S

IC
T
CHAPTER 11

A
PROJECT RISK MANAGEMENT

IM
 Overview of Project Risk Management
 Plan Risk Management
T
 Identify Risks
L
 Perform Qualitative Risk Analysis
 Perform Quantitative Risk Analysis
U

 Plan Risk Responses

 Control Risks
M
 S
Learning Objectives

IC
After completing this chapter, you will be able to :

 List the six major processes involved
in Project Risk Management
 Describe the Plan Risk Management
T
 Describe the Perform Quantitative
Risk Analysis process, its inputs, tools

A
process, its inputs, tools and and techniques, and outputs
techniques, and outputs  Describe the Plan Risk Responses

IM
 Describe the Identify Risks process,
its inputs, tools and techniques, and process, its inputs, tools and
outputs, with special emphasis on techniques, and outputs
risk breakdown structure, and risk
Describe the Control Risks process,
T
categories 
 Describe the Perform Qualitative Risk its inputs, tools and techniques, and
L

Analysis process, its inputs, tools and outputs

techniques, and outputs, with special
U

emphasis on calculating risk scores

M
 S
Overview of Project Risk Management

IC
T
The PMBOK Guide defines risk as:

A
“An uncertain event or condition that, if it
occurs, has an effect on at least one project

IM
objective” such as scope, schedule, cost, or
T performance.

Risks can be positive or negative, so risk management is

about maximizing the probability and impact of positive
L

events (opportunities) and minimizing the probability and

U

impact of negative impacts (threats) to the project.

M
 S
Project Risk Management

IC
Project Risk Management includes the processes of conducting
risk management planning, identification, analysis, response

T
planning, and controlling risk on a project.

A
IM
T
L
U
M
 S
Process

IC
11.1 Plan Risk Management
11.2 Identify Risks

T
11.3 Perform Qualitative Risk Analysis
11.4 Perform Quantitative Risk Analysis

A
11.5 Plan Risk Responses

IM
11.6 Control Risks
T
L
U
M
 S
11.1 Plan Risk Management

IC
Plan Risk Management is the process of defining how to
conduct risk management activities for a project.

T
A
IM
T
L
U
M
 ITTO

S
Plan Risk Management

IC
INPUT TOOLS AND TECHNIQUE OUTPUT

T
1. Project management plan 1. Risk management plan
2. Project charter

A
3. Stakeholder register 1. Analytical techniques
4. Enterprise environmental factors 2. Expert judgment
5. Organizational process assets 3. Meetings

IM
T
L
U
M
 Project Risk Management

S
• Project
4.1 charter 11.1
Develop Project

IC
Plan Risk
Charter
Management

• Enterprise
environmental

T
factors
• Organizational
4.2 process assets
Develop Project

A
• Risk
Management management
Plan plan
11.4

IM
11.2 Perform
Identify Risks Quantitative
Risk Analysis
13.1
Identify
Stakeholders
T
11.3 11.5
L
Perform Plan Risk
Qualitative Responses
Risk Analysis
U

Enterprise /
Organization
M
 S
Inputs

IC
1. Project Management Plan
In planning risk management, all approved subsidiary

T
management plans and baselines should be taken into
consideration in order to make the risk management plan

A
consistent with them.

2. Project Charter
IM
The project charter can provide various inputs such as high-
T
level risks, high-level project descriptions, and high-level
requirements.
L
U
M
 S
Inputs

IC
3. Stakeholder Register
The stakeholder register, which contains all details related to

T
the project’s stakeholders, provides an overview of their
roles.

A
IM
4. Enterprise Environmental Factors
The enterprise environmental factors that can influence the
Plan Risk Management process include, but are not limited
T
to, risk attitudes, thresholds, and tolerances that describe the
degree of risk that an organization will withstand.
L
U
M
 S
Inputs

IC
5. Organizational Process Assets
The organizational process assets that can influence the

T
Plan Risk Management process include, but are not limited
to :

A
 Risk categories,

IM
 Common definitions of concepts and terms,
 Risk statement formats,
 Standard templates,
T
 Roles and responsibilities,
 Authority levels for decision making, and
L

 Lessons learned.
U
M
 S
Tools & Techniques

IC
1. Analytical Techniques
Analytical techniques are used to understand and define the

T
overall risk management context of the project.

