Risk Management
Perform Qualitative Risk Analysis
The process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact. (Planning) uses PIM - probability impact matrix Inputs: PM plan, project docs, EEFs, OPAs Tools: Expert judgement, data gathering, data analysis - risk data quality assessment, *Risk probability and Impact assessment/PIM, interpersonal and team skills, risk categorization, *Data representation: hierarchical charts, meetings Outputs: project doc updates The key benefit of this process is that it helps the project team focus on high-priority risks.
Plan Risk Responses - Tool: Strategies for Opportunities
-Escalate -Exploit -Share -Enhance -Accept
Plan Risk Responses - Tool: Strategies for Overall Project Risk
-Avoid -Exploit -Transfer/share
Plan Risk Responses - Tool: Strategies for Threats
-Escalate -Avoid -Transfer -Mitigate -Accept
Quantitative Risk Analysis - Tool: Data Analysis
-Simulation: Monte Carlo -Sensitivity: Tornade diagram - shows impact of one change while holding other factors constant -Decision Tree: show probability and arrive at dollar amount for each risk -Influence Diagrams: actors, influences, possible outcomes , the first technique of Simulation is preferred over the use of Expected Monetary Value.
Plan Risk Management - Output: Risk Management Plan
A component of the project, program, or portfolio management plan that describes how risk management activities will be structured and performed. Describes how risk will be categorized - RBS contains the following: Methods - A description of how risk will be managed. Roles and Responsibilities - the plan assigns people to roles that are specific risk management activities. For instance, Juan will monitor the quality of the product, while Julia is responsible for vendor commitment to the project. Budgeting and Timing - the risk management plan includes estimates of time and money that should be reflected in the project's schedule and cost baseline to carry out risk management processes. Reporting and Tracking - the plan also addresses how risk findings will be tracked and communicated.
Identify Risks - Outputs:Risk Register
A document in which the results of risk analysis and risk response planning are recorded. contains identified risks, risk owners, potential responses
Perform Qualitative Risk Analysis - Tool: Probability and Impact Matrix
A method of determining the severity of risk by looking at the probability of occurrence and impact on project objectives. It helps you determine what risks should be the highest priority. With this assessment, you take each risk in the risk register and evaluate 2 areas: what's the probability that it will occur, and what's the impact if it does.
Several planning aspects serve as inputs to the process Monitor Risks. Because it is a monitoring and controlling process, it serves to compare planned against actual to determine any variances. What "actual" input(s) is(are) available to Monitor Risks to be compared to the plans? A. Work performance data, Work performance reports B. Implemented risk responses, Risk report C. Risk register, Issue log D. Actual risk responses, Actual scope impact
A. Work performance, in the forms data/information/reports, serve as actual inputs to project processes. In the case of Monitor Risks, WPD and WPR are both inputs to this process.
Risk Management
All efforts designed to preserve assets and earning power associated with a business. -Plan Risk Management (Planning): Risk Management Plan -Identify Risks (Planning): Risk register, Risk report -Perform Qualitative Risk Analysis (Planning): N/A -Perform Quantitative Risk Analysis (Planning): N/A -Plan Risk Responses (Planning): N/A -Implement Risk Responses (Executing): Change Requests -Monitor Risks (Monitoring and Controlling): N/A
Data Analysis (Plan Risk Responses tool)
Alternatives Cost benefit
Implement Risk Responses - Output: Change Requests
As the team responds to risks, change requests naturally result. Some risk responses will perform just as anticipated. Other responses will prove ineffective, or they may require more effort or funding than originally estimated. The results of these responses may bring about change requests.
Perform Qualitative Risk Analysis - Tool: Assessment of Other Risk Parameters
Assessment of risk parameters: -Urgency: time to respond to risk event -Proximity: time before risk impacts project goals -Dormancy: time before risk is detected -Manageability: how easily a risk's impact can be managed -Controllability: how easily a risk event can be changed -Detectability: how easily a risk event can be noticed -Connectivity: how risks are connected -Strategic Impact: liklihood of risk impacting goals -Propinquity: how important risk is to stakeholder
You are project manager for an internal project. The project involves the implementation of certain technology that is new to your organization. Because this new technology introduces risk to the success of the effort, the project sponsor is encouraging you to enter into a contract with an outside firm that specializes in this technology. Incidentally, the sponsor has a close friend in the sales department of the potential contractor and is sure that will benefit your firm. The sponsor insists that you pursue this course of action because he is convinced that it would eliminate the risk. What is your BEST response to the sponsor? A. Schedule a meeting with your manager and the sponsor and confront the sponsor about this obvious conflict of interest. B. Explain to the sponsor that the strategy of transferring the risk to the contractor might lessen the likelihood or impact of the risk. But, it will not eliminate it. C. Gather the team and sponsor in one meeting and present the details necessary to prove competency to the sponsor. D. Perform EMV on this risk event. Share your findings with the sponsor and ask if he can negotiate a contract with the other firm for less than that amount.
