Chapter 11 Flashcards
What is the objective of project risk management?
Increase the probability and/or impact of positive risks and to decrease the probability and/or impact of negative risks, in order to optimize the chances of project success.
The process of defining how to conduct risk management activities for a project.
Plan risk management
The process of identifying individual project risks as well as sources of overall project risk, and documenting their characteristics.
Identify risks
The process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics
Perform qualitative risk analysis
The process numerically analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objective.
Perform quantitative risk analysis
The process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks.
Plan risk responses
The process of implementing agreed-upon risk response plans.
Implement risk responses
The process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.
Monitor risks
In order to create value while balancing risk and reward organizations should choose to take project risk in what type of manner?
Controlled and intentional
What are the two different levels of project risks defined in projects?
Individual project risk
Overall project risk
An uncertain event or condition that if it occurs, has a positive or negative effect on one or more project objectives.
Individual project risk
The effect of uncertainty on the project as a whole, arising from all sources of uncertainty including individual risks, representing the exposure of stakeholders to the implications of variations in project outcome, both positive and negative.
Overall project risk
Individual risk and overall project risk can have both a positive and negative effect on project objectives? True or false.
True
What’s another name for negative risks?
Threats
What’s another name for positive risks?
Opportunities
Describe management of overall project risks?
It aims to keep project risk exposure within an acceptable range by reducing drivers of negative variation, promoting drivers of positive variation and maximizing the probability of achieving overall project objectives.
This aims to exploit or enhance positive risks while avoiding or mitigating negative risks.
Project risk management
This expresses the degree of acceptable variation around a project objective.
Risk thresholds
How should project risk management processes be conducted?
Iteratively
What are two types of non-event risks?
Variability risks
Ambiguity risks
What are variability risks? What’s an example?
Uncertainty about some characteristics of a planned event, activity or decision.
I.e. errors found during tests might be higher lower, unseasonal weather conditions etc.
What are ambiguity risks ? What’s an example?
When uncertainty exists about what might happen in the future.
I.e. future developments in regulatory frameworks
How can variability risks be addressed?
By using Monte Carlo analysis, with the range of variation reflected in probability distributions, followed by actions to reduce the spread of possible outcomes.
How are ambiguity risks managed?
Defining areas where there is a deficit of knowledge or understanding, then filling the gap by obtaining expert external inout or benchmarking best practices.
Incremental development, prototyping, or simulation
What are emergent risks?
The unknowable-unknowns
Risks that can only be recognized after they have occurred.
What can tackle emergent risks?
Project resilience
What’s integrated risks management?
A coordinated approach to enterprise-wide risks management with alignment and coherence in the way risk is managed across all levels of an enterprise.
What are some tailoring considerations for project risk management?
Project size
Project complexity
Project importance
Development approach
How is risk handled in agile/adaptive environments?
Risks are reviewed at each iteration and cross functional teams help to accelerate knowledge sharing.
The process of defining how to conduct risk management activities for a project.
Plan risk management
When should the plan risk management process begin?
When should it be completed?
When the project is conceived.
Early in the project.
How does the various project management plans from different processes effect the plan risk management processes?
They need to be taken into consideration when making the project risk management plan to ensure consistency.
How does the stakeholder register effect plan risk management?
It provides stakeholders attitude toward risk on the project
What elements can be included in a risk management plan?
Risk strategy Methodology Roles & responsibilities Funding Timing Risk categories Stakeholder risk appetite Definitions of risk probability and impacts Probability and impact matrix Reporting formats Tracking
This defines specific approaches, tools, and data sources that will be used to perform risk management on the project.
Methodology
What is RBS?
Risk break down structure: a hierarchical representation of potential sources of risk.
It helps to identify risks and categorize them.
How should stakeholder risk appetite be expressed?
As measurable risks thresholds around each project objective.
This matrix allows the relative priority of individual risks to be evaluated within each priority level.
Probability and impact matrix
This documents how risk activities will be recorded and how risk management processes will be audited.
Tracking
The process of identifying individual project risks as well as Sources of overall project risk, and documenting their characteristics.
Identify risks
Who should be encouraged to identify individual project risk?
All stakeholders
True or false a consistent format should be used for risk statements?
True
What’s looked for in agreements when identifying risk?
If the project uses an external procurement of resources the agreement info can present threats or opportunities.
Procurement documentation should be reviewed for risks as it is updated. True or false?
True
A list of items, actions, or points to be considered.
It is often used as a reminder.
Checklist
What are data gathering techniques the identify risk process?
