• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/47

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

47 Cards in this Set

  • Front
  • Back
What is the goal of Project Risk Management?
To increase the probability and impact of positive events and decrease the probability and impact of negative events in the project.
What is risk?
1. A risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective (scope, schedule, cost, quality)
2. A risk may have one or more causes, and one or more impacts
3. Risk originates in the uncertainty that is present in all projects
4. Known risk are those that we can identify and analyze, and therefore manage
5. Unknown risks cannot be managed proactively, therefore we must perhaps handle them with contingency plans
6. A risk that has occurred is an issue.
Why Risk Management?
- Required for successful business activity in today's changing environment; risk versus reward
- Projects are launched in response to opportunities
- As opportunities increase, so do associated risks
- Planning tends to be based on the past, whereas risks are always in the future
- Uncertainty must be addressed proactively and consistently to improve the changes of project success
Describe process 11.1 Plan Risk Management
Defines how to conduct risk management activities for a project. Careful and explicit planning enhances the changes of success in the other risk management processes.
It is important to ensure that:
- The level of risk management is commensurate with the risk and importance of the project
- We provide sufficient resources and time for risk management activities
- We have established an agreed-upon basis for evaluating risks.
What are the INPUTS of the process - Plan Risk Management?
1. Project scope statement, provides information on the project and deliverables and helps establish the significance of the risk management effort
2. Cost management plan, defines how risk budgets, contingencies, and management reserves will be reported and accessed
3. Schedule management plan, defines how schedule contingencies will be reported and assessed.
4. Communications management plan, defines interactions and who can provide information on risks and responses
5. Enterprise environmental factors, including risk attitudes and tolerances
6. Organizational process assets, including risk categories, common definitions, risk statement formats, stand templates, roles and responsibilities, authority levels, lessons learned, and stakeholder register
What are the TOOLS AND TECHNIQUES of the process - Plan Risk Management?
1. Planning meetings and analysis, held to develop the risk management plan. Attendees: PM, project team leaders, key stakeholders, organization risk managers, others as needed. Develop high-level plans covering:
- Risk cost elements, schedule activities, risk responsibilities, etc.
- Templates for risk categories, levels of risk, probability by type of risk, impact by type of objectives, probability and impact matrix tailored to the project.
What are the OUTPUTS of the process - Plan Risk Management?
Risk management plan, including:
- Methodology
- Roles and responsibilities
- Budgeting for risk management resources
- Timing of risk management activities
- Risk categories
- Definition of risk probability and impact
- Probability and impact matrix, to assist in prioritizing
- Revised stakeholder tolerances
- Reporting formats for risk management process outputs
- Tracking. Documents how risk activities will be reported, monitored, and audited for the project.
What are some common categories of risk?
1. Technical, quality, or performance risks - such as reliance on unproven or complex technology, unrealistic performance goals, changes to the technology used or to industry standards during the project.
2. Project management risks - Such as poor allocation of time and resources, inadequate quality of the project plan, poor use of project management disciplines
3. Organizational risks - such as cost, time, and scope objectives that are internally inconsistent, lack of prioritization of projects, inadequacy or interruption of funding, and resource conflicts with other projects.
4. External risks - such as shifting legal or regulatory environment, labor issues, subcontractors and suppliers, country risk and weather.
What are some common sources of risk?
- External, but unpredictable (Regulatory, Natural hazards, side effects)
- External predictable, but uncertain (Market risks, Operational, Currency changes, etc)
- Internal, non-technical (Schedule, Cost, Cash flow, etc).
- Technical (Technology changes, Design, Complexity)
- Legal (Licenses, Patent risks, Contractual, etc).
Describe the process - 11.2 Identify Risks.
Risk identification determines which risks might affect the project and documents their characteristics. Potentially done by all project stakeholders.
