Risk Management

Question 1

Define:

Acceptance

Answer 1

A risk response appropriate for both positive and negative risks, but often used for smaller risks within a project.

Question 2

Define:

Agile Risk

Answer 2

A negative event or condition that can affect the project’s value.

Question 3

Define:

Amber Condition

Answer 3

These risks are somewhat high in impact and probability.

Question 4

Define:

Ambiguity Risks

Answer 4

Risks that have an uncertain, unclear nature, such as new laws or regulations, the marketplace conditions, and other risks that are nearly impossible to predict.

Ambiguity risks are managed by identifying the knowledge gap, hiring experts to help with the risks, and benchmarking against best practices in the discipline.

Ambiguity risks can also be managed through incremental development life cycles, prototyping the project or portions of the project, and creating simulations to create expected outcomes.

Question 5

Define:

Assumption Analysis

Answer 5

This is examining the assumptions to see what risks may stem from false beliefs. Examining assumptions is about gauging the validity of the assumptions.

For example, consider a project to install a new piece of software on every computer within an organization.

The project team has assumed that all the computers within the organization meet the minimum requirements for installing the software. If this assumption is wrong, cost increases and schedule delays will occur.

Question 6

Define:

Business Risks

Answer 6

These risks may have negative or positive outcomes.

Examples include using a less experienced worker to complete a task, allowing phases or activities to overlap, or forgoing the expense of formal training for on-the-job education.

These risks are also known as speculative risks.

Question 7

Define:

Cardinal Scales

Answer 7

A ranking approach to identify the probability and impact by using a numerical value, from .01 (very low) to 1.0 (certain).

Question 8

Define:

Code Debt

Answer 8

This is the refactoring and cleanup of code that’s designed for a short-term win versus a more robust design that’s long-lasting but takes longer to create.

Question 9

List:

Common Risk Transfer Examples

Answer 9

• Insurance
• Performance bonds
• Warranties
• Guarantees
• Fixed-priced contracts

Question 10

Define:

Contingency Response

Answer 10

Contingency plans are a predefined set of actions the project team will take should certain events occur. They are sometimes called worst-case scenarios or fallback plans.

A fallback plan is a reaction to a risk that has occurred when the primary response proves to be inadequate. Most risk acceptance policies rely on a contingency allowance for the project.

Question 11

Define:

Data Precision

Answer 11

The consideration of the risk ranking scores that takes into account any bias, the accuracy of the data submitted, and the reliability of the nature of the data submitted.

Question 12

Define:

Decision Tree

Answer 12

A method to determine which of two or more decisions is the best one. The model examines the costs and benefits of each decision’s outcome and weighs the probability of success for each of the decisions.

For example, it can be used to determine buy-versus-build scenarios, lease-or-purchase equations, or whether to use in-house resources rather than outsourcing project work.

Question 13

Define:

Delphi Technique

Answer 13

An anonymous method of querying experts about foreseeable risks within a project, phase, or component of a project.

The results of the survey are analyzed by a third party, organized, and then circulated to the experts.

The Delphi Technique is completely anonymous, and the goal is to gain consensus on project risks within the project.

The anonymous nature of the process ensures that no single expert’s advice overtly influences the opinion of another participant.

Question 14

Define:

Enhancing

Answer 14

A risk response that attempts to enhance the conditions to ensure that a positive risk event will likely happen.

Question 15

Define:

Escalating

Answer 15

A risk response that is appropriate for both positive and negative risk events that may outside of the project manager’s authority to act upon.

Question 16

Define:

Expected Monetary Value

(EMV)

Answer 16

The monetary value of a risk exposure is based on the risk’s probability and impact in the risk matrix.

This approach is typically used in quantitative risk analysis because it quantifies the risk exposure.

For example, one risk may cost the project an additional $10,000 if it occurs, but there’s only a 20 percent chance of the event occurring. In its simplest form, the EMV of this individual risk impact is, thus, $2,000.

Question 17

Define:

Exploit

Answer 17

A risk response that takes advantage of the positive risks within a project.

Question 18

Define:

External Risks

Answer 18

These risks are outside of the project, but directly affect it.

For example, legal issues, labor issues, a shift in project priorities, or weather.

“Force majeure” risks call for disaster recovery rather than project management. These are risks caused by earthquakes, tornadoes, floods, civil unrest, and other disasters.

Question 19

Define:

Fishbone Diagram

Answer 19

A root cause diagram.

They are used for analyzing the root causes of risk factors within the project. The goal is to identify and treat the root of the problem, not the symptom.

Question 20

Define:

Force Field Analysis

Answer 20

To analyze forces that encourage or resist change.

Question 21

Define:

Force Majeure

Answer 21

An ‘act of God’ that may have a negative impact on the project.

Examples include fire, hurricanes, tornadoes, and earthquakes.

