Risk Management

Question 1

Uncertainty

Answer 1

Lack of knowledge about an event that reduces confidence in conclusions drawn from the data; the work that needs to be done, the cost, the time etc can be uncertain

Question 2

Risk averse

Answer 2

Someone who does not want to take risks

Question 3

Risk factors

Answer 3

Likelihood of the risk occurring
Impact or possible outcomes ( what is at stake )
When it could occur in the project
How often the risk events could occur

Question 4

Threats and opportunities

Answer 4

Threat - something that can go wrong and negatively impact the project

Opportunity - can have a positive impact on the project; if we provide training to improve efficiency this work package can be done 3 days sooner

Question 5

Risk appetite

Answer 5

High level description of the acceptable level of risk

Example; the sponsor is willing to accept little risk to the schedule of this project

Question 6

Risk tolerance

Answer 6

Measurable amount of acceptable risk

Example; so sorry would be willing to accept schedule risk of up to 14 days on this project

A company may have more tolerance for cost related risks than for risks that affect customer satisfaction

Question 7

Risk thresholds

Answer 7

Specific point at which risk becomes unacceptable

Example; the sponsor will not accept a risk of the scheduled being delayed 15 days or longer

Question 8

Plan risk management

Answer 8

Answers the questions of how much time should be spent on risk management based on the needs of the project and who will be involved and now the team will go about performing risk management

Question 9

Risk management plan

Answer 9

Methodology - how you will perform risk management
Roles and responsibilities - who will do what
Budget - cost of risk management process
Timing - when to do risk management for the project
Risk categories - standard list of risk categories to ensure areas of risk are not forgotten
Tracking - how the risk process would be audited
Reporting - reports related to risk management and now they will be used
Stakeholder tolerances
Definitions of probability and impact

Question 10

Risk categories

Answer 10

External - regulatory, environmental, government, market shifts
Internal - time, cost, or scope changes, inexperience, poor planning, people, staffing
Technical - changes in technology
Unforeseeable

Question 11

Sources of risk ( also risk categories )

Answer 11

Schedule 
Cost 
Quality 
Scope 
Resources 
Customer or stakeholder satisfaction

Question 12

Business risk

Answer 12

Risk of a gain or loss

Question 13

Pure insurable risk

Answer 13

Risk of loss ( fire, theft, personal injury )

Question 14

Tools to identify risks

Answer 14

Documentation reviews 
Information gathering techniques 
SWOT analysis 
Checklist analysis 
Assumption analysis 
Diagramming techniques

Question 15

Documentation reviews

Answer 15

What is and is not included in documentation like the charter contracts and planning information can help identify risks; lessons learned

Question 16

Information gathering techniques

Answer 16

Brainstorming
Delphi technique - technique to achieve consensus among experts who participate anonymously; request is sent responses are compiled and result are sent back until there is a consensus
Interviewing
Root cause analysis - identified risks are reorganized by their root causes to help identify more risks

Question 17

Strengths weaknesses opportunities and threats ( SWOT ) analysis

Answer 17

Identify project strengths and weaknesses and thereby identify risks

Question 18

Checklist analysis

Answer 18

Checklist of risk categories and use that to identify specific risks within each category

Question 19

Assumption analysis

Answer 19

Analysis of assumptions and whether or not they are valid may lead to identifying more risks

Question 20

Diagramming techniques

Answer 20

Causes and effect diagrams and flow charts that can be used to identify the root causes of issues

Question 21

Risk register

Answer 21

Is where most of the risk information is kept and is a document for the whole risk management process that will be constantly updated with information

Is the main output of several of the risk management processes

Question 22

Risk management

Answer 22

You work to increase the probability and impact of opportunities on the project (positive events) while decreasing the probability and impact of threats to the project (negative events)

Risks are identified in initiating and continually kept up to date or added to while the project is underway

Question 23

Qualitative risk analysis

Answer 23

The probability of each risk occurring and the impact of each risk occurring using a standard scale; and based on subjective evaluation

Compare the risk of the project to the risk of other projects
Determine whether the project should continue or be terminated
Determine whether to proceed to perform quantitative risk analysis or plan risk responses

Question 24

Probability and impact matrix

Answer 24

Can be used to sort or rate risks to determine which ones warrant an immediate response and which ones should be put on the watch list and results in a consistent evaluation of low medium and high for the project

