Rita Mulcahy Chapter 11 - Risk Management
What key outputs of the Perform Qualitative Risk Analysis?
- A prioritized list of quantified individual project risk (risk most likely to cause trouble) - The quantified probability of meeting project objective - Trends in quantitive risk analysis - Initial contingency time and cost reserves needed (reserves finalized during the plan risk response) - Assessment of overall project risk exposure (how likely is it the project will achieve key objectives) - Possible realistic and achievable completion dates and project costs with confidence levels vs. the time and cost objectives for the project - Recommended risk responses
What are the risk response strategies for threats?
- Avoid: eliminate the threat by eliminating the cause - Mitigate: reduce the probability and or impact of the individual or overall project threat - Transfer: Make and outside party responsible for the threat by purchasing insurance, outsourcing etc.
What are some risk identifying tools and techniques?
- Brainstorming - Checklist analysis - Interviewing - Root Cause Analysis - Assumption Analysis - Constraints Analysis - SWOT Analysis (Strength, Weaknesses, Opportunities and Threats) - Documentation reviews - Prompt Lists - Facilitation
Two main risk category types?
- Business risk: risk of gain or loss - Pure (insurable) risk: only a risk of loss (e.g. fire, theft, personal injury)
What are the risk response strategies for both threats and opportunities?
- Escalate: escalate if the threat or opportunity is outside the scope of the project or beyond the PM's authority - Accept: passive acceptance means to do nothing. actions to be determined if the risk occurs
What are the risk response strategies for opportunities?
- Exploit: add work or change to the project to make sure the opportunity occurs - Enhance: Increase the likelihood (probability) of the opportunity occurring - Share: Allocate ownership or partial ownership of the individual or overall project opportunity to a third party that is best able to achieve the opportunity
What is the processes of risk management?
- Plan Risk Management - Identify Risks - Perform Qualitative Risk - Perform Quantitative Risk Analysis - Plan Risk Responses - Implement Risk responses - Monitor risk
What are the outputs of a risk management plan?
- Risk strategy - Methodology (how risk management will be performed to meet the needs of the project) - Roles and Responsibilities - Funding - Timing - Risk categories (external, internal, technical, commercial and unforeseeable) - Stakeholder risk appetite/thresholds - Definitions of probability and impact - Reporting - Tracking -
What are the various sources of risk?
- Schedule - Cost - Quality - Scope - Resources - Customer satisfaction
What are examples of risk parameters assessments?
- Urgency: indicates if the risk is likely to occur soon or f the risk requires a long time to plan a response. These can be moved directly in to risk response planning - Dormancy - Manageability ad controllability Strategic impact
Non-risk events?
- Variability: risks caused by the inability to predict future changes - Ambiguity: risks caused by a lack of understanding
What is the purpose of quantitative risk analysis?
- determine which risk warrant a response - determine overall project risk (risk exposure) - determine the quantified probability of meeting project objectives - determine cost and schedule reserves - identify risks requiring the most attention - create realistic and achievable cost, schedule or scope targets
What are the various risk categories?
- external: regulatory, environmental or governmental issues, market shifts; problems with project site etc. - internal: changes to schedule or budget, scope changes, inexperience, issues with people, staffing, materials and equipment etc. - technical: changes in technology, technical processes or interfaces etc. - commercial: customer stability, terms and conditions with contracts, vendors etc. - unforeseeable: small portion of risk (approx. 10%) that are unforeseeable
What does the risk register include?
- list of risks - potential risk owners - potential risk responses - Root cause of risks - updated risk categories other information that can be captured: - risk triggers, potential impact of identified threats and opportunities, when each risk could occur, when the risk no longer presents a threat or opportunity
What are the inputs to risk management?
- project charter - project management plan - project documents - Enterprise environmental factors - Organizational process assets - Agreements - Procurement documentation - Work performance data and reports project background information - Network diagram - Communication management plan
What are the inputs of Quantitative Risk Analysis?
- project management plan - scope - schedule - cost baseline -assumption log project estimates and forecast including milestones that must be achieved
What are common risk management mistakes?
- risk identification is completed without knowing enough about the project - Overall project risks does not identify specific individual project risks - Risk identification ends to soon (short list of risks) - Padding is used instead of risk management process - risks are general rather than specific - some things considers to be risks are actually fact and therefore not a risk - whole categories of risk are missed - only using one method to identify risks vs. using multiple methods - risk management is not given enough attention - PM's don't explain risk management to their team during project planning - contracts are signed log before risks to the project are discussed
What does a decision tree help identify?
