RISK MGMT

Question 1

2 TYPES OF RISK

Answer 1

Pure Risk and Business Risk

Question 2

3 TYPES OF RISK TOLERANCES

Answer 2

1. Risk-Averse, 2. Risk Seeker, 3. Risk-Neutral

Question 3

4 Strategies for Negative Risks/Threats

Answer 3

Avoid, Transfer, Mitigate, Accept

Question 4

4 STRATEGIES for POSITIVE RISKS/OPPORTUNITIES

Answer 4

Exploitation, Sharing, Enhancement, and Acceptance

Question 5

ACCEPTANCE RISK STRATEGY

Answer 5

tolerate the risk and deal with it if the risk actually occurs. Usually only chosen if no other option is available

Question 6

ANALYZE PROGRAM RISKS

Answer 6

The process of prioritizing risks for action or further anlaysis, documenting incident probability and effect, and assessing the impact of risks on the program and its components

Question 7

ANALYZE RISKS INPUTS (5)

Answer 7

1. Pg Risk Register - What to analyze 2. Pg Mgmt Plan - format and criteria for integrating risk analysis 3. Pg Risk Mgmt Plan - establishes R/R for risk, budgets, risk categories, RBS template, etc 4. Pg Architecture Baseline - Is this new structure? greater risk 5. Lessons Learned Database - history

Question 8

ANALYZE RISKS OUTPUTS (1)

Answer 8

Pg Risk Register Updates - how analysis done, results of analysis

Question 9

ASSUMPTION ANALYSIS

Answer 9

A technique to determine if the program or project assumptions are accurate, consistent, and complete and, if not, the resultant risks to the program or project

Question 10

AVOID RISK STRATEGY

Answer 10

modifying the plan to remove the risk - get rid of the problem

Question 11

BRAINSTORMING

Answer 11

A data-generating technique which includes team members or subject matter experts for the purpose of solving problems, identifying risk, and planning-related activities for programs or projects

Question 12

BUFFER

Answer 12

Compensation in the planning for unknown items that could occur; typically schedule or cost-related; sometimes calles reserve

Question 13

BUSINESS RISK

Answer 13

typically uninsurable - inherent in the process of doing business

Question 14

COMPONENT RISK MGMT PLANS

Answer 14

Risks escalated by component managers are incorporated and merged, then inter-dependent risk factors are identified

Question 15

CONTINGENCY PLAN

Answer 15

pre-established actions that the team executes if a known risk event occurs on the program or project. Contains information such as triggers, effect on schedule, impact on cost, required resources, and status (planned, ready, activated, obsolete)

Question 16

CONTINGENCY RESERVES

Answer 16

For risk events you know can happen on a project (Known Unknowns). reserves that can help mitigate schedule or cost issues (risk), in the case of changes with the scope or quality on the program or project

Question 17

DECISION TREE ANALYSIS

Answer 17

looking at the probability and impact of all potential decisions to determine the potential Expected Monetary Value of the opportunity; helps an organization make decisions based on potential outcome and impact.

Question 18

DELPHI TECHNIQUE

Answer 18

A technique to attain consensus wihtin a group of experts; typically used to gain vision about future direction or development

Question 19

DIAGRAMMING TECHNIQUES

Answer 19

used to help decompose or categorize risks (ishikawa, flowcharts, influence diagrams)

Question 20

ENHANCE RISK STRATEGY

Answer 20

takes steps to improve the size or capacity of the risk event by determining the key variable involved and then maximizing that variable

Question 21

EXPECTED MONETARY VALUE (EMV)

Answer 21

the product of multiplying the monetary value impact and probability of the risk event; helps an organization make decisions based on potential outcome and impact. EMV = %Prob outcome 1 * Result of outcome 1 + % Prob outcome 2 * result of outcome 2

Question 22

EXPLOIT RISK STRATEGY

Answer 22

takes steps to ensure the opportunity will occur

Question 23

FALLBACK PLANS

Answer 23

A type of plan created for risks with a great impact on program or project goals, to be executed if attempts to minimize the risk are not successful

Question 24

ID RISKS INPUTS (7)

