2. Project Risk Management
Knowledge
Area
Process
Initiating Planning Executing Monitoring & Contol Closing
Risk
Plan Risk Management
Identify Risk
Perform Qualitative Risk Analysis
Perform Quantitative Risk Analysis
Plan Risk Response
Monitor and Control Risks
Enter phase/
Start project
Exit phase/
End project
Initiating
Processes
Closing
Processes
Planning
Processes
Executing
Processes
Monitoring &
Controlling Processes
3. Project Risk Management
• Risk is an uncertain
event or condition
that, if occurs, has
an effect on at least
one project
objective.
4. – increase the
probability and
impact of positive
events
(opportunities).
– decrease the
probability and
impact of negative
events (threat).
Risk management objectives
5. •address the level of risk a project manager or a key stakeholder is willing
to take when money at stake is compared to the potential payoff.
Risk tolerance
6. Prefers an uncertain outcome and may be willing to pay a penalty to take
a high risk
Risk Seeker
8. Plan Risk Management
• The process of defining how to conduct risk management
activities for a project.
Inputs
1. Project scope statement
2. Cost management plan
3. Schedule management
plan
4. Communication
management plan
5. Enterprise environmental
factors
6. Organizational process
assets
Tools &
Techniques
1. Planning meetings and
analysis
Outputs
1. Risk management plan
9. Planning Meetings and Analysis
- plans for conducting the risk
management activities
- Risk management responsibilities
-templates for risk categories
-definitions of terms such as levels
of risk, and the probability and
impact matrix
10. Risk Management Plan
• Risk management plan describe how risk management will be
structured and performed on the project.
. Methodology (Defines the approaches, tools, and data sources)
• Roles & responsibilities (Defines the lead, support, and risk
management team members)
• Budgeting (Assigns resources, estimates funds needed)
• Timing (when and how often the risk management process )
• Risk categories. (Provides a structure that ensures a comprehensive
process of systematically identifying risks ).
11. Risk Management Plan
-Definition of probability and impact
-Stakeholder tolerances
• Reporting formats how the outcomes of the risk management processes
will be documented, analyzed, and communicated.
• Tracking how risk activities will be recorded and how risk management
processes will be audited.
• Probability and impact matrix (Risks are prioritized according to their
potential implications for having an effect on the project’s objectives.
12. Project Title: Date Prepared:
Methods and Approaches:
Describe the methodology or approach to risk management. Provide information on how each of the
risk management processes will be carried out, including whether quantitative risk analysis will be
performed and under what circumstances.
Tools and Techniques:
Describe the tools, such as a risk breakdown structure, and techniques, such as
interviewing, Delphi technique, etc., that will be used for each process.
Roles and Responsibilities:
Describe the roles and responsibilities for various risk management activities.
Risk Categories:
Identify any categorization groups used to sort and organize risks. These can be used to
sort risks on the risk register or for a risk breakdown structure, if one is used.
Stakeholder Risk Tolerance:
Describe the risk tolerance levels of the organization(s) and key stakeholders on the
project.
Risk management plan
13. Definitions of Probability:
Terms used to
measure probability,
such as Very Low –
Very High, or
.01-1.0.
Describe the ways of measuring probability: the difference between very high and
high probability, etc.. If using a numeric scale, identify the spread between bands of
probability (.05, .1, .2, .4, or .2, .4, .6, .8).
Definitions of Impact by Objective:
Specify terms used
to measure impact,
such as Very Low –
Very High, or
.01-1.0.
Describe the ways of measuring impact on each objectives. Objectives other than the
ones listed here can be used. Define the difference between very high and high
impact on the objective. If using a numeric scale, identify the spread between bands
of impact (.05, .1, .2, .4, or .2, .4, .6, .8). Note that the impacts on individual objectives
may be different if one objective is more important than another.
14. Probability and Impact Matrix:
Risk Management Funding:
Define the funding needed to perform the various risk management activities, such as utilizing expert
advice or transferring risks to a third party.
Contingency Protocols:
Describe the guidelines for establishing, measuring, and allocating both budget contingency and schedule
contingency.
Describe the frequency of conducting formal risk management activities and the timing of any specific
activities.
Frequency and Timing:
Describe how often the risk management process will be audited, which aspects will be audited, and
how discrepancies will be addressed.
Risk Audit Approach
15. Identify Risk
• the process of determining which risks may affect the
project and documenting their characteristics
Inputs
.1 Risk management plan
.2 Activity cost estimates
.3 Activity duration
estimates
.4 Scope baseline
.5 Stakeholder register
.6 Cost management plan
.7 Schedule management
plan
.8 Quality management
plan
.9 Project documents
.10 Enterprise
environmental
factors
.11 Organizational process
assets
Tools &
Techniques
1. Documentation reviews
2. Information gathering
techniques
3. Checklist analysis
4. Assumptions analysis
5. Diagramming
techniques
6. SWOT analysis
7. Expert judgment
Outputs
1. Risk register
16. • Documentation Reviews
-review of project documentation, including
plans, assumptions, previous project files,
contracts, and other information.
