Risk & Quality
What is Project Resilience?
- Right level of budget and schedule contingency for emergent risks, in addition to a specific risk budget for known risks; - Flexible project processes that can cope with emergent risk while maintaining overall direction toward project goals, including strong change management; - Empowered project team that has clear objectives and that is trusted to get the job done within agreed-upon limits - Frequent review of early warning signs to identify emergent risks as early as possible - Clear input from stakeholders to clarify areas where the project scope or strategy can be adjusted in response to emergent risks
Prompt Lists
A predetermined list of risk categories that might give rise to individual project risks and that could also act as sources of overall project risk. Can be used as a framework to aid the project team in idea generation when using risk identification techniques. The risk categories in the lowest level of the RBS can be used as a prompt list for individual project risks
What Project Doc Updates occur from Identify Risks Process?
Assumption Log Issue Log Lessons Learned Register
What are the major Data Gathering Techniques used in Identify Risks Process?
Brainstorming Checklists Interviews
Transfer/Share (at overall project risk level)
Can occur when a project risk is highly negative or positive, and the organization is unable to address it effectively. Setting up a collaborative business structure in which the buyer and the seller share the overall project risk, launching a joint venture or subcontracting key elements of the project.
What do these T&Ts of Quantitative Risk Analysis do? Data Gathering - Interviewing Representations of Uncertainty Interpersonal and Team Skills - Facilitation
Collect More Data About Risks
The main output of the Risk Management planning processes are
Project Documents Updates, specifically the Risk Register
What are the outputs to Identify Risks?
Risk Register Risk Report Project Documents Updates
What are other characteristics (besides Probability and Impact) are considered to measure project risks?
Urgency, Proximity, Dormancy, Manageability, Controllability, Detectability, Connectivity, Strategic Impact, Propinquity
What do you use to keep track of triggers and low impact risks?
Watch Lists
What is the difference between brainstorming and interviews
____ is group facilitated, ____ is 1:1 with no facilitator
Secondary Risks
a response you have to another risk
Stakeholder Analysis
a technique of systematically gathering and analyzing quantitative and qualitative information to determine whose interests should be taken into account throughout the project
Accept
acknowledges the existence of a threat, but no proactive action is taken.
Mitigate
action is taken to reduce the probability and/or impact of a threat. Examples: conducting more tests, choosing a stable seller, building less complex process.
Strategic Impact
how much a risk can have a positive or negative effect on an organization
Connectivity
how much a risk is related to other risks (large connection = high connectivity)
Propinquity
how much a risk matters to the stakeholders
Urgency
how quickly response to risk needs to occur (short period = high urgency)
Risk Responses using the Contingency Response Strategies technique are called contingency plans or fallback plans, and include ...
identified triggering events that set the plan into effect
Funding
identifies the funds needed to perform activities related to Project Risk Management; establishes protocols for the application of contingency and management reserves
If the project requires external procurement of resources, the initial procurement documentation should be reviewed as procuring goods and services from the outside of the organization may..
increase or decrease overall project risk and may introduce additional individual project risks
Enhance
increases the probability and/or impact of an opportunity. Examples: adding more resources to an activity to finish early.
Definition of Probability and Impacts
levels of impact specific to the project and risk appetites/thresholds of the organization. Number of levels reflect the degree of detail required for each risk management processes.
Technical Performance Analysis is a kind of Data Analysis T&T that
looks for trends in defects or schedule variance (for example) in hopes that the patterns can indicate risks have occurred before you would have found out on your own.
EMV helps
measure the total cost or threats and opportunities for certain decision paths
Events that trigger the contingency response -
missing intermediate milestones or gaining higher priority with a seller
Probability and Impact Matrix
opportunities and threats are represented in a matrix using positive and negative definitions. Can be descriptive or numeric terms; when numeric, can be multiplied to give a probability-impact score for each risk, which allows the priority of individual risks to be evaluated within each priority level.
the Monitor Risk Process uses __________________________ generated during project Execution
performance information
Proximity
period of time before the risk might have an impact on project (short period = high proximity)
Dormancy
period of time it takes for a risk's impact to be discovered (short period = low dormancy)
PLAN RISK RESPONSES
process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks.
PLAN RISK MANAGEMENT
process of identifying how to conduct risk management activities for a project.
IDENTIFY RISKS
process of identifying individual project risks as well as sources of overall project risk, and documenting their characteristics.
IMPLEMENT RISK RESPONSES
process of implementing agreed-upon risk response plans.
MONITOR RISKS
process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.