- Risk identification is an iterative process as project risks evolve during the project
- Use a consistent format for all risks
- Usually leads to the Perform Qualitative Risk Analysis process, but can lead directly to the Perform Quantitative Risk Analysis process.
What are the INPUTS of the process - Identify Risks?
1. Risk management plan, including roles and responsibilities, budget and schedule provisions, and categories of risks
2. Activity cost estimates, to view range of results
3. Activity duration estimates, also with ranges
4. Scope baseline, including assumptions and the WBS
5. Stakeholder register, useful to identify who can provide inputs
6. Cost management plan, provides approach to cost management
7. Schedule management plan, for its schedule management approach
8. Quality management plan, for its impact on risk
9. Project documents, including the assumption log, work performance reports, earned value reports, network diagrams, baseline, and others
10. Enterprise environmental factors, including published information, academic studies, benchmarking, industry studies, and risk attitudes
11. Organization process assets, including project files with actual data, organizational and project process controls, risk statement templates,and lessons learned
What are the TOOLS AND TECHNIQUES of the process - Identify Risks?
1. Documentation reviews: a structured review of project documentation, including plans, assumptions, previous project files, contracts, etc. This is generally the initial step taken by the project team in identifying possible risks. The quality of the documents under review is itself an indication of project risk.
2. Information gathering techniques, including: brainstorming, the Delphi technique, interviewing, and root cause analysis. Goal is to respond to the cause of the risk, so we must determine the cause.
3. Checklist analysis: using checklists developed based on historical information. This can be quick and simple, but might act as a thinking box, so think outside the checklist.
4. Assumptions Analysis: Exploring the validity of assumptions, and consequences if the assumptions are false
5. Diagramming techniques: Cause and effect diagrams, system or process flow charts, and influence diagrams. These techniques were covered earlier.
6. SWOT analysis
- strengths, weaknesses, opportunities, and threats
7. Expert judgement: possibility from risk management departments within the organization.
What are the OUTPUTS of the process - Identify Risks?
Risk register. The results of Identify Risks are typically contained in a document called a risk register. It ultimately contains the outcomes of the other risk management processes as they are conducted. The register is often in the form of a spreadsheet, with columns containing details
- List of identified risks, with root causes
- List of potential responses
Describe the process - 11.3 Perform Qualitative Risk Analysis
Prioritizing the identified risks for further action by addressing and combining these probability of occurrence and impact.
Assess the priority of identified risks using their probability of occurring, the impact on project objectives, factors such as time frame for response and risk tolerance of the project on constraints of cost, schedule, scope, and quality.
A rapid and cost-effective means of establishing priorities for Risk Response Planning that also lays the foundation for Quantitative Risk Analysis.
What are the INPUTS for the process - Perform Qualitative Risk Analysis?
1. Risk register, which has the identified risks
2. Risk management plan, particularly roles and responsibilities, budgets, schedules, risk categories, definitions of probability and impact, probability and impact matrix and risk tolerances.
2. Project scope statement to determine whether this is a normal project for us, or a new type
3. Organizational process assets, including information on prior similar projects, risk specialty studies, and risk databases available from industry or proprietary sources.
What are the TOOLS AND TECHNIQUES of the process - Perform Qualitative Risk Analysis?
1. Risk probability and impact assessment, which investigates the likelihood that each specific risk will occur and the potential effects on a project objective such as time, cost, scope, or quality, including both negative effects for threats and positive effects for opportunities. Assessed in meetings, interviews, or facilitated discussions. Explanatory detail, including assumptions for the levels assigned, is recorded. Ratings are according to the levels defined in the risk management plan.
2. Probability and impact matrix. Risk probability is the likelihood that a risk will occur. Risk impact is the effect on project objectives if the risk event occurs. Using a combination of probability and impact scales, the probability and impact matrix assigns risk ratings to individual risk events. These ratings are typically qualitative in nature.
3. Risk data quality assessment, a technique used to evaluate the degree to which the data about the risk is actually useful in making risk management decisions.
