PMP Study - 21-24 Risk
What information is contained in the Project scope statement that is used in the Plan Risk Management process? (4 points)
1) A description of the project's deliverables and objectives 2) Contains clues about how much overall uncertainty the project team will encounter as the project is planned and executed 3) Helps give better understanding to the complexity of the project deliverables which in turn helps the team determine the complexity of the whole risk management effort 4) Lists and describes the specific project constraints and assumptions - these provide clues for potential risks
What key information is contained in the Risk Register? (3 points)
1) A list of all identified risks - as the project progresses, the list increases until it represents all the risks that the project is likely to encounter 2) The results of all the other risk management processes including a description of the risk, what could happen if the risk event occurs, what will cause the risk event and the impact the risk will have 3) Describes potential responses
What are the typical components of a Topic Process Flowchart? (4 points)
1) Arrows - Indicate the sequence of the activities within a process or system - An arrow leading back from a diamond to a previous activity indicates the activity must be repeated if a decision or review has a specified outcome - sometimes called a feedback loop 2) Circle or Oval - Signifies the start or end of a process 3) Rectangle - Represents an activity or component within a process 4) Diamond - Identifies a point at which a decision must be made or when a product must be reviewed - The activity that follows a diamond will depend on the decision or review outcome
What is the process of conducting a Risk Data Quality Assessment during the Qualitative Risk Assessment process? (4 points)
1) Assess the level of understanding shown for each risk 2) Review the availability of data about each risk 3) Review the quality of data 4) Review the reliability of data
What are the strategies for dealing with negative risks (threats) for the Planning Risk Response process? (4 points)
1) Avoiding 2) Transferring 3) Mitigating 4) Accepting
What are common formats for performance reports showing variances, earned value and forecasts that are used during the Monitoring and Controlling Risks process? (3 points)
1) Bar charts - Display statistics, timelines and other information on performance that can assist the project manager with monitoring project risks 2) S-curves - A graph that displays the time-phased cost performance baseline - can help the project manager monitor given risks by comparing planned to actual values and costs and help to determine when to kick off a round of risk identification and analysis 3) Summary tables - Acts as a form of performance report - e.g. it can outline planned and actual cost performance for each work package - helps the project manager in monitoring risks and points to new risks that need analysis
What techniques are useful in risk information gathering sessions during the Identify Risk process? (3 points)
1) Brainstorming 2) Interviewing 3) Delphi technique
What are the two measurements types used for rating risks? (2 points)
1) Cardinal Scale - Measures probability from 0.0 - very low - to 1.0 - very high 2) Ordinal scale - Ranges from low to medium to high
What diagram techniques can be used to assist in conducting a Root Cause Analysis?
1) Cause-and-effect diagrams 2) Flowcharts 3) Influence diagrams
What are best practices for planning effective risk responses? (4 points)
1) Choose the best mix of strategies for responding to each risk 2) Assign a risk owner to each risk and the planned response to it 3) Ensure each planned response defines a specific action plan and fallback plans 4) Plan responses for secondary risks - risks that might be raised because of planned risk responses
What are the three types of nodes included in a Decision Tree Analysis?
1) Decision node - represents the question you want to answer 2) Change nodes (usually a circle) - lead to quantitative data about the different possible outcomes of each options 3) End nodes (usually a triangle) - show the results of analyzing the possibilities of each option
What information does work performance information provide for the Monitoring and Controlling Risks process? (3 points)
1) Deliverable status 2) Schedule process 3) Costs incurred
What are the steps to performing a Decision Tree Analysis using EMV? (3 points)
1) Determine the best-case and worst-case (optimistic and pessimistic) - EMVs for the first path and add them to get a total EMV 2) Determine the expected market value of each possible outcome 3) Compare the two total EMVs to determine which option is best
How do you reduce uncertainty related to risk events? (3 points)
1) Determine the probability of a risk 2) Identify the possible consequences and impact 3) Identify the potential causes
What is the best way to deal with risks that can't be avoided? (3 points)
1) Develop a response during planning 2) Implement response if the risk event occurs 3) Follow up by asking how effective the planned response was at controlling damage caused by the risk or if the risk posed an opportunity, if the response was effective at maximizing the benefits to the project
What tools & techniques are used in the Identify Risks process? (10 points)
1) Documentation reviews 2) Risk information gathering sessions 3) Categorising risks 4) Risk register 5) SWOT analysis 6) Topic assumption analysis 7) Checklist analysis 8) Root cause analysis 9) Cause & effect diagrams 10) Topic process flowcharts
What does monitoring and controlling risks involve? (6 points)
1) Ensuring project assumptions are still valid 2) Assessing the current status of identified risks 3) Ensuring that the correct risk management policies and procedures are being followed 4) That cost or schedule contingency reserves are modified as needed 5) Taking corrective action 6) Modify the project management plan when necessary
What are the two forms of quantitative analysis?
