1

Project Risk ManagementChapter 11

2

Risk & Hazard

Definitions.

11.1 Plan Risk Management

11.2 Identify Risk

11.3 Perform Qualitative Risk Analysis

11.4 Perform Quantitative Risk Analysis

11.5 Plan Risk Response

KEY TERMS

3

Risk )Uncertainty(Threats……Opportunities

Hazard

Project Risk Management

3

Knowledge

Area

Process

Initiating Planning ExecutingMonitoring &

ControlClosing

Human

Resource

11.1 Plan Risk Management

11.2 Identify Risk

11.3 Perform Qualitative Risk

Analysis

11.4 Perform Quantitative Risk

Analysis

11.5 Plan Risk Response

11.6 control risk

Enter phase/

Start project

Exit phase/

End project

Initiating

Processes

Closing

Processes

Planning

Processes

Executing

Processes

Monitoring &

Controlling Processes

5

11.1 Plan Risk Management

The process of defining how to conduct risk

management activities for a project.

11.2 Identify Risks

The process of determining which risks may affect

the project and documenting their characteristics.

11.3 Perform Qualitative Risk Analysis

The process of prioritizing risks for further analysis

or action by assessing and combining their

probability of occurrence and impact.

6

11.4 Perform Quantitative Risk Analysis

The process of numerically analyzing the effect of

identified risks on overall project objectives.

11.5 Plan Risk Responses

The process of developing options and actions to

enhance opportunities and to reduce threats to

project objectives.

11.6 Control Risks

The process of implementing risk response plans,

tracking identified risks, monitoring residual risks,

identifying new risks, and evaluating risk process

effectiveness throughout the project.

7

Risk Factors

1. The probability that a risk event will occur

(how likely)

2. The range of possible outcomes

(impact or amount at stake)

3. Expected timing for it to occur in the project life

cycle (when)

4. The anticipated frequency of risk events from that

source (how often)

8

Sources Of Risks• Schedule

• Cost

• Quality

• Scope

• Resources

• Customer satisfaction (stakeholder satisfaction)

Risk Categories• External Regulatory, environmental, government, market shifts

• Internal Time, cost, or scope changes…………..

• Unforeseeable Only a small portion of risks (some say about 10

percent)

• Technical Changes in technology.

9

Risk Categories ( Risk Breakdown Structure )

10

Definitions

• Risk appetite a general, high-level description of the

acceptable level of risk.

• Risk tolerance the degree, amount, or volume of risk that

an organization or individual will accept.

• Risk threshold the specific point at which risk becomes

unacceptable

11

Definitions

• Risk Averse ( Averter ) :

someone who does not want to

take risks.

• Risk Seeker :

someone who want to take risks.

12

• Probability and Impact Matrix

• Risks are prioritized according to their potential implications

• Each risk is rated on its probability of occurrence and

impact on an objective if it does occur.

• Used in Qualitative analysis

13

• Probability and Impact Matrix

No Category Description of Risk IMPACT PROBABILITYRISK

LEVEL

1 Resource Testing environment not available 4 B ORANGE

2 ScheduleDocumentation approval took longer

time4 A RED

Colors shows

level of

importance

14

• Probability and Impact Matrix ( PMBOK )

• Probability x Impact = Rate to categorize

15

• Expected monetary value analysis

• Decision Tree Diagram used in Quantitative Analysis

• Probability x Impact = Value to categorize

• EVM is the largest value.

16

Quiz

Prototype

setup cost

200,000 $

Don’t

Prototype

setup cost

0 $

Failure: 35% probability

and $120,000 impact

Pass: No impact

Failure: 70% probability

and $450,000 impact

Pass: No impact

?

17

Quiz

Prototype

setup cost

200,000 $

Don’t

Prototype

setup cost

0 $

Failure: 35% probability

and $120,000 impact

Pass: No impact

Failure: 70% probability

and $450,000 impact

Pass: No impact

?

EMV= 0.35X -120= 42,000$

EMV= 0.7X -450= 315,000$

EMV= -315,000$

EMV= -200-42= -242,000$

We go with prototype

We will pay less 242.000 $

18

11.1 Plan Risk Management

19

11.1 Plan Risk Management

The process of defining how to conduct risk

management activities for a project.

