7 - Defining the Project Budget and Risk Plans Flashcards
1
Q
What are the main topics covered in this chapter?
A
Security, budgeting, risk activities and strategies for your project
2
Q
What are the four types of security mentioned?
A
- Physical security
- Operational security
- Digital security
- Data security
3
Q
What constitutes the classic definition of the triple constraints?
A
- Scope statement
- Schedule
- Budget
4
Q
Define a security policy.
A
A document outlining the minimum standards required to secure the organization’s technology-related systems, assets, and data
5
Q
What sections are typically included in a security policy?
A
- Purpose
- Scope
- Definitions
- Appendix
- Roles and responsibilities
6
Q
What is the purpose section of a security policy?
A
It states what the policy is protecting and why
7
Q
What does the scope section of a security policy define?
A
The people impacted by the policy and a description of the systems covered
8
Q
What is the difference between a policy and a procedure document?
A
A policy outlines what to accomplish, while a procedure outlines how to accomplish it
9
Q
List some examples of IT security policies.
A
- Acceptable use policy
- Protection for electronic confidential information
- Network and system configuration
- Cybersecurity incident response
- Acquisition and disposal of technology assets
10
Q
What is an acceptable use policy?
A
A policy instructing how to use the organization’s technology resources
11
Q
What are branding restrictions in the context of security?
A
Regulations related to trademarks, copyrights, and patents
12
Q
What is a trademark?
A
A symbol used to identify a company, brand names, logos, etc.
13
Q
How are security clearances categorized for government organizations?
A
- Confidential
- Secret
- Top secret
14
Q
What is operational security?
A
Policies for performing background checks and security clearances
15
Q
What does digital security focus on?
A
Access and permissions to digital assets
16
Q
What is multifactor authentication (MFA)?
A
A process requiring two or more methods to verify a user’s identity during sign-in
17
Q
What is data classification?
A
Describing data according to its sensitivity, type, and value to the organization
18
Q
What are two types of sensitive data classifications mentioned?
A
- Personally identifiable information (PII)
- Personal health information (PHI)
19
Q
What is the ‘need-to-know’ principle?
A
Information should only be shared with those who need it to perform a task
20
Q
What is the primary role of a project manager regarding project costs?
A
Estimating costs to complete the work of the project and determining the project budget
21
Q
What are the four cost-estimating techniques?
A
- Analogous (top-down)
- Parametric
- Bottom-up
- Three-point estimates
22
Q
True or False: Cost estimates become final once the cost baseline is determined.
A
True
23
Q
What are the four techniques for cost estimating discussed?
A
Analogous, parametric, bottom-up, and three-point estimates.
24
Q
What is analogous estimating also known as?
A
Top-down estimating.
25
At what stage is an analogous estimate typically performed?
During the early stages of scope planning.
26
What does an analogous estimate rely on?
Historical data and expert judgment.
27
Which estimating technique is the least accurate?
Analogous estimating.
28
What is parametric estimating based on?
A mathematical model that computes costs using the quantity of work multiplied by the rate.
29
What is the most precise cost-estimating technique?
Bottom-up estimating.
30
What critical inputs are needed for a bottom-up estimate?
The WBS and project resource requirements.
31
What does the sum of all work package estimates provide?
The estimate of the total project cost.
32
What is the difference between work effort and activity duration?
Work effort is the total time to complete a task, while activity duration is the estimated time it will take.
33
What are three-point estimates based on?
The most likely estimate, optimistic estimate, and pessimistic estimate.
34
How is the three-point estimate calculated?
By averaging the sum of the most likely, optimistic, and pessimistic estimates.
35
What should you document when performing cost estimates?
Any assumptions made during the estimating process.
36
What is the purpose of the project budget?
To aggregate all cost estimates and establish a cost baseline for the project.
37
What are capital expenses typically associated with?
Assets providing long-term benefits.
38
What types of expenses do project budgets usually include?
Salary, hardware, software, travel, training, and materials.
39
Who is ultimately accountable for project expenditures?
The project manager.
40
True or False: Bottom-up estimates are the most time-consuming to perform.
True.
41
Fill in the blank: The cost estimate is calculated by multiplying the _______ for each resource by the rate for that resource.
work effort.
42
What is a key consideration when using parametric estimating?
The accuracy of the data used to create the model.
43
What should you do to ensure comprehensive cost estimating?
Brainstorm with your project team and subject matter experts.
44
What is the most likely estimate in three-point estimating?
The estimate assuming costs will come in as expected.
45
What potential costs should be discussed during team brainstorming?
Special training and travel costs.
46
What is the role of accounting or finance departments in budget tracking?
They may perform the actual tracking of expenses.
47
What is a loaded rate?
A percentage of the employee’s salary that covers benefits.
48
What may the project budget include regarding expenses?
Both capital expenses (CapEx) and operational expenses (OpEx).
49
What are capital expenses?