1) Event-oriented - Risk events are assed by how they could impact a particular project objective - e.g. how an increase of 4% in the cost of materials could impact total project costs 2) Project-oriented - Assess how all identified risks could impact the overall success of a project - typically involves identifying how much each risk is likely to cost the project - financially or in terms of schedule delays - the risks can then be prioritized based on quantifiable data
What are the strategies for dealing with positive risks (opportunities) for the Planning Risk Response process? (4 points)
1) Exploit 2) Share 3) Enhance 4) Accept
What information does the Risk Register provide for monitoring risks during the Monitoring and Controlling Risks process? (5 points)
1) Identified risks that need monitoring 2) The order of risk priorities 3) Risk causes, which should be carefully monitored for change 4) The symptoms or warning signs that should alert to the occurrence of risks 5) Risk owners - the team members responsible for monitoring each of the identified risks
What are the key points to successfully managing risks? (3 points)
1) Identify as many risks as possible 2) Understand their likelihood, causes and impacts 3) Plan appropriate responses
What activities require special attention when reviewing documentation for the Identify Risks process? (3 points)
1) Identify contradictions and gaps 2) Check the quality of management plans 3) Investigate constraints and assumptions in the project scope statement
What information is contained in the Communications Management Plan that is used in the Plan Risk Management process? (2 points)
1) In general defines the interactions that will occur on the project 2) Identifies who will be available to share information about risks and when
During Topic Assumptions Analysis each assumption is checked for validity by checking it for what possibilities? (3 points)
1) Inaccuracy - is the assumption based on accurate information, assumptions should be soundly based on fact 2) Inconsistency - basic assumptions should be accurate and consistent with the other facts understood about the project, if several facts or assumptions don't quite seem to add up it likely indicates a problem 3) Incompleteness - check that the assumption provides enough information as possible about its basis and the circumstances surrounding it
What tools can be used to transfer risks? (5 points)
1) Insurance - one pays a premium for protection against financial loss 2) Contracts - can be designed to transfer specific risks to contractors or sellers of products or services 3) Performance bonds - a type of insurance provided by the contractor to an organization specifying an amount of money to be paid if the contractor fails to deliver the promised results 4) Guarantees - an assurance of the quality of lifespan of a product, accompanied by a promise of reimbursement or replacement if the product doesn't live up to the specified standards 5) Warranties - a written guarantee of the integrity of a product and of the manufacturer's responsibility for the repair or replacement of defective parts
What tools & techniques are used during the Quantitative Risk Analysis process? (6 points)
1) Interviewing experts & relevant stakeholders 2) Three-point estimates 3) Probability distribution graphs 4) Quantitative risk analysis 5) Modelling techniques 6) Expert judgement
What information does the Risk Management Plan provide during the Planning Risk Response process? (7 points)
1) Introduces risk management and it's purpose 2) Contains assumptions, constraints and policies that relate to risk management 3) It mentions documents and standards - giving an overview of the risk management approaches, tools and sources of information that must be used to manage risk 4) Roles and responsibilities of specific team members for managing risks 5) Risk analysis definitions to specify what criteria must be used to rate the probability, impact and urgency of risks 6) Timing for reviews and risk management activities 7) Risk thresholds above which planned risk response must be implemented
What are the key rules to drawing a cause-and-effect diagram? (3 points)
1) It must contain the main categories of causes - e.g. people, processes, equipment and environment 2) The main categories must branch off the central spine of the diagram 3) The causes and sub-causes that branch off the main categories must be related to the main category and to the risk
What are the qualities of a good risk response? (5 points)
1) It should be appropriate in relation to the significance of the risk 2) It should be cost-effective and timely 3) It should be assigned as the responsibility of a particular individual 4) It should be agreed upon by all parties involved 5) It should be realistic within the project context
What are the two types of models within the Quantitative Risk Analysis Modelling technique?
1) Iterative models 2) Non-iterative models
What are examples of Organisational process assets updates as Outputs of the Monitoring and Controlling Risks process? (3 points)
1) Lessons learned documentation 2) Finalised risk management documents 3) Risk planning documents
Outline the comparison of ordinal scaling to cardinal scaling for risk impact expressions
1) Low-low = 0.05 2) Low = 0.25 3) Medium = 0.5 4) High = 0.75 5) High-high = 1.0
What is involved in the Monitoring and Controlling Risks process? (4 points)
1) Monitoring warning signs that specific risks may occur 2) Control risks using specified responses 3) Identify and analyze new risks as they arise 4) Update process assets within information gained during the process
What are the different types of Continuous Distribution? (5 points)
1) Normal Distribution 2) Uniform Distribution 3) Beta Distribution 4) Triangular Distribution 5) Lognormal distribution
What are common triggers that lead to risk register updates as an Output of the Monitoring and Controlling Risks process? (2 points)
1) Outcomes of reassessments and audits - Can lead to updates to the risk responses, impact, probability and priority ratings of identified risk 2) Outcomes of responses - If a risk event occurs this should be recorded and the effectiveness of the planned response in the risk register
What are the two different types of Accepting a negative risk (threat) as a planned risk response?
