Project Risk Management

Ground Rules
Start on time to end on time Be Punctual
Please Put your mobile phones on Silent mode
Feel free to ask or to comment Be professional
Take notes to help you in your Reflective Learning Journals.
Be prepared to share them if needed
Use a binder & keep 1 page per topic (recommendation) Be
Succinct (concise).
We are keeping a parking lot for un-answered questions/
debates.
 PMBOK 5th Edition

It describes the project management

processes, tools & techniques used to
manage a project towards a
successful outcome.
 What is a Risk ?
Event /
Condition
Uncertainty Risk

Impact
Even the most carefully planned project can run into
trouble.
No matter how well you plan, your project can always run
into unexpected problems.
Team members get sick or quit, resources that you were Objective
depending on turn out to be unavailableeven the weather
can throw you for a loop.
So does that mean that youre helpless against unknown Negative Positive
problems? No! You can use risk planning to identify potential
problems that could cause trouble for your project, analyze
how likely theyll be to occur, take action to prevent the risks
you can avoid, and minimize the ones that you cant.
 Negative Risks (Threats)

A risk that material prices will go

higher.

A risk the technology solution

will not work.

A risk experienced people will

leave the company.

A negative project risk if occurs would be

considered an issue
 Positive Risks (Opportunities)

A risk of getting materials with

lower costs from another
supplier with same quality.

A risk that additional resources

are available and can be
assigned to the project so that
to reduce the project duration.

A positive project risk if occurs would be

considered an opportunity
 Risk Attitude
Risk
Attitude

Risk averse Risk Neutral Risk seeker

High level description of the acceptable

Risk Appetite
level of risk

Measurable amount of risk that are

Risk Tolerance
acceptable in a specific area

The point after which a risk become

Risk Threshold
unacceptable
 Why is Risk Management Needed?

A project manager's work should not

focus on dealing with problems; it
should focus on preventing them.

Failure of PM to assess project risks

is a major cause of project failure.

The goal of Risk Management is to be more proactive and less

reactive, i.e. control your project instead of getting controlled
by your project.
 What is Risk Management?

It includes the processes of

conducting risk management
planning, identification, analysis,
response planning, and controlling
risk on a project.

The objectives of project risk management are to increase the

likelihood and impact of positive events, and decrease the
likelihood and impact of negative events in the project.
 Project Risk Management

Monitoring and
Planning Controlling

Project Timeline

Perform
Qualitative
Risk Analysis
Plan Risk Identify Plan Risk
Control Risks
Management Risks Responses
Perform
Quantitative
Risk Analysis
 Plan Risk Management

It is the process of defining how to

conduct risk management activities
for a project.

It is important to provide sufficient

resources and time for risk
management activities.

The key benefit:

It ensures that the degree, type, and visibility of risk
management are appropriate with both the risks and the
importance of the project to the organization.
 Plan Risk Management

Input T&Ts Output

Project Management Expert Judgment Risk management

Plan plan.
Analytical techniques
Project charter
Meetings
Stakeholder register
OPA
EEF
 Plan Risk Management - inputs

Project management plan

All approved subsidiary management plans and baselines should be taken into
consideration in order to make the risk management plan consistent with them.
The project management plan provides baseline or current state of risk-affected
areas including scope, schedule, and cost.

Project charter
The project charter can provide various inputs such as high-level risks, high-level
project descriptions, and high-level requirements

Stakeholder register
The stakeholder register, which contains all details related to the projects
stakeholders, provides an overview of their roles.
 Plan Risk Management - inputs
Enterprise environmental factors
Risk attitudes, thresholds, and tolerances that describe the degree of risk that an
organization will withstand.

Organizational process assets

Risk categories,
Common definitions of concepts and terms,
Risk statement formats,
Standard templates,
Roles and responsibilities,
Authority levels for decision making, and
Lessons learned.
 Plan Risk Management T&T
Meetings
Project teams hold planning meetings to develop the risk management plan.
Attendees at these meetings may include the project manager, selected project
team members and stakeholders, anyone in the organization with responsibility
to manage the risk planning and execution activities, and others, as needed.
High-level plans for conducting the risk management activities are defined in
these meetings.
Risk management cost elements and schedule activities will be developed for
inclusion in the project budget and schedule, respectively.
Risk contingency reserve application approaches may be established or
reviewed.
Risk management responsibilities will be assigned.
General organizational templates for risk categories and definitions of terms
such as levels of risk, probability by type of risk, impact by type of objectives,
and the probability and impact matrix will be tailored to the specific project.
If templates for other steps in the process do not exist they may be generated
in these meetings.
The outputs of these activities will be summarized in the risk management plan.
 Output: Risk Management Plan

It is a component of the project

management plan.

