Chapter 10: Risks Flashcards
What is a threat and a opportunity
Threat
- for uncertain events that would have a negative impact on objectives
Opportunity
- for uncertain events that would have a positive impact on objectives
What is required for risk management to be effective
- risks that might affect the project achieving its objectives need to be identified, captured and described
- each risk needs to be assessed to understand impact, probability and timing
- risk responses need to be implemented, monitored and controlled
Prince2 requires that two products are produced and maintained
- risk management approach
- risk register
What is the meaning of these two
Risk management approach
- describes how risk will be managed
Risk register
- provides a record of identified risks relating to project
When should risk management approach and risk register be created
Both of these products should be created during the initiating a project process
- the risk management approach should be reviewed and possibly updated at the end of each management stage
What is the responsibility of corporate, programme or the customer regarding risk
- Provide the corporate, programme management or customer risk management policy and risk management process guide
What is the responsibility of corporate, programme or the customer regarding risk
- Provide the corporate, programme management or customer risk management policy and risk management process guide
What is the responsibility of the executive regarding risk
- Ensure risk management approach is appropriate
- Ensure risks associated with business case are identified, assessed and controlled
- Escalate risks to corporate, programme management or the customer
What is the responsibility of the senior user regarding risk
Ensure that risks to the users are identified, assessed and controlled
What is the responsibility of the senior supplier regarding risk
- Ensure that risks relating to the supplier aspects are identified, assessed and controlled
What is the responsibility of the PM regarding risk
- Create risk management plan
- Maintain risk register
What is the responsibility of the Team manager regarding risk
- Participate in identification, assessment and control of risks
What is the responsibility of the Project assurance regarding risk
- Ensure risk management practises are performed in line with projects risk management approach
What is the responsibility of the project support regarding risk
- Prepare and assist PM in maintaining projects risk register
Risk management and organisational policies
A project may need to align risk management approach with organisational, programme or portfolio policies, standards/ processes
- organisations will often require that a consistent mandated process is used across different projects, typically to ensure they can assess the overall risk exposure of the organisation
List the steps in the recommended risk management procedure
1 - Identity
2 - Assess
3 - Plan
4 - Implement
5 - Communicate
How is risk management approach affected by project size, scale
E.g on a less complex project, the PM would typically take most risk management activities. But on a more complex project, activities may be delegated to a dedicated risk manager
What is a commercial consideration regarding risk registers
In a commercial context, there may be need for more than one risk register as some project risks could be unique to only one party, with good reason for them to not be visible to the other party
What is a commercial consideration regarding risk registers
In a commercial context, there may be need for more than one risk register as some project risks could be unique to only one party, with good reason for them to not be visible to the other party
What is a risk budget
This a sum of money to find specific management responses to projects threats and opportunities
It may be appropriate to identify and ring-reference an explicit risk budget within the projects budget
What is a risk budget
This a sum of money to find specific management responses to projects threats and opportunities
It may be appropriate to identify and ring-reference an explicit risk budget within the projects budget
What does the IDENTIFY step in the risk management procedure involve
Identify:
This step obtains info about the project to understand the specific objectives that are at risk & to formulate an appropriate risk management approach
Risks can and should be identified at any time during the management and delivery of the project
What is a useful way of expressing risk is to consider the following aspects of each risk
- risk cause
- risk event (describe area of uncertainty regarding threat/opportunity)
- risk effect (describe impact risk would have on project)
What would have an influence in the projects risk management approach
- customers quality expectations
- number of organisations involved & relationships between them
- needs of stakeholders involved with project
- The delivery approach being used
What are some risk identification techniques
Review lessons:
- review previous similar projects to see what threats & opportunities affected them
Risk checklists:
- list of risks that have been identified or occurred on previous projects
Risk prompt lists:
- list that categorises risks into types/ areas and are normally relevant to a wide range of projects
Brainstorming
Risk breakdown structure:
- hierarchical decomposition if the potential sources of risk (LOOK AT DIAGRAM FOR EXAMPLE)
What does the ASSESS step in the risk management procedure involve
Assess:
- probability of threats and opportunities (how likely they are to occur)
- the impact of each risk in terms of projects objectives
- impact of risk on the stage plan, project plan and business case
- how quickly risk is likely to materialise if no action is taken
- how impact of threats and opportunities may change over the life of the project
What are some examples of risk estimation techniques
Probability impact grid
- values are determined by multiplying probability by impact
Expected value
- combines cost of risk with probability of risk occurring
Probability trees
- graphical representations of possible events resulting from given circumstances
Pareto analysis
- ranks risks after they’ve been assessed to determine the order in which they should be addressed
What is risk appetite and tolerance
Risk appetite:
- an organisations attitude towards risk taking that in turn dictates the amount of risk it considers acceptable
Risk tolerance:
- threshold level of risk exposure that can be exceeded,but which when exceeded will trigger some form of response
Info regarding evaluating
The combined effect of the individual risks needs to be understand to determine if the overall ‘risk exposure’ of the project remains within the risk appetite determined by the organisation and as interpreted and applied by the project board
- if risk exposure is greater then the organisations risk appetite, then control actions will need to be planned in response
- the justification of the project should be evaluated in context of risk exposure
What are the two risk evaluation techniques
Risk models
- enables ‘what if’ scenarios to be run using random numbers to determine whether each risk within a given range occurs
Expected monetary value
- takes the expected values of a number of risks and sums them to arrive at an overall value
What does the PLAN step in the risk management procedure involve
The plan step involves identifying and evaluating the appropriate risk response to remove/ reduce threats and to maximise opportunities
- if risk falls within the tolerances set for the project, the PM decides on the response; otherwise the decision is escalated to the project board
What is residual risk
If a threat is reduced rather than removed, the remaining risk is called the ‘residual risk’. If residual risk is significant then it may be appropriate to select more than one risk response
More information regarding plan stage
It’s important that risk responses balance the cost of implementing the response against probability & impact of allowing risk to occur
- this can be assessed by comparing cost of risk response with difference in the expected monetary value of the risk before and after the risk response
Risk response needs to identify the most appropriate body to manage a risk. When may this not be the project team?
This may not be the project team, especially if:
- the project team don’t have within their scope of influence the ability to implement an appropriate risk response
- realisation of risk will materially impact the projects business justification
What does the IMPLEMENT step in the risk management procedure involve
Planned risk responses need to be actioned, their effectiveness monitored and corrective action taken where responses don’t match expectations
What is a risk owner and risk actionee
Risk owner
- individual who’s responsible for the management, monitoring and control of all aspects of a particular risk assigned to them, including the implementation of the selected responses to address the threats or to maximise opportunity
Risk actionee
- nominated owner of an action to address risk. Some actions may not be within the remit of the risk owner to control explicitly; in that situation there should be a nominated owner of the action to address the risk
In many cases the risk owner and auctioned are the same person
What does the COMMUNICATE step in the risk management procedure involve
This step ensures that information related to the threats and opportunities faced by the project is communicated both within the project and externally to stakeholders
Risks are communicated as part of the following management products
- checkpoint reports
- highlight reports
- end stage reports
- end project reports
- exception reports
What other communication methods could be considered alongside the prince2 management products
- bulletins
- dashboards
- notice boards
- briefings
Extra Info regarding communication and risk management
A projects exposure to risk is never static; effective communication is key to the identification of new risks or changes in existing risks. This depends on the maintenance of a good communication network, including relevant contacts & sources of info
