Leon's Workshop

[PMP®] Risk Management Notes

Project Management Professional (PMP)®, Test Prep
Leon Hao
X. Risk Management
Concepts
  • The Project Manager is in control and proactively managing events, avoiding as many problems as possible.
  • The Project Manager must understand how to anticipate and identify areas of risk, how to quantify and qualify them, and how to plan for them.
  • Characteristics of the Risk:
    • Risk is related to an uncertain event.
    • A risk may affect the project for good or for bad. Although risk usually has negative connotations, it may well have an upside.
    • The differences between Individual Project Risk and Overall Project Risk:
      • An individual Project Risk threatens an objective.
      • Overall Project Risks are things that threaten the success of the project.
  • Some of the risks may be because the situations are naturally variable. Others may occur because things are purely uncertain or ambiguous.

Processes
  • [Planning] Plan Risk Management
    • The sole output and also the only concern of this process is creating the risk management plan
    • This process is to create roadmap for all other 6 risk related processes
    • The more risk that is inherent on the project, the more important the project is to the organization, the more resources you would typically apply to performing this process.
    • Takes place early on the project, usually before many of the other planning processes are performed.
    • The reason of taking this process early is because the significantly influence decisions made about scope, time, cost quality and procurement.
    • Inputs
      • Project Charter
        • The Project Charter may contain information about risk tolerance or constrainsts and assumptions that need to be factored into the risk management plan.
      • Project Management Plan
        • This process brings in as much information as is known about the project inoder to create a risk management plan with compatible approach.
      • Project Documents
        • The stakeholder register is the important document in this process because it lists stakeholders who may be able to give input about risk approaches and who may be affected by risk management decisions.
      • Enterprise Environmental Factors
      • Organizational Process Assets
    • Tools
      • Expert Judgement
      • Data Analysis
      • Meetings
    • Outputs
      • Risk Management Plan
        • Creating the risk management plan is the real purpose of this process.
        • The Risk Management Plan is a road map to the other six risk management processes.
        • It defines what level of risk will be considered tolerable for the project, how risk will be managed, who will be responsible for risk activities, the amounts of time and resource that will be allotted to risk activities, and how risk findings will be communicated.
        • Risk Management Plan is a description of how risks will be categorized.
        • One tool for creating consistent risk categories is the risk breakdown structure(RBS).
        • Risk Breakdown Structure (RBS) is graphical, hierarchical decomposition used to facilitate understanding and organization.
        • RBS is that we are not breaking down the actual risks, instead, we are beaking down the categories of risks that will evaluate.

  • [Planning] Identify Risks
    • Identify Risks is a planning process that evaluates the project to create a list of the risks that could potentially impact the project and to understand the nature of those risks.
    • The output – Risk Register is a list of all risks, their causes, and any possible responses to those risks that can be identified at this point in the project.
    • Identify Risks is typically performed early on in the project, risks change over time, and new risks arise. It may be necessary to perform this process multiple times throughout the project.
    • Inputs:
      • Project Management Plan
      • Project Documents
      • Agreements
        • Contracts almost always have enforcements and penalties if the terms are not met, and oftentimes they have rewards if the terms are met or exceeded. Potential penalties and rewards represent a type of risk.
      • Procurement Documentation
        • Portions of the project that are procured from outside organizations carry their own inherent risks.
      • Enterprise Environmental Factors
      • Organizational Process Assets
    • Tools:
      • Expert Judgement
      • Data Gathering
        • Brainstorming
        • Checklists
      • Data Analysis
        • Root Cause Analysis

          Two tools are used to trace risk events back to identify the underlying factors that led to them.