B. A' is a temptation because there is a potential conflict of interest here. However, the bigger issue is that the sponsor believes this action will eliminate the risk. Not true - it will only lessen the impact or likelihood of it occurring. The sponsor and project manager will both suffer if the contractor gets the business and fails - that hurts the project. So, the project manager needs to clearly communicate that to the sponsor to be sure he understands that fact. 'C' is off target - the team doesn't necessarily need to master the new technology and prove it to the sponsor. 'D' sounds nice, but again, this is not the best answer.
A schedule threat with a low probability and a low impact was identifed earlier. The team never got around to deciding what to do about it. Murphy's Law came true once again, and the threat actually occurred, causing the project to finish a bit later than planned. What risk process did not occur in this situation? A. Monitor risks B. Implement risk responses C. Plan risk management D. Identify risks
B. No risk response planning occurred for this risk event, so unless there was a workaround created after the event, the Implement risk responses process did not occur. Since the project ended late, it is assumed that no workaround was implemented.
Which of the following statements is TRUE regarding risk? A. All risk events must have a planned contingency. B. All risk events are uncertain. C. All risk events are negative. D. All risk events should be covered by a contingency budget amount.
B. Risk events are, by definition, uncertainties. These could either be positive or negative. 'A' is incorrect because some risks are simply accepted and have no contingency plan. 'C' is incorrect because a risk may be positive or negative. 'D' is incorrect because not all risks have budgeted reserve. Some are transferred to other parties or are too small or unlikely to consider.
The Monitoring and Controlling process associated with project uncertainty is: A. Control costs B. Monitor risks C. Control schedule D. Control risks
B. Uncertainty is a great one-word definition of risk. Answer-B reflects the proper process name for the monitoring and controlling process group associated with risk management.
During which process is the project team most likely to perform a risk urgency assessment? A. Risk Identification B. Perform Quantitative Risk Analysis C. Perform Qualitative Risk Analysis D. Plan Risk Responses
C. Risk Urgency is the first of nine characteristics listed under the Data Analysis tool for Perform Qualitative Risk Analysis. This group of 9 traits is under the heading of other risk parameters and includes traits such as urgency, dormancy, and proximity. Check out Andy's book for a full explanation of the 9. All that to say: 'C' is the correct answer! This technique helps the team identify those risks that can really doom a project soon - urgent! Indicators of priority might include how soon this risk event may occur, how easily the team can detect the risk, the impact if it were to occur, or the presence of warning signs leading up to the risk event. All these might qualify a risk as more urgent than others and require immediate handling.
Technical performance analysis is a data analysis tool used in only one of the processes in the framework to indicate impact of threats or opportunities. Which one?
C. Technical performance analysis is comparing the technical accomplishments of the project against the scheduled technical accomplishments to determine any deviations - which are potential measures of the impact of risk events. This occurs in Monitor risks.
Risk
Degree of uncertainty of return on an asset; in business, the likelihood of loss or reduced profit. 1. Related to uncertain event 2. May be good or bad 3. Individual project risk vs overall project risk
Identify Risks - Tools: Data Analysis
Primary tools used to analyze data in Identify Risks: -Root Cause: ishikawa (fishbone) diagrams - trace risk events back to factors that led to them, why? 5x -Assumptions and Constraint: analyze and challenge -SWOT: Strengths, Weaknesses, Opportunities, Threats -Document: reading for unclear project documentation
Contingent Response Strategies (Plan Risk Responses tool)
Responses provided which may be used in the event that a specific trigger occurs.
Identify Risks - Tools - Data analysis: SWOT Analysis
SWOT stands for strengths, weaknesses, opportunities, and threats. capitalize on your strengths and defend your weaknesses
Tailored Risk Approach
Size of project Project complexity Inherent project risk Project methodology Importance
Monitor Risks - Tool: Data Analysis
Technical Performance - compares results w the plan -the team is measuring technical performance with a focus on functionality, looking at how the project has met its goals for delivering the documented scope. *Reserve Analysis - cost and schedule - As the project progresses, the team should evaluate the project's reserve. You want to be sure that the reserve or contingency is sufficient to address the amount of risk the project expects to encounter.