-The quality of the plans, as well as consistency
between those plans and the project
requirements and assumptions, can be
indicators of risk in the project.
17. • Information gathering techniques
– Brainstorming
– Delphi technique:
– Interviewing
– Root cause analysis:
19. • .3 Checklist Analysis
- developed based on historical information
- The team should make sure to explore items
that do not appear on the checklist.
- The checklist should be reviewed during
project closure to incorporate new lessons
learned .
20. Diagramming Techniques
• Cause and effect diagrams
useful for identifying causes of risks.
• System or process flow charts.
These show how various elements of
a system interrelate,
and the mechanism of causation
• Influence diagrams. These are
graphical representations of
situations showing causation
influences,
21. Risk Register
List of identified risks.
-the list of identified risks,
-The root causes of those risks
-the fundamental conditions of risks
List of potential responses.
- Potential responses to a risk may
sometimes be identified during
the Identify Risks process.
Include
22. RISK REGISTER
Project Title: Date Prepared:
Risk ID Risk Statement Probability Impact Score Response
Scope Quality Schedule Cost
Description of the risk event or
circumstance.
Likelihood
of
occurrence
Impact on each objective if it does
occur.
Probabili
ty X
impact.
Description of
planned response
strategy to the risk
event.
Revised
Probabil
ity
Revised Impact Revised
Score
Responsible
Party
Actions Status Comments
Scop
e
Quality Schedul
e
Cost
Likelihoo
d after
the
response
strategy.
Revised impact on each
objective after the response
strategy.
Revised
probabili
ty X
impact
Who will follow
through on the
risk and
response.
Actions that need
to be taken to
address the risk.
Open
or
closed.
Any comments that
provide information
about the risk.
23. Perform Qualitative Risk Analysis
• The process of prioritizing risks for further analysis of action by
assessing and combining their probability of occurrence and impact.
Inputs
1. Risk register
2. Risk management plan
3. Project scope statement
4. Organizational process
assets
Tools &
Techniques
1. Risk probability and
impact assessment
2. Probability and impact
matrix
3. Risk data quality
assessment
4. Risk categorization
5. Risk urgency
assessment
6. Expert judgment
Outputs
1. Risk register updates
24. Probability Impact Matrix
• Different matrices can be used for cost, time, scope
• It helps guide risk responses (priority action & response strategies)
25. Risk Data Quality Assessment
A qualitative risk analysis
requires accurate data
. Analysis of the quality of
risk data is a technique to
evaluate the degree to
which the data about risks
are useful for risk
management.
26. Risk Breakdown Structure (RBS)
• Showing risk categorization
• Help to ensure a comprehensive process of systematically
identifying risk to a consistent level of detail
27. Risk Urgency Assessment
-Risks requiring near-term
responses may be considered
more urgent to address.
-the assessment of risk
urgency can be combined
with the risk ranking from the
probability and impact matrix
to give a final risk severity
rating.
28. Risk Register Updates
• Update/add additional information to previous output i.e. Risk
Register, which include:
– Relative ranking/priority
– Risk grouped by categories
– List of risk requiring additional analysis in the near term
– List of risk for additional analysis and response
– Watch-list (non-critical or non-top risks)
– Trends
– Cause of risk requiring particular attention
30. 1-During which stage of Risk planning are risks
prioritized based on probability and -impact?
A-Identify Risks
B-Risk management plan
C-Perform Qualitative risk analysis
D-Perform Quantitative risk analysis
31. 2-Mohamed has joined as the Project Manager of
a project. One of the project documents
available to Mohamed lists down all the risks in
a hierarchical fashion. What is this document
called?
A-Risk Management Plan.
B-List of risks.
C-Risk register
D-Risk Breakdown Structure
32. 3- Project risk management includes all the processes
concerned with conducting risk management planning,
identification, analysis, responses, and monitoring and
control on a project. In this context, all the following
statements about risk are accurate EXCEPT:
A- Risk is an uncertain event or condition
B- Risks have to be identified and properly managed
C- Risk Management should be done throughout the
project
D- Risk has only negative impact on the project objective
33. 4- you have just been assigned as the project
manager for a sizeable engineering project, and you
want to quickly review the projects Procedures for
managing risk . What would be the most helpful in
finding this information?
A- a risk register
B- a risk management plan
C- environment process assets
D- a risk impact matrix