A
IM
T
L
U
M
 S
Tools & Techniques

IC
2. Expert Judgment
To ensure a comprehensive establishment of the risk management

T
plan, judgment, and expertise should be
considered from groups or individuals with specialized training or

A
knowledge on the subject area, such as :

IM
 Senior management,
 Project stakeholders,
 Project managers who have worked on projects in the same
T
area (directly or through lessons learned),
 Subject matter experts (SMEs) in business or project area,
L

 Industry groups and consultants, and

U

 Professional and technical associations.

M
 S
Tools & Techniques

IC
3. Meetings
Project teams hold planning meetings to develop the risk

T
management plan.

A
IM
T
L
U
M
 S
Outputs

IC
1. Risk Management Plan
The risk management plan is a component of the project

T
management plan and describes how risk management
activities will be structured and performed.

A
IM
T
L
U
M
M
U
L
T
IM
A
T
IC
S
 S
11.2 Identify Risks

IC
Identify Risks is the process of determining which risks may
affect the project and documenting their characteristics.

T
A
IM
T
L
U
M
 ITTO

S
Identify Risks

IC
INPUT TOOLS AND TECHNIQUE OUTPUT

T
1. Risk management plan 1. Risk register
2. Cost management plan

A
3. Schedule management plan 1. Documentation reviews
4. Quality management plan 2. Information gathering techniques
5. Human resource management 3. Checklist analysis

IM
plan 4. Assumptions analysis
6. Scope baseline 5. Diagramming techniques
7. Activity cost estimates 6. SWOT analysis
8. Activity duration estimates 7. Expert judgment
9. Stakeholder register
T
10. Project documents
11. Procurement documents
12. Enterprise environmental factors
L

13. Organizational process assets

U
M
 Project Risk Management

S
5.4
Create WBS 11.1
Plan Risk

IC
Management
• Scope baseline 7.2
Estimate
6.1 • Risk management plan Costs
Plan Schedule
Management

T
• Schedule management plan 11.2 8.1
Plan Quality

A
6.5
Identify Risks
Management
Estimate Activity
Durations

IM
• Risk register
• Activity duration estimates 12.1
Plan
7.1 11.3
11.5 Procurement
Project Cost Perform Management
Plan Risk
Management Qualitative
Responses
T
Risk Analysis
• Cost management plan
L

7.2
Estimate Costs
U

11.4
Perform 11.6
• Activity cost estimates Quantitative Control Risks
Risk Analysis
M
 8.1
Plan Quality Project Risk Management
Management

S
• Quality management plan
11.1
9.1 Plan Risk

IC
Plan Human Management
Resource 7.2
Management Estimate
• Risk management plan Costs
• Human resource management plan

T
12.1
Plan Procurement 11.2 8.1
Management Plan Quality

A
Identify Risks
• Procurement documents Management

13.1

IM
Identify • Risk register
12.1
Stakeholders
Plan
11.3 Procurement
• Stakeholder register 11.5
Perform Management
Plan Risk
Qualitative
Responses
T
Enterprise / Risk Analysis
Organization
L

• Organizational process assets

• Enterprise environmental factors
U

11.4
Project Perform 11.6
Documents Quantitative Control Risks
Risk Analysis
M
 S
Risk Management Plan
Risk Breakdown Structure

IC
Project

T
Technical External Organizational Project

A
Management

IM
Requirements Subcontractors Project Estimating
and Suppliers Dependencies

Technology
Regulatory Planning
Resources
Complexity Market
T
and Interfaces Controlling
Funding
Customer
L

Performances
and Reliability Weather Prioritization Communication
U

Quality Based on the PMBOK Guide, Fifth Edition

M
 S
Risk Management Plan
Risk Categories

IC
The following may be sources or categories of risk:

T
A
Technical, quality, or performance risks

IM
Project management risks

Organizational risks
T
External risks
L

Internal risks
U

Unforeseeable risks
M
 S
Inputs

IC
1. Risk Management Plan
Key elements of the risk management plan that contribute to

T
the Identify Risks process are the assignments of roles and
responsibilities, provision for risk management activities in

A
the budget and schedule, and categories of risk, which are

IM
sometimes expressed as a risk breakdown structure

2. Cost Management Plan

T
The cost management plan provides processes and controls
that can be used to help identify risks across the project.
L
U
M
 S
Inputs

IC
3. Schedule Management Plan
The schedule management plan provides insight to project

T
time/schedule objectives and expectations which may be
impacted by risks (known and unknown).

