ELEVEN - Risk Management Flashcards

1
Q

What does a PM’s work focus on?

A

Preventing, not dealing with, problems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Risk Management?

A

The process of identifying, evaluating, and planning responses to events, both positive and negative, that might occur. Through risk management, a PM can increase the probability and impact of opportunities, while decreasing the probability and impact of threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Uncertainty?

A

A lack of knowledge about an event that reduces our confidence in the conclusions we can draw from specific data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Risk Factors?

A

When assessing risk, it is necessary to determine:
Probability a risk event will occur;
Range of possible outcomes (impact and how much is at stake);
Expected timing for it to occur;
Anticipate frequency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a risk event?

A

Something identified in advance that may or may not happen, and that can have positive or negative impacts on the project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Risk Appetite?

A

AKA risk tolerance. A general, high-level description of the level of risk acceptable to an individual or organization. Example, a sponsor is willing to accept little risk to the schedule.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Risk Thresholds?

A

Refers to the specific point at which risk becomes unacceptable. Example, sponsor will not accept a risk of the schedule being delayed by 15 days or longer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Risk Averse?

A

A stakeholder who does not want to be negatively impact by threats is said to be Risk Averse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who is involved in Plan Risk Management?

A

PM, sponsors, team, customer, other stakeholders, and experts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the Plan Risk Management process answer?

A

Answers the question of how much time should be spent on risk management based on the needs of the project. Includes Risk appetite of management and other key stakeholders. Also identifies who will be involved and how the team will perform risk management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the inputs to Plan Risk Management (P)?

A

PM Plan - Includes info on how risk management will be handled in relation to scope, schedule, cost, etc

Project Charter - Indicates initial high level risks
Stakeholder Register
EEFs - Areas of risk org. is willing to accept and risk threshold of an org.
OPAs - templates, procedures (for risk management), LL, historical info,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the outputs of plan risk management?

A

Risk Management Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the Risk Management Plan include?

A

Risk Strategy - overall approach to managing risks;
Methodology - How risk management will be performed to meet needs of a project;
Roles and Responsibilities;
Funding - Cost of risk management process and plan for utilizing reserves;
Timing - When do to risk management. This time needs to be allocated for in the schedule;
Risk Categories;
Stakeholder risk appetite/thresholds - Info also used when ranking risks based on prob/impact;
Definitions of probability and impact - Help PM standardize interpretations of probability and impact matrix;
Reporting - Describes risk management reports, what they will include, and to whom they will be sent. Composition of risk register is defined here as well;
Tracking - how risk management process will be audited and how results of risk management efforts will be documented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When should risk management occur?

A

As soon as the PM has the required inputs and should be repeated throughout the life of the project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are Risk categories (Sources of Risk)?

A

A standard list of risk categories can help ensure no areas of risk are missed. The categories are broad, common areas or sources of risk (technology changes, lack of resources, regulatory hurdles, cultural issues).
Orgs and PMOs should maintain a standard list of risk categories that all PMs can use. A Risk Breakdown structure can help identify and document risk categories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are 5 ways risks can be categorized?

A

External - regulatory, environmental, governmental issues, market shifts, problems with project sites

Internal - Changes to schedule or budget, scope changes, inexperienced team members, staffing, materials, equipment

Technical - Changes in technology, technical processes

Commercial - customer stability, contract terms and conditions, vendors

Unforeseeable - Only small amount of risks are unforeseeable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the two main types of risks?

A

Business risk: Risk of a gain or loss

Pure (Insurable) Risk: Risk of loss only (fire, theft, etc)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are nonevent risks?

A

Variability - Risks caused by the inability to predict future changes

Ambiguity - Risks caused by lack of understanding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What occurs in identify risks (P)?

A

In this process, risks to the project are identified. This effort should involve all stakeholders, and possibly with nonstakeholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When is risk identification done?

A

At beginning during planning, during integrated change control, when working with contracts and/or resources, and when dealing with project issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the tools and techniques to Identify Risks?

A

Brainstorming, Checklist Analysis, Interviewing, Root Cause Analysis, Assumption Analysis, Constraint Analysis, SWOT Analysis, Documentation Review, Prompt Lists, Facilitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is Risk Checklist Analysis?

