Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

project management > risk management > Flashcards

risk management Flashcards

1
Q

what are the 4 steps of risk management?

A
  1. identify and respond to risks specific to a project/organisation
  2. assess their impact against cost, schedule and performance
  3. plan strategies to mitigate risk
  4. control risks as they occur
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

define risk management

A

a 4-step, proactive, iterative process involving everyone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

list some risk identification techniques

A
  • brainstorming
  • interviewing
  • learning from experience
  • checklists
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

list some sources of risk

A
  • technical
  • legal and commercial
  • environmental
  • political
  • competition
  • low-volume products
  • financial and economic
  • IT and cyber threats
  • security
  • political
  • international collaboration
  • supply chain fragility
  • market forces
  • single source supply
  • skills and labour
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

why must we categorise risk?

A

helps organisations identify where to put their resources so risks can be controlled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are the key outputs of identifying risk?

A
  • clear project objectives
  • documented assumptions
  • RM strategy
  • RM plan that must be updated for the life of the project
  • risk register (dynamic and so must be constantly reviewed and refreshed)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what are the two types of risk analysis methods?

A
  • qualitative: low, medium and high ranges against probability and impact (3x3 or 5x5 matrix)
  • quantitative: 3 point estimates for cost, schedule, and performance, more specific percentage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what does a high risk value mean for probability, performance impact, cost impact, and schedule impact?

A
  • probability = > 50% chance
  • performance impact = major shortfalls in key parameters
  • cost impact = large increase in cost > £5m
  • schedule impact = long project delay > 6 months
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what does a medium risk value mean for probability, performance impact, cost impact, and schedule impact?

A
  • probability = 20% - 50% chance
  • performance impact = some shortfalls in one or two areas
  • cost impact = significant increase in cost £1m - £5m
  • schedule impact = significant project delay 1 - 5 months
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what does a low risk value mean for probability, performance impact, cost impact, and schedule impact?

A
  • probability = < 20% chance
  • performance impact = few shortfalls in secondary parameters
  • cost impact = small increase in cost < £1m
  • schedule impact = short project delay
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what are the outputs of risk analysis?

A
  • prioritized list of risks
  • agreed risk ownership
  • qualitative risk data (high, medium, low)
  • quantitative risk data (3-point estimates)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what risk mitigation do we have?

A
  • tolerate: take the risk and live with consequences
  • reject risk: it is not valid
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

how can we handle risks?

A
  • terminate: take actions to eliminate the risk
  • treat/reduce: reduce risk to a tolerable level
  • transfer: to another party (e.g. insurance)
  • acceptance: as it is not cost effective to manage it
  • avoidance: by doing things differently
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what must we consider in risk reduction plans?

A
  • fallback and contingency plans (enables ‘what-if’ scenarios)
  • secondary risks (do your mitigation actions have additional inherent risks?)
  • post mitigation analysis (has your mitigation action improved the probability of success?)
  • risks with interdependencies (risks that are linked to each other)
  • opportunities (are there opportunities to further improve against project objectives?)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what are the outputs of risk reduction planning?

A
  • risk handling options
  • post-handling probabilities and/or impacts
  • identified secondary risks
  • trigger/decision points
  • updated project plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

when managing/controlling risks, what must we consider?

A
  • managing the process: nominated risk manager with accountability, responsibility, and authority
  • reviewing risks: current, retired, new, and opportunities
  • ensuring risk owners are actively managing risks (not just the process) and mitigation action plans are being delivered
  • maintaining communication, stakeholder buy-in, and risk records
  • risk reporting
17
Q

what are the key outputs of managing and controlling risk?

A
  • risk reports
  • maintained risk register
  • updated project data
  • continuously improved rm process
  • lessons learned
18
Q

why do organisations do risk management?

A
  • it is an integral and essential part of pm that is used to support and improve organisational communication and decision-making
  • carried out systematically and through life, rm is the biggest factor in determining whether or not a project will be successful
  • it puts project team in control of uncertain events (it reduces uncertainty) that might impact on achieving project objectives:
  • military capability is gained by working at the cutting edge of the art of the possible
  • risks must be taken to gain these advantages and benefits
  • RM reduces risk to a tolerable level while increasing the probability of successful project outcomes
  • increases visibility for all stakeholders, thus raising risk awareness and accountability
  • uncovers key cost, schedule and performance drivers and allows actions/resources to be focused where they will be most effective
  • improves the likelihood of project success and encourages forward thinking while minimizing sudden shocks and surprises
  • adds realism, so that resources (people, time, money) can be better allocated to projects
  • enables proactive management of risks and the project
19
Q

in practice, what is risk management all about?

