Professional Documents
Culture Documents
1
Objectives
2
Course Overview
3
Course Overview (contd.)
Following are the terms and information related to PMI-RMP® and PMI®:
● PMI®: Project Management Institute
● PMI® is an organization and PMI-RMP® is a certification
● PMI-RMP®: Project Management Institute-Risk Management
Professional
● PMI® conducts PMI-RMP® examinations
● PMI-RMP® certification is valid for 3 years
● PDU: Professional Development Unit
● REP: Registered Education Provider
● PMBOK®: Project Management Body of Knowledge
● PMBOK® is the base text book for most of the PMI® certifications
● The other text book for RMP® exam preparation is Practice Standard
for Project Risk Management
5
Prerequisites for the PMI-RMP® Exam
6
RMP® Credential Process—Timeline
Application Application
Application Certification
Completeness Payment Exam Eligibility Audit Process
Submission Review Cycle
Process
7
About the PMI-RMP® Exam
8
About the PMI-RMP® Exam (contd.)
Exam questions will cover all the five domains of Project Risk Management.
9
PMI-RMP® Exam Syllabus
There are 5 domains and 6 processes in Project Risk Management. The first five processes belong to
the planning process group, and the last process belongs to the monitor and control process group.
Domains Processes
10
Domain 1—Risk Strategy and Planning
Risk Strategy and Planning domain contains activities related to developing policies, processes, and
procedures; risk assessment, planning, and response. The tasks in this domain are the following:
11
Domain 1—Risk Strategy and Planning—Knowledge and Skills
Listed below are the knowledge and skills required in Risk Strategy and Planning domain:
Knowledge Skills
● Continuous process improvement ● Assessing stakeholder risk tolerance
● Knowledge management technique ● Building stakeholder consensus
● Metrics for effective risk process
● Risk attitude concept
● Risk Breakdown Structure
● Risk tolerance concepts
● Barriers to effective risk management
● Risk management ITTOs
● Reserve analysis
● Research and analysis technique
● Basic strategy development
methodologies
12
Domain 2—Stakeholder Engagement
Listed below are the knowledge and skills required in Stakeholder Engagement domain:
Knowledge Skills
● Information resources, both internal, like ● Assessing stakeholder’s risk
organizational process asset, and external, tolerance
like enterprise environmental factors ● Collaborating with stakeholders
● Project performance information ● Managing teams in multicultural
● Stakeholder sensitivity analysis models environments
● Training and coaching techniques ● Influencing change
● Types of stakeholder risk attitudes like risk
seeking, tolerance, and averse
● Group decision-making
● Group creativity like brainstorming, Delphi
technique
14
Domain 3—Risk Process Facilitation
Risk Process Facilitation domain contains activities related to facilitating risk identification, evaluation,
prioritization, and response among project team members.
15
Domain 3—Risk Process Facilitation—Knowledge and Skills
Listed below are the knowledge and skills required in Risk Process Facilitation domain:
Knowledge Skills
● Basic risk identification tools and ● Analytical software tools for Project
techniques Risk Management
● Basic qualitative and quantitative risk ● Managing teams in multicultural
analysis tools and techniques environments
● Risk perception and behavior ● Estimating probability and impact of
● Risk response strategy types identified risks
● Contingency management tools and
techniques
● Risk monitoring and control techniques
● Group decision-making
● Group creativity like brainstorming, Delphi
technique
16
Domain 4—Risk Monitoring and Reporting
Risk Monitoring and Reporting domain contains activities related to monitoring risk, evaluating risk
response against established metrics, and communicating risk response performance to stakeholders
and project team.
The tasks in this domain are the following:
Task: 1 Document and periodically update project risk information.
17
Domain 4—Risk Monitoring and Reporting—Knowledge and Skills
Listed below are the knowledge and skills required in Risk Monitoring and Reporting domain:
Knowledge Skills
● Continuous process improvement and ● No specific skill required
quality management as applied to risk
management
● Knowledge management techniques
● Alternative formats for project risk reports
● Requirements for risk register data fields
● Risk statement construction
● Risk response activity construction
● Risk response metrics
● Risk process performance metrics
● Risk assessment analysis metrics
● Risk management reserves
18
Domain 5—Perform Specialized Risk Analyses
Perform Specialized Risk Analyses domain contains activities related to the specialized qualitative and
quantitative tools and techniques used by Project Risk Management professionals.
19
Domain 5—Perform Specialized Risk Analyses—Knowledge and Skills
Listed below are the knowledge and skills required in Perform Specialized Risk Analyses domain:
Knowledge Skills
● Advanced risk identification tools and ● Converting qualitative information into
techniques risk data
● Advanced quantitative risk analysis tools and ● Building representative risk models
techniques ● Managing and interpreting quantitative
● Tools and techniques for identifying and and qualitative data
analyzing overall project risk
● Basic and advanced statistics
● Estimation tools and techniques to support risk
decision-making
● Advanced theory of heuristics and other
resources
● Variance analysis using earned value method
20
Summary
21
This concludes ‘Introduction to PMI-RMP® Certification Course.’
©©
Copyright
Copyright2014, Simplilearn,AllAll
2014, Simplilearn, rights
rights reserved.
reserved. 22
RMP® Certification Course
Lesson 2—Risk Management Framework
After completing ● Describe the purposes of Practice Standard for Risk Management
this lesson, you will
be able to: ● Define Project Risk Management
2
Purposes of Practice Standard for Risk Management
3
Project Risk—Definition
The Standard for Project Risk Management defines project risk as:
“An uncertain event or condition that, if it occurs, has a positive or a
negative effect on a project’s objectives.”
The negative effect is called threat and the positive effect is called
opportunity.
4
Project Risk Management—Definitions
The Standard for Project Risk Management defines Project Risk Management as follows:
Project Risk Management includes the processes concerned with conducting risk management
planning, identification, analysis, responses, and monitoring and controlling of a project.
The objective is to increase the probability and the impact of positive risks and decrease the
probability and the impact of negative risks.
Exploit
Uncertainty/ Enhance
Probability Positive Opportunity Benefit
Share
Project Risk
Accept
Impact
Avoid
Mitigate
Negative Threat Issue
Transfer
Accept
5
Project Risk Management—Definitions (contd.)
Following are the definitions which are frequently used in the course:
Issue
It is something that is occurring in the present; It is known, and it is being dealt with.
Risk Event
Description of a scenario that may occur if the risk were to materialize (good to capture it in the cause-risk-effect
format).
Risk Trigger
6
Project Risk Management—Definitions (contd.)
Probability
Impact
7
Roles of Project Risk Management
8
Good Risk Management Practices
9
Critical Success Factors
The following image shows the critical success factors for Project Risk Management:
10
Functional Organization
CEO
11
Functional Organization—Advantages and Disadvantages
Advantages Disadvantages
Since the functional organization shows interest in their functional-related activities rather than
project-related activities, the projects which are running under this functional organization may carry
project-related risks like schedule delays due to lack of human resource commitment.
12
Projectized Organization
In a projectized organization, the project manager is in total control of resources and budget.
CEO
13
Projectized Organization—Advantages and Disadvantages
Advantages Disadvantages
14
Matrix Organization
The matrix organizations combine the aspects of functional and projectized structures.
CEO
VP-
VP-Marketing VP-Engineering VP-Projects
Manufacturing
Program
Staff Manager Staff Manager Staff Manager
Manager
15
Matrix Organization—Advantages and Disadvantages
Advantages Disadvantages
Highly visible project objectives Dual reporting structures
Improved control over resources Not cost effective because of extra admin
Better horizontal and vertical dissemination of Functional managers may have different priorities
information than functional organizations than project managers
Team members maintain a home Tougher problems with resource allocation
Maximum utilization of scarce resources Higher potential of conflicts and effort duplication
16
Types of Risk
Types of Risk
18
Quiz
19
QUIZ
Which of the following statements is NOT true about risk events?
1
20
QUIZ
Which of the following statements is NOT true about risk events?
1
21
QUIZ
Which of the following statements is the best answer for known risk?
2
a. Risk is clear
b. Uncertainty on influence is high
c. Risk is known, but impact is not
d. No awareness of risk
22
QUIZ
Which of the following statements is the best answer for known risk?
2
a. Risk is clear
b. Uncertainty on influence is high
c. Risk is known, but impact is not
d. No awareness of risk
Answer: a.
Explanation: In case of a known risk, the risk is clear and there is no uncertainty.
23
QUIZ
What is the definition of impact with respect to risk?
3
24
QUIZ
What is the definition of impact with respect to risk?
3
Answer: b.
Explanation: By definition, the result and consequence of the probability of risk occurring is
called impact.
25
QUIZ
What is the definition of pure risk?
4
26
QUIZ
What is the definition of pure risk?
4
Answer: c.
Explanation: The definition of pure risk is the only possibility of loss like flood, theft, fire,
etc.
27
Summary
Here is a quick ● Purpose of the Practice Standard for Project Risk Management is to provide
recap of what was
a standard for stakeholders that is globally applicable and consistently
covered in this
lesson: applied.
● Project Risk Management includes the processes concerned with
conducting risk management planning, identification, analysis, responses,
and monitoring and controlling of a project.
● Good risk management practice is to keep it consistent, consider enterprise
environmental factors, organizational process assets, and so on.
● The two types of risks are business risks and pure risks.
28
This concludes ‘Risk Management Framework.’
29
RMP® Certification Course
Lesson 3—Principles and Concepts
1
Objectives
2
Individual and Overall Project Risks
3
Stakeholder Risk Attitudes
It is important for a project or a risk manager to understand stakeholders’ risk attitudes. The risk
attitudes of the project stakeholders determine the extent to which an individual risk or overall
project risk matters.
It usually result in a desire for increased certainty in project outcomes and it may express a preference
for one project objective over the other. Understanding stakeholders’ attitudes towards risk is an
important component of risk management planning.
! The priority of the risk depends upon the risk attitudes and tolerance levels of the stakeholders.
4
Stakeholder Risk Attitudes
5
Stakeholder Risk Attitudes (contd.)
6
Stakeholder Risk Attitudes (contd.)
7
Iterative Process
8
Communication
9
Responsibility for Project Risk Management
responsibility.
10
Role of Project Manager
11
Quiz
12
QUIZ A project team is in the process of risk tracking and control. The risk control action
defined by the mitigation and contingency plans is being implemented in accordance
1 with the details of those plans. Who is responsible for implementing these actions?
a. Project manager
b. Project team
c. Risk owner
d. Risk manager
13
QUIZ A project team is in the process of risk tracking and control. The risk control action
defined by the mitigation and contingency plans is being implemented in accordance
1 with the details of those plans. Who is responsible for implementing these actions?
a. Project manager
b. Project team
c. Risk owner
d. Risk manager
Answer: c.
Explanation: A risk owner for a risk is identified during the planning stage of risk
management; and he helps to assess the risk and produce probability and impact
information.
14
You are a project manager in a financial firm. You feel that the financial meltdown in
QUIZ one of the client's countries could affect your project adversely thus you want to hedge
2 your risks. Although, the probability of occurrence of the event is low, you are advised
to play it safe. In terms of risk attitude, your organization could best be described as?
a. Risk seeker
b. Risk averse
c. Risk neutral
d. Risk mitigation
15
You are a project manager in a financial firm. You feel that the financial meltdown in
QUIZ one of the client's countries could affect your project adversely thus you want to hedge
2 your risks. Although, the probability of occurrence of the event is low, you are advised
to play it safe. In terms of risk attitude, your organization could best be described as?
a. Risk seeker
b. Risk averse
c. Risk neutral
d. Risk mitigation
Answer: b.
Explanation: Someone who does not want to take risks is called risk averse and the project
manager in this case seems to be part of such an organization.
16
QUIZ
What is the meaning of iterative process in case of risk management?
3
17
QUIZ
What is the meaning of iterative process in case of risk management?
3
Answer: a.
