11. Project Risk Management

11.1.2 Plan Risk Management : Tools and Techniques

11.1.2.1 Expert Judgement 11.1.2.2. Data Analysis * Stakeholder Analysis to determine the risk appetite of project stakeholders 11.1.2.3 Meetings

11.6.1 Implement Risk Responses: Inputs

11.6.1.1 Project Management Plan * Risk Management Plan 11.6.1.2 Project Documents * Lessons Learned Register * Risk Register * Risk Report 11.6.1.3 Organizational Process Assets

11.0 Project Risk Management

Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, response implementation and monitoring risk on a project. The objectives of project risk management are to increase the probability or impact of positive risks and to decrease the probability or impact of negative risks in order to optimize the chances of project success. 11.1 Plan Risk Management : The process of defining how to conduct risk management activities for a project. 11.2 Identify Risks: The process of identifying individual project risks as well as sources of overall project risk and documenting their characteristics 11.3 Perform Qualitative Risk Analysis : The process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics. 11.4 Perform Quantitative Risk Analysis : The process of numerically analyzing the combined effect of identified individuals project risks and other sources of uncertainty on overall project objectives. 11.5 Plan Risk Responses- The process of developing options, selecting strategies and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks. 11.6 Implement Risk Responses - The process of implementing agreed-upon risk response plans. 11.7 Monitor Risks - The process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project. Overall project risks can also be positive or negative. Management of overall risk aims to keep project risk exposure with in an acceptable range by reducing drivers of negative variation, promoting drivers of positive variation and maximizing the probability of achieving over all project objectives. * Non Event Risks ** Variability Risks : Can be addressed by Monte Carlo Analysis. with the range of variations reflected in probability distributions, followed by actions to reduce the spread of possible outcomes. ** Ambiguity Risks : Managed by defining those areas where there is a deficit of knowledge or understanding, then filling the gap by obtaining expert external input or bench marking against best practices. Ambiguity is also addressed through incremental development, prototyping or simulation * Project Resilience: ** Right level of budget and schedule contingency for emergent risks, in addition to a specific risk budget for known risks. ** Flexible Projected Processes ** Empowered Project team that has clear objectives and that is trusted to get the job done with in agreed upon limits. ** Frequency review of early warning signs to identify emergent risks as early as possible. ** Clear input from Stakeholders to clarify where the project scope or strategy can be adjusted in response to emergent risks. * Integrated Risk Management Tailoring Considerations * Project Size * Project Complexity * Project Importance * Development Approach

11.1. Plan Risk Management : Inputs

11.1.1.1 Project Charter 11.1.1.2 Project Management Plan 11.1.1.3 Project Documents * Stake Holder Register 11.1.1.4 Enterprise Environmental Assets 11.1.1.5 Organizational process Assets * Organizational Risk policy * Risk Categories, possibly organized into a risk breakdown structure. * Roles and Responsibility

11.1.3 Plan Risk Management : Outputs

11.1.3.1. Risk Management Plan * Risk Strategy * Methodology * Roles and Responsibilities * Funding * Timing * Risk Categories * Stakeholder Risk Appetite * Definitions of risk probability and impacts * Probability and Impact Matrix * Reporting Formats * Tracking

11.2.1 Identify Risks : Inputs

11.2.1.1 Project Management Plan * Requirements Management Plan : It may indicate project objectives that are particularly at risk. * Schedule Management Plan : It may identify areas that are subject to uncertainty or ambiguity. * Cost Management Plan : It may identify areas that are subject to uncertainty or ambiguity. * Quality Management Plan : It may identify areas that are subject to uncertainty or ambiguity. * Resource Management Plan : It may identify areas that are subject to uncertainty or ambiguity. * Risk Management Plan. *Scope Baseline *Schedule Baseline *Cost Baseline 11.2.1.2 Project Documents * Assumption Log * Cost Estimates * Duration Estimates * Issue Log * Lessons Learned Register * Requirements Documentation * Resource Requirements * Stakeholder Register 11.2.1.3 Agreements 11.2.1.4 Procurement Documentation * Seller Performance Report * Approved Change Requests * Information on Inspection 11.2.1.5 Enterprise Environmental Factors 11.2.1.6 Organizational Process Assets

11.2.2 Identify Risks: Tools and Techniques

11.2.2.1 Expert Judgement 11.2.2.2 Data Gathering * Brainstorming * Check Lists * Interviews 11.2.2.3 Data Analysis * Root Cause Analysis * Assumption and Constraint Analysis * SWOT Analysis : * Document Analysis 11.2.2.4 Interpersonal and Team Skills 11.2.2.5 Prompt Lists 11.2.2.6 Meetings