1) Passive acceptance - doing nothing unless a risk event occurs, and then dealing with the consequences - e.g. dealing with wet weather 2) Active acceptance - accepting a risk but planning beforehand how to deal with the consequences if the risk occurs e.g. planning an alternative route in case there are road works during a trip but not using it unless there really are road works
What are the three basic types of causes for risks?
1) Physical - Relate to flaws in tangible items - e.g. defects in raw materials, faults in tools, machinery or equipment 2) Human - The results of human error - incompetence, absence, differences in understanding, personality differences 3) Organisational - Relate to the internal or external systems, processes or policies that impact a project e.g. internal such as a faulty manufacturing process that neglects an important safety check or external such as bad weather, fussy customers or a weakening economy
What risk management processes are included in the Planning process group?
1) Plan Risk Management 2) Identify Risks 3) Perform Qualitative Risk Analysis 4) Perform Quantitative Risk Analysis 5) Plan Risk Responses
In what order do the risk processes happen?
1) Plan Risk Management 2) Identify Risks 3) Perform Qualitative Risk Analysis 4) Perform Quantitative Risk Analysis 5) Plan Risk Responses 6) Monitor & Control Risks - All process orders are flexible depending on project conditions - All process are iterative
What information does the Risk Register provide for controlling risks during the Monitoring and Controlling Risks process? (5 points)
1) Planned risk responses and specific actions for implementing them 2) The triggers, symptoms and warning signs that risk events have occurred or are about to occur 3) Residual and secondary risks which may result from risk control activities and which require monitoring and control 4) Time and cost contingency reserves 5) Impact thresholds for risks - if exceeded contingency plans should be activated
What tools & techniques are used during the Plan Risk Management process?
1) Planning meetings & analysis
What are the main components of a cause-and-effect diagram? (4 points)
1) Problem / Risk - A box at the head of the table (labeled "A" in example below) 2) Main cause categories - Main branches shooting off from the spine - (labeled "B" in example below) 3) Causes - Sub-branches shooting off the main branches (labeled "C" in example below) 4) Sub-causes - Further sub-branches shooting off the initial sub-branches (labeled "D" in example below)
What are the Inputs to the Plan Risk Management process? (6 points)
1) Project scope statement 2) Cost management plan 3) Schedule management plan 4) Communications management plan 5) Enterprise environmental factors 6) Organisational process assets
Who should attend a risk planning meeting? (5 points)
1) Project team members 2) Stakeholders 3) Functional managers 4) Those who have involvement in the risk management process 5) Those who have useful information related to planning risk management activities
What are the steps to identifying causes using a cause-and-effect diagram? (4 points)
1) Record the risk 2) Identify major contributing factors 3) List causes 4) Analyse the diagram
What information does the Risk Register provide during the Planning Risk Response process? (6 points)
1) Records all identified risks and based on analysis, their severity and probability ratings 2) Includes the root causes of risks and their likely impact on the project 3) Identified risks that require a response soon 4) Details of qualitative analysis results, including trends and patterns 5) Low-priority risks that require monitoring 6) Risks for additional analysis for which not enough information is currently available to prepare a risk response
How can you increase the likelihood of a positive outcome for risk events? (3 points)
1) Reducing the probability of negative events and by limiting their impact if they do happen 2) Making a conscious decision to manage risks 3) Being committed to responding proactively to risks
What are the two central roles of risk management?
1) Reducing uncertainty about identified risks 2) Determining appropriate responses for possible risks that cant be avoided
What are the Inputs to the Identify Risk process? (11 points)
1) Risk management plan 2) Stakeholder register 3) Activity cost and duration estimates 4) Scope baseline 5) Project scope statement 6) Cost, schedule and quality management plans 7) Enterprise environmental factors 8) Organisational process assets 9) Performance reports 10) Updated baselines 11) Earned value reports
What are the tools and techniques used during the Qualitative Risk Analysis process? (4 points)
1) Risk probability and impact assessment 2) Risk categorisation 3) Risk data quality assessment 4) Risk urgency assessment
What tools and techniques are used during the Monitoring and Controlling Risks process? (6 points)
1) Risk reassessment 2) Reserve analysis 3) Technical performance measurement 4) Status meetings 5) Risk audits 6) Variance and trend analysis
What are the Inputs to the Monitoring and Controlling Risks process? (4 points)
1) Risk register 2) Project management plan 3) Work performance information 4) Performance reports
What are the Inputs to the Planning Risk Response process? (2 points)
1) Risk register 2) Risk management plan
What are the Inputs to the Quantitative Risk Analysis process? (5 points)
1) Risk register 2) Risk management plan 3) Cost management plan 4) Schedule management plan 5) Organisational process assets
What are the Inputs to Qualitative Risk Analysis process? (4 points)
1) Risk register 2) Risk management plan 3) Project scope statement 4) Organisational process assets
What are the Outputs of the Monitoring and Controlling Risks process? (5 points)
1) Risk register updates 2) Organisational process assets updates 3) Change requests 4) Project management plan updates 5) Project document updates
What are the Outputs of the Planning Risk Responses process? (4 points)
1) Risk register updates 2) Risk-related contract decisions 3) Project management plan updates 4) Project document updates
What are common and effective ways of categorising risks during the Identify Risk process? (3 points)
1) Risk source - Based on their common root sources - or causes 2) Areas of the project affected 3) Project phase