Explanation: Iterative process in case of risk management means it is repeated throughout
the life cycle of the project based on the milestones or predefined period.
18
QUIZ
The responsibility of Project Risk Management lies with:
4
a. Everyone
b. Project manager
c. Functional manager
d. Project sponsor
19
QUIZ
The responsibility of Project Risk Management lies with:
4
a. Everyone
b. Project manager
c. Functional manager
d. Project sponsor
Answer: a.
Explanation: Project Risk Management is everyone’s responsibility.
20
Summary
Here is a quick ● Individual risk and overall project risk are the two levels of project risk.
recap of what was
● Stakeholder’s risk attitudes may be risk seeker, risk neutral, and risk averse.
covered in this
lesson: ● Risk identification is an iterative process.
● Communication should be effective and honest to meet the needs of
stakeholders and project objectives.
● RACI model can be used to define the roles and responsibility in Project Risk
Management.
● Project Risk Management should be an integral part of all the other project
knowledge areas.
21
This concludes ‘Principles and Concepts of Project Risk Management.’
22
RMP® Certification Course
Lesson 4—Introduction to Project Risk Management Processes
1
Objectives
2
Project Risk Management
Project Risk Management includes the processes of conducting risk management planning,
identification, analysis, response planning, and controlling risk on a project.[1]
3
Project Risk Management and Project Management
The output of the Project Management process can be considered as an input for risk management
and vice versa.
Project Management is an attempt to control the uncertain environment through the use of
structured techniques like estimating, planning, cost control, activity allocation, earned value
analysis, monitoring, and review meetings.
4
Project Risk Management and Project Management (contd.)
5
Project Risk Management Processes
The following are the high level activities carried out in the six Project Risk Management processes:
7
Project Risk Management Processes (contd.)
The working and typical flow of the six Project Risk Management processes is shown below:
Identifying the tailored mechanism for each process; risk thresholds; and process rules.
8
Project Risk Management Processes (contd.)
The working and typical flow of the six Project Risk Management processes is shown below:
Listing down the risks and the risk owners against each risk.
9
Project Risk Management Processes (contd.)
The working and typical flow of the six Project Risk Management processes is shown below:
Analyzing identified risk with respect to the probability, impact, and root causes.
Importance and prioritized lists can be derived by using different tools.
10
Project Risk Management Processes (contd.)
The working and typical flow of the six Project Risk Management processes is shown below:
Using numerical models this process can be effective. Quantitative techniques provide
insights into the combined effect of identified risks on project outcome. Agreed
confidence limits or levels and sensitivity analysis techniques can be used to increase
the effectiveness.
11
Project Risk Management Processes (contd.)
The working and typical flow of the six Project Risk Management processes is shown below:
Finding the response for each risk, based on the opportunity and threat. Identifying
contingency plans, strategies, actions, action owners, timing, analysis, project plan
updates, and communication are also involved in this step.
12
Project Risk Management Processes (contd.)
The working and typical flow of the six Project Risk Management processes is shown below:
Tracking of the risks in terms of its status and trends, and taking actions as appropriate.
This step is also about reporting and trends in risk exposures.
13
Quiz
14
QUIZ What is the typical order in which all the risk management processes should be carried
1 out?
a. Any order
Plan Risk Management, Plan Risk Responses, Identify Risk, Perform
b. Quantitative Risk Analysis, Perform Qualitative Risk Analysis, and Control
Risks
15
QUIZ What is the typical order in which all the risk management processes should be carried
1 out?
a. Any order
b. Plan Risk Management, Plan Risk Responses, Identify Risk, Perform Quantitative Risk
Analysis, Perform Qualitative Risk Analysis, and Control Risks
Plan Risk Management, Identify Risk, Perform Quantitative Risk Analysis, Perform
c. Qualitative Risk Analysis, Plan Risk Responses, and Control Risks
Plan Risk Management, Identify Risk, Perform Qualitative Risk Analysis, Perform
d. Quantitative Risk Analysis, Plan Risk Responses, and Control Risks
Answer: d.
Explanation: The typical order in which all the risk management processes should be carried
are: Plan Risk Management, Identify Risk, Perform Qualitative Risk Analysis, Perform
Quantitative Risk Analysis, Plan Risk Responses, and Control Risks.
16
QUIZ
Which process develops the overall project risk strategy?
2
b. Identify Risk
d. Control Risks
17
QUIZ
Which process develops the overall project risk strategy?
2
b. Identify Risk
d. Control Risks
Answer: a.
Explanation: The strategy for the overall risk management will be developed during Plan
Risk Management process.
18
QUIZ
Which process in the risk management prioritizes the risk?
3
b. Identify Risk
19
QUIZ
Which process in the risk management prioritizes the risk?
3
b. Identify Risk
Answer: d.
Explanation: Perform Qualitative Risk Analysis is used for prioritization or ranking of the
risks.
20
QUIZ
Which process is used to measure the implementation of risk response?
4
b. Identify Risk
c. Control Risks
21
QUIZ
Which process is used to measure the implementation of risk response?
4
b. Identify Risk
c. Control Risks
Answer: c.
Explanation: Control Risk is used to measure and track the implemented risk response.
22
Summary
Here is a quick ● Project Risk Management and Project Management provides an approach
recap of what was
through which uncertainty can be understood, assessed, and managed
covered in this
lesson: within the projects.
● Risk management can be effective by using processes or methodologies
or a set of activities.
● Project Risk Management has six processes: Plan Risk Management, Identify
Risks, Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis,
Plan Risk Responses, and Control Risks.
23
This concludes ‘Introduction to Project Risk Management Processes.’
24
Reference
[1] Based on PMBOK ® Guide—Fifth Edition: Project Risk Management, Page 309.
25
RMP® Certification Course
Lesson 5—Plan Risk Management
Objectives
2
Objectives of Plan Risk Management Process
3
Purposes of Plan Risk Management Process
4
Purposes of Plan Risk Management Process (contd.)
5
Success Criteria
6
Critical Success Factors
Following are the critical success factors for Plan Risk Management process:
Identify and Address Barriers to Successful Project Risk Management +
Involve Project Stakeholders in Project Risk Management +
Comply with the Organization’s Objectives, Policies, and Practices +
7
Critical Success Factors
10
Inputs, Tools and Techniques, and Outputs
Following are the Inputs, Tools and Techniques, and Outputs required to make the Plan Risk
Management process successful:
Inputs Tools and Techniques Outputs
11
Inputs
Project management plan Contains all approved subsidiary plans and baselines. Provides the current state of risk-
affected areas including scope, cost, and schedule.
Provides inputs such as high-level risks, high-level project descriptions, and high-level
Project charter
requirements.
Stakeholder register Contains all details related to the project’s stakeholders, and provides an overview of their
roles.
Enterprise environmental
Factors that influence the risk management plan, including attitudes towards risk and risk
factors
tolerance, and the individuals involved in the project.
Predefined approaches to risk management that include risk categories, common definition
Organizational process
of concepts and terms, risk statement formats, standard templates, roles and
assets
responsibilities, authority levels for decision-making, lessons learned, and stakeholder
registers.
12
Tools and Techniques
According to the Project Management Institute, the tools and techniques for creating a risk
management plan are as follows:
Analytical
Expert Judgment
Meetings
13
Tools and Techniques
Analytical techniques:
● Used to understand risk management context.
Analytical
● Analysis based on stakeholder risk appetite and tolerance.
● Assessment based on strategic risk scoring sheets.
Expert Judgment ● Help in allocation of appropriate resources and focus on risk management
activities.
Meetings
14
Tools and Techniques
15
Tools and Techniques
Participants:
● Project manager;
Analytical
● Selected project team members and stakeholders; and
● Anyone responsible to manage risk planning and execution activities.
16
Output
The output of Plan Risk Management process is the Risk Management Plan document.
Output Description
17
Project Templates
A properly prepared risk management plan should have several supporting templates. These may
include the following:
18
Documenting the Results
Planning is documented in the risk management plan. The key factors are people, tools, and business.
People:
● Attitudes
● Roles and responsibilities, authority, interest, and influence
● Communications
Tools:
● Toolbox
● Definitions
● Parameters
Business:
● Constraints
● Details of business case and scope, effort, and cost aspects
19
Standardized Approach to Risk Management—Example
During a status meeting with a key stakeholder on a project, Susan is asked to detail her team’s
methods with respect to how they have conducted risk management till date. The stakeholder
praises Susan on how her team has consistently been able to apply objective risk management
procedures without becoming biased as the project progressed.
She then invites her to write a standard that will be utilized by other project managers who are not
performing as well. Susan knows that she must clearly document the steps she and the team have
taken before and during the project. She begins by outlining some of the details in the risk plan
that were developed very early in project planning, which her team followed without deviation.
20
Standardized Approach to Risk Management—Example (contd.)
Susan highlights that the plan contained important directions such as the methodology, roles of
each risk SME, risk funds that were identified, common terms and definitions that everyone
agreed to, as well as reporting formats and risk tracking steps. She also points out that the team
determined the risk activities schedule for audits and risk reassessments and integrated them in
the overall project plan.
Susan delivers the risk guidelines to the stakeholders who then distribute them to the other
project managers. Over the next six months, the company’s projects enjoy a more standardized
approach to risk management and fewer avoidable problems are encountered as a result. Susan
also receives an award for her willingness to improve the risk methodology across the company by
capitalizing on her team’s methodology and successes.
21
Risk Management Plan—Components
Risk management
Defines the tools, approaches, and data sources that may be used to perform risk
methodology
management on the project.
Roles, responsibilities, and Defines the lead, support, and risk management team membership for each type of
authority action in the risk management plan.
Definitions of risk probability Scales of risk probabilities and impact are defined in qualitative risk analysis, using
and impact terms such as “very unlikely” to “almost certain” with respective values in numbers
for these terms.
Probability and impact matrix A predefined matrix with risk priority areas is marked, which has the product of
impact value on X axis and the probability value on Y axis.
Revised stakeholder tolerances Revised stakeholder tolerances may need to be updated as a result of the Plan Risk
Management process.
22
Risk Management Plan—Components (contd.)
A budget for project risk management should be established and included in the
Budgeting risk management plan. Budgeting also specifies how the contingency reserve
should be applied.
Defines how often the risk management activities will be performed throughout
Timing
the project lifecycle.
Risk categories Documentation such as a Risk Breakdown Structure (RBS) or categories from
previous projects will help in identifying and organizing risks.
Reporting formats Define how outputs of this process will be documented, analyzed, and
communicated.
23
Probability Scales
24
Impact Scales
● Very Low (0.1): Slippage on noncritical paths, yet the float exists.
● Low (0.3): Noncritical paths have made use of all their float, or an overall increase in schedule by
1% to 5%.
● Medium (0.5): Between 5% and 10% overall schedule increase.
● High (0.7): Between 10% and 20% overall schedule increase.
● Very High (0.9): Greater than 20% overall schedule increase.
25
Probability and Impact Matrix
Very
(0.9)
High
0.07 0.21 0.35 0.49 0.63
(0.7)
High
Impact Scales
Very Low (0.1) Low (0.3) Medium (0.5) High (0.7) Very High (0.9)
Probability Scales
26
Risk Breakdown Structure (RBS)
A hierarchical arrangement of identified risks that help project managers to organize potential sources
of risk to the project.
Level 0 Level 1 Level 2 Level 3
Customer and
Historical experiences culture, contractual, requirement definition, and stability.
stakeholder
Natural
Physical environment, facilities, and local services.
environment
27
Risk Tolerance
The definition of probability and impact scales, and the definition of risk
exposures on the probability and impact matrix are influenced by your
understanding of the risk tolerance of stakeholders.
28
Techniques to Determine Risk Tolerance and Risk Exposure—Example
Jerry recently left a meeting with a project sponsor where he was informed that he will be leading
a new project for his company, Telecom Solutions. His company is a leading provider of cellular site
installation services. So, Jerry wants to ensure that he is well prepared for all aspects of his
upcoming project. He is concerned about how detailed the risk plan and the risk methodology
should be for this project.
