ELEVEN - Risk Management Flashcards
What does a PM’s work focus on?
Preventing, not dealing with, problems
What is Risk Management?
The process of identifying, evaluating, and planning responses to events, both positive and negative, that might occur. Through risk management, a PM can increase the probability and impact of opportunities, while decreasing the probability and impact of threats.
What is Uncertainty?
A lack of knowledge about an event that reduces our confidence in the conclusions we can draw from specific data
What are Risk Factors?
When assessing risk, it is necessary to determine:
Probability a risk event will occur;
Range of possible outcomes (impact and how much is at stake);
Expected timing for it to occur;
Anticipate frequency
What is a risk event?
Something identified in advance that may or may not happen, and that can have positive or negative impacts on the project
What is Risk Appetite?
AKA risk tolerance. A general, high-level description of the level of risk acceptable to an individual or organization. Example, a sponsor is willing to accept little risk to the schedule.
What is Risk Thresholds?
Refers to the specific point at which risk becomes unacceptable. Example, sponsor will not accept a risk of the schedule being delayed by 15 days or longer
What is Risk Averse?
A stakeholder who does not want to be negatively impact by threats is said to be Risk Averse
Who is involved in Plan Risk Management?
PM, sponsors, team, customer, other stakeholders, and experts
What does the Plan Risk Management process answer?
Answers the question of how much time should be spent on risk management based on the needs of the project. Includes Risk appetite of management and other key stakeholders. Also identifies who will be involved and how the team will perform risk management.
What are the inputs to Plan Risk Management (P)?
PM Plan - Includes info on how risk management will be handled in relation to scope, schedule, cost, etc
Project Charter - Indicates initial high level risks
Stakeholder Register
EEFs - Areas of risk org. is willing to accept and risk threshold of an org.
OPAs - templates, procedures (for risk management), LL, historical info,
What are the outputs of plan risk management?
Risk Management Plan
What does the Risk Management Plan include?
Risk Strategy - overall approach to managing risks;
Methodology - How risk management will be performed to meet needs of a project;
Roles and Responsibilities;
Funding - Cost of risk management process and plan for utilizing reserves;
Timing - When do to risk management. This time needs to be allocated for in the schedule;
Risk Categories;
Stakeholder risk appetite/thresholds - Info also used when ranking risks based on prob/impact;
Definitions of probability and impact - Help PM standardize interpretations of probability and impact matrix;
Reporting - Describes risk management reports, what they will include, and to whom they will be sent. Composition of risk register is defined here as well;
Tracking - how risk management process will be audited and how results of risk management efforts will be documented
When should risk management occur?
As soon as the PM has the required inputs and should be repeated throughout the life of the project.
What are Risk categories (Sources of Risk)?
A standard list of risk categories can help ensure no areas of risk are missed. The categories are broad, common areas or sources of risk (technology changes, lack of resources, regulatory hurdles, cultural issues).
Orgs and PMOs should maintain a standard list of risk categories that all PMs can use. A Risk Breakdown structure can help identify and document risk categories
What are 5 ways risks can be categorized?
External - regulatory, environmental, governmental issues, market shifts, problems with project sites
Internal - Changes to schedule or budget, scope changes, inexperienced team members, staffing, materials, equipment
Technical - Changes in technology, technical processes
Commercial - customer stability, contract terms and conditions, vendors
Unforeseeable - Only small amount of risks are unforeseeable
What are the two main types of risks?
Business risk: Risk of a gain or loss
Pure (Insurable) Risk: Risk of loss only (fire, theft, etc)
What are nonevent risks?
Variability - Risks caused by the inability to predict future changes
Ambiguity - Risks caused by lack of understanding
What occurs in identify risks (P)?
In this process, risks to the project are identified. This effort should involve all stakeholders, and possibly with nonstakeholders.
When is risk identification done?
At beginning during planning, during integrated change control, when working with contracts and/or resources, and when dealing with project issues
What are the tools and techniques to Identify Risks?
Brainstorming, Checklist Analysis, Interviewing, Root Cause Analysis, Assumption Analysis, Constraint Analysis, SWOT Analysis, Documentation Review, Prompt Lists, Facilitation
What is Risk Checklist Analysis?
Organization may compile a list of risks encountered on projects which help in identifying risks on new projects. Involves reviewing a checklist of generic risk categories to help identify specific risks from each category
Root Cause Analysis - Identify Risks
Identified risks are reorganized by their root causes to help identify more risks
SWOT Analysis - Risk
Analyzes the project to identify strengths and weaknesses, as well as opportunities and threats
Documentation Reviews - Risk Identification
What is and is not included in project documents can help identify risks
Prompt Lists - Identify Risks
A list of categories that have been identified as possible sources of risk to the project.
What are outputs of identify risks?
Risk Register, Risk Report
What is the Risk Register?
It is one document that will be constantly updated with info as the risk management processes are completed meaning it contains different info at different parts of the risk management process. A part of project documents and will be included as historical info
During identify risks, what is included in the Risk Register?
List of Risks - stated with cause-risk-effect format;
Potential Risk Owners;
Potential Risk Responses
Root Causes of Risks;
Updated Risk Categories - provides feedback to rest of company;
Risk triggers, potential impact, when risks could occur, when each risk will no longer pose a threat/opportunity
What is a Risk Report?
Distributed to stakeholders to keep them apprised of risk management efforts and outcomes. Will be updated throughout risk management processes.
What does Perform Qualitative Risk Analysis (P) involve?
Involves analyzing the long list of identified risks, including their probability and potential impact on the project, to determine which ones warrant a response. Can’t plan for each risk identified as list would be too time consuming. A shortened lists of risks is created and will either be further analyzed in quantitative risk analysis, or may move on into plan risk response
What can Qualitative Risk analysis be used for?
To do the following:
Compare risk of the project to overall risk of other projects;
Determine whether project should be continued or terminated;
Determine whether to proceed to quantitative risk analysis or plan risk responses (depending on needs of the project and performing organization)
What are the Inputs to Perform Qualitative Risk Analysis?
Risk Register, Risk Management Plan
What are the tools and techniques of Perform Qualitative Risk Analysis?
Data Analysis - Risk Data Quality Assessment, Risk Parameters Assesment, Risk Probability and Impact Assessment
Data Representation - Probability and Impact Matrix,
Risk Categorization
Risk Data Quality Assessment
First must analyze the precision of the data before can use the risk info collected. PM must assess the accuracy and reliability of the data to validate the risk, and determine if more research is required.
What does Risk Data Assessment determine about risks?
Extent of the understanding of the risk, data available about the risk, quality of the data, Reliability and integrity of the data
Risk Parameters Assessment
Determines risks that should move more quickly through the risk process than others based on factors that are referred to as risk parameters
What are risk parameters?
Urgency - Indicates if the risk is likely to occur soon or if requires a long time to plan a response
Dormancy - Anticipated time between when a risk occurs and when its impact is felt on the project
Manageability and controllability - indicates the level of difficulty involved in dealing with an identified risk
Strategic impact - refers to the degree to which the occurrence of a risk would affect the strategic goals of the organization