8 : Risk Flashcards
Like other themes, don’t worry about getting the answers correct. Answer in your own words and learn from the extra information given. Remember that the questions in the exam have multiple choices, so you just have to recognize the information in front of you.
What is risk?
A risk is “an uncertain event that, should it occur, will have an effect on the achievement of objectives. It consists of a comnbination of the probability of a percieved threat or opportunity occuring, and the magnitude of its impact on objectives”
What are the two types of risks?
The two types of Risk are Threats and Opportunities.
- Threats are risks with negative impact
- Opportunity are risks with a positive impact.
What is the purpose of the Risk Theme?
The purpose of the risk theme is to provide information on how best to do risk management in your project.
A more formal way to say this is the purpose of the Risk Theme is to provide an approach to identify, assess and control uncertainty during a project and as a result, improve the ability of the project to succeed.
Remember the words, identify, assess and control risk as this is what Risk Management is all about.
What is the connection between a project, change, uncertainty and risk?
Projects are about doing something new, so they are about change. As the exact same project has not been done before there will be some uncertainty about how some parts of the projects will go. Another name for this uncertainty is risk.
When is project Risk Management undertaken?
Risk management is not just done at the start of the project but is a continuous activity that must be during the full life of the project and therefore one of the main tasks for the Project Manager.
Which role is the main person responsible for risk in a project? (Note: I am not asking for the role that will do most of the work and follow up but the main responsible.)
It is the Executive that is responsible for risk in a project. PRINCE2 says that the Executive is accountable for all aspects of Risk Management. They rely on the Project Manager to continually identify, assess and control risks throughout the project.
What can be at risk?
PRINCE2 states that the projects objectives are at risk.
Remember the project will have objectives for the six project variables: time, cost, quality, scope, benefits and risk. (Think TeCQuila SoBeR, spelt TeCQ)
What is Risk Management?
Risk Management is the systematic application of procedures to the tasks of identifying and assessing risk, and then planning and implementing risk responses.
The Risk theme provides an approach for you to be able to manage risk in a project.
What are the 4 risk management steps?
The four steps to Risk Management are: Identification, Assessment, planning, and Control
- Identification: Identify and describe the risk
- Assess: What is the likelihood, the impact on objectives, when expected?
- Planned for: Identifying suitable responses to risk and assigning owners
- Control the Risk: Making sure the responses are implmented and controlled
What are the Prince2 Risk principles? (9 things)
- Understanding the project context
- Involve the stakeholders
- Establishing clear project objectives
- Developing a project risk management approach
- reporting on risks regularly
- Defining clear roles and responsibilities
- Establishing a support structure and supportive culture for risk management
- Monitoriing for early warning indicators
- Establishing a review cycle and seek continual improvement
What are the Prince2 minimum requirements for risk? (4 things)
- Define the risk management approach which must cover:
- The way we identify and assess risks, implement responses and communicate risk
- Assess whether the risks might affect the business justification
- The roles and responsibilities
- We musst also maintain a risk register
- Ensure risks are identified, assessed, managed and reviewed
- Use lessons learnt to inform risk identifiation and management
What is the risk Management approach?
The risk management approach outlines how risks will be managed including the processes, procedures, techniques and responsibilities.
The risk approach/strategy is created during the Initiating a project stage.
Which other OGC method does PRINCE2 get its Risk Management procedures and principles from?
PRINCE2 makes use of the other OGC method, which is Management of Risk (also referred to as MOR). PRINCE2 takes advantage of all these procedures and principles that have already been defined instead of trying to re-invent the wheel. The MOR method is a generic approach to Risk, which can be used for any type of project.
What is the Risk Register?
The Risk Register is used to capture and maintain the risk information (threats or opportunities) of all the risks that were identified and relate to the project.
So it provides a record of all risks including their status and history.
The risk register is created during the Initiating a project stage. Any risks identified earlier (i.e. in the starting up a project stage) should be recorded in the PM’s daily log, and transferred to the Risk register during the Initiating a project stage.
What info should be included in the risk register? (12 things)
- Risk identifier
- Risk author: The person who raised the risk
- Date registered
- Risk category: the type of risk
- Risk description
- Probability, impact and expected value of the risk
- Proximity (how soon could the risk occur)
- Risk response category
- Risk response
- Risk status
- Risk owner
- Risk actionee
What is normally the first question about Risk that should be asked by the Project Manager when considering risk and the approach to Risk Management?