He knows that each project has a risk plan tailored specifically to it based on many factors. Jerry
decides to review the project charter which contains high-level risks, summary budget, early
requirements information, and summary milestone schedule.
29
Techniques to Determine Risk Tolerance and Risk Exposure—Example (contd.)
He knows that the complexity of these variables should provide enough information to determine
if limited risk management will be conducted on this project, or if it will be a more involved
undertaking. Jerry then utilizes multiple analytical techniques to determine stakeholder risk
tolerances and the company’s risk exposure for this particular project. At the conclusion of his
analysis, he drafts a risk plan template for team review and comments.
At the next team meeting, Jerry explains and presents the proposed risk plan to the rest of the
team. They all agree that it is a good plan and the team uses it to conduct risk management in an
objective manner during the project life cycle. The team’s ability to remain objective was directly
related to Jerry’s tailored plan approach for this project and his willingness to engage them for
buy-in.
30
Risk Management—Roles and Responsibilities
31
Levels of Uncertainty
The Project Management Institute describes three types of risks based on the understanding of
uncertainty.
Types of Risk
Risks that you know could affect Risks that will affect us, Risks beyond your ability to
you, and for which you can although you cannot predict identify.
roughly predict the nature and how or how much they will
extent of the effect. affect you.
32
Levels of Risk Tolerance
Risk averse Not likely to take a risk that is considered a high risk.
33
Quiz
34
QUIZ You work as a project manager of an organization. Your project has several risks that
will affect several stakeholder requirements. Which project management plan will
1 define who will be available to share information on the project risks?
35
QUIZ You work as a project manager of an organization. Your project has several risks that
will affect several stakeholder requirements. Which project management plan will
1 define who will be available to share information on the project risks?
Answer: c.
Explanation: Communication management plan details about which, what, when, and how
the sharing of information occurs.
36
QUIZ
What is the output of Plan Risk Management process?
2
37
QUIZ
What is the output of Plan Risk Management process?
2
Answer: a.
Explanation: Risk management plan is the output of Plan Risk Management process which
has definitions of tolerance, threshold, probability, impact, etc.
38
You are completing the qualitative risk analysis process with your project team and are
QUIZ relying on the risk management plan to help you determine the budget, schedule for
3 risk management, and risk categories. You discover that the risk categories have not
been created. When should you have the risk categories created?
a. Create WBS
b. Plan risk management
c. Risk identification process
d. Monitor and control risk
39
You are completing the qualitative risk analysis process with your project team and are
QUIZ relying on the risk management plan to help you determine the budget, schedule for
3 risk management, and risk categories. You discover that the risk categories have not
been created. When should you have the risk categories created?
a. Create WBS
b. Plan risk management
c. Risk identification process
d. Monitor and control risk
Answer: b.
Explanation: During the Plan Risk Management process, the risk categories should be
created.
40
QUIZ Which of the following is one of the tools and techniques used in Plan Risk
4 Management process?
a. Analytical techniques
b. Inspection
c. Reserve analysis
d. Checklist analysis
41
QUIZ Which of the following is one of the tools and techniques used in Plan Risk
4 Management process?
a. Analytical techniques
b. Inspection
c. Reserve analysis
d. Checklist analysis
Answer: a.
Explanation: Analytical techniques is one of the tools and techniques used in the Plan Risk
Management process.
42
QUIZ
Which are the key factors used while documenting Plan Risk Management process?
5
43
QUIZ
Which are the key factors used while documenting Plan Risk Management process?
5
Answer: b.
Explanation: Attitudes, tools, and constraints are used, which are part of people, tools, and
business.
44
Summary
Here is a quick ● Risk management plan should define both the normal frequency for
recap of what was
repeating the processes as well as the specific or exceptional conditions.
covered in this
lesson: ● The critical success factors for the Plan Risk Management process are
identifying and addressing barriers, involving project stakeholders in project
risk management, and complying with the organization’s objectives, policies
and practices.
● Risk tolerance refers to the level of risk acceptability of a project manager or
key stakeholder when the investment required for managing the risk is
compared to the potential payoff.
● The three levels of risk tolerance are risk averse, risk seeking, and risk neutral.
45
This concludes ‘Plan Risk Management’
46
RMP® Certification Course
Lesson 6—Identify Risks
1
Objectives
2
Purposes of Identify Risks Process
Recognize identifiable
Recognize all the identifiable risks to project objectives.
risks
Make risk identification Make risk identification process iterative to ensure that the process is not
process iterative only restricted to planning phase.
Identify potential
Identify potential responses at the time when a risk is first identified.
responses
3
Objectives of Identify Risks Process
4
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Multiple
Early identification
perspectives
Explicit
identification of Objectivity
opportunities
5
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Explicit
identification of Objectivity
opportunities
6
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Explicit
identification of Objectivity
opportunities
7
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Explicit
identification of Objectivity
opportunities
8
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Explicit
identification of Objectivity
opportunities
9
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Explicit
identification of Objectivity
opportunities
10
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Emergent Complete risk ● Limiting risk identification to the immediate project team is
identification statement
unlikely to expose some identifiable risks.
Explicit
identification of Objectivity
opportunities
11
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Explicit
identification of Objectivity
opportunities
12
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Emergent Complete risk ● Detailed risk descriptions with description of uncertainty and
identification statement
its cause and effects should be mentioned as early as possible
in the project lifecycle.
Comprehensive Ownership and
identification level of details
Explicit
identification of Objectivity
opportunities
13
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Explicit
identification of Objectivity
opportunities
14
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Multiple Objectivity:
Early identification
perspectives
● Human intervention is susceptible to bias when dealing with
Iterative Risks linked to uncertainty. This occurs as people apply heuristics. This
identification project objectives
sensitivity should be dealt during risk identification process.
Emergent Complete risk ● Sources of bias should be exposed and their effect should be
identification statement
managed proactively.
● The aim is to minimize subjectivity, and allow open and honest
Comprehensive Ownership and
identification level of details identification of as many risks to the project as possible.
Explicit
identification of Objectivity
opportunities
15
Inputs, Tools and Techniques, and Output
Following are the inputs, tools and techniques, and outputs required for Identify Risks process:
Inputs Tools and Techniques Outputs
● Risk management plan ● Documentation reviews ● Risk register
● Scope baseline ● Information-gathering
● Activity cost estimates techniques
● Activity duration estimates ● Checklist analysis
● Stakeholder register ● Assumptions analysis
● Cost management plan ● Diagramming techniques
● Schedule management plan ● SWOT analysis
● Quality management plan ● Expert judgment
● Human resource management plan
● Project documents
● Procurement documents
● Enterprises environmental factors
● Organizational process assets
16
Inputs
Contains a cost management approach specific to the project that helps to generate or
Cost management plan
mitigate risks.
Includes guidelines for handling changes to the schedule, updated risks, and associated
Schedule management plan
response plans.
17
Inputs (contd.)
18
Tools and Techniques
Following are the tools and techniques for Identify Risks process:
Documentation reviews +
Information-gathering techniques +
Checklist analysis +
Assumptions analysis +
Diagramming techniques +
SWOT analysis +
Expert judgment +
19
Tools and Techniques
Following are the tools and techniques for Identify Risks process:
Documentation reviews -
A structured review of the project documentation may be performed including plans, assumptions,
previous project files, agreements, and other information.
Information-gathering techniques +
Checklist analysis +
Assumptions analysis +
Diagramming techniques +
SWOT analysis +
Expert judgment +
20
Tools and Techniques
Following are the tools and techniques for Identify Risks process:
Documentation reviews +
Information-gathering techniques -
These include data collection methods such as brainstorming, Delphi technique, interviewing, and root
cause analysis.
Checklist analysis +
Assumptions analysis +
Diagramming techniques +
SWOT analysis +
Expert judgment +
21
Tools and Techniques
Following are the tools and techniques for Identify Risks process:
Documentation reviews +
Information-gathering techniques +
Checklist analysis -
Checklist analysis is an analysis which is conducted on the basis of historical information, as a
standardized way of identifying risks.
Assumptions analysis +
Diagramming techniques +
SWOT analysis +
Expert judgment +
22
Tools and Techniques
Following are the tools and techniques for Identify Risks process:
Documentation reviews +
Information-gathering techniques +
Checklist analysis +
Assumptions analysis -
Assumptions analysis is used to explore the validity of project assumptions.
Diagramming techniques +
SWOT analysis +
Expert judgment +
23
Tools and Techniques
Following are the tools and techniques for Identify Risks process:
Documentation reviews +
Information-gathering techniques +
Checklist analysis +
Assumptions analysis +
Diagramming techniques -
The diagramming techniques include cause-and-effect diagrams, influence diagrams, and process
flowcharts which helps in identifying the causes of risks.
SWOT analysis +
Expert judgment +
24
Tools and Techniques
Following are the tools and techniques for Identify Risks process:
Documentation reviews +
Information-gathering techniques +
Checklist analysis +
Assumptions analysis +
Diagramming techniques +
SWOT analysis -
The SWOT analysis examines the project from the perspectives of strength, weakness, opportunity, and
threat.
Expert judgment +
25
Tools and Techniques
Following are the tools and techniques for Identify Risks process:
Documentation reviews +
Information-gathering techniques +
Checklist analysis +
Assumptions analysis +
Diagramming techniques +
SWOT analysis +
Expert judgment -
Expert judgment includes the inputs given by subject matter experts or team members who have the
relevant knowledge and experience on similar business areas or projects.
26
Assumption Analysis and Documentation Reviews—Example
Jeremiah has begun looking for risks on his project, which is to a deliver a new product for his
company. In fact, his company has no experience at all in this area but the company’s leadership
thought that the return on investment was worth it.
During initial planning, Jeremiah is concerned with the cost and duration estimates that his team
delivers to him. Since this is a new type of project, and they are inexperienced, he does not want
to leave anything to chance.
He decides to use assumptions analysis and documentation reviews to determine how accurate
the estimates might be. He also interviews subject matter experts on other projects to increase his
confidence level with the estimates.
27
Assumption Analysis and Documentation Reviews—Example (contd.)
At the conclusion of his analysis, he determines that the existing estimates are as accurate as they
could possibly be under the circumstances.
Jeremiah then decides to ask for additional contingency funds to account for the uncertainty and
to protect the project budget. Jeremiah’s use of multiple tools enabled him to determine the
uncertainty of his project estimates and to ask for appropriate funding.
During the life cycle of his project, he was then able to capture more accurate data that he will use
on future projects.
28
Tools and Techniques—Categories
The three categories of tools and techniques required to identify risks are as follows:
● Historical review is based on past occurrence of risks, either in the current project
or other similar projects within the organization, or comparable projects in other
Historical review organizations.
● It relies on careful selection of comparable situations, which are genuinely similar
to the current project, and are filtered to select the only relevant previous risks.
Current assessment
Creativity technique
29
Tools and Techniques—Categories
The three categories of tools and techniques required to identify risks are as follows:
● They rely on current project, analysis against the framework, and models to find
uncertainties.
Historical review ● They do not rely on external reference points, but are based purely on
examination of the project.
● Current assessments are based on present data (documentation reviews,
Current assessments information-gathering techniques, assumption analysis, diagramming technique,
and SWOT analysis).
Creativity technique
30
Tools and Techniques—Categories
The three categories of tools and techniques required to identify risks are as follows:
Creativity technique
31
Tools and Techniques—Facts
Choose checklist (historical review) with assumption analysis (current assessment) and brainstorming
(creativity technique).
32
Other Tools and Techniques
Given below are the other tools and techniques of Identify Risks process.
Checklist, Forms,
Crawford Slip Analogy
and Templates
33
Interview with SMEs
It involves engaging:
● consultants; and
● project team.
