook Summarizing Project Management Concepts for the PMP Exam Mohammad Elsheimy Road to PMP
  • 2. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | KEY TERMS DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 1 DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA/INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA/INFORMATION IS A PROPERTY OF THE AUTHOR. NONE IS INTENDED TO MAKE A PROFIT IN ANY WAY. THIS IS FOR PERSONAL USE ONLY.
  • 3. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | KEY TERMS DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 2 No great man ever complains of want of opportunity. Ralph Waldo Emerson
  • 4. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | KEY TERMS DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 3 Table of Contents Chapter 11 – Risk Management ........................................................................................................................... 4 Key Terms ............................................................................................................................................................... 4 Risk Appetite vs. Risk Tolerance ..................................................................................................................... 4 Risk Levels........................................................................................................................................................... 5 Risk Sources........................................................................................................................................................ 5 Processes................................................................................................................................................................ 6 1 – Plan Risk Management (Planning).......................................................................................................... 6 2 – Identify Risks (Planning) ............................................................................................................................. 7 3 – Perform Qualitative Risk Analysis (Planning).......................................................................................... 8 4 – Perform Quantitative Risk Analysis (Planning)....................................................................................... 9 5 – Plan Risk Responses (Planning) .............................................................................................................. 10 6 – Implement Risk Responses (Executing) ................................................................................................ 11 7 – Monitor Risks (Monitoring & Controlling) .............................................................................................. 12 Perspective Project Examination / Prompt Lists (Identification)................................................................ 13 Risk Parameter Assessment (Qualitative)....................................................................................................... 13 Sensitivity Analysis (Quantitative) .................................................................................................................... 14 Expected Monetary Value (Quantitative) .................................................................................................... 14 Risk Types.............................................................................................................................................................. 15 Event-Based Risks............................................................................................................................................ 15 Nonevent-Based Risks.................................................................................................................................... 15 Risk Response Strategies ................................................................................................................................... 16 Negative Risks (Threats)................................................................................................................................. 16 Positive Risks (Opportunities) ........................................................................................................................ 17 Contingent Response Strategy vs. Fallback Plan ........................................................................................ 17 Contingency Reserve vs. Management Reserve ........................................................................................ 17 Scales.................................................................................................................................................................... 18 Additional Terms ................................................................................................................................................. 18
  • 5. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | KEY TERMS DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 4 Even the most carefully planned project can run into trouble. Key Terms Risk – Anything that might occur on your project and change the outcome of a project activity. It is not always bad.  Threat – Negative risk.  Opportunity – Positive risk. Events and conditions that can help your project. Risk Priority – Likelihood of a risk to occur (i.e. probability) and its projected impact. Risk Urgency – Time criticality of a risk to occur. Risk Severity – the combination of impact and probability. Trigger / Event / Early Warning Signs – An indicator that a risk event could occur. Risk Exposure – a quantified loss potential of business. Risk exposure is usually calculated by multiplying the probability of an incident occurring by its potential losses. Risk Efficiency – How quickly an organization identifies, analyzes, and create risk responses. Uncertainty – A lack of knowledge about an event that reduces confidence in conclusions drawn from the data. Risk Owner – The individual or entity who is responsible for monitoring and responding to an identified risk. Risk Appetite vs. Risk Tolerance Risk Appetite – the amount and type of risk that an organization is willing to take in order to meet their strategic objectives. Some organizations might be willing to take a high risk if the reward is high; others may want to play safe or go conservatively. An example is a sponsor who is willing to accept little risk to the schedule of the project. Risk Tolerance – It is the degree, amount, or volume of the risk that an organization or individual will withstand. Risk tolerance tells you how sensitive the organization or people are to risks. High tolerance means people are willing to take a high risk, and low tolerance means people are not
  • 6. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | KEY TERMS DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 5 willing to take many risks. Tolerance is more specific than appetite. An example is a sponsor who is willing to accept schedule risk up to 1 days on the project.  The more important the project, the lower the stakeholder tolerance is. Risk Threshold – means the amount of risk that is acceptable to an organization. E.g. 14 days delay in the schedule. Risk Aversion / Utility Function – a way it express risk tolerance. It is the behavior of humans (especially consumers and investors), when exposed to uncertainty, in attempting to lower that uncertainty. Risk Averse – Someone who does not want to take risks. Risk Neutral – a person/or an organization which is indifferent to the risk. Risk Prone / Risk Seeker – Someone who is willing to take risks at high-level. Risk Levels Individual Project Risk – the risks that we identify in the project. Overall Project Risk – the effect of uncertainty on the project as a whole. It is the joint effect of all risks in the project and other sources of uncertainty. Risk Sources  The customer or customer’s customers.  Lack of project management effort.  Lack of knowledge of project management.  Suppliers.  Resistance to change.  Cultural differences.  Schedule, cost, quality, scope, and resources.  Customer/Stakeholder satisfaction.
