10. Understand risk and issue management Flashcards
10.1 Explain
each stage in a risk management process (such as initiation, identification, analysis, response, closure) IIARC
Risk - The potential of a situation or event to impact on the achievement of specific objectives.
Risk analysis and management - A process that allows individual risk events and overall risk to be understood and managed proactively, optimising success by minimising threats and maximising opportunities.
Risk techniques - Used to identify, assess and plan responses to individual risks and overall risk.
Risk exposure - The degree to which a risk taker could be affected by an adverse outcome.
Risk management maturity - A measure of the extent to which a project or organisation formally applies effective risk management to support decision making and the treatment of risk.
INITIATION
Risk appetite - How much risk investors are willing to tolerate in achieving their objectives. Expressed as risk thresholds or tolerances.
Risk management plan A document defining how risk management is to be implemented in the context of the particular project concerned.
Risk efficiency - The principle of risk-taking to achieve the minimum level of exposure to risk for a given level of expected return.
Risk manager - The person who is put in charge of matters connected with risk, or certain aspects of risk, on a project.
IDENTIFICATION
Risk identification - The capture of threats and opportunities to the project objectives.
Risk event - An uncertain event or set of circumstances that would, if it occurred, have an effect on the achievement of one or more objectives.
Risk context - The institutional and individual environment, attitudes and behaviours that affect the way risk arises and the way it should be managed.
Risk log - A document that provides identification, estimation, impact evaluation and countermeasures for all risks to the project. It is normally maintained throughout the life of the project.
Risk register - A document listing identified risk events and their corresponding planned responses. Used interchangeably with risk log or risk repository.
Risk owner - The individual or group best placed to assess and manage a risk.
Risk breakdown structure (RBS) A hierarchical breakdown of the risks on a project.
ANALYSIS
Risk analysis - An assessment and synthesis of estimating uncertainty and/or specific risk events to gain an understanding of their individual significance and/or their combined impact on objectives.
Risk assessment - The process of quantifying the likelihood of risks occurring and assessing their likely impact on the project.
Risk prioritising - Ordering of risks according first to their risk value, and then by which risks need to be considered for risk reduction, risk avoidance and risk transfer.
Risk ranking - The allocation of a classification to the probability and impact of a risk.
Risk attitude - The perception driven choice of a person or group about an individual risk, or overall riskiness of a project, programme or portfolio.
Qualitative risk analysis - A generic term for subjective methods of assessing risks that cannot be identified accurately.
Quantitative risk analysis - The estimation of numerical values of the probability and impact of risks on a project usually using actual or estimated values, known relationships between values, modelling, arithmetical and/or statistical techniques.
RESPONSE
Risk response - An action or set of actions to reduce the probability or impact of a threat, or to increase the probability or impact of an opportunity.
Risk response planning - The planning of responses to risks.
Risk avoidance See Avoid (a threat).
Avoid - A response to a threat that eliminates its probability or impact on the project.
Reduce - A response to a threat that reduces its probability, impact or both.
Transfer - A response to a threat that reduces its probability, impact or both by transferring the risk to a third party.
Accept A response to a threat where no course of action is taken.
Exploit - A response to an opportunity that maximises both its probability and impact.
Enhance - A response to an opportunity that increases its probability, impact or both.
Share - A risk management response to an opportunity that increases its probability, impact or both by sharing the risk with a third party.
Reject - A response to an opportunity where no action is taken.
Risk reduction [Reduce] Action taken to reduce the likelihood and impact of a risk.
Risk budget A sum of money that is part of overall cost contingency to cover the cost impact of identified risks. See also Management reserve and Contingency.
Risk monitoring - The process of observing the state of identified risks (also referred to as risk tracking).
All projects are inherently risk because they are unique, constrained, based on assumptions, performed by people and subject to external influences
Risks can affect achievement of objectives either positively or negatively
PM responsible
Risk - the potential of a situation or event to impact on the achievement of specific objectives
Risk Management - a process that allows individual risk events and overall risk to be understood and managed proactively, optimising success by minimising threats and maximising opportunities
Initiation - Risk Management Plan
Identification - Risk Register
Analysis - Risk Reports
Response - Risk response plan
Closure - Lessons Learned
Initiation - Risk Management Plan
- how risk will be managed throughout project lifecycle
- stakeholder reference,
- insight into organisation,
- control structure,
- responsibilities for risk management
- templates
** Risk appetite** - how much risk investors are willing to tolerate in achieving their objectives. Expressed as risk thresholds or tolerances.
