Project Risk Management A Preparation Guide for the PMI-RMP Exam

1
Project Risk ManagementA Preparation Guide for
the PMI-RMP Exam

• Scott Reynolds MBA, PMP, PMI-RMP

2
What is Project Risk Management?

• Project risk management is actively managing the
  risks on your project
• The goal of risk management is to be more
  proactive and less reactive

3
What is a Risk?

• A risk is an uncertain event that could have a
  positive or negative effect on your project
• This means there is a probability between 1-99
  that the event could occur
• If there is a 0 chance of an event occurring,
  there is no risk
• (example there is a 0 chance your project will
  be adequately funded, this is not a risk, it is a
  reality)
• If there is a 100 chance of an event occurring,
  this would be an issue, not a risk
• Risks with negative consequences are called
  threats
• Risks with positive consequences are called
  opportunities (Yes, risk can be good! Stop
  thinking of risk as bad, and start thinking of it
  in terms of probabilities!)

4
Types of Risk

• Risks can be broken out into two primary types
• Pure Risk (hazard) risk with potential loss only
• ex. Fire, theft, personal injury
• Business Risk (speculative risk) risk with
  potential loss or gain
• ex. A highly skilled employee becomes available
  to work on your project, reducing your schedule
  time, the tax rate changes, a new server costs
  less (or more) than you budgeted for

5
Risk Management Processes

• There are six project risk management processes
• Go ahead and learn them now (in order), this is
  the only knowledge area in the Project Management
  Body of Knowledge (PKBOK) that must be completed
  in successive order
• Plan Risk Management
• Identify Risks
• Perform Qualitative Analysis
• Perform Quantitative Analysis
• Plan Risk Response
• Monitor Control Risks

6
Risk Management Processes

• Risk Planning this is how you plan on
  conducting risk management. You wouldnt start
  managing your project without a plan, so why
  would you approach risk management that way?
• Remember Plan the work, and work the plan?
  Applies to risk management as well.
• Identify Risks this is the phase where you
  attempt to identify most of your risks
• Qualitative analysis this is a subjective
  analysis of your risks that produces a risk
  ranking, usually in the order of high, medium,
  low, or on an ordinal scale. Rankings are by
  agreement of your project team, sponsors and key
  stakeholders.

7
Risk Management Processes

• Quantitative Analysis a numerical analysis of
  the probability and impact of the risk on your
  project
• Plan Risk Response a course of action you will
  take to deal with your risks should they go from
  risk to issue
• Monitor Control Risks monitoring your lists
  (there are two lists which I will discuss later)
  of risks to enact a risk response plan, to move a
  risk from one list to the other, or to remove a
  risk because it is no longer a risk

8
Risk Management Planning

• Before you start dealing with risks, you should
  first plan on how you will handle risk on your
  project
• Things to consider when creating your Risk
  Management plan
• The risk tolerance of your project sponsors and
  stakeholders In order to gain buy-in, you need
  to create a plan your sponsors can support. It is
  not likely they will support a plan that is in
  opposition to their agenda or is out of their
  comfort zone
• The size and value of your project there is a
  cost to risk management, you shouldnt spend more
  on preventing the risk than the cost of the risk
  occurring
• The methodology you will use the methodology
  you use is not as important as gaining agreement
  and buy-in on the methodology chosen
• Sources of risk risk categories think of all
  possible areas or events that could introduce
  risk to your project

9
Plan Risk Management

• Inputs to Risk Management Planning
• Enterprise environmental factors company
  culture or existing systems the project will have
  to deal with or can make use of
• Organizational process assets processes,
  procedures, and historical information
• Project scope statement statement of what the
  project shall deliver and what it should not
  deliver (if you dont know what the scope of your
  project is, can you really identify all areas of
  risk?)
• Project management plan the guide on how you
  will manage your project

10
Plan Risk Management

• Inputs to Risk Management Planning
• Cost Management Plan The guide on how you and
  your team will control costs on the project to
  try to stay within budget
• Schedule Management Plan The guide on how you
  and your team will manage the schedule of the
  project
• Communications Management Plan -The guide on who
  you need to communicate to, what information, how
  it needs to be communicated and how often

11
Plan Risk Management

• Outputs of Risk Management Planning
• Risk Management Plan
• - Methodology
• - Roles Responsibilities
• - Budgeting
• - Timing
• - Risk Categories
• - Definitions of risk impact
• - Stakeholder tolerances
• - Reporting formats
• - Tracking

12
Identify Risks

• This is the phase where you work with your team
  to identify as many risks as possible
• Things to remember
• Identify Risks cant be completed without the
  project scope statement and Work Breakdown
  Structure (WBS)
• Identify Risks happens at the onset of the
  project and throughout the project
• Risks can be identified at any time and during
  any phase of the project
• Risk management is an iterative process, you
  should work to identify risk during any changes
  to the project, working with resources, and when
  dealing with issues