          • Ishikawa (fishbone) diagrams
          • Five why
        • Assumptions and Contraint Analysis
          • The project management plan is largely built around assumotions and constaints, and these need to be analyzed and challenged from time to time.
        • SWOT Analysis
          • It is a tool used to measure the project's strenths (S), weakness(W), opportunities(O), and threats(T).
        • Document Analysis
          • Areas where project documentation is not clear might be an indicator of underlying risks.
      • Interpersonal and Team Skills
      • Prompt Lists
        • A prompt list is used by the project team to help facilitate a risk review.
        • Used periodically or between each phase to serve as a kind of framework for identifying new risks that might have arisen.
        • Three frameworks:
          • PESTLE: Political, Economic, Social, Technological, Legal, Environmental
          • TECOP: Technicalm Environmental, Commerical, Operational, Political
          • VUCA: Volatility, Uncertainty, Complexity, Ambiguity
      • Meetings
    • Outputs:
      • Risk Register
        • The risk register provides a list of all identified risks on the project, what the possible reactions to this risk are, what the root causes are, and what categories the risks fall into.
        • Risk Register is an essential input into the remaining risk management processes and may be updated throughout the life of the project.
      • Risk Report
        • Risk Report looks at the factors contributing to risk and high-level information on the identified risks.
        • The Risk Report is more of a summary document and will likely be more verbose about what things are contributing to project risk.
      • Project Documents Updates
  • [Planning] Perform Qualitative Risk Analysis
    • Perform Qualitative Risk Analysis is usually done rapidly in order to determine which risks are the highest priority on the project.
    • This process takes each risk from the risk register and works to analyze the probability it will occur and its impact if it does. By using the probability and impact matrix (PMI), a prioritzation and ranking can be created, which is updated on the risk register.
    • This process helps you rank and prioritize the risks so that you can put the right emphasis on the right risks. It helps to ensure that time and resources are spent in the right risk areas.
    • This process perform more than once on a project, reasons are:
      • Perform Qualitative Risk Analysis can usually be performed fairly quickly relative to other planning processes.
      • It is normal for risks and their underlying characteristics to change over the life of the project, making this process important to revisit often.
    • Inputs:
      • Project Management Plan
      • Project Documents
      • Enterprise Environmental Factors
      • Organizational Process Assets
    • Tools:
      • Expert Judgement
      • Data Gathering
      • Data Analysis
        • Risk Data Quality Assessment:
          • The data should be objectively evaluated to determine whether or not it is accurate and of acceptable quality.
      • Risk Probability and Impact Assessment / Probability and Impact Matrix
        • Each risk in the risk register is evaluated for its likelihood of occurring and its potential impact on the project.
        • Each of these two values(likelyhood of occurring and potential impact) is given a ranking and are multiplied together to get a risk score.
      • Assessment of Other Risk Parameters
        • Urgency
          • How much time you have to respond to a risk event.
          • Lower urgency is more desirable.
        • Proximity
          • How much time you have before the risk impacts project goals.
          • Lower proximity is more desirable
        • Dormancy
          • How much time will likely pass after the risk has occurred but before it is detected.
          • Lower dormancy is more desirable.
        • Manageability
          • How easily a risk's impact can be managed
          • Higher manageability is more desirable
        • Controllability
          • How easily a risk event can be changed
          • Higher controllability is more desirable
        • Detectability
          • How easily a risk event can be noticed or recognized.
          • Higher detectability is more desirable.
        • Connectivity
          • Risks occur is similar to the way dominoes fall, with one impacting the next and setting off a chain reacition.
          • Lower risk connectivity is more desirable.
        • Strategic Impact
          • How likely the risk event is to impact the organization's strategic goals
          • Lower strategic impact is more desirable
        • Propinquity
          • Propinquity is the measure of how important the project's stakeholders perceive this risk to be.
          • Lower propinquity is more desirable.
      • Interpersonal and Team Skills
      • Risk Categorization
        • Categorizing the detailed risks can help you build a better big-picture of the risks.
        • Help you understand which parts of the project have the highest degree of uncertainty.
        • The RBS is a common way to help organize the identified risks into categories.