PERFORM QUANTITATIVE RISK ANALYSIS
process of numerically analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives.
PERFORM QUALITATIVE RISK ANALYSIS
process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics.
PROJECT RISK MANAGEMENT
processes of conducting risk management planning, identification, analysis, response planning, response implementation, and monitoring risk on a project. Objective of this process group are to increase probability and/or impact of positive risks and to decrease the probability and/or impact of negative risks, in order to optimize the changes of project success.
Risk Categories
provides a means for grouping individual project risks.
Residual Risks
remain after your risk responses have been implemented
Exploit
selected for high-priority opportunities where the organization wants to ensure the opportunity is realized. Examples: assigning an organization's most talented resources to the project or using new technology upgrades.
Transfer
shifting ownership of a threat to a third party to manage the risk and to bear the impact if it occurs. Agreements involving paying a third party (insurance, warranties, etc) can be used to transfer ownership and liability.
A ________________ may be used to distinguish risks from their cause(s) and effect(s)
structured risk statement
Avoid (at overall project risk level)
taking action to reduce the negative effect of uncertainty on the project as a whole and bring the project back within the thresholds. Example: removal of high-risk elements of scope. Appropriate when the overall project risk is significantly negative and outside the agreed-upon risk thresholds.
Accept (at overall project risk level)
the Organization chooses to continue with the project even if the overall project risk is outside the agreed-upon project thresholds.
Overall Project Risk
the effect of uncertainty on the project as a whole, arising from all sources of uncertainty including individual risks, representing the exposure of stakeholders to the implications of variations in project outcome, both positive and negative.
Qualitative Risk Analysis focuses on
the impact of risks as the team judges it in planning. You take the categories in your risk plan and assign them to each risk
Share
transferring ownership of an opportunity to a third party so that it shares some of the benefit if the opportunity occurs. Examples: forming risk-sharing partnerships, teams, special-purpose companies, or joint ventures.
The conditions that cause a risk are called ______________
triggers
Identified Risks are described with as much detail as required to ensure
unambiguous understanding.
Variability Risk
uncertainty exists about some key characteristics of a planned event or activity or decision. Examples: productivity may be above or below target, the number of errors found during testing may be higher or lower thank expected. Can be addressed using the Monte Carlo Analysis, with a range of variation reflected in probability distributions, followed by actions to reduce the spread of possible outcomes.
Potential Risk Owner is confirmed during the
Perform Qualitative Risk Analysis process
EMV =
% of probability x $$ of impact
What does Quantitative Risk Analysis usually require?
- high-quality data about individual project risks - sound underlying project baseline for scope, cost, and schedule - specialized risk software - expertise in the interpretation of risk models
Exploit (at overall project risk level)
Action to capture the positive effect of uncertainty on the project. Example: addition of high-benefit elements of scope to the project to add value or benefits to stakeholders. Appropriate when project is outside the agreed-upon risk thresholds but the overall project risk is significantly positive.
What do these T&Ts of Quantitative Risk Analysis do? Data Analysis - Sensitivity Analysis Data Analysis - Decision Tree Analysis Data Analysis - Simulation Data Analysis - Influence Diagrams
Analyze Data About Risks
EMV is used in what as a common T&T of Quantitative Risk Analysis?
Decision Tree Analysis
Risk Register -
Details of identified Individual Project Risks.
List of Potential Risk Responses are identified during the
Identify Risks process
Brainstorming is the first step in Data Gathering for _______________________; it is very important to have a ___________________
Identifying Risks; Faciliator
What does the Monitor Risks Process determine?
Implemented Risk Responses are effective Level of overall project risk has changed Status of identified individual project risks has changed New individual project risks have arisen Risk Management approach is still appropriate Project assumptions are still valid Risk management policies and procedures are being followed Contingency reserves for cost or schedule require modification Project strategy is still valid
What are the different Levels of Risk?
Individual Project Risk & Overall Project Risk
What is Quantitative Risk Analysis Appropriate for?
Large or complex projects, strategically important projects, contractual projects, or in which a key stakeholder requires it.
What is included in the Risk Register?
List of Identified Risks, Potential Owner of Risks, and List of Potential Risk Responses (also impact and probability)
Integrated Risk Management
Managing risk at their respective levels within an organization depending on the risk impact and needs.
STRATEGIES OF IDENTIFYING SOURCES OF OVERALL PROJECT RISK
PESTLE (Political, Economic, Social, Technological, Legal, Environmental) VUCA (Volatility, Uncertainty, Complexity, Ambiguity)
What are the Project Risk Management Processes?