A
IM
4. Quality Management Plan
The quality management plan provides a baseline of quality
measures and metrics for use in identifying risks.
T
L
U
M
 S
Inputs

IC
5. Human Resource Management Plan
The human resource management plan provides guidance

T
on how project human resources should be defined, staffed,
managed, and eventually released. It can also contain roles

A
and responsibilities, project organization charts, and the

IM
staffing management plan, which form a key input to identify
risk process. T
6. Scope Baseline
Project assumptions are found in the project scope
L

statement. Uncertainty in project assumptions should be

U

evaluated as potential causes of project risk.

M
 S
Inputs

IC
7. Activity Cost Estimates
Activity cost estimate reviews are useful in identifying risks

T
as they provide a quantitative assessment of the likely cost to
complete scheduled activities and ideally are expressed as a

A
range, with the width of the range indicating the degree(s) of
risk.

IM
8. Activity Duration Estimates
Activity duration estimate reviews are useful in identifying
T
risks related to the time allowances for the activities or
project as a whole, again with the width of the range of such
L

estimates indicating the relative degree(s) of risk.

U
M
 S
Inputs

IC
9. Stakeholder Register
Information about the stakeholders is useful for soliciting

T
inputs to identify risks, as this will ensure that key
stakeholders, especially the stakeholder, sponsor, and

A
customer are interviewed or otherwise participate during the

IM
Identify Risks process.
T
L
U
M
 S
Inputs

IC
10. Project Documents
Project documents provide the project team with information

T
about decisions that help better identify project risks. Project
documents improve cross-team and stakeholder

A
communications and include, but are not limited to :
 Project charter,

IM
 Project schedule,
 Schedule network diagrams,
T
 Issue log,
 Quality checklist, and
L

 Other information proven to be valuable in identifying

U

risks.
M
 S
Inputs

IC
11. Procurement Documents
If the project requires external procurement of resources,

T
procurement documents become a key input to the Identify
Risks process.

A
IM
T
L
U
M
 S
Inputs

IC
12. Enterprise Environmental Factors
Enterprise environmental factors that can influence the

T
Identify Risks process include, but are not limited to :

A
 Published information, including commercial databases,
 Academic studies,

IM
 Published checklists,
 Benchmarking,
T
 Industry studies, and
 Risk attitudes.
L
U
M
 S
Inputs

IC
13. Organizational Process Assets
Organizational process assets that can influence the Identify

T
Risks process include, but are not limited to :

A
 Project files, including actual data,
 Organizational and project process controls,

IM
 Risk statement formats or templates, and
 Lessons learned.
T
L
U
M
 S
Tools & Techniques

IC
1. Documentation Reviews
A structured review of the project documentation may be

T
performed, including plans, assumptions, previous project files,
agreements, and other information.

A
2. Information Gathering Techniques

IM
Examples of information gathering techniques used in
identifying risks can include :
T
 Brainstorming.
 Delphi technique.
L

 Interviewing.
U

 Root cause analysis.

M
 S
Tools & Techniques

IC
3. Checklist Analysis
Risk identification checklists are developed based on

T
historical information and knowledge that has been
accumulated from previous similar projects and from other

A
sources of information.

IM
4. Assumptions Analysis
Every project and its plan is conceived and developed based
T
on a set of hypotheses, scenarios, or assumptions.
L
U
M
 S
Tools & Techniques

IC
5. Diagramming Techniques
Risk diagramming techniques may include :

T
 Cause and effect diagrams.

A
 System or process flow charts.
 Influence diagrams.

6. SWOT Analysis IM
T
This technique examines the project from each of the
strengths, weaknesses, opportunities, and threats (SWOT)
L

perspectives to increase the breadth of identified risks by

U

including internally generated risks.

M
 S
Tools & Techniques

IC
7. Expert Judgment
Risks may be identified directly by experts with relevant

T
experience with similar projects or business areas.