Answer 24

1. Pg Scope Doc - lists assumptions or dependencies 2. Pg Risk Mgmt Plan - method for ID risks, tracking, etc 3. Comp Risk Mgmt Plans - ID’d risks from components and approaches 4. Pg Mgmt Plan - How to integrate risks into other areas 5. Pg Governance Structure - mech to monitor 6. Lessons Learned Database - history to ID 7. Pg Stakeholder Mgmt Plan - Risk tolerances and how to influence levels

Question 25

ID RISKS OUTPUTS (2)

Answer 25

1. Pg Risk Register - ID’d risks, descrip, potential effect 2. Root Causes of Risk Updates - what might cause a risk (?)

Question 26

IDENTIFY PROGRAM RISKS

Answer 26

The process of distinguishing risks to the program and recording their traits

Question 27

ISSUE

Answer 27

An unresolved item needing attention or a program or project item causing confusion or disagreement

Question 28

LESSONS LEARNED DATABASE

Answer 28

Contains the knowledge learned during the execution of similar programs, both in-house and public domain; the information is vital to the development of a comprehensive risk management plan

Question 29

M/C PG RISKS INPUTS (7)

Answer 29

1. Pg Risk Mgmt Plan - schedules and resources for M/C risks 2. Pg Risk Register - what to monitor and triggers to what for 3. Contingency Reserves - review for usage rate - High indicates not managing risks well 4. Pg Architecture Baseline - review to examine current risks and see if they are passed or if new ones exist 5. Pg Performance Reports - how we are progressing? are risks prob increasing? 6. Pg Issue Register - Are the Risk Resp Plans effective in resolving issues? 7. Contract Reviews - review for risk levels and if properly address issues with supplier

Question 30

M/C PG RISKS OUTPUTS (4)

Answer 30

1. Preventative Actions - action requests to address risks 2. Pg Risk Register Updates - updates to existing risks and new ID Risks 3. Pg Risk Mgmt Plan Updates - feed improvements needed regarding risk into plan 4. Lessons Learned Updates - for use now and for pg final report

Question 31

MANAGEMENT RESERVES

Answer 31

Money set aside to account for events you cannot forecast happening. (unknown unknowns such as natural disastor)

Question 32

MITIGATE RISK STRATEGY

Answer 32

minimizes the bad characteristics of the risk. Ex: Choosing to do the work internally instead of externally if the risk would be decreased

Question 33

MONITOR AND CONTROL PROGRAM RISKS

Answer 33

The process of tracking and regulating risks, determining new risks, conducting ris response plan activities, and assessing the effectiveness of the risk response plan

Question 34

MONTE CARLO ANALYSIS

Answer 34

A technique to simulate the outcome of a program or project many times to determine the range of possible outcomes and the probability of their occurrence. Often used in scheduling area.

Question 35

PLAN PG RISK MGMT INPUTS (7)

Answer 35

1. Pg Scope (sets scope of risk mgmt)
2. Pg Mgmt Plan (sets how risk is incorporated with other parts of program)
3. Pg Architectural Baseline (sets what made when - assess for risks)
4. Pg Governance Structure - group that will help address risks
5. Resource Plan - what resources will be available)
6. Pg Stakeholder Mgmt Plan - What are the tolerance levels and how they might respond to various risks
7. Lessons Learned Database (historical info)

Question 36

PLAN PG RISK MGMT OUTPUTS (1)

Answer 36

Pg Risk Mgmt Plan

Question 37

PLAN PG RISK RESPONSES INPUTS (3)

Answer 37

1. Pg Risk Register - risks and analysis 2. Component Risk Response Plans - for interactions with each other 3. Pg Risk Mgmt Plan - guide process

Question 38

PLAN PG RISK RESPONSES OUTPUTS (4)

Answer 38

1. Pg Risk Register - add plans, owner, triggers, etc 2. Contingency Reserves - funds needed to cover plans if enacted 3. Contingency Plans - plan to enact if risk occurs 4. Change Requests - proactive plans may affect schedule, budget, resources, quality, etc

