Theme: risk Flashcards
what is the definition of a risk
An uncertain event that, should it occur, will influence the achievement of objectives.
It consists of a combination of the probability of a perceived threat or opportunity occurring, and the magnitude of its impact on objectives
what is a threat
a risk that has a negative impact
what is an opportunity
a risk with a positive impact
what is the risk management approach
the risk management approach which describes how risk will be managed including any processes, procedures and techniques and responsibilities
- this is created when intiating a project
what is a risk register
a record of identified risks, their status and history
- this is created when initiating a project
Note: Any risks identified during starting up a project should be recorded in the Project Manager’s daily log and transferred to the risk register if the initiation stage is approved by the Project Board
what are the 5 steps of the risk management approach
1) Identify (context and risks) - First identify the context of the project by examining the project mandate, project brief the product. Then identify the risks and record in the risk register.
2) Assess (estimate and evaluate) – risks should be assessed by their probability – how likely they are to occur. And then look at the impact of the risk would have if it happens and when It would happen (it’s proximity)
3) Plan – Prince2 suggests 6 basic responses for both threats and opportunities (see below)
4) Implement - put the chosen risk response (or responses) into action. The plan will include the responsibilities for the risk owner and also the risk actionee.
5) Communicate – risks can be communicated in the following reports: checkpoint, highlight, end stage, end project and exception reports. You should also consider how much of the risk budget you will spend trying to migitate the risks.
Note: step 1-4 happen in order but step 5 should be happening throughout
what information should the risk register contain
- A risk identifier
- risk author
- the date register (the date the risk was identified)
- risk category
- risk description
- The probability, impact and expected value of the risk
- Information on the risk proximity: describe how close to the present time is the risk event anticipated to happen,
what is the risk identifier
a unique reference for every risk entered into the risk register. This will typically be a numeric or alpha-numeric value
who is the risk author
the person who raised the risk
what is a risk category
describes the type of risk, in terms of the project’s chosen categories, such as schedule, quality, legal and so on
- it will show how the project will treat the risk based on the category
what is included in the risk description
describing the cause, the event, whether a threat or opportunity and the likely effect, which will describe the impact in words
what are risk responses that happen in both Threats and Opporunities
- Prepare contingent plans: we put in place a plan that will be put into action should the risk occur
- Accept: where we make a conscious decision to live with the risk
- Share: we choose to share the loss should a risk occur, usually through a contract
- Transfer: we transfer the risk to a third party, again via a contract
what would be the difference between the risk response for Threats and Opporunities
For threats we:
- Avoid: plan the activities differently in such a way that either the risk is avoided altogether, or there is no impact
- Reduce - take some action to reduce the probability or the impact
whereas for Opportunities we:
- Exploit: we take action so that the opportunity is realised
- Enhance : we take action to make the opportunity more likely to happen or increase the impact.
what is the risk owner responsible for
this is the person responsible for managing the risk.
There can be only one risk owner per risk
what is the responsibility of the risk actionee
this is the person or persons who will implement the actions described in the risk response