What information does the Project Management Plan provide for the Monitoring and Controlling Risks process? (4 points)
1) Risk tolerances of stakeholders 2) Methodology used to manage risk 3) Risk monitoring and control responsibilities 4) Budget and schedule activities planned for monitoring and controlling risk events throughout the life of a project
What sort of updates would be required to the risk register as an output of the Qualitative Risk Assessment process? (7 points)
1) Risks ordered by priority and category 2) Near-term risks are marked as urgent 3) Risks requiring further analysis are flagged 4) Descriptions of risks and their causes may be updated 5) New risk categories or newly identified risks may be added 6) Trends for particular risks that became apparent during the analysis 7) A watchlist of low-priority risks
What inputs is used to perform a schedule-based risk analysis using an iterative modelling technique? (2 points)
1) Schedule network precedence diagrams 2) Duration estimates
What items are particularly important to include during reviewing documentation for the Identify Risks process? (3 points)
1) Scope baseline documents - especially the WBS 2) Organisational process assets - particularly historical project information 3) Enterprise environmental factors - such as industry and market reports, studies and forecasts
What are the different methods of quantitative analysis? (3 points)
1) Sensitivity analysis 2) Expected monetary value (EMV) analysis 3) Decision Tree Analysis
In what way is the Cost Management Plan used in the Plan Risk Management process? (2 points)
1) Sets out the format and establishes the activities and criteria for planning, structuring and controlling the costs of a project 2) Defines how risk budgets, contingencies and management reserves will be reported and accessed
What can EMV Analysis be used to assess? (2 points)
1) The expected monetary value of individual or all identified risks on a project 2) The schedule impact of individual or all identified risks on a project
What key information is contained in the Risk Management Plan? (5 points)
1) The methodology, approaches, tools and data sources for risk management 2) The roles and responsibilities of the risk management team 3) The budgeting of resource and cost estimates for risk management, and the protocols for applying the contingency reserve 4) The timing and frequency of risk management activities, and the schedule for applying the contingency reserve 5) The risk categories of the structure that identifies risks to a consistent level of detail
What are the specific Outputs of the Quantitative Risk Analysis process to the Risk Register? (4 points)
1) The probabilistic analysis of the project 2) Probability of achieving cost and time objectives 3) A prioritized list of quantified risks 4) Any trends in analysis results over time
What are weaknesses with the EMV Analysis technique? (2 points)
1) The results of the analysis depend completely on how accurately the probability and impacts are predicted of the given risks 2) Deals with uncertainty - can help prioritize risks but can't tell which will occur or what their total cost to a project will really be
What are the key characteristics of project risks? (5 points)
1) They're events that might happen 2) They have the potential to impact one or more of the project objectives 3) Risks always happen in the future 4) Risks can be both bad and good - risk can be an unexpected event that harms your project or it can be something that offers unexpected benefits 5) Risks can be found throughout the project life-cycle
What can Decision Tree Analysis be used for? (3 points)
1) To compare the risks associated with different choices 2) To compare the costs associated with an opportunity to the costs of not taking the opportunity 3) Determine the best strategy for managing a given risk or threat
Why are risks monitored and controlled during the Monitoring and Controlling Risks process? (4 points)
1) To evaluate the effectiveness of responses 2) To identify and plan for new risks 3) To monitor residual risks 4) To activate contingency plans when necessary
What are the aims of the Plan Risk Management process? (3 points)
1) To increase the chances of success for the other five management processes 2) To ensure enough resources and time are set aside for risk management activities 3) Enables the project management and the stakeholders to establish an agreed-upon basis for evaluating project risk
What risk information is provided in a risk register? (12 points)
1) Tracking No. - Uniquely identifies each recorded risk so it can be easily referenced and monitored 2) RBS - Links each risk to its category within the risk breakdown structure 3) WBS - Links each risk with the work components it may affect within the WBS 4) Date - Lists the date at which each risk was identified 5) Risk status - Can be recorded as pending, current or ended 6) Description - A clear and concise description of each identified risk 7) Cause - Identify the cause or causes of each risk 8) Root Cause - Outlines the root causes of identified risks - the fundamental conditions or events that could result in the risks occurring 9) Impact - Details the potential impact of each risk on the project 10) Severity - Indicates the extent to which each risk could impact the project 11) Likelihood - Indicates the probability of the risk occurring 12) Risk response - Lists the planned responses for managing each of the risks
Outline the comparison of ordinal scaling to cardinal scaling for risk probability expressions
1) Very unlikely = 0.0 2) Somewhat likely = 0.3 3) May happen = 0.5 4) Likely = 0.7 5) Very likely = 0.9 6) Certain to happen = 1.0
What is the advantage to finding the cause of a specific risk? (2 points)
1) Ways can be found to avoid or mitigate it 2) It's possible to explore why a risk is likely to be realized and why it will have the impact predicted
What questions should be used to identify project risks and their causes from a flow chart? (3 points)
1) What happens early in the process that could cause problems later on? 2) Which activities are out of your control? 3) Are there logical inconsistencies, bottlenecks or complexities that could create delays, errors or confusion?