A
IM
T
L
U
M
 S
IC
T
A
Brainstorming

IM
The Delphi technique

Interviewing (or expert interviewing)

T
L

Root cause analysis

U
M
 S
Outputs

IC
1. Risk Register
The primary output from Identify Risks is the initial entry into

T
the risk register. The risk register is a document in which the
results of risk analysis and risk response planning are

A
recorded. The preparation of the risk register begins in the

IM
Identify Risks process with the following information, and
then becomes available to other project management and
risk management processes :
T
 List of identified risks.
L

 List of potential responses.

U
M
 S
Outputs
Risk Register

IC
Use the risk register to document risks and their impact.
Risk Management Matrix (Risk Register)

T
Project Project #
Project manager Sponsor
Project artifacts Updated

A
Trigger

IM
Event/ Date
ID Risk Description Category Indicator Contingency Plan Fallback Plan Owner Status Entered Date to Review

1
T
2
3
4
L
5
6
7
U

8
9
M
 S
Risk Register
Risk Triggers

IC
When a trigger is detected, refer to your risk management
plan to implement a strategy.

T
R isk Management Matrix (Risk Register)
Project Project #

A
Project manager Sponsor
Project artifacts Updated

IM
Trigger
Event/ Date
ID Risk Description Category Indicator Contingency Plan Fallback Plan Owner Status Entered Date to Review

1
T
2
3
4
L
5
6
7
U

8
9
M
11.3 Perform Qualitative

S
Risk Analysis

IC
Perform Qualitative Risk Analysis is the process of prioritizing
risks for further analysis or action by assessing and combining

T
their probability of occurrence and impact.

A
IM
T
L
U
M
 ITTO

S
Perform Qualitative Risk Analysis

IC
INPUT TOOLS AND TECHNIQUE OUTPUT

T
1. Risk management plan 1. Project documents updates
2. Scope baseline

A
3. Risk register 1. Risk probability and impact
4. Enterprise environmental factors assessment
5. Organizational process assets 2. Probability and Impact matrix

IM
3. Risk data quality assessment
4. Risk categorization
5. Risk urgency assessment
6. Expert judgment
T
L
U
M
 Project Risk Management

S
11.1
11.2
Plan Risk
Identify Risks

IC
Management

• Risk • Risk register

5.4 management
Create WBS

T
plan

A
11.3 Project
Perform Documents

IM
Qualitative • Project documents
updates
Risk Analysis
T
Enterprise /
• Enterprise
Organization
L
environmental
factors
• Organizational
U

process assets
M
 S
Inputs

IC
1. Risk Management Plan
Key elements of the risk management plan used in the

T
Perform Qualitative Risk Analysis process include roles and
responsibilities for conducting risk management, budgets,

A
schedule activities for risk management, risk categories,

IM
definitions of probability and impact, the probability and
impact matrix, and revised stakeholders’ risk tolerances.
T
2. Scope Baseline
Projects of a common or recurrent type tend to have more
L

well-understood risks.
U
M
 S
Inputs

IC
3. Risk Register
The risk register contains the information that will be used to

T
assess and prioritize risks.

A
4. Enterprise Environmental Factors

IM
Enterprise environmental factors may provide insight and
context to the risk assessment, such as :
 Industry studies of similar projects by risk specialists, and
T
 Risk databases that may be available from industry or
L

proprietary sources.
U
M
 S
Inputs

IC
5. Organizational Process Assets
The organizational process assets that can influence the

T
Perform Qualitative Risk Analysis process include
information on prior, similar completed projects.

A
IM
T
L
U
M
 S
Tools & Techniques

IC
1. Risk Probability and Impact Assessment
Risk probability assessment investigates the likelihood that

T
each specific risk will occur.

A
2. Probability and Impact Matrix

IM
Risks can be prioritized for further quantitative analysis and
planning risk responses based on their risk rating.
T
L
U
M
 S
Tools & Techniques

IC
3. Risk Data Quality Assessment
Risk data quality assessment is a technique to evaluate the

T
degree to which the data about risks is useful for risk
management.

A
IM
4. Risk Categorization
Risks to the project can be categorized by sources of risk
(e.g., using the RBS), the area of the project affected (e.g.,
T
using the WBS), or other useful categories (e.g., project
phase) to determine the areas of the project most
L

exposed to the effects of uncertainty.

