• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/49

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

49 Cards in this Set

  • Front
  • Back
Risk management process
1. Planning: Plan Risk Management
2. Planning: Identify Risks
3. Planning: Perform Qualitative Risk Analysis
4. Planning: Perform Quantitative Risk Analysis
5. Planning: Plan Risk Responses
6. M&C: Control Risks
Definition of risk management
- increase probability/impact of opportunities
- decrease the probability/impact of threats
Threats
- negative event identified in advance that may or may not happen
Opportunities
- positive event identified in advance that may or may not happen
Inputs to risk management
1. Project background information
2. Organizational process assets
3. Enterprise environmental factors
4. Project charter
5. Project management plan
6. Scope baseline
7. Network diagram
8. Time and cost estimates
9. Schedule management plan
10. Cost management plan
11. Communications management plan
12. Quality management plan
13. Human resource management plan
14. Procurement documents
15. Project documents
16. Stakeholder register
17. Risk management plan
18. Risk register
19. Work performance data and reports
Risk register
- output of Identify Risks
- one document where most of the risk info is kept and updated
- part of the project documents
- updated risk register is output of several risk management processes
Risk management plan
- Output of Plan Risk Management
- Includes:
1. Methodology - how risk management will be performed for the project
2. Roles & Responsibilities - Who will do what?
3. Budget - cost of risk management process
4. Timing - When to do risk management for the project
5. Risk categories
6. Definitions of probability and impact (to standardize interpretations)
7. Stakeholder tolerances - to determine impacts should be ranked higher
8. Reporting - what reports will be created for risk management
9. Tracking - How risk process will be documented and audited
Risk response strategies
- also called Risk Mitigation Strategies
- determined during Plan Risk Responses
Avoid
- Risk response strategy for a threat
- Remove the threat/cause by removing the work package, person, or expanding scope of project to prevent and therefore avoid the threat
- appropriate for high priority/high impact risk
Mitigate
- Risk response strategy for a threat
- reduce probability or impact of threat
- appropriate for high priority/high impact risk
Transfer
- Risk response strategy for a threat
- also known as deflect, allocate
- make another party responsible for risk by buying insurance, warranty, or outsourcing the work
- appropriate for low priority/low impact risk
Exploit
- Risk response strategy for an opportunity
- Add work or change the project to make sure the opportunity occurs.
Share
- Risk response strategy for an opportunity
- Allocate ownership/partial ownership to a third party that is best able to achieve the opportunity
Enhance
- Risk response strategy for an opportunity
- increase probability/impact of opportunity
Accept
- Risk response strategy for a threat and opportunity
- "If it happens, it happens."
- Decision to accept a risk must be communicated to stakeholders
- appropriate for low priority/low impact risk
Reserves (contingency and management)
- contingency reserve is for known unknowns, calculated, and become part of the cost baseline
- management reserves is for unknown unknowns and needs management approval to use.
- Contingency reserves are allocated to deal with accepted threats/opportunities after the risk management planning process has been completed
Reserve analysis
- checking to see how much reserve remains and how much might be needed.
- like checking the balance in your bank account
Probability and impact matrix
- T&T used for Perform Qualitative Risk Analysis
- chart for Probability & Impact 1 to 10 along with definitions of what 1 to 10 mean
Expected monetary value
EMV = P x I
if probability is 50% and Impact is $40,000, EMV = $20,000
Contingency plans
- Plans describing actions that will be taken if opportunity or risk occurs
Fallback plans
- Plans describing actions that will be taken if contingency plans are not effective
Watch list
- noncritical risks documented in risk register for later review during Control Risks process
Workarounds
- Part of Control RIsk process
- unplanned responses
- PMs that do not perform risk management spend a lot of their time creating workarounds
Risk owner
- can be a stakeholder other than a team member
- someone who may develop the risk response, who may carry out the risk response, or "own" the risk
Residual risks
- Risks that remain after risk response planning
- These are passively accepted but should be properly documented and reviewed throughout the project to see if their ranking has changed
Secondary risks
- Risks that would be generated as a result of responding to one risk