It describes how risk management

activities will be structured and
performed.

It is vital to communicate with and obtain

agreement from all stakeholders to insure
the RM activities are supported and
effectively performed.
 Risk Management Plan
It may include the following:
Methodology (how?)
Roles & Responsibilities (who?)
Budgeting (cost of RM activities)
Timing
Risk category (RBS source of risks)
Definition of probability & impact
Probability & Impact matrix
Stakeholder tolerance
Reporting format
Definition of Impact
Risk Breakdown Structure
Risk Management Plan Example
 Project Risk Management

Monitoring and
Planning Controlling

Project Timeline

Perform
Qualitative
Risk Analysis
Plan Risk Identify Plan Risk
Control Risks
Management Risks Responses
Perform
Quantitative
Risk Analysis
 Identify Risks
It is the process of determining which risks
may affect the project and documenting
their characteristics.

It is an iterative process, as new risks can

arise at any time through the project life
cycle.
the firstand most important technique
in Identify Risks is called information
gathering techniques. These are time-
tested and effective ways to get information
from your team, stakeholders, and anyone
else who might have information on risks.

The key benefit:

The documentation of Existing risks and the knowledge and ability it
provides to the project team to anticipate events.
 Identify Risks
Input T&Ts Output
Risk management Plan
Cost management plan Documentation Risk Register
Schedule management
reviews
plan Information gathering
Quality management plan
techniques

Human resource Checklist analysis

management plan Assumptions analysis
Scope baseline Diagramming
Activity cost estimates techniques
Activity duration estimates SWOT analysis
Stakeholder register Expert Judgment
Project documents
Procurement documents
OPA
EEF
Information Gathering Tech.
 Information Gathering Tech.
Brainstorming is the first thing you should do with your team. Get
them all together in a room, and start pumping out ideas.
Brainstorming sessions always have a facilitator to lead the team
and help turn their ideas into a list of risks.

Interviews are a really important part of identifying risk. Try to find

everyone who might have an opinion and ask them about what
could cause trouble on the project. The sponsor or client will think
about the project in a very different way than the project team.
 Information Gathering Tech.
The Delphi technique is a way to get opinions and ideas from experts. This is
another technique that uses a facilitator, but instead of gathering team
members in a room, the facilitator sends questionnaires to experts asking
about important project risks. The facilitator will then take those answers and
circulate them all to the expertsbut each expert is kept anonymous so that
they can give honest feedback.
Root Cause Identification is analyzing each risk and figuring out whats actually
behind it. You might have two separate risks, when you take a closer look you
might find that theyre both caused by the same thing which is the root cause
for both of them. So you know that if you this cause, you need to be on the
lookout for both risks!
 Checklist Analysis

Risk Identification checklist is

developed based on previous similar
projects.

Lowest level of RBS can be used as

a risk checklist.

It is quick and simple, but over

reliance on it should be avoided.
 Diagramming Techniques

Influence diagram: graphical representation shows the casual influences, time ordering
of events and other relationships among different variables and their outcomes
 Assumption Analysis
Every project is developed based on a set of hypotheses,
scenarios, or assumptions.

Assumptions are made to deal with incomplete info

Analyzing and exploring the validity of the assumptions can

help identify risks due to inaccuracy, inconsistency, or
incompleteness.

Assumptions analysis is what youre doing when you look

over your projects assumptions. Remember how important
assumptions were when you were estimating the project?
Well, now its time to look back at the assumptions you made
and make sure that they really are things you can assume
about the project. Wrong assumptions are definitely a risk.
 SWOT Analysis

This analysis
looks at the project
to identify its
strengths and
weaknesses and
thereby identify
risks (opportunities
and threats).
 Name the Technique
1. Your project requires that you set up a campsite on the edge of a cliff.
You gather your team membersincluding a geologist, a meteorologist,
a tracker, and three campsite workersand lead them in a directed
discussion where they identify as many risks as possible.
Brainstorming
2. You look through your companys asset library and discover that two
previous projects involved setting up camp in this area. You look through
the lessons learned to figure out what went wrong, and what could have
been avoided through better planning.
Documentation Review
3. Youve sent a questionnaire to a park ranger and engineers at tent and
hiking equipment companies to gather their opinions on the risk of
falling off of a cliff. You remove their names from their responses, copy
them, and send them back to everyone to get their feedback.
Delphi
 Name the Technique
4. Youve identified a risk that is very complex, so you identify the root
cause. You use an Ishikawa diagram to gain insight into it.
Diagramming Technique

5. Youve reviewed your estimates and find that you had assumed that
seasonal weather patterns would hold. If they change, then it could cause
serious problems with the project.
Assumption Analysis
6. You meet individually with many different people: the sponsor,
stakeholders, team members, and experts. You ask each of them detailed
questions about what they think could go wrong on the project.