20

21

11.1 Plan Risk Management Inputs

1. Project Management Plan

2. Project Charter

3. Stakeholder Register

4. EEF

risk attitudes, thresholds, and tolerances

5. OPA

1. Analytical Techniques

2. Expert Judgment

3. Meetings

11.1 Plan Risk Management T & T

22

11.1 Plan Risk Management Outputs

• Risk Management Plan : includes

Methodology

Roles and Responsibilities

Budgeting

Timing

Risk Categories

Definition of probability and impact

Probability and Impact Matrix

Revised stakeholders’ tolerance

Reporting format

Tracking

23

11.2 Identify Risk

24

11.2 Identify Risk

The process of determining which risks may affect

the project and documenting their characteristics.

25

11.2 Identify Risk Inputs

Risk Management Plan

Cost management Plan

Schedule Management Plan

Quality Management Plan

Human Resource Management Plan

Scope Baseline

Activity Cost Estimates

Activity Duration Estimates

Stakeholder Register

Project Documents

Procurement Documents

EEF

OPA

26

11.2 Identify Risk T & T

1. Expert Judgment

2. Documentation Reviews

3. Information Gathering Techniques

Brainstorming / Delphi Technique

Interviewing / Root cause analysis

4. Checklist Analysis from

historical information / RBS

5. Assumptions Analysis

Explores the validity of assumptions as they apply

to the project

27

11.2 Identify Risk T & T

6. Diagramming Techniques

• Cause-and-effect (fishbone diagrams / Ishikawa diagrams)

Trace the problem’s source back to its “actionable root

cause”

28

11.2 Identify Risk T & T

6. Diagramming Techniques

• Flowcharting (Process Map) a graphical representation of

a process showing the relationships among process steps

and display the sequence of steps

29

11.2 Identify Risk T & T

6. Diagramming Techniques

• Influence diagrams. A graphical representations of

situations showing causal influences, time ordering of

events, and other relationships among variables and

outcomes.

30

11.2 Identify Risk T & T

7. SWOT Analysis

This analysis looks at the project to identify its strengths and

weaknesses and thereby identify risks

31

11.2 Identify Risk Outputs

Risk Register

• List of identified risks

• List of potential responses

• Root causes of risks

• Updated risk categories

32

Risk Register Template

33

11.3 Perform Qualitative Risk

Analysis

34

11.3 Perform Qualitative Risk Analysis

The process of prioritizing risks for further analysis

or action by assessing and combining their

probability of occurrence and impact.

35

36

11.3 Perform Qualitative Risk Analysis Inputs

1. Risk Management Plan

2. Scope Baseline

3. Risk Register

4. EEF

5. OPA

37

11.3 Perform Qualitative Risk Analysis T & T

1. Probability and Impact Assessment

investigates the likelihood and impact for each risk

2. Risk Probability and Impact Matrix

38

11.3 Perform Qualitative Risk Analysis T & T

2. Risk Data Quality Assessment evaluate project data

3. Risk Categorization RBS

4. Risk Urgency Assessment

Risks requiring near-term responses may be

considered more urgent to address

2. Expert Judgment

39

11.3 Perform Qualitative Risk Analysis Outputs

Risk Register

Updates

• Risk ranking for the project compared

to other projects

• List of prioritized risks and their

probability and impact

• Risk grouped by categories

• List of risks for additional analyses and

responses

• Watch list (noncritical risks)

• List of risks need analyses in the near

term

40

11.4 Perform Quantitative Risk

Analysis

41

11.4 Perform Quantitative Risk Analysis

The process of numerically analyzing the effect of

identified risks on overall project objectives.

42

43

11.4 Perform Quantitative Risk Analysis Inputs

1. Risk Management Plan

2. Cost Management Plan

3. Schedule Management Plan

4. Risk Register

5. EEF

6. OPA

44

11.4 Perform Quantitative Risk Analysis T & T

1. Data Gathering and Representation Techniques

• Interviews with experts using 3 point estimating for

cost & time

45

11.4 Perform Quantitative Risk Analysis T & T

1. Data Gathering and Representation Techniques

• Probability distributions. Using simulation software

46

11.4 Perform Quantitative Risk Analysis T & T

2. Quantitative Risk Analysis and Modeling Techniques

• Sensitivity analysis ( tornado diagram )

Determine which risks have the most potential impact.

