Lesson 10 Online - Project Risk Management
A risk has a 60% probability of occurrence. It it happens, the estimated impact is $4,000. What is the expected monetary value for this risk?
$2,400 (.60 x $4000)
For risk threats, the choices of response strategies include
- Avoid - Mitigate - Transfer (deflect, allocate) -exploit -enhance (the reverse of mitigate) -share -Escalate -Accept
Risk can be classified under two main types:
- Business risk: risk of gain or loss - Pure (insurable) risk: risk of loss only (such as fire, theft, personal injury,etc.)
What are techniques for evaluating and ranking potential risk responses?
- Cost benefit analysis - multi- criteria decision analysis
Plan Risk Responses Process
- Finding ways to reduce or eliminate threats - The project manager and team determine what to do about each of the residual risks ( those that cannot be eliminated or exploited through risk response strategies) - the project manager assigns the work involved in the responses to risks owners- individuals who watch out for the occurrence of a risk and implement pre planned responses
Risk Categories
- Identified, documented, and organized with a Risk Breakdown Structure - Categories may include: External, Internal, Technical, Commercial, Unforeseeable, schedule, costs, quality, scope, resources, customer sanctification
Know the following about decision tree for the exam:
- It takes into account future events in making a decision today - calculates the expected value in more complex situations. With a decision tree, you could evaluate costs (or schedule implications) and benefits of several risk responses at once to determine which one is the best option - it involves mutual exclusivity
during the output of identify risks, what does the risk register include"
- Lists of risks - potential risk owners - potential risk responses -root cause of risks updated risk categories
Plan Risk Responses Tools/Techniques: Risk Response Strategies
- Risk mitigation strategies : involve changing the planned approach to completing the project - contingency plans : coming up with a plan to be implemented when and if a risk occurs
Key inputs to Qualitative Risk Analysis
- Risk register - risk management plan
Plan Risk Responses - Inputs
- Risk register : now includes the risks that have been analyzed and now prioritized based on their probability and impact. These are the risks for which responses will be planned - Cost baseline: describes the contingency reserve that will be used in addressing identified risks
Risk Factors
- The probability that a risk event will occur (How likely is it ) -The range of possible outcomes ( How much it will impact the project; the amount at stake) - Expected timing for it to occur in the project life cycle (when will it take place) -The anticipated frequency of risk events from that source (how often it might occur)
Risk Management
- The process of identifying, evaluating, and planning responses to events, both positive and negative, that might occur throughout the course of the project. - risks are identified and managed starting in initiating and kept up to date while project is underway
Strategies to reduce risk
- Use adaptive life cycle - Outsource some or all of the work - Select more skilled people within the organization to do the work
Non event risk categories:
- Variability: Risk caused by the inability to predict future changes - Ambiguity: Risks caused by a lack of understanding
Qualitative Risk Analysis input: Risk Management Plan
- component of the project management plan - comprised of who will be responsible for what role within the risk management effort, risk categories, and the amount of money allocated to the risk management. - May include schedule for risk related activities, definitions of probability and impact along with matrix and risk thresholds
The purpose of Perform Quantitative Risk Analysis Process is to :
- determine which risk events warrant a response - determine overall project risk (exposure) - determine the quantified probability of meeting the project objectives - determine cost and schedule reserves - identify risks requiring the most attention - create realistic and achievable cost, schedule or scope targets
Quantitative Risk Analysis Tool/Techniques: Decision Analysis tree
- models of real situations that project managers use to make an informed decision about " which option should I choose?" or "How will i solve the problem" by taking in account the associated risks, probabilities, and impacts.
Plan risk management Key inputs (process group:Planning)
- project management plan - project charter - stakeholder register - enterprise environmental factor -organizational process assets
Qualitative vs. Quantitative analysis
- qualitative risk analysis is a subjective evaluation, although numbers are for rating - quantitative risk analysis is objective or numerical evaluation; rating of each risk is based on an estimate of the actual probability and amount at stake.