Question 22

Define:

Green Condition

Answer 22

These risks with a green label are generally fairly low in impact, probability, or both.

Green condition risks are often accepted as their probability and impact is low.

Question 23

Define:

Influence Diagrams

Answer 23

A diagram that charts out a decision problem. It identifies all the elements, variables, decisions, and objectives and also how each factor may influence another.

Question 24

Define:

Integrated Risk Management

Answer 24

This is an organizational approach to managing the overall risk distribution and risk exposure through all of the organization’s activities.

Question 25

# Define: Known Risks

Answer 25

These are project risks you can readily identify.

Question 26

# Define: Low-Priority Risk Watch List

Answer 26

Low-priority risks are identified and assigned to a watch list for periodic monitoring.

Question 27

# Define: Mitigation

Answer 27

A risk response effort to reduce the probability and/or impact of an identified risk in the project.

Question 28

# Define: Monte Carlo Analysis - Risk

Answer 28

This approach examines the possible swings of high and low risks and helps the project manager ask “what-if” questions to identify and create responses for the risks. ## Footnote These are mostly used to address variability risks.

Question 29

# Define: Monte Carlo Technique

Answer 29

A simulation technique that got its name from the casinos of Monte Carlo, Monaco. The simulation is completed using a computer software program that can simulate a project, using values for all possible variables, to predict the most likely model.

Question 30

# Define: Opportunities

Answer 30

These are risks that have a positive impact on project outcomes.

Question 31

# Define: Ordinal Scales

Answer 31

A ranking approach that identifies and ranks the risks from very high to very unlikely or to some other value.

Question 32

# Define: Organizational Risks

Answer 32

The performing organization can contribute to the project’s risks through unreasonable cost, time, and scope expectations; poor project prioritization; inadequate funding or the disruption of funding; and competition with other projects for internal resources.

Question 33

# Define: Periodic Risk Review

Answer 33

This is a regularly scheduled discussion throughout the project to ascertain the level of foreseeable risks, the success of risk responses in the project to date, and a review of pending risks.

Question 34

# Define: PESTLE

Answer 34

A prompt list used for risk identification. PESTLE examines risks in the Political, Economic, Social, Technological, Legal, and Environmental domains.

Question 35

# Define: Probability-Impact Matrix

Answer 35

The matrix maps out the risk, its probability, its possible impact, and a risk score. ## Footnote The risks with higher probability and impact are a more serious threat to the project objectives than risks with lower impact and consequences.

Question 36

# Define: Project Management Risks

Answer 36

These risks deal with faults in the management of the project: the unsuccessful allocation of time, resources, and scheduling; unacceptable work results; and poor project management. ## Footnote For organizations new to agile, the roles and responsibilities of the agile approach may introduce risks as people may feel uncertain about who does what.

Question 37

# List: Project Resilience Characteristics

Answer 37

- Budget and schedule contingency - Flexibility in the project management approach - Defined change management processes - Empowered project team - Frequent risk review for warning signs of emergent risk events - Communication with stakeholders to adjust the project scope or project strategy to address emergent risk events

Question 38

# Define: Project Risk

Answer 38

This is an uncertain event or condition that can have a positive or negative impact on the project.

Question 39

# Define: Pure Risks

Answer 39

These risks have only a negative outcome. ## Footnote Examples include loss of life or limb, fire, theft, natural disasters, and the like.

Question 40

# Define: Qualitative

Answer 40

Descriptive data used for analysis.

Question 41

# Define: Qualitative Analysis

Answer 41

This is a subjective approach to organizing and prioritizing risks. Through a methodical and logical approach, often performed with subject matter experts and historical information, the identified risks are rated according to probability and potential impact.

Question 42

# Define: Qualitative Risk Analysis

Answer 42

Qualitative risk analysis “qualifies” the risks that have been identified in the project. It examines and prioritizes the risks based on their probability of occurring and the impact on the project if the risks do occur. ## Footnote Qualitative risk analysis is a broad approach to ranking risks by priority, which then guides the risk reaction process. The end result of qualitative risk analysis (once risks have been identified and prioritized) can either lead to more in-depth quantitative risk analysis or move directly into risk response planning.

Question 43

# Define: Quantitative Risk Analysis

Answer 43

This approach attempts to numerically assess the probability and impact of the identified risks. It also creates an overall risk score for the project. ## Footnote This method provides a more in-depth analysis than qualitative risk analysis and relies on several different tools to accomplish its goal. The development team can help the project facilitator or risk expert better understand the risks and the effect the risks may have on the project’s value.

Question 44

# List: Quantitative Risk Analysis Goals

Answer 44

- Quantify the cost and impact of the risk exposure. - Ascertain the likelihood of reaching project success. - Ascertain the likelihood of reaching a particular project objective. - Determine the risk exposure for the project. - Determine the likely amount of the contingency reserve needed for the project. - Determine the risks with the largest impact on the project. - Determine realistic time, cost, and scope targets.