13
Identify Risks

• Techniques to identify risk
• Brainstorming - the free-flow of ideas on risk,
  done with the project team, stakeholders, subject
  matter experts, and experienced resources
• Delphi technique an anonymous surveying of
  experts in which information is sent to a group
  of experts on the risk. The experts each provide
  input, the responses are compiled and then sent
  back to all of the experts for further review
  the process is repeated until consensus is
  reached.
• Interviewing interviews of experts, project
  stakeholders, or associates who have worked on
  similar projects in order to discover risks

14
Identify Risks

• Techniques to identify risk
• Root Cause Analysis Determining the cause of
  the risk you might be able to identify more
  risks this way or you might be able to eliminate
  the risk by eliminating the cause
• SWOT Analysis An analysis of the strengths,
  weaknesses, opportunities and threats on your
  project
• Checklist Analysis after you have identified
  your categories of potential risks on your
  project, you create a checklist of these
  categories to make sure youre not neglecting any
  area where risk can hide

15
Identify Risks

• Assumptions Analysis what assumptions have you
  made or been given about your project? Are they
  valid? If not, you could have risk
• Diagramming Techniques diagramming techniques
  can show cause and effect. The effect would be
  your risk, would it be helpful to know what could
  cause that risk?
• - Cause--Effect diagram
• - System process flowcharts
• - Influence diagrams
• Whenever possible, deal with the cause, not
  the effect

16
Risk Factors

• When analyzing your risk, you should be aware of
  the following risk factors
• The probability the risk will occur
• The range of possible outcomes
• When in the project lifecycle the risk is likely
  to occur (the timing)
• once the expected timeframe of the risk has
  passed and it is no longer a risk, it can be
  removed from the risk list
• How often the risk is expected to occur on the
  project (frequency)

17
Identify Risks

• Outputs of Identify Risks
• Risk Register
• - List of risks
• - List of potential responses
• - Root causes of risks
• - Updated risk categories

18
Perform Qualitative Risk Analysis

• This is the phase where you rank the risks youve
  identified from Identify Risks to come up with a
  list of risks you will create plans for dealing
  with
• Things to remember
• Perform Qualitative Risk Analysis is subjective
• What is the probability of the risk occurring?
  High, medium, low? 1-10?
• What is the impact if the risk does occur? High,
  medium, low? 1-10? What is the financial impact,
  are the consequences positive or negative?
• the earlier you know about risk, the better
  prepared you will
• be

19
Perform Qualitative Risk Analysis

• Tools and Techniques of Qualitative Analysis
• Probability Impact Matrix a matrix that
  creates a consistent evaluation of high, medium,
  or low for your projects. This helps to make the
  risk rating process more repeatable between
  projects.
• Risk Data Quality Assessment What is the
  quality of the data used to determine or assess
  the risk? Think about the following
• Extent of the understanding of the risk
• Data available about the risk
• Quality of the data
• Reliability Integrity of the data

20
Perform Qualitative Risk Analysis

• Tools and Techniques of Qualitative Analysis
• Risk Categorization Which of your categories
  has more risk than others? Which of your work
  packages could be most affected by risk?
• Risk Urgency Assessment Which of your risks
  could occur soon, or require a longer planning
  time? Risk urgency assessment helps move these
  risks more quickly through the rest of the
  project management process
• Perform Qualitative Risk Analysis is
  subjective

21
Perform Qualitative Risk Analysis

• Outputs of Perform Qualitative Risk Analysis
• Risk Register Updates
• Risk ranking for the project compared to other
  projects
• List of prioritized risks and their probability
  and impact ratings
• Risks grouped by categories
• List of risks requiring additional analysis in
  the near term
• List of risks for additional analysis and
  response
• Watchlist (non-critical risks)
• Trends

22
Perform Qualitative Risk Analysis

• Perform Qualitative Risk Analysis can help you
  determine the following
• Which risks need to move on to Perform
  Quantitative Risk Analysis?
• Which of your projects should be selected when
  compared with other projects?
• You have two projects available and you can
  only complete one of them, both projects are
  projected to have the same benefit, but the
  qualitative risk score for one of the projects is
  higher than the other, would you want to know
  this before you decided which project you would
  work on?