11.2.3.1 Identify Risks : Outputs

11.2.3.1 Risk Register: The Risk Register captures details of identified individual project risks. The results of Perform Qualitative Risk Analysis., Plan Risk Responses, Implement Risk Responses and Monitor Risk Responses are recorded in the risk register as those processes are conducted through out the project. *List of Identified Risks : Each individual project risk is given a unique identifier in the risk register. A structured risk statement may be used to distinguish risks from their causes and their effects. *Potential Risk Owners. Owner will be confirmed in Perform Qualitative Risk Analysis process. *List of Potential Risk Responses. It will be confirmed in Plan Risk Response Process. 11.2.3.2 Risk Report: The risk report presents information on sources of overall project risk, together with summary information on identified individual project risks. The Risk report is developed progressively throughout the Project Risk Management Process. The results of Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk Responses, Implement Risk Responses and Monitor Risk are also included in the risk report as those processes are completed. 11.2.3.3 Project Documents Updates * Assumption Log * Issue Log * Lessons Learned Log

11.7.3 Monitor Risks: Outputs

11.7.3.1 Work performance Information 11.7.3.2 Change Requests 11.7.3.3 Project Management Plan Updates 11.7.3.4 Project Documents Updates * Assumption Log * Issue Log * Lessons Learned Register * Risk Register * Risk Report 11.7.3.5 Organizational Process Assets Updates * Templates for the risk managment plan, risk register, risk report * Risk breakdown Structure

11.3.1 Perform Qualitative Risk Analysis : Inputs

11.3.1.1 Project Management Plan * Risk Management Plan : Particular interest in this documents are "Roles and Responsibilities for conducting Risk Management", "Budgets for Risk Management", "Schedule Activities for risk Management", "risk Categories", definitions of probability and impact matrix and "Stakeholders risk thresholds". These are tailored as inputs to Plan Risk management Process. If they are not available they may be developed during the perform Qualitative Risk Analysis process. 11.3.1.2 Project Documents * Assumption Log * Risk Register * Stakeholder Register 11.3.1.3 Enterprise Environmental Factors 11.3.1.4 Organizational Process Assets

11.3.2 Perform Qualitative Risk Analysis: Tools And Techniques

11.3.2.1 Expert Judgement * Previous similar projects * Qualitative Risk Analysis 11.3.2.2 Data Gathering * Interviews 11.3.2.3 Data Analysis * Risk Data Quality Assessment: * Risk Probability and Impact Assesment * Assessment of other risk parameters: ** Urgency ** Proximity **Dormancy **Manageability **Controllability **Detectibility **Connectivity **Strategic Impact **Propinquity 11.3.2.4 Interpersonal and Team Skills 11.3.2.5 Risk Categorization 11.3.2.6 Data Representation * Probability and Impact Matrix * Hierarchical Charts 11.3.2.7 Meetings

11.3.3. Perform Qualitative Risk Analysis : Output

11.3.3.1 Project Documents Updates * Assumptions Log * Issue Log * Risk Register * Risk Report

11.4.1. Perform Quantitative Risk Analysis : Inputs

11.4.1.1 Project Management Plan * Risk Management Plan * Scope Baseline * Schedule Baseline * Cost Baseline 11.4.1.2 Project Documents * Assumption Log * Basis of Estimates * Cost Estimates * Cost Forecasts * Duration Estimates * Milestone List * Resource Requirements * Risk Register * Risk Report * Schedule Forecasts 11.4.1.3 Enterprise Environmental Factors 11.4.1.4 Organizational Process Assets

11.4.2 Perform Quantitative Risk Analysis : Tools And Techniques

11.4.2.1 Expert Judgement * Translating information on individual project risks and other sources of uncertainty into numeric inputs for the quantitative risk analysis model. * Modeling Techniques that are appropriate i the context of the project. * Identifying which tools would be most suitable for the selected modeling techniques * interpreting the outputs of quantitative risk analysis. 11.4.2.2 Data Gathering * Interviews 11.4.2.3 Interpersonal and Team Skills 11.4.2.4 Representations of uncertainty 11.4.2.5 Data Analysis * Simulation : Monte Carlo *Sensitivity Analysis * Decision Tree Analysis * Influence Diagrams : Outputs from an influence diagram are similar to other quantitative risk analysis methods including s-curves and tornado diagrams and criticality Analysis.

11.4.3 Perform Quantitative Risk Analysis : Outputs

11.4.3.1 Project Documents Updates * Assessment of overall project risk exposure * Detailed probabilistic analysis of the project. * Prioritized list of individual project risks. * Trends in Quantitative risk analysis results * Recommended Risk Responses

11.5.1 Plan Risk Responses : Inputs

11.5.1.1 Project Management Plan * Resource Management Plan * Risk Management Plan * Cost Baseline 11.5.1.2 Project Documents * Lessons Learned Register * Project Schedule * Project Team Assignments * Resource Calendars * Risk Register * Risk Report * Stakeholder Register 11.5.1.3 Enterprise Environmental Factors * Risk Appetite and thresholds of key stakeholders. 11.5.1.4 Organizational Process Assets * Templates of Risk Management plan, risk register and risk report. * Historical Databases * Lessons Learned repositories from similar projects.