Expenses for assets providing long-term benefits, such as:
* Equipment purchases
* Software purchases
* Building purchases
* Vehicle purchases
## Footnote
Capital expenses are managed differently than operational expenses.
50
What are operational expenses?
Expenses for day-to-day operations, including:
* Administrative costs
* Training
* Travel
* Supplies
* Salaries
* Rent
## Footnote
Understanding cost categories is essential for tracking resources.
51
What is a project budget?
A financial plan outlining estimated costs for a project, varying by project type.
52
How can project budgets be created?
Budgets can be created in:
* Spreadsheet format
* Budgeting software
## Footnote
They may be divided into monthly or quarterly increments.
53
What is a contingency reserve?
Funds set aside to cover unexpected costs due to:
* Scope creep
* Risks
* Change requests
* Variances in estimates
## Footnote
Typically a percentage of total project cost.
54
What is a management reserve?
Funds allocated by upper management for unforeseen costs, requiring approval for use.
55
What is the difference between contingency and management reserves?
Contingency reserves are controlled by the project manager, while management reserves require upper management approval.
56
What is a cost baseline?
The total approved expected cost for the project, used to measure future expenditures.
57
What is the purpose of expenditure tracking?
To measure project spending, determine burn rate, and compare actual expenditures to the cost baseline.
58
What is a budget burndown chart?
A visual representation showing the burn rate of the budget over time.
59
What is earned value management (EVM)?
A performance measurement technique comparing planned value, earned value, and actual costs.
60
Define Planned Value (PV).
The cost of work authorized and budgeted for a specific schedule activity.
61
Define Actual Cost (AC).
The actual cost incurred for completing a work component during a specific time period.
62
Define Earned Value (EV).
The value of work completed to date, expressed as a percentage of the planned budget.
63
What is Cost Variance (CV)?
The difference between earned value and actual cost, indicating if costs are over or under budget.
64
What is Schedule Variance (SV)?
The difference between earned value and planned value, indicating schedule performance.
65
What are Performance Indexes?
Metrics used to calculate efficiency and predict future project performance, including CPI.
66
Fill in the blank: The formula for Cost Variance (CV) is CV = ______ - AC.
EV
67
Fill in the blank: The formula for Schedule Variance (SV) is SV = ______ - PV.
EV
68
True or False: Management reserves are included in the project budget.
False
69
What should be communicated to the project stakeholders regarding the budget?
The cost baseline and any specific budget information they require.
70
What is the burn rate?
The rate at which project funds are spent over time.
71
What is the significance of a negative Cost Variance?
It indicates that costs are higher than budgeted.
72
What are efficiency indicators for project performance?
EV and SV
## Footnote
EV stands for Earned Value, and SV stands for Schedule Variance.
73
What do cost performance index (CPI) and schedule performance index (SPI) measure?
CPI measures cost efficiency; SPI measures schedule efficiency.
74
How is the cost performance index (CPI) calculated?
CPI = EV / AC
75
What does a CPI greater than 1 indicate?
Spending is less than anticipated.
76
What does a CPI less than 1 indicate?
Spending is more than anticipated.
77
How is the schedule performance index (SPI) calculated?
SPI = EV / PV
78
What does an SPI greater than 1 indicate?
Performance is better than expected.
79
What does an SPI less than 1 indicate?
Performance is worse than expected.
80
What is burn rate?
The rate of spending money over time.
81
What is the formula for estimating burn rate?
Burn rate = Cost Performance Index (CPI) calculation.
82
What are the main cost processes in project management?
* Cost estimating
* Creating the project budget
* Controlling costs
83
What forms can expenditure reporting take?
* Simple spreadsheets
* Project management software
* Pie charts
* Bar charts
84
What is risk in project management?
A potential future event with negative or positive impacts.
85
What are the three major components of risk planning?
* Identifying potential risks
* Analyzing potential impact
* Developing appropriate responses
86
What is risk identification?
The process of determining and documenting potential risks.
87
What techniques can be used for risk identification?
* Brainstorming
* Interviews
* Facilitated workshops
88
What are common potential risks in projects?
* Budgets or funding
* Schedules
* Scope
* Requirements changes
* Contracts
* Hardware
* Political concerns
* Management risks
* Legal risks
* Technical issues
89
What is a risk register?
A list of risks with identification number, name, description, owner, and response plan.
90
What is force majeure in risk management?
Catastrophic risks outside the control of the organization.
91
What is a SWOT analysis?
A technique analyzing strengths, weaknesses, opportunities, and threats.
92
What does impact analysis prioritize?
It prioritizes and quantifies risks for easy understanding.
93
How is probability expressed in risk analysis?
As a number between 0.0 and 1.0.
94
What is the purpose of risk analysis?
To identify risks with the greatest possibility and impact.
95
What is qualitative analysis?
Determining probability and impact of risks and ranking them.
96
What is the relationship between risk tolerance and industry?
Different industries have varying levels of risk tolerance.
97
What are the main project constraints?
Scope, time, cost, and quality.