  • 7. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 6 Processes 1 – Plan Risk Management (Planning)  Created by PM, project team, key stakeholders, risk management team, and persons of authority.  Risks may be delegated to the project team or escalated to higher levels.  Define how key stakeholders will identify risks, analyze risks, create risk responses, and control risks.  Should include consideration of potential subcontracts based on capability and cost- savings.  Roles and responsibilities  Enterprises might have pre-defined approach to risk management.  Document costs of risk elements.  Assignment of risk responsibilities.  Risk probability and impact matrix definitions.  Resources and funds needed for the risk management plan.  Risk response planning procedures.  Risk management process should result in decreases to the project’s estimated time and cost.  Risk categories.  Due to uncertainty, risks are higher when the project starts and they decrease as the project moves further.  Risk impact (i.e. amount of stake) is lower when the project starts and it increases as the project moves further. Inputs 1. Project Charter 2. Project Management Plan 3. Project Documents  Stakeholder Register 4. OPAs 5. EEFs Tools 1. Data Analysis Techniques  Stakeholder Analysis 2. Expert Judgment 3. Meetings Outputs 1. Risk Management Plan  Risk Categories  Risk Breakdown Structure (RBS)  Methodology – Methods and approaches to identifying and handling risks.
  • 8. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 7  Definitions of Probability and Impact  Roles and Responsibilities 2 – Identify Risks (Planning)  Ongoing activity throughout the project.  The most important thing to address in project team meetings.  Starts from the initiating phase. Project Charter lists high-level risks. Inputs 1. Project Management Plan  Risk Management Plan  Cost Management Plan  Schedule Management Plan  Quality Management Plan  Resource Management Plan 2. Project Documents  Scope Baseline  Cost Baseline – 1) Lists project assumptions that should be analyzed for risk. 2) Estimates that are aggressive or developed with a limited amount of information are even more likely to entail risk.  Schedule Baseline  Activity Cost Estimates  Activity Duration Estimates  Issue Log  Stakeholder Register  Resource Requirements 3. Procurement Documents 4. Agreements 5. OPAs 6. EEFs Tools 1. Data Gathering Techniques  Interviews – with SMEs, stakeholders, and other experts.  Brainstorming  Delphi Technique  Checklists – can be developed based on historical information and knowledge that has been accumulated from previous similar projects and from other sources of information. 2. Data Analysis Techniques  Root Cause Analysis (RCA) – Ishikawa diagram as an example. 3. Risk Identification Tools 4. Interpersonal/Team/Soft Skills 5. Documentation Review – An ongoing iterative activity that checks project plan, scope, project files, and other project documents for risks.
  • 9. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 8 6. Expert Judgment 7. Assumptions Analysis –  Assumption Stability – Determines how reliable is the information that led to this assumption  Assumption Consequences  False Assumption Effect 8. Perspective Project Examination / Prompt Lists Outputs 1. Risk Register – Documents risk identification, status, progress, responses, trigger, outcomes, risk owner, WBS references, timing, deadlines, etc. 2. Risk Report – A report that shows the overall project risk. 3. Project Document Updates 3 – Perform Qualitative Risk Analysis (Planning)  Classifying into categories of likelihood (probability of occurrence) and impact, and then ranking according to priority.  Fast, and subjective approach to analysis.  Can be done as risks are identified.  You can use a cardinal or ordinal scale to indicate the seriousness of the risk.  The odds of project success increase the closer you get to the end of the project.  Imminent risks are usually higher urgency that distant risks.  High priority risks that require an immediate response are moved on through the risk process, low-priority risks are moved to the watchlist. Inputs 1. Project Management Plan  Risk Management Plan 2. Project Documents  Risk Register  Scope Baseline  Stakeholder Register 3. EEFs 4. OPAs Tools 1. Qualitative Tools  Risk Data Quality Assessment – Looking into the accuracy, reliability, quality and integrity of the data concerning the risk.  Risk Parameter Assessment  Risk Urgency Assessment – to identify those that have a high likelihood of happening sooner rather than later. It is combined with the risk ranking to give a final risk severity ranking.  Risk Categorization  Risk Probability and Impact Assessment
