Chapter 11 - Project Risk Management
Perform Qualitative Analysis - Outputs
- Proj Document updates - Assumption log, Issue Log, Risk Register, Risk Report
Plan Risk Responses - Inputs
- Project Management Plan > Resource management plan > Risk Management Plan > Cost baseline - Proj Documents > Lessons learnt reg > Project schedule > Project team assignments > Resource calendars > Risk Register > Risk report > Stakeholder Register - EEFs and OPAs
Implement Risk Responses - Outputs
Change requests, Project document updates: > Issue log > Lessons learnt Reg > Project team assmts > Risk Reg > Risk report
Plan Risk Management - Inputs
Project Management Plan - All subsidiary mgmt plan Project Charter Stakeholder Register Enterprise Environmental Factors Organizational Process Assets
Perform Qualitative Risk Analysis - Inputs
Project Management Plan - Risk mgmt plan Project documents: Assumption log, Risk Register, Stakeholder Register EEFs, OPAs
Identify Risks - Inputs
Project Management Plan, Project documents, Agreements, Procurement documentation, EEFs, OPAs
Implement Risk Responses - Inputs
Project Management Plan: > Risk mgmt plan Project documents: > Lessons learnt reg > Risk Reg > Risk report OPAs
Plan Risk Management - Tools/Techniques
Data Analysis - Stakeholder analysis Expert Judgment Meetings
Implement Risk Responses - Tools and Techniques
Expert judgement, Interpersonal and team skills, Project management information system
Monitor Risks - Outputs
- Work performance information - Change requests - PM Plan updates - Project document updates > Assumption Log > Issue log > Lessons learnt reg > Risk reg > Risk report - OPAs
Project Risk Management Processes
11.1 Plan Risk Management 11.2 Identify Risks 11.3 Perform Qualitative Risk Analysis 11.4 Perform Quantitative Risk Analysis 11.5 Plan Risk Responses 11.6 Implement Risk REsponses 11.6 Monitor Risks
Identify Risks - Tools/Techniques
Expert judgement, Data gathering, Data analysis, Interpersonal and team skills, Prompt lists - A prompt list is a predetermined list of risk categories that might give rise to individual project risks and that could also act as sources of overall project risk. The prompt list can be used as a framework to aid the project team in idea generation when using risk identification techniques. The risk categories in the lowest level of the risk breakdown structure can be used as a prompt list for individual project risks. Frameworks: PESTLE (political, economic, social, technological, legal, environmental), TECOP (technical, environmental, commercial, operational, political), or VUCA (volatility, uncertainty, complexity, ambiguity). Meetings
Identify Risks - Outputs
Risk register, Risk report, Project document updates - Issue log, Assumption log, Lessons learnt reg
Perform Quantitative Risk Analysis - Inputs
See diagram in (23)
Plan Risk Responses - Outputs
- Change requests - PM Plan updates: > Schedule > Cost > Quality > Resource > Procurement > Scope baseline > Schedule baseline > Cost baseline - Project documents updates > Assumption log > Cost forecasts > Lessons learnt > Project schedule > Project team assmt > Risk reg: > Agreed-upon response strategies; Specific actions to implement the chosen response strategy; Trigger conditions, symptoms, and warning signs of a risk occurrence; Budget and schedule activities required to implement the chosen responses; Contingency plans and risk triggers that call for their execution; Fallback plans for use when a risk that has occurred and the primary response proves to be inadequate; Residual risks that are expected to remain after planned responses have been taken, as well as those that have been deliberately accepted; and Secondary risks that arise as a direct outcome of implementing a risk response. > Risk report
Monitor Risks - T&T
- Data Analysis > Technical performance analysis > Reserve analysis - Audits - Meetings
Perform Qualitative Risk Analysis - T&T
- EJ - Data Gathering - Interviews - Data Analysis - Risk data quality assessment - How accurate and reliable the data about individual risks is for risk analysis. - Risk Probability and impact assessment - > Likelihood of a risk to occur. > considers the potential effect on one or more project objectives such as schedule, cost, quality, or performance. > This process is done for each risk - Assessment of other risk param - Urgency - Proximity - Dormancy - Manageability - Controlability - Detectability - Connectivity - Strategic Impact - Propinquity - Interpersonal and team skills - Risk categorization > Can be categorized by RBS, WBS, common root causes and others like project budget, phase, roles - Data Representation > Probability and impact matrix > Hierarchical charts - Meetings
Plan Risk Responses - Tools and Techniques
- EJ - Data Gathering: Interviews - Interpersonal and team skills - Strategies for Threats > Escalate > Avoid > Transfer > Mitigate > Accept - Strategies for Opportunities > Escalate > Exploit > Share > Enhance > Accept - Contingent response strategies: make a response plan that will only be executed under certain predefined conditions, - Strategies for overall Project Risk > Avoid > Exploit > Transfer/share > Mitigate/enhance > Accept - Data Analysis: Alternatives analysis, cost analysis - Decision making