What are tornado diagrams useful for confirming? (2 points)
1) Which risks it's most important to focus on managing 2) Whether the positive impacts of various risks outweigh the negative impacts
What types of processes can a Topic Process Flowchart be used to depict?
1) Work processes 2) Project management processes 3) The flow of communication in a project
What information does a SWOT analysis contain and how is it best laid out?
A 4 panel grid, one for each category - that should contain following information - Strengths - the advantages or strong points that you or the organisation has - e.g. unique abilities, opportunities or wisdom to offer to the project - Weaknesses - the disadvantages or weak points that you or the organization has that could compromise the success of a project - Opportunities - positive external factors that could benefit the project e.g. new technology, changes in societal attitudes, policy changes - Threats - external factors that may disrupt, damage or hinder the project in any way
What is Decision Tree Analysis?
A common application of EMV involving representing the choice between two or more options in the form of a diagram, and using quantitative data to compare possible outcomes of each of the options
What is a cause-and-effect diagram?
A diagram for identifying the various factors that contribute to a problem or risk, to identify the main categories of causes for a risk, and then to drill down into specific causes.
What is an Influence diagram?
A diagram that graphically maps out a situation, showing how the factors of the situation may influence each other, that is useful for root cause analysis - especially where a problem is due to a bad decision - because it helps the project manager identify which factors influenced a decision
What is a Flowchart?
A graphical representation of a system or process that shows the sequence of steps it includes and how its different components link. In root cause analysis, flowcharts can be used to identify risks between the different components of a system or process
What is a Topic Process flowchart?
A graphical representation of the logical sequence of steps in a process or system from start to finish that can help recognize new risks as well as process-related causes of risks already identified that can then be used to complete the risk register
What are Modelling Techniques as used during the Quantitative Risk Analysis process?
A model is a set of rules representing real behavior - feeding data in to the model will return predictions of how a real system or scenario would respond - used to test the effects of changes
What is a secondary risk?
A new risk that arises because of the planned response - any risk response can lead to one or more secondary risks
What is Expected Monetary Value (EMV) Analysis?
A quantitative risk analysis technique based on the principle that the importance of a risk to a project doesn't depend just on how much damage it could cause, it also depends on how likely it is that the risk will occur which can be used to determine the relative significance of risks, given both their possible impacts and their probabilities of occurring. EMV = impact x probability
What is the strategy of Avoiding a negative risk (threat) as a planned risk response?
A risk response that must prevent the risk from affecting the project at all as it is so costly or unpredictable that they should be avoided. Can include changing the project management plan so the risk isn't encountered or changing or relaxing a project objective that's in jeopardy
What is the USED strategy?
A series of questions used to refine a completed SWOT analysis, the letters stand for - How can we Use each strength? - How can we Stop each weakness? - How can we Exploit each opportunity? - How can we Defend against each threat
What is an non-iterative model within the Quantitative Risk Analysis Modelling technique?
A single set of values representing the possible impacts and probabilities of each factor in an outcome is used to determine a result
What is Root Cause Analysis as used in during the Identify Risks process?
A technique used to help identify and manage potential risks, as well as to develop preventive action by investigating risks to identify their root causes - the cause rather than the symptom can then be addressed
What is the most useful way to represent the results of a Sensitivity Analysis?
A tornado diagram in which a bar represents each risk and the range of the impact it could have, from negative to positive impact. The length of each bar represents the relative impact of each risk - the bars are ordered in sequence from greatest impact to least (this give the diagram its characteristic "tornado" shape)
What is Uniform Distribution and how is it depicted in a Probability Distribution Graph?
All the possible outcomes between known upper and lower limits have the same probability - occurs if the range between which values can fall is known but none of these values is more probable then the other or if there is insufficient information to determine what's most probable
What is a risk event?
An event that may or may not occur in the future that could have an impact on a project's objectives
What is Topic Assumptions Analysis as used in during the Identify Risks process?
An ongoing process - best completed by a group that were not those who identified the original risks to ensure objectivity - that involves identifying potential risks by examining the validity of the assumptions on which its based by asking two questions - Is the assumption valid? - What impact could the assumption have on the project if it proves false?
What are reserves defined as during risk contingency planning?
Any resources needed to offset the impact a risk event has on a project's scope, schedule, cost or quality
What is the best way to perform a Root Cause Analysis?
Best done by a group of experienced stakeholders in a brainstorming session to get varied perspectives and feedback
What are the two types of distribution used most often in project risk analysis and why?
Beta and triangular as both are useful for representing the three-point estimates established during interviews
How do you produce the best result when conducting a Root Cause Analysis?