A
  • RM is about working out what could happen tomorrow and doing something about it today
  • RM is the planned and systematic approach to the identification and quantification of risks, the appraisal and selection of options for managing and controlling these risks, and the implementation of the selected options
  • Purpose of RM is to remove or reduce the likelihood and effect of risks before they occur, and deal effectively with the actual problems if they do occur- RM is about working out what could happen tomorrow and doing something about it today
  • RM is the planned and systematic approach to the identification and quantification of risks, the appraisal and selection of options for managing and controlling these risks, and the implementation of the selected options
  • Purpose of RM is to remove or reduce the likelihood and effect of risks before they occur, and deal effectively with the actual problems if they do occur
20
Q

describe the psychology and culture of risk

A
  • RM is shaped by the decisions that humans have to make and so understanding the way we think is important
  • decisions are typically related to how much risk they are likely to incur and how much risk we are willing to accept: do we like to take risks or are we risk averse?
21
Q

what are common risk management mistakes in projects?

A
  • over emphasis on managing the process and not enough managing the risk
  • failing to identify interdependent risks
  • believe that risk can be transferred
  • identify risks and do nothing about them
  • take risks because the mitigation actions have a significant cost and resource burden
  • tendency to become risk averse, which stalls the project
  • believe risk can be managed by identifying the major big ticket risks while failing to recognise cumulative effect of non-identified small risks
  • fail to recognize impact of low probability, high impact risks
  • marginalize dissenting voices
22
Q
A
23
Q

what is a black swan event?

A
  • outliers that reside outside the realm of regular expectations because nothing in the past can convincingly point to their possibilities
  • it has a low probability but carries an extreme impact
  • in spite of its outlier status, human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable
24
Q

how do black swan events occur?

A
  • they are the classic ‘one in a million’ and so are very difficult to predict
  • our psychological biases make us ‘blind’ to the occurrence of these events
  • our knowledge of such events rapidly deteriorates as the probability of such an occurrence decreases
  • the underlying physical processes at work is imperfect and so is difficult to understand, i.e. we do not often know how events have happened
  • they are often a result of a chain of events rather than a single event (1986 challenger space shuttle)
25
Q

how can we manage black swan events?

A
  • contingency plans
  • knowledge management
  • communication
26
Q

how can contingency plans help manage black swan events?

A
  • Business Continuity or Disaster Recovery Plans in place to respond
  • prior to 9/11, funds were allocated to overcome the initial market crash caused by the attack
27
Q

how can knowledge help manage black swan events?

A
  • can help reduce the impact of a BSE
  • improved gathering of data on risk and uncertainty, coupled with the vast knowledge and experience of employees can help to reduce the impact of a BSE, i.e. recovery plans can be developed for implementation if a BSE does occur
  • example: did Japan learn from the 2004 indonesia tsunami? (2011 Fukushima disaster)
28
Q

how can communication help manage black swan events?

A

poor communication was highlighted as one of the main causes of both 1986 challenger and 2003 columbia space shuttle disasters

29
Q

how can we identify black swans?

A
  • it could be argued that we should put more effort into identifying black swans
  • this has less value than if we had contingency plans in place, allows for a response so that the business does not collapse
30
Q

what is enterprise risk management?

A

ongoing proactive process of adopting a holistic approach across the enterprise to all the uncertainty that may affect either positively or negatively the achievement of its key purposes and objectives, leading to action
to achieve greater business robustness and flexibility, efficient risk taking, and an appropriate risk-reward balance

31
Q

what are some key properties of enterprise risk management?

A
  • provides the vehicle for delivering strategy
  • allows organizational risks to be understood
  • requires risk leadership at the board level
  • helps to set the organization’s strategy and match the risks taken with its risk appetite, risk capacity and objectives

project management (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions