11 - Project Risk Management
Workaround
Response to unforeseen risk event. Developing a workaround diverts risk from project. Once encountered, it is planned... But, in an emergency mode
In addition to a risk management plan, many projects also include _______________, ________________, and _______________.
contingency plans, fallback plans, contingency reserves
_________________ - provisions held by project sponsor or organization to reduce risk of cost or schedule overruns to an acceptable level
contingency reserves
________________- for known risks _______________ - funds help for unknown risks
contingency reserves, management reserves
Probability distributions are frequently used in Perform Quantitative Risk Analysis. Which of these is not a valid example of such a distribution? A. Sigma distribution B. Logarithmic distribution C. Triangular distribution D. Beta distribution
A - The response 'Sigma distribution' is not a valid distribution. Continuous probability distributions represent the uncertainty in values, such as durations of schedule activities and costs of project components. Triangular, Beta, Logarithmic, Normal and Uniform distributions are other examples of commonly used distributions. [PMBOK 5th edition, Page 337]
Which risk response strategy is being employed when a reserve fund is created?
Accept
As the project manager of a project to construct a city park, you have identified 39 risks on the project, determined what would trigger the risks, rated them on a risk rating matrix, tested the assumptions, and assessed the quality of the data used. You now plan to move to the next step of the risk management process. What have you missed? A. Overall risk ranking for the project B. Involvement of other stakeholders C. Risk Mitigation D. Simulation
B - You are using an appropriate process; however, you should have involved the other stakeholders to help identify risks. [PMBOK 5th edition, Page 321] [Project Risk Management]
How are unknown risks mitigated?
By Management Reserve
How are risks assigned a high, medium or low ranking during Qualitative Risk Analysis?
By using risk matrix/lookup table.... E.g. Cells 3/5;4/5; etc are High
3 Diagramming Techniques used with risk identification
Cause and Effect (Issikawa) Diagrams, Influence Diagrams, process Flow Charts
Business Risk
Contains opportunity for loss or gain
Which of these is an input to the Control Risks process? A. Risk audits B. Change requests C. Work performance information D. Work Performance Reports
D - Work Performance Reports are inputs to the Control Risks process. [PMBOK 5th edition, Page 349] [Project Risk Management]
EMV
Expected Monetary Value- calculates a statistical average of the probable outcome of risk events. It requires a risk-neutral approach. It can be used in decision tree analysis
Pure Risk
In project management, bad risk are known as "pure" risks, "insurable" risks or "threats". Also known as Insurable risks.
Risk Attitudes (add definitions)
Risk Adverse Risk Neutral Risk Seeker Risk Tolerant
Secondary risks
Risks caused by the implementation of a response to another risk.
Do risks need to be planned for all projects?
Yes
Match the following to each risk response- 1. Recognize the risk and don't change the plan, but do set contingency reserve in case risk occurs 2. Recognize the risk, but do nothing 3. Recognize the risk and modify the project plan
- Recognize the risk and don't change the plan, but do set contingency reserve in case risk occurs- Active Acceptance - Recognize the risk, but do nothing- Passive Acceptance - Recognize the risk and modify the project plan- Avoid
Tools used during Risk Control
- Risk Reassessment - Risk Audit
Risk Seeker or Risk Taker
A risk seeking or risk taking person or organization likes to seek risks if they see any opportunity.They enjoy and find it challenging to deal with risks; however, sometimes this excessive optimism can cause losses.
_____ involves monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project. A. Controlling risk B. Planning risk responses C. Performing quantitative risk analysis D. Performing qualitative risk analysis
A. Controlling risk
During project executing, a major problem occurs that was not included in the risk register. What should you do first? A. Create a workaround B. Reevaluate the Identify Risks process C. Look for any unexpected effects of the problem D. Tell management
A. Create a workaround. Since the risk was unexpected and has occurred (and its major), the very next thing you should do is deal with it by creating a work around. Tell management as first step is not proactive in solving the problem. Reevaluating the identify risk process and looking for unexpected effects of the problem are both correct things to do here, but not as the first step.