Interviews
 Risk Register
Risk register contains:
List of risks.

List of initial responses.

Root causes of risks

Risk categories

Risk statement could be: If

EVENT occur, it will cause the
IMPACT.
The risk register is referenced
by the Risk Management plan.
Updates to the risk register are
the only output of the Identify
Risks process.
 Risk Register
The outputs from risk identification are typically contained as initial entries
into a document called a Risk Register.
The risk identification part of the template identifies:
Status: Whether a risk is an active risk, a dormant risk, or a retired risk.
ID#: The identification for the risk.
Date Identified & Project Phase: When a risk was identified and what
project phase (preconstruction or construction) the risk was identified in.
Functional Assignment: The capital delivery functions (planning, design,
environmental, construction, etc.) which are impacted by the risk.
Risk Event: What the risk event is to the project
Risk Trigger: warning signs that indicate the risk is likely to occur. Used to
determine when response strategies will be implemented.
Once the risk has been identified, the project team can conduct further
analysis (qualitative and quantitative) on the risk event.
 Strategies for Negative Risks
Eliminating the threat by avoiding its cause
Avoid Ex. reduce scope, acquire expertise, in-house
development (no sub-contracting)

Transfer the responsibility of a risk consequences

Transfer to another party. It doesnt eliminate it.
Ex. purchase insurance, warranties, outsource

Reduce the impact or probability of the risk event

Mitigate to an acceptable threshold.
Ex. more testing, prototyping, qualified resources.
Risk is acknowledge No action taken.
Active Acceptance: Develop a contingency plan.
Accept Passive Acceptance: Deal with the risk as it occur
No plan in advance (workaround)
 Strategies for Positive Risks
Ensure opportunity is realized
Exploit Ex. Assign most talented resources to reduce
time, use new tech. to reduce cost.

Allocate (all or part of) ownership of the

Share opportunity to a third-party. (Win-Win)
Ex. Joint venture

Increase the impact or probability of the risk event.

Enhance Ex. Adding more resources to an activity to finish
early.

Willing to take the advantages of the opportunity if

Accept it comes, but not actively pursuing it.
Name the Strategy
If the weathers good, then theres a chance you could see a meteor shower. If the
team gets a photo that wins the meteor photo contest, you can get extra funding.
You have your team stay up all night with their telescopes and cameras ready.

Exploit

You hear that its going to rain for the first three days of your trip, so you bring
waterproof tents and indoor projects for the team to work on in the meantime.

Mitigate
You read that theres a major bear problem in the spring on the cliff where you are
planning to work. You change your project start date to happen in the fall.

Avoid
On your way up the cliff, you meet another team that is looking to survey the area.
You offer to do half of the surveying work while they do the other half and then
trade your findings with each other.
Share
Name the Strategy
Theres a high probability of water damage to some of your equipment, so you buy
insurance to avoid losses.
Transfer

Theres always the chance that someone could make a mistake and fall off the cliff.
No matter how much you plan for the unexpected, sometimes mistakes happen.

Accept

About 10 years ago a really rare bird, the black-throated blue warbler, was seen on
this cliff. If you could get a picture of it, it would be worth a lot of money. So, you
bring special seeds that you have read are really attractive to this bird, and you set
up lookout points around the cliff with cameras ready to get the shot.

Enhance
 Group Activity

In your usual groups, create Risk Register

for your project.
 Project Risk Management

Monitoring and
Planning Controlling

Project Timeline

Perform
Qualitative
Risk Analysis
Plan Risk Identify Plan Risk
Control Risks
Management Risks Responses
Perform
Quantitative
Risk Analysis
 Perform Qualitative Risk Analysis

Assessing the probability and impact

of the identified risks and
PRIORITIZING them according to
their effect on project objectives.

It is rapid and cost-effective.

The key benefit:

It enables PM to reduce the level of uncertainty and to focus
on high-priority risks.
 Perform Qualitative Risk Analysis
Input T&Ts Output

Risk management Risk probability and Project document

plan impact assessment updates
Risk register Probability and
Scope Baseline
impact matrix

OPA Risk data quality

assessment
EEF
Risk categorization
Risk urgency
assessment
Expert judgment
 Perform Qualitative Risk Analysis - Inputs
Risk Management Plan
Key elements used; roles and responsibilities for conducting risk
management, budgets, schedule activities for risk management, risk
categories, definitions of probability and impact, the probability and impact
matrix, and revised stakeholders risk tolerances.