98
What type of analysis involves prioritizing risks according to their probability and impact?
Qualitative analysis.
99
When should risk analysis be performed in a project?
Throughout the project.
100
What does urgency in risk analysis refer to?
Determining how quickly a response needs to be implemented.
101
What is dormancy in the context of risk management?
The period of time between the risk occurrence and discovery of the risk.
102
Define manageability in risk analysis.
How well the risk owner manages the risk event.
103
What does controllability refer to in risk management?
The ability of the risk owner to control the impact of the risk.
104
What is detectability in risk analysis?
The ability to detect a risk trigger and understand a risk event.
105
What is interconnectivity in risk management?
The relationship between individual risks and how one may affect another.
106
What is strategic impact in the context of risk events?
The impact to the organization’s strategic goals if the risk event occurs.
107
What does propinquity refer to in risk analysis?
The stakeholder’s perception of the risk significance.
108
What is quantitative analysis in risk management?
Quantifies the aggregate risk exposure by assigning numeric probabilities to risks.
109
What is Monte Carlo simulation used for in risk analysis?
To estimate potential outcomes for project variables.
110
What is the purpose of situational/scenario analysis?
To look at risk from the perspective of various situations that may occur.
111
List some situation/scenario-based risks to consider.
* New projects
* New management
* Regulatory environment changes
* Digital transformation
* Infrastructure end of life
* Merger and acquisition
* Reorganization
* Cybersecurity events.
112
What is risk response planning?
The process of reviewing risk analysis and determining actions to reduce negative impacts.
113
What are the strategies to deal with negative risks?
* Avoid
* Transfer
* Mitigate
* Accept.
114
What are the strategies associated with positive risks or opportunities?
* Exploit
* Share
* Enhance
* Accept.
115
What is a risk register?
A document that records identified risks, their scores, and response plans.
116
What is a risk trigger?
A sign or precursor signaling that a risk event is about to occur.
117
Who is responsible for monitoring the risks assigned to them?
The risk owner.
118
What should be included in the risk response plan?
Points of escalation for when a risk event occurs.
119
What are unknown risks?
Risks that are not known until they occur.
120
What is the best strategy to deal with unknown risks?
Putting aside contingency reserves and/or management reserves.
121
When should risk monitoring be performed?
Throughout the entire project life cycle.
122
How does risk probability and impact change as a project progresses?
They typically diminish over time.
123
What is the total estimated cost for the project described?
$478,000.
124
What is the fixed budget constraint for the project?
$450,000.
125
What should be done if project estimates exceed the budget?
Negotiate lower implementation costs and review cost estimates.
126
What is a budget constraint in project management?
A budget constraint is a limit on the amount of money available for a project.
127
What should be accounted for in a project budget aside from direct costs?
Contingency reserves for unexpected costs.
128
Who will be consulted to negotiate lower implementation costs after the RFP process?
Leah in procurement and Jason in IT.
129
What should be reviewed with Alden, the facilities manager?
Cost estimates for interior design services and furniture and fixtures.
130
What happens after Emma approves and signs off on the project budget?
It becomes the official cost baseline for the project.
131
What will be monitored throughout the project?
Burn rate and expenditures.
132
What is the risk score for a delay in IaaS implementation with a probability of 0.10 and an impact of 90?
9
133
What is the response plan for the risk of moving company availability on moving days?
Yes, a response plan is needed.
134
True or False: Bad weather during a move has a risk score of 2.5.
True
135
Which type of policies is the IT department refreshing for the new digital platform?
Operational security, data security, and digital security policies.
136
What additional security policy is being refreshed due to the new building's data center?
Physical security policy.
137
What does the risk register document?
Risks, their probability, impact, response plans, and risk owners.
138
What is the threshold for risks needing a response plan?
A risk score of 5 or greater.
139
What types of assets do security policies secure?
Physical, operational, digital assets.
140
What does data classification involve?
Classifying data based on sensitivity, type, and value to the organization.
141
What are the three techniques for creating project estimates?
* Analogous or top-down estimates
* Parametric estimating
* Bottom-up method
142
What does the bottom-up method in cost estimating involve?
Adding up individual estimates from each work package.
143
What is a three-point estimate?
The average of the most likely, optimistic, and pessimistic estimates.
144
What is the cost baseline for a project?
The total approved expected cost for the project.
145
What does risk planning involve?
Identifying potential risk events during the project.
146
What are some risk analysis techniques?
* Impact analysis
* Qualitative analysis
* Quantitative analysis
* Situational/scenario analysis
147
What does qualitative analysis rank?
Probability and impact.
148
What does quantitative analysis use to estimate potential outcomes?
Simulation techniques such as Monte Carlo analysis.
149
What should be communicated to stakeholders throughout the project?
Risks and response plans.
150
Fill in the blank: Probability is always expressed as a number between _______.
[0.0 and 1.0]
151
What should be done periodically on long-term projects regarding risks?
Reevaluate risk processes to determine validity and identify new risks.
