Risk Management Flashcards
Uncertainty
Lack of knowledge about an event that reduces confidence in conclusions drawn from the data; the work that needs to be done, the cost, the time etc can be uncertain
Risk averse
Someone who does not want to take risks
Risk factors
Likelihood of the risk occurring
Impact or possible outcomes ( what is at stake )
When it could occur in the project
How often the risk events could occur
Threats and opportunities
Threat - something that can go wrong and negatively impact the project
Opportunity - can have a positive impact on the project; if we provide training to improve efficiency this work package can be done 3 days sooner
Risk appetite
High level description of the acceptable level of risk
Example; the sponsor is willing to accept little risk to the schedule of this project
Risk tolerance
Measurable amount of acceptable risk
Example; so sorry would be willing to accept schedule risk of up to 14 days on this project
A company may have more tolerance for cost related risks than for risks that affect customer satisfaction
Risk thresholds
Specific point at which risk becomes unacceptable
Example; the sponsor will not accept a risk of the scheduled being delayed 15 days or longer
Plan risk management
Answers the questions of how much time should be spent on risk management based on the needs of the project and who will be involved and now the team will go about performing risk management
Risk management plan
Methodology - how you will perform risk management
Roles and responsibilities - who will do what
Budget - cost of risk management process
Timing - when to do risk management for the project
Risk categories - standard list of risk categories to ensure areas of risk are not forgotten
Tracking - how the risk process would be audited
Reporting - reports related to risk management and now they will be used
Stakeholder tolerances
Definitions of probability and impact
Risk categories
External - regulatory, environmental, government, market shifts
Internal - time, cost, or scope changes, inexperience, poor planning, people, staffing
Technical - changes in technology
Unforeseeable
Sources of risk ( also risk categories )
Schedule Cost Quality Scope Resources Customer or stakeholder satisfaction
Business risk
Risk of a gain or loss
Pure insurable risk
Risk of loss ( fire, theft, personal injury )
Tools to identify risks
Documentation reviews Information gathering techniques SWOT analysis Checklist analysis Assumption analysis Diagramming techniques
Documentation reviews
What is and is not included in documentation like the charter contracts and planning information can help identify risks; lessons learned
Information gathering techniques
Brainstorming
Delphi technique - technique to achieve consensus among experts who participate anonymously; request is sent responses are compiled and result are sent back until there is a consensus
Interviewing
Root cause analysis - identified risks are reorganized by their root causes to help identify more risks
Strengths weaknesses opportunities and threats ( SWOT ) analysis
Identify project strengths and weaknesses and thereby identify risks
Checklist analysis
Checklist of risk categories and use that to identify specific risks within each category
Assumption analysis
Analysis of assumptions and whether or not they are valid may lead to identifying more risks
Diagramming techniques
Causes and effect diagrams and flow charts that can be used to identify the root causes of issues
Risk register
Is where most of the risk information is kept and is a document for the whole risk management process that will be constantly updated with information
Is the main output of several of the risk management processes
Risk management
You work to increase the probability and impact of opportunities on the project (positive events) while decreasing the probability and impact of threats to the project (negative events)
Risks are identified in initiating and continually kept up to date or added to while the project is underway
Qualitative risk analysis
The probability of each risk occurring and the impact of each risk occurring using a standard scale; and based on subjective evaluation
Compare the risk of the project to the risk of other projects
Determine whether the project should continue or be terminated
Determine whether to proceed to perform quantitative risk analysis or plan risk responses
Probability and impact matrix
Can be used to sort or rate risks to determine which ones warrant an immediate response and which ones should be put on the watch list and results in a consistent evaluation of low medium and high for the project
Risk data quality assessment
How accurate and well understood is this risk information; you assess the accuracy and reliability of the data and determine whether more information is needed to understand the risk before a qualitative assessment can be done
Risk categorization
What will we find if we regroup the risks by categories or by work package; understanding which work packages processes or people have the most risk associate with them
Risk urgency assessment
Noting risks that should move more quickly through the process ; risk may occur soon or will require a long time to plan a response
Perform quantitative risk analysis
Involves numerically analyzing the probability and impact of risks; is not always required for all projects
Example the risk in qualitative risk analysis might be a 5 and is stated as a $40,000 impact in quantitative analysis
Sensitivity analysis
Technique used to compare the potential impacts of risks identified using a tornado diagram; risks are represented with horizontal bars the longest bars represent greater risk and progressively shorter bars represent lower risk.
Expected monetary value analysis
EMV = P x I
Calculating the expected monetary value to determine overall ranking of risks
Monte Carlo analysis
Uses network diagram and estimates to perform the project many times and to simulate the cost of schedule results of the project
Usually done with a computer based program
Evaluates the overall risk in the project
Determines the probability of completing the project on any specific day or for any specific cost
Determines the probability of any activity actually being on the critical path
Takes into account path convergence
Translates uncertainties into impacts to the total project
Can be used to assess cost and schedule impact
Results in a probability distribution
Decision tree
Takes into account future events in making a decision today
Calculates the expected monetary value in more complex situations
It involves mutual exclusivity
Plan risk response
Do something the eliminate the threats before they happen
Do something to make sure the opportunities happen
Decrease the probability and or impact of threats
Increase the probability and or impact of opportunities
For residual risks / threats
Do something if the risk happens (contingency plans)
Do something if contingency plans are not effective (fallback plan)
Risk response strategies ( threats )
Avoid - eliminate the threat by eliminating the cause such as removing the work package or person
Mitigate - reduce the probability and impact of a threat by making it smaller in risk and possibility removing it from the list of top risks
Transfer - make another party responsible for the risk by purchasing insurance performance bonds warranties or guarantees by outsourcing the work
Avoidance and mitigation are used for high priory high impact risks
Transference and acceptance are used for low priority low impact risks
Risk response strategies (opportunities)
Exploit - add work or change the project to make sure the opportunity occurs
Enhance - increase the likelihood and or positive impacts of the risk event
Share - allocate ownership or partial ownership of the opportunity to a third party
Risk response strategies (threats and opportunities)
Accept - do nothing; may involve the creation of contingency plans and must be communicated to stakeholders; acknowledge the risk but not take any action
Active acceptance - establish a contingency reserve
Passive acceptance - no action but to document the strategy
Workarounds
Unplanned responses to deal with the occurrence of an unanticipated event or problems on a project
Risk reassessments
Periodically review the risk management plan and risk register and adjust the documentation as required
Risk audits
Assess the overall process of risk management on the project as well as the effectiveness of specific risk responses that have been implemented
Reserve analysis
Checking to see how much reserve remains and how much might be needed
Contingency reserves may only be used to handle the impact of the specific risk it was set aside for.
Closing of risks
Allows the team to focus on managing risks the are still open and will result in the associated risk reserve being returned to the company
Residual risks
Risks that remain after risk response planning
Contingency plan
Plans describing the specific actions that will be taken if the opportunity or threat occurs
Fallback plans
Actions that will be taken if the contingency plans are not effective
Risk triggers
Events that trigger the contingency response
Reserves
Reserves for time and cost
Contingency reserve - known unknowns; identified in risk management
Management reserves - Unknown known; items you did not or could not identify in risk management
Secondary risks
Any new risk created by the implementation of selected risk responses should also be analyzed as part of risk response planning.