34
Interview with Experts Process
1 2 3 4
Introduce the Introduce the Develop the
Define the scope
facilitator interviewees questions
5 6 7 8
Receive the Fill up the register
Send the questions Consolidate the
answers from with the list of
to interviewees responses
interviewees identified risks
35
Brainstorming Technique
Identification of
many risks
Team must be
available
Leads to chaos, if
executed
inadequately
Highly creative
and synergetic
sessions
Encourages
teamwork
36
Brainstorming Process
37
Delphi Technique
A type of interview
with SMEs
The interviews
are
anonymous
Slow and requires
hard work
Used when there are
conflicts or when
brainstorming
is not
Used to get
recommended
comments from
competitors
38
Delphi Technique Process
1 2 3 4
Introduce the Develop the Introduce the
Define the scope
facilitator questions interviewees
5 6 7 8
Distribute the Receive the Consolidate the Redistribute the
questions/survey answers responses questions
9 10
Fill up the register
Consolidate the
with the
final results
identified risks
39
Nominal Group Technique
Individual
brainstorming
Allows a certain
degree of
prioritization
Reduces the chaos
of brainstorming
Mix of individual
and group
participation
Fast and
effective
40
Nominal Group Technique—Process
1 2 3 4
Introduce the
Introduce the
Define the scope participants Schedule the meeting
facilitator
(between 6 and 8)
5 6 7 8
Start the meeting Each participants Facilitator writes
Each participants
and state the rules, creates his/her own down the first risk of
orders his/her risks
time, and process risk list each participant
9 10 11
Facilitator writes Fill up the list of
Consolidate the final identified risks
down the second risk
result (prioritized)
of each participant
41
Crawford Slip Technique
Uses a slip or a
Group consolidation piece of paper
like post-it®
Individual brainstorming
42
Crawford Slip Process
1 2 3 4
Introduce the
Introduce the
Define the scope participants (between Schedule the meeting
facilitator
6 and 8)
5 6 7 8
Start the meeting by Each participants Collect slips and Distribute the list to
stating the rules, time, writes down one risk consolidate the list of the participants for
and number of risks for a minute identified risks final comments
9 10
Consolidate the final Fill up the register
result with identified risks
43
Analogy Technique
Available
information is A reference is needed.
adjusted to suit the
current scenario
44
Analogy—Process
4 5 6
Adapt the lists of
Develop the initial Distribute the list
risks to the current
lists of risks to team members
projects
7 8 9
Team analyzes the Fill up the register
Consolidate the
preliminary list of with the identified
final results
risks risks
45
Checklists, Surveys, and Templates
Checklists, surveys, and templates are some of the commonly used techniques
for identifying risks on the project.
● The critical success factor for these techniques is the availability of data from
within and outside the organization.
● These techniques are based on the concept that no new project has a
complete new set of risks.
● These techniques help to refine the list of risks and they use the risk
breakdown structure, which is usually defined as a part of the risk
management plan.
46
Assumptions Analysis
47
Checklist Analysis
Checklist analysis is the process of systematically evaluating the pre-created checklists and developing
a checklist based on relevant historical information.
48
SWOT Analysis
SWOT analysis is a popular tool which is used for risk identification. In this technique, strengths and
weaknesses that are of internal origin, that is, related to the organization are identified. Also,
opportunities and threats of external origin are identified.
Helpful Harmful
to achieve the to achieve the
objective objective
(attributes of the
Internal origin
S W
organization)
Strengths Weaknesses
(attributes of the
External origin
environment)
O T
Opportunities Threats
49
Cause-and-Effect Diagram
Overworked Noise
50
Root Cause Analysis—Example
The ABC Company has identified a problem during a recent program review. Management realizes
that the same types of risk events are occurring on almost every project and they cannot seem to
understand the reason.
So, they hire an outside risk consultant, who sets out to investigate the matter. The consultant
begins by looking at historical documentation on projects that have been performed over the last
three years.
During the review of project documents, the consultant begins to discover that, most risks are
related to human resources and scope. The consultant then employs multiple diagramming
techniques to assign each risk area to common root causes. It is then evident that Pareto’s Law is
clearly defined with the results.
51
Root Cause Analysis—Example (contd.)
Pareto’s Law generally states that the smallest number of causes will result in the largest number
of problems. By working in reverse from effect to cause, the consultant is able to pinpoint which
root causes are to blame for the majority of the risks within this company.
There is a lack of training for the employees, too many understaffed activities during execution and
poor requirements documentation.
By using root cause analysis, and understanding Pareto’s Law, the consultant was able to track
down the root causes and report it back to the company with his recommendations. The ABC
company then utilizes the results to begin correcting the problem.
52
Output
Output Description
The risk register contains the list of identified risks and potential responses. When
complete, the risk register will ultimately contain the outcomes of the other risk
Risk register management processes, including the results of the qualitative risk analysis,
quantitative risk analysis, and risk response planning. It also includes risk actions, risk
statuses, and names of risk owners.
53
Prompt Lists
A prompt list refers to several risk categories that may be presented as a RBS and used when
identifying risks in a project.
Prompt lists include the following:
The PESTLE prompt list is The TECOP prompt list is The SPECTRUM prompt list is
determined by political, determined by technical, determined by socio-cultural,
economical, social, technological,
undertaking the project environmental, commercial, political, economic, competitive,
ascertaining the costs and benefits of
legal, and environmental factors. operational, and political factors. technological, regulatory or legal,
uncertainty or risk, and market
factors.
54
Risk Categories
The best practices in the Identify Risks process include the use of structured risk descriptions which
can ensure clarity. Risk meta-language offers a useful way of finding the causes and effects of a risk.
Meta-language describes each risk using three-part statements in the following forms:
Cause
(Fact or condition)
Risk
(Uncertainty)
Effect
(Possible result)
56
Historical Documentation
57
Documenting the Results
58
Quiz
59
QUIZ
What is the output of Identify Risks process?
1
a. Risk register
b. Risk register updates
c. Change requests
d. Project document updates
60
QUIZ
What is the output of Identify Risks process?
1
a. Risk register
b. Risk register updates
c. Change requests
d. Project document updates
Answer: a.
Explanation: Risk register is the output of Identify Risks process.
61
QUIZ Which risk identification technique allows participants to identify the project risks in an
2 anonymous manner?
a. Influence diagrams
b. Assumptions analysis
c. Surveys
d. Delphi technique
62
QUIZ Which risk identification technique allows participants to identify the project risks in an
2 anonymous manner?
a. Influence diagrams
b. Assumptions analysis
c. Surveys
d. Delphi technique
Answer: d.
Explanation: In case of Delphi Technique, risk from the stakeholders will be identified
anonymously or secretly.
63
A project manager working on a construction project identifies a risk of a heavy storm
QUIZ in the coming months which might affect the construction activity. However, he doesn't
3 have any reliable information on the weather forecast or the severity of the storm. In
this case, what best can the project manager do?
64
A project manager working on a construction project identifies a risk of a heavy storm
QUIZ in the coming months which might affect the construction activity. However, he doesn't
3 have any reliable information on the weather forecast or the severity of the storm. In
this case, what best can the project manager do?
Answer: c.
Explanation: The best option is to actively accept the risk but plan a contingency reserve in
terms of cost and time in case the risk occurs.
65
QUIZ
What is PESTLE?
4
66
QUIZ
What is PESTLE?
4
67
A project manager is determining which risk can affect the project. Which of the
QUIZ following inputs of the Identify Risks process is useful in recognizing risks associated to
5 the time allowances for the activities or projects as a whole, with a width of the range
indicating the degrees of risk?
68
A project manager is determining which risk can affect the project. Which of the
QUIZ following inputs of the Identify Risks process is useful in recognizing risks associated to
5 the time allowances for the activities or projects as a whole, with a width of the range
indicating the degrees of risk?
Answer: a.
Explanation: Activity duration estimate will be used as an input to identify risk associated
with timeline at activity level.
69
QUIZ Suppose you are doing the SWOT analysis for your project. Which process of risk
6 management are you working on?
70
QUIZ Suppose you are doing the SWOT analysis for your project. Which process of risk
6 management are you working on?
Answer: c.
Explanation: SWOT analysis is one of the tools and techniques used in the Identify Risks
process.
71
Summary
Here is a quick ● The objectives of Identify Risks process are identify risks, document risks,
recap of what was and categorize risks.
covered in this ● The critical success factors for Identify Risks process are early identification,
lesson:
multiple perspective, iterative identification, risks linked to project
objectives, emergent identification, complete risk statement,
comprehensive identification, ownership and level of details, explicit
identification of opportunities, and objectivity.
● The three categories of tools and techniques of Identify Risks process are
historical review, current assessments, and creativity technique.
● The best practices in Identify Risks process include the use of structured risk
descriptions which can ensure clarity.
● Recording is one of the important activities, which helps in capturing all the
relevant information on each identified risk.
72
This concludes ‘Identify Risks.’
73
RMP® Certification Course
Lesson 7—Perform Qualitative Risk Analysis
1
Objectives
2
Purposes and Objectives
3
Critical Success Factors
Following are the critical success factors for qualitative risk analysis:
Iterative
High-Quality
Information
Agreed-Upon Definitions
Agreed-Upon Approach
4
Use Agreed-Upon Approach
An agreed-upon approach applies to all the identified risks in any project. All risks may be assessed
according to the probability of occurrence and impact on individual objectives.
Other factors to be considered are as follows:
● Urgency (proximity): Implies that risks that need near-term responses may be considered as urgent
to deal with. Indicators of urgency can include lead time to execute a risk response and clarity of
symptoms and warning signs (detectability).
● Manageability: Implies that some risks are not manageable and if you try to address those, it may
be a waste of time and resources.
● Impact external to the project: The importance of a risk may be increased if it affects the
enterprise beyond the project.
5
Use Agreed-Upon Definitions of Risk Terms
6
Collect High-Quality Information on Risks
7
Perform Iterative Qualitative Risk Analysis
8
Inputs, Tools and Techniques, and Outputs
Following is the list of the inputs, tools and techniques, and outputs of Perform Qualitative Risk
Analysis process:
Inputs Tools and Techniques Outputs
9
Inputs
Input Description
10
Tools and Techniques
Following are the tools and techniques required to Perform Qualitative Risk Analysis:
Risk probability and impact assessment +
Probability and impact matrix +
Risk data quality assessment +
Risk categorization +
Risk urgency assessment +
Expert judgment +
11
Tools and Techniques
Risk categorization +
Risk urgency assessment +
Expert judgment +
14
Tools and Techniques
Expert judgment +
16
Tools and Techniques
17
Tools and Techniques—Characteristics
The tools and techniques used for qualitative risk analysis include risk probability
and impact assessment; and probability and impact matrix.
● Collect and analyze data (For example: Risk quality assessment and expert
judgment).
● Prioritize risks by probability and impact on specific objectives and overall
project (For example: Risk urgency assessment).
● Categorize risk causes (Risk categorization).
● Document the results of the Perform Qualitative Risk Analysis process.
A project manager has to make sure that the data obtained of the risk is unbiased,
accurate, and of high quality. Also, as a part of qualitative risk analysis, it is
. important to identify the urgency of the risk
18
Risk Probability and Impact Assessment—Example
During qualitative risk analysis, Steven, a risk SME, is concerned with the probability and impact scores
that the project team determined for a project he is assigned to. The team had previously agreed that the
majority would determine the probability and impact.
This is to remove group thinking and bias in any area during early risk analysis. After the first round of
analysis, and after reviewing the results, Steven is concerned about the validity of the team’s conclusions.
Reluctant to sign off on results he does not believe are accurate he decided to assess the data quality of
the available information that was used to assign probability and impact to each risk.
19
Risk Probability and Impact Assessment—Example (contd.)
During assessment Steven decides that the data is not good enough to accurately draw conclusions about
the majority of risks. After gathering additional information from industry sources Steven provides more
accurate data to the team, who then conducts a probability and impact assessment again.