The first question that should be asked is what risk policies already exist in the company or in the programme environment today that can be used so that there isn’t a need to re-create these. If a policy does exist, then this will save a lot of work and will provide most if not all the information you need to do Risk Management in your project.
What is a risk policy?
If an in-house policy on Risk Management procedures does exist, then you can expect to have information on the following:
- Your organization’s attitude towards risk also called Risk appetite, Risk tolerances, procedures for escalation, typical roles and responsibilities, example of a Risk Management strategy document, etc.
- It should provide guidelines on how to do Risk Management according to the policy of the company.
- Using a common approach to Risk Management also means that project stakeholders that are already familiar with this approach will be able to understand how risk management is done in your project.
What if there isn’t an existing Risk Policy?
They can use the Risk theme to provide the necessary information to do Risk Management in their project.
Why have a common approach to Risk Management?
Using a common approach to Risk Management enables the project stakeholders that are already familiar with this approach to understand how risk management is done in your project. E.g.: Reports will be easier to understand, the scales for accessing risk will be similar etc. Therefore it is easier to see what is going on and this is also true for the Project Board.
Does each project need its own Risk Management Strategy?
PRINCE2 recommends that each project should have its own Risk Management Strategy document. Creating a Risk Management strategy document for each project may seem a big task but a detailed template can be provided if you are working in a programme environment, so this will make it much easier.
We know that the 3 steps to Risk Management are: Identification, Assessment and Control. The Risk Management Procedure has 5 steps. Name these. Use the following line to remind you: I Ate Plants In China.
The five steps in the Risk Management Procedure are: Identify, Assess, Plan, Implement and Communicate.
What are the steps in the risk management procedure? (5 steps)
- Identify
- Assess
- Plan
- Implement
- Communicate
Are the Risk management procedure steps sequential?
The first 4 steps are sequential (Identify, Assess, Plan and Implement), while Communicate will always be done to let stakeholders know what is going on and to get continual feedback during this process.
What must be done before the risk management procedure?
The first thing that has to be done is to understand the level of risk that the project is willing to accept. This is also known as the risk appetite. E.g.: If the project is to build a prototype that will just have a life of a few months, then the risk tolerance is said to be very high and so a big risk appetite. If the project is to launch a voting system that will be used in a national election in Europe, then the risk tolerance would be very low as it should work 100% correct. Once the Project Manager and Executive agree on the amount of risk the project can take, then the Project Manager should complete the Risk Management Strategy document.
What happens in the Risk identification step of the risk management procedure?
- Identify the context by examining the project documents including:
- Risk mgmt approach
- Project mandate
- Project brief
- Project product description
- Identify the risks and record them in the risk register
Where should risk management requirements come from?
Most of the risk management requirements come from the:
- Project Mandate,
- the Project Brief, and
- the Project Product Description
How can risks be identified?
- Review lessons
- Risk checklists
- Risk prompt lists
- Brainstorming
- Risk breakdown structures
How should risks be described?
The risk description should include the cause, event and the effect on the objectives of the project.
The cause refers to something that is already happening, the event to something that may happen (threat or opportunity) and effect describes the effect on the project.
Describe the following example of risk in terms of cause, event and effect on the project objectives. “Less people may come to the event as all planes could be grounded due to ash from the volcano that is blow into UK airspace.” Start with the cause, then the event that is likely to happen and then the effect on your project which is to organize a conference in London for business managers from around Europe who are expected to fly in.
We would write this as follows: Due to the active volcano releasing ash, there is a threat that planes will be grounded if this ash is blown into UK airspace which would cause many people not to be able to make it to the conference in London.
The original cause is the volcano releasing ash, this is already happening, the risk is the threat that this could be blow into UK airspace and the effect on the project is that many people will not be able to travel.
What happens during the risk assessment step of the risk management procedure?
Assess Risk is the 2nd step in the Risk Management procedure and involves Estimating and Evaluating risk.
Estimating focuses on assessing one risk at a time while Evaluating is about evaluating all Risk together so as to get an idea of the total risk in a project.