By being thorough - even after a possible cause for a risk is identified keep asking questions to identify as many relevant causes as possible
Once a three-point estimate is obtained how is the probability calculated?
By summing the impact x probability of each of the three estimates - e.g. ((0.20 x $150,000) + (0.50 x $180,000) + (0.30 x $120,000)) = $183,000
What project document updates would be expected as an Output of the Planning Risk Responses process?
Changes to the assumption log and technical documentation
What is the technique of Reserve Analysis used during the Monitoring and Controlling Risks process?
Comparing the remaining contingency reserves for a project with the remaining risks to determine whether the reserves are sufficient to see through to the end of the project.
What inputs is used to perform a cost-based risk analysis using an iterative modelling technique?
Cost estimates
What is indicated if the result of a Reserve Analysis during the Monitoring and Controlling Risks process is that finance or time reserves are too low?
Could signify that a higher than expected number of risks have already occurred to drain reserves or that the impact of risks that have occurred were greater than estimated
How is EMV calculated?
EMV = impact x probability
What is Variance Analysis used for during the Monitoring and Controlling Risks process?
Evaluates the differences between planned and actual performance in terms of cost, the schedule or other performance criteria - Earned Value (EV) analysis is one kind of variance analysis
What is the technique of risk reassessment used during the Monitoring and Controlling Risks process?
Evaluating project risks and, if necessary, re-rating and reprioritizing them. The depth and frequency of reassessment depends on a project's progress relative to its objectives - if the project is meeting its objectives, risk reassessment doesn't' need to be as vigorous as it would if the project was in trouble
What are unknown unknowns?
Events that no one identified as risks before they happen often because there is no precedence set for the risk events having occurred in the past or due to a lack of knowledge regarding the activity affected by the risk event e.g. communication breakdowns, natural disasters, power failures
What is the Quantitative Risk Analysis process used for?
Expanding on the qualitative risk analysis by evaluating risks in more detail and using more objective methods so risks can be rated numerically based on how they could affect overall project objectives
What are opportunities and threats included in a SWOT analysis?
External factors that may influence the project team's ability to meet its objectives
What is the technique of Technical Performance Measurement used for during the Monitoring and Controlling Risks process?
Focuses on product-related risks such as scope, functionality and quality, comparing actual and planned technical achievements in key performance areas. Examples of technical performance parameters include any quantifiable measure of its attributes, such as the product's features, size, speed or output capacity
When are contingent response strategies used as a planned risk response?
For positive or negative risks where it's not possible or cost-effective to respond to a risk until the risk actually occurs
What is Risk Categorisation as used during the Qualitative Risk Assessment process?
Grouping sets of risk - usually by source, project areas or project phases - this can reveal areas of the project most exposed to risk and inform risk response planning
It is important to focus risk planning on what type of risks?
High-priority risks which have a high potential impact and probability of occurring
The Risk Register is an Output of what risk process?
Identify Risks
What is Discrete Distribution as it relates to a Probability Distribution Graph?
Includes the probabilities of a fixed number of outcomes - for example, represented in a bar chart e.g. assessing the probability of a task - like the installation of plumbing - taking from four to nine days to complete
What is Continuous Distribution as it relates to a Probability Distribution Graph?
Includes the probabilities of a full range of possible outcomes, usually represented as a curve - e.g. show the probabilities of the possible costs of a project where these costs form an unbroken range - the costs will fall between $14 and $18 million
What are strengths and weaknesses included in a SWOT analysis?
Internal factors that may influence the project team's ability to meet its objectives
What is the strategy of Mitigating a negative risk (threat) as a planned risk response?
Involves reducing the probability of risks occurring and the impact they will have if they do occur but doesn't eliminate the risks altogether. Techniques for mitigating risks can include adopting less complex processes, conducting more tests, choosing more stable suppliers or building redundancy into a system
What is the strategy of Transferring a negative risk (threat) as a planned risk response?
Involves shifting some or all of a negative risk to a third party - most often used to manage financial risks
What is Sensitivity Analysis?
Involves testing how changes in one variable affect an outcome when all other variables are kept the same. By repeating the process for each of the variables one at a time you can assess which has the greatest impact
What is the biggest problem with a SWOT analysis?
It can be highly subjective and therefore is best used in conjunction with other tools and techniques
What information is contained in the Schedule Management Plan that is used in the Plan Risk Management process?
It contains directions for reporting and assessing activity duration contingencies
What is the main benefit of quantitative risk analysis?
It reduces uncertainty
What is the biggest problem with Qualitative Risk Analysis?
It relies on the subjective judgment of stakeholders and so is open to bias - this may result in overlooking critical risks or focusing on improbably risks
What is the strategy of Sharing a positive risk (opportunity) as a planned risk response?
Joining with an external party to increase the chance of securing benefits and agreeing to share the rewards
What is Trend Analysis used for during the Monitoring and Controlling Risks process?
Looks at performance and focuses on identifying patterns over time - trends suggest future performance patterns - if no action is taken to disrupt them - and can help identify risks that have come to fruition
What is the strategy of Exploiting a positive risk (opportunity) as a planned risk response?