Armed with better data, the qualities of the individual risks reflect a previously unforeseen category of
risks that are now near term and require immediate attentions. If Steven had not sought a better quality
of data to support the team’s conclusions they would not have identified the unforeseen risk category.
The team then reacts appropriately by performing further analysis and assigning action plans for the risks
in case they occur.
20
Root Cause Analysis
Incorrect Incomplete
Reports Requirements
Ignoring Phase
Entry Prerequisites
Figure D8. Example of a Root Cause Analysis
21
Estimating Techniques
22
Historical Documentation
Analytical Hierarchy Process (AHP) is a tool used to determine the preferences for achieving the
project objectives.
Input Matrix (Preference Factors)
24
Risk Urgency Assessment
Risk urgency appears in two forms. First, the risks which are near-term and must be addressed
immediately. The second type of urgency concerns the time required to plan for a risk.
25
Perform Qualitative Risk Analysis Process
The steps involved in the Perform Qualitative Risk Analysis process are shown below:
Prioritize Risks
Document Results
26
Select Risk Characteristics
27
Collect and Analyze Data
28
Prioritize Risks by Probability and Impact on Specific Objectives
Risks will have uneven impact and probability of occurrence on various project objectives.
These tools help in the prioritization of risks in terms of affected specific project objectives like time,
cost, quality, etc.
29
Prioritize Risks by Probability and Impact on Overall Project
The reason to prioritize risks by probability and impact based on specific and overall project
perspective is to have better communication and convey the right information to the right people
based on their interest.
The technique for determining the overall risk priority should be documented in the Plan Risk
Management process.
30
Categorize Risk Causes
31
Document the Results
32
Perform Qualitative Risk Analysis Process—Example
Samuel is a risk analyst for a new startup company that specializes in software products for a variety of
industries. Samuel has recently begun qualitative analysis after identifying several hundred risks for a
medium sized project.
While assigning a probability and impact score to each risk Samuel begins to notice a trend by having
many high scores in one particular area. After completing analysis he ranks the risks accordingly from
greatest to least and confirms his previous suspicion about a category of risks. His conclusion is that the
majority of his risks are largely related to human resources, and specifically focused on training.
33
Perform Qualitative Risk Analysis Process—Example (contd.)
He checks the risk breakdown structure and updates it with this new sub-category. He also reviews the
scope baseline to determine which work packages contain the greatest concentrations of human resource
requirements in order to complete them.
He then assesses the quality of these particular areas as having a high risk quality to the project, and
prepares to quantify the impact to the overall project. By grouping risks together Samuel was able to see
the big picture and determine where high concentrations of risks might occur, as well as confirm these
areas require quantitative analysis.
34
Output
Output Description
The project documents updates include risk register updates and assumptions log
updates.
Updates to the risk register include new information based on qualitative risk analysis of
Project documents updates individual risks like probability, impact, ranking, urgency, as well as categorization; and
watch list for high-priority and low-priority risks respectively.
Assumptions log updates are required if there is any change in the assumptions due to
analysis. This may be updated in a project scope statement.
35
Quiz
36
You are the project manager for a software project. You have completed the risk response
QUIZ planning with your team and are now ready to update the risk register with probability and
1 impact on different project objectives. Which of the following statements best describes the
level of detail you should include with the risk responses created?
37
You are the project manager for a software project. You have completed the risk response
QUIZ planning with your team and are now ready to update the risk register with probability and
1 impact on different project objectives. Which of the following statements best describes the
level of detail you should include with the risk responses created?
Answer: b.
Explanation: The level of detail should correspond with the priority ranking. Prioritization
helps in taking actions by comparing the different project objectives.
38
QUIZ
What is the output of Perform Qualitative Risk Analysis process?
2
a. Risk register
b. Organizational process asset updates
c. Project documents updates
d. Enterprise environmental factors updates
39
QUIZ
What is the output of Perform Qualitative Risk Analysis process?
2
a. Risk register
b. Organizational process asset updates
c. Project documents updates
d. Enterprise environmental factors updates
Answer: c.
Explanation: Project documents updates is the output, which updates the ranking of the
identified risks in the risk register.
40
You are the project manager of an organization. You are working with your project team
QUIZ to complete the qualitative risk analysis process. The first tool and technique you are
3 using requires that you assess the probability of each identified risk in the project.
Which other characteristic of a risk do you need to assess?
a. Impact
b. Cost
c. Risk category
d. Risk owner
41
You are the project manager of an organization. You are working with your project team
QUIZ to complete the qualitative risk analysis process. The first tool and technique you are
3 using requires that you assess the probability of each identified risk in the project.
Which other characteristic of a risk do you need to assess?
a. Impact
b. Cost
c. Risk category
d. Risk owner
Answer: a.
Explanation: To find the urgency of the risk, you need to know its probability and impact.
The qualitative risk analysis process uses the probability and impact matrix as one of its
tools and techniques.
42
You are the manager of a project in your organization. You are assessing the risk events
QUIZ and creating a probability and impact matrix for the identified risks. Which one of the
4 following statements best describes the requirements for the data type used in
qualitative risk analysis?
a. A qualitative risk analysis requires fast and simple data to complete the
analysis
b. A qualitative risk analysis requires accurate and unbiased data if it is to
be credible
c. A qualitative risk analysis encourages biased data to reveal risk
tolerances
d. A qualitative risk analysis requires unbiased stakeholders with biased risk
tolerances
43
You are the manager of a project in your organization. You are assessing the risk events
QUIZ and creating a probability and impact matrix for the identified risks. Which one of the
4 following statements best describes the requirements for the data type used in
qualitative risk analysis?
a. A qualitative risk analysis requires fast and simple data to complete the
analysis
b. A qualitative risk analysis requires accurate and unbiased data if it is to
be credible
c. A qualitative risk analysis encourages biased data to reveal risk
tolerances
d. A qualitative risk analysis requires unbiased stakeholders with biased risk
tolerances
Answer: b.
Explanation: A qualitative risk analysis requires accurate and unbiased data if it is to be
credible.
44
You are preparing to start the qualitative risk analysis process for your project.
QUIZ You will be relying on some organizational process assets to influence the process.
5 Which one of the following is NOT a probable reason for relying on organizational
process assets as an input for qualitative risk analysis?
45
You are preparing to start the qualitative risk analysis process for your project.
QUIZ You will be relying on some organizational process assets to influence the process.
5 Which one of the following is NOT a probable reason for relying on organizational
process assets as an input for qualitative risk analysis?
Answer: c.
Explanation: Review of vendor contracts to examine risks in past projects is not the
probable reason for relying on organizational process assets as an input for qualitative risk
analysis. These should have been reviewed during the identify risks process.
46
QUIZ
Which of the following is NOT an input for qualitative risk analysis?
6
a. Risk register
b. Risk management plan
c. Stakeholder register
d. Organizational process updates
47
QUIZ
Which of the following is NOT an input for qualitative risk analysis?
6
a. Risk register
b. Risk management plan
c. Stakeholder register
d. Organizational process updates
Answer: c.
Explanation: Except for stakeholder register, all other options provided here are inputs for
the qualitative risk analysis process.
48
Summary
Here is a quick ● The critical success factors for Perform Qualitative Risk Analysis process are
recap of what was
agreed-upon approach, agreed-upon definitions, high-quality information,
covered in this
lesson: and iterative qualitative risk analysis.
● The inputs of this process are risk register, risk management plan, scope
baseline, enterprise environmental factors, and organizational process
assets.
● The tools and techniques used in this process are risk probability and impact
assessment, probability and impact matrix, risk data quality assessment, risk
categorization, risk urgency assessment, and expert judgment.
● The output of this process is project documents updates.
49
This concludes ‘Perform Qualitative Risk Analysis.’
50
Reference
[1] Taken from Practice Standard for Project Risk Management: Page. 84
51
RMP® Certification Course
Lesson 8—Perform Quantitative Risk Analysis
2
Purposes and Objectives
3
Implementation of Overall Risk Analysis
4
Overall Risk Analysis—Post Implementation
The following can be predicted after implementing the overall risk analysis:
● The line-item costs or schedule activities that contribute more risks when all risks are considered
simultaneously.
● The individual risks that contribute the most to overall project risk.
● Projects where the quantified risks threaten objectives beyond the tolerance of the stakeholders.
5
Qualitative and Quantitative Risk Analysis—High-Level Comparison
● Addresses individual risks in detail. ● Predicts likely project outcomes based on combined
● Assesses the discrete probability of occurrence and effects of risks.
project
impact on objectives if risk occurs. ● Uses probability distribution to characterize the risk
● Helps prioritize the individual risks for subsequent related to cost and schedule values.
undertaking the
treatment. ● Uses a quantitative method, and requires specialized
● Adds to risk register. tools.
●
and benefits of
Leads to quantitative risk analysis. ● Estimates the likelihood of achieving targets and
contingency needed to achieve desired level of
ascertaining the costs comfort.
● Identifies risks with greatest effect on the overall
project.
6
Critical Success Factors
Following are the critical success factors for Perform Quantitative Risk Analysis process:
Prior Risk Identification and Qualitative Risk Analysis +
Appropriate Project Model +
Commitment to Collecting High-Quality Risk Data +
Unbiased Data +
Overall Project Risk Derived from Individual Risks +
Interrelationships between Risks in Quantitative Risk Analysis +
7
Critical Success Factors
Unbiased Data +
Overall Project Risk Derived from Individual Risks +
Interrelationships between Risks in Quantitative Risk Analysis +
10
Critical Success Factors
13
Inputs, Tools and Techniques, and Outputs
Following are the inputs, tools and techniques, and outputs required for Perform Quantitative Risk
Analysis process:
14
Inputs
Following are the Inputs required for Perform Quantitative Risk Analysis process:
Inputs Description
Risk register Identifies and categorizes risks, potential risk responses, and triggers warning signs.
Risk management Includes roles and responsibilities, budgets and schedule for risk management activities, Risk
plan Breakdown Structure (RBS), risk categories, probability and impact matrix, and risk tolerances.
Cost management Establishes the criteria for making plans, structuring, preparing an estimate, budgeting, and
plan establishing control over project costs.
Schedule Describes the scheduling methodology, the scheduling tool(s) to be used, and the format and
management plan established criteria for developing and controlling the project schedule.
Enterprise Provide context and insight to risk assessment, such as industry studies conducted by risk
environmental specialists for similar projects, and risk databases obtained from proprietary sources or the
factors industry.
Organizational Include existing processes that may impact a project's success. These may comprise policies,
process assets guidelines, historical information, or knowledge gained from previous projects.
15
Tools and Techniques
The 3 main techniques to Perform Quantitative Risk Analysis process are as follows:
Expert judgment
16
Tools and Techniques
Interviewing:
Interviewing draw on experience and historical data, to quantify the probability and
Data gathering and impact of risks on project objectives.
representation techniques Probability distribution:
Used extensively in modeling and simulation, representing the uncertainty in values
such as duration of scheduled activities and costs of project components.
Quantitative risk analysis
and modeling techniques
Expert judgment
17
Tools and Techniques
Sensitivity analysis:
Places a value on the effect of changing a single variable within a project by analyzing
Data gathering and that effect on the project plan.
representation techniques
Expected Monetary Value (EMV) analysis:
Assesses the average outcome of both known and unknown scenarios.
Decision tree analysis:
Quantitative risk analysis Factors both probability and impact for each variable, indicating the decision providing
and modeling techniques
the greatest expected value when all uncertain implications and subsequent decisions
are quantified.
Modeling and simulation:
Uses models that calculate potential impact of events on the project, based on random
Expert judgment
input values.