Scope Baseline
Projects of a common or recurrent type tend to have more well-
understood risks.
Projects using state-of-the-art or first-of-its-kind technology, and highly
complex projects, tend to have more uncertainty.
This can be evaluated by examining the scope baseline

Risk Register
The risk register contains the information that will be used to assess and
prioritize risks.
 Perform Qualitative Risk Analysis - Inputs

Enterprise Environmental Factors

Industry studies of similar projects by risk specialists, and
Risk databases that may be available from industry or proprietary sources.

Organizational Process Assets

The organizational process assets that can influence the Perform Qualitative
Risk Analysis process include information on prior, similar completed projects.
 Perform Qualitative Risk Analysis T&T
Risk probability and impact assessment is one of the best ways to
be sure that were handling your risks properly by examining how likely they
are to happen, and how bad (or good) it will be if they do.
This process helps us assign a probability to the likelihood of a risk
occurring, and then figure out the actual cost (or impact) if it does happen.
We can use these values to figure out which of our risks need a pretty solid
mitigation (moderation/relief) plan, and which can be monitored as the
project goes on.
Risks can be assessed in interviews or meetings team, customer,
sponsor, expert.

Ratings are based on the definitions given in the Risk Management

Plan.
Risk Risk
Probability Impact
Likelihood that Potential effect
the risk will on project
occur objectives
 Perform Qualitative Risk Analysis T&T

Probability & Impact Matrix

It specify combinations of Probability &

Impact that leads to rating the risk as
High, Moderate or Low priority.

Risk-rating rules are either specified by

the organization (OPA) or tailored by the
project in the RMP.
The Risk rating help guide the risk responses.
The organization should determine which combinations of
probability and impact result in a classification of high risk red
condition, moderate risk yellow condition, and low risk
green condition.
Probability & Impact Matrix
 Perform Qualitative Risk Analysis T&T

Risk Data Quality Assessment

Risk data quality assessment means making sure that the information were
using in our risk assessment is accurate. Sometimes it makes sense to bring in
outside experts to check out the validity of our risk assessment data.
Sometimes we can even confirm the quality of the data on our own, by
checking some sample of it against other data sources.

Expert judgment definitely comes in handy when

were assessing risks. Who better to help us come up
with things that might go wrong than experts who have
been through similar projects before?
 Perform Qualitative Risk Analysis T&T

Risk categorization is all

about grouping our risks so
that we can come up with
a better strategy for
dealing with them.

We might group them by

the phase of the project
where well see them, or
by the source of the risk.
 Perform Qualitative Risk Analysis T&T

Risk Urgency Assessment

Risks that need near-term

responses are considered more
urgent to address.

If a risk is going to happen soon,

wed better have a plan for how to
deal with it soon, too.
The urgency of the risk can be combined with the risk's rating
(from the probability and impact matrix) to determine the
overall severity of the risk.
 Perform Qualitative Risk Analysis Output
Project Documents Updates

Risk Register updates Assumption Log updates

List of prioritized risks. New information or clarifications

about documented assumptions.
Probability & Impact assessment
for each risk.
Risks grouped by categories.
Risk urgency information.
List of risks required additional
analysis.
Watch list for low priority risks.
 Perform Qualitative Risk Analysis

The Specific Objectives of the Process

1. Evaluating the probability and impact of each risk.

2. Creating a short list of risks by determining the top or
critical risks that you will quantify further and/or address in
Plan Risk Responses process.
3. Assess the quality and reliability of the information you are
working with.
 Project Risk Management

Monitoring and
Planning Controlling

Project Timeline

Perform
Qualitative
Risk Analysis
Plan Risk Identify Plan Risk
Control Risks
Management Risks Responses
Perform
Quantitative
Risk Analysis
 Perform Quantitative Risk Analysis

It is the process of numerically

analyzing the effect of identified risks
on overall project objectives.
Assign numerical value to the impact
of each risk.

The key benefit:

It produces quantitative risk information to support decision
making in order to reduce project uncertainty.
 Perform Quantitative Risk Analysis
Purpose of this process:
Determine overall project risk (risk

exposure).
Determine quantified probability of
meeting project objectives.
Determine cost & schedule reserves.

This process is not required for all projects/risks.

PM should exercise expert judgment to decide on the need.
Availability of time & budget should be considered to decide.
Perform Quantitative Risk Analysis

Input T&Ts Output

Risk management Data gathering and Project document

plan representation updates
techniques
Risk register
Quantitative risk
Cost management
analysis and
Plan modeling techniques
Schedule
Expert judgment
management plan
OPA
EEF
 Perform Quantitative Risk Analysis - Inputs
Risk Management Plan
Provides guidelines, methods, and tools to be used in quantitative risk
analysis.

Cost Management Plan

Provides guidelines on establishing and managing risk reserves.

Schedule Management Plan

Provides guidelines on establishing and managing risk reserves.