23
Perform Quantitative Risk Analysis

• This is the phase of risk management where you
  conduct a numerical analysis of the probability
  and impact of the risks with the highest risk
  rating score determined from qualitative analysis
• Things to remember
• Quantitative analysis is used to.
• Determine which of your risks should have a
  response plan
• Determine overall project risk
• Determine the probability of delivering your
  project objectives

24
Perform Quantitative Risk Analysis

• Things to remember
• Determine cost and schedule reserves
• Identify risks that will require more planning
• Create more realistic and achievable cost,
  schedule, or scope goals

25
Perform Quantitative Risk Analysis

• Tools and Techniques of Quantitative Analysis
• Sensitivity Analysis Which risks will have the
  most impact on the project?
• Monte Carlo Analysis A technique that uses
  simulation to show the probability of completing
  your project on time and within budget.
• Determines the overall risk of the project, not
  the task
• Determines the probability of completing the
  project on a specific day and for a specific cost
• Takes into account path convergence (places in
  the network diagram where many paths converge
  into one activity)
• Used to evaluate the impact to your schedule and
  budget
• Due to the complicated mathematical computations
  used, Monte Carlo analysis is usually done with a
  computer program
• Creates a probability distribution triangular,
  normal, beta, uniform or lognormal (learn these)
• Perform Quantitative Risk Analysis is a
  numerical analysis

26
Perform Quantitative Risk Analysis
Tools and Techniques of Quantitative
Analysis EMV Expected Monetary Value What is
the probability of the risk occurring multiplied
by the impact if the risk does occur? If the risk
occurs, what could the financial or time loss be
to your project? In the example below, this
project has an EMV of (58,250), this means that
you need to put aside 58,250 in your risk
reserve account for potential risks
27
Perform Quantitative Risk Analysis

• Tools and Techniques of Quantitative Analysis
• Decision Tree used for planning on individual
  risks instead of planning for the whole project
• Takes into account future events to make a
  decision today
• Can calculate the EMV in more complex situations
• Involves mutual exclusivity

28
Perform Quantitative Risk Analysis
29
Perform Quantitative Risk Analysis
Decision Tree
It is cheaper to make the units rather than
buying them
30
Perform Quantitative Risk Analysis

• Outputs of Perform Quantitative Risk Analysis
• Risk Register Updates
• Prioritized list of quantified risks
• Amount needed for contingency reserves for time
  and cost
• Confidence levels of completing the project on a
  certain date for a certain amount of money
• The probability of delivering the project
  objectives
• Trends - risk management is an iterative
  process as you repeat the process you can track
  your overall project risk and determine the trend
  (if you are decreasing or increasing the level of
  risk on your project)

31
Plan Risk Response

• This is the phase of risk management where you
  decide how you will respond to your most
  important risks
• Risk Response Strategies
• Threats
• Avoid remove the cause of the risk so that it
  never materializes
• Mitigate reduce the probability and or impact
  of the risk
• Transfer transfer the risk to another party
  usually done with insurance, performance bonds,
  warranties, guarantees or outsourcing the work.
• Opportunities
• Exploit make sure the opportunity occurs, you
  can add work or make a change to the project
• Enhance increase the probability and or
  positive impact of the risk
• Share share the opportunity with a third party
  to be able to take advantage of the opportunity

32
Plan Risk Response

• Risk Response Strategies
• For both Threats Opportunities
• Accept
• Active acceptance preparing a contingency
  reserve of cost or time reserves in case the risk
  does happen
• Passive acceptance preparing for the dealing
  with the effects of the risk after the risk has
  occurred

33
Plan Risk Response

• Outputs of Risk Response Planning
• Project Management Plan Updates Changes made
  due to risk management will be changes made to
  the project and should be updated in the project
  management plan
• Updates to Risk Register
• Residual Risks risks that are left over after
  Plan Risk Response
• Contingency Plans plans of action in case the
  risk does occur
• Risk Response Owners the person on the team
  responsible for monitoring the risk, risk
  triggers, developing a response strategy, and
  implementing the strategy should the risk occur
• Secondary Risks new risks that result from the
  implementation of the contingency plans for the
  primary risks

34
Plan Risk Response

• Outputs of Risk Response Planning
• Updates to Risk Register
• Risk Triggers early warning signs that there is
  a high probability the risk will occur
• Fallback Plans a secondary contingency plan, in
  case the contingency plan does not work or is not
  effective
• Reserves
• Contingency reserves - covers the cost for
  known unknowns discovered during risk
  management covers the residual risks. The
  contingency reserve is calculated and made part
  of the baseline.
• Management reserves these are estimated and
  made part of the project budget, not the
  baseline. Management approval is needed to use
  the management reserve.