Monitor risk process output: Project Management Plan Updates
- updates could be made in regards to the schedule, costs, quality, and procurement management plans, as well as resource management plan and scope, and cost baselines. - They reflect approved and preventive or corrective actions or changes to the plan
Qualitative Risk Analysis Tool/Techniques: Probability and impact matrixs
- used to sort or rate risks to determine which warrant an immediate response ( therefore will be moved on through the risk process) and which should be put on the watch list. - standardized matrix's are used by many companies to make the risk rating process more consistent across projects
Expected money value (EMV)
-Calculation is performed during quantitative risk analysis and revised during risk response planning when calculated contingency reserves for scheduled cost -EMV is often presented as a positive amount, threats are usually presented as a negative number (ex: -$3,000)
Expected money value formula (EMV)
-to evaluate the risk, focus on the expected value to determine an overall ranking of risks. Expected money value formula: - P ( probability) x I (impact) = EmV (expected money value) -EMV is used for cost
Quantitative Risk Analysis Tool/Techniques: Simulations
A Monte Carlo analysis uses the network diagram and schedule or cost estimates to "perform" the project many times and simulate its costs or schedule results
Output of identify Risks: risk Register
A document used throughout the entire risk management process that is constantly updated with information as the risk management processes are completed.
Tool and technique of identify Risks: Checklists
A list of generic risk categories which helps identify specific risks to the project from each category
Risk Averse
A stakeholder who does not want to be negatively impacted by threats
Decision analysis Tree
Analyzed by calculating the value of each branch. The outcome of the calculation will show the best option to select.
Qualitative Risk Analysis Tool/Techniques:Risk Data Quality Assesment
Assess the reliability and accuracy of the risk data collected , determine if the risk is valid, and decide whether or not to continue research May include determining the following for each risk: - Extent of the understanding of the risk - Data available about the risk - Quality of the data - Reliability and integrity of the Data
Qualitative Risk Analysis Output:risk register
At this point it should be updated to add the results of the qualitative risk analysis including: - risk ranking for the project compared to other projects -list of prioritized risks and their probability and impact ratings - results of other risk parameter assessments -risks grouped by categories - list of risks for additional analysis and response - list of risks requiring additional analysis in the near term - watch lists (non critical risks)
Quantitative Risk Analysis output: Risk Register updates
At this point the following is added: - prioritized list of quantified individual project risks - quantified probability of meeting project objectives - trends in quantitative risk analysis - initial contingency time and cost reserves are needed - assessment of overall project risk exposure - possible realistic and achievable completion dates and project costs, with confidence levels, versus the time and cost objectives for the project - recommended risk responses
Qualitative Risk Analysis input: Risk register
At this point the project includes the list of risks that will need to be assessed in order to perform the qualitative risk analysis
Qualitative Risk Analysis can be used to :
Compare the risk of the project to the overall risk of other projects determine whether the project should be continued or terminated Determine whether to proceed to the perform quantitative risk analysis process or the plan risk response process
Tool and technique of identify Risks: Constraint analysis
Constraints on schedule or budget limitations are examined to determine the level of risk they pose
Monitor Risk Process Tools/Techniques: risk Audits
Done to assess the overall process of risk management on the project. documented in the risk management plan.
When is risk identification done when working with contracts, resources, and dealing with project issues?
During integrated change control when
Who should be involved in risk identification ?
Everyone !
Qualitative Risk Analysis Tool/Techniques: Risk Categorization
Examines the question " What will we find if we regroup the risks by categories?" - Risk categories and sources of risks can be grouped by source or by work package in risk breakdown structure
Monitor risk process output: work performance information
Examples: - results of risk reviews and audits of how well risk processes are working for the project -performance measurements on schedule progress - planned versus actual risk data - variance analyses comparing the planned versus actual time and cost of implemented risk responses
Risk Management Process: Implement risk responses is done during:
Executing
Quantitative Risk Analysis Tool/Techniques
Following can be used: -expert judgement from trained risk specialists -data gathering techniques (interviewing) - data analysis techniques (Monte carlo , sensitivity , decision tree analysis, and influence diagrams) - interpersonal / team skills -Representations of uncertainty - cost and schedule estimating - historical records
for risk threats, avoidance and mitigation are used when?
