Title: Project Risk Management A Preparation Guide for the PMI-RMP Exam
1Project Risk ManagementA Preparation Guide for
the PMI-RMP Exam
- Scott Reynolds MBA, PMP, PMI-RMP
2What is Project Risk Management?
- Project risk management is actively managing the
risks on your project - The goal of risk management is to be more
proactive and less reactive
3What is a Risk?
- A risk is an uncertain event that could have a
positive or negative effect on your project - This means there is a probability between 1-99
that the event could occur - If there is a 0 chance of an event occurring,
there is no risk - (example there is a 0 chance your project will
be adequately funded, this is not a risk, it is a
reality) - If there is a 100 chance of an event occurring,
this would be an issue, not a risk - Risks with negative consequences are called
threats - Risks with positive consequences are called
opportunities (Yes, risk can be good! Stop
thinking of risk as bad, and start thinking of it
in terms of probabilities!)
4Types of Risk
- Risks can be broken out into two primary types
- Pure Risk (hazard) risk with potential loss only
- ex. Fire, theft, personal injury
- Business Risk (speculative risk) risk with
potential loss or gain - ex. A highly skilled employee becomes available
to work on your project, reducing your schedule
time, the tax rate changes, a new server costs
less (or more) than you budgeted for
5Risk Management Processes
- There are six project risk management processes
- Go ahead and learn them now (in order), this is
the only knowledge area in the Project Management
Body of Knowledge (PKBOK) that must be completed
in successive order - Plan Risk Management
- Identify Risks
- Perform Qualitative Analysis
- Perform Quantitative Analysis
- Plan Risk Response
- Monitor Control Risks
6Risk Management Processes
- Risk Planning this is how you plan on
conducting risk management. You wouldnt start
managing your project without a plan, so why
would you approach risk management that way? - Remember Plan the work, and work the plan?
Applies to risk management as well. - Identify Risks this is the phase where you
attempt to identify most of your risks - Qualitative analysis this is a subjective
analysis of your risks that produces a risk
ranking, usually in the order of high, medium,
low, or on an ordinal scale. Rankings are by
agreement of your project team, sponsors and key
stakeholders.
7Risk Management Processes
- Quantitative Analysis a numerical analysis of
the probability and impact of the risk on your
project - Plan Risk Response a course of action you will
take to deal with your risks should they go from
risk to issue - Monitor Control Risks monitoring your lists
(there are two lists which I will discuss later)
of risks to enact a risk response plan, to move a
risk from one list to the other, or to remove a
risk because it is no longer a risk
8Risk Management Planning
- Before you start dealing with risks, you should
first plan on how you will handle risk on your
project - Things to consider when creating your Risk
Management plan - The risk tolerance of your project sponsors and
stakeholders In order to gain buy-in, you need
to create a plan your sponsors can support. It is
not likely they will support a plan that is in
opposition to their agenda or is out of their
comfort zone - The size and value of your project there is a
cost to risk management, you shouldnt spend more
on preventing the risk than the cost of the risk
occurring - The methodology you will use the methodology
you use is not as important as gaining agreement
and buy-in on the methodology chosen - Sources of risk risk categories think of all
possible areas or events that could introduce
risk to your project
9Plan Risk Management
- Inputs to Risk Management Planning
- Enterprise environmental factors company
culture or existing systems the project will have
to deal with or can make use of - Organizational process assets processes,
procedures, and historical information - Project scope statement statement of what the
project shall deliver and what it should not
deliver (if you dont know what the scope of your
project is, can you really identify all areas of
risk?) - Project management plan the guide on how you
will manage your project
10Plan Risk Management
- Inputs to Risk Management Planning
- Cost Management Plan The guide on how you and
your team will control costs on the project to
try to stay within budget - Schedule Management Plan The guide on how you
and your team will manage the schedule of the
project - Communications Management Plan -The guide on who
you need to communicate to, what information, how
it needs to be communicated and how often
11Plan Risk Management
- Outputs of Risk Management Planning
- Risk Management Plan
- - Methodology
- - Roles Responsibilities
- - Budgeting
- - Timing
- - Risk Categories
- - Definitions of risk impact
- - Stakeholder tolerances
- - Reporting formats
- - Tracking
12Identify Risks
- This is the phase where you work with your team
to identify as many risks as possible - Things to remember
- Identify Risks cant be completed without the
project scope statement and Work Breakdown
Structure (WBS) - Identify Risks happens at the onset of the