Perform Quantitative Risk Analysis - Tools & Techniques
- EJ - Data gathering - Interviews - Interpersonal and team skills - Representation of uncertainty > Where the duration, cost, or resource requirement for a planned activity is uncertain, the range of possible values can be represented in the model as a probability distribution. > The most commonly used are triangular, normal, lognormal, beta, uniform, or discrete distributions. - Data Analysis > Simulation - using Monte Carlo analysis >> Criticality analysis done for schedule risk analysis determines which elements of the risk model have the greatest effect on the project critical path. >> Criticality index Calculated for each element in the risk model, which gives the frequency with which that element appears on the critical path during the simulation, usually expressed as a percentage. > Sensitivity Analysis - Determines which risks have the most potential impact on project outcomes > Decision tree analysis > Influence diagrams
Identify Risks
- Identify Risks is the process of identifying individual project risks as well as sources of overall project risk, and documenting their characteristics. - The key benefit of this process is the documentation of existing individual project risks and the sources of overall project risk. It also brings together information so the project team can respond appropriately to identified risks. - This process is performed throughout the project
Trends
- Identify non event risks: > Variability risk. Uncertainty exists about some key characteristics of a planned event or activity or decision. > Ambiguity risk. Uncertainty exists about what might happen in the future. - Project resilience; > Methods to cope with Emergent risks - Integrated Risk Mgmt
Project Risk Managment
- Includes the processes of conducting risk management planning, identification, analysis, response planning, response implementation, and monitoring risk on a project. - The objectives of project risk management are to increase the probability and/or impact of positive risks and to decrease the probability and/or impact of negative risks, in order to optimize the chances of project success.
Monitor Risks - Inputs
- PM plan: Risk mgmt plan - Proj Documents > Issue log > Lessons learnt reg > Risk reg > Risk report - WP data - WP reports
Key Concepts
- Participants in risk identification activities may include the following: project manager, project team members, project risk specialist (if assigned), customers, subject matter experts from outside the project team, end users, other project managers, operations managers, stakeholders, and risk management experts within the organization. - Preliminary risk responses may also be identified and recorded and will be reviewed and confirmed as part of the Plan Risk Responses process. - Risk owners for individual project risks may be nominated as part of the Identify Risks process, and will be confirmed during the Perform Qualitative Risk Analysis process. - Identify Risks is an iterative process, since new individual project risks may emerge as the project progresses through its life cycle and the level of overall project risk will also change.
Plan Risk Management
- The process of defining how to conduct risk management activities for a project. - The key benefit of this process is that it ensures that the degree, type, and visibility of risk management are proportionate to both risks and the importance of the project to the organization and other stakeholders. - This process is performed once or at predefined points in the project. - Plan Risk Management process should begin when a project is conceived and should be completed early in the project. - It may be necessary to revisit this process later in the project life cycle, for example at a major phase change, or if the project scope changes significantly, or if a subsequent review of risk management effectiveness determines that the Project Risk Management process requires modification.
Plan Risk Responses
- The process of developing options and actions to address overall project risk exposure, as well as to treat individual project risks. - Key benefit: That it identifies appropriate ways to address overall project risk and individual project risks. This process also allocates resources and inserts activities into project documents and the project management plan as needed. - Performed throughout the project
Implement Risk Responses
- The process of implementing agreed-upon risk response plans. - The key benefit of this process is that it ensures that agreed-upon risk responses are executed as planned in order to address overall project risk exposure, minimize individual project threats, and maximize individual project opportunities. - This process is performed throughout the project.
Monitor Risks
- The process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project. - The key benefit of this process is that it enables project decisions to be based on current information about overall project risk exposure and individual project risks. - This process is performed throughout the project.