- The extent to which the source of the information understands the risk
- The accuracy, quality, reliability, and integrity of data regarding the risk
4. Risk categorization by source, area of impact, or other category. Grouping by common root causes can lead to effective risk responses
5. Risk urgency assessment, to determine how near-term the risk is to determine how soon we must deal with it.
6. Expert judgement, to assess probability and impact. Expert judgement can be secured using facilitated workshops.
What are the scales of probability and impact?
Probability scale - 0.0 to 1.0 (0% to 100%), or a more qualitative scale such as "very unlikely" to "almost certain"

Impact scale - reflects the severity of the risk's effects on the project objectives (can be an ordinal or cardinal scale)

Determines one overall rating for each risk - the risk score. The risk score helps guide risk responses.
What is the risk probability scale?
1. very low
2. low
3. medium
4. high
5. virtually certain
What is the risk impact scale?
1. very little impact on critical factors of project (time, cost, etc.)
2. minor
3. moderate (workaround solution apparent)
4. moderate (no apparent workaround solution)
5. severe (missions critical degradation)
What are the OUTPUTS of the process - Perform Qualitative Risk Analysis?
Risk register updates, with:
- Relative ranking or priority list of project risks
- Risks grouped by categories to reveal common root causes
- Causes of risk or project area requiring particular attention
- List of risk requiring response in the near-term (urgent risks)
- List of risks for additional analysis and response
- Watch-lists of low priority risks
- Trends in qualitative analysis results, as risk analysis is repeated on the project, a trend may appear making risk response or additional analysis more or less important.
Describe the process 11.4 Perform Quantitative Risk Analysis
The process numerically analyzes the effect of identified risk events on overall project objectives. It is performed on risks that have been prioritized by the Qualitative Risk Analysis process as potentially and substantially impacting the project's completing demands.
Perform quantitative risk analysis may not be required on all projects, dependent on available time and budget. It should be performed again after Plan Risk Responses and during Monitor and Control Risks to determine if project risk has been satisfactorily addressed.
What are the INPUTS of the process - Perform Quantitative Risk Analysis?
1. Risk register
2. Risk management plan
3. Cost management plan, which details with cost
4. Schedule management plan, which deals with project schedule
5. Organization process assets, including information on prior similar completed projects, studies of similar project by risk specialists, and risk databases available from industry of proprietary sources.
What are the TOOLS AND TECHNIQUES of the process - Perform Quantitative Risk Analysis?
1. Data gathering and representation techniques, including:
- interviewing, including three point estimating to obtain ranges of values
- Probability distributions, such as beta distributions and triangular distributions of probability
2. Quantitative risk analysis and modeling techniques, including:
- Sensitivity analysis to determine which risks have the most impact
- Expected monetary value analysis, which determines a value by multiplying each outcome by its probability and adding the results together. This is commonly used in decision tree analysis.
- Modeling and simulation, using a model which translates the specified uncertainties into their potential impact on objectives, iterative simulations are performed using Monte Carlo technique, which is run many times using input values for project variables chosen at random from the probability distributions of the variables. Results will be probability distribution of results.
3. Expert Judgement used to identify potential cost and schedule impacts, to evaluate probability and define inputs to analysis tools. Expert judgement is also used in interpreting the results.
What are the OUTPUTS of the process - Perform Quantitative Risk Analysis?
1. Risk register updates, including:
- Probabilistic analysis of the project, showing results with associated confidence levels.
- Probability of achieving the cost and time objectives
- Prioritized list of quantified risks
- Trends in quantitative risk analysis results, which may lead to conclusions affecting the planned responses.
What is modeling and simulation?
Simulations uses a representation of model of a system to analyze the behavior or performance of the system.
- For a cost risk analysis, a simulation may use the WBS as a model.
- For a schedule risk analysis, the PDM schedule is used.
What is probabilistic analysis of the project?