  • 10. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 9  Risk Prioritization 2. Expert Judgment 3. Data Gathering Techniques 4. Data Analysis Techniques 5. Data Representation Techniques  Probability and Impact Matrix  Risk Acceptability Bubble Charts – Represent risks by their impact, probability, and proximity. Outputs 1. Project Document Updates  Risk Report  Risk Register – List of prioritized risks that will move forward into quantitative analysis. 2. Watchlist – A list of noncritical risks for later review during the Control Risks process. 4 – Perform Quantitative Risk Analysis (Planning)  Analyzing risks according to their impact to the project budget, schedule, or any other part of the project.  Determine cost and schedule reserves. Inputs 1. Project Management Plan  Risk Management Plan  Cost Management Plan  Schedule Management Plan 2. Project Documents  Cost Baseline  Risk Register  Cost Estimates  Cost Forecasts  Duration Estimates  Resource Requirements
  • 11. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 10 3. EEFs 4. OPAs Tools 1. Data Gathering Techniques  Interviewing 2. Interpersonal/Team/Soft Skills 3. Data Representation Techniques  Probability Distribution (Curves( 4. Data Analysis Techniques  Simulations  Sensitivity Analysis / Tornado Diagram  Expected Monetary Value (EMV) Analysis  Modeling and Simulation / Monte Carlo Analysis 5. Expert Judgment Outputs 1. Project Document Updates  Risk Report  Risk Register 2. Initial amount of contingency time and cost reserves 5 – Plan Risk Responses (Planning)  Risk Response Strategies – are the approaches we can make to dealing with the risks we have identified and quantified.  Enhance opportunities.  Reduce or eliminate risks.  Document risk responses.  Tracks outcomes for lessons learned.  Multiple plan strategies can be selected for a single risk.  Analyzing cost of prevention vs. cost of responding is required.  Team, other stakeholders, and experts should be involved in selecting a strategy.  Risk response strategies must be communicated to management, stakeholders, and the sponsor. Inputs 1. Project Management Plan  Risk Management Plan  Resource Management Plan  Cost Baseline 2. Project Documents  Risk Register  Risk Report  Lessons Learned Register  Resource Calendars
  • 12. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 11 3. EEFs 4. OPAs Tools 1. Risk Response Strategies 2. Contingent Response Strategies – Fallback plan or contingency plan. 3. Justifying Risk Reduction – Examination of the cost to eliminate the risk altogether in proportion to the probability and impact and the risk score. 4. Data Gathering Techniques 5. Data Analysis Techniques  Alternatives Analysis  Cost-Benefit Analysis 6. Decision-Making Techniques 7. Interpersonal/Team/Soft Skills 8. Expert Judgment Outputs 1. Project Management Plan Updates 2. Project Document Updates  Risk Register – residual and secondary risks must be documented and reviewed throughout the project.  Risk Report 3. Change Requests 4. Final Contingency and Fallback Plans 6 – Implement Risk Responses (Executing)  PM makes certain that the responses are carried out.  Risk owners empowered to do risk responses. Inputs 1. Project Management Plan  Risk Management Plan 2. Project Documents  Risk Register  Risk Report  Lessons Learned Register  Project Team Assignments 3. OPAs Tools 1. Expert Judgment 2. Interpersonal/Team Skills 3. Project Management Information System (PMIS)
  • 13. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PROCESSES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 12 Outputs 1. Change Requests 2. Project Document Updates 7 – Monitor Risks (Monitoring & Controlling)  Constantly monitor how your project is doing compared to your risk register.  Evaluate risk response effectiveness.  Review risk approach, assumption validity, risk management policy effectiveness, procedures followed, and project strategy validity.  Constantly look for the occurrence of risk triggers.  Monitor residual risks.  Collect and communicate risk status.  Revisit the watchlist.  Recommend corrective actions.  Use contingency reserves and adjust for approved changes.  Closing of risks that are no longer applicable. Associated risk reserve of closed risks must be returned to the company.  Workarounds – unplanned responses developed to deal with the occurrence of unanticipated events or problems on a project (or to deal with accepted risks.) Workarounds are commonly developed in monitor risks process. Inputs 1. Project Management Plan  Risk Management Plan 2. Project Documents  Risk Register  Risk Report  Issue Log 3. Work Performance Data 4. Work Performance Reports Tools 1. Data Analysis Techniques  Variance and Trend Analysis  Contingency Reserve Analysis – Checking how much reserve remains and how much might be needed.  Technical Performance Analysis – 1) Compares technical accomplishments to date to the project plan’s schedule of technical achievement. 2) Deviation can help to forecast the degree of success in achieving the project scope. 2. Risk Audits –
