Risk Management Flashcards
project risk management
includes processes regarding the planning, execution, and monitoring and controlling of risk. this includes identifying, analyzing, planning a response, and monitoring positive or negative uncertainties of the project.
project risk management
- processes
- plan risk management (planning)
- identify risks (planning)
- perform qualitative risk analysis (planning)
- plan risk responses (planning)
- implement risk response (executing)
- monitor risks (monitoring and controlling)
plan risk management
the process of deciding how potential risks will be identified, analyzed, mitigated, and responded to. it is the process to create the risk management plan.
plan risk management
- key outputs
- risk management plan
stakeholder register
a list of identified stakeholders and details about each such as interest, involvement, and impact
a list of identified stakeholders, an output of the identify stakeholders process, providing insight as to which stakeholders will contribute product and project requirements
stakeholder analysis
can be used to define the high-lebel of context for risk management in the project including the overall risk exposure of the project and stakeholder attitudes for uncertainty (risk)
risk management plan
a subsidiary plan to the project management plan, defining how risk identification, risk analysis, risk response planning, and risk monitoring and control will be performed. this should include:
- methodology
- roles and responsibilities
- budgeting
- timing
- risk categories
- risk probability and impact
- definitions
- probability and impact matrix
- stakeholder tolerances
- reporting formats
- tracking
identify risks
the iterative process of assessing what risks the project may be susceptible to. the project manager, team members, or even outside consultants may participate in this process
identify risks
- key tools and techniques
- data gathering
- brainstorming
- checklists
- interviews
- data analysis
- root cause analysis
- assumption and constraint analysis
- SWOT analysis
- document analysis
- interpersonal and team skills
- facilitation
- prompt lists
identify risks
- key outputs
- risk register
- risk report
brainstorming
involves team discussion to identify individual project risks
Delphi technique
an anonymous survey of subject matter experts used to reveal unbiased opinions about important project topics
root cause analysis
a technique to identify problems and the underlying causes for each to better develop a solution
a technique used to discover the underlying reasons for defects. finding common cases may help to streamline resolution
assumption and constraint analysis
the review of assumptions that have been made on the project for the purpose of exposing potential risks
SWOT analysis
examines strengths, weaknesses, opportunities, and threats to create a list of risks that considers all perspectives
document analysis
may lead to the discovery of potential risks by looking for incomplete, incorrect, or inconsistent information
prompt lists
common risks or risk categories that can help to guide brainstorming. acronyms like PESTLE (political, economic, social, technological, legal, environmental) can help guide risk discovery
risk register
begins simply as a list of identified risks. as the other risk management processes are performed, the risk register is updated to include a list of potential responses, root causes of risk, and updates to risk categories
risk report
complements the risk register by describing the sources of overall project risk, key drivers, and a summary of metrics on the risk register.
perform qualitative risk analysis
the process of prioritizing risks by subjectively evaluating probability of occurrences, impacts to time, cost, scope, and quality. the sole output is updates to the risk register
qualitative analysis focuses on understanding the relative importance of one risk against another by creating a priority or severity ranking based on subjective understanding
perform qualitative risk analysis
- key inputs
- project management plan
- risk management plan
- project documents
- assumption log
- risk register
- stakeholder register
perform qualitative risk analysis
- key tools and techniques
- data analysis
- risk data quality assessment
- risk probability and impact assessment
- assessment of other risk parameters
- data representation
- probability and impact matrix
- hierarchical charts
perform qualitative risk analysis
- key outputs
- project documents updates
- assumptions log
- issue log
- risk register
- risk report
risk data quality assessment
a technique to determine if current information on risk is thorough enough to provide value to risk management or if more information gathering needs to be performed
risk probability and impact assessment
the technique of evaluating all identified risks to subjectively give each a ranking or a score for the likelihood of occurrence and the level of threat or opportunity
assessment of other risk parameters
such as urgency or proximity. for example, a risk may be relatively low in probability and impact but have high urgency because its occurrence would likely be soon. in contrast, a risk could be high in probability and impact, but have low urgency because it would not happen for over a year
risk categorization
the technique of sorting risks by risk area, project area or another area to help identify particular portions of the project that are subject to risk
probability and impact matrix
the technique of creating a graphical representation of the cores generated from the probability and impact assessment. these are typically color-coded for easier reading.