Risk attitude - the perception driven choice of a person or group about an individual risk, or overall riskiness of a project, programme or portfolio
Identification - Risk Register - aim is to draw out all knowable risks to protect project objectives
a document listing identified risk events and their corresponding planned responses. Also risk log or risk repository
calibrated impact scales represent objectives at risk and size of impact
- assumptions and constraints analysis - assess the probability that each assumption will be met and impact if violated
- brainstorming - quick, team enthusiasm, facilitator, list of risks with risk source identified
- checklists - key issues that affect their environment, preserving lessons learned, use with proactive methods
- prompt lists - headings related to generic sources of risks - support brainstorming - can be generic hierarchical structure to form risk breakdown structure
- SWOT - use S & O to reduce W & T,
Risk event - an uncertain event or set of circumstances that would if it occurred have an effect on the achievement of one or more objectives
Risk Register
- document/excel
- id’s risk events and corresponding planned responses
- reference number
- description - risk events - situations that may occur
- causes - facts now or stable planning assumptions
- effects - have an impact on one or more of project specific scales
- probability
- impact - pre and post mitigation - TCQ, Safety, and other important areas
** proximity (time/date)**
response strategy - if integrating with response
- mitigation actions
- fallbacks
- status
- Risk Owner - the individual or group best placed to assess and manage risk
- risk actionee
post mitigation impacts - TCQ, safety etc
cost - base value £ - contingency (note also can be time
weighted base - likelihood/probability % - Monte Carlo
**weighted base value - cost £
Analysis - Risk Reports - an assessment and synthesis of estimating uncertainty and/or specific risk events to gain an understanding of their individual significance and/or their combined impact on objectives
qualitative assessment - individual significance / combined impact on objectives - prioritise
quantitative assessment - Monte Carlo simulation, decision trees, sensitivity analysis
- PROBABILITY/IMPACT CRITERIA - TABLE)
- probability (Y axis bottom Low, to top high) /impact on project (X axis left low, to right high
- five degrees of scale – VLO, LO, MED, HI, VHI
- probability/likelihood of occurrence - y axis
- size of impact on project - schedule (time), cost, performance, benefits and other objectives e.g. reputation - x axis
- weight VHI impacts greater than VHI probability
- then apply to risk events
- probability/impact grid - plot analysis and RAG
Response - Risk response plan - an action or set of actions to reduce the probability or impact of a threat or to increase the probability or impact of an opportunity
- decision - to proactively invest unplanned time and money to bring risk exposure into tolerable exposure levels and increase certainty
- planned responses - time, resource, cost
- update integrated project plan - deployment baseline
Closure - Lessons Learned
10.2 Explain
proactive and reactive responses to risk (such as ARTA - avoid, reduce, transfer, accept, and EESR - exploit, enhance, share, reject)
Reactive risk response - An action or set of actions to be taken after a risk event has occurred.
Risk response - An action or set of actions to reduce the probability or impact of a threat, or to increase the probability or impact of an opportunity.
Probability - The likelihood of a risk occurring.
Impact - The assessment of the effect on an objective of a risk occurring.
Impact analysis - An assessment of the merits of pursuing a particular course of action or of the potential impact of a requested change.
Risk response planning - The planning of responses to risks.
Risk avoidance See Avoid (a threat).
Avoid - A response to a threat that eliminates its probability or impact on the project.
Reduce - A response to a threat that reduces its probability, impact or both.
Transfer - A response to a threat that reduces its probability, impact or both by transferring the risk to a third party.
Accept A response to a threat where no course of action is taken.
fallback - reactive response if risk materialises = prepare contingency plans / identify trigger conditions
Exploit - A response to an opportunity that maximises both its probability and impact.
Enhance - A response to an opportunity that increases its probability, impact or both.
Share - A risk management response to an opportunity that increases its probability, impact or both by sharing the risk with a third party.
Reject - A response to an opportunity where no action is taken.