For high priority, high impact risks
Risk report
Generated and disseminated to stakeholders to keep them apprised of risk management efforts and outcomes
Opportunities
Good risks that have positive impacts
Monitor Risk Process Tools/Techniques: Risk Reviews
Held to discuss the effectiveness of planned risk responses that have been implemented on the project . Can result in identifying new risks, secondary risks, and risks no longer applicable.
Tool and technique of identify Risks: Root Cause analysis
Identified risks are reorganized by their root causes to help identify more risks
Tool and technique of identify Risks: Assumption Analysis
Identifying and analyzing assumptions that have been made on the project , and if they are valid , that may lead to the identification of more risks
Tool and technique of identify Risks: Interviewing
Known as Expert interviewing this technique consists of the risk team or project manager interviewing project participants , stakeholders, or experts to identify risks to the overall project or element of work
uncertainty
Lack of knowledge about an event that reduces our confidence in the conclusions we can draw from specific data
Key input to Implement Risk Responses?
Lessons learned from current or past projects , or similar projects, can provide insight into the success of previous response plans Risk report and register are viewed regularly as well
Risk Management Process: Monitor Risks is done during:
Monitoring and controlling
Risk Management Process: Perform Qualitative Risk Analysis is done during:
Planning
Risk Management Process: Perform Quantitative Risk Analysis is done during:
Planning
Risk Management Process: Plan Risk Management is done during:
Planning
Risk Management Process: Plan risk responses is done during:
Planning
Perform Qualitative Risk Analysis Process
Process of analyzing and creating a shortened list of previously identified individual project risks
Major output of Plan Risk Management
Risk Management PLan
Risk Management Plan may include:
Risk Strategy Methodology Roles and responsibilities Funding Timing Risk Categories Stakeholder risk appetite/threshold Definitions of probability and impact Reporting Tracking
which of the following is the degree of risk that an organization or individual will withstand ?
Risk tolerance
Qualitative Risk Analysis Tool/Techniques: Risk Parameters Assessment
Risks identified that should move more quickly through the process than others due to factors . Examples of risk parameters include : urgency, dormancy, manageability and controllability, and strategic impact.
Risk Parameter: Dormancy
The anticipated time between when a risk occurs and when its impact is felt on the project
Risk Appetite / Threshold
The level of risk an individual or organization is willing to accept.
Plan Risk management
The process of defining how to conduct risk management activities for a project.
Identify Risks Process
The process of determining which risks may affect the project and documenting their characteristics.
Risk Parameter: Urgency
The urgency parameter indicates if the risk is likely to occur soon or if it requires a particularly long time to plan a response
Qualitative Risk Analysis Tool/Techniques: Risk probability & impact assessment
To perform the analysis the following must be determined: - probability of each risk occurring, using a standard scale, common subjective analysis scales include "Low, Medium, High" or "1 to 10" - the impact ( the amount at stake or the positive or negative consequences) of each risk occurring, using a standard scale, such as "Low, Medium, High" or "1 to 10"
Monitor Risk Process Tools/Techniques: Reserve Analysis
Used to check to see how much reserve remains and how much might be needed. Remember that a contingency reserve may only be used to handle the impact of the specific risk it was set aside for.
Monitor Risk Process Tools/Techniques: Technical Performance Analysis
Uses project data to compare to planned versus actual completion of technical requirements to determine if there is any variance from what was planned. Any variance could indicate possible risks to the project, either opportunities or threats
Tool and technique of identify Risks: Prompt Lists
a list of categories that have been identified as possible sources of risk to the project. Team uses the list when identifying risks to individual elements of the project as well as risks to the overall project
Quantitative Risk Analysis Tool/Techniques: Sensitivity Analysis
a technique used to analyze and compare the potential impacts of identified risks A tornado diagram can be used to graphically depict the results : - risks are represented by horizontal bars - longest and uppermost bar represents greatest risks, and progressively the shorter horizontal bars beneath it represent lower ranked risks.