Risk Register
Used as a reference point for performing quantitative risk analysis.

Enterprise Environmental Factors

Industry studies of similar projects by risk specialists, and
Risk databases that may be available from industry or proprietary sources.

Organizational Process Assets

Information on prior, similar completed projects.
 Perform Quantitative Risk Analysis T&T

Data Gathering and Representation Techniques

Interviewing Techniques

It uses experience and historical

data to quantify the probability
and impact of risks on project
objectives.
 Perform Quantitative Risk Analysis T&T
Quantitative Risk Analysis & Modeling Techniques

Sensitivity Analysis

It is a special type of bar chart

that used to determine which
risks have the most potential
impact on one of the project
objectives.

Tornado Diagram is the most

useful way to represent the
results of a Sensitivity Analysis.
 Perform Quantitative Risk Analysis T&T
Quantitative Risk Analysis & Modeling Techniques
Expected Monetary Value Analysis (EMV)

It is a statistical concept that calculates the

average outcome when the future includes
scenarios that may or may not happen (i.e.,
analysis under uncertainty).

EMV = Probability X Impact.

The EMV of opportunities will generally be
expressed as positive values, while those of
threats will be negative.

EMV is calculated by multiplying the value of each

possible outcome by its probability of
occurrence, and adding them together.
EMV Example
 EMV Example
Decide weather to build new plant or upgrade existing
based on demands.

1 Build New Plant $120 M

2 Upgrade Pant $ 50 M
Demand Scenario: Chance of Strong Demand 60%
A New Plan Strong Demand $ 200 M

B New Plan Weak Demand $ 90 M

C Upgrade Strong Demand $120 M

D Upgrade Weak Demand $ 60 M

 EMV Example (Decision Tree)
($120M)

EMV = $46M
= 0.60($80M) +
0.40(-$30M) =
$36M

($50M)
= 0.60($70M) +
0.40($10M) =
$46M
 EMV Example (Decision Tree)
The decision branches:
Buy the product for $85K
Build the product in-house for $200K

The uncertainty branches for the buy scenario:

The product meets the need (40% probability) No additional cost
The product does not meet the need (60% probability)- Additional
cost $300 K

The uncertainty branches for the build scenario:

The product meets the need (85% probability) - No additional cost
The product does not meet the need (15% probability)- Additional
cost $30 K
EMV Example (Decision Tree)
 Quantitative Risk Analysis & Modeling
Techniques
Modeling & Simulation
Use Model that translate the specified
detailed project uncertainties into their
potential impact on project objectives.

Performed using Monte Carlo technique.

It usually done with a computer-based

program.
Evaluates the overall risk in the project.
Determines the probability of completing the
project on any specific day, or for any specific
cost.
Determines the probability of any activity actually being on the critical path.
Can be used to assess cost and schedule impacts.
Results in a probability distribution.
 Project Documents Updates
Risk Register updates

Prioritized list of quantified risks: what are the risks that needs
the most contingency reserve.
Initial amount of contingency time and cost reserves needed:
Reserves will be finalized next, in Plan Risk Responses
Probabilistic analysis of the project completion date and
cost: with their confidence level.
Probability of achieving cost and time objectives: "We only
have an 80% chance of completing the project within the six
months required.
 Project Risk Management

Monitoring and
Planning Controlling

Project Timeline

Perform
Qualitative
Risk Analysis
Plan Risk Identify Plan Risk
Control Risks
Management Risks Responses
Perform
Quantitative
Risk Analysis
 Plan Risk Responses

It is the process of developing

options and actions to enhance
opportunities and to reduce
threats to project objectives.

The key benefit:

It addresses the risks by their priority, inserting resources and
activities into the budget, schedule and project management
plan as needed.
 Plan Risk Responses

Strategies must be timely.

More than one response can be used
to address the same risk.
One response can be used to address
more than one risk.

The effort selected must be appropriate to the severity of the risk

(avoid spending more money preventing the risk than the cost
impact of the risk itself).
The team, other stakeholders, and experts should be involved in
selecting a strategy.
 Plan Risk Responses

Input T&Ts Output

Risk management Strategies for Project management

plan negative risks or plan updates
threats
Risk register Project document
Strategies for updates
positive risks or
opportunities
Contingent response
strategies
Expert judgment
 Plan Risk Responses - Input
Risk Management Plan
Important components of the risk management plan include roles and
responsibilities, risk analysis definitions, timing for reviews (and for
eliminating risks from review) and risk thresholds for low, moderate, and high
risks.
Risk thresholds help identify those risks for which specific responses are
needed.

