What is risk? Flashcards
What is a risk?
A risk is an uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives
How is risk assessed?
Risk is assessed on the basis of:
* the probability/likelihood of the risk occurring; and
* the impact or consequenceon project objectives It can be a:
* threat (negative impacts) or* opportunity (favourable impacts)
What are the 5 elements of a risk management procedure? ( circular diagram with 4 elements in the circle and one in the middle, the first two elements each have two aspects related to identifying and assessing the risk)
- Identify (a) the context and (b) the risks
2, Assess (a) the risk and (b) the net effect
- Plan
- Implement and central to all:
- Communicate the risk
How do you identify the context for risk?
Identify the context by:
* gathering information about specific objectives that are at risk;
* formulate a Risk Management Strategy;
* describes how the risks will be managed during the project.
How do you identify and “capture’ the risks?
* You need to capture individual threats and opportunities in the Risk Register.
* Risks can be clearly expressed as describing the cause, event, and effect.
How do you assess and estimate the risk?
* Risk must be assessed and estimated in terms of its probability and impact.
* The proximity should also be considered.
How do you assess and evaluate the net effect of the risk?
Risk must be considered in terms of the net effect of all the identified threats and opportunities on a project when aggregated together.
What steps are needed to plan and implement in response to identification and assessment of risk?
* Risk must be planned for by preparing a specific response to each risk.
* This is then implemented by carrying out the planned response
Assessment of risk can be broken down into two major elements: estimating risk and evaluating risk. Describe the subelements of the first element, estimating risk.
Estimating risk can be broken into the following three elements:
* probabilty (the evaluated likelihoood of a particular outcome actually happening - including a consideration of the frequency with which the outcome may arise)
* impact (the evaluated effect or result of a particular outcome actually happening, including consideration against time and cost, and possible consideration agains other factors such as scope, quality and benefits)
* proximity (consideration of when a risk might occur, including in terms of the risks that are further away and the more immediate ones on which attention should be focused, known as the risks ‘proximity’
Assessment of risk can be broken down into two major elements: estimating risk and evaluating risk. Describe the subelements of the second element, evaluating risk.
The two subelements of evaluating risk are:
- evaluating the cumulative impact of the risks; and
- considering whether ot not it is appropriate to use a financial method
What is the relationship with risk planning and risk tolerance, how would these be plotted on a grid, and what would be the relevance of risks being above and to the right of the tolerance line, and what would you do about it
* Risk tolerance is about the amount of risk that a project is prepared to tolerate
* Part of risk planning is working out what the risk tolerance is
* This can be plotted on a grid with relative probability on one axis (how likely is this to happen) and the likely impact of the risks (how bad would it actually be) on the other axis
* risks above and to the right of the tolerance line mean that they are more likely to happen and have a higher potential impact
* you would therefore consider those risks for mitigation
How would you define ‘risk appetite’?
An organisation’s attitude to the amount of risk exposure they will take
What is residual risk, and what are the three ways in which the original inherent risk might be managed and controlled?
* Residual risk is the risk that is left over after risk responses (it has not necessarily been completely removed)
3 ways in which to manage the original inherent risk are:
* select more than one response
* implement a response that may reduce or remove other related risks
* think about secondary risks that might result from a risk response
There are 6 actions that can be taken for threats and 4 for opportunities. These are ‘response types’ to risk. What are they?
The 6 actions that can be taken for threats are:
- Avoid
- Reduce (probability and/or impact)
- Fallback (reduces impact only)
- Transfer (reduces impact only, and often only the financial impact)(often requires consideration of contractual conditions with suppliers)
- Share (often requires consideration of contractual conditions with suppliers)
- Accept
The 4 actions that can be taken for opportunities are:
- Exploit
- Enhance
- Share (often requires consideration of contractual conditions with suppliers)
- Reject
Why is communication of risk important? What does it require from the project team?
Communication is a step that is undertaken continually. It is essential to effective risk management and mitigation that the current status of the risks is understood. This requires effective communication at and between all levels of the project management team.