18
Tools and Techniques
Expert judgment:
It is required to identify potential cost and schedule impacts, to evaluate probability,
Data gathering and and to define inputs such as probability distributions into the tools.
representation techniques
Expert judgment
19
Sensitivity Analysis—Example
Jimmy is a construction project manager for a bridge project in New Jersey. He is just beginning
quantitative analysis for his project and is notified from his boss that there might be a union
strike in the near future. This would mean that some human resources, which are members of
the union, might not show up for work, which is supposed to begin in three weeks. Jimmy
immediately has the team begin reviewing near-term work packages to determine how many
people might be needed to complete them, as well as other areas of the project where various
types of work are required. After receiving the results later in the day, he conducts sensitivity
analysis to see which areas of his project will be most impacted by the potential strike.
20
Sensitivity Analysis—Example (contd.)
Jimmy determines that the foundation work packages are the most impacted as many union
employees will be mixing and pouring concrete. He also discovers that the transport areas of
the project are also at risk because the concrete must be moved around the job location by
construction vehicles. The least sensitive area appears to be designed as none of the engineers
are members of the union. Jimmy forwards his results to his boss who uses it to negotiate with
the union to avoid the strike. To further protect the project from the risk, Jimmy enters into a
contract with another labor construction company to fill these positions in case the union
decides to go on a strike later in the project. The proper use of sensitivity analysis enabled
Jimmy to see which areas of his project were most impacted by the potential strike, and then
to plan accordingly.
21
Tools and Techniques—Characteristics
Quantitative Method
Comprehensive Risk
Risk Impact Calculation Appropriate to Analyze Data Gathering Tools
Representation
Uncertainty
● Risk models provide the risk representations that affect the project objective simultaneously.
● Representation of both opportunities and threats.
22
Tools and Techniques—Characteristics
Quantitative Method
Comprehensive Risk
Risk Impact Calculation Appropriate to Analyze Data Gathering Tools
Representation
Uncertainty
● Quantitative models facilitate the correct calculation of many risks on the project objectives.
23
Tools and Techniques—Characteristics
Quantitative Method
Comprehensive Risk
Risk Impact Calculation Appropriate to Analyze Data Gathering Tools
Representation
Uncertainty
24
Tools and Techniques—Characteristics
Quantitative Method
Comprehensive Risk
Risk Impact Calculation Appropriate to Analyze Data Gathering Tools
Representation
Uncertainty
25
Tools and Techniques—Characteristics (contd.)
● Results from quantitative analysis are generally not available in standard methods/formats.
● Choosing the probability distribution, gives the following results:
o Whether the project can be completed within the time or budget;
o Contingency reserve requirement in terms of cost, time, or resource; and
o Identity or location of most important risks.
26
Tools and Techniques—Characteristics (contd.)
Risk Prioritization
Perform Quantitative Analysis
(E.g., Monte Carlo simulation, decision tree analysis, etc.)
Examine Interrelationships
between Risks
27
Tools and Techniques—Characteristics (contd.)
28
Tools and Techniques—Characteristics (contd.)
● Overall contingency reserve in time and cost should be reflected in the project’s schedule and budget.
● If adjustment is required in scope, then the changes are agreed upon and documented. A new quantitative risk
analysis is carried out to reflect the new aspects of the project.
29
Basic Principles of Probability
The following details the basics on principles of probability and its description:
Principles of Probability Description
The sum of the probabilities of all events that may occur should be equivalent to 1
Sum of probabilities
(100%).
Probability of single event The probability of any single event must be greater than or equal to 0 and less than
or equal to 1.
Let A and B be two dependent joint events. The probability of occurrence of events
Dependent joint events A and B will be denoted as P(A) and P(B) respectively. Then the probability of a
dependent joint event will be calculated as [P(A)*P(B/A)], where P(B/A) denotes the
probability of occurrence of event B, provided event A has already occurred.
A few other basics on principles of probability and its description are as follows:
Principles of Probability Description
The number that separates the higher half of a probability distribution from the
Median
lower half.
The number which typifies the data in a set. It is calculated by adding the values of a
Average
group of numbers and dividing the sum by the number of objects considered.
Standard deviation This is a measure of the spread of data, or the statistical dispersion of the values in
your data set.
31
Historical Documentation
32
Fault Tree Analysis
Fault Tree Analysis is also known as Failure Modes and Effects Analysis (FMEA). This type of model is
structured to identify the points of failure that are risks by themselves, or in combinations with one
another.
An example is illustrated below.
Improper Account
Settings
Non-Payment of Lack of Vendor
Electric Bill Notice Wrong Contact
Phone Number
Lack of AC Power
Poor
Automatic
Maintenance
Power Outage Transfer Switch UPS Error
Problem No Monthly Run
Insufficient Outdated Energy Test
Lack of DC Power
Battery Backup Analysis
33
System Dynamics
The System Dynamics (SD) model represents the flow of information and interactions among
stakeholders or teams on a project.
An example of SD is shown below.
34
EMV Analysis
35
Decision Tree Analysis
36
Monte Carlo Analysis
37
Monte Carlo Software for Risk Modeling—Example
After deciding which risks require further analysis, Bob, a project manager with an IT company,
decides to assess the overall project risk by quantifying the impact of several risks. During
analysis he discovers that the impacts of several risks are beyond the company’s
predetermined thresholds. Bob is concerned that this new development could mean that the
project may have had unrealistic expectations set against it. He employs the use of Monte
Carlo software for risk modeling. He carefully inputs all available data and discovers that there
is a low probability of meeting the management determined finish date utilizing the available
budget allotted for this project.
38
Monte Carlo Software for Risk Modeling—Example (contd.)
Bob takes the supporting information to upper management and explains the precarious
situation. Bob’s boss determines that the project is underfunded and also has an unrealistic
finish date. Because Bob supported his conclusions with software, management decides to
provide additional funding and postpones the projected finish date by sixty days. Bob then
inputs the new budget and schedule data into the Monte Carlo program, which reflects a much
higher probability of project completion.
39
Probability Distribution
The Normal or Gaussian distribution is a continuous probability distribution, defined on the entire
real line that has a bell-shaped probability density function, known as the Gaussian function or
informally known as the bell curve.
● Bell curve is a visual depiction of the likelihood of events occurring.
● The events are plotted as values, and this representation in mathematical language is termed as
Probability Density Function (PDF).
40
Project Risk Ranking
41
Steps to Perform Quantitative Risk Analysis
42
Output
Outputs Description
43
Components of Quantitative Risk Analysis Update
Once risks are qualitatively and quantitatively analyzed, the project team should be able to
Probabilistic analysis
forecast the possible completion dates and costs, and provide a level of confidence for each
of the project
decision.
Probability of fulfilling
Using quantitative risk analysis, the project team can estimate the likelihood of fulfilling the
the cost and time
project objectives with the current plan and knowledge of the project risks.
objectives
Identified risks are prioritized according to the threat they pose or the opportunity they
Prioritized list of
present to the project. This prioritized list includes a measure of the impact of each
quantified risks
identified risk.
Repeating the quantitative risk analysis process helps the project's risk management team to
Trends in quantitative analyze the trends and make adjustments as necessary. Information on the project schedule,
risk analysis results cost, quality, etc., and performance gained through the Perform Quantitative Risk Analysis
process will help the team to prepare a quantitative risk analysis report.
44
Documenting the Results
Following are the points which are documented upon completing this process:
● The contingency reserve calculated in quantitative project cost and
schedule risk analysis to be incorporated into the cost estimate and
schedule.
● Contingency reserve established to capture the opportunities that are
judged to be priorities of the project.
● If contingency reserve exceeds the time or resource available, changes the
scope and plan, then these have to be documented.
● The results of quantitative risk analysis must be recorded and passed on to
the project management team for further actions to be taken.
45
Quiz
46
You are the manager for a project. You are working with several subject matter experts
QUIZ to perform the quantitative risk analysis process. During this process, you find several
1 risk events that were not previously identified. What should you do with these risk
events?
47
You are the manager for a project. You are working with several subject matter experts
QUIZ to perform the quantitative risk analysis process. During this process, you find several
1 risk events that were not previously identified. What should you do with these risk
events?
Answer: c.
Explanation: If you come across a new risk at any point of time, enter the event into the risk
register.
48
You are the manager of a project in your company. You want to utilize a risk analysis
QUIZ process that will help the team make decisions in presence of the current uncertainty
2 surrounding the new environment. Which risk analysis approach can you use to make
decisions in the presence of uncertainty?
49
You are the manager of a project in your company. You want to utilize a risk analysis
QUIZ process that will help the team make decisions in presence of the current uncertainty
2 surrounding the new environment. Which risk analysis approach can you use to make
decisions in the presence of uncertainty?
Answer: c.
Explanation: Quantitative risk analysis provides the opportunity to make decisions based on
numerical values assigned to the identified risks.
50
You are the manager for a project. Your team and you are working on the following
QUIZ activities: i) Probabilistic analysis of a project, ii) Probability of achieving cost and time
3 objectives, and iii) Trends in qualitative risk analysis results. On which of the following
processes are you working?
51
You are the manager for a project. Your team and you are working on the following
QUIZ activities: i) Probabilistic analysis of a project, ii) Probability of achieving cost and time
3 objectives, and iii) Trends in qualitative risk analysis results. On which of the following
processes are you working?
Answer: b.
Explanation: All these activities will be carried out as part of Quantitative Risk Analysis.
52
QUIZ Which of the following processes must be repeated after plan risk responses and
control risks process, to determine if the overall project risk has been satisfactorily
4 decreased?
53
QUIZ Which of the following processes must be repeated after plan risk responses and
control risks process, to determine if the overall project risk has been satisfactorily
4 decreased?
Answer: b.
Explanation: Perform quantitative risk analysis is used to make sure that risk is minimized as
the project progresses.
54
QUIZ Which of the following simulation or modeling tools is used in case of quantitative risk
5 analysis?
55
QUIZ Which of the following simulation or modeling tools is used in case of quantitative risk
5 analysis?
Answer: a.
Explanation: Monte Carlo simulation is used in quantitative risk analysis to determine the
numerical impact due to risk in the project.
56
QUIZ
What is the output of quantitative risk analysis?
6
a. Risk register
b. Project performance examination
c. Project documents updates
d. Project management plan updates
57
QUIZ
What is the output of quantitative risk analysis?
6
a. Risk register
b. Project performance examination
c. Project documents updates
d. Project management plan updates
Answer: c.
Explanation: Project documents updates are the output of quantitative risk analysis
process.
58
Summary
Here is a quick ● Performing Quantitative Risk Analysis provides a numerical estimate of the
recap of what was overall effect of risk on the project objectives.
covered in this ● The three techniques to Perform Quantitative Risk Analysis process are data
lesson:
gathering and representation techniques, quantitative risk analysis and
modeling techniques, and expert judgment.
● EMV analysis is a method of calculating the average outcome when the
future is uncertain.
● Monte Carlo analysis is used to predict likely outcome for schedules and
costs.
● The Normal or Gaussian distribution is a continuous probability distribution,
defined on the entire real line that has a bell-shaped probability density
function, known as the Gaussian function or informally known as the bell
curve.
59
This concludes ‘Perform Quantitative Risk Analysis.’
60
Reference
[1] Based on Practice Standard for Project Risk Management: Project Risk Management, Page 27.
61
RMP® Certification Course
Lesson 9—Plan Risk Responses
1
Objectives
2
Purposes and Objectives
Plan Risk Responses process determines the effective responses that are appropriate to the priority of
individual risks and overall project risk.
While deciding the risk response, it is important to consider a few factors which includes the
following:
The objective of the Plan Risk Responses process is to determine the set of actions which enhances
the chances of project’s success while complying with organizational and project constraints.
3
Activities and Roles
4
Activities and Roles (contd.)
● Risks that remain after the primary and secondary risks have been
eliminated are called residual risks.
5
Interfaces
Risk response processes along with all approved and unconditional actions occurring due to risk
response planning should be integrated within project management plan.