Risk Register
The risk register refers to identified risks, root causes of risks, lists of potential
responses, risk owners, symptoms and warning signs, the relative rating or
priority list of project risks, a list of risks requiring response in the near term, a
list of risks for additional analysis and response, trends in qualitative analysis
results, and a watch-list of low-priority risks.
 Strategies for Negative Risks
Eliminating the threat by avoiding its cause
Avoid Ex. reduce scope, acquire expertise, in-house
development (no sub-contracting)

Transfer the responsibility of a risk consequences

Transfer to another party. It doesnt eliminate it.
Ex. purchase insurance, warranties, outsource

Reduce the impact or probability of the risk event

Mitigate to an acceptable threshold.
Ex. more testing, prototyping, qualified resources.
Risk is acknowledge No action taken.
Active Acceptance: Develop a contingency plan.
Accept Passive Acceptance: Deal with the risk as it occur
No plan in advance (workaround)
 Strategies for Positive Risks
Ensure opportunity is realized
Exploit Ex. Assign most talented resources to reduce
time, use new tech. to reduce cost.

Allocate (all or part of) ownership of the

Share opportunity to a third-party. (Win-Win)
Ex. Joint venture

Increase the impact or probability of the risk event.

Enhance Ex. Adding more resources to an activity to finish
early.

Willing to take the advantages of the opportunity if

Accept it comes, but not actively pursuing it.
Plan Risk Responses T&T
Contingent response strategies
Contingency reserve is not a risk response strategy; it is an output of risk
planning.
When a project team chooses to actively accept a project risk event, a
contingency reserve is established.
This is the amount of funds or budget needed above the estimate to reduce
the risk of overruns of project objectives to a level acceptable to the
organization (within/ below threshold limit).

Expert judgment
Expert judgment is input from knowledgeable parties pertaining to the
actions to be taken on a specific and defined risk.
Expertise may be provided by any group or person with specialized
education, knowledge, skill, experience, or training in establishing risk
responses.
Plan Risk Responses Output

Project Management Plan Updates

Schedule management plan: This may include changes in tolerance or
behavior related to resource loading and leveling, as well as updates to the
schedule strategy.
Cost management plan: This may include changes in tolerance or behavior
related to cost accounting, tracking, and reports, as well as updates to the
budget strategy and how contingency reserves are consumed.
Quality management plan: This may include changes in tolerance or
behavior related to requirements, quality assurance, or quality control, as
well as updates to the requirements documentation.
Procurement management plan: The procurement management plan may
be updated to reflect changes in strategy, such as alterations in the make-or-
buy decision or contract type(s) driven by the risk responses.
Plan Risk Responses Output

Project Management Plan Updates

Human resource management plan: The staffing management plan, part of

the human resource management plan, is updated to reflect changes in
project organizational structure and resource applications driven by the risk
responses. This may include changes in tolerance or behavior related to staff
allocation, as well as updates to the resource loading.
Scope baseline: Because of new, modified or omitted work generated by the
risk responses, the scope baseline may be updated to reflect those changes.
Schedule baseline: Because of new work (or omitted work) generated by the
risk responses, the schedule baseline may be updated to reflect those
changes.
Cost baseline: Because of new work (or omitted work) generated by the risk
responses, the cost baseline may be updated to reflect those changes.
Plan Risk Responses Output
Project Document Updates

Updates to the risk register

Risk owners and assigned responsibilities;
Agreed-upon response strategies;
Specific actions to implement the chosen response strategy;
Trigger conditions, symptoms, and warning signs of a risk occurrence;
Budget and schedule activities required to implement the chosen
responses;
Contingency plans and triggers that call for their execution;
Fallback plans for use as a reaction to a risk that has occurred and the
primary response proves to be inadequate;
Residual risks that are expected to remain after planned responses have
been taken, as well as those that have been deliberately accepted;
Secondary risks that arise as a direct outcome of implementing a risk
response; and
Contingency reserves that are calculated based on the quantitative risk
analysis of the project and the organizations risk thresholds.
Plan Risk Responses Output
Risk triggers;
Trigger conditions, symptoms, and warning signs of a risk occurrence;
These are events that trigger the contingency response.
A project manager should identify the early warning signs (indirect
manifestations of actual risk events) for each risk on a project so that he or
she will know when to take action.
A risk may have one or more causes, and if the event occurs, one or more
impacts.
Identifying the causes of risk events help define the risk trigger.
A risk trigger indicates that a risk event is about to happen.

Risk response owners;

Each risk must be assigned to someone who may help develop the risk
response and who will be assigned to carry out the risk response or own
the risk and MUST keep the project manager informed of any changes.
Plan Risk Responses Output
Contingency plans
Contingency plans are plans describing the specific actions that will be taken if
the opportunity or threat occurs.

Fallback plans;
These are specific actions that will be taken if the contingency plan is NOT
effective.

