RISK MGMT Flashcards
2 TYPES OF RISK
Pure Risk and Business Risk
3 TYPES OF RISK TOLERANCES
- Risk-Averse, 2. Risk Seeker, 3. Risk-Neutral
4 Strategies for Negative Risks/Threats
Avoid, Transfer, Mitigate, Accept
4 STRATEGIES for POSITIVE RISKS/OPPORTUNITIES
Exploitation, Sharing, Enhancement, and Acceptance
ACCEPTANCE RISK STRATEGY
tolerate the risk and deal with it if the risk actually occurs. Usually only chosen if no other option is available
ANALYZE PROGRAM RISKS
The process of prioritizing risks for action or further anlaysis, documenting incident probability and effect, and assessing the impact of risks on the program and its components
ANALYZE RISKS INPUTS (5)
- Pg Risk Register - What to analyze 2. Pg Mgmt Plan - format and criteria for integrating risk analysis 3. Pg Risk Mgmt Plan - establishes R/R for risk, budgets, risk categories, RBS template, etc 4. Pg Architecture Baseline - Is this new structure? greater risk 5. Lessons Learned Database - history
ANALYZE RISKS OUTPUTS (1)
Pg Risk Register Updates - how analysis done, results of analysis
ASSUMPTION ANALYSIS
A technique to determine if the program or project assumptions are accurate, consistent, and complete and, if not, the resultant risks to the program or project
AVOID RISK STRATEGY
modifying the plan to remove the risk - get rid of the problem
BRAINSTORMING
A data-generating technique which includes team members or subject matter experts for the purpose of solving problems, identifying risk, and planning-related activities for programs or projects
BUFFER
Compensation in the planning for unknown items that could occur; typically schedule or cost-related; sometimes calles reserve
BUSINESS RISK
typically uninsurable - inherent in the process of doing business
COMPONENT RISK MGMT PLANS
Risks escalated by component managers are incorporated and merged, then inter-dependent risk factors are identified
CONTINGENCY PLAN
pre-established actions that the team executes if a known risk event occurs on the program or project. Contains information such as triggers, effect on schedule, impact on cost, required resources, and status (planned, ready, activated, obsolete)
CONTINGENCY RESERVES
For risk events you know can happen on a project (Known Unknowns). reserves that can help mitigate schedule or cost issues (risk), in the case of changes with the scope or quality on the program or project
DECISION TREE ANALYSIS
looking at the probability and impact of all potential decisions to determine the potential Expected Monetary Value of the opportunity; helps an organization make decisions based on potential outcome and impact.
DELPHI TECHNIQUE
A technique to attain consensus wihtin a group of experts; typically used to gain vision about future direction or development
DIAGRAMMING TECHNIQUES
used to help decompose or categorize risks (ishikawa, flowcharts, influence diagrams)
ENHANCE RISK STRATEGY
takes steps to improve the size or capacity of the risk event by determining the key variable involved and then maximizing that variable
EXPECTED MONETARY VALUE (EMV)
the product of multiplying the monetary value impact and probability of the risk event; helps an organization make decisions based on potential outcome and impact. EMV = %Prob outcome 1 * Result of outcome 1 + % Prob outcome 2 * result of outcome 2
EXPLOIT RISK STRATEGY
takes steps to ensure the opportunity will occur
FALLBACK PLANS
A type of plan created for risks with a great impact on program or project goals, to be executed if attempts to minimize the risk are not successful
ID RISKS INPUTS (7)
- Pg Scope Doc - lists assumptions or dependencies 2. Pg Risk Mgmt Plan - method for ID risks, tracking, etc 3. Comp Risk Mgmt Plans - ID’d risks from components and approaches 4. Pg Mgmt Plan - How to integrate risks into other areas 5. Pg Governance Structure - mech to monitor 6. Lessons Learned Database - history to ID 7. Pg Stakeholder Mgmt Plan - Risk tolerances and how to influence levels
ID RISKS OUTPUTS (2)
- Pg Risk Register - ID’d risks, descrip, potential effect 2. Root Causes of Risk Updates - what might cause a risk (?)
