Risk analysis and management. Flashcards
What is the definition of Risk analysis and management?
Risk analysis and management is a process that allows individual risk events and overall risk to be understood and managed proactively, optimising success by minimising threats and maximising opportunities.
What is a risk?
The potential of an action or event to impact on the achievement of a specific objective.
What is the risk management process?
-Initiate.
-Identification.
-Analysis.
-Response.
-Closure.
What happens during INITIATE?
-The scope and objectives of risk management are defined.
-Risk management plan is written.
What is in a risk management plan?
-Project description.
-Purpose and scope of risk management.
-Risk management responsibilities.
-Risk management process.
-Tools and techniques.
-Scales to be used for Probability & Impact grid.
-Annexes: Risk categories, copy of risk register.
What happens during IDENTIFICATION?
-Key risk events are identified.
-Consider both threats and opportunities.
-Output is a Risk Log (or register).
Should be many iterations of this step. Risk owners should be identified with risks.
What are some techniques to identify risks?
-Assumptions and Constraints analysis.
-Check lists.
-Prompt lists.
-Brainstorming.
-Interviews.
What does assumptions analysis do?
-Questions what may have been taken as fact.
-Useful when identifying threats.
What does constraints analysis do?
-Investigates the stability of a perceived constraint.
-Useful for identifying opportunities.
What is a checklist? (Risk)
-An encapsulation of lessons learned from other projects.
What is a prompt list? (Risk)
-Aide-memoire for risks.
-Helps to focus and cover off key areas where risk is found.
Describe brainstorming? (Risk) Advantages/Disadvantages?
-Captures risks quickly
-Can be used to engage stakeholders in the risk management process.
-Works best with an external facilitator.
-Gets diverse range of perspectives.
-Can be constrained by social issues (peer pressure, power gradient etc),
Why would Interviews be used? (Risk)
-Used when it is not practical to commit a whole team to a risk identification workshop.
-Useful for people who are reluctant to air risks in a public forum.
-Uses a facilitator to conduct the interviews.
Describe a Probability Impact Grid.
-Once a risk is identified the PM, risk owner, and Risk Manager (if there is one) assess the risks against likelihood and impact.
-Impact usually assessed against more than one element. (Reputation, Cost, Safety etc).
What are the RESPONSES to threats?
Proactive:
-Avoid.
-Reduce (Probability and/or Impact).
-Transfer.
-Share.
-Plan fallback.
Reactive:
-Accept.
What are the RESPONSES to Opportunities?
Proactive:
-Exploit
-Enhance (Probability and/or Impact)
-Transfer
-Share
-Plan Option.
Reactive:
-Reject.
What are some considerations when conducting RESPONSE?
-Useful to Brainstorm possible responses to risk events.
-Decide on best action.
-Understand whether a secondary risk will be introduced.
-How much remains in the risk budget?
-Is consultation with other necessary?
-Then ensure the actions determined are resourced and carried out.
What happens in CLOSURE?
When the risk is no longer a risk i.e
-100% Prob - Issue
-0% Prob - Risk gone and can close.
What is the definition of Contingency?
The Provision of additional time or money to deal with the occurrence of risks.
What are two types of Contingency?
-Management reserve. A sum of money that is part of overall cost contingency to cover unidentified risks.
-Risk budget. A sum of money that is part of overall cost contingency to cover the cost impact of identified risks.
What are the benefits of risk management?
-More realistic plans and more likely to achieve them.
-Fewer problems should occur; those that do may be mitigated.
-Projects that are deemed too risky will be discouraged.
-Focuses on most important threats to project.
-Assessment of contingencies which reflect the level of risk and helps discourage financially unsound projects.