PMBOK Chapter 11 5th (Project Risk Management)

Secondary Risks

A risk that arises as a direct result of implementing a risk response

Risk Symptoms

Characteristics which indicate that a risk event is possibly starting to occur; could also be called risk triggers.

Contingency Allowance

Compensation in the planning for unknown items that could occur;typically schedule- or cost-related; also commonly called buffer

What is methodology as part of the Risk Management Plan?

Defines the approaches, tools, and data sources that will be used to perform risk management of the project.

What roles and responsibilities are part of the Risk Management plan?

Defines the lead, support, and risk management team members for each type of activity in the risk management plan, and clarifies their responsibilities.

What is the structure of a RBS?

Different RBS structures will be appropriate for different types of projects. The RBS is a hierarchical representation of risks according to their risk categories.

What budgeting is part of the Risk Management Plan?

Estimates funds needed, based on assigned resources, for inclusion in the cost baseline and establishes protocols for application of contingency and management reserves.

Risk Events

Events that may impact the project (either negative or positive).

What Project Management Plan information is used as input to the Plan Risk Management process?

In planning risk management, all approved subsidiary management plans and baselines should be taken into consideration in order to make the risk management plan consistent with them. The risk management plan is also a component of the project management plan. The project management plan provides baseline or current state of risk-affected areas including scope, schedule, and cost.

Trigger(s)

Indications that a risk has occurred or is about to occur. They may be discovered in the risk identification process and watched in the risk monitoring and control process. Also called risk symptoms or warning signs.

Perform Qualitative Risk Analysis

Is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact. The key benefit of this process is that it enables project managers to reduce the level of uncertainty and to focus on high priority risks.

Decision Tree Analysis [t&t]

It is a diagram that describes a decision under consideration and the implications of choosing one or another of the available alternatives. It is used when some future scenarios or outcomes of actions are uncertain. It incorporates probabilities and the costs or rewards of each logical path of events and future decisions, and uses expected monetary value analysis to help the organization identify the relative values of alternate actions. See also expected monetary value analysis. The decision points are known as Decision nodes.

What is variance and trend analysis?

Many control processes employ variance analysis to compare the planned results to the actual results. For the purposes of controlling risks, trends in the project's execution should be reviewed using performance information. Earned value analysis and other methods of project variance and trend analysis may be used for monitoring overall project performance. Outcomes from these analyses may forecast potential deviation of the project at completion from cost and schedule targets. Deviation from the baseline plan may indicate the potential impact of threats or opportunities.

Risk Factors

Numbers representing the risk of certain events, the likelihood of their occurring, plus the impact on the project (if the event does occur).

When are the risk prioritized based on their relative probability and impact?

Perform Qualitative Risk Analysis assesses the impact and likelihood of identified risks. During this process, the risks are prioritized based on their relative probability and impact.

In general, Perform Qualitative Risk Analysis is?

Perform Qualitative Risk Analysis is quicker than Perform Quantitative Risk Analysis, which is not always required by the project.

What is Plan Risk Management?

Plan risk management is the process of defining how to conduct risk management activities for a project. The key benefit of this process is it ensures that the degree, type, and visibility of risk management are commensurate with both the risks and the importance of the project to the organization. The risk management plan is vital to communicate with and obtain agreement and support from all stakeholders to ensure the risk management process is supported and performed effectively over the project life cycle.

Risk Seeking

Possessing a higher tolerance than most for risk.

Risk-Averse

Possessing a low desire or tolerance for risk.

Contingency Plans

Pre-established actions that the team executes if a known risk event occurs on the project

Output of Perform Qualitative Risk Analysis

Project Documents updates

Output of Perform Quantitative Risk Analysis

Project document updates

What Reporting formats are part of the Risk Management plan?

Reporting formats define how the outcomes of the risk management process will be documented, analyzed, and communicated/ it describes the content and format of the risk register as well as any other risk reports required.

Output of Identify Risks

Risk Register

Risk Acceptance

Risk acceptance is a risk response strategy wherby the project team decides to acknowledge the risk and not take any action unless the risk occurs. This strategy is adopted where it is not possible or cost effective to address a specific risk in any other way. This strategy indicates that the project team has decided not to change the project management plan to deal with a risk, or is unable to identify any other suitable response strategy. This strategy can be either passive or active. Passive acceptance requires that no action except to document the strategy, leaving the project team to deal with the risks as they occur. The most common active acceptance strategy is to establish a contingency reserve, including amounts of time, money, or resources to handle the risks.