Brainstorming
Checklists
Interviews
What are data analysis techniques for the identify risk process?
Root cause analysis
Assumption and constraint analysis
SWOT Analysis
Document Analysis
This is used to discover underlying causes that lead to a problem, and develop preventive action.
Root cause analysis
With this you can start with a problem statement to identify threats or a benefit statement to identify opportunities.
Root cause analysis
This explores the validity of assumptions and constraints to determine which pose a risk to the project.
Assumptions and constraint analysis
A predetermined list of risk categories that might give rise to individual project risks and that could also act as sources of overall project risk.
Prompt lists
What can be used as a prompt list for individual project risks?
The lowest level of the risk breakdown structure
What are some frameworks used for identifying sources of overall project risks?
Pestle ( political, economic,social, technological, legal, environmental)
Tecop (technical, environmental, commercial, operational, political)
Vuca (volatility, uncertainty, complexity, ambiguity)
What is the name of the specialized meeting used to undertake risk identification.
Risk workshop
This captures details of identified individual project risks.
Risk register
Once the identify risk process is completed the content of the risk register may include?
List of identified risks
Potential risk owners
List of potential risk responses
This may be used to distinguish risks from their causes and their effects.
A structured risk statement
What is each individual project risk given on the risk register?
A unique identifier
This presents information on sources of overall project risk, together with summary information on identified individual project risks.
Risk report
The process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics.
Perform qualitative risk analysis
The key benefit of this process is that it focuses efforts on high priority risks.
Perform qualitative risk analysis
Are the perform qualitative risk analysis assessments subjective , if yes how so?
Yes they are subjective because they are based on perceptions of risk by the project team and other stakeholders.
Therefore if facilitators are used they must address biases of the team.
When is the perform qualitative risk analysis process conducted in an agile development environment?
Before the start of each iteration
What process establishes the relative priorities and risk owner of individual project risks for plan risk responses?
Perform qualitative risk analysis
What are some data analysis techniques used in the perform qualitative risk analysis process?
Risk data quality assessment
Risk probability and impact assessment
Assessment of other risk parameters
Describe what a risk data quality assessment does? What is it?
It evaluates the degree to which the data about individual project risks is accurate and reliable as a basis for qualitative risk analysis.
A questionnaire of various individual project risks characteristics are used.
This data analysis technique considers the likelihood that a specific risk will occur.
Risk probability assessment
This data analysis technique considers the potential effect on one or more project objectives.
Risk impact assessment
How are risk probability and Impact assessments conducted?
Through interviews or meetings.
How are risks with low probability and impact included within the risk register?
As part of a watch list for future monitoring
What other risk parameters might be assessed when prioritizing individual project risks?
Urgency Proximity Dormancy Manageability Controllability Detectability Connectivity Strategic impact Propinquity
Risk may be categorized into what categories?
Source
Area of project affected
Common root causes
How might data be represented in the perform qualitative risk analysis process?
Probability and impact matrix
Hierarchical charts
A grid for mapping the probability of each risk occurrence and its impact on project objectives if that risk occurs.
Probability and impact matrix
What is an example of a hierarchical chart?
A bubble chart
This displays three dimensions of data, where each risk is plotted as a disk (bubble), and the three parameters are represented by the x-axis value, the y-axis, and the bubble size.
Bubble chart
The process of numerically analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives.
Perform quantitative risk analysis
Is quantitative risk analysis required for every project?
No
Describe the type of project that might use quantitative risk analysis.
Large or complex projects
What does quantitative risk analysis usually require?
Specialized risk software
Expertise in the development and interpretation of risk models
What are some tools and techniques used for perform quantitative risk analysis?
Expert judgement
Data gathering-Interviews
Interpersonal and team skills-facilitation
Representations of uncertainty
Data analysis -simulation, sensitivity analysis, decision tree analysis, influence diagrams
What are some forms of probability distributions used for representations of uncertainty in quantitative risk analysis models?
Triangular Normal Lognormal Beta Uniform Discrete distributions
The use of this in a model is when optional activities are added to the model to represent the time and /or cost impact of the risk should it occur, and the chance that these activities actually occur in a particular simulation run matches the risks probability.
Probabilistic branches
What’s used in a model to represent when risk are related?
Correlation
How are simulations typically performed?
Using a Monte Carlo analysis
This type of analysis determines which element of the risk model have the greatest effect on the project critical path.
Criticality analysis
This type of analysis helps to determine which individual project risks or other sources of uncertainty have the most potential impact on project outcomes.
Sensitivity analysis
This presents the calculated correlation coefficient for each element of the quantitative risk analysis model that can influence the project outcome.