Change one element and freeze the others to see the relationship

47

11.4 Perform Quantitative Risk Analysis T & T

2. Quantitative Risk Analysis and Modeling Techniques

• Expected monetary value analysis(Decision Tree Diagram)

• Modeling and simulation

48

11.4 Perform Quantitative Risk Analysis Outputs

Project

Documents

Updates

• Probabilistic analysis of the project

• Probability of achieving cost and

time objectives

• Prioritized list of quantified risks

• Trends in quantitative risk analysis

results

• Initial amount of contingency time

and cost reserves needed

49

11.5 Plan Risk Responses

50

11.5 Plan Risk Responses

The process of developing options and actions to

enhance opportunities and to reduce threats to

project objectives.

• Do something to eliminate the threats before they happen.

• Do something to make sure the opportunities happen.

• Decrease the probability and/ or impact of threats.

• Increase the probability and/ or impact of opportunities.

51

52

11.5 Plan Risk Responses T & T

1. Strategies for Negative Risks or Threats

Avoidance:

• Risk prevention

• Changing the plan to eliminate a risk

by avoiding the cause/source of risk

Examples:

Change the implementation strategy

Do it ourselves (do not subcontract)

Reduce scope to avoid high risk deliverables

Adopt a familiar technology or product

53

11.5 Plan Risk Responses T & T

1. Strategies for Negative Risks or Threats

Mitigation

• Seeks to reduce the impact or probability of the risk

• Take early actions to reduce impact/probability and

don’t wait until the risk hits your project

• Examples:

Staging - More testing

Redundancy planning

Use more qualified resources

54

11.5 Plan Risk Responses T & T

1. Strategies for Negative Risks or Threats

Transfer

• Shift responsibility of risk consequence to another party

• Does not eliminate risk

• Most effective in dealing with

financial exposure

• Examples:

Buy/subcontract: move liabilities

Insurance: liabilities + bonds + Warranties

Selecting type of Procurement contracts: Fixed Price

55

11.5 Plan Risk Responses T & T

1. Strategies for Negative Risks or Threats

Acceptance

• Used when project plan cannot be changed

& other risk response strategy cannot be

used

Active Acceptance

• Develop a contingency plan to execute if the risk occur

• Contingency plan = be ready with Plan B

Passive Acceptance

• Deal with the risks as they occur = No Plan B prepared

56

11.5 Plan Risk Responses T & T

2. Strategies for Positive Risks or Opportunities

• Exploit :

Ensure opportunity is realized.

Ex: Assigning organization most talented resources to the

project to reduce cost lower than originally planned.

• Share

• Allocating some or all of the ownership to third part best

able to capture the opportunity.

Ex: Joint ventures, special-purpose companies

57

11.5 Plan Risk Responses T & T

2. Strategies for Positive Risks or Opportunities

• Enhance:

Increase the probability and/or the positive impact of

the opportunity

Ex: Adding more resources to finish early

Accept:

Welling to take advantage of opportunity if it comes, but not

actively pursuing it.

3. Contingent Response Strategies.

4. Expert Judgment.

58

11.5 Plan Risk Responses Outputs

1. Project Management Plan Updates

2. Project Documents Updates

• Residual risks These are the risks that remain after

risk response planning

• Contingency plans are plans describing the actions

that will be taken if the opportunity or threat occurs.

• Fallback plans These plans are specific actions that

will be taken if the contingency plans are not effective.

• Risk owners the person who will be assigned to carry

out the risk response

59

• Secondary risks Any new risks created by the

implementation of selected risk responses.

• Risk triggers These are events that trigger the

contingency response. The early warning signs for each

risk.

• Contracts Before the contract is finalized, the project

manager should have completed a risk analysis and

included contract terms and conditions required.

• Reserves (contingency) Having reserves for time and

cost is required

(known-unknown) (unknown-unknown)

60

What do you do with noncritical risks?

Document them in a watch list and revisit them periodically

Would you choose only one risk response strategy?

No, you can select a combination of choices.

What risk management activities are done during the

execution of the project?

Watching out for watch-listed (noncritical) risks that

increase in importance, and looking for new risks.

What is the most important item to address in project team

meetings?

Risk.

61

11.6 Control Risk

62

11.6 Control Risk

The process of implementing risk response plans,

tracking identified risks, monitoring residual risks,

identifying new risks, and evaluating risk process

effectiveness throughout the project.