A

Organization may compile a list of risks encountered on projects which help in identifying risks on new projects. Involves reviewing a checklist of generic risk categories to help identify specific risks from each category

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Root Cause Analysis - Identify Risks

A

Identified risks are reorganized by their root causes to help identify more risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

SWOT Analysis - Risk

A

Analyzes the project to identify strengths and weaknesses, as well as opportunities and threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Documentation Reviews - Risk Identification

A

What is and is not included in project documents can help identify risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Prompt Lists - Identify Risks

A

A list of categories that have been identified as possible sources of risk to the project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are outputs of identify risks?

A

Risk Register, Risk Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the Risk Register?

A

It is one document that will be constantly updated with info as the risk management processes are completed meaning it contains different info at different parts of the risk management process. A part of project documents and will be included as historical info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

During identify risks, what is included in the Risk Register?

A

List of Risks - stated with cause-risk-effect format;
Potential Risk Owners;
Potential Risk Responses
Root Causes of Risks;
Updated Risk Categories - provides feedback to rest of company;
Risk triggers, potential impact, when risks could occur, when each risk will no longer pose a threat/opportunity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is a Risk Report?

A

Distributed to stakeholders to keep them apprised of risk management efforts and outcomes. Will be updated throughout risk management processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What does Perform Qualitative Risk Analysis (P) involve?

A

Involves analyzing the long list of identified risks, including their probability and potential impact on the project, to determine which ones warrant a response. Can’t plan for each risk identified as list would be too time consuming. A shortened lists of risks is created and will either be further analyzed in quantitative risk analysis, or may move on into plan risk response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What can Qualitative Risk analysis be used for?

A

To do the following:
Compare risk of the project to overall risk of other projects;
Determine whether project should be continued or terminated;
Determine whether to proceed to quantitative risk analysis or plan risk responses (depending on needs of the project and performing organization)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are the Inputs to Perform Qualitative Risk Analysis?

A

Risk Register, Risk Management Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What are the tools and techniques of Perform Qualitative Risk Analysis?

A

Data Analysis - Risk Data Quality Assessment, Risk Parameters Assesment, Risk Probability and Impact Assessment

Data Representation - Probability and Impact Matrix,

Risk Categorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Risk Data Quality Assessment

A

First must analyze the precision of the data before can use the risk info collected. PM must assess the accuracy and reliability of the data to validate the risk, and determine if more research is required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What does Risk Data Assessment determine about risks?

A

Extent of the understanding of the risk, data available about the risk, quality of the data, Reliability and integrity of the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Risk Parameters Assessment

A

Determines risks that should move more quickly through the risk process than others based on factors that are referred to as risk parameters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What are risk parameters?

A

Urgency - Indicates if the risk is likely to occur soon or if requires a long time to plan a response

Dormancy - Anticipated time between when a risk occurs and when its impact is felt on the project

Manageability and controllability - indicates the level of difficulty involved in dealing with an identified risk

Strategic impact - refers to the degree to which the occurrence of a risk would affect the strategic goals of the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Risk Probability and Impact Assessment

A

To perform the analysis, the following must be determined:

Probability of each risk occurring using a standard scale

The impact of each risk using a standard scale

40
Q

Probability and Impact Matrix

A

The organization’s standard rating system is shown in this matrix. Matrix used to sort or rate risks to determine which warrant an immediate response and which should be put on the watch list. This matrix makes the risk rating evaluation more consistent

41
Q

What is Qualitative risk analysis based on?

A

Subjective evaluation

42
Q

Risk Categorization

A

Examines the question What will we find if we regroup the risks by categories (by source or by work package). Allows for the PM to eliminate many risks by eliminating one cause (work package, people, process, etc)

43
Q

What are the outputs of Perform Qualitative Risk Analysis (P)?

A

Project Document Updates - Risk register, assumption log, issue log, risk report

44
Q

After perform qualitative risk analysis, what is included in the risk register?