Risk Avoidance

Risk avoidance is a risk response strategy whereby the project team acts to eliminate the threat or protect the project from its impact. It usually involves changing the project management plan to eliminate the threat entirely. The project manager may also isolate the project objectives from the risk's impact or change the objective that is in jeopardy. Examples include extending the schedule, changing the strategy, or reducing the scope.

risk sharing

Sharing a positive risk involves allocating some or all of the ownership of the opportunity to a third party who is best able to capture the opportunity for the benefit of the project. Examples of sharing actions include forming risk sharing partnerships, teams, special purpose companies, or joint ventures.

Scope baseline and impact to Identify Risks

The WBS is a critical input to identifying risks as it facilitates an understanding of the potential risks at both the micro and macro levels. Risks can be identified and subsequently tracked at summary, control account, and/or work package levels.

Contingency Reserves [i/o]

The amount of funds, budget, or time needed above the estimate to reduce the risk of overruns or project objectives to a level acceptable to the organization.

Identify Risks [process]

The process of identifying all people or organizations impacted by the project, and documenting relevant information regarding their interests, involvement, and impact on project success.

What is the Risk Management Plan?

The risk management plan is a component of the project management plan and describes how risk management activities will be structured and performed.

Project Risk Management [KA]

includes the processes concerned with conducting risk management planning, identification, analysis, responses, and monitoring and control on a project.

Buffer

see reverse; same as Contingency Allowance

Plan Risk Responses [process]

the process of developing options and actions to enhance opportunities and to reduce threats to project objectives

Tools and Techniques for Perform Quantitative Risk Analysis

1 data gathering and representation techniques 2 quantitative risk analysis and modeling techniques 3 expert judgment

Tools and Techniques for Identify Risks

1 documentation reviews 2 information gathering techniques 3 checklist analysis 4 assumptions analysis 5 diagramming techniques 6 SWOT analysis 7 expert judgment

What are the four types of Positive Risks or Opportunities?

1 exploit 2 enhance 3 share 4 accept

Inputs for Plan Risk Management

1 project management plan 2 project charter 3 stakeholder register 4 enterprise environmental factors 5 organizational process assets

Inputs for Control Risks

1 project management plan 2 risk register 3 work performance data 4 work performance reports

Output for Plan Risk Responses

1 project management plan updates 2 project document updates

Inputs for Perform Quantitative Risk Analysis

1 risk management plan 2 cost management plan 3 schedule management plan 4 risk register 5 enterprise environmental factors 6 organizational process assets

Inputs for Plan Risk responses

1 risk management plan 2 risk register

Inputs for Perform Qualitative Risk Analysis

1 risk management plan 2 scope baseline 3 risk register 4 enterprise environmental factors 5 organizational process assets

Probability and Impact Matrix [t&t]

A common way to determine whether a risk is considered low, moderate, or high by combining the two dimensions of a risk: its probability of occurrence and its impact on objectives if it occurs.

Reserve

A compensation in the planning for unknown items that could occur; is typically schedule- or cost-related; also commonly called buffer

Risk Database

A data repository that stores and manipulates information associated with the risk management processes.

Preventive Action

A documented direction to perform an activity that can reduce the probability of negative consequences associated with project risks

Brainstorming [t&t]

A general data gathering and creativity technique that can be used to identify risks, ideas, or solutions to issues by using a group of team member or subject-matter experts.

Risk Category

A group of potential causes of risk. Risk causes may be grouped into categories such as technical, external, organizational, environmental, or project management. A category may include subcategories such as technical maturity, weather, or aggressive estimating.

Risk Breakdown Structure (RBS) [t&t]

A hierarchically organized depiction of the identified project risks arranged by risk category and subcategory that identifies the various areas and causes of potential risks. It is often tailored to specific project types.

Risk-Neutral

A middle ground between the risk taken and the benefit received

Expected Monetary Value (EMV) Analysis

A statistical technique that calculates the average outcome when the future includes scenarios that may or may not happen. A common use of this technique is within decision tree analysis. EMV = P*I

Monte Carlo Analysis (modeling and simulation)

A technique that computes or iterates, the project cost or project schedule many times using input values selected at random from probability distributions of possible costs or durations, to calculate a distribution of possible total project cost or completion dates.

