Risk Management

Question 1

Process “Plan Risk Management”

Answer 1

• Goal: define how to conduct risk mangement activities for a project
• Inputs: Project charter, PMplan (all parts), stakeholder reg, EEFs, OPAs
• Tools+Techniques: Expert judgement, stakeholder analysis, meeting
• Outputs: risk mgmt plan

Question 2

Risk Management Plan

Answer 2

• risk strategy (general approach)
• methodology (specific approach, tools, sources)
• roles and responsibilities
• funding (funds need for risk management and protocols for applying contigency and mgmt reserves)
• timing (when to perform risk mgmt)
• risk categories (to group individual risk usually with RBS)
• stakeholder risk appetite
• definitions of risk probability and impact
• probability and impact matrix
• reporting format
• tracking

Question 3

Process “Identify Risks”

Answer 3

• Goal: identify project risks as well as sources for overall project rik, and document their characteristics
• Inputs: Req, schedule, cost, quality, resource and risk mgmt plan; scope, schedule and cost baseline; project docs (assump and issue log, cost and duration estimates, reqs doc, resource reqs, lessons learned and stakeholder reg), agreements, procurement documentation, EEFs, OPAs
• Tools+Techniques: Expert judgment, data gathering (brainstorming, checklists, interviews); data analysis (root cause analysis, assump and constraint analysis, SWOT, document analysis), facilitation, prompt lists, meetings
• Outputs: risk register, risk report, Updates (assumpt log, issue log, lesson learned reg)

Question 4

Process “Perform Qualitative Risk Analysis”

Answer 4

• Goal: prioritize individual project risks for further analysis or action by assessing their probabilty of occurrence and impact
• Inputs: risk mgmt plan, project docs (assump log, risk and stakeholder register), EEFs, OPAs
• Tools+Techniques: Expert judgment, interviews, data analysis (risk data quality assessment, risk probability and impact assessment, assessemnt of other risk parameters), facilitation, risk categorization, data representation (probability and impact matrix, hierarchical charts), meetings
• Outputs: Project documents updates (assumption and issue log, risk register, risk report)

Question 5

Process “Perform Quantitative Risk Analysis”

Answer 5

• Goal: numerically analyze the combined effect of identfied individual risks and other sources of uncertainty on overall project objectives
• Inputs: PMplan (risk mgmt plan; scope, schedule and cost baseline), project docs (assump log, basis of estimates, cost estimates and forecasts, duration estimates, milestone list, resouce reqs, risk register and reports, schedule forecasts), EEFs, OPAs
• Tools+Techniques: Expert judgment, interviews, facilitation, representations of uncertainty, data analysis (simulation, sensitivity and decision tree analysis, influence diagrams)
• Outputs: Risk report

Question 6

Process “Plan Risk Responses”

Answer 6

• Goal: develop options, select strategies and agree to action to address overall risk exposure as well as to treat indiv. project risk
• Inputs: PMplan resource and risk mgmt plan, cost baseline); project documents (lessons learned and stakeholder reg, project schedule, project team assignments, resource calendars, risk register and report) ; EEFs, OPAs
• Tools+Techniques: Expert judgement, interviews, facilitation, strategies for threats/opportunities, contingent response strategies, strategies for overall project risk, data analysis (alt. analysis, cost-benefit-analysis), multicriteria decision making
• Outputs: CRs, Project mgmt updates (schedule, cost, quality, resource and procurement mgmt plan; scope, schedule and cost baseline), project docs updates (assump log, cost forecasts, lessons learned reg, project schedule, project team assignments, risk report and register)

Question 7

Risk Register (on completion of risk identification)

Answer 7

captures details of identified individual risks and includes

• list of risks with ID and description
• potential risk owners
• list of potential risk resonses

Question 8

Risk Register (on completion of qualitative risk analysis)

Answer 8

• assessments of probability and impacts
• priority level or risk score
• nominated risk owners
• risk urgency or risk categorization
• watch list for low-priority risk or risk that need further analysis

Question 9

Risk Report (on completion of risk identification)

Answer 9

presents information on sources of overall project risk and a summary information on identified individual project risks

Question 10

Process “Implement Risk Responses”

Answer 10

• Goal: implement agreed-upon risk response plans
• Inputs: Risk mgmt plan, project docs (lessons learned reg, risk reg and report); OPAs
• Tools+Techniques: Expert judgment, Influencing (interpers.), PMIS
• Outputs: CRs, Porject docs updates (issue log, lessons learned reg., project team assignments, risk reg and report)

Question 11

Process “Monitor Risks”

Answer 11

• Goal: monitor implementation of agree-upon risk response plans, track identified risks, identify and analyze new risk, and evaluate risk process effectiveness
• Inputs: Risk mgmt plan, project docs (issue log, lessons learned reg, risk reg and report), work performance data and reports
• Tools+Techniques: data analysis (technical performance analysis, reserve analysis), audits, meetings
• Outputs: work performance info, CRs, PMplan updates (all parts), Project docs updates (assump and issue log, lessons learned reg, risk reg and report), OPAs