Passive acceptance of an identified risk is typically handled by
adding risk to the watch list and monitoring
risk response strategy: share
allocate ownership or partial of the individual or overall project opportunity to a third party (joint ventures) that is best able to achieve the opportunity
Qualitative analysis is a subjective _____
analysis of the risks identified in the risk register - process is repeated as new risks are uncovered throughout the project
Plan Risk Response Output: Risk Register
at this point it should include the following updates: - Residual risks -contingency plans -Fallback plans - Risk owners - Secondary Risks - Risk triggers - contracts - Reserves ( contingency & management)
Monitor risk process output: Risk register updates
at this point the following is added: - outcomes of risk reassessments and risk audits - Results of implemented risk responses - updates to previous parts of risk management, including the identification of new risks - closing of risks that are no longer applicable - details of what happened when risks occurred - lessons learned
Tool and technique of identify Risks: Brainstorming
done in meetings where risk breakdown structures, risk categories, and prompt lists are utilized to group identified risks
when in the risk management process are risk responses documented
during identify risks( as potential responses) and during plan risk responses (as selected response plans
Monitor risk process output: Change requests
during this process there will be needed project changes uncovered including changes to the cost and schedule baselines due to overall and individual project risks
risk response strategy: avoid
eliminate the threat by eliminating the cause by removing work packages or changing the person assigned to do the work. Might involve expanding the scope of the project.
Tool and technique of identify Risks: SWOT Analysis (strength, weaknesses, opportunities, threats)
examines the project to identify its strengths and weaknesses, as well as the opportunities and threats that could originate from those strengths and weaknesses
Monitor Risk Process Tools/Techniques: Meetings
for the exam, they are status meetings where the team meets with the project manager to perform risk reviews and audits
Qualitative Risk Analysis Tool/Techniques: Risk report
includes the results of risk prioritization and a list of the highest ranking risks
risk response strategy: Enhance (opposite of mitigate)
increase the probability or positive impact of the opportunity . could relate to the overall approach to scope and schedule, resources used, and project replanning
risk Parameter: Manageability and controllability
indicates the level of difficulty involved in dealing with identified risk
risk response strategy: Transfer (deflect, allocate)
make a party outside the project responsible for the threat by purchasing insurance, performance bonds, warranties, or guarantees, or by outsourcing the work
Perform Quantitative Risk Analysis Process
numerically analyzing the probability and impact ( the amount at stake or the consequences ) of the risks that were ranked highest in qualitative risk analysis. It looks at how risks could affect the objectives of the project
Risk response strategy: Escalate
opportunities and threats should be escalated if it is outside the scope of the project or beyond the project managers authority - risks will be managed at the program or portfolio level not project
Risk response strategy: Accept
passive acceptance means to do nothing and say"if it happens , it happens" . actions are left to be determined as needed if the risk occurs (work arounds) - active acceptance involves creating contingency plans to be implemented if the risk occurs and allocating time and cost reserves to the project.
Risk Management Process: Identify risks is done during:
planning
which of the following is a tool or technique associated with the perform qualitative risk analysis process?
probability- impact matrix
Qualitative Risk Analysis Tools / Techniques: Data Analysis
process includes an assessment of other risk parameters a risk probability and impact assessment , and risk data quality assessment
risk response strategy: mitigate
reduce the probability or impact of an individual or overall project threat, thereby making it a smaller risk ad possibly removing it from the lost of top risks on the project.
Risk Event
something identified in advance, that may or may not happen. It could have a positive or negative impact on the project
Qualitative Risk Analysis Tool/Techniques: Data representation
techniques may include hierarchical charts and probability and impact matrics
risk parameter: strategic impact
the degree to which the occurrence of a risk would affect the strategic goals of the performing organization
Implement Risk Response Process
the process of implementing the consensus risk response plans identified in plan risk management and identify risks processes during the project timeline. It halts risk threats, maximizes project effectiveness, and proactively deal with anticipated risks.
who do you communicate risk related information to including strategies ?
the sponsor, management, and stakeholders
Monitor risk process output: organizational process assets updates
this process may include the creation or enhancement of risk templates: - risk register -checklists -risk reports -risk management process and procedure updates what maybe added: - historical records for future projects
what are workarounds
unplanned responses to previously unidentified risks