A

Risk ranking for the project compared to other projects;
List of prioritized risks and their probability and impact ratings;
Results of other risk parameter assessments;
Risks grouped by categories;
list of risks for additional analysis and response;
list of risks requiring additional analysis in the near term;
Watch list

45
Q

Risk report

A

results of risk prioritization and list of highest-ranking risks

46
Q

Perform Quantitative Risk Analysis (P)

A

Involves numerically analyzing the probability and impact of the risks that were ranked highest in qualitative risk analysis. It also looks at how risks could affect the objectives of the project

47
Q

What is the purpose of the quantitative risk analysis?

A

Determine which risk events warrant a response;
Determine overall project risk;
determine quantified probability of meeting the project objectives;
Determine cost and schedule reserves;
Identify risks requiring the most attention;
Create realistic and achievable cost, schedule, or scope targets

48
Q

What are the inputs to Perform Quantitative Risk Analysis?

A

Risk Management plan, assumption log, project estimates, forecasts, and milestones, risk register and risk reports

49
Q

What are the tools and techniques of Perform Quantitative Risk Analysis?

A

Simulations, Sensitivity Analysis, Decision Tree Analysis

expert judgement, data gathering, data analysis, interpersonal and team skills, representations of uncertainty, cost and schedule estimating, use of historical records

50
Q

Sensitivity Analysis

A

Technique used to analyze and compare potential impacts of identified risks. Risks are represented by horizontal bars. The longest and uppermost bars represents the greatest risk. The resulting graphic resembles a funnel cloud or tornado.

51
Q

Decision Tree Analysis

A

Helps a PM choose between many alternatives by analyzing how each choice benefits or hurts the project while taking into account associated risks, probability, and impact. A decision tree is analyzed by calculating the value of each branch.

52
Q

What is expected monetary value?

A

Probability X Impact

53
Q

When is the expected value calculation performed?

A

Performed during quantitative analysis and revised during risk response planning when calculating contingency reserves for schedule and costs

54
Q

What should you know about Decision Trees for the exam?

A

Takes into account future events in making a decision today;

Involves mutual exclusivity

55
Q

Outputs of Perform Quantitative Analysis

A

Risk Register Update, risk report

56
Q

What is updated/included in the risk register during perform quantitative analysis?

A

Prioritized list of quantified individual project risks;
Quantified probability of meeting project objectives;
Trends in quantitative risk analysis;
initial contingency time and cost reserves needed;
Assessment of overall project risk exposure;
Possible realistic and achievable completion dates and costs, with confidence levels
Recommended risk responses

57
Q

What does Plan Risk Response Inolve?

A

Involves figuring out what are we going to do about each top risk? PM needs to find a way to reduce or eliminate threats while making opportunities more likely to occur.

58
Q

What are residual risks?

A

Those risks that can not be eliminated or exploited through risk response strategies

59
Q

What are inputs to plan risk responses?

A

Risk register, cost baseline,

60
Q

What are tools and techniques in plan risk response?

A

Risk response strategies

expert judgement, interviewing, facilitation, data analysis, multicriteria decision analysis

61
Q

What are the threat risk responses?

A

Avoid, Mitigate, Transfer

62
Q

What is Avoid Response?

A

Eliminate the threat by eliminating the cause.

63
Q

What is the Mitigate Response?

A

Reduce the probability or impact of a threat by making it a smaller risk and possibly removing it from the list of top risks. Options for reducing probability are considered separately from reducing impact

64
Q

What is Transfer Response?

A

Make a party outside the project responsible for the threat. Examples are insurance, warranties, outsourcing, etc

65
Q

What are risk responses for opportunities?

A

Exploit, Enhance, Share

66
Q

What is exploit risk response?

A

Opposite of avoid. add work or change to project to make sure opportunity occurs.

67
Q

What is Enhance risk response?

A

Increase the likelihood (probability) or positive impact of the opportunity. Opposite of mitigate

68
Q

What is the share risk response?

A

Allocate ownership or partial ownership of opportunity to third party (forming partnership or joint venture) that is best able to achieve the opportunity

69
Q

For both threats and opportunities, what are additional risk responses?

A

Escalate, Accept

70
Q

What is Escalate risk response?

A

Risk should be escalated if outside of the scope of the project or beyond PMs authority. Any escalated risks will be managed at the program/portfolio level. Escalated risks need to be accepted by the program or portfolio manager

71
Q

What is Accept risk response?