U
M
 S
Tools & Techniques

IC
5. Risk Urgency Assessment
Risks requiring near-term responses may be considered

T
more urgent to address.

A
6. Expert Judgment

IM
Expert judgment is required to assess the probability and
impact of each risk to determine.
T
L
U
M
M
U
L
T
IM
A
T
IC
S
 S
Risk Probability and Impact Assessment
Risk Score

IC
Example A Probability Impact Risk Score

T
Project manager leaves .5 x .9 = .45
Technical lead reassigned .8 .7 .56

A
System connectivity .4 .9 .36
Underestimated task duration .7 .9 .63

IM
Underestimated equipment costs .3 .4 .12

Example B Probability Impact Risk Score

T
Project manager leaves ML x H = MH
Technical lead reassigned H MH H
L
System connectivity ML H MH
Underestimated task duration MH H H
U

Underestimated equipment costs L ML L

M
 S
Tools and Techniques
Probability and Impact Matrix

IC
Probability Threat Risks Opportunity Risks

T
0.90 0.09 0.27 0.45 0.63 0.81 0.81 0.63 0.45 0.27 0.09

A
0.70 0.07 0.21 0.35 0.49 0.63 0.63 0.49 0.35 0.21 0.07

0.50 0.05 0.15 0.25 0.35 0.45 0.45 0.35 0.25 0.15 0.05

IM
0.30 0.03 0.09 0.15 0.21 0.27 0.27 0.21 0.15 0.09 0.03

0.10 0.01 0.03 0.05 0.07 0.09 0.09 0.07 0.05 0.03 0.01
T
Impact 0.1 0.3 0.5 0.7 0.9 0.9 0.7 0.5 0.3 0.1
L
Gray zone threat requires both contingency and fall back plans. Gray zone opportunity should be pursued.
Purple zone threat requires contingency plans. Purple zone opportunity requires at least an
U

enhancement plan.
Blue zone threat may be acceptable. Blue zone opportunity may be acceptable.
M
 S
Outputs

IC
1. Project Documents Updates
Project documents that may be updated include, but are not

T
limited to :

A
 Risk register updates.
 Assumptions log updates.

IM
T
L
U
M
11.4 Perform Quantitative

S
Risk Analysis

IC
Perform Quantitative Risk Analysis is the process of numerically
analyzing the effect of identified risks on overall project

T
objectives.

A
IM
T
L
U
M
 ITTO

S
Perform Quantitative Risk Analysis

IC
INPUT TOOLS AND TECHNIQUE OUTPUT

T
1. Risk management plan 1. Project documents updates
2. Cost management plan

A
3. Schedule management plan 1. Data gathering and
4. Risk register representation techniques
5. Enterprise environmental factors 2. Quantitative risk analysis and

IM
6. Organizational process assets modeling techniques
3. Expert judgment
T
L
U
M
 Project Risk Management

S
11.1
11.2
Plan Risk
Identify Risks

IC
Management
6.1
Plan Schedule • Risk • Risk register
Management management
plan

T
A
7.1 11.4 Project
Plan Cost Perform Documents

IM
Management Quantitative • Project documents
updates
Risk Analysis
T
Enterprise /
• Organizational
Organization
L
process assets
• Enterprise
environmental
U

factors
M
 S
Inputs

IC
1. Risk Management Plan
The risk management plan provides guidelines, methods,

T
and tools to be used in quantitative risk analysis.

A
2. Cost Management Plan

IM
The cost management plan provides guidelines on
establishing and managing risk reserves.
T
L
U
M
 S
Inputs

IC
3. Schedule Management Plan
The schedule management plan provides guidelines on

T
establishing and managing risk reserves.

A
4. Risk Register

IM
The risk register is used as a reference point for performing
quantitative risk analysis.
T
L
U
M
 S
Tools & Techniques

IC
1. Data Gathering and Representation Techniques
 Interviewing.

T
 Probability distributions.

A
2. Quantitative Risk Analysis and Modeling Techniques

IM
 Sensitivity analysis.
 Expected monetary value analysis.
T
 Modeling and simulation.
L
U
M
 S
Tools & Techniques

IC
3. Expert Judgment
Expert judgment (ideally using experts with relevant, recent

T
experience) is required to identify potential cost and
schedule impacts, to evaluate probability, and to define

A
inputs such as probability distributions into the tools.