IDENTIFY PROGRAM RISKS
The process of distinguishing risks to the program and recording their traits
ISSUE
An unresolved item needing attention or a program or project item causing confusion or disagreement
LESSONS LEARNED DATABASE
Contains the knowledge learned during the execution of similar programs, both in-house and public domain; the information is vital to the development of a comprehensive risk management plan
M/C PG RISKS INPUTS (7)
- Pg Risk Mgmt Plan - schedules and resources for M/C risks 2. Pg Risk Register - what to monitor and triggers to what for 3. Contingency Reserves - review for usage rate - High indicates not managing risks well 4. Pg Architecture Baseline - review to examine current risks and see if they are passed or if new ones exist 5. Pg Performance Reports - how we are progressing? are risks prob increasing? 6. Pg Issue Register - Are the Risk Resp Plans effective in resolving issues? 7. Contract Reviews - review for risk levels and if properly address issues with supplier
M/C PG RISKS OUTPUTS (4)
- Preventative Actions - action requests to address risks 2. Pg Risk Register Updates - updates to existing risks and new ID Risks 3. Pg Risk Mgmt Plan Updates - feed improvements needed regarding risk into plan 4. Lessons Learned Updates - for use now and for pg final report
MANAGEMENT RESERVES
Money set aside to account for events you cannot forecast happening. (unknown unknowns such as natural disastor)
MITIGATE RISK STRATEGY
minimizes the bad characteristics of the risk. Ex: Choosing to do the work internally instead of externally if the risk would be decreased
MONITOR AND CONTROL PROGRAM RISKS
The process of tracking and regulating risks, determining new risks, conducting ris response plan activities, and assessing the effectiveness of the risk response plan
MONTE CARLO ANALYSIS
A technique to simulate the outcome of a program or project many times to determine the range of possible outcomes and the probability of their occurrence. Often used in scheduling area.
PLAN PG RISK MGMT INPUTS (7)
- Pg Scope (sets scope of risk mgmt)
- Pg Mgmt Plan (sets how risk is incorporated with other parts of program)
- Pg Architectural Baseline (sets what made when - assess for risks)
- Pg Governance Structure - group that will help address risks
- Resource Plan - what resources will be available)
- Pg Stakeholder Mgmt Plan - What are the tolerance levels and how they might respond to various risks
- Lessons Learned Database (historical info)
PLAN PG RISK MGMT OUTPUTS (1)
Pg Risk Mgmt Plan
PLAN PG RISK RESPONSES INPUTS (3)
- Pg Risk Register - risks and analysis 2. Component Risk Response Plans - for interactions with each other 3. Pg Risk Mgmt Plan - guide process
PLAN PG RISK RESPONSES OUTPUTS (4)
- Pg Risk Register - add plans, owner, triggers, etc 2. Contingency Reserves - funds needed to cover plans if enacted 3. Contingency Plans - plan to enact if risk occurs 4. Change Requests - proactive plans may affect schedule, budget, resources, quality, etc
PLAN PROGRAM RISK MANAGEMENT
The process of defining responses to program opportunities and threats
PLAN PROGRAM RISK RESPONSES
the process of determining what risk responses will be used on risk events and who will be responsible for implementing the responses if the risks occur
PREVENTIVE ACTION
Documented activities to execute, if needed, that should minimize or eliminate the impact of a negative risk on the program or project
PROBABILITY TABLES
Tables which show the probability associated with costs and duration projections on a program/project. Often derived from a Monte Carlo analysis. Note: The greater the cost and duration estimate, the higher the confidence level.
PROGRAM ISSUES REGISTER
Comprised of issues; the responses compiled during Plan Program Risk Responses must adequately address those issues
PROGRAM RISK MANAGEMENT PLAN
A document that details and describes the plan for managing risk over the life of the program
PURE RISK
a risk for which insurance can be purchased, thereby transferring the risk for financial benefit to the party accepting the risk
QUANTITATIVE RISK ANALYSIS AND MODELING TECHNIQUES
Monte Carlo simulation, sensitivity analysis, and scenario modeling are done to learn about the characteristics of the risks.
RESERVES
Compensation in the planning for unknown items that could occur; typically schedule or cost-related; sometimes calles buffer
RESIDUAL RISK
Risk that remains aftere response strategies have been applied
RESOURCE PLAN
Developed to establish the resources required to manage the program or conduct program governance
RISK
The possibilty of a negative (threat) or positive (opportunity) event
RISK & CONTRACTING RELATIONSHIP
If you outsource, you transfer SOME of the risk, but not all. Also, you take on different risks related to contracting.