Perform Quantitative Risk Analysis

It is the process of numerically analyzing the effect of identified risks on overall project objectives. The key benefit of this process is that it produces quantitative risk information to support decision making in order to reduce project uncertainty.

What is Project Risk Management?

Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, and controlling risk on a project. The objectives of project risk management are to increase the likelihood and impact of positive events, and decrease the likelihood of negative events in the project.

What Revised stakeholder tolerances are part of the Risk Management plan?

Stakeholders' tolerances, as they apply to the specific project, may be revised in the plan risk management process.

What Tracking is part of the Risk Management plan?

Tracking documents how risk activities will be recorded for the benefit of the current project and how risk management processes will be audited.

Which of the following items needs to be kept in mind when relying on risk identification checklists?

While the risk identification checklist is a useful tool, it should be used in combination with the other tools, since it is impossible to cover all scenarios in one checklist.

risk categories

provide a means for grouping potential causes of risk. A risk breakdown structure (RBS) helps the project team to look at many sources from which project risk may arise in a risk identification exercise. Examples of causes that can be used to group the risks: technical, external, organizational, project management.

What type of change requests can be the output of Control Risks?

1 Recommended corrective actions 2 Recommended preventive actions

Output Plan Risk Management

1 Risk Management Plan

Tools and Techniques for Plan Risk Management

1 analytical techniques 2 expert judgment 3 meetings

What are the four types of Negative Risks or Threats?

1 avoid 2 transfer 3 mitigate 4 accept

What are 4 information gathering techniques used as a T&T for Identify Risks?

1 brainstorming 2 delphi technique 3 interviewing 4 root cause analysis

What are 3 diagramming techniques?

1 cause and effect diagrams 2 system or process flow charts 3 influence diagrams

Inputs for Identify Risks

1 risk management plan. 2 cost management plan. 3 schedule management plan. 4 quality management plan. 5 human resources management plan. 6 scope baseline. 7 activity cost estimates (output of estimate costs) 8 activity duration estimates (output of estimate activity durations) 9 stakeholder register. 10 project documents (output of plan procurement) 11 procurement documents. 12 enterprise environmental factors 13 organizational process assets The only process that does not contribute to this process is Project Communications management. Time

Tools and Techniques for Perform Qualitative Risk Analysis

1. Risk probability and impact assessment 2. Probability and impact matrix 3. Risk data quality assessment 4. Risk categorization. 5. Risk urgency assessment 6. Expert judgment.

Tools and Techniques for Control Risks

1. Risk reassessment. 2. Risk audits. 3. Variance and trend analysis. 4. Technical performance measurement. 5. Reserve analysis. 6. Meetings.

Tools and Techniques for Plan Risk Responses

1. Strategies for negative risks or threats. 2. Strategies for positive risks or opportunities 3. Contingent response strategies. 4. Expert judgment.

Output for Control Risks

1. Work performance information 2. Change requests 3. Project management plan updates 4. Project document updates 5. Organizational process assets updates

Residual Risk

A risk that remains after risk responses have been implemented.

what Probability and impact matrix are part of the Risk Management Plan?

A probability and impact matrix is a grid for mapping the probability of each risk occurrence and its impact on project objectives if that risk occurs. Risks are prioritized according to their potential implications for having an effect on the project's objectives. A typical approach to prioritizing risks is to use a look-up table or a probability and impact matrix. The specific combinations of probability and impact that lead to a risk being rates as high, moderate, or low importance are usually set by the organization.

Sensitivity Analysis

A quantitative risk analysis and modeling technique used to help determine which risks have the most potential impact on the project. It examines the extent to which the uncertainty of each project element affects the objective being examined when all other uncertain elements are held at their baseline values. The typical display of results is in the form of a tornado diagram.

Workaround [t&t]

A response to a negative risk that has occurred. Distinguished from contingency plan in that a this is not planned in advance of the occurrence of the risk event.

What is a tornado diagram and what is it used for?