Tornado diagram
What’s a typical display of a sensitivity analysis?
Tornado diagram
This is used to support selection of the best of several alternative courses of action.
Decision tree analysis
This diagram represents a project or situation within the project as a set of entities, outcomes, and influences, together with the relationships and effects between them.
Influence diagrams
What is included on the risk report after the performance of quantitative risk analysis?
Assessment of overall project risk exposure
Detailed probabilistic analysis of the project
Prioritized list of individual project risks
Trends in quantitative risk analysis results
Recommended risk responses
What are the two key measures of overall project risk in the assessment of overall project risk exposure?
Chances of project success
Degree of inherent variability remaining within the project at the time the analysis was conducted
The process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risk.
Plan risk responses
Who should make plans to address individual project risk?
The nominated risk owner
Risks that arise as a direct result of implementing a risk response.
Secondary risk
What are the five alternative strategies considered for dealing with threats?
Escalate Avoid Transfer Mitigate Accept
What type of threats are escalated?
Threats that are outside the scope of the project or that the proposed response would exceed the project manager’s authority.
This is when the project team acts to eliminate the threat or protect the project from its impact.
Avoid
What type of strategy could be appropriate for a high-priority threat with a high-probability of occurrence and a large negative impact.
An avoid strategy
What are the following examples of? Removing the cause of a threat Extending the schedule Changing the project strategy Reducing scope
The avoid strategy
This involves shifting ownership of a threat to a third party to manage the risk and to bear the impact if the threat occurs.
Transfer
This strategy for dealing with threats often involves payment of a risk premium to the party taking on the threat.
Transfer
This type of risk strategy can be achieved by the use of insurance, performance bonds, warranties, guarantees, etc.
Transfer
Describe what it Men’s to mitigate a risk.
Take action to reduce the probability of occurrence and/or impact of a threat.
Adopting less complex processes, conducting more tests, or choosing a more stable seller are examples of what risk strategy?
Mitigation
This happens when the existence of a threat is acknowledged, but no proactive action is taken.
Acceptance
What type of threats and opportunities might be accepted?
Those of low priority
What are the two types of acceptance and provide an example of each.
Active: contingency reserve
Passive:periodic review of the threat to ensure it does not change significantly
What are the five alternative strategies that may be considered for dealing with opportunities?
Escalate Exploit Share Enhance Accept
Are escalated opportunities monitored by the project team after escalation?
No, although they may be recorded in the risk register for information
Describe the exploit strategy.
This strategy seeks to capture the benefit associated with a particular opportunity by ensuring that it definitely happens, increasing the probability to 100%. It is selected for high-priority opportunities where the organization wants to ensure that the opportunity is realized.
This plan risk response strategy involves transferring ownership of an opportunity to a third party so that it shares some of the benefit if the opportunity occurs.
Share.
What’s some ways a project might share a risk opportunity?
By Forming; risk sharing partnerships Teams Special-purpose companies Joint ventures
This plan risk response strategy is used to increase the probability and/or impact of an opportunity.
Enhance
This risk response strategy acknowledges an opportunity exist but no proactive action is taken.
Accept
Describe active and passive opportunity acceptance.
Active- establish a contingency reserve
Passive-periodic review of the opportunity to ensure it does not change significantly
What do you call plans that are designed for use only if certain events occur?
They include identified triggering events that set the plans in effect.
Contingency plans aka fall black plans
Can the same risk responses used to deal with individual project risks be applied to overall project risk ?
Yes
Removal of high risk elements of scope from the project is an example f what?
Using the avoid strategy for overall project risk
The process of implementing agreed-upon risk response plans.
Implement risk responses
The process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.
Monitor risks
In order to make sure the project team is aware of the current level of risk exposure what process is used?
Monitor risk
What data analysis techniques can be used for the monitor risk process?
Technical performance analysis
Reserve analysis
This requires the definition of objective, quantifiable measures of technical performance, which can be used to compare actual results against targets.
Technical performance analysis
This compares technical accomplishments during project execution to the schedule of technical achievement.
Technical performance analysis
This compares the amount of the contingency reserves remaining to the amount of risk remaining at any time in the project in order to determine if the remaining reserve is adequate.
Reserve analysis
This may be used to consider the effectiveness of the risk management process.
Risk audit
Describe a risk review.
They are scheduled regularly and should examine and document the effectiveness of risk responses in dealing with overall project risk and with identifies individual project risks.
This includes information on how project risk management is performing by comparing the individual risks that have occurred with the expectation of how they would occur.
Work performance information
