D.7 Risk management Flashcards
Employ appropriate, effective and efficient risk management methodologies.
What is the definition of risk according to the International Organization for Standardization (ISO)?
The effect of uncertainty on objectives
An effect can be any deviation from the expected, whether positive or negative.
What percentage of respondents believe the volume and complexity of risks are increasing extensively over time?
59%
Findings from the 2020 Report on the Current State of Enterprise Risk Oversight.
What defines the level of risk?
The magnitude of a risk or combination of risks, expressed in terms of the combination of consequences and their likelihood
Defined by ISO.
What is a consequence in the context of risk?
The outcome of an event affecting objectives
Consequences can be certain or uncertain and have positive or negative effects.
What is residual risk?
The risk remaining after risk treatment
Defined by ISO.
What is the role of a risk manager?
Responsible for operating the risk management process and the custodian of the risk management plan and risk register.
What are inherent risks?
Risks associated with the nature of the project objectives and scope
Example: A ‘big bang’ approach to a health information system deployment.
What are acquired risks?
Risks resulting from the selected organisation, approach, technology, methods, tools, techniques, skills, and experience applied to the project.
What is the definition of risk management?
Coordinated activities to direct and control an organisation with regard to risk
Defined by ISO.
What is the first step in the risk management process?
Establish the risk scope, context, and criteria.
What should be included in a risk management plan?
Procedures, practices, responsibilities, activities, sequencing, and timing.
True or False: Risk identification is not everyone’s business.
False
Risk identification is crucial and requires input from various perspectives.
What are contextual risks?
Risks resulting from events, circumstances, or inter-relationships outside or across the project or system boundary.
Fill in the blank: Risk is commonly associated with __________ or hazards.
threats
What is a risk register?
The record, under formal change control, of all identified risks, their risk assessment, risk treatments, and outcomes.
What is the significance of documenting risks consistently?
To avoid confusion between risk sources and events, and risks and their consequences.
What are the basic phases of the risk management process?
- Identification
- Analysis
- Evaluation
- Response selection.
How is the likelihood of a risk defined?
The chance of something happening
Defined by ISO.
What is a business owner in the context of project management?
The business case owner for the project, representing the agency or business unit’s business needs.
What are the six levels of maturity in the Australian Government’s Risk Management Capability Maturity Model?
- Fundamental
- Developed
- Systematic
- Integrated
- Advanced
- Optimal.
What should be considered when identifying risks?
- Brainstorming
- Interviewing
- Surveying
- Documentation from other projects.
What is the general principle regarding quantifiable risk sources?
The more quantifiable a risk source, the better.
Why is it important to quantify risk sources early?
The earlier a risk source can be quantified, the better.
What should be included when assigning probabilities to risk sources?
Likelihood ranges.
What is the three-category scale for likelihood of occurrence?
Unlikely, Likely, Highly Likely.
What does the ‘Unlikely’ category indicate?
Unlikely to occur within the relevant time horizon; <20% likelihood.
What does the ‘Likely’ category indicate?
Can reasonably be expected to occur; 20–75% likelihood.
What does the ‘Highly Likely’ category indicate?
Generally expected to occur; >75% likelihood.
What is the five-category scale for likelihood of occurrence?
Rare, Unlikely, Possible, Likely, Almost Certain.
What does the ‘Rare’ category indicate?
Highly unlikely to occur; <10% likelihood.
What does the ‘Possible’ category indicate?
May well occur; 35 - <60% likelihood.
What does the ‘Almost Certain’ category indicate?
Can be expected to occur; 85–100% likelihood.
What is the purpose of assessing the likelihood of each risk source?
To achieve greater precision in risk assessment.
What should consequence groupings be aligned with?
Specific objectives, the organisation’s values and goals.
What is an example of a five-category scale for consequences?
Insignificant, Minor, Moderate, Major, Critical.
What does the ‘Insignificant’ consequence category indicate?
Minor impacts on deadlines and budget; no significant clinical impacts.
What does the ‘Critical’ consequence category indicate?
Termination of the project; serious adverse clinical events.
What is the purpose of validating risk assessments?
To seek stakeholder feedback and independent review.
What does a risk matrix map?
Risk sources in terms of likelihood and consequences.
What is an extreme risk combination in a risk matrix?
Almost certain likelihood and critical consequence.
What factors influence risk prioritization?
- Assessed risk levels
- Organisation’s risk tolerance
- Immediacy of the risk
- Resources available
What methods support the articulation of risk criteria?
- Scenario analysis
- Trade-off analysis
- Positional analysis
- Comparative analysis
What are the categories for risk treatment?
- Rejected
- Acceptable
- Significant
- Inconsequential
- Referred
- Monitored
- Treated
- Escalated
What is the main goal of risk treatment strategies?
To deal with prioritised project risks cost-effectively.
What does ‘Avoiding’ a risk entail?
Avoiding the activities that give rise to the risk.
What does ‘Transferring’ a risk involve?
Sharing or outsourcing the risk or insuring against it.
What are the common mitigation strategies?
- Avoiding
- Accepting
- Transferring
- Controlling
- Terminating
What is the role of risk owners in risk treatment?
Developing treatment plans for assigned risks.
What is the importance of monitoring and reviewing risks?
To provide ongoing learning and increase risk management maturity.
What is the goal of recording and reporting in risk management?
To communicate risk management activities and outcomes across the organization.
What are the essential functions of risk evaluation?
- Determine risk priorities
- Allocate responsibilities for prioritised risks
What is the aim of recording and reporting in risk management?
To communicate risk management activities and outcomes across the organization, provide information for decision-making, improve risk management activities, and assist interaction with stakeholders.
What are the responsibilities of executive management in risk management?
Ensure development and awareness of risk management policies, demonstrate leadership and support for policies, and ensure appropriate resources are available.
What is the role of the business owner (project sponsor) in risk management?
Ensure appropriate risk management resources are available, encourage stakeholder involvement, express risks in meaningful terms, manage external risks, and monitor risk management.
What is the primary responsibility of a project manager in risk management?
Overall management and coordination of risks within the project, including escalation as required.
What is the role of risk owners in risk management?
Develop and implement treatment plans for prioritized risks and ensure risk management is measured and reported.
What does a risk manager ensure in the context of risk management?
Effective application of risk management processes and capturing learnings to enhance the organization’s risk management maturity.
What responsibilities do all other stakeholders have in risk management?
Notify perceived risks and collaborate in developing, implementing, and monitoring risk management and treatment plans.
True or False: The responsibilities in risk management should be vaguely articulated.
False
What factors contribute to effective risk management?
- Strong commitment from the CEO
- Open communication and collaboration
- Effective policies and procedures
- Risk ownership at motivated levels
- Continuity in risk management processes
- Appropriate resourcing
Fill in the blank: Risk management is a continuous and _______ process.
[iterative]
What must not disrupt project risk management according to effective practices?
Changes in staff, such as risk owners.
