Risk Flashcards
What is risk?
An uncertain event that, should it occur, will affect the achievement of the objectives. It consists of a combination of the probability of a perceived threat or opportunity occurring and the magnitude of its impact on the objectives
What is the a purpose of the risk practice in P2?
To identify, assess and control uncertainties
What is a threat?
A risk which has a negative impact (think avoid & reduce)
What is an opportunity?
A risk which has a positive impact (think enhance & exploit)
What is risk management?
Risk management is the application of procedures to the tasks of identifying and assessing risks, and then planning and implementing risk responses
What is risk appetite?
The amount of risk the business is willing to take in its pursuit of its objectives
What is the risk management technique/procedure?
Identified, assessed, planned and controlled
What should a risk register include?
The risk register should contain a risk identifier, risk description, probability, impact, proximity (how soon), velocity (how quickly the risk will have an impact), response, probability x impact, risk owner, risk owner action, dates
How many risk owners can there be?
Only 1 per risk
When is a risk register created?
In IP stage
What are risk responses?
Typically accept, share, transfer, avoid or reduce, unless opportunity then it’s enhance/exploit too
What is P2 risk guidance step 1?
Risk planning
Risk planning is when we use techniques such as PESTLE or SWOT.
PESTLE is known as an environmental scanning technique. First we can plan for them, then analyse them then we can create a risk matrix. For the risks which are beyond the business’ risk tolerance line, these need to be referred to the project board
In risk planning, how do we describe each risk?
- Risk cause
- Risk event
- Risk effect
What is the P2 risk management guidance?
- Risk planning e.g PESTLE
- Risk analysis e.g use a risk matrix
- Risk control – taking the best action to threats/opportunities, assign risk owner
What is involved in risk control? (Step 3)?
Taking the best actions available to identify threats and opportunities to the responses
1. Assign a risk owner (and possibly a risk action owner)
2. Ring fence a budget for risk responses from the overall project budget
a. Provide provision for unknown risks – contingency
3. Know the organisations’ risk appetite – what is their risk culture?
What is decision bias?
This would include optimism bias, loss aversion, groupthink and proximity
What is the PRINCE2 risk management technique?
- Identify - Define context, objectives and identify threats and opportunities
- Assess - Prioritise risks by looking at ‘probability x impact’, use risk matrix, assess combined risk profile, calculate the value of the risk
- Plan - Range of controls (avoid, share, transfer, reduce, etc), for opportunities there is enhance and exploit
- Implement - Risk action owner takes action, plan is amended to mitigate action
- Communicate (this happens at all 4 steps ahead) - This is consistent as a step, risk is communicated across project ecosystem – risks are communicated in highlight, checkpoint, issue, exception, end stage report, end project reports. There would be a risk budget to report on
How to prioritise risk?
Probability x Impact
How likely are they to occur x what will happen if it does?
What is the difference between a risk owner and a risk action owner?
The risk owner manages the risk, monitors the risk, controls it and implements the selected response. The risk action owner owns the action to address the risk.
What are risk management supporting techniques to help with risk?
- Horizon scanning (PESTLE and SWOT) are used at the ‘identify’ stage of risk
- Use of data is another technique
What is the PM’s role regarding risk?
- Manages risk management approach (advised by project assurance)
- Establish and maintains risks in the risk register
- Ensures risks are identified, assessed and controlled