63

64

11.6 Control Risk Inputs

1. Risk Register

2. Project Management Plan

3. Work Performance Data

4. Work Performance Reports

65

11.6 Control Risk T & T

• Workarounds are unplanned responses developed to

deal with the occurrence of unanticipated events or problems

on a project (or to deal with risks that had been accepted )

• Risk Reassessment.

• Risk Audit.

• Variance and Trend Analysis to compare the planned

results to the actual results.

Technical Performance Measurement.

compares technical accomplishments during execution to

The schedule of technical achievement.

• Reserve Analysis.

• Meetings

66

11.6 Control Risk Outputs

1. Work Performance Information

2. Change Requests• Recommended corrective actions

• Recommended preventive actions

3. Project Management Plan Updates

4. Project Documents

Updates

Risk Register Updates

• Outcomes from risk assessment & risk

audit.

• Results of risk response implementation.

• Closing of risks which are not applicable.

5. OPA

Questions

67

1. All of the following are factors in the assessment of

project risk EXCEPT:

A. Risk events.

B. Risk probability.

C. Amount at stake.

D. Insurance premiums.

Questions

68

1. All of the following are factors in the assessment of

project risk EXCEPT:

A. Risk events.

B. Risk probability.

C. Amount at stake.

D. Insurance premiums.

Answer : D

Questions

69

2. If a project has a 60 percent chance of a US $100,000

profit and a 40 percent chance of a US $100,000 loss, the

expected monetary value (EMV) for the project is:

A. $100,000 profit.

B. $60,000 loss.

C. $20,000 profit.

D. $40,000 loss.

Questions

70

2. If a project has a 60 percent chance of a US $100,000

profit and a 40 percent chance of a US $100,000 loss, the

expected monetary value (EMV) for the project is:

A. $100,000 profit.

B. $60,000 loss.

C. $20,000 profit.

D. $40,000 loss.

Answer : C

Questions

71

3. Assuming that the ends of a range of estimates are +/- 3

sigma from the mean, which of the following range

estimates involves the LEAST risk?

A. 30 days, plus or minus 5 days

B. 22 to 30 days

C. Optimistic = 26 days, most likely = 30 days, pessimistic

= 33 days

D. Mean of 28 days

Questions

72

3. Assuming that the ends of a range of estimates are +/- 3

sigma from the mean, which of the following range

estimates involves the LEAST risk?

A. 30 days, plus or minus 5 days

B. 22 to 30 days

C. Optimistic = 26 days, most likely = 30 days, pessimistic

= 33 days

D. Mean of 28 days

Answer : C

Questions

73

4. If a risk has a 20 percent chance of happening in a given

month, and the project is expected to last five months, what

is the probability that this risk event will occur during the

fourth month of the project?

A. Less than 1 percent

B. 20 percent

C. 60 percent

D. 80 percent

Questions

74

4. If a risk has a 20 percent chance of happening in a given

month, and the project is expected to last five months, what

is the probability that this risk event will occur during the

fourth month of the project?

A. Less than 1 percent

B. 20 percent

C. 60 percent

D. 80 percent

Answer : B

Questions

75

5. Most of the risks will be identified during which risk

management processes?

A. Perform Quantitative Risk Analysis and Identify Risks.

B. Identify Risks and Control Risks/

C. Perform Qualitative Risk Analysis and Control Risks.

D. Identify Risks and Perform Qualitative Risk Analysis.

Questions

76

5. Most of the risks will be identified during which risk

management processes?

A. Perform Quantitative Risk Analysis and Identify Risks.

B. Identify Risks and Control Risks/

C. Perform Qualitative Risk Analysis and Control Risks.

D. Identify Risks and Perform Qualitative Risk Analysis.

Answer : B

Questions

77

6. Risk tolerances are determined in order to help:

A. The team rank the project risks.

B. The project manager estimate the project.

C. The team schedule the project.

D. Management know how other managers will act on the

project.

Questions

78

6. Risk tolerances are determined in order to help:

A. The team rank the project risks.

B. The project manager estimate the project.

C. The team schedule the project.

D. Management know how other managers will act on the

project.

Answer : A

Questions

79

7. Purchasing insurance is BEST considered an example of

risk:

A. Mitigation.

B. Transfer.

C. Acceptance.

D. Avoidance.

Questions

80

7. Purchasing insurance is BEST considered an example of

risk:

A. Mitigation.

B. Transfer.

C. Acceptance.

D. Avoidance.

Answer : B

Questions

81

8. Workarounds are determined during which risk

management process?