Plan Risk Management Identify Risks Perform Qualitative Risk Analysis Perform Quantitative Risk Analysis Plan Risk Responses Implement Risk Responses Monitor Risks
List of Potential Risk Responses are then confirmed during the
Plan Risk Response process
Risk Report -
Presents information on sources overall project risk, together with summary information on identified individual project risks.
What are the major Data Representations used in Perform Qualitative Risk Analysis?
Probability and Impact Matrix Hierarchical Charts (RBS and Bubble Charts)
What does the T&T, Expert Judgement, of Quantitative Risk Analysis do?
Puts data and analysis altogether
What are the Risk Report and Register comprised of (processes?)
Qualitative Risk Analysis, Plan Risk Responses, Implement Risk Responses, and Monitor Risks
Where to find risks (most common) -
Resources - Personnel or physical resources Assumptions Log Critical Path External Factors outside of the Project
What does a Risk Management Plan Include?
Risk Strategy, Methodology, Roles and Responsibilities, Funding, Timing, Risk Categories (RBS), Stakeholder Risk Appetite, Definition of Probability and Impacts, Probability and Impact Matrix, Reporting Formats, Tracking.
Contingent Response Strategies -
Some responses are designed for use only if certain events occurs
What is included in a Risk Report?
Sources of overall project risk, indicating which are the most important drivers of overall project risk exposure and Summary information on identified individual project risks, such as number of identified threats and opportunities, distribution of risks across risk categories, metrics and trends
Procurement Documentation
all documents used in signing, executing, and closing an agreement; may include documents predating the project
Individual Project Risk
an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.
Escalate
appropriate when the project team or the project sponsor agrees that the threat is outside the scope of the project or that the proposed response would exceed the PM's authority. Escalated risks are managed at the Program, Portfolio, or Organization Level. Not monitored after the escalation, although recorded in the Risk Register for information.
Monitoring Risks occur
at every status meeting until the project closes.
Risk Responses are treated the same as
change requests, and go through Change Control
Mitigate/Enhance (at overall project risk level)
changing the overall project risk to optimize the chances of achieving the project's objectives. Appropriate when the overall project risk is mildly negative or positive. Examples: changing the scope and boundaries of the project, modifying project priority, changing resource allocation.
Reporting Formats
define how the outcomes of the Project Risk Management process will be documented, analyzed, and communicated. Describes the content and format of the risk register and risk report, as well as any other required outputs from the Project Risk Management Processes.
Methodology
defined the specific approaches, tools, and data sources that will be used to perform risk management on the project
Roles and Responsibilities
defines the lead, support, and risk management team members for each type of activity described in the risk management plan, and clarifies their responsibilities
Timing
defines when and how often the Project Risk Management processes will be performed throughout the project life cycle, and establishes risk management activities for inclusion into the project schedule
Controllability
degree to which the risk owner can control the risk's outcome
Risk Strategy
describes the general approach to managing risks on this project
Bubble Chart
displays three dimensions of data, where each risk is plotted as a bubble, and the three parameters are represented by x, y axis and the size of the bubble.
Tracking
documents how risk activities will be recorded and how risk management processes will be audited.
Project Resilience
emergent risks can only be recognized after they occur, so can only be tackled through developing _______________
Stakeholder Risk Appetite
expressed as measurable risk thresholds around each project objective, which will determine the acceptable level of overall project risk exposure, and also used to inform the definitions of probability and impacts to be used when assessing and prioritizing individual project risks.
Quantitative Risk Analysis focuses on
getting the hard numbers to back up those judgements and to make decisions about how to handle risks
Risk Breakdown Structure (RBS)
hierarchical representation of potential sources of risk. Helps the project team consider the full range of sources from which individual project risks may arise.
Detectability
how easily a risk occurring can be detected
Manageability
how easily the risk owner can manage occurrence or impact of a risk (easy = high manageability)
Ambiguity Risk
uncertainty exists about what might happen in the future; areas of the project where imperfect knowledge might affect the project's ability to achieve its objectives. Examples: elements of the requirement or technical solution, future developments in regulatory frameworks, or inherent systematic complexity in the project. Can be managed by defining areas were there is a deficit of knowledge or understanding, then filling the gap by obtaining expert external input or benchmarking against best practices; also can be addressed through incremental, development, prototyping, or simulation.
Each Identified risk in the project is given a
unique identifier.
Avoid
when the project team acts to eliminate the threat or protect the project from its impact. Appropriate for high-priority threats with high occurrence and large negative impact.