Making the most of an opportunity by eliminating uncertainty in the project to ensure that it happens. This may involve changing a project's objectives, schedule or budget
What are Quantitative Measurements?
Measurements that are expressed as definite numeric values or quantities - e.g. a person is 6 feet and 4 inches tall
What are Qualitative Measurements?
Measurements that are typically subjective and do not have a definite numeric value that describe characteristics in relative terms - e.g. describe a person as tall , of roughly average height or short.
What risk process is not included in the Planning process group?
Monitor & Control Risks
What is Triangular Distribution and how is it depicted in a Probability Distribution Graph?
Only three values are plotted - typically representing the best case, most likely and worst-case scenarios. The highest point isn't the same as the average value - it represents an expert's best guess - the average of the values may lie to the left or right of this point
The Risk Management Plan is an Output of what risk process?
Plan Risk Management
What is meant by contingent response strategies (contingency planning)?
Planning responses in case risk events actually occur - involves assigning reserves so that the responses can be implemented when necessary - back-up plans for when things go wrong
What are probability of achieving cost and time objectives as an Output of the Quantitative Risk Analysis process?
Probability distributions - typically represented in a probability distribution graph - indicating how risks may affect specific budgetary or schedule related goals - e.g. analysis may determine a 35% chance of a project finishing by its planned completion date, or a 68% chance of completing within its planned budget
What are probabilistic analysis updates to the Risk Register as an Output of the Quantitative Risk Analysis process?
Probability distributions - typically represented in a probability distribution graph - indicating how risks may affect the overall success of a project in terms of its total cost and completion date and provides statistics about the project's possible outcomes, in terms of cost and time - e.g. a cumulative cost chart can be used to illustrate what the budget constraints will need to be
What should always be identified as risks?
Project assumptions
Which is done first, Quantitative or Qualitative Risk Analysis?
Qualitative Risk Analysis
What is Beta Distribution and how is it depicted in a Probability Distribution Graph?
Represents the probabilities of all values between specified minimum and maximum values - the most likely value is at the top of the curve (the shape of the curve is determined using mathematical methods)
What is Lognormal Distribution and how is it depicted in a Probability Distribution Graph?
Results if the logarithm of a variable has a normal distribution - values are skewed to the right side of an average - or median - value. Occurs in specific cases where the factors that affect a variable have a multiplicative effect on its values - e.g. weight and blood pressure values for a human population have a lognormal distribution
How is risk priority calculated in a Probability and Impact Matrix?
Risk Probability x Risk Impact = level of risk priority
What are the key enterprise environmental factors that act as Inputs to the Plan Risk Management process?
Risk attitudes and tolerances that demonstrate the degree of risk an organization is willing to endure
What is the Output of the Qualitative Risk Assessment process?
Risk register updates
What are risk-related contract decisions as an Output of the Planning Risk Responses process?
Risk related contract decisions about how risks must be shared or transferred and how benefits will be shared among stakeholders - contracts, insurance policies, performance bonds, guarantees and warranties - that become inputs for the Plan Procurement process
What is meant by a prioritised list of quantified risksas an Output of the Quantitative Risk Analysis process?
Risks prioritised within risk categories in order of their possible impacts and statistical probabilities from most to least significant
What are known unknowns?
Risks that can be predicted and therefore mitigated against and can often be identified early in the project based on events that have occurred in similar past projects or can be common sense predictions about what can go wrong e.g. client changes to the scope or budget overruns
What is a positive risk?
Risks that may have a beneficial effect on a project, often called opportunities
What is a negative risk?
Risks that may have a detrimental impact on a project, often called threats
What is the strategy of Accepting a negative risk (threat) as a planned risk response?
Simply to accept the risks and their possible consequences. Active or passive acceptance is an acceptable strategy when a risk is small, unavoidable, unknown and cant' be transferred, shared or mitigated
What is the strategy of Accepting a positive risk (opportunity) as a planned risk response?
Sometimes it may be the best plan of action to simply accept the risk and move on with the project
What does SWOT stand for?
Strengths, Weaknesses, Opportunities & Threats
What is the strategy of Enhancing a positive risk (opportunity) as a planned risk response?
Taking steps to increase the likelihood or positive impact of the opportunity on a project - e.g. a casino taking active steps to win the approval of nearby residents by donating funds for local projects
What is used as the basis for categorising risks by risk source?
The Risk Breakdown Structure
What is the Output of the Plan Risk Management process and it's contents?
The Risk Management Plan which contains the following information - Risk methodologies - Roles & responsibilities - Budgeting - Timing - Reporting formats - Tracking - Risk categories
What is used as the basis for categorising risks by areas of the project affected?
The Work Breakdown Structure
Define Risk Impact
The amount of danger or opportunity the risk event poses to the project - concerned with the effect the risk event will have on the project's objectives - e.g. meeting the budget, finishing on schedule, satisfying customer expectations
Why are the cost and schedule management plans important Inputs to the Quantitative Risk Analysis process?
