Chapter 11 - Project Risk Management 8% Flashcards
Includes the processes of conducting risk management planning, identification, analysis, response planning, response implementation, and monitoring risk on a project.
Project Risk Management
The process of defining how to conduct risk management activities for a project.
Plan Risk Management
The process of identifying individual project risks as well as sources of overall project risk, and documenting their characteristics.
Identify Risks
The process of prioritizing individual project risks for further analysis or actions by assessing their probability of occurrence and impact as well as other characteristics.
Perform Qualitative Risk Analysis
The process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks.
Plan Risk Responses
The process of implementing agreed-upon risk response plans.
Implement Risk Responses
The process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.
Monitor Risks
An uncertain event or condition that, if it occurs, has a positive effect (opportunities) or negative effect (threat) on one or more project objectives.
Individual Project Risk
The effect of uncertainty on the project as a whole, arising from all sources of uncertainty including individual risks, representing the exposure of stakeholders to the implications of variations in project outcome, both positive and negative.
Overall Project Risk
Type of non-event risk. Uncertainty about some key characteristics of a planned event, activity, or decision.
Can be addressed using Monte Carlo analysis, with the difference reflected in probability distributions, followed by actions to reduce the spread of possible outcomes.
Variability Risk
Type of non-event risk. Uncertainty about what might happen in the future.
Managed by defining the areas where there is a deficit of knowledge or understanding, then filling the gaps by obtaining expert external input or benchmarking against best practices. Also addressed through incremental development, prototyping, or simulation.
Ambiguity Risk
A component of the project management plan that describes how risk management activities will be structured and performed.
Risk Management Plan
Risk Management Plan element: Describes the general approach to managing risks on this project.
Risk Strategy
Risk Management Plan element: Defines the specific approaches, tools, and data sources that will be used to perform risk management on the project.
Methodology
Risk Management Plan element: Defines the lead, support, and risk management team members for each type of activity described in the risk management plan, and clarifies their responsibilities.
Roles and Responsibilities
Risk Management Plan element: Identifies the funds needed to perform activities related to Project Risk Management. Establishes protocols for the application of contingency and management reserves.
Funding
Risk Management Plan element: Defines when and how often the Project Risk Management processes will be performed throughout the project life cycle, and establishes risk management activities for inclusion into the project schedule.
Timing
Risk Management Plan element: Provides a means for grouping individual project risks.
Risk Categories
A common way to structure risk categories, which is a hierarchal representation of potential sources of risk.
Risk Breakdown Structure (RBS)
A way to structure risk categories, which is less structured than RBS. May take the form of a simple list of categories or a structure based on project objectives.
Custom Risk Categorization Framework
The degree of uncertainty an organization or individual is willing to accept in anticipation of a reward.
Risk Appetite
Provided by key stakeholders and expressed as measureable risk thresholds around each project objective that determine the acceptable level of overall project risk exposure.
Stakeholder risk appetite
Specific to the project context and reflect the risk appetite and thresholds of the organization and key stakeholders. The project may generate specific ______ or it may start with something general provided by the organization
Definitions of Risk Probability and Impacts
A grid for mapping the probability of each risk occurrence and its impact on project objectives if that risk occurs.
Probability and Impact Matrix
This analysis explores the validity of assumptions and constraints to determine which pose a risk to the project.
Assumption and Constraint Analysis
This technique examines the project from each of the strengths, weaknesses, opportunities, and threats perspectives.
SWOT Analysis
A predetermined list of risk categories that might give rise to individual project risks and that could also act as sources of overall project risk.
Prompt List
Contains details of individual project risks that have been identified and prioritized, and for which risk responses are required. Also, IDs the nominated risk owner for each risk.
Risk Register
Describes sources of overall project risk and the current overall project risk status.
Updated to reflect the most important individual project risks (usually those with the highest probability and impact), as well as a prioritized list of all identified risks on the project and a summary conclusion.
Risk Report
Technique to evaluate the degree to which the data about risks is useful for risk management.
Risk Data Quality Assessment
Considers the likelihood that a specific risk will occur and the potential effect on one or more project objectives such as schedule, cost, quality, or performance. Risks can be assessed in interviews or meetings with participants selected for their familiarity with the types of risks recorded in the risk register.
Other characteristics of risk may be assessed for a more robust prioritization of risks:
- Urgency (time to implement an effective response)
- Promixity (time before impacts project objectives)
- Dormancy (time elapsed before impact is discovered)
- Manageability (ease of being managed)
- Controllability (ease of being controlled)
- Detectability (ease of being found)
- Connectivity (related to other risks)
- Strategic Impact (major effect on org’s strategic goal)
- Propinquity (degree perceived to matter by a stakeholder)
Risk Probability and Impact Assessment
An analysis technique to determine which individual project risks or other sources of uncertainty have the most potential impact on project outcomes, by correlating variations in project outcomes with variations in elements of the quantitative risk analysis model.
Sensitivity Analysis
An analysis technique to determine the best of several alternative courses of action.
Decision Tree Analysis
A graphical representation of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes.
Influence Diagram
Appropriate when the project team or the project sponsor agrees that a threat is outside the scope of the project or that the proposed response would exceed the project manager’s authority. These are not monitored further by the project team, although they may be recorded in the risk register for information.
(Used for both threats and opportunities)
Escalation
When the project team acts to eliminate the threat or protect the project from its impact.
(Used for threats only)
Avoidance
Shifting ownership of a threat to a third party to manage the risk and to bear the impact if the threat occurs. Often involves payment of a risk premium.
(Used for threats only)
Transfer
Action is taken to reduce the probability of occurrence and/or impact of threat. Done early, is often more effective than trying to repair damage after a threat has occurred.
(Used for threats only)
Mitigate
Acknowledge the existence of a threat/opportunity, but no proactive action is taken.
(Used for both threats and opportunities)
Appropriate for low-priority threats/opportunities or when it’s not possible or cost-effective to address in any other way. May be active or passive.
Most common active ______ strategy is to establish a contingency reserve, including amounts of time, money, or resources to handle the threat if it occurs.
To passively ______ involves no proactive action apart from periodic review to ensure it does not change significantly.
Accept
Strategy for high-priority opportunities where the org wants to ensure that the opportunity is realized. Tries to ensure it definitely happens by increasing the probability of occurrence to 100%.
(Used for opportunities only)
Exploit
Transferring ownership to a third party so it shares some of the benefit if the opportunity occurs. Often involves payment of a risk premium for taking part.
(Used for opportunities only)
Share
Strategy used to increase the probability and/or impact of an opportunity. More effective to do so early than after opportunity has occurred. Focus attention on the causes of the opportunity to increase probability. or target factors that drive the size of the potential benefit.
Enhance
Responses provided which may be used in the event that a specific trigger occurs.
Contingent Response Strategies
Compares technical accomplishments during project execution to the schedule of technical achievement. Deviation can indicate the potential impact of threats or opportunities
Technical Performance Analysis
Type of audit used to consider the effectiveness of the risk management process.
Risk Audits