project and throughout the project - Risks can be identified at any time and during
any phase of the project - Risk management is an iterative process, you
should work to identify risk during any changes
to the project, working with resources, and when
dealing with issues
13Identify Risks
- Techniques to identify risk
- Brainstorming - the free-flow of ideas on risk,
done with the project team, stakeholders, subject
matter experts, and experienced resources - Delphi technique an anonymous surveying of
experts in which information is sent to a group
of experts on the risk. The experts each provide
input, the responses are compiled and then sent
back to all of the experts for further review
the process is repeated until consensus is
reached. - Interviewing interviews of experts, project
stakeholders, or associates who have worked on
similar projects in order to discover risks
14Identify Risks
- Techniques to identify risk
- Root Cause Analysis Determining the cause of
the risk you might be able to identify more
risks this way or you might be able to eliminate
the risk by eliminating the cause - SWOT Analysis An analysis of the strengths,
weaknesses, opportunities and threats on your
project - Checklist Analysis after you have identified
your categories of potential risks on your
project, you create a checklist of these
categories to make sure youre not neglecting any
area where risk can hide
15Identify Risks
- Assumptions Analysis what assumptions have you
made or been given about your project? Are they
valid? If not, you could have risk - Diagramming Techniques diagramming techniques
can show cause and effect. The effect would be
your risk, would it be helpful to know what could
cause that risk? - - Cause--Effect diagram
- - System process flowcharts
- - Influence diagrams
- Whenever possible, deal with the cause, not
the effect
16Risk Factors
- When analyzing your risk, you should be aware of
the following risk factors - The probability the risk will occur
- The range of possible outcomes
- When in the project lifecycle the risk is likely
to occur (the timing) - once the expected timeframe of the risk has
passed and it is no longer a risk, it can be
removed from the risk list - How often the risk is expected to occur on the
project (frequency)
17Identify Risks
- Outputs of Identify Risks
- Risk Register
- - List of risks
- - List of potential responses
- - Root causes of risks
- - Updated risk categories
18Perform Qualitative Risk Analysis
- This is the phase where you rank the risks youve
identified from Identify Risks to come up with a
list of risks you will create plans for dealing
with - Things to remember
- Perform Qualitative Risk Analysis is subjective
- What is the probability of the risk occurring?
High, medium, low? 1-10? - What is the impact if the risk does occur? High,
medium, low? 1-10? What is the financial impact,
are the consequences positive or negative? - the earlier you know about risk, the better
prepared you will - be
19Perform Qualitative Risk Analysis
- Tools and Techniques of Qualitative Analysis
- Probability Impact Matrix a matrix that
creates a consistent evaluation of high, medium,
or low for your projects. This helps to make the
risk rating process more repeatable between
projects. - Risk Data Quality Assessment What is the
quality of the data used to determine or assess
the risk? Think about the following - Extent of the understanding of the risk
- Data available about the risk
- Quality of the data
- Reliability Integrity of the data
20Perform Qualitative Risk Analysis
- Tools and Techniques of Qualitative Analysis
- Risk Categorization Which of your categories
has more risk than others? Which of your work
packages could be most affected by risk? - Risk Urgency Assessment Which of your risks
could occur soon, or require a longer planning
time? Risk urgency assessment helps move these
risks more quickly through the rest of the
project management process - Perform Qualitative Risk Analysis is
subjective
21Perform Qualitative Risk Analysis
- Outputs of Perform Qualitative Risk Analysis
- Risk Register Updates
- Risk ranking for the project compared to other
projects - List of prioritized risks and their probability
and impact ratings - Risks grouped by categories
- List of risks requiring additional analysis in
the near term - List of risks for additional analysis and
response - Watchlist (non-critical risks)
- Trends
22Perform Qualitative Risk Analysis
- Perform Qualitative Risk Analysis can help you
determine the following - Which risks need to move on to Perform
Quantitative Risk Analysis? - Which of your projects should be selected when
compared with other projects? - You have two projects available and you can
only complete one of them, both projects are
projected to have the same benefit, but the
qualitative risk score for one of the projects is
higher than the other, would you want to know
this before you decided which project you would
work on?
23Perform Quantitative Risk Analysis
- This is the phase of risk management where you
conduct a numerical analysis of the probability
and impact of the risks with the highest risk
rating score determined from qualitative analysis - Things to remember
- Quantitative analysis is used to.
