Chapter 11 - Project Risk Management
Monitor Risks: Inputs (Work Performance Data)
Work performance data contains data on project status such as risk responses that have been implemented, risks that have occurred, risks that are active and those that have been closed out.
Identify Risks: Tools and Techniques (Prompt Lists)
A prompt list is a predetermined list of risk categories that might give rise to individual project risks and that could also act as sources of overall project risk. The prompt list can be used as a framework to aid the project team in idea generation when using risk identification techniques.
Plan Risk Responses: Tools and Techniques (Strategies for Overall Project Risk)
Avoid Exploit Transfer/Share Mitigate/Enhance Accept
Monitor Risks: Outputs (Project Management Plan Updates)
Ay change to the project management plan goes through the organization's change control process via a change request. This may affect any component of the project management plan.
Plan Risk Responses: Tools and Techniques (Strategies for Threats)
Escalate Avoid Transfer Mitigate Accept
Plan Risk Responses: Tools and Techniques (Strategies for Opportunities)
Escalate Exploit Share Enhance Accept
Perform Qualitative Risk Analysis: Inputs (E.E.F.)
Industry studies of similar projects and published material, including commercial risk databases or checklists.
Perform Quantitative Risk Analysis: Inputs (E.E.F.)
Industry studies of similar projects. Published material, including commercial risk databases or checklists.
Monitor Risks: Tools and Techniques (Meetings)
Meetings that can be used during this process include but are not limited to risk reviews. Risk reviews are scheduled regulary and should examine and document the effectiveness or risk responses in dealing with overall project risk and with identified individual project risks.
Plan Risk Management: Inputs (O.P.A.)
Organizational risk policy, Risk categories, possibly organized into a risk breakdown structure. Common definitions of risk concepts and terms. Risk statement formats. Templates for the risk management plan, risk register, and risk report. Roles and responsibilities. Authority levels for decision making. Lessons learned repository from previous similar projects.
Perform Qualitative Risk Analysis: Tools and Techniques (Data Analysis)
Risk data quality assessment Risk probability and impact assessment Assessment of other risk parameters Urgency Proximity Dormancy Managebilty Controllability Detectability Connectivity Strategic impact Propinquity
Perform Quantitative Risk Analysis: Inputs (Project Management Plan)
Risk management plan Scope baseline Schedule baseline Cost baseline
Plan Risk Management: Inputs (Project Charter)
The project charter documents the high-level project description and boundaries, high-level requirements, and risks.
Plan Risk Management: Tools and Techniques (Meetings)
The risk management plan may be developed as part of the project kick-off meeting or a specific planning meetings may be held.
Identify Risks: Outputs (Risk Register)
The risk register captures details of identified individual project risks. The results of Perform Qualitative Risk Analysis, Plan Risk Responses, Implement Risk Responses, and Monitor Risks are recorded in the risk register as those processes are conducted throughout the project. List of identified risks. Potential risk owners List of potential risk responses.
Identify Risks: Outputs (Risk Report)
The risk report presents information on sources of overall project risk, together with summary information on identified individual project risks. The risk report is developed progressively throughout the Project Risk Management process.
Plan Risk Responses: Tools and Techniques (Data Analysis)
Alternative analysis Cost-benefit analysis
Plan Risk Responses: Outputs (Project Documents Updates)
Assumption Log Cost forecasts Lessons Learned Register Project Schedule Project Team Assignments Risk Register Risk Report
Monitor Risks: Outputs (Project Documents Updates)
Assumption Log Issue Log Lessons Learned Register Risk Register Risk Report
Perform Quantitative Risk Analysis: Inputs (Project Documents)
Assumption log Basis of estimates Cost estimates Cost forecasts Duration estimates Milestone list Resource requirements Risk register Risk Report Schedule forecasts
Identify Risks: Inputs (Project Documents)
Assumption log Cost estimates Duration estimates Issue log Lessons Learned Register Requirements documentation Resource requirements Stakeholder register
Identify Risks: Outputs (Project Documents Updates)
Assumption log Issue log Lessons learned register
Perform Qualitative Risk Analysis: Tools and Techniques (Outputs)
Assumption log Issue log Risk Register Risk Report
Perform Qualitative Risk Analysis: Inputs (Project Documents)
Assumption log Risk Register Stakeholder register
Identify Risks: Tools and Techniques (Data Gathering)
Brainstorming Checklists Interviews
Plan Risk Management: Tools and Techniques (Data Analysis)
Data Analysis techniques that can be used for this process includes but are not limited to a stakeholder analysis to determine the risk appetite of project stakeholders.
Plan Risk Responses: Tools and Techniques (Data Gathering)
Data-gathering techniques that can be used for this process include but are not limited to interviews. Development of responses to individual project risks and overall project risk may be undertaken during structured or semi-structured interviews with risk owners.