- For example, outsourcing work to a subcontractor creates secondary risks in them not delivering the work on time.
Risk categories
- same as "sources of risk"
1. External - regulatory, government, environmental, etc.
2. Internal - time, cost, or scope changes; inexperience; people, poor planning, materials, equipment
3. Technical - changes in technology
4. Unforeseeable - only a small portion of risks (about 10%) are actually unforeseeable
Types of risk
- 2 main types of risk classifications:
1. Business risk - risk of a gain or loss
2. Pure (insurable) risk - only a risk of loss (e.g. fire, theft, personal injury, etc.)
Monte Carlo analysis
- T&T used for Perform Quantitative Risk Analysis
- usually done on a computer
- evaluates overall risk in the project
- determines probability based on trials
Sensitivity analysis
- T&T used for Perform Quantitative Risk Analysis
- analyze and compare the potential impacts of identified risks and displayed in a tornado diagram
Common risk management errors
- Risk identification completed without knowing enough of project
- Project risk does not provide specific risks
- Risk identification ends too soon so list is short
- Padding is used instead of a risk management process
- Identify Risks, Qualitative and Quantitative Analysis are all blended together, decreasing the number of total risks identified
- Identified risks are too general and not specific enough
- Risks are actually issues already and not risks
- Whole categories of risk are missed
- Only one method is used to identify risks instead of several
- First risk response strategy is selected without looking at other options
- Risk management not given enough attention
- PMs do not explain risk management process to team during project planning
- Contracts are signed long BEFORE risks to the project are discussed
Risk audit
- performed to assess the overall process of risk management on the project, as well as the specific risk responses.
Risk reassessments
- need to periodically review the risk management plan and risk register and adjust documentation as required.
- good topic for a team meeting
- may identify new risks, additional qualitative/quantitative risk analysis of new and/or previously unidentified risks
Assumptions analysis
- Identify Risk T&T
- analyze the assumptions made for the project and whether they are valid or may lead to more risks
Documentation reviews
- Identify Risk T&T
- review charter, contracts, planning documentation, lessons learned, articles, etc. to identify risks
Information-gathering techniques
- Identify Risk T&T
- also used to collect requirements for the project
1. Brainstorming - one idea helps generate another
2. Delphi technique - working with expert panel back and forth to whittle down choices until one consensual choice
3. Interviewing
4. Root cause analysis
SWOT-analysis
- Identify Risk T&T
Strengths, Weaknesses, Opportunities and Threats
- look at project's strengths and weaknesses in order to identify opportunities & threats
Checklist analysis
- Identify Risk T&T
- look at checklist of risk categories to identify specific risks in each category
Diagramming techniques
- Identify Risk T&T
- cause and effect diagrams and flowcharts from Quality Management tools can be used to analyze the root cause of issues to identify risks.
Risk data quality assessment
- T&T used for Perform Qualitative Risk Analysis
- answers question: "How accurate and well understood is the risk info?"
- may include determining the following for each risk:
1. Extend of the understanding of the risk
2. Data available about the risk
3. Quality of the data
4. Reliability and integrity of the data
Risk urgency assessment
- T&T used for Perform Qualitative Risk Analysis
- determine urgency of risk and its probability/impact rating to determine overall severity of the risk and fast track its management
Risk appetite
- general, high-level description of the acceptable level of risk
- example: "sponsor only accepts little risk to schedule on project"
Risk triggers
- Events that trigger the contingency response (early warning signs)
Risk tolerance
- specific measurable amount of acceptable risk
- example: "sponsor only accepts risk to schedule on project of 14 days"
Risk threshold
- the specific point at which risk becomes unacceptable
- example: "Sponsor will not accept a risk of the schedule being delayed 15 days or longer"
Decision tree
- T&T used for Perform Quantitative Risk Analysis
- takes into account future events in making a decision today (choose your own adventure with steps ahead)
- calculates EMV for each tree choice to see which is best option
Risk averse
- does not want to take risks
Risk factors
1. Probability risk will occur (how likely)
2. Range of possible outcomes (impacts)
3. Expected timing (when)
4. Anticipated frequency (how often)
Closure of risks
- allows team to focus on managing risks that are still
open
- associated risk reserve returned to company