Risk Management Flashcards
Primary Risk Management Processes
- Plan Risk Management
- Identify Risks
- Perform Qualitative Risk Analysis
- Perform Quantitative Risk Analysis
- Plan Risk Responses
- Control Risks
Known Risks
- have been identified and analyzed
- possible to plan responses
- Knwon risk that cannot be proactively managed should be assigned contingency reserves
Unknown Risks
- cannot be managed proactively
- Should be assigned a management reserve
Risk Appetite
- degree of uncertainty an entity is willing to take on in anticiaption of a reward
Risk Tolerance
- Degree, amount, or volume of risk that an organization or individual will withstand
*
Risk Threshold
- measures along the level of uncertainty ir the level of impact at which a stakeholdr may have a specific interest
- Below the threshold, they will accept the risk
- Above the threshold, they will not tolerate the risk
Risk Management Plan Components
- Methodology
- Roles and Responsibilities
- Budgeting
- Timing
- Risk Categories
- Definitions of risk probability and impact
- Probability and Impact Matrix
- Revised Stakeholder tolerances
- Reporting formats
- Tracking
Risk Information Gathering Techniques
- Brainstorming
- Delphi Technique
- Interviewing
- Root Cause Analysis
Brainstorming
Delphi Technique
- Way to reach a concensus of experts
- Participate anonymously
- Use a quesitionairre to solicit ideasabout important risks
- ideas are consolidated then recirculated to the experts
- Helps to redues bias in the data
Root-Cause Analysis
- USed to identify a problem or to discover the underlying cause that lead to it, and develop preventative action
Risk Diagramming Techniques
- Cause and Effect Diagrams
- System or process flow charts
- influence diagrams
Checklist Analsysis
- Use of a checklist for risks from historical information
- Should not be used in place or proper risk management
- Would likely be used for very repeatable projects and processes
Risk Cause and Effect Diagrams
- Also known as fishbone diagrams
Risk System or process flow charts
- how various elements of a system interrelate and the mechanism of causation
Influence Diagrams
- Graphical representations of situations showing causal influences, time ordering of events, and other relationships aming variables and outcomes
SWOT Analysis
Qualitative Risk Assessment Tools and Techniques
- Risk proabability and Impact Assessment
- Probability and Impact Matrix
- Risk Data Quality Assessment
- Risk Categorization
- Risk Urgency Assessment
Risk probability and impact assessment
- looking at the prbability and impact on each risk
- Think of the traditional risk log
Probability and impact matrix
- Risk rating rules usually pre-defined
- matrix to score each risk based on probability and impact
- Color scales may be used to identify high, medium, low risk based on organizational rules
- Risk Scores help to determine priority of action and response
Risk Data Quality Assessment
- Determining the degree to which riskl data is useful in managing those risks
- For example, do you have adequate information to understand and rsspond to the risk
Risk Categorization
Risk Urgency Assessment
- Considers indicators of priority
- risks requiring near-term responses
Quantitative Risk Analysis
- Risk evaluation based on numerical analysis
- May or may not be possible depdning on data available for the project
- Almost always follows the qualitative analysis process
Qualitative Risk Analysis Techniques
- Data Gathering and Representation Techniques
- Interviewing
- Probability Distributions
- Modeling Techniques
- Sensitivity Analysis
- Expected Monetary Value (EMV) Analysis
- Modeling and Simulation
Data Gathering: Interviwewing
- drawing on historical data
- Estimasting risk based on low, most likely, and high estaimtes
Probability Distributions
- represent uncertsinty in values
- Think bell curve
- Shape of curves may be determined by data or by risk policies
Sensitivity Analysis
- Used to determine which risks have the most potential impact on the project
- Investigates the extent to which uncertainty or each proejct element affects the objecitves when all other uncertain elements are held constant
- Common representation of this is the Tornado Diagram
- Y-Axis contains each type of uncertainty
- X-Axis contains the spread or correlation of the uncertainty at base values
Expected Montetary Value Analysis
- Calculates the average outcome when future includes scenarios that may or may not occur
- Used for analysis under uncertainty
- Opportunities generally expressed as positive values
- Threats usually expressed as negative values
- Requires a risk-neutral assumption (neither risk averse, nor risk seeking)
- Typically uses decision tree analysis
- EMV is calculated by multiplying the value of each posible outcome by its probability of occurence and adding the products together
Modelling and Simulation
- translates the specificed uncertainties into their potential impact on project objectives
- Typically performed using the Monte Carlo technique
Negative (Threat) risk response techniques
- Avoid
- Transfer
- Mitigate
- Accept
Positive (Opportunity) Risk Response Techniques
- Exploit
- Enhance
- Share
- Accept
Avoid
- Negative Risk Repsonse strategy where project team acts to eliminate the threat or protect the team from its impact
- Usually changes the project’s objectives, including changing scope, or to the extreme of shutting down the project
Transfer
- Negative risk response strategy in which the proejct team transfers the impact of the threat to a third party, along with the ownership of the response
- Does not eliminate risk
- Typically includes payment of a risk premium to the owning party (higher rates, etc)
- Contracts might be used to transfer liability
- Reason for companies hiring vendors for example
Mitigate
- Negative risk response sterategy in which the project team acts to minimize the probability of occurance or impact of a risk
- Examples include:
- adopting less complex processes
- conducting more tests
- choosing a more stable supplier
- designing redundancy into a system
Accept
- Negative risk response strategy in which the project team decides to acknowledge the risk and not take any action unless the risk occurs
- Usually used when there is no way to address a risk in any other way
Exploit
- Positive risk response strategy in which the organization wants to ensure that the opportunity is realized
- Esnuring the opportunity definitely happens
Enhance
- Positive risk response strategy used to increase pobabilityand/or positive impacts of an opportunity
- Example: is adding more resources to an activity to finish early
Share
- Positive risk response in allocating some or all of the ownership to a third party that is more capable of capturing the opporunity
- Example might include outsourcing for a specialized task
Accept
- Positive risk strategy in which the team is willing to take advantage of the opportunity if it arises, but does not actively pursue it
Contingent Response Plan
- Risk response plan that will only be executed if certain conditions occur