| Project Risk Management |
| Knowledge Areas |
Major Processes desc. |
Primary Inputs |
Tools & Techniques |
Primary Outputs |
| Risk Management Planning |
Deciding how to approach and
plan risk management activities. |
1. Enterprise Environmental Factors
2. Organizational Process Assets
3. Project Scope Statement
4. Project Management Plan |
1. Planning meetings and
analysis |
1. Risk management plan |
| Risk
Identification |
Determining which
risks are likely to affect the project & documenting their characteristics |
1. Enterprise
Environmental Factors
2. Organizational Process Assets
3.Risk management plan
4. Project Scope Statement
5. Project Management Plan
|
1.Documentation reviews
2. Info-gathering techniques
3. Checklist analysis
4. Assumptions analysis 5. Diagramming techniques |
1.Risk Register |
| Qualitative Risk Analysis |
Assessing the impact and likelihood of
identified risks. |
1. Organizational Process Assets
2. Risk Register
3. Project Scope Statement
4. Project Management Plan
|
1. Risk probability & impact assessment
2. Probability and impact matrix
3. Risk data quality assessment
4. Risk Categorization 5. Risk urgency assessment
|
1.Risk Register (Updates) |
| Quantitative Risk Analysis |
A process that analyzes numerically the
probability of each risk and its consequence on project objectives |
1. Organizational Process Assets
2. Project Scope Statement
3. Risk Management Plan
4. Risk Register
5. Project Management Plan * Project Schedule Management Plan * Project Cost
Management Plan |
1. Data Gathering and representation
techniques (Interviewing, probability distribution and EJ)
2. Quantitative Risk analysis & modeling techniques. (Sensitivity, EMV,
Decision Tree) |
1. Risk Register (Updates) |
| Risk Response Planning |
Developing options & determining actions
to enhance opportunities to reduce threats to project objectives |
1. Risk Management Plan
2. Risk Register |
1. Strategies for negative risk or threats 2.
Strategies for positive risk or opportunities
3. Strategies for both threats and opportunities
4. Contingency response strategy |
1. Risk Register (Updates)
2. Project Management Plan (Updates)
3. Risk related contractual agreements |
| Risk Monitoring & Control |
Tracking identified risk, monitoring residual
risks, and identifying new risk, ensuring the execution of risk plans and
evaluating the effectiveness in reducing risk. |
1. Risk Management Plan
2. Risk Register
3. Approved Change Requests 4. Work Performance Information
5. Performance Reports |
1. Risk reassessment
2. Risk audits
3. Variance and trend analysis
4. Technical performance measurement
5. Reserve analysis
6. Status Meetings |
1. Risk Register (Updates)
2. Requested Changes 3. Recommended Corrective actions
4. Recommended Preventive actions
5. Organizational process asset (Update)
6. Project Management Plan (Updates)
|
|
Project risk - Is an uncertain event or
condition that, if it occurs, has a positive or a negative effect on a project
objective.