Question 45

# Define: Red Condition

Answer 45

These are risk scores that are high in impact and probability.

Question 46

# Define: Residual RIsks

Answer 46

Risks that are expected to remain after a risk response.

Question 47

# Define: Risk

Answer 47

An uncertain event or condition that can have a positive or negative impact on the project.

Question 48

# Define: Risk Appetite

Answer 48

This refers to how much risk you’ll accept in relation to the reward the risk may bring.

Question 49

# Define: Risk Avoidance

Answer 49

This is simply adapting measures to avoid perceived risk.

Question 50

# Define: Risk Breakdown Structure | (RBS)

Answer 50

This is an ideal way to visualize where project risks are lurking in each phase or within the project as a whole.

Question 51

# Define: Risk Burn Down

Answer 51

A chart that shows the overall project risk and the effectiveness of risk management and responses through a timeline. ## Footnote As a risk event happens, is mitigated, or avoided the overall risk score diminishes overtime.

Question 52

# Define: Risk Identification

Answer 52

The systematic process of combing through the project, the project plan, the work breakdown structure, and all supporting documentation to identify as many risks that may affect the project as possible.

Question 53

# Define: Risk Impact

Answer 53

To analyze the consequences of the risk if they occur based on their probability.

Question 54

# Define: Risk Management Budget

Answer 54

This section of the risk management plan defines a cost estimate for the resources needed to complete risk management. These costs are rolled into the project’s cost baseline. ## Footnote A project with high priority and no budget allotment for risk management activities may face uncertain times ahead.

Question 55

# Define: Risk Management Methodology

Answer 55

The methodology is concerned with how the risk management processes will take place. ## Footnote It asks the following: * What is needed in the risk management plan? * What risk responses are appropriate? * What type and depth of analysis will take place? * What is the contingency reserve? * Who will create and maintain the risk register? * How much flexibility is available for the project given the conditions, time frame, and project budget?

Question 56

# Define: Risk Management Planning

Answer 56

This refers to how the project management team will complete the risk management activities within the project. ## Footnote Risk management activities are planning, risk identification, qualitative and quantitative analysis, risk response planning, and monitoring the risk events and outcomes.

Question 57

# Define: Risk Management Schedule

Answer 57

This is a schedule to determine how often, and when, risk management activities should happen throughout the project's risk management process. ## Footnote If risk management happens too late in the project, the project could be delayed because of the time needed to identify, assess, and respond to the risks. A realistic schedule should be developed early in the project to accommodate risks, risk analysis, and risk reaction.

Question 58

# Define: Risk Mitigation

Answer 58

Mitigating risks is an effort to reduce the probability and/or impact of an identified risk in the project. Mitigation is done based on the logic before the risk happens.

Question 59

# Define: Risk Monitoring and Control

Answer 59

This is the process of monitoring identified risks for signs that they may be occurring, controlling identified risks with the agreed-upon responses, and looking for new risks that may creep into the project. ## Footnote Risk monitoring also is concerned with the documentation of the success or failure of risk response plans and keeping records of metrics that signal risks are occurring or disappearing from the project.

Question 60

# Define: Risk Owners

Answer 60

The individuals or entities that are responsible for monitoring and responding to an identified risk within the project.

Question 61

# Define: Risk Probability

Answer 61

The likelihood that the risk will occur.

Question 62

# Define: Risk Register

Answer 62

A document that identifies the risk event, its probability, impact, and risk score. ## Footnote The risk register identifies the approved risk response, any risk triggers, a risk owner, and the final outcome of each identified risk.

Question 63

# Define: Risk Report

Answer 63

Explains the overall project risks and provides summaries about the individual project risks. ## Footnote The risk report is updated with any changes to the summary on the individual risks and the overall risk ranking of the project.

Question 64

# Define: Risk Response Audit

Answer 64

An audit to test the validity of the established risk responses. ## Footnote This examines the planned risk responses, how well the planned actions work, and the effectiveness of the risk owners in implementing the risk responses. The audits happen throughout the project to measure the effectiveness of mitigating, transferring, and avoiding risks.

Question 65

# Define: Risk Response Planning

Answer 65

This focuses on how to decrease the possibility of risks adversely affecting the project’s objectives and how to increase the likelihood of positive risks that can aid the project. ## Footnote Risk response planning assigns responsibilities to people and groups close to the risk event. Risks will increase or decrease based on the effectiveness of risk response planning.

Question 66

# Define: Risk Responsibilities

Answer 66

The level of ownership an individual or entity has over a project risk.

Question 67

# Define: Risk Roles and Responsibilities

Answer 67

The roles and responsibilities identify the groups and individuals who will participate in the leadership and support of each of the risk management activities within the project plan. ## Footnote In some instances, risk management teams outside of the project team may have a more realistic, unbiased approach to risk identification, impact, and overall risk management needs than the actual project team does.

