What is the process of risk management?
- Plan Risk Management
- Identify Risks
- Perform Qualitative Risk Analysis
- Perform Quantitative Risk Analysis
- Plan Risk Responses
- Control Risks
What is the key output of the Plan Risk Management process?
Risk management plan
What is the key output of the Identify Risks process?
What key outputs of the Perform Qualitative Risk Analysis process are added to the risk register?
- Risk ranking for the project
- Prioritized risks and their probability and impact ratings
- Risks grouped by category
- List of risks requiring additional analysis and response
- List of risks requiring analysis in the near term
- Watch list (noncritical risks)
What key outputs of the Perform Quantitative Risk Analysis process are added to the risk register?
- Prioritized list of quantified risks
- Initial amount of contingency time and cost reserves needed
- Possible realistic and achievable completion dates and project costs
- Quantified probability of meeting project objectives
- Trends in quantitative risk analysis
What key outputs of the Plan Risk Responses process are added to the risk register?
- Residual risks
- Contingency plans
- Fallback plans
- Risk owners
- Secondary risks
- Risk triggers
- Reserves for time and cost
What are the key outputs of the Control Risks process?
- Work performance information
- Risk register updates
- Change requests
- Updates to the project management plan and project documents
- Updates to organizational process assets
What key outputs of the Control Risks process are added to the risk register?
- Outcomes of risk reassessments and risk audits
- Results of implemented risk responses
- Updates to previous parts of risk management
- Closing of risks that are no longer applicable
- Details of what happened when risks occurred
- Lessons learned
What is a risk?
A future occurrence that may or may not happen that can have a positive (opportunity) or negative (threat) impact on the project
What are the four key factors that need to be determined for each risk?
A person who is risk averse is:
Unwilling to take risks
Define risk appetite, risk tolerance, and risk threshold.
A general, high-level description of the acceptable level of risk
a measurable amount of acceptable risk
the specific point at which risk becomes unacceptable
What are the inputs to the risk management process?
- Project background information and other organizational process assets
- Enterprise environmental factors
- Project charter, network diagram, and other project documents
- Project management plan (including scope baseline and the knowledge area plans)
- Time and cost estimates
- Procurement documents
- Stakeholder register
- Risk register
- Work performance data and reports
What are some examples of sources of risk?
- Project management
- Customer satisfaction
What are some examples of risk identification techniques?
- Documentation reviews
- Information-gathering techniques
- SWOT analysis (strengths, weaknesses, opportunities, threats)
- Checklist analysis
- Assumptions analysis
- Diagramming techniques
What are risk triggers?
- Early warning signs that a risk event has occurred, or is about to occur
- They let risk owners know when to take action
What is assumptions analysis?
Assessing the assumptions made on the project and determining whether they are valid
When is assumptions analysis done?
During Identify Risks
What is risk data quality assessment?
Determining how accurate, reliable, and well understood the risk information is
When is the risk data quality assessment done?
During Perform Qualitative Risk Analysis
What is a probability and impact matrix?
The company's standard rating system to promote a common understanding of what each risk rating means
What is sensitivity analysis?
A technique to analyze and compare the potential impacts of identified risks
What is the formula for expected monetary value?
Probability times impact, or
EMV = P x I
What is a decision tree?
A model of a decision to be made that includes the probabilities and impacts of future events
Who is a risk owner?
The person assigned to develop and execute risk responses for a critical risk
What are the possible risk response strategies for threats?
Eliminate the threat by eliminating the cause
Reduce the probability or impact of the threat
Make another party responsible for the risk (outsourcing, insurance, warranties, bonds, guarantees)
- Passive acceptance - do nothing; if it happens, it happens
- Active acceptance - develop contingency plans in advance
What are the possible risk response strategies for opportunities?
Make sure the opportunity occurs
Increase probability or positive impact of the risk event
Allocate full or partial ownership of the opportunity to a third party
Do nothing; if it happens, it happens
What are residual risks?
Risks that remain after risk response planning
What are secondary risks?
New risks created by the implementation of risk response strategies
How does buying insurance relate to risk response planning?