Forecasts of potential project schedule and costs results listing the possible completion dates or project duration and costs with their associated confidence levels.
What is probability of achieving the cost and time objectives?
The probability of meeting the project objectives with the current plan. It takes into consideration all previous risk analysis and quantifies the probability of the current plan (cost and schedule)
Describe the process - 11.5 Plan Risk Responses
Plan Risk Responses is the process of developing options and determining actions to enhance opportunities and reduce threats to the project's objectives. Risk responses must be appropriate, cost effective, and realistic. Includes identification and assignment of one or more persons (the "risk response owner") to take responsibility for each agreed-to and funded risk response. Project management plan is updated ans necessary to implement responses.
What are the INPUTS of the process - Plan Risk Responses?
1. Risk register, with all information developed so far
2. Risk management plan, including roles and responsibilities, definitions, etc.
What are the TOOLS AND TECHNIQUES of the process - Plan Risk Responses?
Strategy or mix of strategies most likely to be effective should be selected for each risk.
Primary and backup strategies may be s elected.
A fallback plan can be developed if the selection strategy turns out not to be effective, or if an accepted risk occurs.

1. Strategies for negative risks or threats (Avoid, Transfer, Mitigate, Accept)
2. Strategies for positive risks or opportunities (Exploit, Share, Enhance, Accept)
3. Contingent response strategies. Some responses are designed for use only if certain events occur. Involves defining actions to be executed under certain predefined conditions, if it is believed there will be sufficient warning to implement the plan. Events that trigger the contingency responses should be defined and tracked.
4. Expert judgement related ot the actions to be taken
Describe the negative risk strategy Avoid.
Risk avoidance is changing the project plan to eliminate the risk or condition or to protect project objectives from its impact.
Although we can never eliminate all risk events, some specific risks may be avoided.
Describe the negative risk strategy Transfer.
Risk transfer si seeking to shift the consequence of a risk toa third party together with ownership of the response.
Risk transfer does not eliminate the risk, it just transfers responsibility for its management.
Insurance or an insurance-like arrangement such as bonding is often available to deal with some categories of risk.
Procurement, acquiring goods an/or services from outside the immediate project organization, is often an appropriate response to some types of risk.
Describe the negative risk strategy Mitigate.
Mitigation seeks to reduce the probability and/or consequences of an adverse risk event to an acceptable threshold.
Risk probabilities or impacts can often by reduced by changing the planned approach. The more flexibility the project team has, the more valuable mitigation is.
Describe the negative risk strategy Accept.
Indicates that the project management team will not modify the project management plan to deal with a risk, or is unable to come up with a viable response.
Acceptance can be either passive (just wait for the risk to happen), or active (plan now for how to deal with the risk if it happens). These are what contingency reserves are used for.
What is Contingency Allowance?
Most common risk acceptance response is to establish a contingency allowance, or reserve, including amounts of time, money, or resources to account for known risks. The allowance should be determined by the impacts, computed at an acceptable level of risk exposure, for the risks that have been accepted.
What are Contingency Reserves?
A separately planned quantity used to allow for future situations which may be planned for only in part (sometimes called "known unknowns"). For example, rework is certain, the amount of rework is not. Contingency Reserves may involve cost, schedule, or both. Contingency Reserves are intended to reduce the impact of missing cost or schedule objectives. Contingency Reserves are normally included in the project's cost and schedule baseline.
What are Management Reserves?
A separately planned quantity used to allow for future situations which are impossible to predict (sometimes called "unknown unknowns"). Management Reserves may involve cost or schedule. Management Reserves are intended to reduce the risk of missing cost or schedule objectives. Use of Management Reserve requires a change to the project's cost baseline.
Describe the positive risk strategy Exploit.
Organization wishes to ensure that the opportunity is realized by eliminating the uncertainty associated with a particular upside risk by making the opportunity definitely happen. Responses such as.