Question 68

# Define: Risk Score

Answer 68

The calculated score based on each risk’s probability and impact. ## Footnote The approach can be used in both qualitative and quantitative risk analysis.

Question 69

# Define: Risk Severity

Answer 69

How much the risk’s consequences will influence the success or failure of a project. ## Footnote Risk Probability (%) x Risk Impact ($) = Risk Severity

Question 70

# Define: Risk Tolerance

Answer 70

This is the amount of risk you’ll take on, in relation to the impact the risk event may bring. ## Footnote Also known as the risk appetite.

Question 71

# Define: Risk Transfer

Answer 71

Transference is the process of transferring the risk (and the ownership of the risk) to a third party. ## Footnote The risk doesn’t disappear, it just becomes someone else’s problem. Transference of a risk usually costs a premium for the third party to own and manage.

Question 72

# Define: Risk Workshop

Answer 72

A longer brainstorming meeting to help identify project risks.

Question 73

# Define: Risk-Averse

Answer 73

This refers to a project manager with a low-risk tolerance.

Question 74

# Define: Risk-Based Spike

Answer 74

This spike helps the team remove major risks, and if the spike fails every approach possible, the project is defined as “fast failure”.

Question 75

# Define: Risk-Related Contractual Agreements

Answer 75

When the project management team decides to use transference to respond to a risk, a risk-related contractual agreement is created between the buyer and the seller.

Question 76

# Define: Risk-Seeker

Answer 76

This defines a project manager with a high-risk tolerance.

Question 77

# Define: Root Cause Analysis

Answer 77

To investigate beyond the symptoms of the problem and to understand the root cause of the problem. ## Footnote This aims to find out why a risk event may be occurring, the causal factors creating the risk events, and then, eventually, how the events can be mitigated or eliminated.

Question 78

# Define: Secondary Risks

Answer 78

New risks that are created as a result of a risk response.

Question 79

# Define: Sensitivity Analysis

Answer 79

A quantitative risk analysis tool that examines each risk to determine which one has the largest impact on the project’s success. ## Footnote The goal of sensitivity analysis is to determine which individual risks have the greatest impact on the project’s success and then to escalate the risk management processes based on these risk events.

Question 80

# Define: Sharing

Answer 80

A risk response that shares the advantages of a positive risk within a project. ## Footnote When a project team can share the positive risk, ownership of the risk is given to the organization that can best capture its benefits.

Question 81

# Define: SWOT Analysis

Answer 81

The process of examining the project from the perspective of each characteristic: Strengths, Weaknesses, Opportunities, and Threats.

Question 82

# Define: Technical, Quality, or Performance Risks

Answer 82

Technical risks are associated with new, unproven, or complex technologies being used on the project. ## Footnote Changes to the technology during the project implementation can also be a risk. Quality risks are the levels set for expectations of impractical quality and performance. Changes to industry standards during the project can also be lumped into this category of risks.

Question 83

# Define: TECOP

Answer 83

A prompt list used in risk identification to examine the Technical, Environmental, Commercial, Operational, and Political factors of the project.

Question 84

# Define: Tornado Diagram

Answer 84

This is used when completing sensitivity analysis, as it maps out all the variables in a situation from largest to smallest impact on the project or situation.

Question 85

# Define: Transference

Answer 85

A risk response that transfers the ownership of the risk to another party. ## Footnote Insurance, licensed contractors, or other project teams are good examples of transference. A fee and contractual relationships are typically involved with the transference of a risk.

Question 86

# Define: Triggers

Answer 86

These are warning signs or symptoms that a risk has occurred or is about to occur. ## Footnote For example, should a vendor fail to complete her portion of the project as scheduled, the project completion may be delayed.

Question 87

# Define: Unknowable Unknowns

Answer 87

They are risks you won't know until they happen and they are difficult to plan for. ## Footnote Imagine a construction project that unearths a bunch of dinosaur bones. The discovery is a great find for archeologists, but it stops the construction project, delays progress, and can have huge financial impact for the company paying for the project.

Question 88

# Define: Utility Function

Answer 88

This refers to a project manager's willingness to accept risk.

Question 89

# Define: Variability Risks

Answer 89

A type of risk based on the variations that may occur in the project, such as production, number of quality errors, or even the weather. ## Footnote For example, production of the project team could go up or down, quality errors could fluctuate from high to low, or weather can be unusual and affect the project.

Question 90

# Define: VUCA

Answer 90

A prompt list used in risk identification that examines the Volatility, Uncertainty, Complexity, and Ambiguity of risk factors within the project.

Question 91

# Define: Weekly Cycle

Answer 91

An iteration in an XP project to complete the selected items from the product backlog.