      • Hierarchical Charts
      • Meetings
    • Outputs:
      • Project Documents Updates
  • [Planning] Perform Quantitative Risk Analysis
    • Perform Quantitative Risk Analysis seeks to assign a projected value to quantify the risks that have been ranked by Perform Qualitative Risk Analysis.
    • Most often specified in terms of cost or time.
    • Not all projects need to perform this process. If your project is large, complex, strategic, required y contract, or required by a key stakeholder, you may decide to carry it out.
    • Perform Quantitative Risk Analysis is usually performed rifht after Perform Qualitative Risks Analysis, in some cases they may be performed at the same time.
    • Inputs
      • Project Management Plan
      • Project Documents
      • Enterprise Environmental Factors
      • Organizational Process Assets
    • Tools
      • Expert Judgement
      • Data Gathering
      • Interpersonal and Team Skills
      • Representations of Uncertainty
        • Showing the likelihood of a risk occurrence
      • Data Analysis
        • Simulation
          • Monte Carlo Analysis (most common)
            • It is a perennial facorite topic for the exam
            • It is a tool that takes details and assembles a big pictures.
            • Monte Carlo Analysis throws lorage numbers of "what-if" scenarios at the schedule activities or at individual costs to seet the impact of certain risk events.
            • It will show you what is not always evident by simply looking at the schedule or budget.
            • It will often identify tasks that may not apprear inherently high risk, but in the event they are delayed or that they exceed budget, the whole project may be adversely affected.
        • Sensitivity Analysis
          • A commonly used data analysis tool to depict sensitivity to risk is tornado diagram, named for the funnel shape of its bars.
          • A tornado diagram provides a way to depict the project's sensitivity to cost or other risk factors.
          • It helps the team understand which risks pose the greatest threats (or potential rewards – risks may be positive or negative) to the project.
        • Decision Tree Analysis
          • Decision trees are used to show probability and arrive at a doolar amount associated with each risk.
          • Compute the expected monetary value (EMV) for the event. The Expected Monetary Value(EMV) should take into consideration each probability included in the branch.
        • Influence Diagrams
          • It depicts the actors (or entities), influences, and possible outcomes.
    • Outputs
      • Risk Report
        • The Risk Report (created in the Identify Risks process) is updated to include the reults of quantitative analysis, can include a anything from a ranking of the risks to the diagrams used in the data analysis section.
        • The main point of this is to update recommended risk responses which will feed the Plan Risks Responses process.
  • [Planning] Plan Risk Responses
    • It creates a plan for how each risk will be handled.
    • This is the one that is most oriented toward taking action.
    • The resulting plan is actionable, meaning that it assigns specific tasks and responsibilities to specific team members.
    • Plan Risk Responses is performed after all of the other risk planning processes have been completed.
    • The Rist Register flows in as an input, nad the updated Risk Register emerges as its primary output.
    • Inputs
      • Project Management Plan
      • Project Documents
      • Risk Register
        • The main purpose of this process is to update the Risk Register.
      • Enterprise Environmental Factors
      • Organizational Process Assets
    • Tools
      • Expert Judgement
      • Data Gathering
      • Interpersonal and Team Skills
      • Strategies for Threats
        • Threats are anything that could potentially jeopardize the goals of the project.
        • Five key ways of dealing with threats:
          • Escalate
            • It should only be used when a risk response is outside of the project manager's authority.
            • If a threat is escalated, there needs to be a very clear handoff of responsibility.
          • Avoid
            • Avoidance is a very appropriate tool for working with undesirable risk in some circumstantces.
          • Transfer
            • To transfer a risk to another party ouside of the project is to make it their respnsibility.
            • Contracual agreements and insuarnce are common ways to transfer risks.
            • The key is that the risk is moved outside of the performing organization.
          • Mitigate
            • To mitigate a risk simply means to make it less.
            • It does not eliminate the risk, but mitigating should diminish it.
          • Accept
            • Acceptance is often a perfectly reasonable strategey for dealing with risk, whether positive or negative.
            • When accepting a risk, you are simply acknowledging that the best strategy may not be to escalate, avoid, transfer, or mitigate it.
            • Acceptance may be the best strategy if the cost or impact of the other strategies is too great or likelihood is low.