- Determine which of your risks should have a
response plan - Determine overall project risk
- Determine the probability of delivering your
project objectives
24Perform Quantitative Risk Analysis
- Things to remember
- Determine cost and schedule reserves
- Identify risks that will require more planning
- Create more realistic and achievable cost,
schedule, or scope goals
25Perform Quantitative Risk Analysis
- Tools and Techniques of Quantitative Analysis
- Sensitivity Analysis Which risks will have the
most impact on the project? - Monte Carlo Analysis A technique that uses
simulation to show the probability of completing
your project on time and within budget. - Determines the overall risk of the project, not
the task - Determines the probability of completing the
project on a specific day and for a specific cost - Takes into account path convergence (places in
the network diagram where many paths converge
into one activity) - Used to evaluate the impact to your schedule and
budget - Due to the complicated mathematical computations
used, Monte Carlo analysis is usually done with a
computer program - Creates a probability distribution triangular,
normal, beta, uniform or lognormal (learn these) - Perform Quantitative Risk Analysis is a
numerical analysis
26Perform Quantitative Risk Analysis
Tools and Techniques of Quantitative
Analysis EMV Expected Monetary Value What is
the probability of the risk occurring multiplied
by the impact if the risk does occur? If the risk
occurs, what could the financial or time loss be
to your project? In the example below, this
project has an EMV of (58,250), this means that
you need to put aside 58,250 in your risk
reserve account for potential risks
27Perform Quantitative Risk Analysis
- Tools and Techniques of Quantitative Analysis
- Decision Tree used for planning on individual
risks instead of planning for the whole project - Takes into account future events to make a
decision today - Can calculate the EMV in more complex situations
- Involves mutual exclusivity
28Perform Quantitative Risk Analysis
29Perform Quantitative Risk Analysis
Decision Tree
It is cheaper to make the units rather than
buying them
30Perform Quantitative Risk Analysis
- Outputs of Perform Quantitative Risk Analysis
- Risk Register Updates
- Prioritized list of quantified risks
- Amount needed for contingency reserves for time
and cost - Confidence levels of completing the project on a
certain date for a certain amount of money - The probability of delivering the project
objectives - Trends - risk management is an iterative
process as you repeat the process you can track
your overall project risk and determine the trend
(if you are decreasing or increasing the level of
risk on your project)
31Plan Risk Response
- This is the phase of risk management where you
decide how you will respond to your most
important risks - Risk Response Strategies
- Threats
- Avoid remove the cause of the risk so that it
never materializes - Mitigate reduce the probability and or impact
of the risk - Transfer transfer the risk to another party
usually done with insurance, performance bonds,
warranties, guarantees or outsourcing the work. - Opportunities
- Exploit make sure the opportunity occurs, you
can add work or make a change to the project - Enhance increase the probability and or
positive impact of the risk - Share share the opportunity with a third party
to be able to take advantage of the opportunity
32Plan Risk Response
- Risk Response Strategies
- For both Threats Opportunities
- Accept
- Active acceptance preparing a contingency
reserve of cost or time reserves in case the risk
does happen - Passive acceptance preparing for the dealing
with the effects of the risk after the risk has
occurred
33Plan Risk Response
- Outputs of Risk Response Planning
- Project Management Plan Updates Changes made
due to risk management will be changes made to
the project and should be updated in the project
management plan - Updates to Risk Register
- Residual Risks risks that are left over after
Plan Risk Response - Contingency Plans plans of action in case the
risk does occur - Risk Response Owners the person on the team
responsible for monitoring the risk, risk
triggers, developing a response strategy, and
implementing the strategy should the risk occur - Secondary Risks new risks that result from the
implementation of the contingency plans for the
primary risks
34Plan Risk Response
- Outputs of Risk Response Planning
- Updates to Risk Register
- Risk Triggers early warning signs that there is
a high probability the risk will occur - Fallback Plans a secondary contingency plan, in
case the contingency plan does not work or is not
effective - Reserves
- Contingency reserves - covers the cost for
known unknowns discovered during risk
management covers the residual risks. The
contingency reserve is calculated and made part
of the baseline. - Management reserves these are estimated and
made part of the project budget, not the
baseline. Management approval is needed to use
the management reserve.