Residual risk; a leftover risk

After implemented a risk response strategy, minor risk might still remain.
The contingency reserve is set up to handle situations like this.

Secondary risks;
Risks that come about as a result of implementing a risk response.
When planning for risk, identify and plan responses for secondary risks that
could occur.
Reserves (contingency)
Having reserves for time and cost is a required part of project management.
Plan Risk Responses Output
Project Document Updates

Other project documents updated could include:

Assumptions log updates: The assumptions log needs to be revisited to

accommodate this new information.

Technical documentation updates: As new information becomes available

through the application of risk responses, technical approaches and physical
deliverables may change. Any supporting documentation needs to be revisited
to accommodate this new information.

Change requests: Planning for possible risk responses can often result in
recommendations for changes to the resources, activities, cost estimates, and
other items identified during other planning processes.
 Project Risk Management

Monitoring and
Planning Controlling

Project Timeline

Perform
Qualitative
Risk Analysis
Plan Risk Identify Plan Risk
Control Risks
Management Risks Responses
Perform
Quantitative
Risk Analysis
 Control Risks

It is the process of implementing risk

response plans, tracking identified
risks, monitoring residual risks,
identifying new risks, and evaluating
risk process effectiveness throughout
the project.

The key benefit:

It improves efficiency of the risk approach throughout the
project life cycle to continuously optimize risk responses.
 Control Risks
Other actions involved in this process:
Review the validity of assumptions
Re-visit the watch list.
Create workarounds (if needed)
Review the contingency reserves.
Communicate risk status.
Close retired risks.
 Control Risks

Input T&Ts Output

Project Management Risk reassessment Work performance

Plan information
Risk audits
Risk register Change requests
Variance and trend
Work performance data analysis Project management
Work performance report
plan updates
Technical performance
measurement Project documents
updates
Reserve analysis
OPA updates
Meetings
 Control Risks - Inputs
Project Management Plan
The project management plan described contains the risk management plan
which include;
Risk tolerances
Protocols and the assignment of people (including the risk owners),
Time, and other resources to project risk management.

Risk Register
The risk register has key inputs that include
Identified risks
Risk owners
Agreed-upon risk responses
Specific implementation actions
Symptoms and warning signs of risk,
Residual and secondary risks
A watch-list of low-priority risks
The time and cost contingency reserves.
 Control Risks - Inputs

Work Performance Data

Work performance information related to various performance
results includes:
Deliverable status.
Schedule progress.
Costs incurred.

Performance Reports
Performance reports take information from performance
measurements and analyze it to provide project work performance
information including variance analysis, earned value data, and
forecasting data.
 Control Risks T&Ts

Risk reassessment Risk Audit

Identify new risks, reassess the
current risks, close the outdated
risks.
Should be regularly scheduled.
Examine the effectiveness of risk
responses and the RM process.
PM is responsible for ensuring it is
performed at an appropriate
frequency.

Variance & Trend analysis

Tech. performance measurements
Used to monitor deviations from the
Comparing the tech. results to the
baseline plan which may indicate a
planned (product characteristics, no.
potential impact of threats or
of defects, response time)
opportunities.

Reserve Analysis
Compare the amount of the contingency reserve
remaining to the amount of risk remaining to determine
if the remaining reserve is adequate.
 Control Risks T&T
Risk Reassessment
Control Risks often results in identification of new risks, reassessment of
current risks, and the closing of risks that are outdated.
Project risk reassessments should be regularly scheduled.
The results of such reassessments may include newly identifications,
additional qualitative or quantitative risk analysis, and further risk response
planning.

Closing of Risks That Are NO Longer Applicable

The time when each identified risk can logically occur will eventually pass.
Closing of risks allows the team to focus on managing those risks that are
still open.
The closing of a risk will likely result in the risk reserve being returned to the
company.
 Control Risks T&T
Risk Audits
Risk audits examine and document the effectiveness of risk responses in
dealing with identified risks and their root causes, as well as the
effectiveness of the risk management process.
It is arranged by project manager and results in identification of lessons
learned for the project and for other project in the organization.
Risk audits are evidence of how seriously risk should be taken on a project.

Variance and Trend Analysis

Compare the planned results to the actual results.
Trends in the projects execution should be reviewed using performance
data.
Earned value analysis and other methods of project variance and trend
analysis may be used for monitoring overall project performance.
 Control Risks T&T
Technical performance measurement
Technical performance measurement compares technical accomplishments
during project execution to the project management plans schedule of
technical achievement.
Technical performance measures may include weight, transaction times,
number of delivered defects, storage capacity, etc.
Deviation, such as demonstrating more or less functionality than planned at a
milestone, can help to forecast the degree of success in achieving the
projects scope.