Question 12

Risk data quality assessment

Answer 12

• evaluates the degree to which the data about individual project risks is accurate and reliable as a basis for qualitative risk analysis
• may be assessed via a questionnaire measure stakeholder’s perception of completeness, objectivity, relevancy and timeliness

Question 13

Assessment of other risk parameters

Answer 13

• urgency: time within a response has to implemented to be effective
• proximity: time before the risk might have an impact on project objectives
• dormancy: time that may elapse before the impact of an occured risk is discovered
• manageability: ease with which the risk owner can manage occurence or impact
• controllability: degree to which the risk owner is able to control the outcome
• detectability: ease with which the results of risk occuring can be detected ad recognized
• connectivity: extent to which risk is related to other individual risks
• strategic impact
• propinquity: degree to which a risk is perceived to matter by stakeholders

-> data analysis technique that is only used in ‘Perform Qualitative Risk Analysis’

Question 14

Risk categorization (tools+techniques)

Answer 14

projects can be categorized by sources of risk (e.g. using RBS) or area affected (e.g. using WBS) or other useful categories like project phase or roles and responsibilities

Question 15

Monte Carlo analysis/simulation

Answer 15

• evaluates overall risk in the project
• determines the probability of completing the project on any specific day or for any specific cost
• determines the probability of any activity actually being on the critical path
• translates uncertainties into impacts to the total project
• can be used to assess cost and schedule impacts
• results in probability distribution
• data analysis technique that is only used in ‘Perform Quantitative Risk Analysis’ and ‘Develop Schedule’

Question 16

Sensitivity analysis

Answer 16

• data analysis technique used in “Perform Quantitative Risk Analysis”
• used to determine which individual project risks or other sources of uncertainty have the most impact on project outcomes, by correlating variations in project outcomes with variations in elements of a quantitative risk analysis model
• data analysis technique that is only used in ‘Perform Quantitative Risk Analysis’

Question 17

Decision tree analysis

Answer 17

• takes into account future events in making a decision today
• calculates the expected value to evaluate the costs and benefits of options to determine the best one
• it involves mutual exclusivity
• data analysis technique that is only used in ‘Perform Quantitative Risk Analysis’

Question 18

Influence diagram

Answer 18

• graphical aids to decision making under uncertainty
• represents a project or situation within the project as a set of entities, outcomes and influences together with relationships and effects between them
• influence diagram is evaluated using simulation techniques like MC analysis
• outputs are S-curves or tornado diagrams for instance
• data analysis technique that is only used in ‘Perform Quantitative Risk Analysis’

Question 19

Risk Report (on completion of qualitative risk analysis)

Answer 19

updated to reflect most important individual risks (usually high prob and impact) as well as a prioritized list of all identified risks and a summary conclusion

Question 20

Risk Report (on completion of quantitative risk analysis)

Answer 20

updated on completion of quantitative risk analysis to reflect:

• overall project risk exposure - two key measurements: chances of project success (to meet project objectives) and degree of variability/range of possible project outcomes
• detailed probabilistic analysis such as S-curves, tornado diagrams or criticality analysis. may also include amount of contingency reserve needed; individual project risks that have the greatest effect on critical path; major drivers for overall project risk
• prioritized list of individual project risks
• trends in quantitative risk analysis results
• recommended risk responses

Question 21

Response strategies for opportunities

Answer 21

• exploit (opposite of avoid): add work or change to the project
• enhance (opposite of mitigate): increase likelihood and/or impact
• share: allocate (partial) ownership of the individual or overall project opportunity to 3rd party (forming a partnership, team, joint venture) that is best able to achieve the opportunity

Question 22

Response strategies for threats and opportunities

Answer 22

• Escalate: a threat or opportunity should be escalated if it is outside the scope of the project or the project manager’s authority (will typically be managed by program or portfolio)
• Accept: involves creating contingency plans to be implemented if the risk occurs and allocating time and cost reserves to the project

Question 23

Technical performance analysis

Answer 23

• compares technical accomplishments during project execution to the schedule of technical achievement
• requires the definition of objective, quantifiable measures of technical performance
• may include weight, transaction times, #of defects, storage capacit, etc.

Question 24

Risk audit

Answer 24

• performed during ‘Monitor Risks’
• used to consider the effectiveness of the risk mgmt process
• defined/documented in risk mgmt plan

Question 25

Risk review

Answer 25

• performed during ‘Monitor Risks’
• scheduled regularly and should examine and document the effectiveness of risk responses in dealing with risks
• may result inidentification of new risks, reassessment of current risks, the closing of risks, lessons learned and issues

Question 26

Prompt list

Answer 26

The prompt list is a predetermined list of risk categories that are at the lowest level of the risk breakdown structure which is used to assist in identifying risks of the projects.