Which of the following risk events is most likely to interfere with attaining a project's schedule objective? A. Delays in obtaining required approvals B. Substantial increases in the cost of purchased materials C. Contract disputes that generate claims for increased payments D. Slippage of the planned post-implementation review meeting
A. Delay in obtaining required approvals. Cost increases and contract disputes for payments will not necessarily interfere with schedule. If a post-implementation review meeting slips, it may not interfere with the project schedule. Delays in obtaining required approvals is the only choice that always causes a time delay, and is therefore the most likely to threaten the project schedule. PMIism- Always assume critical path activity is mandatory dependency upon deliverable approval and therefore if approval delayed, most likely project slips.
_____ involves eliminating a specific threat, usually by eliminating its causes. A. Risk avoidance B. Risk transference C. Risk acceptance D. Risk mitigation
A. Risk avoidance
_____ involves doing whatever you can to make sure the positive risk happens. A. Risk exploitation B. Risk acceptance C. Risk sharing D. Risk enhancement
A. Risk exploitation
Which of the following is not a valid instance of risk transference? A. Use of a Cost Reimbursable contract B. Warranties C. Fixed Price contracts D. Performance bonds
A. Use of a Cost Reimbursable contract A cost-reimbursable contract does not transfer risk to the seller; rather, the risk is with the buyer. Risk transference involves shifting the negative impact of a risk, along with the ownership of the response, to a third party. Risk transference nearly always involves payment of a premium to the party taking on the risk. Examples include performance bonds, warranties, and fixed price contracts.
What can we do about risks that are threats?
Accept Avoid Mitigate Transfer
Reserve Analysis
Analyzing how much reserve has been used and how much remains. Also, figures out how much risk is left and whether remaining reserve is sufficient
Risk Neutral
As the name suggests, these people or organizations are neutral to risks. These people deal with risks objectively. They analyze risks with various techniques such as Expected Monetary Value (EVM), the Decision Tree Method, or any other tool, and then make an informed decision.
Negative Risk (threat) Strategies
Avoidance or mitigation are generally done when risk is high-priority, high-impact. - Avoid- This involves deciding not to do something due to risk being too high. E.g. Deciding not to go with intended cutting edge technology and instead going with stabler technology with more acceptable risk. - Mitigate- Steps are taken to reduce the likelihood and/or the impact of an identified risk. Transference or acceptance are appropriate for low-priority, low-impact risks. - Accept- You simply decide that you will accept the consequence of the risk if it occurs. It may be because there is no way to avoid it. In which case you can decide to accept it passively by agreeing to just monitor it. Or you can accept actively by setting aside contingency fund. Other reasons to accept could be: • There's virtually no chance of it happening (e.g. an earthquake in London), or • The impact would be negligible, or • It is too expensive to deal with (e.g. cost of insurance may be more than the impact of the risk event). - Transfer- You pay someone to take the risk on your behalf. For example you get another company to manufacture a risky part of the project deliverable. But it is vital to realise that the risk still exists, it is only the responsibility that you have attempted to transfer.
The organization has risk management procedures that are seldom used or followed, and has had a history of handling risks badly. In preparing the risk response plan, input from which of the following is generally least important? A. Project team members B. Project sponsor C. Individuals responsible for risk management policies and templates D. Key stakeholders
B. Project sponsor Those responsible for risk templates will be able to provide templates from past projects and therefore will be very important. Team members and key stakeholders are critical to the risk response planning. The sponsor may have the least knowledge of what will work to solve the problem. Sponsors need to be involved in the project and help identify risks. The may even approve response plans created by others, but they would not generally be major contributors to response plans.
Those who are _____ have a higher tolerance for risk, and their satisfaction increases when more payoff is at stake. A. risk-indifferent B. risk-seeking C. risk-averse D. risk-neutral
B. risk-seeking
A project manager has just finished the risk response plan for a large engineering project. Which of the following should he probably do next? A. Determine the overall risk rating of the project B. Begin to analyze the risks that show up in the project drawings C. Add work packages to the project work breakdown structure D. Hold a project risk assessment
C. Add work packages to the project work breakdown structure. This situation is occurring during project planning. Planning must be completed before moving on. Determining the risk rating of the project is done during Perform Qualitative Risk Analysis, and should have already been done. Project risk reassessment occurs during Control Risks, the next step in the risk management process after Plan Risk Responses. But the question does not ask what is next in the risk management process, just what is next. Adding work packages to the WBS, as part of iterations, comes next in project planning.