Perform Quantitative Risk Analysis
- The process of numerically analyzing the effect of identified risks on overall project objectives. - Key Benefit of this process is that is quantifies the overall project risk exposure and can provide additional quantitative info that will support risk response planning - Not required but if used it is performed throughout the project - This analysis depends on availability of high quality risk data and sound underlying project baseline for scope, schedule and cost. - Required expertise and specialized s/w. - Uses info from Perform Qualitative risk analysis process - O/P from this process is used as an I/P to Plan Risk responses process
Perform Qualitative Risk Analysis
- The process of prioritizing individual project risks for further analysis or action by assessing and combining their probability of occurrence and impact. - Key benefit of this process is that is focuses efforts on high priority risks - Performed throughout the project - Establishes risk priorities - Identifies risk owner - Foundation of Perform Quantitative Risk Analysis
Risk Report
- The risk report explains the overall project risks and provides summaries about the individual project risks. - Developed progressively throughout the project risk mgmt process - The results of Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk Responses, Implement Risk Responses, and Monitor Risks are also included in the risk report as those processes are completed. - Info in risk report: > Sources of overall project risk, indicating which are the most important drivers of overall project risk exposure > Summary information on identified individual project risks, such as number of identified threats and opportunities, distribution of risks across risk categories, metrics and trends, etc.
Risk Register
- The risk report presents information on sources of overall project risk, together with summary information on identified individual project risks. - The results of Perform Qualitative Risk Analysis, Plan Risk Responses, Implement Risk Responses, and Monitor Risks are recorded in the risk register as those processes are conducted throughout the project. - Maybe be limited or extensive - Includes: > List of identified risks > Potential risk owners > List of potential risk responses
Key Concepts
- Two levels of Risk: > Individual risk - an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives. > Overall project Risk - the effect of uncertainty on the project as a whole, arising from all sources of uncertainty including individual risks, representing the exposure of stakeholders to the implications of variations in project outcome, both positive and negative. - Risks will continue to emerge during the lifetime of the project, so Project Risk Management processes should be conducted iteratively. - Risk is initially addressed during project planning by shaping the project strategy. - stakeholders. Risk thresholds express the degree of acceptable variation around a project objective. - In order to manage risk effectively on a particular project, the project team needs to know what level of risk exposure is acceptable in pursuit of the project objectives. - They are explicitly stated and communicated to the project team and reflected in the definitions of risk impact levels for the project. -
Perform Quantitative Risk Analysis - Outputs
Project documents updates - - Risk Report > Assessment of overall project risk exposure >> Chances of project success >> Degree of inherent variability remaining within the project at the time the analysis was conducted i.e. possible project outcomes > Detailed probabilistic analysis of the project >> Amount of contingency reserve needed to provide a specified level of confidence; >> Identification of individual project risks or other sources of uncertainty that have the greatest effect on the project critical path; >> Major drivers of overall project risk, with the greatest influence on uncertainty in project outcomes. > Prioritized list of individual project risks > Trends in quantitative risk analysis results > Recommended risk responses
Plan Risk Management - Outputs
Risk management plan: The risk management plan may include some or all of the following elements: > Risk strategy. Describes the general approach to managing risk on this project. > Methodology. Defines the specific approaches, tools, and data sources that will be used to perform risk management on the project. > Roles and responsibilities. Defines the lead, support, and risk management team members for each type of activity described in the risk management plan, and clarifies their responsibilities. > Funding. Identifies the funds needed to perform activities related to Project Risk Management. Establishes protocols for the application of contingency and management reserves. > Timing. Defines when and how often the Project Risk Management processes will be performed throughout the project life cycle, and establishes risk management activities for inclusion into the project schedule. > Risk categories. Provide a means for grouping individual project risks. A common way to structure risk categories is with a risk breakdown structure (RBS), which is a hierarchical representation of potential sources of risk > Stakeholder Risk Appetite: The risk appetites of key stakeholders on the project are recorded in the risk management plan, as they inform the details of the Plan Risk Management process. These thresholds will determine the acceptable level of overall project risk exposure, and they are also used to inform the definitions of probability and impacts to be used when assessing and prioritizing individual project risks. > Definitions of risk probability and impacts. Definitions of risk probability and impact levels are specific to the project context and reflect the risk appetite and thresholds of the organization and key stakeholders. The number of levels reflects the degree of detail required for the Project Risk Management process, with more levels used for a more detailed risk approach (typically five levels), and fewer for a simple process (usually three). > Probability and impact matrix: Prioritization rules may be specified by the organization in advance of the project and be included in organizational process assets, or they may be tailored to the specific project. > Reporting formats > Tracking