IM
T
L
U
M
 S
Data Gathering and Representation Techniques
Probability Distributions

IC
Beta Distribution Triangular Distribution

T
P 0.1 P 0.1
r r

A
o o
b b

IM
a a
b b
i i
l l
T
i i
t 0.0 t 0.0
L

y y
Time Time
U
M
 S
Quantitative Risk Analysis and Modeling Techniques
EMV Analysis

IC
T
Event Probability Impact Risk Type EMV

A
1 25% $10,000 Opp. +$2,500

IM
2 75% $22,500 Threat -$16,875

3 55% $86,000 Opp. +$47,300

T
4 20% 30 days Threat -6 days
L
U
M
 S
IC
Decision
Definition Decision Node Chance Node Net Path Value EMV

T
A
IM
T
L
U
M
 S
IC
Decision
Definition Decision Node Chance Node Net Path Value EMV

T
A
IM
T
L
U
M
 S
IC
Decision
Decision Node Chance Node Net Path Value EMV

T
A
IM
T
L
U
M
M
U
L
T
IM
A
T
IC
S
 S
Outputs

IC
1. Project Documents Updates
Project documents are updated with information resulting

T
from quantitative risk analysis. For example, risk
register updates could include :

A
 Probabilistic analysis of the project.

IM
 Probability of achieving cost and time objectives.
 Prioritized list of quantified risks.
T
 Trends in quantitative risk analysis results.
L
U
M
 S
11.5 Plan Risk Responses

IC
Plan Risk Responses is the process of developing options and
actions to enhance opportunities and to reduce threats to project

T
objectives.

A
IM
T
L
U
M
 ITTO

S
Plan Risk Responses

IC
INPUT TOOLS AND TECHNIQUE OUTPUT

T
1. Risk management plan 1. Project management plan updates
2. Risk register 2. Project documents updates

A
1. Strategies for negative risk or
threats
2. Strategies for positive risks or

IM
opportunities
3. Contingent response strategies
4.
T Expert judgment
L
U
M
 Project Risk Management

S
IC
11.1 Project
11.2 Documents
Plan Risk
Identify Risks
Management

T
• Risk register
• Risk

A
management
plan

IM 4.2
T
11.5
Develop Project
Plan Risk Management
• Project management
Responses Plan
L
plan updates
U
M
 S
Inputs

IC
1. Risk Management Plan
Important components of the risk management plan include roles
and responsibilities, risk analysis definitions, timing for reviews

T
(and for eliminating risks from review), and risk thresholds for low,
moderate, and high risks.

A
IM
2. Risk Register
The risk register refers to identified risks, root causes of risks, lists
of potential responses, risk owners, symptoms and warning signs,
T
the relative rating or priority list of project risks, risks requiring
responses in the near term, risks for additional analysis and
L

response, trends in qualitative analysis results, and a watch list,

which is a list of low priority risks within the risk register.
U
M
 S
Tools & Techniques

IC
1. Strategies for Negative Risks or Threats
Three strategies, which typically deal with threats or risks

T
that may have negative impacts on project objectives if they
occur, are: avoid, transfer, and mitigate.

A
IM
2. Strategies for Positive Risks or Opportunities
Three of the four responses are suggested to deal with risks
with potentially positive impacts on project objectives.
T
L
U
M
 S
Tools & Techniques

IC
3. Contingent Response Strategies
Some responses are designed for use only if certain events

T
occur.

A
4. Expert Judgment

IM
Expert judgment is input from knowledgeable parties
pertaining to the actions to be taken on a specific and
defined risk.
T
L
U
M
 S
IC
T
A
IM
T
L

* The two most widely used strategies are mitigate

U

(threats) and enhance (opportunities).

M
 S
Tools and Techniques
Contingency and Fallback Plans

IC
T
Contingency plan or contingent

A
response strategy

IM
Actions taken if an identified risk occurs
or if triggers occur

Fallback plan
T
Developed when the selected risk
strategy is not fully effective or if risk has
L

a high impact
U
M
 S
Outputs

IC
1. Project Management Plan Updates
Elements of the project management plan that may be updated
as a result of carrying out this process include, but are not

T
limited to :

A
 Schedule management plan.
 Cost management plan.