35Monitor and Control Risks
- This is the phase of risk management where you
monitor the risk list for risks that have a
higher probability of affecting your project, and
the risk watchlist for risks that could change
and should either be added to the risk list or
removed from the watchlist - Inputs to Monitor Control Risks
- Risk Management Plan
- Risk Register
- Approved Change Requests
- Work performance information
- - Deliverable status
- - Schedule progress
- - Costs incurred
- Performance reports
36Monitor and Control Risks
- Things to Know
- Workaround a response to a risk that has
occurred when no contingency plan exists - Risk audit a team of experienced project team
members reviews the risk management process and
response strategies to see if youve effectively
identified the major risks on the project and
developed effective strategies for dealing with
them - Risk Reassessment Risk management is iterative,
you should review the risks on your project
throughout the project to update their
qualitative and quantitative values - the earlier you know about risk, the better
prepared you will - be
37Monitor and Control Risks
- Things to Know
- Status meetings status meetings should be used
to identify new risks or changes to existing
risks. This is a great opportunity to discuss
with your team and stakeholders existing risks
and new risks - Reserve analysis has the reserve kept up with
changes to the risk list? Does the reserve still
cover the costs of these risks should they occur? - Closing of risks Risks are expected to happen
during a particular phase of the project. When
that phase has passed and the risk is no longer
probable, the risk should be removed from the
risk list and any reserve associated should be
freed up
38Monitor and Control Risks
- Outputs of Monitor Control Risks
- Updates to Risk Register
- Outcomes of the risk reassessments and risk
audits - Updates to previous parts of risk management
- Closing of risks that are no longer applicable
- Details of what happened when risks occurred
- Lessons learned
- Requested Changes
- Recommended Corrective Preventive Actions
- Updates to the Project Management Plan
- Organizational Process Assets Updates
39Project Risk Management Review
- Plan Risk Management
- Inputs
- Project Scope Statement
- Cost Management Plan
- Schedule Management Plan
- Communications Management Plan
- Enterprise Environmental Factors
- Organizational Process Assets
- Tools Techniques
- Planning Meetings and Analysis
- Output
- Risk Management Plan
40Project Risk Management Review
- Identify Risks
- Inputs
- Risk Management Plan
- Activity Cost Estimates
- Activity Duration Estimates
- Scope Baseline
- Stakeholder Register
- Cost Management Plan
- Schedule Management Plan
- Quality Management Plan
- Project Documents
- Enterprise Environmental Factors
- Organizational Process Assets
41Project Risk Management Review
- Identify Risks
- Tools Techniques
- Documentation Reviews
- Information Gathering Techniques
- Checklist Analysis
- Assumptions Analysis
- Diagramming Techniques
- SWOT Analysis
- Expert Judgment
- Outputs
- Risk Register
42Project Risk Management Review
- Perform Qualitative Risk Analysis
- Inputs
- Risk Register
- Risk Management Plan
- Project Scope Statement
- Organizational Process Assets
- Tools Techniques
- Risk Probability and Impact Assessment
- Probability and Impact Matrix
- Risk Data Quality Assessment
- Risk Categorization
- Risk Urgency Assessment
- Expert Judgment
43Project Risk Management Review
- Perform Qualitative Risk Analysis
- Outputs
- Risk Register Updates
44Project Risk Management Review
- Perform Quantitative Risk Analysis
- Inputs
- Risk Register
- Risk Management Plan
- Cost Management Plan
- Schedule Management Plan
- Organizational Process Assets
- Tools Techniques
- Data Gathering and Representation Techniques
- Quantitative Risk Analysis and Modeling
Techniques - Expert Judgment
- Outputs
- Risk Register Updates
45Project Risk Management Review
- Plan Risk Responses
- Inputs
- Risk Register
- Risk Management Plan
- Tools Techniques
- Strategies for negative risks or threats
- Strategies for positive risks or opportunities
- Contingent Response Strategies
- Expert Judgment
46Project Risk Management Review
- Plan Risk Responses
- Outputs
- Risk Register Updates
- Risk-Related Contract Decisions
- Project Management Plan Updates
- Project Document Updates
47Project Risk Management Review
- Monitor Control Risks
- Inputs
- Risk Register
- Project Management Plan
- Work Performance Information
- Performance Reports
- Tools Techniques
- Risk Reassessment
- Risk Audits
- Variance and Trend Analysis
- Technical Performance Measurement
- Reserve Analysis
- Status Meetings
48Project Risk Management Review
- Monitor Control Risks
- Outputs
- Risk Register Updates
- Organizational Process Assets Updates
- Change Requests
- Project Management Plan Updates
- Project Document Updates
49Project Risk Management
- Other Sources of Information
- A Guide to the Project Management Body of
Knowledge (PMBOK Guide) - PMP Exam Prep Rita Mulcahy
- Project Management A Systems Approach to
Planning, Scheduling, and Controlling Harold
Kerzner - Hot Topics Flashcards for Passing the PMP and
CAPM Exams Rita Mulcahy
50Contact
- Scott Reynolds
- scottdreynolds_at_hotmail.com
- Please send me comments, questions, or anything
else, - Thanks Everyone for your time!