A tornado diagram is useful for comparing the relative importance of variables that have a high degree of uncertainty with those that are more stable. A tornado diagram is a special type of bar chart (east to west) used in sensitivity analysis for comparing the relative importance of the variables. The y axis contains each type of uncertainty at base values the x axis contains the spread or correlation of the uncertainty to the studied output. The x axis can show negative and positive impact with 0 in the middle. This is what makes it the tornado shape

Fallback Plans

A type of plan created for risks with a great impact on project goals, to be executed if attempts to minimize the risk are not successful.

Reserve Analysis [t&t]

An analytical technique to determine the essential features and relationships of components in the project management plan to establish a reserve for the schedule duration, budget, estimated cost, or funds for a project.

Risk

An uncertain event or condition that, if it occurs, has a positive or negative effect on a project's objectives.

Risk reassessment

Control Risks often results in identification of new risks, reassessment of current risks, and the closing of risks that are outdated. Project risk reassessments should be regularly scheduled. The amount and detail of repetition that are appropriate depends on how the project progresses relative to its objectives.

What is the Control Risks process?

Control risks is the process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risk, and evaluating risk process effectiveness throughout the project. The key benefit of this process is that it improves efficiency of the risk approach throughout the project life cycle to continuously optimize risk responses.

What timing is part of the Risk Management Plan?

Defines when and how often the risk management processes will be performed throughout the project life cycle, established protocols for application of schedule contingency reserves, and establishes risk management activities for inclusion in the project schedule.

expected monetary value analysis

Expected monetary value (EMV) analysis is a statistical concept that calculates the average outcome when the future includes scenarios that may or may not happen. The EMV of opportunities are generally expressed as positive values, while those of threats are expressed as negative values. EMV requires a risk neutral assumption, neither risk averse nor risk seeking. EMV for a project is calculated by multiplying the value of each possible outcome by its probability of occurrence and adding the products together. A common use of this type of analysis is a decision tree analysis. Expected Monetary Value (EMV) - the probability of an event times the "quantified output" e.g. a project has a 10% chance of a $1000 Loss ($-100), 90% chance of a $5000 gain ($4500)' EMV = $4,400 (-100+4,500), Decision trees use EMV

What project document updates information is updated on the output of Plan Risk Responses?

In the plan risk responses process, several project documents are updated as needed. For example, when appropriate risk responses are chosen and agreed upon, they are included in the risk register. The risk register should be written to ta level of detail that corresponds with the priority rating and the planned response. Often, the high and moderate risks are addressed in detail. Risks judged to be of low priority are included in a watch list for periodic monitoring. Updates to the risk register can include: • Risk owners and assigned responsibilities • Agreed upon response strategies • Specific actions to implement the chosen response strategy • Trigger conditions, symptoms, and warning signs of a risk occurrence • Budget and schedule activities required to implement the chosen responses • Contingency plans and triggers that call for their execution • Fallback plans for use as a reaction to a risk that has occurred and the primary response process to be inadequate • Residual risks that are expected to remain after planned responses have been taken, as well as those that have been deliberately accepted • Secondary risks that arise as a direct outcome of implementing a risk response • Contingency reserves that are calculated based on the quantitative risk analysis of the project and the organization's risk thresholds

What information from the Risk Management Plan is used as input to the Perform Quantitative Risk Analysis process?

Key elements of the risk management plan used in the Perform Qualitative Risk Analysis process include roles and responsibilities for conducting risk management, budgets, schedule activities for risk management, risk categories, definitions of probability and impact, the probability and impact matrix, and revised stakeholders' risk tolerances. These inputs are usually tailored to the project during the Plan Risk Management process. If they are not available, they may be developed during the Perform Qualitative Risk Analysis process.

What Risk Categories are part of the Risk Management Plan?

Provide a means for grouping potential causes of risk. Several approaches can be use, for example, a structure based on project objectives by category. A risk breakdown structure (RBS) helps the project team to look at many sources form which project risk may arise in a risk identification exercise. Different RBS structures will be appropriate for different types of projects. An organization can use a previously prepared custom categorization framework, which may take the form of a simple list of categories or may be structures into an RBS. The RBS is a hierarchical representation of risks according to their risk categories. Looks just like an organizational chart

Risk Mitigation

Risk mitigation is a risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk. It implies a reduction in the probability and/or impact of an adverse risk to be within acceptable threshold limits. Takin early action to reduce the probability and/or impact of a risk occurring on the project is often more effective than trying to repair the damage after the risk has occurred. Adopting less complex processes, conducting more tests, or choosing a more stable supplier are examples of mitigation actions. Mitigation may require prototype development to reduce the risk of scaling up from a bench scale model of a process or product. Where it is not possible to reduce probability, a mitigation response might address the risk impact by targeting linkages that determine the severity.