_____ are predefined actions that the project team will take if an identified risk event occurs. A. Workarounds B. Management reserves C. Contingency plans D. Secondary risks
C. Contingency plans
Assuming that the ends of a range of estimates are + or - 3 sigma from the mean, which of the following range estimates involves the least risk: A. 30 days, plus or minus 5 days B. 22 to 30 days C. Optimistic = 26 days, most likely = 30 days, pessimistic = 33 days D. Mean of 28 days
C. Optimistic = 26 days, most likely = 30 days, pessimistic = 33 days. A mean of 28 days is not a range. A represents 10 days range. B represents 8 day range. C represents 7 days range (P-O). Range = Pessimistic - Optimistic = Maximum value - Minumum value Standard Deviation = (P-O)/6. So, for C, range = 7 days and standard deviation = 1.17. The smallest range or the smallest standard deviation is the least risk. In this case, you could only derive range for each possible answer.
_____ involves prioritizing risks based on their probability and impact of occurrence. A. Identifying risks B. Performing quantitative risk analysis C. Performing qualitative risk analysis D. Planning risk responses
C. Performing qualitative risk analysis
_____ involves numerically estimating the effects of risks on project objectives. A. Identifying risks B. Planning risk responses C. Performing quantitative risk analysis D. Performing qualitative risk analysis
C. Performing quantitative risk analysis
_____ involves taking steps to enhance opportunities and reduce threats to meeting project objectives. A. Performing quantitative risk analysis B. Controlling risk C. Planning risk responses D. Performing qualitative risk analysis
C. Planning risk responses
_____ involves shifting the consequence of a risk and responsibility for its management to a third party. A. Risk avoidance B. Risk mitigation C. Risk transference D. Risk acceptance
C. Risk transference
Under which of the following scenarios would you not use a decision tree? A. when some future scenarios are unknown B. When you need to look at the implications of not choosing certain alternatives. C. When the future scenarios are known. D. When the outcomes of some of the actions are uncertain
C. When the future scenarios are known. You would use a decision tree when uncertainty and unknowns exist regarding future scenarios and their outcomes, not when future scenarios
Identifying risks is a subprocess of the _____ process of project risk management. A. monitoring and controlling B. closing C. planning D. executing
C. planning
The _____ lists the relative probability of a risk occurring and the relative impact of the risk occurring. A. Top Ten Risk Item Tracking chart B. requirements traceability matrix C. probability/impact matrix D. expectations management matrix
C. probability/impact matrix
Trigger
Clear definition of the event which denotes that the risk is occurring and initiates the contingency plan
Technical Performance Measurement
Comparing how many technical features/achievements have been completed to how many features/achievements were planned to be complete.
Workarounds are determined during which risk management process? A. Identify risks B. Perform quantitative risk analysis C. Plan risk responses D. Control risks
D. Control risks. A workaround refers to determining how to handle a risk that has occurred but was not included in the risk register. The project must be in the Control Risks process if risks have occurred.
_____ is a fact-finding technique that can be used for collecting information in face-to-face, phone, e-mail, or instant-messaging discussions. A. Brainstorming B. The Delphi technique C. Monte Carlo analysis D. Interviewing
D. Interviewing
_____ involves reducing the impact of a risk event by reducing the probability of its occurrence. A. Risk acceptance B. Risk transference C. Risk avoidance D. Risk mitigation
D. Risk mitigation
A project manager is quantifying risk for her project. Several of her experts are off-site, but wish to be included. How can this be done? A. Use Monte Carlo analysis using the Internet as a tool B. Apply the critical path method. C. Determine options for recommended corrective action D. Use the Delphi technique
D. Use the Delphi technique. In quantitative risk analysis, the Delphi technique could be used to collect time and cost estimates from experts and achieve consensus. This reduces the possibility of bias.
_____ are unplanned responses to risk events used when project teams do not have contingency plans in place. A. Fallback plans B. Contingency plans C. Triggers D. Workarounds
D. Workarounds
A _____ person achieves a balance between risk and payoff. A. risk-averse B. risk-seeking C. risk-fearing D. risk-neutral
D. risk-neutral
_____________ - derive a consensus among a panel of experts who make predictions about future developments; uses repeated round of questioning and written responses to take advantage of group input while avoiding the possible biasing effects of oral panel deliberations
Delphi technique
During which risk management process do we define potential risk responses?