The corresponding organizational and project management rules should be invoked including the
following:
6
Critical Success Factors
Critical success factors for Risk Resource Planning process are as follows:
People
Planning
Analysis
7
Critical Success Factors
Analysis
8
Critical Success Factors
Analysis
9
Critical Success Factors
10
Inputs, Tools and Techniques, and Outputs
The Inputs, Tools and Techniques, and Outputs of Plan Risk Responses process are as follows:
11
Inputs
Inputs Description
Contains prioritized lists of project risks, root causes of risk, lists of potential
Risk register responses, risk ranking, lists of near-term and long-term risks, trend in
qualitative risk analysis, categorized risks, and a watch-list of low-priority risks.
Risk
Contains the guidelines, methodology, templates, and formats necessary to
management
perform all risk management processes including Plan Risk Responses.
plan
12
Updating the Risk Register—Example
While finalizing risk responses on a high visibility project that is set to begin in another country, you review your
available choices for risk responses. There is a set of risks that is related to using company employees in that region
of the world, they are:
1. Company employees are not versed in the local cultural norms
2. They do not even speak the language
These shortcomings could potentially result in major problems when dealing with local politicians, construction
workers and in various other situations and as a result of this option, the risk to the project will increase.
13
Updating the Risk Register—Example (contd.)
On the other hand, you have the option of only using local workers. The benefits are as follows:
● While less skilled, they are from this region of the world.
● They should be able to increase their performance quickly.
● It will not cause any problems with the local customs and people.
● Local resources would not cause the same problems as the employees might.
Due to the higher risk and expense associated with using company employees, you decide to use local resources
and completely avoid problems that might arise from not understanding the local customs, language and
traditions. You update the risk register and begin making the arrangements immediately.
14
Tools and Techniques
Following are the tools and techniques of Plan Risk Responses process:
Strategies for
The three strategies for negative risks or threats are avoid, transfer, and mitigate. The
negative risks
fourth strategy accept, can be used for positive and negative risks.
or threats
Strategies for
The three strategies are exploit, share, and enhance; and the fourth strategy is accept.
positive risks
Contingent
response It is the response strategy used if risks occurs.
strategies
Expert It is the input from Subject Matter Experts (SMEs) to take required actions on specific
judgment and defined risk.
15
Strategies for Threats
16
Accepting a Threat—Example
There is a threat, that a competitor may launch a rival product first. This affects the expected market share for the
product. To overcome this threat, the project can be accelerated by increasing the resources and reducing the
product’s scope, so that it can be launched earlier.
Alternatively, action need not be taken to re-schedule the launch to an earlier date. Accelerating the project may
lead to product quality issues and reducing the scope can make the product less appealing. Therefore, in this case,
the risk is simply accepted and no action is taken to overcome it.
17
Strategies for Opportunities
18
Exploit Strategy—Example
As a project manager for a housing development project you are constantly concerned with the cost of housing
materials such as lumber, drywall, carpeting, and tile. The prices of these products are constantly fluctuating and
causing you to review your budget for available funds.
After finishing a previously contentious project, you decide to try something different on an upcoming block of
houses that are set to begin building shortly.
Determined to control the cost of materials, you decide to meet your suppliers and negotiate for better pricing.
Your suppliers are willing to negotiate but only if you buy in bulk, which is equal to two blocks worth of houses.
19
Exploit Strategy—Example (contd.)
After the discussion with the suppliers, you perform the following actions:
● You take this pricing to your investors who approve the idea and ask if there is a way to keep the pricing on the
remaining six blocks.
● You meet your suppliers again and present the idea of a fixed price on a much larger order, to which they agree.
● After finalizing negotiations and signing all the necessary paperwork, you return to your office and update the
risk register.
● You notify your investors that you have taken full advantage of the material price opportunity, which is also
known as the exploit strategy.
Pricing is much less of a problem after this response strategy.
20
Tools and Techniques—Categories
21
Steps Involved in Planning Risk Responses Process
The following flowchart helps in understanding the steps involved in Plan Risk Responses process:
Yes
Identify Responses
Predicted
Select Responses Exposure
No Acceptable?
Yes
Plan and Resource Update Risk
Actions Register
22
Applying Risk Response Strategies to Overall Project Risk
The four risk response strategies that are applied to individual risks can also be applied to address the
overall project risk in the following manner:
Constructing Re-planning
Constructing a strategy where Re-planning the project or change
customer and supplier share the risk. the scope.
Pursuing Cancelling
Pursuing the project in spite of the Cancelling the project, if the overall
desired level exceeded. level of risk is unacceptable.
23
Response Identification
24
Response Selection
25
Risk Addressing
26
Outputs
Outputs Description
27
Contingency Plan
A residual risk is a risk that remains after risk responses have been
implemented.[2]
This plan is used in the event when identified risks become reality.
28
Risk Tolerance
Risk tolerance refers to the level of risk acceptability of a project manager, an organization, or a key
stakeholder when the investment required for managing the risk is compared to the potential payoff.
29
Business Continuity Plan
30
Contingency Reserves
Contingency reserve is a predetermined amount that is set aside to be used when known risks
become reality.
31
Critical Chain Project Management
Critical Chain Project Management (CCPM) is a method that allows the project team to place buffers
on any path to account for limited resources and other types of risk. A buffer is a non-work schedule
activity with a duration based on the risk for that path. A resource constrained critical path is referred
to as the critical chain.
Activity Feeding
C Buffer
32
Force Field Analysis
Force Field Analysis technique is often used when a change is under consideration. The two sets of
variables that are compared are driving forces and restraining forces.
Lack of
authority
Easily de-
scoped
33
Industry Knowledge Base
A truck carrying cargo on the highway has numbered placards on its rear end. These
are numbers associated with material safety data sheets or MSDS. This information
is readily available to the public and also to the first responders in case there is an
accident.
34
Interviews
You might conduct an interview with a heavy equipment operator who is performing work on site for
your project. The operator is the most qualified to identify risks about the equipment.
35
Multi-Criterion Selection Techniques
Multi-Criterion Selection tool uses a weighted approach to compare options. The stakeholders must
agree upon the weights, criteria, and scoring results.
Vendor A Vendor B
Criteria Weight Rating Points Rating Points
Price 10 9 90 8 80
History 5 9 45 7 35
Time 8 7 56 8 64
Quality 8 10 80 9 72
Risk 7 7 49 8 56
Score 320 307
36
Historical Documentation
37
Quantitative Risk Analysis
Quantitative risk analysis may be used to determine which responses are cost effective based on the
impact to the project.
Decision tree analysis might help you determine whether you should purchase a
piece of equipment or just rent it during the project. The cost or rental of the
equipment, and the impact to the budget might be clearly displayed.
38
Root Cause Analysis
Root Cause Analysis technique can be used proactively or reactively. A commonly used example is the
fishbone diagram which is shown below.
ROOT CAUSE ANALYSIS
Process Management Geography
Quality Defects
39
Scenario Analysis
Scenario Analysis technique involves planning and assessing the feasibility of multiple responses. This
will help determine which response is the most appropriate, cost effective, and causes the least
amount of secondary risks.
40
Scenario Analysis—Example
You are the project manager for a telecommunication’s company and you are reviewing possible scenarios to deal
with winter storm outages. Quite often, heavy snowfall causes power services to be disrupted, which then causes
your cellular sites to fail after one hour.
So, you have several possible responses to deal with this risk. They are:
1. You might install a generator onsite with an automatic switch to turn the generator on if the power fails.
However:
● you need to check the time duration for installation.
● you also need to think about the cost and space to install it.
41
Scenario Analysis—Example (contd.)
2. In another scenario you might decide to rent a generator and keep it on site. This option will require an
employee to go to the site and turn it on if the power fails. In this case the considerations are:
● You need to think about the arrival time.
● There could be dangerous driving conditions.
● You also need to check if the employee is qualified for it.
3. Another scenario under consideration is to contract with a generator company to handle the entire response.
Once again, you need to think about the cost and the onsite arrival time.
42
Residual Risks
Residual Risks refer to risks that remain in a project even after the risk response action is
implemented.
It is essential to add the contingency costs and duration to account these residual risks.
43
Creating a Risk Response Plan—Guidelines
Consult the risk management plan Incorporate the risk response plan
for the description of the content into the overall project plan
44
Documenting the Results
Documenting the results of the Plan Risk Responses process includes the following:
45
Documenting the Results
48
Quiz
49
QUIZ
How many risk responses are there in the positive risk response type?
1
a. Four
b. Three
c. Seven
d. Eight
50
QUIZ
How many risk responses are there in the positive risk response type?
1
a. Four
b. Three
c. Seven
d. Eight
Answer: a.
Explanation: There are four positive risk responses. They are, exploit, share, enhance, and
accept.
51
QUIZ You are the manager of a project for your company. You have completed qualitative and
quantitative analysis of your identified project risks. Which should be the next step
2 according to project management process?
52
QUIZ You are the manager of a project for your company. You have completed qualitative and
quantitative analysis of your identified project risks. Which should be the next step
2 according to project management process?
Answer: d.
Explanation: After completion of qualitative and quantitative risk analysis, the next step is
to Plan Risk Responses.
53
QUIZ While monitoring the project, you find that an accepted risk is going to occur. Which of
3 the following measures will you take to develop the response?
b. Fallback plan
c. Mitigation plan
d. Risk register
54
QUIZ While monitoring the project, you find that an accepted risk is going to occur. Which of
3 the following measures will you take to develop the response?
b. Fallback plan
c. Mitigation plan
d. Risk register
Answer: a.
Explanation: The risk response plan communicates how specific risks will be dealt with and
what action steps are required as part of the risk response process.
55
QUIZ You finished risk response planning and found that cost and schedule baselines are to
be modified. Why would the risk response planning call for changing the cost and
4 schedule baselines?
a. New or omitted work which is a part of risk response can cause changes
to the schedule baseline and/or cost
b. Risk responses protect the investment and time of the project
56
QUIZ You finished risk response planning and found that cost and schedule baselines are to
be modified. Why would the risk response planning call for changing the cost and
4 schedule baselines?
a. New or omitted work which is a part of risk response can cause changes
to the schedule baseline and/or cost
b. Risk responses protect the investment and time of the project
Answer: a.
Explanation: A project is a progressive elaboration. While carrying out risk management,
you will find that the funding and timeline may not be sufficient. So you need to update the
baseline by considering the new risk response planning.
57
You are the manager running a project for an organization, and during the course of the
QUIZ project, the organization receives an additional funding from VCs as bonus, which can
5 be used for your project to compress the schedule by crashing. Which response helps in
utilization of opportunity?
a. Transferring
b. Mitigation
c. Exploitation
d. Enhancement
58
You are the manager running a project for an organization, and during the course of the
QUIZ project, the organization receives an additional funding from VCs as bonus, which can
5 be used for your project to compress the schedule by crashing. Which response helps in
utilization of opportunity?
a. Transferring
b. Mitigation
c. Exploitation
d. Enhancement
Answer: c.
Explanation: If you receive the money and then decide to crash the schedule, you have
exploited the situation.
59
QUIZ
Which risk response is acceptable for both positive and negative risk events?
6
a. Transferring
b. Acceptance
c. Sharing
d. Enhancing
60
QUIZ
Which risk response is acceptable for both positive and negative risk events?
6
a. Transferring
b. Acceptance
c. Sharing
d. Enhancing
Answer: b.
Explanation: Acceptance is the only risk response which is used both in positive and
negative risk response planning.
61
Summary
Here is a quick ● While deciding the risk response, it is important to consider stakeholders’
recap of what was attitude, conventions, assumptions, and constraints.
covered in this ● The critical factors to ensure the success of Plan Risk Responses process
lesson: are people, planning, and analysis.
● The inputs of Plan Risk Responses process are risk register, and risk
management plan.
● A contingency plan is a plan developed in anticipation of the occurrence
of a risk, to be executed only if specific, predetermined trigger conditions
arise.
● The different forms of contingency reserves are additional time, money,
and resources.
62
This concludes ‘Plan Risk Responses.’