project document updates
can include many different project documents, but most importantly are updates to the risk register to describe the ranking of risks using subjective qualitative scores. a qualitative ranking can be descriptive (low, med, high) or numerical (1-10)
perform quantitative risk analysis
the process of using the updates to the risk register from the qualitative risk analysis to assign a cost or time value to each risk. the sole output of the process is updates to the risk register. quantitative analysis focuses on evaluating or measuring risk in dollars or sometimes days.
perform quantitative risk analysis
- key inputs
- project management plan
- risk management plan
- scope baseline
- schedule baseline
- cost baseline
perform quantative risk analysis
- key tools and techniques
- representations of uncertainty
- data analysis
- simulations
- sensitivity analysis
- decision tree analysis
- influence diagrams
perform quantative risk analysis
- key outputs
- project documents updates
- risk report
representations of uncertainty
may include probability distributions (triangular, normal, beta, uniform, or discrete), a way to graphically represent the uncertainty of time or cost data
simulations
use multiple estimated data points to help determine the likely project outcome and distribution of probability for alternative outcomes. one popular simulation technique is known as Monye Carlo analysis
sensitivity analysis
correlates project risks to outcomes. a tornado diagram is a common tool showing highest variability at the top and lowest at the bottom
decision trees
can be used to evaluate risk when the occurrence of a risk even results in multiple possible outcomes. is uses expected monetary value (EMV) to predict the value of each event, which may or may not occur by evaluating its probability and impact.
influence diagrams
depict how one risk or event may influence another. once completed, the result may look like a flowchart showing chains and interrelationships between risk factors
plan risk responses
the process of developing strategies that can minimize the negative effects of threats and maximize the positive effects of opportunities to the project. response strategies should be developed and implemented in a timely and cost-effective manner
this is a proactive process. it focuses on what the project team can do before the risk even actualizes rather than what to do after a risk event actualizes.
plan risk responses
- key tools and techniques
- strategies for threats
- strategies for opportunities
- contingent response strategies
- strategies for overall project risk
plan risk responses
- key outputs
- change requests
mitigate (strategies for threats)
reduce the likelihood of the occurrence or the impact of the risk
avoid (strategies for threats)
change the project management plan so that risk no longer affects the project
transfer (strategies for threats)
to share or completely hand off the ownership of response and negative impact to a third party. one popular method is insurance
accept (strategies for threats)
because the project team may not be able to affect the threat in an affordable way, it must simply be accepted
escalate (strategies for threats)
hand over risk management responsibility to higher levels of an organization when its scope extends beyond that of the project or the PM lacks the authority to respond effectively
enhance (strategies for opportunities)
increase the likelihood of the occurrence of the opportunity
exploit (strategies for opportunities)
create new opportunities that did not previously exist
share (strategies for opportunities)
to share ownership to an individual or group that is best suited to leverage the opportunity, such as a subject matter expert
accept (strategies for opportunities)
because the project team may not be able to affect the opportunity in an affordable way, it must simply be accepted
escalate (strategies for opportunities)
hand over risk management responsibility to higher levels of an organization when its scope extends beyond that of the project or the PM lacks the authority to respond effectively
contingent response strategies
a response plan that is only put into action if a trigger event occurs. a trigger is a potential event monitored as a decision point, typically prior to the risk event occurrence
strategies for overall project risk
include the same strategies used to respond to individual project risk
implement risk response
the process where the risk responses that have been planned are executed
implement risk response
- key outputs
- change requests
monitor risks
the process of proactively monitoring all identified risks, being prepared to identify new risks that may present themselves, and updating the risk management plan as necessary
monitor risks
- key inputs
- work performance data
- work performance reports
monitor risks
- key tools and techniques
- data analysis
- technical performance analysis
- reserve analysis
monitor risks
- key outputs
- work performance information
- change requests
technical performance analysis
a technique to compare actual technological achievement with planned achievement
reserve analysis
a technique to compare remaining cost or time “buffer” with the remaining risks in the project
audits
a technique to document how well risk response has addressed identified risks
reviews of project activities to determine if organizational and project policies, processes, and procedures are being followed.
a structured review of the procurement process. if discrepancies from the agreements are identified they should be brought back to the attention of the buyer and seller’s project managers
Expected monetary value (EMV) formula
= probability * Impact
If it’s a bad impact the value is negative