8 : Risk Flashcards
Like other themes, don’t worry about getting the answers correct. Answer in your own words and learn from the extra information given. Remember that the questions in the exam have multiple choices, so you just have to recognize the information in front of you.
What is the purpose of the Risk Theme? Answer in your own words.
The purpose of the risk theme is to provide information on how best to do risk management in your project. A more formal way to say this is the purpose of the Risk Theme is to provide an approach to identify, assess and control uncertainty during a project and as a result, improve the ability of the project to succeed. Remember the words, identify, assess and control risk as this is what Risk Management is all about.
What do you think is the connection between a project, change, uncertainty and risk?
Projects are about doing something new, so they are about change. As the exact same project has not been done before there will be some uncertainty about how some parts of the projects will go. Another name for this uncertainty is risk.
Is Risk Management just done at the start of the project, for example, when creating the Risk Management Strategy?
Risk management is not just done at the start of the project but is a continuous activity that must be during the full life of the project and therefore one of the main tasks for the Project Manager.
Which role is the main person responsible for risk in a project? (Note: I am not asking for the role that will do most of the work and follow up but the main responsible.)
It is the Executive that is responsible for risk in a project. PRINCE2 says that the Executive is accountable for all aspects of Risk Management. They rely on the Project Manager to continually identify, assess and control risks throughout the project.
PRINCE2 uses the MOR definition of Risk and MOR is the Risk method from OCG that is focused on Risk. Finish this definition by adding one word. “Risk is a set of events, that should it occur, will have an effect on the achieving of the project ______.”
Risk is a set of events that should it occur will have an effect of the achieving of the project objectives.
Name two types of risks?
The two types of Risk are Threats and Opportunities. We are used to see risk as negative but there can also be risks where something positive can happen and this is seen an opportunity. Eg: You are organizing an outdoor event and the risk is that it could be sunny so you can sell ice cream. So from a risk point of view, we say this is an opportunity to sell ice cream.
What is at Risk or what does PRINCE2 say is at Risk?
You may say that the project or perhaps user satisfaction is at Risk. PRINCE2 states that the projects objectives are at risk. Remember the project will have objectives for the six project variables: time, cost, quality, scope, benefits and risk. (Think TeCQuila SoBeR, spelt TeCQ)
What is Risk Management? (Tip: Begin your answer with “Risk Management is about the steps you take in a systematic way that will enable you to identify……”)
Risk Management is about the steps you take in a systematic way that will enable you to identify risk, assess risk and then to control risk such as how to respond to risk. The Risk theme provides an approach for you to be able to manage risk in a project.
Name the three steps to Risk Management. (Tip: First is Identification)
The three steps to Risk Management are: Identification, Assessment and Control
• Identification: How to identify and describe the risk
• Assess the Risk: Ask what is the likelihood, the impact on objectives, when expected
• Control the Risk: How to respond to risk; assign a risk owner, execute responses if the risk occurs, monitor etc.
Which other OGC method does PRINCE2 get its Risk Management procedures and principles from?
PRINCE2 makes use of the other OGC method, which is Management of Risk (also referred to as MOR). PRINCE2 takes advantage of all these procedures and principles that have already been defined instead of trying to re-invent the wheel. The MOR method is a generic approach to Risk, which can be used for any type of project.
What is normally the first question about Risk that should be asked by the Project Manager when considering risk and the approach to Risk Management?
The first question that should be asked is what risk policies already exist in the company or in the programme environment today that can be used so that there isn’t a need to re-create these. If a policy does exist, then this will save a lot of work and will provide most if not all the information you need to do Risk Management in your project.
List some of the information that you would expect to find in a company’s risk policy and procedures to help with Risk Management.
If an in-house policy on Risk Management procedures does exist, then you can expect to have information on the following:
• Your organization’s attitude towards risk also called Risk appetite, Risk tolerances, procedures for escalation, typical roles and responsibilities, example of a Risk Management strategy document, etc.
• It should provide guidelines on how to do Risk Management according to the policy of the company.
• Using a common approach to Risk Management also means that project stakeholders that are already familiar with this approach will be able to understand how risk management is done in your project.
What would you advise a Project Manager to do if they don’t have internal Risk Policy in the company?
They can use the Risk theme to provide the necessary information to do Risk Management in their project.
What is the advantage for stakeholders to have a common approach to Risk Management?