A risk has a cause and, if it occurs, a consequence. Risk identification is an
iterative process. (Just like core process)
|
| Risk Types
|
| 1. Business (Gain or Loss) 2. Pure Risk (Only Risk of Loss)
|
| Planning meetings |
| - Attendees - project manager, the project team leaders,
anyone in the organization with responsibility to manage the risk planning and
execution activities, key stakeholders, |
| Qualitative Risk Analysis |
| Prioritizing risks for subsequent further analysis or
action by assessing and combining their probability of occurrence and impact. |
| Quantitative Risk Analysis |
| Numerically analyzing the effect on overall project
objectives of identified risks. |
| Attitude about Risk |
| Should be made explicit, Communication about risk should
be honest and open. Risk response reflects organizations perceived balance
between risk taking and risk avoidance. Some one who does not want to take
risks is said to be Risk Averse. |
| Tolerance and Threshold |
| Tolerance are areas of risk that
are acceptable or unacceptable. A threshold is the amount of risk that is
acceptable |
|
Risk Management Plan – Describes how Risk Management will be structured and
performed, it includes
1. Methodology (Approach, tools and data sources)
2. Budgeting (Resource and Cost Estimate)
3. Timing (When and how often)
4. Risk Categories (RBS, Good practice is to review risk
categories during RMP prior to Risk Identification Process)
5. Definition of Risk Probability and Impact (Used for
Qualitative Risk Analysis, Quality & credibility important)
6. Probability and Impact Matrix (Look up table, with impact
categorized as Low, Moderate or High)
7. Revised Stakeholders tolerances
8. Reporting Formats (Describes Risk Register
Contents and format)
9.Tracking (Auditing and Documentation for LL)
|
| Information Gathering
Techniques (I/P for Risk Identification) – 1.Brainstorming
2.Delphi Technique 3.Interviewing 4.Root cause analysis 4.SWOT analysis |
| Check List Analysis (I/P for Risk
Identification) – Can be based on Historical information of previous similar
projects, the lowest level of RBS can also be used as Risk Checklist. |
Quantitative Risk Analysis
1. Data Gathering and Representation Technique
1.
Interviewing
2.Probability
Distributions (Beta Distribution and Triangular Distribution)
2. Quantitative Risk Analysis and Modeling Techniques
1. Sensitivity Analysis
– Determine which risks have most potential impact, Tornado Diagram.
2. Expected Monetary
Value – Opportunity expressed as Positive, Risk expressed as negative. Modeling
and Simulation is recommended for Cost & Schedule Risk analysis because
they are more powerful and less subject to misuse than EMV analysis.
3. Decision tree analysis – Shows
available choices and their possibilities
4. Modeling and Simulation – Done
using Monte Carlo Technique. Cost Risk Analysis use CBS or WBS. Schedule Risk
analysis use PDM.
|
| Strategy for Positive Risk
or Opportunities - SEE – Share, Exploit, Enhance |
| Strategy for Negative Risk
or Threats – ATM – Avoid, Transfer, Mitigate |
| Strategy for Both
- Acceptance |
| Residual Risks – Risks that are
expected to remain after planned responses have been taken, as well as those
have been deliberately accepted. |
| Secondary Risks
– Risks that arise as a direct outcome of implementing a risk response. |
| Recommended Corrective Actions – For
Risk monitor and Control include Contingency plans and workaround plans. Work
around plans are not initially planned but are required to deal with emerging
risks that were previously unidentified or accepted. |
| Risk database - A repository that
provides for collection, maintenance, and analysis of data gathered and used in
the risk management processes. Use of this database will assist risk management
throughout the organization and, over time, form the basis of a risk lessons
learned program. |
|
Risk Register
1. List of Identified Risks (including root causes and
assumptions)
2. List of Potential Responses
3. Root causes of Risks
4. Updated Risk Categories (RBS which is developed in RMP is
enhanced or amended)
Updates after Qualitative Risk Analysis
5. Relative Ranking or Priority list of Project Risks
6. Risks grouped by categories
7. List of Risk requiring Response in the near term
8. Watch list of low priority risks
9. Trends in Relative Risk analysis results
Updates after Quantitative Risk Analysis
10. Probabilistic Analysis of the project
11. Probability of Achieving Cost and Time Objective
12. Prioritized List of Quantified Risks
13.Trends in Quantitative Risk Analysis Results
Updates after Risk Response Planning
14. Identified Risks, their descriptions, areas of the project and how
they affect project objectives
15. Risk owners and their responsibilities
16. Agreed upon response strategies
17. Symptoms and warning signs of risks occurrence
18. Budget and Schedule activities required to implement the chosen responses
19. Contingency reserves of Time and Cost. Contingency Triggers.
20. Fallback plan
21. Residual and Secondary Risks
|
| Project Risk Management – processes
concerned with identifying, analyzing, and responding to uncertainty. The most
likely cause of poor risk management is lack of prioritized list of risks. |
|
|
|
|
|
|
|
|
|
|
|
|
|