Reserve analysis
Reserve analysis compares the amount of the contingency reserves
remaining to the amount of risk remaining at any time in the project, in order
to determine if the remaining reserve is adequate.
Throughout execution of the project, some risks may occur, with positive or
negative impacts on budget or schedule contingency reserves.
 Control Risks T&T
Meetings

Project risk management should be an agenda item at periodic status

meetings.
The amount of time required for that item will vary, depending upon the risks
that have been identified, their priority, and difficulty of response.

Risk management becomes easier the more often it is practiced.

Frequent discussions about risk make it more likely that people will identify
risks and opportunities.
Risk should be a major topic at status meetings to keep focus on risks, to
continue to identify new risks, and to make sure plans remain appropriate.
 Name the Technique
At every milestone, you do a new round of Identify Risks and make sure that the risks in
your risk register still apply to the project.
Re-assessment
You check to make sure that you have all of the features developed in your project that
you had planned when you reach the feature complete milestone. When you find that
you are missing one of the planned features, you realize that a new risk has shown up
you missed one of the required features in your functional specification.
Technical Performance Measurement
You take a look at the number of defects you have found in your project per phase and
find that it is higher in your project than it has been in most other projects that the
company is doing. You dig a little deeper and find some previously unplanned risks that
have been causing trouble on your project
Trend Analysis

Your company sends a risk expert in to take a look at your risk response strategies. She
finds that you are missing a few secondary risks that might be caused by the responses
you have planned. So you update your risk register to include the secondary risks.
Risk Audits
You decide to implement a risk response that costs $4,000. You check to make sure that
you have enough money to cover the rest of the risks that might happen from here on
out in the project. Reserve Analysis
 Control Risks Outputs
Work Performance Information
Work performance information, as a Control Risks output, provides a mechanism
to communicate and support project decision making.

Change requests
Implementing contingency plans or workarounds frequently results in a requirement
to change the project management plan to respond to risks.
Recommended corrective actions: These are activities that realign the performance of
the project work with the project management plan. They include contingency plans
and workarounds. The latter are responses that were not initially planned, but are
required to deal with emerging risks that were previously unidentified or accepted
passively.
Recommended preventive actions: These are activities that ensure that future
performance of the project work is aligned with the project management plan.

Workaround:
Workarounds are unplanned responses developed to deal with the occurrence of
unanticipated risk event.
Project managers who do not perform risk management spend most of their time
creating workarounds.
 Control Risks Outputs
Project management plan updates
If the approved change requests have an effect on the risk management
processes, then the corresponding component documents of the project
management plan are revised and reissued to reflect the approved changes.

Project document updates

Actual outcomes of risk reassessments, risk audits, and periodic risk reviews.
Actual outcomes of the projects risks and of the risk responses.

Organizational process assets updates

Templates for the risk management plan, including the probability and
impact matrix, and risk register.
Risk breakdown structure.
Lessons learned from the project risk management activities.
QUESTIONS?
 Review Questions

Q.1: All of the following are factors in the assessment of

project risk EXCEPT:
A. Risk event.
B. Risk probability.
C. Amount at stake.
D. Insurance premiums.

Answer D
 Review Questions

Q.2: All of the following are ALWAYS input to the risk

management process EXCEPT:
A. Historical information.
B. Lessons learned.
C. Work breakdown structure.
D. Workarounds

Answer D
 Review Questions

Q.3: If a project has a 60 percent chance of a US

$100,000 profit and a 40 percent chance of a US
$100,000 loss, the expected monetary value for the
project is:
A. $100,000 profit.
B. $60,000 loss.
C. $20,000 profit.
D. $20,000 loss.
Answer C
 Review Questions

Q.4: Purchasing insurance is BEST considered an

example of risk:
A. Mitigation.
B. Transfer.
C. Acceptance.
D. Avoidance.

Answer B
 Review Questions

Q.5: Workarounds are determined during which risk

management process:
A. Identify Risks.
B. Perform Quantitative Risk Analysis.
C. Plan Risk Responses.
D. Control Risks.

Answer D
 Review Questions

Q.6: If a risk event has a 90 percent chance of

occurring, and the consequences will be US $10,000,
what does US $9,000 represent ?
A. Risk value.
B. Present value.
C. Expected monetary value.
D. Contingency budget.

Answer C
 Review Questions

Q.7: A watch list is an output of which risk management

process?
A. Plan Risk Responses.
B. Perform Quantitative Risk Analysis.
C. Perform Qualitative Risk Analysis.
D. Plan Risk Management.

Answer C
 Review Questions

Q.8: Which of the following is a chief characteristic of

the Delphi technique?
A. Extrapolation from historical records from previous
projects
B. Expert opinion
C. Analytical hierarchy process
D. Bottom-up approach

Answer B