            • Pasive acceptance requires no proactive steps.
            • Active acceptance may involve setting aside a contingency reserve in case the risk event occurs.
          • Stategies for Opportunities
            • Where Positive risks are concerned, the project manager wants to take steps to make them more likely.
            • Escalate
              • Escalated opportunities are managed at a level above the project manager.
            • Exploit
              • Where the strategy of exploitation is concerned, you are trying to remove any uncertainty.
            • Share
              • The project seeks to improve the chances of the risk occurring by working with another party.
            • Enhance
              • Enhancing a positive risk first requires that you understand the underlying causes of the risk.
            • Accept
          • Contingent Response Strategies
            • As known as a contingency plan or a fallback plan, is one where the project team may make one decision related to risk, but make that decision contingent upon certain conditions.
          • Stategies for Overall Project Risk
            • The same strategies listed earlier in this section for dealing with individual project risk may be used for dealing with overall project risk.
            • The point is to establish your project's overall posture toward risk, to understand and analyze the risks, and to plan appropriate action.
          • Data Analysis
            • Alternatives Analysis
              • Used to look at alternative ways to deal with risk events in general
            • Cost -Benefit Analysis
              • Make sure that the response does not cost more than the risk.
          • Decision Making
    • Outputs
      • Change Requests
      • Project Management Plan Updates
      • Project Documents Updates
        • The updated risk register is the primary output of this process.
        • It now contains the planned responses for each risk.
  • [Executing] Implement Risk Responses
    • Implement Risk Responses is an executing process that puts the risk response plan into action.
    • When Implement Risk Responses is performed depends upon the risks you have identified.
    • It may be begun as soon as you have completed the preceding process of Plan Risk Responses.
    • Inputs
      • Project Management Plan
      • Project Documents
      • Organizational Process Assets
    • Tools
      • Expert Judgement
      • Interpersonal and Team Skills
      • Project Management Information System
    • Outputs
      • Change Requests
        • After risks have been identified, analyzed, and the responses planned, the change requests are the primary way those responses are implemented.
      • Project Documents Updates
  • [Monitoring & Controling] Monitor Risks
    • Plans have to be reassessed and reevaluated.
    • Process of Monitor Risks takes a look back to evaluate how all of that planning is lining up with reality.
    • Inputs
      • Project Management Plan
      • Project Documents
      • Work Performance Data
        • Work Performance Data is used as an input here since monitoring and controlling processes compare the plan to the results.
      • Work Performance Report
        • Work Performance Data provides information on the status of deliverables, the work performance reports focus on cost, time, and quality performance.
        • When the performance reports are concerned, the actual results are compared against the baselines to show how the project is performing against the plan.
    • Tools
      • Data Analysis
        • Technical Performance Analysis
          • The first is to analyze the technical performance of the project. This compares the results with the plan.
        • Reserve Analysis
          • Reserve Analysis is for cost and schedule. This review would alert the project manager if reserves fall below a threshold.
      • Audits
        • Risk audits is that they are focused on overall risk management.
        • They are more about the top-down process than they are about individual risks.
        • Periodica Risks Audits evaluate how the risks management plan and the risk response plan are working as the project progresses and also whether or not the risks that were identifed and prioritized are acutally occurring.
      • Meetings
        • Meeting creates a project culture where bringing up items related to risk is always acceptable and risk is discussed regularly.
    • Outputs
      • Work Performance Information
      • Change Requests
        • When risk events occur, change requests to the project are a normal out come. In addition, even when the events do not occur, the project may be changed as a result of new risk-related information gathered during this process.
      • Project MAnagement Plan Updates
      • Project Documents Updates
        • New risk information, whether it is changes to your risk estimates or actual number, should be reguarly updated in the Risk Register.
      • Organizational Process Assets Updates

PMPTest Prep

Join the ConversationLeave a reply

Your email address will not be published. Required fields are marked *

Comment*

Name*

Website

Save my name, email, and website in this browser for the next time I comment