IM
 Quality management plan.
 Procurement management plan.
T
 Human resource management plan.
 Scope baseline.
L

 Schedule baseline.
U

 Cost baseline.
M
 S
Outputs

IC
2. Project Documents Updates
In the Plan Risk Responses process, several project

T
documents are updated as needed.

A
IM
T
L
U
M
 S
11.6 Control Risks

IC
Control Risks is the process of implementing risk response
plans, tracking identified risks, monitoring residual risks,

T
identifying new risks, and evaluating risk process effectiveness
throughout the project.

A
IM
T
L
U
M
 ITTO

S
Control Risks

IC
INPUT TOOLS AND TECHNIQUE OUTPUT

T
1. Project management plan 1. Work performance information
2. Risk register 2. Change requests

A
3. Work performance data 1. Risk reassessment 3. Project management plan updates
4. Work performance reports 2. Risk audits 4. Project documents updates
3. Variance and trend measurement 5. Organizational process assets

IM
4. Reserve analysis updates
5. Meetings
T
L
U
M
 Project Risk Management Project
Documents

S
4.2
Develop Project 11.2
Identify Risks

IC
Management • Project
documents
Plan updates
• Risk register
4.2
4.4 Develop Project

T
Monitor and Management
Control Project Plan
Work

A
11.6
Control Risks 4.5

IM
Perform
• Change requests Integrated
Change Control

4.3
T
Direct and 4.4
Manage Project Monitor and
Work Control Project
L

Work
U

Enterprise /
Organization
M
 S
Inputs

IC
1. Project Management Plan
The project management plan, which includes the risk
management plan, provides guidance for risk monitoring and

T
controlling.

A
2. Risk Register

IM
The risk register has key inputs that include identified risks
and risk owners, agreed-upon risk responses, control actions
for assessing the effectiveness of response plans, risk
T
responses, specific implementation actions, symptoms and
L

warning signs of risk, residual and secondary risks, a watch

list of low-priority risks, and the time and cost contingency
U

reserves.
M
 S
Inputs

IC
3. Work Performance Data
Work performance data related to various performance results

T
possibly impacted by risks includes, but is not limited to :
 Deliverable status,

A
 Schedule progress, and

IM
 Costs incurred.

4. Work Performance Reports

T
Work performance reports take information from performance
measurements and analyze it to provide project work performance
L

information including variance analysis, earned value data, and

forecasting data.
U
M
 S
Tools & Techniques

IC
1. Risk Reassessment
Control Risks often results in identification of new risks,

T
reassessment of current risks, and the closing of risks that
are outdated.

A
IM
2. Risk Audits
Risk audits examine and document the effectiveness of risk
responses in dealing with identified risks and their root
T
causes, as well as the effectiveness of the risk management
process.
L
U
M
 S
Tools & Techniques

IC
3. Variance and Trend Analysis
Many control processes employ variance analysis to

T
compare the planned results to the actual results.

A
4. Technical Performance Measurement

IM
Technical performance measurement compares technical
accomplishments during project execution to the schedule of
technical achievement.
T
L
U
M
 S
Tools & Techniques

IC
5. Reserve Analysis
Throughout execution of the project, some risks may occur

T
with positive or negative impacts on budget or schedule
contingency reserves.

A
IM
6. Meetings
Project risk management should be an agenda item at
periodic status meetings.
T
L
U
M
 S
Outputs

IC
1. Work Performance Information
Work performance information, as a Control Risks output,

T
provides a mechanism to communicate and support project
decision making.

A
IM
2. Change Requests
Implementing contingency plans or workarounds sometimes
results in a change request.
T
L
U
M
 S
Outputs

IC
3. Project Management Plan Updates
If the approved change requests have an effect on the risk

T
management processes, the corresponding component
documents of the project management plan are revised and

A
reissued to reflect the approved changes.

IM
4. Project Documents Updates
Project documents that may be updated as a result of the
T
Control Risk process include, but are not limited to the risk
register.
L
U
M
 S
Outputs

IC
5. Organizational Process Assets Updates
The risk management processes produce information that

T
may be used for future projects, and should be captured in
the organizational process assets.

A
IM
T
L
U
M