Question 39

PLAN PROGRAM RISK MANAGEMENT

Answer 39

The process of defining responses to program opportunities and threats

Question 40

PLAN PROGRAM RISK RESPONSES

Answer 40

the process of determining what risk responses will be used on risk events and who will be responsible for implementing the responses if the risks occur

Question 41

PREVENTIVE ACTION

Answer 41

Documented activities to execute, if needed, that should minimize or eliminate the impact of a negative risk on the program or project

Question 42

PROBABILITY TABLES

Answer 42

Tables which show the probability associated with costs and duration projections on a program/project. Often derived from a Monte Carlo analysis. Note: The greater the cost and duration estimate, the higher the confidence level.

Question 43

PROGRAM ISSUES REGISTER

Answer 43

Comprised of issues; the responses compiled during Plan Program Risk Responses must adequately address those issues

Question 44

PROGRAM RISK MANAGEMENT PLAN

Answer 44

A document that details and describes the plan for managing risk over the life of the program

Question 45

PURE RISK

Answer 45

a risk for which insurance can be purchased, thereby transferring the risk for financial benefit to the party accepting the risk

Question 46

QUANTITATIVE RISK ANALYSIS AND MODELING TECHNIQUES

Answer 46

Monte Carlo simulation, sensitivity analysis, and scenario modeling are done to learn about the characteristics of the risks.

Question 47

RESERVES

Answer 47

Compensation in the planning for unknown items that could occur; typically schedule or cost-related; sometimes calles buffer

Question 48

RESIDUAL RISK

Answer 48

Risk that remains aftere response strategies have been applied

Question 49

RESOURCE PLAN

Answer 49

Developed to establish the resources required to manage the program or conduct program governance

Question 50

RISK

Answer 50

The possibilty of a negative (threat) or positive (opportunity) event

Question 51

RISK & CONTRACTING RELATIONSHIP

Answer 51

If you outsource, you transfer SOME of the risk, but not all. Also, you take on different risks related to contracting.

Question 52

RISK ACCEPTANCE

Answer 52

Opting to accept the impact or consequences of a risk event

Question 53

RISK AUDIT

Answer 53

formal examination of risk-related items done typically at major mielstones. The Pg mgmt team should the review the results and adjust risk mgmt plan accordingly

Question 54

RISK AVERSE

Answer 54

mentality of Risk Avoidance. Seleccting the low risk item or the sure thing often

Question 55

RISK AVOIDANCE

Answer 55

Eliminating a risk of threat, usually by eliminating the cause

Question 56

RISK BREAKDOWN STRUCTURE (RBS)

Answer 56

A decomposition of the risk categorization, and the risks within those categories that could occur on a program or project. Often created via brainstorming type of environmet

Question 57

RISK CATEGORIES (6)

Answer 57

A grouping of types of risk on a program or project. 1. Environmental - external, internal culture, political & stakeholder positions 2. Program Level - Pg Definition, governance, interactions 3. Project Risks - Prj Mgs handle, NOT prg mgr) 4. Operational Level - transfer of results to ops, integration of changes to processes/proc/tools/system 5. Portfolio Level - interaction between progs 6. Benefits Related - collection of benefits risks from proj, but also interaction of those risks

Question 58

RISK DATABASE

Answer 58

a data repository that stores and manipulates information associated with the risk management processes

Question 59

RISK EVENTS

Answer 59

events that may impact the program or project either negatively or positively

Question 60

RISK FACTORS

Answer 60

numbers representing the risk of certain events, the likelihood of their occurring, plus the impact on the program or project if the event does occur.

Question 61

RISK IMPACT

Answer 61

Consequence or amount at stake if something does happen.