realise opportunity - reactive response = identify what to do if the project develops in a certain way
proactive response
- planned and implemented response
- address probability/likelihood of risk occurring and/or size of impact
- focus on cause of risk
- e.g. sharing cost risk (risks to schedule cannot be shared)
reactive response
- provision for a course of action only implemented if the risk materialises
- accept the risk but with contingent response ready
- may require funding to be built into the integrated plan
avoid / exploit - change project scope
accept / reject - record or monitor
enhance / reduce - share / transfer - proactive responses
reactive fallback / realise opportunity - reactive responses - apply contingency budget
threats - responses reduce effect of the threat so that consequences of the response actions do not exceed the likely value of risk reduction
opportunities - improve one/more of project objectives so that costs and implications of response actions do not exceed the value of the improvement
secondary risks - new risks occur as a result of response taken, aim for lesser magnitude than original risk. If secondary risk same magnitude or greater than original risk response is ineffective
residual risks - amount of risk remaining after a response is committed - assess significance of this risk on won merits and separate response to treat residual risk
Threats
avoid - change objectives/practices e.g. product specification
reduce - tackle risk at source - preventative - investment of cost and mgmt time - justify by costs vs benefits considerations implementation cost should be less than reduction in risks expected value
**transfer **- to another party, insurance - may reduce impact but no effect on the probability of the event occurring - or reduction of risk unless party is more capable of managing risk (e.g. subcontractor)
accept - absorb residual risk and manage consequences - time impact managed by activities not being close to critical path; cost impact managed through financial contingency (identified and unidentified) in budget, stakeholder impact
Opportunities
exploit - change project scope to achieve beneficial outcome for one/more of stakeholders - win-win if benefits all stakeholders - follow up to agree way forward
enhance - strategic or tactical proactive response (strategic being in house to retain control / tactical being identify improve project delivery methods)
share - collaborate to realise an opportunity - both parties may share costs, but will also share benefits if opportunity materialises
reject - opportunity of little value or work to realise opportunity is too great
10.3 Explain
the benefits of risk management
Benefit - A positive and measurable impact of change.
educate staff
reduce sceptism
- informed and believable plans, schedules and budgets - rm helps identify risk factors and allocate tolerances or contingency and so creates more objective description of tasks/activities and related budgets and schedules
- increases likelihood of project adhering to schedules and budgets as more realistic plans (schedules, budgets) - give staff more achievable targets, secure greater levels of comittment, leading to higher probability of success
- meaningful assessment and justification of contingencies - gut feeling approach can lead to over/under provision and innefective application of scarce resources - rm identifies and quantifies amount of contingency required to give acceptance confidence level and contingency fund can be allocated to prime areas of risk
- discourages acceptance of financially unsound projects - assessing impact of possible risks forces realism - early awareness of potential obstacles and opportunities - risk analysis may reveal project may not meet objectives, is not feasible, or a potential threat - decide not to bid or pull out before resources too heaviliy committed
- build up of statistical information assists better management of future projects - provides reference material for future projects with new staff, and mitigate loss of staff transfered to other projects / promoted - formal risk analysis and post -project reviews
- staff develop ability to assess risks - greater awareness of staff’s own area of influence through undertaking risk analysis - lends to current and future activities - improves staff competencies in preparing plans and predicting risks
- facilitates greater risk taking - increasing benefits gained - calculated risk taking - formal risk management techniques with appropriate mitigation and fall back plans lead to greater levels of risk taking with lower contingency and improve overal ROI - proactive management of risk removes some of threats that would otherwise impact on project and also realise opprtunities to improve project outcomes
10.4 Explain
the key aspects of issue management
Issue - A problem that is now breaching, or is about to breach, delegated tolerances for work on a project or programme. Issues require support from the sponsor to agree a resolution.
Issue log - A log of all issues raised during a project or programme, showing details of each issue, its evaluation, what decisions were made and its current status.
Issue management - The process by which issues can be identified and addressed to remove the threats that they pose.
Issue register - See Issue log.
A problem that is now breaching, or is about to breach, delegated tolerances for work on a project or programme. Issues require support from the sponsor to agree a resolution.
- issues are different to problems that are dealt with on a day to day basis by the PM
- issues may occur when risks actually occur and mitigations are insufficient - escalated for resolution
- OK if risks occur and reserved contingencies consumed to expected degrees - that is not an issue
- projects where PM continually managing issues suggest an underlying concern with project plans and controls
- issues happening now could create new risks
barriers to effective adoption of issue management include:
- lack of time,
- reluctance from project team to identify and escalate issues early
- governance board unable to make informed decision that addresses root cause of issue rather than treat symptoms
- important project control
engage PMO to facilitate necessary resolution
Issue management
IDENTIFY
- log in issue register/log - where will be tracked from identification through to resolution and closure
- analyse - understand nature, causes and impacts if not resolved
- prioritise based on impact on success criteria and benefits
- take into account priorities of scope, T, C, Q and benefits in business case
ESCALATE
- to the sponsor - who in turn can escalate to governance board for resolution
ASSIGN
- actions assigned to person or group best places to address issue and identify and implement a resolution in a timely manner
CHANGE CONTROL
- progress any issues that result in changes to scope or baseline through change control
- limits of delegated authority identified and formal change control required when tolerances are breached
RESOLVE AND CLOSE
- including any change control
including any replanning of deployment baseline and PMP