Using a common approach to Risk Management enables the project stakeholders that are already familiar with this approach to understand how risk management is done in your project. E.g.: Reports will be easier to understand, the scales for accessing risk will be similar etc. Therefore it is easier to see what is going on and this is also true for the Project Board.
Does PRINCE2 recommend using one Risk Management Strategy for all projects in a company or should each project have a separate Risk Management Strategy?
PRINCE2 recommends that each project should have its own Risk Management Strategy document. Creating a Risk Management strategy document for each project may seem a big task but a detailed template can be provided if you are working in a programme environment, so this will make it much easier.
What does the Risk Register do? (Tip: use the word capture, maintain and history in your reply)
The Risk Register is used to capture and maintain the risk information (threats or opportunities) of all the risks that were identified and relate to the project. So it provides a record of all risks including their status and history.
We know that the 3 steps to Risk Management are: Identification, Assessment and Control. The Risk Management Procedure has 5 steps. Name these. Use the following line to remind you: I Ate Plants In China.
The five steps in the Risk Management Procedure are: Identify, Assess, Plan, Implement and Communicate.
Which of the 5 Risk Management Procedure steps are sequential and which steps have to be done constantly? The 5 steps are: Identify, Assess, Plan, Implement and Communicate.
The first 4 steps are sequential (Identify, Assess, Plan and Implement), while Communicate will always be done to let stakeholders know what is going on and to get continual feedback during this process.
The first step in the Risk Management Procedure is Identify but there are two important things that have to be done before the project can start to identify risks. Can you name these? (Tip: Appetite and the document that describes how Risk will be done in the project)
The first thing that has to be done is to understand the level of risk that the project is willing to accept. This is also known as the risk appetite. E.g.: If the project is to build a prototype that will just have a life of a few months, then the risk tolerance is said to be very high and so a big risk appetite. If the project is to launch a voting system that will be used in a national election in Europe, then the risk tolerance would be very low as it should work 100% correct. Once the Project Manager and Executive agree on the amount of risk the project can take, then the Project Manager should complete the Risk Management Strategy document.
The answers to the questions that are asked to understand the risk management requirements and to be able to prepare the Risk Management Strategy document mostly come from three management products that are available before the Risk Management Strategy document has to be completed. List one or two of these documents. (Tip: The Risk Management Strategy document is created in the Initiation Stage)
Most of the answers to these questions come from the Project Mandate, the Project Brief, and Project Product Description.
PRINCE2 recommends that risks should be described in a certain way which should include the cause, the event and something else. Name this something and explain each of the three terms in a few words.
The risk description should include the cause, event and the effect on the objectives of the project. The cause refers to something that is already happening, the event to something that may happen (threat or opportunity) and effect describes the effect on the project.
Describe the following example of risk in terms of cause, event and effect on the project objectives. “Less people may come to the event as all planes could be grounded due to ash from the volcano that is blow into UK airspace.” Start with the cause, then the event that is likely to happen and then the effect on your project which is to organize a conference in London for business managers from around Europe who are expected to fly in.
We would write this as follows: Due to the active volcano releasing ash, there is a threat that planes will be grounded if this ash is blown into UK airspace which would cause many people not to be able to make it to the conference in London.
The original cause is the volcano releasing ash, this is already happening, the risk is the threat that this could be blow into UK airspace and the effect on the project is that many people will not be able to travel.
Assess Risk is the 2nd step in the Risk Management procedure and it has two steps which are Estimating and Evaluating risk. What is the difference between Estimating and Evaluating risk?
Estimating focuses on assessing one risk at a time while Evaluating is about evaluating all Risk together so as to get an idea of the total risk in a project. So it is better to think of Evaluation as evaluating total Risk. This will make it easier to remember.
Which 3 things are assessed when estimating a risk? (Tip: likelihood, cost & when)
Estimating is about assessing the probability, the impact and proximity for each threat or opportunity. These are also three of the columns in a Risk Register. Usually the Project Manager can choose from a scale like Very High, High, Normal, Low & Very Low when filling in the value for impact and these can be linked to different ranges of cost.
E.g.: Impact Value: Very low could be under 2% of the project cost while very high could be more than 40%.
E.g.: Proximity value: Very low could be 12 months away, very high could be in the next month.
All of these scales are decided in the initiation stage are documented in the Risk Management Strategy document.