Question 62

RISK MGMT PLAN PARTS (11)

Answer 62

1. Approach ? define methods, tools used, data sources 2. R&R - RACI for each activity in risk mgmt. plan 3. Budgeting ? assigns resources, estimate risk mgmt. costs, protocol to apply contingency reserves 4. Timing ? reviews sched and when activities occur 5. Risk Categories ? Simple list or RBS 6. Probability & Impact Matrix 7. Revised Stakeholder Tolerances 8. Reporting Formats ? format, content template 9. Tracking ? Docs how risk activities will be recorded 10. Approval ? map to governance structure 11. Input to Enterprise Pg Risk Mgmt Process

Question 63

RISK MITIGATION

Answer 63

minimizing the impact of a risk event by minimizing the likelihood or probability of its occurrence

Question 64

RISK OWNER

Answer 64

The person who is responsible for implementing the risk response plan if the risk occurs.

Question 65

RISK PROBABILITY

Answer 65

Likelihood that something will happen. The sum of all possible outcomes for a single event totals 100%.

Question 66

RISK PROBABILITY AND IMPACT MATRIX

Answer 66

A tool used to determine where a risk fits on a program or project; the typical rating for is high, medium, or low for probability and impact regarding scope, time, cost, and quality.

Question 67

RISK REGISTER

Answer 67

the documented results of Plan Risk Management which can include the outputs of Perform Qualitative Risk Analysis and Perform Quantitative Risk Analysis, as well as Plan Risk Responses. Contains the following: Risk #, Risk Name, Triggers, Probability of occuring, Impact if occurs, Planned Responses, Risk Owner, Reserve Amount.

Question 68

RISK RESPONSE STRATEGIES (SEE the ATM)

Answer 68

Share, Exploit, Enhance, Avoid, Transfer, Mitigate, Accept for both)

Question 69

RISK REVIEWS

Answer 69

Assess the documented risks for changes in the assessment and the program for any new risks

Question 70

RISK SEEKING

Answer 70

Possessing a higher tolerance than most for risk. Often looking for risk (or at least not afraid). Typically early adopter of new products, or a business/person willing for an “all or nothing” approach to an initiative

Question 71

RISK SYMPTOMS

Answer 71

Characteristics which indicate that a risk event is possibly starting to occur; could also be called risk triggers

Question 72

RISK TOLERANCE

Answer 72

The level of satisfaction from a potential risk payoff; also known as risk utility

Question 73

RISK TRANSFERENCE

Answer 73

Allocating the responsibility for and impact of the risk event to another party

Question 74

RISK-AVERSE

Answer 74

Possessing a low desire or tolerance for risk

Question 75

RISK-NEUTRAL

Answer 75

A middle ground mentality. (between the risk taken and the benefit received). Can shift to seeker or averse under some situations.

Question 76

ROOT CAUSES OF RISK UPDATES

Answer 76

The environments or occurrences that engender identified risks and must be updated as the change

Question 77

SECONDARY RISKS

Answer 77

Risks that result from the execution of a risk response. For example - the risk you take on by choosing to outsource work as a Transfer Risk Strategy

Question 78

SENSITIVITY ANALYSIS

Answer 78

A technique used in risk management that helps show which risks will likely have the most impact on the program or project

Question 79

SHARE RISK STRATEGY

Answer 79

splits the resonsibility and benefit of the risk with a third party to maximize an opportunity

Question 80

STRENGTHS, WEAKNESSES, OPPORTUNITIES, AND THREATS (SWOT) ANALYSIS

Answer 80

A risk analysis technique which considers the strengths of, weaknesses of, opportunities of, and threats to the program or project to facilitate a more knowledgeable risk management analysis

Question 81

THREAT

Answer 81

A negative risk to the program or project

Question 82

TRANSFER RISK STRATEGY

Answer 82

reassign the risk exposure to another party. NOTE: do not remove all risk, just decrease. Also take on others. Ex: hire outside company to do something. Buy insurance.

Question 83

TRIGGER(S)

Answer 83

A signal that a risk event could occur in the near future

Question 84

WORKAROUND

Answer 84

A response to a risk that wasn’t planned or the original plan did not work. Reactive response

Question 85

PLAN PROGRAM RISK MGMT T/T (2)

Answer 85

1. RISK PLANNING METINGS - bring together key team members and experts to plan. NOTE: Key to share results with component managers for truly Integrated Program Risk Mgmt
2. LESSONS LEARNED REVIEWS - review historical info, BUT must use judgment for relevancy