Perform Qualitative Risk Analysis: Tools and Techniques (Data Gathering)
Data-gathering techniques that can be used for this process include but are not limited to interviews. Structured or semi-structured interviews can be used to assess the probability and impacts of individual project risks, as well as other factors.
Plan Risk Responses: Tools and Techniques (Decision Making)
Decision-making techniques that can be used to select a risk response strategy include but are not limited to multicriteria decision analysis. One or more risk response strategies may be under consideration. Decision-making techniques can help prioritize risk response strategies. Multicriteria decision analysis uses a decision matrix to provide a systematic approach for establishing key decision criteria, evaluating and ranking alternatives, and selecting a preferred option.
Identify Risks: Tools and Techniques (Expert Judgement)
Expertise should be considered from individuals or groups with specialized knowledge of similar projects or business areas.
Perform Qualitative Risk Analysis: Tools and Techniques (Expert Judgement)
Expertise should be considered from individuals or groups with specialized knowledge or training in the following topics: Previous similar projects and Qualitative risk analysis. Expert judgement is often obtained through risk workshops or interviews. The possibility of expert views being biased should be taken into account in this process.
Implement Risk Responses: Tools and Techniques (Expert Judgement)
Expertise should be considered from individuals or groups with specialized knowledge to validate or modify risk responses if necessary and decide how to implement them in the most efficient and effective manner.
Plan Risk Management: Tools and Techniques (Expert Judgement)
Familiarity with the organization's approach to managing risk, including enterprise risk management where this is performed. Tailoring risk management to the specific needs of a project. Types of risk that are likely to be encountered on projects in the same area.
Identify Risks
Identify Risks is the process of identifying individual project risks as well as sources of overall project risk, and documenting their characteristics. The key benefit of this process is the documentation of existing individual project risks and the sources of overall project risk. It also brings together information so the project team can respond appropriately to identified risks. This process is performed throughout the project.
Identify Risks: Inputs (Agreements)
If the project requires external procurement of resources, the agreements may have information such as milestone dates, contract type, acceptance criteria, and awards and penalties that can present threats or opportunities.
Identify Risks: Inputs (Procurement Documentation)
If the project requires external procurement of resources, the initial procurement documentation should be reviewed as procuring goods and services from outside the organization may increase or decrease overall project risk and may introduce additional individual project risks.
Implement Risk Responses
Implement Risk Responses is the process of implementing agreed-upon risk response plans. The key benefit of this process is that it ensures that agreed-upon risk responses are executed as planned in order to address overall project risk exposure, minimize individual project threats, and maximize individual project opportunities. This process is performed throughout the project.
Implement Risk Responses: Outputs (Change Requests)
Implementation of risk responses may result in a change request to the cost and schedule baselines or other components of the project management plan. Change requests are processed for review and disposition through the Perform Integrated Change Control process.
Plan Risk Management: Inputs (Project Management Plan)
In planning Project Risk Management, all approved subsidiary management plans should be taken into consideration in order to make the risk management plan consistent with them.
Perform Quantitative Risk Analysis: Tools and Techniques (Interpersonal and Team Skills)
Interpersonal and team skills that can be used for this process include but are not limited to facilitation. A skilled facilitator is useful for gathering input data during a dedicated risk workshop involving project team members and other stakeholders. Facilitated workshops can improve effectiveness by establishing a clear understanding of the purpose of the workshop.
Perform Qualitative Risk Analysis: Tools and Techniques (Interpersonal and Team Skills)
Interpersonal and team skills that can be used for this process include but are not limited to facilitation. Facilitation improves the effectiveness of the qualitative analysis task, follow the method associated with the technique accurately, reach consensus on assessments of probability and impacts, identify and overcome sources of bias, and resolve any disagreements that may rise.
Implement Risk Responses: Tools and Techniques (Interpersonal and Team Skills)
Interpersonal and team skills that can be used for this process include but are not limited to influencing. Some risk response actions may be owned by people outside the immediate project team or who have other competing demands
Identify Risks: Tools and Techniques (Interpersonal and Team Skills)
Interpersonal and team skills that can be used for this process includes but are not limited to facilitation. Facilitation improves the effectiveness of many of the techniques used to identify individual project risks and sources of overall project risk.
Plan Risk Responses: Tools and Techniques (Interpersonal and Team Skills)
Interpersonal and team skills that can be used for this process includes but are not limited to facilitation. The use of facilitation improves the effectiveness of developing responses to individual project risks and overall project risk.
Perform Quantitative Risk Analysis: Tools and Techniques (Data Gathering)
Interviews may be used to generate inputs for the quantitative risk analysis, drawing on inputs that include individual project risks and other sources of uncertainty.