35
Monitor and Control Risks

• This is the phase of risk management where you
  monitor the risk list for risks that have a
  higher probability of affecting your project, and
  the risk watchlist for risks that could change
  and should either be added to the risk list or
  removed from the watchlist
• Inputs to Monitor Control Risks
• Risk Management Plan
• Risk Register
• Approved Change Requests
• Work performance information
• - Deliverable status
• - Schedule progress
• - Costs incurred
• Performance reports

36
Monitor and Control Risks

• Things to Know
• Workaround a response to a risk that has
  occurred when no contingency plan exists
• Risk audit a team of experienced project team
  members reviews the risk management process and
  response strategies to see if youve effectively
  identified the major risks on the project and
  developed effective strategies for dealing with
  them
• Risk Reassessment Risk management is iterative,
  you should review the risks on your project
  throughout the project to update their
  qualitative and quantitative values
• the earlier you know about risk, the better
  prepared you will
• be

37
Monitor and Control Risks

• Things to Know
• Status meetings status meetings should be used
  to identify new risks or changes to existing
  risks. This is a great opportunity to discuss
  with your team and stakeholders existing risks
  and new risks
• Reserve analysis has the reserve kept up with
  changes to the risk list? Does the reserve still
  cover the costs of these risks should they occur?
• Closing of risks Risks are expected to happen
  during a particular phase of the project. When
  that phase has passed and the risk is no longer
  probable, the risk should be removed from the
  risk list and any reserve associated should be
  freed up

38
Monitor and Control Risks

• Outputs of Monitor Control Risks
• Updates to Risk Register
• Outcomes of the risk reassessments and risk
  audits
• Updates to previous parts of risk management
• Closing of risks that are no longer applicable
• Details of what happened when risks occurred
• Lessons learned
• Requested Changes
• Recommended Corrective Preventive Actions
• Updates to the Project Management Plan
• Organizational Process Assets Updates

39
Project Risk Management Review

• Plan Risk Management
• Inputs
• Project Scope Statement
• Cost Management Plan
• Schedule Management Plan
• Communications Management Plan
• Enterprise Environmental Factors
• Organizational Process Assets
• Tools Techniques
• Planning Meetings and Analysis
• Output
• Risk Management Plan

40
Project Risk Management Review

• Identify Risks
• Inputs
• Risk Management Plan
• Activity Cost Estimates
• Activity Duration Estimates
• Scope Baseline
• Stakeholder Register
• Cost Management Plan
• Schedule Management Plan
• Quality Management Plan
• Project Documents
• Enterprise Environmental Factors
• Organizational Process Assets

41
Project Risk Management Review

• Identify Risks
• Tools Techniques
• Documentation Reviews
• Information Gathering Techniques
• Checklist Analysis
• Assumptions Analysis
• Diagramming Techniques
• SWOT Analysis
• Expert Judgment
• Outputs
• Risk Register

42
Project Risk Management Review

• Perform Qualitative Risk Analysis
• Inputs
• Risk Register
• Risk Management Plan
• Project Scope Statement
• Organizational Process Assets
• Tools Techniques
• Risk Probability and Impact Assessment
• Probability and Impact Matrix
• Risk Data Quality Assessment
• Risk Categorization
• Risk Urgency Assessment
• Expert Judgment

43
Project Risk Management Review

• Perform Qualitative Risk Analysis
• Outputs
• Risk Register Updates

44
Project Risk Management Review

• Perform Quantitative Risk Analysis
• Inputs
• Risk Register
• Risk Management Plan
• Cost Management Plan
• Schedule Management Plan
• Organizational Process Assets
• Tools Techniques
• Data Gathering and Representation Techniques
• Quantitative Risk Analysis and Modeling
  Techniques
• Expert Judgment
• Outputs
• Risk Register Updates

45
Project Risk Management Review

• Plan Risk Responses
• Inputs
• Risk Register
• Risk Management Plan
• Tools Techniques
• Strategies for negative risks or threats
• Strategies for positive risks or opportunities
• Contingent Response Strategies
• Expert Judgment

46
Project Risk Management Review

• Plan Risk Responses
• Outputs
• Risk Register Updates
• Risk-Related Contract Decisions
• Project Management Plan Updates
• Project Document Updates

47
Project Risk Management Review

• Monitor Control Risks
• Inputs
• Risk Register
• Project Management Plan
• Work Performance Information
• Performance Reports
• Tools Techniques
• Risk Reassessment
• Risk Audits
• Variance and Trend Analysis
• Technical Performance Measurement
• Reserve Analysis
• Status Meetings

48
Project Risk Management Review

• Monitor Control Risks
• Outputs
• Risk Register Updates
• Organizational Process Assets Updates
• Change Requests
• Project Management Plan Updates
• Project Document Updates

49
Project Risk Management

• Other Sources of Information
• A Guide to the Project Management Body of
  Knowledge (PMBOK Guide)
• PMP Exam Prep Rita Mulcahy
• Project Management A Systems Approach to
  Planning, Scheduling, and Controlling Harold
  Kerzner
• Hot Topics Flashcards for Passing the PMP and
  CAPM Exams Rita Mulcahy

50
Contact

• Scott Reynolds
• scottdreynolds_at_hotmail.com
• Please send me comments, questions, or anything
  else,
• Thanks Everyone for your time!