Question 25

Risk data quality assessment

Answer 25

How accurate and well understood is this risk information; you assess the accuracy and reliability of the data and determine whether more information is needed to understand the risk before a qualitative assessment can be done

Question 26

Risk categorization

Answer 26

What will we find if we regroup the risks by categories or by work package; understanding which work packages processes or people have the most risk associate with them

Question 27

Risk urgency assessment

Answer 27

Noting risks that should move more quickly through the process ; risk may occur soon or will require a long time to plan a response

Question 28

Perform quantitative risk analysis

Answer 28

Involves numerically analyzing the probability and impact of risks; is not always required for all projects

Example the risk in qualitative risk analysis might be a 5 and is stated as a $40,000 impact in quantitative analysis

Question 29

Sensitivity analysis

Answer 29

Technique used to compare the potential impacts of risks identified using a tornado diagram; risks are represented with horizontal bars the longest bars represent greater risk and progressively shorter bars represent lower risk.

Question 30

Expected monetary value analysis

Answer 30

EMV = P x I

Calculating the expected monetary value to determine overall ranking of risks

Question 31

Monte Carlo analysis

Answer 31

Uses network diagram and estimates to perform the project many times and to simulate the cost of schedule results of the project

Usually done with a computer based program
Evaluates the overall risk in the project
Determines the probability of completing the project on any specific day or for any specific cost
Determines the probability of any activity actually being on the critical path
Takes into account path convergence
Translates uncertainties into impacts to the total project
Can be used to assess cost and schedule impact
Results in a probability distribution

Question 32

Decision tree

Answer 32

Takes into account future events in making a decision today
Calculates the expected monetary value in more complex situations

It involves mutual exclusivity

Question 33

Plan risk response

Answer 33

Do something the eliminate the threats before they happen
Do something to make sure the opportunities happen
Decrease the probability and or impact of threats
Increase the probability and or impact of opportunities

For residual risks / threats
Do something if the risk happens (contingency plans)
Do something if contingency plans are not effective (fallback plan)

Question 34

Risk response strategies ( threats )

Answer 34

Avoid - eliminate the threat by eliminating the cause such as removing the work package or person

Mitigate - reduce the probability and impact of a threat by making it smaller in risk and possibility removing it from the list of top risks

Transfer - make another party responsible for the risk by purchasing insurance performance bonds warranties or guarantees by outsourcing the work

Avoidance and mitigation are used for high priory high impact risks
Transference and acceptance are used for low priority low impact risks

Question 35

Risk response strategies (opportunities)

Answer 35

Exploit - add work or change the project to make sure the opportunity occurs

Enhance - increase the likelihood and or positive impacts of the risk event

Share - allocate ownership or partial ownership of the opportunity to a third party

Question 36

Risk response strategies (threats and opportunities)

Answer 36

Accept - do nothing; may involve the creation of contingency plans and must be communicated to stakeholders; acknowledge the risk but not take any action

Active acceptance - establish a contingency reserve
Passive acceptance - no action but to document the strategy

Question 37

Workarounds

Answer 37

Unplanned responses to deal with the occurrence of an unanticipated event or problems on a project

Question 38

Risk reassessments

Answer 38

Periodically review the risk management plan and risk register and adjust the documentation as required

Question 39

Risk audits

Answer 39

Assess the overall process of risk management on the project as well as the effectiveness of specific risk responses that have been implemented

Question 40

Reserve analysis

Answer 40

Checking to see how much reserve remains and how much might be needed

Contingency reserves may only be used to handle the impact of the specific risk it was set aside for.

Question 41

Closing of risks

Answer 41

Allows the team to focus on managing risks the are still open and will result in the associated risk reserve being returned to the company

Question 42

Residual risks

Answer 42

Risks that remain after risk response planning

Question 43

Contingency plan

Answer 43

Plans describing the specific actions that will be taken if the opportunity or threat occurs

Question 44

Fallback plans

Answer 44

Actions that will be taken if the contingency plans are not effective

Question 45

Risk triggers

Answer 45

Events that trigger the contingency response

Question 46

Reserves

Answer 46

Reserves for time and cost

Contingency reserve - known unknowns; identified in risk management

Management reserves - Unknown known; items you did not or could not identify in risk management

Question 47

Secondary risks

Answer 47

Any new risk created by the implementation of selected risk responses should also be analyzed as part of risk response planning.