Risk Transference

Risk transference is a risk response strategy whereby the project team shifts the impact of a threat to a third party, together with ownership fo the response. Transferring the risk simply gives another party responsibility for its management, it does not eliminate it. Transferring the risk does not mean disowning the risk by transferring it to a later project or another person without his or her knowledge or agreement. Risk transference nearly always involves payment of a risk premium to the party taking on the risk. Transferring liability for irks is most effective in dealing with financial risk exposure. Transference tools can be quite divers and include, but are not limited to, the use of insurance, performance bonds, warranties, guarantees, etc. Contracts or agreements may be used to transfer liability for specified risks to another party. In many cases, use of a cost plus contract may transfer the cost risk to the buyer, while a fixed-price contract may transfer risk to the seller.

When should Quantitative risk analysis be performed?

Since the quantitative risk analysis is a more in-depth process, it should only be performed on prioritized risks to minimize impact to the overall project schedule.

Risk Management Plan [i/o]

The document describing how project risk management will be structured and performed on the project. It is contained in or is a subsidiary plan of the project management plan. Information in the risk management plan varies by application area and project size.

risk enhancement

The enhance strategy is used to increase the probability and/or the positive impacts of an opportunity. Identifying and maximizing key driver of these positive impact risks may increase the probability of their occurrence. Examples of enhancing opportunities include adding more resources to an activity to finish early.

risk exploitation

The exploit strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realize. This strategy seeks to eliminate the uncertainty associated with a particular upside risk by ensuring the opportunity definitely happens. Examples of directly exploiting responses include assigning an organization's most talented resources to the project to reduce the time to completion or using new technologies or technology upgrades to reduce cost and duration required to realize project objectives.

What is included in the Risk Register?

The primary output from identify risks is the initial entry into the risk register. The risk register is a document in which the results of risk analysis and risk response planning are recorded. It contains the outcomes of the other risk management processes as they are conducted, resulting in an increase in the level and type of information contained in the risk register over time. The preparation of the risk register begins in the identify risks process with the following information, and then becomes available to other project management and risk management processes: • List of identified risks. The identified risks are described in as much detail as is reasonable. A structure for describing risks using risk statements may be applied. In addition to the list of identified risks, the root causes of those risks may become more evident. These are the fundamental conditions or events that may give rise to one or more identified risks. They should be recorded and used to support future risk identification for this and other projects. • List of potential responses. Potential responses to a risk may sometimes be identified during the identify risks process. These responses, if identified in this process, should be used as inputs to the plan risk responses process.

Monitor and Control Risks [process]

The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process throughout the project; also includes: modifying existing risks, assessing validity of assumptions, retiring risks, assessing appropriate of contingency reserves, choosing alternative strategies, updating risk register and RBS templates, and lessons learned databases

What Definitions of risk probability and impact are part of the Risk Management Plan?

The quality and credibility of the risk analysis requires that different levels of risk probability and impact be defined that are specific to the project context. General definitions of probability levels and impact levels are tailored to the individual project during the plan risk management process for use in subsequent processes. See page 318 for a table of definitions of negative impacts that could be used in evaluating risk impacts related to four project objectives.

Strengths, Weaknesses, Opportunities, and Threats (SWOT) Analysis

This information gathering technique examines the project from the perspective of each project's s,w,o, and t to increase the breadth of the risks considered by risk management

What information does the Risk Management Plan include?

• Methodology. • Roles and responsibilities. • Budgeting. • Timing. • Risk categories. • Definitions of risk probability and impact. • Probability and impact matrix. • Revised stakeholder tolerances. • Reporting formats. • Tracking.

What project documents are updated as the output of Perform Quantitative Risk Analysis?