63
Reference
[1] Based on Practice Standard for Project Risk Management: Glossary, Page 109.
64
RMP® Certification Course
Lesson 10—Control Risks
1
Objectives
2
Purposes and Objectives
For each risk where a contingent response is identified, the corresponding trigger conditions should
be specified. Risk owners should monitor the implementation in a timely manner.
3
Purposes and Objectives (contd.)
Once the Plan Risk Responses process is complete, all the approved unconditional response actions
should be included and defined in the risk register.
● The first action then is to check if it has been completed and take action as necessary, such as
invoking change management process if required.
● Effective communication needs to be maintained between them and the project manager, so that
the respective stakeholders accept the accountability.
● In addition to the response actions and trigger conditions, a mechanism for measuring the
effectiveness of the response is provided by the Plan Risk Responses process.
● In the event of major organizational changes, risk management planning may need to be revised.
4
Critical Success Factors
Following are the critical success factors for Control Risks process:
Integrate Risk Monitoring and Control with Project Monitoring and Control +
Continuously Monitor Risk Trigger Conditions +
Maintain Risk Awareness +
5
Critical Success Factors
Following are the critical success factors for Control Risks process:
Integrate Risk Monitoring and Control with Project Monitoring and Control -
● Project management plan should address actions used to carry out and control
risks.
● After the risk response plan, monitoring and controlling of risks should be carried
out as a part of the monitoring and controlling of project.
6
Critical Success Factors
Following are the critical success factors for Control Risks process:
Integrate Risk Monitoring and Control with Project Monitoring and Control +
Continuously Monitor Risk Trigger Conditions +
● Specifically defined risks may trigger conditional responses by the risk action
owner in collaboration with the risk owner.
7
Critical Success Factors
Following are the critical success factors for Control Risks process:
Integrate Risk Monitoring and Control with Project Monitoring and Control +
Continuously Monitor Risk Trigger Conditions +
Maintain Risk Awareness -
● Risk management report should be a regular item on every status meeting to
create awareness about risk management and its importance.
● Regular reports on risks should be shared with the senior-level sponsor and the
stakeholders.
8
Inputs, Tools and Techniques, and Outputs
Following are the inputs, tools and techniques, and outputs required for Control Risks process:
9
Inputs
Inputs Description
Identifies risks, risk owners, actions to respond to risks, characteristics of risks, and a watch-list of
Risk register
risks of low priority.
Project management Contains risk management plan which includes risk tolerances, risk owners, protocols, human
plan resources, time, and other resources allocated for project risk management.
Provides items related to project performance results, which may be impacted by risks such as
Work performance data
deliverable status, progress with respect to schedule, and cost incurred to accomplish the work.
Work performance Provides information on project work performance that may affect the processes of risk
reports management or the actual occurrence of risk.
10
Tools and Techniques
Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement
Risk reassessment is the identification of new risks, reassessment of current risks, and the closing of risks that are
outdated.
11
Tools and Techniques
Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement
Risk audits examine and document the effectiveness of risk responses in dealing with identified risks.
12
Tools and Techniques
Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement
Variance analysis is used to compare the planned results to the actual results. Trends in the project’s execution
should be reviewed using performance information.
13
Tools and Techniques
Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement
Technical performance measurement compares technical accomplishments during project execution to the
schedule of technical achievement.
14
Tools and Techniques
Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement
Reserve analysis compares the amount of the contingency reserves remaining to the amount of risk remaining at
any time in the project.
15
Other Tools and Techniques
A few other tools and techniques of Control Risk process are as follows:
Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve
16
Other Tools and Techniques
A few other tools and techniques of Control Risk process are as follows:
Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve
Tools are required to identify trends and forecast future outcomes, and to track the progress and spending.
17
Other Tools and Techniques
A few other tools and techniques of Control Risk process are as follows:
Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve
Tools are required to evaluate and track trigger conditions against the project thresholds based on the actual
status. This provides risk-related information for the project parameters such as time and cost.
18
Other Tools and Techniques
A few other tools and techniques of Control Risk process are as follows:
Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve
Tools are required to determine whether the responses have the expected effect on the project’s overall level of
risk.
19
Other Tools and Techniques
A few other tools and techniques of Control Risk process are as follows:
Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve
Quality of execution of risk related plans and process are monitored against the metrics, to see if there is any
variation.
20
Outputs
Outputs Description
Work performance
Provides a mechanism to communicate and support project decision-making.
information
Organizational process Project risk management processes should be documented in the organizational process
assets updates assets as references for future projects.
Anything that deviates from the project baseline results in changes to the project management
Change requests
plan.
Project management The project management plan needs to be revised and reissued, if there is any approved
plan updates change which has an effect on risk management processes.
Project document Various project documents that require updates include the assumptions log, the technical
updates documentation, the contract terms, and the schedule and cost baselines.
21
Risk Audits
● a third party,
● a qualified personnel.
22
Risk Reassessment
The process of reassessing the risks in a project risk register includes the following:
Identify new risks and Reassess current risks Close outdated risks
determine responses for their probability
and impact
23
Risk Audit—Guidelines
24
Risk Audits—Example
During execution late into a project, the Project Manager (PM) feels that he is constantly
reacting to risk events that should have been identified early. Each time a risk event occurs,
he is asked by upper management why this risk was not identified proactively, analyzed,
and a response plan designated.
Concerned with this rising trend of missed risks, he calls for a team meeting to discuss the
issue. During the conversation, one of the team members suggests that a risk audit might
be appropriate under the circumstances, and the PM agrees.
The team then conducts the risk audit by using the steps within the audit format that had
been defined in the risk plan.
25
Risk Audits—Example (contd.)
After the audit is complete it is obvious that the team has been using a flawed risk plan.
The original plan was biased and caused the team to subjectively miss an entire category of
risks, which have now began to occur while in execution.
With this problem identified, the PM immediately updates the risk plan and all the
supporting documentation. He then instructs the team to begin risk reassessment in an
effort to identify risks in a proactive manner. The PM also informs upper management
about the audit conclusions and the new focus on risk.
26
Trend Analysis
Trend analysis involves reviewing the various trends in project performance on a regular basis.
Trend analysis examines project performance over time to determine whether performance is
improving or deteriorating.
This technique helps in reviewing the various trends in project performance on a regular basis, and it
can also be used to predict future performance.
27
Variance Analysis
Variance analysis is the measurement of deviation from expected results, or the analysis of variance
from the planned and the actual risk impacts.
On the basis of variance analysis, corrective action is taken for the progress of the project.
28
Variance and Trend Analysis—Example
During a routine risk reassessment meeting with the team, Sonny is alerted to a potential
problem by a team member. It seems that the same risk is reoccurring in a technical area of
the project. This area is critical to the success of the project and has a predetermined data
throughput speed that is a quality requirement from an internal customer.
Sonny instructs the team members to pull the test data from the previous test and
inspection paperwork so they can compare these technical measurements over a span of
time.
After compiling the data, it is evident that the risk does in fact seem to occur 24 hours after
each finalized test. Perplexed by this strange phenomenon, Sonny and his team members
investigate further by using variance and trend analysis.
29
Variance and Trend Analysis—Example (contd.)
It appears that every server has suffered this same problem over the last month and no one
had noticed the trend. As every server seems to be affected, Sonny and the team are able
to trace them all to a common cause.
They are all pulling power from the same power bay which has begun exceeding the
maximum capacity in the last month. Apparently, no one thought to check to see if there
would be enough available power for the new servers.
After discovering this problem, Sonny determines several courses of action, submits a
change request, which is approved and performs a minor upgrade on the power bay
distribution breakers to handle this increase power requirement.
30
Technical Performance Measurement
Technical performance measurement helps to determine if the technical targets can be achieved.
31
Critical Chain Project Management
Critical Chain Project Management (CCPM) is a method that allows the project team to place buffers
on any path to account for limited resources and other types of risk. A buffer is a non-work schedule
activity with a duration based on the risk for that path. A resource constrained critical path is referred
as a critical chain.
Activity Feeding
C Buffer
32
Reserve Analysis
Contingency reserve
Management reserve
33
Status Meetings
Status meetings are conducted to discuss the current status of the project with the project team
members and the stakeholders.
The project manager should include the following for status meetings:
Analyzing the
Discussing the
effectiveness of risk
lessons learned
responses
34
Evaluating Project Risks and Risk Status
Monitor the existing status of each risk event in the risk register.
35
Evaluating Project Risks and Risk Status
Identify risk events whose status may be changed based on their status at the time of evaluating risks.
36
Evaluating Project Risks and Risk Status
Update the risk register by modifying the appropriate status of each risk event.
37
Historical Documentation
38
Documenting the Results
The final control action of risk controlling is to record the actual data for future use.
39
Quiz
40
QUIZ Which of the following processes involves choosing the alternative strategies, executing
a contingency or fallback plan, taking corrective action, and modifying the project
1 management plan?
a. Control risk
c. Scope control
41
QUIZ Which of the following processes involves choosing the alternative strategies, executing
a contingency or fallback plan, taking corrective action, and modifying the project
1 management plan?
a. Control risk
c. Scope control
Answer: a.
Explanation: Control Risk process takes care of choosing alternative strategies, executing
fallback plan, taking corrective action, and modifying the project management plan.
42
QUIZ
Which of the following is not a tool or technique of Control Risks?
2
43
QUIZ
Which of the following is not a tool or technique of Control Risks?
2
Answer: d.
Explanation: Gathering information about how the work is being performed is not a tool or
technique of Control Risks.
44
QUIZ
Which one of the following is not an output of Control Risk process?
3
d. Change requests
45
QUIZ
Which one of the following is not an output of Control Risk process?
3
d. Change requests
Answer: c.
Explanation: Variance and trend analysis is the tool and technique used in Control Risk
process. Rest of them are output of this process.
46
QUIZ Every status meeting should have time allotted for risk monitoring and control. Which
4 of the following sentences about risk monitoring and control is not true?
a. Risk identification and monitoring should occur throughout the life of the
project.
b. Risk audits randomly occur.
c. Risks should be monitored for their status and to determine whether the
impacts to the objectives have changed.
d. Technical performance measurement variances may indicate that a risk is
looming and should be reviewed at status meetings.
47
QUIZ Every status meeting should have time allotted for risk monitoring and control. Which
4 of the following sentences about risk monitoring and control is not true?
a. Risk identification and monitoring should occur throughout the life of the
project.
b. Risk audits randomly occur.
c. Risks should be monitored for their status and to determine whether the
impacts to the objectives have changed.
d. Technical performance measurement variances may indicate that a risk is
looming and should be reviewed at status meetings.
Answer: b.
Explanation: The auditing happens as per the predefined period, and when the auditing
happens, risk auditing may become part of it. The frequency of auditing is less compared to
the status meeting in which identification and monitoring of risk happens.
48
QUIZ
During the risk control, the risk response owner should be:
5
49
QUIZ
During the risk control, the risk response owner should be:
5
Answer: c.
Explanation: The risk response owner is assigned to carry out responses and must keep the
project manager informed of any mid-course correction needed.
50
QUIZ
Which of the following is not a primary objective of control project risk?
6
d. Categorize risks
51
QUIZ
Which of the following is not a primary objective of control project risk?
6
d. Categorize risks
Answer: d.
52
Summary
Here is a quick ● In the event of major organizational changes, risk management planning
recap of what we may need to be revised to reassess.
have learned in this ● Critical success factors for the Control Risks process are integrate risk
lesson: monitoring and control with project monitoring and control, monitor risk
trigger conditions continuously and maintain risk awareness.
● Inputs of Control Risk process are risk register, project management plan,
work performance data, and work performance reports.
● Some documented risk management information includes occurrence of
risk, effectiveness of risk responses, and unexpected or undocumented
risk.
● Risk audits may be performed by a third party, a project's risk officer, or a
qualified personnel.
53
This concludes ‘Control Risks.’
54