During Identity Risks Process
When are risk triggers and contingency reserves determined?
During Risk Response Planning process.
When does project risk reassessment occur and what is it?
During the Control Risk process. Review risk register, update information and close risks that should be closed.
Positive Risk (Opportunity) Strategies
Enhance- Enhancing is about increasing the probability of the occurrence of positive risks and increasing the positive impact if it happens. Here, you take measures to increase the chance of the event happening and increase magnitude of benefit, but there will be no assurance of realizing this opportunity. Exploit- Exploiting is about doing everything to make sure the event happens. In this risk response strategy you will make sure that the opportunity is realized by removing all uncertainty. Here, you take the opportunity very seriously and develop a strategy to realize it. Simply put, in exploit risk response strategy, you increase the chance of happening the event to 100%. Share- agree with third party to share benefits if opportunity if it is realized. E.g. Risk sharing partnership or joint venture Accept- don't actively pursue opportunity, but welcome it if it occurs.
What can we do about risks that are opportunities?
Exploit Share Enhance Accept
Jim is currently managing a construction project. The project is in its execution phase and the project customer has just announced that if Jim can complete the project two months earlier, Jim's company will receive a 50% bonus on top of the agreed contract fee. If this goal is achievable, what would be the best strategy for Jim? Exploit vs Enhance?
Exploiting is the most aggressive technique in comparison to the others. It tries to ensure that an opportunity is realized.
What Risk Planning process input identifies company's risk attitude?
External Environmental Factors
True or false? Brainstorming is a systematic, interactive forecasting procedure based on independent and anonymous input regarding future events.
False
True or false? Risk events refer to specific, certain events that may occur to the detriment or enhancement of the project.
False
True or false? The last step in project risk management is deciding how to address this knowledge area for a particular project by performing risk management planning.
False
Delphi Technique
Gain consensus through anonymous voting. Facilitator provides questionnaire to each individual in group. Facilitator summarizes responses and recirculates to group. Consensus usually reached after a few rounds. Can significantly reduce bias as well as influence of any one person in group.
What one of the most important things to do throughout all risk management processes?
Include stakeholders
You are on your way to run a steering group meeting with senior executives, and you are told of a critical risk. Should you include risk in your presentation or wait to gather more information?
Include the newly discovered information in your executive presentation. Failure to disclose a known risk
Gordon is managing a process improvement project. There are a number of project risks involved. Gordon wants to document as many risks as possible in order to have a robust Risk Management Plan. He is reviewing some events and the possible variables that affect these events. Which of the tool should Gordon use that can help him analyze the effects of different variables on these events?
Influence Diagrams are graphical representations of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes. This tool is a good tool for to analyzing the effects of different variables on the events being reviewed.
One of most successful techniques for identifying risks?
Interviewing ... Also reviewing Assumptions
Risk Register
Is the list of risks. Contains initial response recommendations. Root causes of risks identified (this is why root cause analysis is one T&T),
Why is Stakeholder Register an input to Risk Management Planning?
Many stakeholders have significant influence on risks and are best placed to be risk owners; stakeholder register identifies whether stakeholder is project resistor (and could pose risk), champion or supporter.
What's in Risk Management Plan?
Methodology and How risk will be managed. Roles and responsibilities around risk management. Authorities. Costs of risks and risk budget. Definition of Risk Breakdown Structure. Definition of risk probability and impact values. Company risk attitudes and tolerances. The tolerable risk thresholds that will identify which risks require which specific responses.
Simulation is usually based on some form of what analysis?
Monte Carlo
What can predict the probability of finishing by a certain date or that cost will be equal to or less than a certain value?
Monte Carlo analysis
Is it mandatory to conduct Qualitative Analysis Process?
No. None of the processes in PMBOK Guide are mandatory.
Should every risk be mitigated?
No. There are 4 potential risk strategies that can be applied to a risk, mitigation is only one of them. It would be bad practice to attempt to mitigate all risks.
Risk Adverse
Opposing risk. A risk averse person or organization is not comfortable with digesting risks. They are not very creative or supportive towards risks. They usually try to avoid risks unless the reward to take on the risks is high enough to outweigh the aversion of the risk.