• Probabilistic analysis of the project. Estimates are made of potential project schedule and cost outcomes listing the possible completion dates and costs with their associated confidence levels. This output, often expressed as a cumulative frequency distribution, is used with stakeholder risk tolerances to permit quantification of the cost and time contingency reserves. Such contingency reserves are needed to bring the risk of overrunning stated project objectives to a level acceptable to the organization. • Probability of achieving cost and time objectives. With the risks facing the project, the probability of achieving project objectives under the current plan can be estimated using quantitative risk analysis results. • Prioritized list of quantified risks. This list includes those risks that pose the greatest threat or present the greatest opportunity to the project. These include the risks that may have the greatest effect on cost contingency and those that are most likely to influence the critical path. These risks may be evaluated, in some cases, through a tornado diagram generated as a result of the simulation analysis. • Trends in quantitative risk analysis results. As the analysis is repeated, a trend may become apparent that leads to conclusions affecting risk responses. Organizational historical information on project schedule, cost, quality, and performance should reflect new insights gained through the Perform Quantitative Risk Analysis process. Such history may take the form of a quantitative risk analysis report. This report may be separate from, or linked to, the risk register.

Which project documents are updates as part of the output of Perform Quantitative Risk Analysis?

• Probabilistic analysis of the project. Estimates are made of potential project schedule and cost outcomes listing the possible completion dates and costs with their associated confidence levels. This output, often expressed as a cumulative frequency distribution, is used with stakeholder risk tolerances to permit quantification of the cost and time contingency reserves. Such contingency reserves are needed to bring the risk of overrunning stated project objectives to a level acceptable to the organization. • Probability of achieving cost and time objectives. With the risks facing the project, the probability of achieving project objectives under the current plan can be estimated using quantitative risk analysis results. • Prioritized list of quantified risks. This list includes those risks that pose the greatest threat or present the greatest opportunity to the project. These include the risks that may have the greatest effect on cost contingency and those that are most likely to influence the critical path. These risks may be evaluated, in some cases, through a tornado diagram generated as a result of the simulation analysis. • Trends in quantitative risk analysis results. As the analysis is repeated, a trend may become apparent that leads to conclusions affecting risk responses. Organizational historical information on project schedule, cost, quality, and performance should reflect new insights gained through the Perform Quantitative Risk Analysis process. Such history may take the form of a quantitative risk analysis report. This report may be separate from, or linked to, the risk register.

Which project documents are updates as part of the output of Perform Qualitative Risk Analysis?

• Risk register updates. As new information becomes available through the qualitative risk assessment, the risk register is updated. Updates to the risk register may include assessments of probability and impacts for each risk, risk ranking or scores, risk urgency information or risk categorization, and a watch list for low probability risks or risks requiring further analysis. • Assumptions log updates. As new information becomes available through the qualitative risk assessment, assumptions could change. The assumptions log needs to be revisited to accommodate this new information. Assumptions may be incorporated into the project scope statement or in a separate assumptions log.

What project management plan documents are updated as part of the output of Plan Risk Responses?

• Schedule management plan. The schedule management plan is updated to reflect changes in process and practice driven by the risk response. This may include changes in tolerance or behavior related to resource loading and leveling, as well as updates to the schedule strategy. • Cost management plan. The cost management plan is updated to reflect changes in process and practice driven by the risk responses. This may include changes in tolerance or behavior related to cost accounting, tracking, and reports, as well as updates to the budget strategy and how contingency reserves are consumed. • Quality management plan. The quality management plan is updated to reflect changes in process and practice driven by the risk responses. This may include changes in tolerance or behavior related to requirements, quality assurance, or quality control, as well as updates to the requirements documentation. • Procurement management plan. The procurement management plan may be updated to reflect changes in strategy, such as alterations in the make-or-buy decision or contract type(s) driven by the risk responses. • Human resource management plan. The staffing management plan, part of the human resource management plan, is updated to reflect changes in project organizational structure and resource applications driven by the risk responses. This may include changes in tolerance or behavior related to staff allocation, as well as updates to the resource loading. • Scope baseline. Because of new, modified or omitted work generated by the risk response, the scope baseline may be updated to reflect those changes. • Schedule baseline. Because of new work (or omitted work) generated by the risk responses, the schedule baseline may be updated to reflect those changes. • Cost baseline. Because of new work (or omitted work) generated by the risk responses, the cost baseline may be updated to reflect those changes.