Risk Management Flashcards
Risk exists at two levels within every project
Each project contains individual risks that can affect the achievement of project objectives. It is also important to consider the riskiness of the overall project, which arises from the combination of individual project risks and other sources of uncertainty.
Individual project risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.
Overall project risk is the effect of uncertainty on the project as a whole, arising from all sources of uncertainty including individual risks, representing the exposure of stakeholders to the implications of variations in project outcome, both positive and negative.
Risk management plan
The risk management plan is a component of the project management plan that describes how risk management activities will be structured and performed.
Risk strategy. Describes the general approach to managing risk on this project.
Methodology. Defines the specific approaches, tools, and data sources that will be used to perform risk management on the project.
Roles and responsibilities. Defines the lead, support, and risk management team members for each type of activity described in the risk management plan, and clarifies their responsibilities.
Funding. Identifies the funds needed to perform activities related to Project Risk Management. Establishes protocols for the application of contingency and management reserves.
Timing. Defines when and how often the Project Risk Management processes will be performed throughout the project life cycle, and establishes risk management activities for inclusion into the project schedule.
Risk categories. Provide a means for grouping individual project risks.
Stakeholder risk appetite. The risk appetites of key stakeholders on the project are recorded in the risk management plan, as they inform the details of the Plan Risk Management process.
Definitions of risk probability and impacts. Definitions of risk probability and impact levels are specific to the project context and reflect the risk appetite and thresholds of the organization and key stakeholders.
Probability and impact matrix. Prioritization rules may be specified by the organization in advance of the project and be included in organizational process assets, or they may be tailored to the specific project.
Reporting formats. Reporting formats define how the outcomes of the Project Risk Management process will be documented, analyzed, and communicated.
Tracking. Tracking documents how risk activities will be recorded and how risk management processes will be audited
Prompt list
A prompt list is a predetermined list of risk categories that might give rise to individual project risks and that could also act as sources of overall project risk. The prompt list can be used as a framework to aid the project team in idea generation when using risk identification techniques. The risk categories in the lowest level of the risk breakdown structure can be used as a prompt list for individual project risks.
SWOT analysis
SWOT analysis. This technique examines the project from each of the strengths, weaknesses, opportunities, and threats (SWOT) perspectives. For risk identification, it is used to increase the breadth of identified risks by including internally generated risks.
Risk register
The risk register captures details of identified individual project risks.
List of identified risks. Each individual project risk is given a unique identifier in the risk register. Identified risks are described in as much detail as required to ensure unambiguous understanding. A structured risk statement may be used to distinguish risks from their cause(s) and their effect(s).
Potential risk owners. Where a potential risk owner has been identified during the Identify Risks process, the risk owner is recorded in the risk register. This will be confirmed during the Perform Qualitative Risk Analysis process.
List of potential risk responses. Where a potential risk response has been identified during the Identify Risks process, it is recorded in the risk register. This will be confirmed during the Plan Risk Responses process
Risk report
The risk report presents information on sources of overall project risk, together with summary information on identified individual project risks.
Sources of overall project risk, indicating which are the most important drivers of overall project risk exposure; and
Summary information on identified individual project risks, such as number of identified threats and opportunities, distribution of risks across risk categories, metrics and trends, etc
Qualitative data analysis
Risk data quality assessment evaluates the degree to which the data about individual project risks is accurate and reliable as a basis for qualitative risk analysis.
Risk probability assessment considers the likelihood that a specific risk will occur. Risk impact assessment considers the potential effect on one or more project objectives such as schedule, cost, quality, or performance.
Assessment of other risk parameters. The project team may consider other characteristics of risk (in addition to probability and impact) when prioritizing individual project risks for further analysis and action
Qualitative data representation
A probability and impact matrix is a grid for mapping the probability of each risk occurrence and its impact on project objectives if that risk occurs. This matrix specifies combinations of probability and impact that allow individual project risks to be divided into priority groups.
Hierarchical charts. Where risks have been categorized using more than two parameters, the probability and impact matrix cannot be used and other graphical representations are required.
Representation of Uncertainty
Quantitative risk analysis requires inputs to a quantitative risk analysis model that reflect individual project risks and other sources of uncertainty.
Where the duration, cost, or resource requirement for a planned activity is uncertain, the range of possible values can be represented in the model as a probability distribution.
Quantitative Data Analysis
Simulation. Quantitative risk analysis uses a model that simulates the combined effects of individual project risks and other sources of uncertainty to evaluate their potential impact on achieving project objectives.