- takes into account future events in making decisions today - calculates the expected value: - calculates the expected monetary value - involve mutual exclusivity: two events are mutually exclusive if they cannot occur on the same trail
Key Risk Factors?
- the probability that risk factors will occur (how likely) - The range of possible outcomes (impact or amount at stake) - Expected timing for the risk to occur in the project life cycle (when) - The anticipated frequency of risk events from that source (how often)
What steps must be completed to complete a qualitative risk analysis?
- use a low, med, high and 1 -10 scale for the probability of each risk occurring - use the same scale to determine the the impact of each risk occurring
What is a Sensitivity Analysis?
A technique to analyze and compare the potential impacts of identified risks
What does the plan risk management process address?
Answers the question of how much time should be spent on risk management based on the needs of a project. This includes the risk appetite and identifies who will be involved and how the team will go about performing risk management
What is a risk audit?
Audit used to assess the overall process of risk management on the project and is documented in the risk management plan
Plans describing the specific actions that will be taken if the opportunity or threat occurs?
Contingency Plan
What is probability and impact matrix?
Data representation technique that can be used in the qualitative risk analysis process. Can be used to determine which items warrant immediate response and will be moved to the next step in the process (quantitative risk analysis) and which ones should be on the watch list
What is the formula for expected monetary value (EMV)?
EMV = P x I - when referring to cost
Plans that are specific actions taken if the contingency plans are not effective?
Fallback plan
What does the term reserves refer too in risk management?
Having reserves for time and cost (contingency reserves and management reserves)
Technique that uses a network diagram and schedule or cost estimate to "perform" the project many times and to simulate the cost or schedule results of the project
Monte Carlo Analysis
What are secondary risks?
New risks created by the implementation of risk response strategies
What are opportunities in risk management?
Positive impacts on the project/ good risks. (e.g. if you provide training to employees they can maybe finish the work faster to improve timelines for the project)
Risks that remain after risk response planning is performed?
Residual risk
An organizational chart that can help you identify and document risk categories?
Risk Breakdown Structure (RBS)
What is the key output of the Identify Risks process?
Risk Register
Report that generated and disseminated to stakeholders to keep them apprised of risk management efforts and outcomes
Risk Report
The action of performing an analysis of the risk information collected on the project to see the accuracy and reliability of the data and determine if the risk is valid or whether more information is needed up understand the risk
Risk data quality assessment
What are threats?
Risk event identified in advance that have a negative impact on the project.
Events that trigger the contingency response?
Risk triggers
What is a risk owner?
Someone responsible for monitoring the risks assigned to them and watching for risk triggers.
What is risk averse?
Someone who does not want to be negatively impacted by threats
What is risk appetite and thresholds?
Terms that refer to the level of risk an individual or group is willing to except. Risk appetite is a general description of the level of risk acceptable to and individual or an organization and risk threshold refers to the specific point at which the risk becomes unacceptable
What is the definition of risk management?
The process of identifying, evaluating and planning responses to events both positive and negative that may occur throughout the course of the project.
What are workarounds?
Unplanned responses developed to deal with the occurrence of unanticipated events or problems on a project (or to deal with risks that had been accepted because of unlikelihood of occurrence and/or minimal impact)
What is the primary outputs of plan risk response process?
change requests, updates to the project management plan and project document updates
What are risk reviews?
discuss the effectiveness of the planned risk responses that have been implemented and see if any new risks or secondary risks, of if any risks can be closed
When is avoidance and mitigation typically used as a risk response strategy for threats?
high priority, high impact risks
What is an assumption log?
includes both assumptions and constraints and are reviewed to determine any assumptions or constraints that have a the potential to add a degree of risk that warrants a quantitative analysis
When is transfer typically used as a risk response strategy for threats?
low priority, low impact risks
What is the formula for expected value?
probability x impact (P xI)
What will the monitoring risk process uncover?
project changes, changes to cost and schedule baselines, creation or enhancements of risk templates such as risk register, checklist and risk report, as well as updates to the risk management process and procedures.
What is the primary inputs of plan risk response process?
risk register and cost baseline
Who should your risk response strategies be communicated too?
sponsor, management and stakeholders
What is the purpose of the risk reassessments?
to reassess risk and see if there are any newly identified risks, closed risks, additional qualitative or quantitative risk analysis of new and or previously identified risks and planning for further risk response planning
What is a technical performance analysis?
uses project data to compare planned vs. actual completion of technical requirements to determine if there is any variance from what was planned