Implement Risk Responses: Outputs (Project Documents Updates)
Issue Log Lessons Learned Register Project team Assignments Risk Register Risk Report
Monitor Risks: Inputs (Project Documents)
Issue Log Lessons Learned Register Risk Register Risk Report
Plan Risk Responses: Inputs (Project Documents)
Lessons Learned Register Project Schedule Project Team Assignments Resource calendars Risk Register Risk Report Stakeholder Register
Implement Risk Responses: Inputs (Project Documents)
Lessons Learned Register Risk Register Risk Report
Monitor Risks
Monitor Risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project. The key benefit of this process is that it enables project decisions to be based on current information about overall project risk exposure and individual project risks. This process is performed throughout the project.
Perform Qualitative Risk Analysis
Perform Qualitative Risk Analysis is the process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics. The key benefit of this process is that it focuses efforts on high-priority risks. This process is performed throughout the project.
Perform Quantitative Risk Analysis
Perform Quantitative Risk Analysis is the process of numerically analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives. The key benefit of this process is that it quantifies overall project risk exposure, and it can also provide additional quantitative risk information to support risk response planning. This process is not required for every project, but where it is used, it is performed throughout the project.
Plan Risk Management
Plan Risk Management is the process of defining how to conduct risk management activities for a project. The key benefit of this process is that it ensures that the degree, type, and visibility of risk management are proportionate to both risks and the importance of the project to the organization and other stakeholders. This process is performed once or at predefined points in the project.
Plan Risk Responses
Plan Risk Responses is the process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks. The key benefit of this process is that it identifies appropriate ways to address overall project risk and individual project risks. This process also allocates resources and inserts activities into project documents and the project management plan as needed. This process is performed throughout the project.
Plan Risk Responses: Outputs (Change Requests)
Planned risk responses may result in a change request to the cost and schedule baselines or other components of the project management plan. Change requests are processed for review and disposition through the Perform Integrated Change Control process.
Perform Qualitative Risk Analysis: Tools and Techniques (Data Representation)
Probability and impact matrix Hierarchical charts
Project Risk Management
Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, response implementation, and monitoring risk on a project. The objectives of project risk management are to increase the probability and/or impact of positive risks to decrease the probability and/or impact of negative risks, in order to optimize the chances of project success.
Plan Risk Management: Inputs (Project Documents)
Project documents that can be considered as inputs for this process include but are not limited to the stakeholder register.
Perform Quantitative Risk Analysis: Outputs (Project Documents Updates)
Project documents that can be considered as outputs for this process include but are not limited to the risk report. The risk report will be updated to reflect the results of the quantitative risk analysis. This will typically include: Assessment of overall project risk exposure Detailed probabilistic analysis of the project Prioritized list of individual project risks Trends in quantitative risk analysis results Recommended risk responses.
Identify Risks: Inputs (O.P.A.)
Project files, including actual data. Organizational and project process controls. Risk statement formats, and checklists from previous similar projects.
Implement Risk Responses: Tools and Techniques (Project Management Information System (PMIS)
Project management information systems can include schedule, resource, and cost software to ensure that agreed-upon risk response plans and their associated activities are integrated into the project alongside other project activities.
Implement Risk Responses: Inputs (Project Management Plan)
Project management plan components include but are not limited to the risk management plan. The risk management plan lists the roles and responsibilities of project team members and other stakeholders for risk management.
Monitor Risks: Inputs (Project Management Plan)
Project management plan components include but are not limited to the risk management plan. The risk management plan provides guidance on how and when risks should be reviewed, which policies and procedures should be followed, the roles and responsibilities in the monitoring process, and reporting formats.
Perform Qualitative Risk Analysis: Inputs (Project Management Plan)
Project management plan components include the risk management plan. Of particular interest in this process are the roles and responsibilities for conducting risk management, budgets for risk management, schedule activities for risk management, risk categories, definitions of probability and impact, the probability and impact matrix, and stakeholders' risk thresholds. These inputs are usually tailored to the project during the Plan Risk Management process. If they are not available, they may be developed during the Perform Qualitative Risk Analysis process and presented to the project sponsor for approval before use.
Identify Risks: Inputs (E.E.F.)
Published material, including commercial risk databases or checklists. Academic studies. Benchmarking results, and Industry studies of similar projects.
Perform Quantitative Risk Analysis: Tools and Techniques (Representations of Uncertainty)
Quantitative risk analysis requires inputs to a quantitative risk analysis model that reflect individual project risks and other sources of uncertainty.
Identify Risks: Inputs (Project Management Plan)
Requirements management plan Schedule management plan Cost management plan Quality management plan Resource management plan Risk management plan Scope baseline Schedule baseline Cost baseline
Plan Risk Responses: Inputs (Project Management Plan)
Resource management plan Risk management plan Cost baseline
Monitor Risks: Tools and Techniques (Audits)
Risk audits are a type of audit that may be used to consider the effectiveness of the risk management process. The project manager is responsible for ensuring that risk audits are performed at an appropriate frequency, as defined in the project's risk management plan. Risk audits may be included during routine project review meetings or may form part of a risk review meeting, or the team may choose to hold separate risk audit meetings. The format for the risk audit and its objectives should be clearly defined before the audit is conducted.