  • 14. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | PERSPECTIVE PROJECT EXAMINATION / PROMPT LISTS (IDENTIFICATION) DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 13  Task-by-task, risk-by-risk analysis. Involves examination and documentation of the effectiveness of responses in dealing with identified risks and their root causes in addition to the effectiveness of risk management plan.  More exhaustive and usually done by external party.  A schedule for implementing risk audits must be defined in the risk management plan.  A review is conducted by the team and should be scheduled regularly. 3. Risk Reassessment –  Ongoing activity aims to find any new risks that have come up.  Regularly scheduled. 4. Meetings Outputs 1. Work Performance Information 2. Change Requests 3. Project Management Plan Updates 4. Project Document Updates  Closing of risks  Workarounds 5. OPA Updates Perspective Project Examination / Prompt Lists (Identification) Prompt List – A predetermined list of risk categories that might give rise to individual project risk and that could also act as sources of overall project risk. SWOT – Strengths, Weaknesses, Opportunities, and Threats PEST/PESTEL – Political, Economic, Social, Technological, Legal and Environmental TECOP – Technical, Environmental, Commercial, Operational, and Political VUCA – Volatility, Uncertainty, Complexity, and Ambiguity Risk Parameter Assessment (Qualitative) Connectivity – Determines how connected a risk is to the other risks with the project. Controllability – Determines how easily the outcome of the risk event can be controlled. Detectability – Determines how easily the evidence of a risk’s occurrence be detected. Dormancy – Determines how long after the risk has occurred before its impact is noticed. Manageability – Determines how easily the risk be managed.
  • 15. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | SENSITIVITY ANALYSIS (QUANTITATIVE) DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 14 Propinquity – Determines the risk perception by key stakeholders. Proximity – Determines how long before the risk will affect a project objective. Strategic Impact – Determines the size of impact the risk will have on the strategic goals. Urgency – Assessing the time criticality of a risk to occur using factors – 1. Time available 2. warning signs 3. risk rating score Sensitivity Analysis (Quantitative) Sensitivity Analysis is a study where we see the real impact/effect of one risk on the project goals. Usually it creates tornado diagram.  Examines each project risk on its own.  Goal is to determine which individual risks have the greatest impact.  Can examine how the risk affect the NPV, IRR, etc. Expected Monetary Value (Quantitative) Expected Monetary Value (EMV) Analysis lets you examine costs of all the paths you might take through the project and assign monetary value to each decision. Implies decision tree analysis.  Uses probability-impact matrix and risk exposure.  Results in contingency reserve estimates.  Performed during quantitative risk analysis and revised during risk response planning when calculating contingency reserves. Formula – 𝑬𝒙$𝑽 = ∑ 𝑽𝒊 𝑷𝒊 𝒏 𝒊=𝟏 Where – Vi = The monetary value of event i. Pi = Probability of occurrence of event i.
  • 16. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | RISK TYPES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 15 Risk Types Event-Based Risks Normal Risks Business Risk – Might have positive outcome. Examples are stocks and investments. Pure / Insurable Risks – Risks that have only negative outcome. Examples are natural disasters, thefts, and fires. Residual Risks – Risks that are expected to remain after the planned response of risk has been taken, as well as those that have been accepted. Secondary Risks – Risks which arise as direct outcome of implementing a response for another risk. Nonevent-Based Risks Ambiguity Risks / Epistemic Uncertainty – Risks that have an uncertain, unclear nature, such as new laws or regulations, complexity of project, and the marketplace conditions. Emergent Risks / Ontological Uncertainty / Unknown Unknowns / Black Swans – They arise from limitations in our conceptual frameworks or world-view. These are risks which we are unable to see because they are outside our experience or mind set, so we don’t know that we should be looking for them.  Unknown-but-knowable unknowns – There are some uncertainties that we currently do not know, but which we could find out about. This is where the risk process can help. The aim is to expose those unknowns that could be known, so we can deal with them effectively.  Unknown-and-unknowable unknowns – These are much more difficult to deal with, since by definition we can never discover them unless and until they happen. They are genuine emergent risks, which we could not predict with even the best risk process.