RISK ACCEPTANCE
Opting to accept the impact or consequences of a risk event
RISK AUDIT
formal examination of risk-related items done typically at major mielstones. The Pg mgmt team should the review the results and adjust risk mgmt plan accordingly
RISK AVERSE
mentality of Risk Avoidance. Seleccting the low risk item or the sure thing often
RISK AVOIDANCE
Eliminating a risk of threat, usually by eliminating the cause
RISK BREAKDOWN STRUCTURE (RBS)
A decomposition of the risk categorization, and the risks within those categories that could occur on a program or project. Often created via brainstorming type of environmet
RISK CATEGORIES (6)
A grouping of types of risk on a program or project. 1. Environmental - external, internal culture, political & stakeholder positions 2. Program Level - Pg Definition, governance, interactions 3. Project Risks - Prj Mgs handle, NOT prg mgr) 4. Operational Level - transfer of results to ops, integration of changes to processes/proc/tools/system 5. Portfolio Level - interaction between progs 6. Benefits Related - collection of benefits risks from proj, but also interaction of those risks
RISK DATABASE
a data repository that stores and manipulates information associated with the risk management processes
RISK EVENTS
events that may impact the program or project either negatively or positively
RISK FACTORS
numbers representing the risk of certain events, the likelihood of their occurring, plus the impact on the program or project if the event does occur.
RISK IMPACT
Consequence or amount at stake if something does happen.
RISK MGMT PLAN PARTS (11)
- Approach ? define methods, tools used, data sources 2. R&R - RACI for each activity in risk mgmt. plan 3. Budgeting ? assigns resources, estimate risk mgmt. costs, protocol to apply contingency reserves 4. Timing ? reviews sched and when activities occur 5. Risk Categories ? Simple list or RBS 6. Probability & Impact Matrix 7. Revised Stakeholder Tolerances 8. Reporting Formats ? format, content template 9. Tracking ? Docs how risk activities will be recorded 10. Approval ? map to governance structure 11. Input to Enterprise Pg Risk Mgmt Process
RISK MITIGATION
minimizing the impact of a risk event by minimizing the likelihood or probability of its occurrence
RISK OWNER
The person who is responsible for implementing the risk response plan if the risk occurs.
RISK PROBABILITY
Likelihood that something will happen. The sum of all possible outcomes for a single event totals 100%.
RISK PROBABILITY AND IMPACT MATRIX
A tool used to determine where a risk fits on a program or project; the typical rating for is high, medium, or low for probability and impact regarding scope, time, cost, and quality.
RISK REGISTER
the documented results of Plan Risk Management which can include the outputs of Perform Qualitative Risk Analysis and Perform Quantitative Risk Analysis, as well as Plan Risk Responses. Contains the following: Risk #, Risk Name, Triggers, Probability of occuring, Impact if occurs, Planned Responses, Risk Owner, Reserve Amount.
RISK RESPONSE STRATEGIES (SEE the ATM)
Share, Exploit, Enhance, Avoid, Transfer, Mitigate, Accept for both)
RISK REVIEWS
Assess the documented risks for changes in the assessment and the program for any new risks
RISK SEEKING
Possessing a higher tolerance than most for risk. Often looking for risk (or at least not afraid). Typically early adopter of new products, or a business/person willing for an “all or nothing” approach to an initiative
RISK SYMPTOMS
Characteristics which indicate that a risk event is possibly starting to occur; could also be called risk triggers
RISK TOLERANCE
The level of satisfaction from a potential risk payoff; also known as risk utility
RISK TRANSFERENCE
Allocating the responsibility for and impact of the risk event to another party
RISK-AVERSE
Possessing a low desire or tolerance for risk
RISK-NEUTRAL
A middle ground mentality. (between the risk taken and the benefit received). Can shift to seeker or averse under some situations.
ROOT CAUSES OF RISK UPDATES
The environments or occurrences that engender identified risks and must be updated as the change
SECONDARY RISKS
Risks that result from the execution of a risk response. For example - the risk you take on by choosing to outsource work as a Transfer Risk Strategy
SENSITIVITY ANALYSIS
A technique used in risk management that helps show which risks will likely have the most impact on the program or project
SHARE RISK STRATEGY
splits the resonsibility and benefit of the risk with a third party to maximize an opportunity
STRENGTHS, WEAKNESSES, OPPORTUNITIES, AND THREATS (SWOT) ANALYSIS
A risk analysis technique which considers the strengths of, weaknesses of, opportunities of, and threats to the program or project to facilitate a more knowledgeable risk management analysis
THREAT
A negative risk to the program or project
TRANSFER RISK STRATEGY
reassign the risk exposure to another party. NOTE: do not remove all risk, just decrease. Also take on others. Ex: hire outside company to do something. Buy insurance.
TRIGGER(S)
A signal that a risk event could occur in the near future
WORKAROUND
A response to a risk that wasn’t planned or the original plan did not work. Reactive response
PLAN PROGRAM RISK MGMT T/T (2)
- RISK PLANNING METINGS - bring together key team members and experts to plan. NOTE: Key to share results with component managers for truly Integrated Program Risk Mgmt
- LESSONS LEARNED REVIEWS - review historical info, BUT must use judgment for relevancy