Sensitivity analysis helps to determine which individual project risks or other sources of uncertainty have the most potential impact on project outcomes.
Decision trees are used to support selection of the best of several alternative courses of action.
Influence diagrams are graphical aids to decision making under uncertainty. An influence diagram represents a project or situation within the project as a set of entities, outcomes, and influences, together with the relationships and effects between them.
5 alternative strategies for threats
Escalate. Escalation is appropriate when the project team or the project sponsor agrees that a threat is outside the scope of the project or that the proposed response would exceed the project manager’s authority.
Avoid. Risk avoidance is when the project team acts to eliminate the threat or protect the project from its impact.
Transfer. Transfer involves shifting ownership of a threat to a third party to manage the risk and to bear the impact if the threat occurs.
Mitigate. In risk mitigation, action is taken to reduce the probability of occurrence and/or impact of a threat.
Accept. Risk acceptance acknowledges the existence of a threat, but no proactive action is taken. Acceptance can be either active or passive. The most common active acceptance strategy is to establish a contingency reserve, including amounts of time, money, or resources to handle the threat if it occurs. Passive acceptance involves no proactive action apart from periodic review of the threat to ensure that it does not change significantly.
5 alternative strategies for opportunities
Escalate. This risk response strategy is appropriate when the project team or the project sponsor agrees that an opportunity is outside the scope of the project or that the proposed response would exceed the project manager’s authority.
Exploit. The exploit strategy may be selected for high-priority opportunities where the organization wants to ensure that the opportunity is realized.
Share. Sharing involves transferring ownership of an opportunity to a third party so that it shares some of the benefit if the opportunity occurs.
Enhance. The enhance strategy is used to increase the probability and/or impact of an opportunity.
Accept. Accepting an opportunity acknowledges its existence but no proactive action is taken.
Technical performance analysis
Technical performance analysis compares technical accomplishments during project execution to the schedule of technical achievement. It requires the definition of objective, quantifiable measures of technical performance, which can be used to compare actual results against targets. Such technical performance measures may include weight, transaction times, number of delivered defects, storage capacity, etc.
What should you do with risks that have a low probability and low impact?
These types of risks are generally accepted, but documented in the risk register. You might create a low-level risk watchlist to see if the probability and impact of the risk events change. A change of these risks events may warrant quantitative analysis, but for now they’re generally accepted with a periodic review.
Pure risk and Business risk
A pure risk has no upside - no potential benefits. So someone getting injured during the project work is a pure risk.
Business risk may have an upside, such as a cost-savings, return on investment, or other favorable outcome. Investments in faster equipment to complete the work faster and more accurately is a business risk..
Risk register
The risk register contains the results of the perform qualitative risk analysis, perform quantitative risk analysis, and plan risk response processes.
Expected Monetary Value (EMV)
The end of each branch on a decision tree analysis shows the net effect of the payoffs minus costs. For each decision branch, all effects are added (see shaded areas) to determine the overall Expected Monetary Value (EMV) of the decision.
Monitor Risks process
In order to ensure that the project team and key stakeholders are aware of the current level of risk exposure, project work should be continuously monitored for new, changing, and outdated individual project risks and for changes in the level of overall project risk by applying the Monitor Risks process.
Risk management plan
Risk categories, definitions for risk probability and impacts, and the probability and impact matrix
Qualitative and Quantitative Risk
The Perform Qualitative Risk Analysis is the process of prioritizing individual project risks for further analysis, while the Perform Quantitative Risk Analysis is the process of analyzing the combined effect of identified individual project risks on overall project objectives.
While the Perform Qualitative Risk Analysis is highly recommended for successful risk management, the Perform Quantitative Risk Analysis is not always needed for every project. In the Perform Qualitative Risk Analysis, you look at analyzing individual project risks while in the Perform Quantitative Risk Analysis, you look at numerically analyzing the combined effect of identified individual project risks on overall project objectives
Monte Carlo analysis
The Monte Carlo analysis is a simulation technique, which uses computer software to run thousands of different variations using your estimates or uncertainties. These input values are randomly selected and include probability distributions and probabilistic branches.
Expected Monetary Value (EMV)
EMV is calculated by multiplying probability by the impact. Multiplying the probability percentages by the profit.
EMV only takes into account future risks.
Probability x Profit = EMV
Example:
Vendor 1: 80% probability of success and making a profit of $20,000
Vendor 1 will get a profit of 0.8 * 20,000 = $16,000 EMV