Plan Risk Management: Outputs (Risk Management Plan)
Risk strategy Methodology Roles and responsibilities Funding Timing Risk categories Stakeholder risk appetite Definitions of risk probability and impacts Probability and impact matrix Reporting formats Tracking
Perform Qualitative Risk Analysis: Tools and Techniques (Risk Categorization)
Risks to the project can be categorized by sources of risk. The area of the project affected or other useful categories to determine the areas of the project most exposed to the effects of uncertainty.
Identify Risks: Tools and Techniques (Data Analysis)
Root cause analysis Assumption and constraint analysis SWOT analysis Document analysis
Plan Risk Responses: Outputs (Project Management Plan Updates)
Schedule management plan Cost management plan Quality management plan Resource management plan Procurement management plan Scope baseline Schedule baseline Cost baseline
Perform Quantitative Risk Analysis: Tools and Techniques (Data Analysis)
Simulation Sensitivity analysis Decision tree analysis Influence diagrams
Plan Risk Responses: Tools and Techniques (Contingent Response Strategies)
Some responses are designed for use only if certain events occur. For some risks, it is appropriate for the project team to make a response plan that will only be executed under certain predefine conditions, if it is believed that there will be sufficient warning to implement the plan.
Monitor Risks: Tools and Techniques (Data Analysis)
Technical performance analysis Reserve analysis
Plan Risk Responses: Inputs (O.P.A.)
Templates for the risk management plan, risk register, and risk report. Historical databases and Lessons Learned repositories from similar projects.
Monitor Risks: Outputs (O.P.A. Updates)
Templates for the risk management plan, risk register, and risk report. Risk Breakdown structure.
Monitor Risks: Outputs (Change Requests)
The Monitor Risks process may result in a change request to the cost and schedule baselines or other components of the project management plan. Change requests are processes for review and disposition through the Perform Integrated Change Control process. Change request can include recommended corrective and preventive actions to address the current level of overall project risk or to address individual project risks.
Plan Risk Management: Inputs (E.E.F.)
The enterprise environmental factors that can influence the Plan Risk Management process include but are not limited to overall risk thresholds set by the organization or key stakeholders.
Plan Risk Responses: Inputs (E.E.F.)
The enterprise environmental factors that can influence the Plan Risk Responses process include but are not limited to the risk appetite and thresholds of key stakeholders
Perform Qualitative Risk Analysis: Inputs (O.P.A.)
The organizational process assets that can influence Perform Qualitative Risk Analysis include but are not limited to information from similar completed projects.
Implement Risk Responses: Inputs (O.P.A.)
The organizational process assets that can influence the Implement Risk Responses process include but are not limited to the lessons learned repository from similar completed projects that indicate the effectiveness of particular risk responses.
Perform Quantitative Risk Analysis: Inputs (O.P.A.)
The organizational process assets that can influence the Perform Quantitative Risk Analysis process include information from similar completed projects.
Plan Risk Responses: Tools and Techniques (Expert Judgement)
Threat response strategies. Opportunity response strategies. Contingent response strategies. Overall project risk response strategies.
Perform Qualitative Risk Analysis: Tools and Techniques (Meetings)
To undertake qualitative risk analysis, the project team may conduct a specialized meeting (often called a risk workshop) dedicated to the discussion of identified individual project risks. The goal of this meeting include the review of previously identified risks, assessment of probability and impacts (and possibly other risk parameters), categorization, and prioritization.
Identify Risks: Tools and Techniques (Meetings)
To undertake risk identification, the project team may conduct a specialized meeting (often called a risk workshop). Most risk workshops include some form of brainstorming but other risk identification techniques may be included depending on the level of the risk process defined in the risk management plan.
Perform Quantitative Risk Analysis: Tools and Techniques (Expert Judgement)
Translating information on individual project risks and other sources of uncertainty into numeric inputs for the quantitative risk analysis model. Selecting the most appropriate representation of uncertainty to model particular risks or other sources of uncertainty. Modeling techniques that are appropriate in the context of the project. Identifying which tools would be most suitable for the selected modeling techniques. Interpreting the outputs of quantitative risk analysis.
Monitor Risks: Outputs (Work Performance Information)
Work performance information includes information on how project risk management is performing by comparing the individual risks that have occurred with the expectation of how they would occur. This information indicates the effectiveness of the response planning and response implementation processes.
Monitor Risks: Inputs (Work Performance Reports)
Work performance reports provide information from performance measurements that can be analyzed to provide project work performance information including variance analysis, earned value data, and forecasting data. This information could be relevant when monitoring performance-related risks.