A. Identify Risks

B. Perform Quantitative Risk Analysis

C. Plan Risk Responses

D. Control Risks

Questions

82

8. Workarounds are determined during which risk

management process?

A. Identify Risks

B. Perform Quantitative Risk Analysis

C. Plan Risk Responses

D. Control Risks

Answer : D

Questions

83

9. A project manager analyzed the quality of risk data and

asked various stakeholders to determine the probability

and impact of a number of risks. He is about to move to the

next process of risk management. Based on this

information, what has the project manager forgotten to do?

A. Evaluate trends in risk analysis.

B. Identify triggers.

C. Provide a standardized risk rating matrix.

D. Create a fallback plan.

Questions

84

9. A project manager analyzed the quality of risk data and

asked various stakeholders to determine the probability

and impact of a number of risks. He is about to move to the

next process of risk management. Based on this

information, what has the project manager forgotten to do?

A. Evaluate trends in risk analysis.

B. Identify triggers.

C. Provide a standardized risk rating matrix.

D. Create a fallback plan.

Answer : C

Questions

85

10. A project manager is quantifying risk for her project.

Several of her experts are off-site, but wish to be included.

How can this be done?

A. Use Monte Carlo analysis using the Internet as a tool.

B. Apply the critical path method.

C. Determine options for recommended corrective action.

D. Use the Delphi technique.

Questions

86

10. A project manager is quantifying risk for her project.

Several of her experts are off-site, but wish to be included.

How can this be done?

A. Use Monte Carlo analysis using the Internet as a tool.

B. Apply the critical path method.

C. Determine options for recommended corrective action.

D. Use the Delphi technique.

Answer : D

Questions

87

11. A system development project is nearing project dosing

when a previously unidentified risk is discovered. This could

potentially affect the project's overall ability to deliver. What

should be done NEXT?

A. Alert the project sponsor of potential impacts to cost,

scope, or schedule.

B. Qualify the risk.

C. Mitigate this risk by developing a risk response plan.

D. Develop a workaround.

Questions

88

11. A system development project is nearing project dosing

when a previously unidentified risk is discovered. This could

potentially affect the project's overall ability to deliver. What

should be done NEXT?

A. Alert the project sponsor of potential impacts to cost,

scope, or schedule.

B. Qualify the risk.

C. Mitigate this risk by developing a risk response plan.

D. Develop a workaround.

Answer : BQualify it because it is not happened yet , only identified. So workaround

is not correct.

Questions

89

12. During project executing, a major problem occurs that

was not included in the risk register. What should you do

FIRST?

A. Create a workaround.

B. Reevaluate the Identify Risks process.

C. Look for any unexpected effects of the problem.

D. Tell management.

Questions

90

12. During project executing, a major problem occurs that

was not included in the risk register. What should you do

FIRST?

A. Create a workaround.

B. Reevaluate the Identify Risks process.

C. Look for any unexpected effects of the problem.

D. Tell management.

Answer : A

Questions

91

13. A watch list is an output of which risk management

process?

A. Plan Risk Responses

B. Perform Quantitative Risk Analysis

C. Perform Qualitative Risk Analysis

D. Plan Risk Management

Questions

92

13. A watch list is an output of which risk management

process?

A. Plan Risk Responses

B. Perform Quantitative Risk Analysis

C. Perform Qualitative Risk Analysis

D. Plan Risk Management

Answer : CA watch list is made up of low-priority risks that, in the Perform Qualitative

Risk Analysis process

Questions

93

14. While preparing your risk responses, you identify

additional risks. What should you do?

A. Add reserves to the project to accommodate the new risks and notify

management.

B. Document the risk items and calculate the expected monetary value

based on the probability and impact of the occurrences.

C. Determine the risk events and the associated costs, then add the cost

to the project budget as a reserve.

D. Add a 10 percent contingency to the project budget and notify the

customer.

Questions

94

14. While preparing your risk responses, you identify

additional risks. What should you do?

A. Add reserves to the project to accommodate the new risks and notify

management.

B. Document the risk items and calculate the expected monetary value

based on the probability and impact of the occurrences.

C. Determine the risk events and the associated costs, then add the cost

to the project budget as a reserve.

D. Add a 10 percent contingency to the project budget and notify the

customer.

Answer : B