- Assigning more talented resources
- Provide better quality than originally planned.
Describe the positive risk strategy Share.
Allocating ownership to a third party who is best able to capture the opportunity for the benefit of the project. Responses such as:
- Risk-sharing partnership
- Teams
- Special-purpose companies
- JV
Describe the positive risk strategy Enhance.
Modify the value of an opportunity by increasing probability and/or positive impacts and identifying and maximizing key drivers of these positive-impact risks. Response such as:
- Facilitate the cause of the opportunity
- Proactively target the trigger conditions
- Proactively target the impact drivers
Describe the positive risk strategy Accept.
Accepting an opportunity is being willing to take advantage, but doing nothing to make it happen.
What are the OUTPUTS of the process - Plan Risk Responses?
1. Risk register updates
2. Risk-related contract decisions, such as insurance, services, etc.
3. Project management plan updates, including updates to the schedule management plan, cost management plan, quality management plan, procurement management plan, human resource management plan, the WBS, and the schedule and cost baselines.
4. Project document updates, including the assumption log and technical documentation.
What additional components of the risk register can now be included after Plan Risk Responses?
- Identified risks, their descriptions, the area(s) of the project (e.g. WBS element) affected, their causes, and how they may affect project objectives.
- Risk owners and their assigned responsibilities
- Outputs from the qualitative and quantitative risk analysis
- Agreed upon response strategies
- Specific actions to implement the chosen response strategy
- Triggers, symptoms and warning signs of risks' occurrence
- Budget and schedule activities required to implement the chosen responses
- Contingency plans and triggers
- Fallback plans
- Residual risks expected to be remaining after the strategy is implemented
- Secondary risks that arise due the response
- Contingency reserves calculated based on quantitative analysis and organization's risk thresholds.
Describe the process - 11.6 Monitor and Control Risks
Process of:
- Implementing risk response plans
- Identifying, analyzing , and planning for newly arising risks
- Keeping track of the identified risks and those on the watch list
- Monitoring residual risks
- Evaluating the effectiveness of the risk management process

This process applies techniques such as variance and trend analysis, requiring the use of performance information. Other purposes include determining if:
- Project assumptions are still valid
- Analysis shows a risk has changed or can be retired (closed)
- Risk management policies and procedures are being followed
- Contingency reserves should be adjusted

Can involved:
- Choosing alternative strategies
- Implement contingency plans
- Taking corrective actions
- Modifying the project management plan
Risk response owners report periodically on the effectiveness of the plan, unanticipated effects, and any mid-course corrections needed to handle the risk appropriately.
What are the INPUTS of the process - Monitor and Control Risks?
1. Risk register, listing risks and other information
2. Project management plan, including the risk management plan
3. Work performance information, including deliverable status, schedule progress, and costs incurred
4. Performance reports, including variance analysis, earned value data, and forecasting results.
What are the TOOLS AND TECHNIQUES of the process - Monitor and Control Risks?
1. Risk reassessment, including identifying new risks and closing risks
2. Risk audits, which examine and document the effectiveness of risk management processes
3. Variance and trend analysis, comparing planned and actual
4. Technical performance measurement, which monitors specific, quantifiable measures of technical performance appropriate to the application area of the project.
5. Reserve analysis based on risks that have or have not occurred, to determine if reserves should be adjusted.
6. Status meetings, which should include project risk management as an agenda item to keep some attention focused on risks
What are the OUTPUTS of the process - Monitor and Control Risks?
1. Risk register updates, including outcomes of reassessments, audits, and risk reviews, along with actual outcomes of the risks and responses for historical information purposes
2. Organizational process assets updates, to capture project risk information for future use as well as lessons learned.
3. Change requests to implement contingency plans, or to recommend corrective or preventive actions.
4. Project management plan updates, revised and reissued to reflect approved changes
5. Project document updates, including the same documents that m ay be updated in Plan Risk Response process.