Identify Risks - Outputs: Risk Report
The Risk Report describes the level of overall project risk and summarizes data on individual project risks. The Risk Report is similar to the Risk Register in that it, too, will be progressively elaborated by future risk processes. Risk management is an iterative discipline. Both outputs are refined further and improved as more risk data emerges over the life of the project. Here's how the Risk Report differs from the Risk Register: The Risk Register specifies the details about individual project risks. Whereas...the Risk Report summarizes those individual project risks.
Implement Risk Responses
The key benefit of this process is that it ensures that agreed-upon risk responses are executed as planned in order to address overall project risk exposure, minimize individual project threats, and maximize individual project opportunities. (Executing) Inputs: Pm plan, project docs, OPAs Tools: Expert judgement, Interpersonal and team skills, PMIS Outputs: *Chang Requests, project docs updates The key benefit of this process is that it ensures the risk responses are carried out, as planned. ensures that the team implements the risk responses that have been planned.
Plan Risk Management
The process of defining how to conduct risk management activities for a project. (Planning) Inputs: project charter, project management plan, project docs (stakeholder register), EEFs, OPAs, Tools: expert judgement, data analysis, meetings *OUTPUTS: RISK MANAGEMENT PLAN!
Identify Risks
The process of determining which risks may affect the project and documenting their characteristics. (Planning) Builds risk register - needed to perform the all other Risk processes Inputs: PM plan, project docs, *Agreements, procurement documentation (portions procured outside of organizations have their own risks), EEFs, OPAs, Tools: *Data Gathering (brainstorms and checklists), *Data Analysis (root cause, assumptions and constraints, SWOT, document), *Prompt lists Outputs: *Risk Register, *Risk report, project docs updates The key benefit is that the process produces a list of risks that may impact the project. That documentation represents useful knowledge to stakeholders and is the next step in equipping the team to manage uncertainty on the project.
Plan Risk Responses
The process of developing options and actions to enhance opportunities and to reduce threats to project objectives. (Planning) Inputs: pm plan, project docs, risk register, EEFs, OPAs, Tools: Expert judgement, data gathering, interpersonal and team skills, *Strategies for threats, *Strategies for opportunities, *Contingent Response Strategies, Strategies for Overall Project Risk, Data analysis, Decision making Outputs: Change requests, PM plan updates, project doc updates - risk register The key benefit of this process is that it addresses the risks in the order of their priority or ranking, adding resources, activities, and reserves to the schedule and budget, as needed based on the organization's level of risk tolerance.
Monitor Risks
The process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project. (Monitoring and Controlling) Inputs: PM plan, project docs, work performance data, work performance reports Tools: Data analysis, *Audits, meetings Outputs: wpi, change requests, pm plan updates, project doc updates, OPA updates The key benefit of this process is that it leads to better risk responses. The team strives to make the risk response plans more and more effective by reviewing current information and performance
Perform Quantitative Risk Analysis
The process of numerically analyzing the effect of identified risks on overall project objectives. (optional) (Planning) updates the risk register used by plan risk response, implement risk response, monitor risks Inputs: pm plan, project docs, EEFs, OPAs, Tools: expert judgement, data gathering, interpersonal and team skills, *Representation of Uncertainty, *Data Analysis Outputs: Risk Report update The key benefit of this process is that it produces quantitative risk information that supports risk response planning while quantifying overall risk exposure.
Perform Quantitative Risk Analysis - Tool: Representation of Uncertainty
shows the likelihood of risk occurrence common types of probability distributions: triangular and beta
Identify Risks - Tools: Prompt Lists
a framework or predetermined list of risk categories to determine what may give rise to specific risks or increase overall project risk. Prompt Lists are often used along with other techniques, such as brainstorming or SWOT analysis, to help generate the list of risks. "V-U-C-A" which stands for volatility, uncertainty, complexity, and ambiguity. "P-E-S-T-L-E" which represents political, economic, social, technological, legal, and environmental. And, "T-E-C-O-P" that covers technical, environmental, commercial, operational, and political.
Perform Quantitative Risk Analysis - Tool: Monte Carlo Analysis
computes the project cost or schedule many times using input values selected at random from probability distributions of possible costs or durations. "what-if" analysis
Identify Risks - Tools:Prompt Lists
help facilitate a risk review -PESTLE: political, economic, social, technological, legal, environmental -TECOP: technical, environmental, commercial, operational, political -VUCA: volatility, uncertainty, complexity, ambiguity
Identify Risks - Outputs: Risk Register
lists potential responses for each risk. A brief title for the risk, Risk category, Risk causes and effects, Events or conditions that indicate a risk is about to occur, Date when the risk was added to the register, Date when a risk might occur, Deadline or date for taking action, and Expiration or date when risk is no longer a concern