The controls that will be used to manage cost and schedule as many project risks are related to cost and activity duration estimates and budget and schedule overruns
Define Risk Tolerance
The degree of risk that stakeholders are willing to endure before they say that the risk's impact is too severe to be beneficial to the project - if risk tolerance is high, it means that they are risk takers - risk tolerances can change during a project lifecycle
What is Normal Distribution and how is it depicted in a Probability Distribution Graph?
The highest point is the average value - all other values fall symmetrically on either side of this point to create a bell shape - the further values move away from an average the less likely they are to occur
Define Probability as it relates to risk
The likelihood that an event will occur most often expressed as a percentage (%) but sometimes expressed as a number from zero to one
What is a Three-Point estimate?
The most useful starting point for quantitative risk analysis and contains the basic information needed to be obtained from experts incorporating an optimistic - or best - view, an estimate of what's most likely, and a pessimistic - or worst - view of how events may unfold
What information related to a three-point estimate is important to record?
The rationale for the estimates and any assumptions on which they are based - these provide insight about the reliability and accuracy of the estimates
What is the relationship between stakeholder risk tolerance and risk impact thresholds?
The relationship between risk tolerance and definition thresholds is directly proportional - Low risk tolerance = low thresholds for defining risk impact - High risk tolerance = high thresholds for defining risk impact
What is the best way to avoid bias during Qualitative Risk Analysis?
The risk management plan must clearly define probability and impact scales to ensure a consistent approach for measuring probability and impacts
What is an iterative model within the Quantitative Risk Analysis Modelling technique?
The same "what if" scenario is played out repeatedly, each time with a different, randomly chosen set of possible values for the variables that may affect its outcome - in theory repeating the process many times gives this model the characteristic of accuracy - the more times random values are chosen and used, the closer the model is to simulating random probability in real life. The output of the simulation is a prediction of how risks may impact cost or schedule objectives - usually in the form of a probability distribution graph
When considering the impact of a risk you should look at what?
The severity of impact - often rated as low, medium or high based on the impact the risk has on the project's objectives
How is Risk Impact assessed during a Risk Probability and Impact Assessment?
The team determines the potential effect of each risk on a project, typically in relation to schedule, cost or performance objectives and then record these findings using the same scale used for probability - either ordinal or cardinal - as defined in the risk management plan
How is Risk Score recorded during a Risk Probability and Impact Assessment?
The team uses a probability and impact matrix (part of the risk management plan) to complete this equation and determine what priority level a risk's overall score represents. The impact matrix has probability scores down one side and possible impact ratings - for both threats and opportunities - along the bottom. The connecting cells show the combined scores, and their shading identifies the associated priority levels
How is Risk Probability assessed during a Risk Probability and Impact Assessment?
The team uses expert judgment to estimate how likely it is that each risk will occur and then record these findings using the scale defined in the risk management plan or one that is already available in the organization - the scale may be ordinal or cardinal
What is Checklist Analysis as used in during the Identify Risks process?
The technique of creating a list of project risks, generally based on historical information from similar past projects such as old risk registers and lessons learned documentation, and assessing whether the risks apply to the current project
What is the Risk Urgency Assessment technique used for during the Qualitative Risk Assessment process?
To assess how quickly a risk should be dealt with by prioritizing risks based primarily on timing - risks that could occur soon are seen as more urgent than those that may occur later on
What is the purpose of a risk probability and impact assessment?
To assign a combined probability-impact rating to each risk - then prioritize risks based on the relative levels of threat or opportunity they represent
What is the Risk Data Quality Assessment technique used for during the Qualitative Risk Assessment process?
To ensure the information gathered and assessed as part of the risk quality process is not inaccurate, biased or incomplete as otherwise the results of the qualitative analysis will be unreliable
What are Risk Audits used for during the Monitoring and Controlling Risks process?
To evaluate and document the effectiveness of risk response and risk management processes
What is the aim of risk management?
To increase the likelihood of a positive outcome
What is the objective of Qualitative Risk Analysis?
To prioritize risk according to their probability and impact and to compare the results against risk tolerance levels - these levels are related to project constraints and time frames
What are Status Meetings used for during the Monitoring and Controlling Risks process?
To review performance information to identify new risks or update on existing risks that are being monitored
How is Expected Monetary Value (EMV) Analysis used during the planning of contingent risk response strategies?
Used to ensure enough reserves are put aside to put the planned responses in motion when risk events occur EMV = probability x impact
What should the project team understand in order to effectively rate risk impact?
What constitutes a low, medium and high impact on each of the project's objectives - this is often contained in a table to define how impact should be assessed for each project objective
What is a residual risk?
What risk remains after the planned response is used to mitigate an identified risk as much as possible - typically has a lower impact and priority than the original risk the response is designed to address
What does a negative net EMV value represent?
Where negative risks (threats) outweigh the positive risks (opportunities)
What does a positive net EMV value represent?
Where positive risks (opportunities) outweigh the negative risks (threats)
How does innovation affect risk?
With innovation comes an increase in risk as new things are being tried rather than following an old, well-established path