Qualitative Risk Analysis
Prioritize risks by analyzing their probability and impact. Think of this as a triage process enabling quick identification of high priority risks to more fully elaborate. Can be quick and cost effective A look-up table or Probability and Impact Matrix with specific combinations of Probability and impact that lead to a risk being rated as "high," "moderate," or "low" importance is used. The importance of planning responses to the risk is usually set by the organization. The project manager can tailor this to the specific project during the Plan Risk Management process.
What are the major activities that occur during the Perform Qualitative Risk Analysis?
Probability and impact matrix development and derivation of risk priorities; risk data quality assessment; determining the risk rating of the project.
How can Monte Carlo analysis be used in the Risk Management processes?
Project risk can be assessed using Monte Carlo Analysis. By considering the inputs to the weighted estimates and the network diagram, you can obtain a better overview of project risk.
In which process groups are most of the risks identified?
Risks can be identified at any point within the project, but most risks are identified in the Identify Risks process, and majority of remaining risks pop up during Control Risks (which occurs in parallel with Project Execution process group.. but no risk processes exist in the Execution process group so they are identified by Control Risk process group).
Residual risk
Risks that remain even after planned risk responses have been implemented. For example, the risk response may mitigate 80% of risk thereby leaving an Acceptable 20% remaining risk.
Variance and Trend Analysis
Simply identifies variances at a point in time (e.g. Schedule or budget variance) and also looks at variances over time to see if there are any trends over time
Risk Staement
Standard, consistent and unambiguous way of documenting risks
Risk Tolerant
These people or organizations are very comfortable with ignoring risks. They don't care and never pay any attention to a risk until it becomes an issue. It is the job of a project manager to find the risk attitude of individual stakeholders and any group formed by these stakeholders. Group mentality is different than individual mentality. The risk attitude of a group of stakeholders might be different than the stakeholders individually. Moreover, this attitude keeps on changing as the project progresses; therefore, either you have to change the attitude of the stakeholders or adjust the project plan to reflect the current risk attitude of the stakeholders. It is recommended a project manager behave as a risk neutral person and make decisions based on objective evidence.
Tornado Analysis
This technique is performs a sensitivity Analysis. It can be used to determine which risks have the most significant impact. This will consist of analyzing the effects of various risks on project objectives by keeping all the uncertain elements at their baseline values.
Why do root cause analysis during risk identification?
To keep asking why does risk exist? Once you feel you understand cause, you can develop mitigation action
_____________________ - identifies risks; maintains awareness of risks throughout life of project by helping to monitor risks
Top 10 Risk Item Tracking
True or false? A probability/impact matrix or chart lists the relative probability of a risk occurring on one side of a matrix or axis on a chart and the relative impact of the risk occurring on the other.
True
True or false? A risk-seeking person prefers outcomes that are more uncertain and is often willing to pay a penalty to take risks.
True
True or false? Contingency plans are predefined actions that the project team will take if an identified risk event occurs.
True
True or false? Quantitative risk analysis need not be done for projects that are large and complex.
True
True or false? Risks can have both negative and positive effects on meeting project objectives.
True
True or false? The risk register can be created with a simple Microsoft Word or Excel file.
True
If you take over a project that is significantly over budget or experiencing significant schedule slippage (or potentially any other significant variance) what is the best thing to do?
Update risk identification and analysis
Risk checklist
Valuable if it is derived from other similar projects. Ensure completeness by checking that all RBS risk categories are covered
Watch list
Where low priority risks for monitoring
List at least 2 benefits of risk management.
anticipate/avoid problems, prevent surprises, improve ability to negotiate, meet customer commitments, reduce schedule slips, reduce cost overruns
Name 4 basic response strategies for negative risks.
avoidance, acceptance, transference, mitigation
_____________ - a group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneously and without judgement
brainstorming
What are 4 common techniques for identifying risks?
brainstorming, Delphi, interviewing, root cause analysis
_______________ - predefined actions that the project team will take if an identified risk event occurs
contingency plans
Which risk management process are the following outputs from? Work performance info, change requests, updates to project management plan, other project documents, organizational process assets
controlling risk
Which risk management process is the following? Monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating effectiveness of risk strategies throughout project lifetime
controlling risk
_______________ - diagramming analysis technique used to help select the best course of action when future outcomes are uncertain; involves calculating expected monetary value
decision tree
_______________ - product of a risk event probability and the risk event's monetary value
expected monetary value (EMV)
Probabilities are normally determined based on ____________________.