11.5.2 Plan Risk Responses : Tools and Techniques

11.5.2.1 Expert Judgement * Threat Response Strategy * Opportunity Response Strategy * Contingent Response Strategies * Overall project Risk Response strategies. 11.5.2.2 Data Gathering 11.5.2.3 Interpersonal and team skills 11.5.2.4 Strategies for Threats * Escalate : Escalation is appropriate when the project team or the project sponsor agrees that a threat is out side the scope of the project or that the proposed response would exceed the project manager's authority. Escalated risks are managed at the program level, portfolio level or other relevant part of the organization and not on the project level. The project manager decides who should be notified about the threat and communicates the details to that person or part of the organization. Escalated threats are not monitored further by the project team after escalation, although they may be recorded in the risk register for information. *Avoid: Examples of avoidance actions may include removing the cause of a threat, extending the schedule, changing the project strategy, reducing scope. Some risks can be avoided by clarifying requirements, obtaining information, improving communication, acquiring expertise. *Transfer : User of insurance, performance bonds, warranties, guarantees, etc. Agreements may be used to transfer ownership and liability for specified risks to another party. * Mitigate : *Accept : Acceptance can be either Active or Passive. 11.5.2.4 Strategies for Opportunities * Escalate * Exploit *Share *Enhance * Accept 11.5.2.6 Contingent Response Strategies 11.5.2.7 Strategies for overall project risk *Escalate * Avoid /Exploit * Transfer /Share * Mitigate/Enhance * Accept 11.5.2.8 Data Analysis * Alternative Analysis * Cost-Benefit Analysis 11.5.2.9 Decision Making

11.5.3 Plan Risk Responses : Outputs

11.5.3.1 Change Requests 11.5.3.2 Project Management Plan Updates * Schedule Management Plan * Cost Management Plan * Quality Management Plan * Resource Management Plan * Procurement Management Plan * Scope Base line * Schedule Base line * Cost Base line 11.5.3.3 Project Documents Updates * Assumption Log * Cost Forecasts * Lessons Learned Register * Project Schedule * Project Team Assignements * Risk Register * Risk Report

11.6.2 Implement Risk Responses : Tools And Techniques

11.6.2.1 Expert Judgement 11.6.2.2 Interpersonal and team Skills 11.6.2.3 Project Management Information System

11.6.3 Implement Risk Response : Outputs

11.6.3.1 Change Requests 11.6.3.2 Project Documents Update * Issue Log * Lessons Learned Register * Project Team Assignments * Risk Register * Risk Report

11.7.1 Monitor Risks : inputs

11.7.1.1 Project Management Plan * Risk Management Plan 11.7.1.2 Project Documents * Issues Log * Lessons Learned Register * Risk Register * Risk Report 11.7.1.3 Work Performance Data 11.7.1.4 Work Performance Reports

11.7.2 Monitor Risks : Tools And Techniques

11.7.2.1 Data Analysis * Technical Performance Analysis * Reserve Analysis 11.7.2.2 Audits

11.2 Identify Risks

Identify Risks is the process of identifying individual project risks as well as sources of overall project risk, and documenting their characteristics. The key benefit of this process is documentation of existing individual project risks and the source of overall project risk. This process is performed through out the project. Risk owners for individual project risks may be nominated as part of the identify Risk Process and will be confirmed during Perform Qualitative Risk Analysis Process. Preliminary risk responses may also be identified and recorded and will be reviewed and confirmed as part of the Plan Risk Responses Process.

11.6 Implement Risk Responses

Implement Risk Responses is the process of implementing agreed-upon risk response plans. The key benefit of this process is that it ensures that agreed-upon risk responses are executed as planned in order to address overall project risk exposure, minimize project threats and maximize individual project opportunities. This process is performed through out the project.

11.7 Monitor Risks

Monitor Risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks and evaluating risk process effectiveness through out the project. The key benefits of this process is that it enables project decisions to be based on current information about overall project risk exposure and individual project risks. This process is performed through the project.

11.3 Perform Qualitative Risk Analysis

Perform Qualitative Risk Analysis is the process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other charactersticks. The key benefit of this process is that it focus efforts on high-priority risks. This process is performed through out the project.

11.4 Perform Quantitative Risk Analysis

Perform Quantitative Risk Analysis is the process of numerically analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives.The key benefit of this process is that it quantifies overall project risk exposure and also can provide additional quantitative risk information to support risk response planning. This process is not required for every project but where it is used.

11.1 Plan Risk Management

Plan Risk Management is the process of defining how to conduct risk management activities for a project. The Plan Risk Management process should begin when a project is conceived and should be completed early in the project.

11.5 Plan Risk Responses

Plan Risk Responses is the process of developing options, selecting strategies and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks. The key benefit of this process is that it identifies appropriate ways to address overall project risk and individual project risks. This process also allocates resources and inserts activities into project documents and other project management plan as needed. This process is performed through out the project. Risk Responses should be appropriate for the significance of the risk, cost-effective in meeting the challenge, realistic within the project context, agreed upon by all parties involved and owned by a responsible person. The strategy or mix of strategies most likely to be effective should be selected for each risk. Structured decision making techniques may be used to choose the most appropriate response. Specific actions are developed to implement the agreed upon risk response strategy, including primary and backup strategies, as necessary. A contingency plan ( fall back plan) can be developed for implementation, if the selected strategy turns out to not to be fully effective or if an accepted risk occurs. Secondary Risks should be identified. Secondary risks are risks that arise as a direct result of implementing a risk response.