A

Passive Acceptance: Means to do nothing and essentially say if it happens it happens. Actions to be determined as needed if the risk occurs.

Active Acceptance: Involves creating contingency plans to be implemented if the risk occurs and allocating time and cost reserves to the project

72
Q

What must be considered when responding to threats and opportunities?

A

Strategy must be timely;
Effort must be appropriate to severity;
One response can be used to address multiple;
More than one response can be used on the same risk;
A response can address the root cause, thereby addressing more than one risk;
The team, other stakeholders, and experts should be involved in selecting strategy

73
Q

Who must risk response strategies be communicated to?

A

Sponsor, management, and stakeholders

74
Q

What are the outputs of Plan Risk Response (P)?

A

PM Plan Updates - schedule, cost, quality, procurement, communications, resource management, scope, schedule, and cost baselines

Project Document Updates - Assumption log, cost forecasts, LL, schedule, project team assignments, risk register, and risk report

Change requests

75
Q

How is the risk report updated in plan risk response?

A

Updated to communicate the risks of greatest threat or opportunity, overall project risk exposure, outcome of plan risk response, anticipated changes

76
Q

What is included in the Risk Register after Plan Risk responses?

A

Residual risks, contingency plans, fallback plans, risk owners, secondary risks, risk triggers, contracts, reserves

77
Q

What are Residual risks?

A

Risks that remain after risk planning. These passively accepted risks should be monitored and tracked throughout the project

78
Q

Contingency plans?

A

Describe specific action that will be taken if a risk occurs

79
Q

Fallback plans?

A

Outline specific actions that will be taken if contingency plans are not effective.

80
Q

Risk Owners?

A

Each risks is assigned to someone in risk response planning. They will lead the development of the risk response and carry it out or own the risk. Could be a stakeholder other than a team member.

81
Q

Secondary risks?

A

Any new risk created by the implementation of selected risk responses.

82
Q

Risk Triggers?

A

Events that trigger the contingency response

83
Q

Contracts in risk response planning?

A

Before a contract is finalized, PM should complete a risk analysis and include contract terms and conditions that deal with opportunities/threats

84
Q

Reserve (Contingency)

A

Reserves for time and cost. Reserves are not an additional cost to project. Risk management process should result in decrease to the project’s estimated time and cost. As risks are eliminated/impact/probability is reduced, there should be a reduction to project’s schedule and budget. Contingency reserves are allocated for contingency plans and fallback plans.

85
Q

What are the inputs to Implement Risk Responses (E)?

A

LL Register, Risk Register, Risk Report

86
Q

How are risk responses implemented?

A

When a risk event is imminent, the risk owner, supported by the PM, leads previously assigned resources in performing response activities.

87
Q

What are the Outputs of Implement Risk Responses (E)?

A
Change request (cost and schedule), Update project documents - risk register and risk report, suggesting changes to future risk response plans.
LL Register update, issue log update
88
Q

What are the Tools and Techniques of Monitor Risks?

A

Data Analysis - Reserve Analysis, Technical Performance Analysis

Risk Reviews, Risk Audits, Meetings

89
Q

How is Reserve Analysis used to Monitor Risks?

A

Checking to see how much reserve remains and how much might be needed.

90
Q

When can contingency reserves be used?

A

Only be used to handle the impact of the specific risk it was set aside for. Meaning if a change must occur that was not accounted for, the PM must take preventative or corrective actions, fast track, crash, or adjust project to make up the impact

91
Q

What is Technical Performance Analysis?

A

Uses project data to compare planned versus actual completion of technical requirements to determine if there is variance from what was planned.

92
Q

Risk Reviews

A

Held regularly to discuss effectiveness of planned risk responses that have been implemented.

93
Q

Risk Audits

A

Can be held during meetings to assess the overall process of risk management on the project.

94
Q

What are outputs of Monitor Risk?

A

Work Performance Information;
Project Document Updates - Risk Register Updates
Change Request
PM Plan Updates
OPA Updates - risk templates, risk processes/procedures, LL

95
Q

What does Monitor Risks add to Risk Register?

A

Outcomes of risk reassessments and audits;
Results of implemented risk responses;
Updates to previous parts of risk management
Identification of new risks;
Closing of risks;
Details of what happened when risk occurred;
LL