  • 17. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | RISK RESPONSE STRATEGIES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 16 Emergent risks can be handled by developing strong project resilience. Project Resilience / Bounce-back Ability – The awareness of unknowable-unknowns (risks that can be identified after they happen.) It is the art of noticing, interpreting, preparing, containing and recovering from risks. It can also defined as the capacity to maintain core purpose and integrity in the face of external or internal shock and change.  Right level of budget and schedule contingencies.  Flexible project processes.  Frequent reviews of early warning signs. Project scope or strategy can be adjusted as part of risk response. Variability Risks / Aleatoric Uncertainty – A type of risk based on the variations that may occur in the project, such as production, number of quality errors, the number of system trial days, exchange rates, and unseasonal weather conditions. Risk Response Strategies Negative Risks (Threats) Acceptance – For low-level risks or for risks that you have little control over (like weather) or when the cost to mitigate or avoid a risk is the same as negative consequences if the risk even occurs. Using the acceptance strategy means that the severity of the risk is lower than our risk tolerance level.  Active Acceptance – to make a plan for what to do when and if the risk occurs. Much more effective. o Involves the creation of contingency plans. o Implies a secondary risk – the wrong thing that can be done to solve the problem because its solution was not clearly thought out under pressure in the heat of the moment.  Passive Acceptance – leaves actions to be determined as needed (workarounds). It is when the cost of developing a plan and documenting it can be higher than the cost of dealing with the risk without preparation. The cost of developing a plan and documenting it can be higher than the cost of dealing with the risk without preparation. Please note that a decision to accept a risk must be communicated to stakeholders. Avoidance –  Eliminate the threat by eliminating the cause. An example is removing the work package or person.  Reducing the impact of a risk event by reducing the possibility of its occurrence.  Expanding the scope of the project to eliminate the cause. An example is adding additional level of testing to prevent the threat.
  • 18. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | CONTINGENT RESPONSE STRATEGY VS. FALLBACK PLAN DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 17 Escalation – For risks out of PM’s ability to respond. Mitigation / Reduction –  Taking some sort of action to reduce the probability and impact of event.  May involve prototypes to reduce the risk of scaling up from a bench-scale model of a process or product. Transference / Procurement / Deflecting / Allocating – Make another party responsible for the risks by purchasing insurances or warranties or by outsourcing the work.  Insurance exchanges an unknown cost impact of a known risk for a known cost impact. For example, the cost impact of a risk of fire becomes known; it is the cost of the insurance.  Transferring a risk will leave some risk behind. For example, when outsourcing the other party might run into trouble or schedule delays. Positive Risks (Opportunities) Accepting Enhancing – Making the opportunity more probable by influencing its triggers. Escalating – For opportunities out of PM’s ability to respond. Exploiting – Make full use of the opportunity. Sharing – When it is hard to take the advantage on your own. Contingent Response Strategy vs. Fallback Plan Contingent Response Strategy – A planned and prepared response to an unplanned risk occurring. As with a fallback plan, the contingent response strategy is a critical communication tool to ensure that all team members know what actions to take when the specified risk event occurs. Fallback Plan – Developed in advance of a risk event occurring and is designed to be used when the primary risk response proves not to be effective. Think of the fallback plan as the Plan B. Contingency Reserve vs. Management Reserve Contingency Reserve – The kind of reserve for identified risks.  Included in cost and schedule baselines.  It may be percentage of the estimation, a fixed number, or may be developed by using quantitative analysis methods such as Monte Carlo simulation.
  • 19. PM NOTEBOOK CHAPTER 11 – RISK MANAGEMENT | SCALES DISCLAIMER: THE MATERIAL INCLUDED IN THIS DOCUMENT IS BASED ON DATA / INFORMATION GATHERED FROM VARIOUS RELIABLE SOURCES. NONE OF THIS DATA / INFORMATION IS A PROPERTY OF THE AUTHOR. 18  Would be incorrect to start with a zero value for contingency reserve.  For known unknowns.  If risks do not occur, the associated time or cost reserves should be returned to the company, rather than used to address other issues on the project. Management Reserve – Company’s project reserve for unexpected, unplanned overruns or risks.  Not part of cost or schedule baselines.  Part of total cost budget.  PM needs management permission to use this reserve.  For unknown unknowns. Scales Cardinal Scales – A ranking approach to identify the probability and impact by using a numerical value, from 0.01 (very low) to 1.0 (certain). Ordinal Scales – A ranking approach that identifies and ranks the risks from very high to very unlikely or to some other value. Red, Amber, and Green (RAG) Rating – An ordinal scale that uses red, amber, and green to capture probability, impact and risk score. Additional Terms Fait Accompli – a thing that has already happened or been decided before those affected hear about it, leaving them with no option but to accept it.