expert judgement
Name 4 basic response strategies for positive risks.
exploitation, sharing, enhancement, acceptance
_______________ - developed for risks that have a high impact on meeting project objectives, and are put into effect if attempts to reduce the risk don't work
fallback plans
People often describe risk probability/consequence as being _____________, _____________, or _____________.
high, medium, low
Which risk management process is the following output from? Start of risk register
identifying risks
Which risk management process is the following? Determining which risks are likely to affect project and documenting the characteristics of each
identifying risks
_____________ - collecting info in face-to-face, phone, e-mail, or instant-messaging discussions
interviewing
Can identify risk based on _____________ and ________________.
nature of project/products are created, project management knowledge areas (scope, time, cost, quality)
Managing ___________ risks involves number of possible actions that managers can take to avoid, lessen, change, or accept the potential effects of risks on project.
negative
Which risk management process is the following? Prioritizing risks based on their probability and impact of occurrence
performing qualitative risk analysis
Which 2 risk management processes is the following output from? Project documents updates
performing qualitative risk analysis/performing quantitative risk analysis
Which risk management process is the following? Numerically estimating the effects of risks on project objectives
performing quantitative risk analysis
Which risk management process is the following output from? Risk management plan
planning risk management
Which risk management process is the following? Deciding how to approach and plan risk management activities for project.
planning risk management
What are the 6 processes with risk management?
planning risk management, identifying risks, performing qualitative risk analysis, performing quantitative risk analysis, planning risk responses, controlling risk
Which risk management process are the following outputs from? Project management plan updates and project documents updates
planning risk responses
Which risk management process is the following? Taking steps to enhance opportunities and reduce threats to meeting project objectives
planning risk responses
___________ risk management is like investing in opportunities
positive
Some teams develop a single number for a risk score simply by multiplying a score for _______________ by a numeric score for ___________________.
probability, impact
_____________ - lists the relative probability of a risk occurring and relative impact of risk occurring
probability/impact matrix
What is the following a goal of? Minimizing potential negative risks while maximizing potential positive risks
project risk management
_______________________ - art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives.
project risk management
____________ risks - risks that remain after all response strategies have been implemented
residual
________ - uncertainty that can have a negative or positive effect on meeting project objectives
risk
_________________ - degree of uncertainty an entity is willing to take on, in anticipation of a reward
risk appetite
Attitudes towards risk are based on what two themes?
risk appetite, risk tolerance
____________________ - hierarchy of potential risk categories for a project
risk breakdown structure
_____________ - specific, uncertain events that may occur to the detriment or enhancement of the project
risk events
_____________ - numbers that represent overall risk of specific events, based on their probability of occurring and consequences to project if they do occur
risk factors
_____________________ - documents the procedures for managing risk throughout the project; summarizes how risk management will be performed on a particular project
risk management plan
_____________ - document that contains results of various risk management processes; tool for documenting potential risk events and related info
risk register
_________________ - maximum acceptable deviation an entity is willing to accept on project objectives as potential impact
risk tolerance
_________________ - amount of satisfaction/pleasure received from potential payoff
risk utility
You are considered to be what when more money is at stake, you have a lower tolerance for risk.
risk-averse
What 3 preferences are part of the utility theory of risk?
risk-averse, risk-seeking, risk-neutral
You are considered to be what when you have a balance between risk and payoff.
risk-neutral
You are considered to be what when you have a higher tolerance for risk, and a satisfaction increases when more payoff is at stake.
risk-seeking
_____________ - often results in identifying even more potential risks for a project and threats
root cause analysis
What are the two types of reserves
schedule reserve and budget reserves
____________ risks - direct result of implementing a risk response
secondary
What uses a representation or model of a system to analyze its expected behavior/performance?
simulation
_____________ - indicators or symptoms of actual risk events
triggers
_______________ - list of risks that have low priority but are still identified as potential risks
watch list
Risk Reassessment vs Risk Audit
2 tools of the tools and techniques behind Control Risk. Risk Reassessment focuses on reviewing all individual risks where you may add risks, close risks and reexamine current risks.... while Risk Audit focuses on reviewing effectiveness of risk responses and overall risk. Risk Auditsensure effectiveness of all risk management activities.
What is RBS?
Risk Breakdown Structure. Definition of risk categories in hierarchical form.