SlideShare uma empresa Scribd logo
1 de 70
Baixar para ler offline
1
Prepared by: Amer Elbaz
PMI-PMP& PMI-RMP
The GUIDE for Understating
Risk Management
Prepared by:
Amer Elbaz
Checked and Approved by:
Alaa Sultan
2
Prepared by: Amer Elbaz
PMI-PMP& PMI-RMP
PROJECT RISK MANAGEMENT
1. Project Risk Management includes the processes of conducting risk management planning,
identification, analysis, response planning, and controlling risk on a project.
2. The objectives of project risk management are to increase the likelihood and impact of positive
events, and decrease the likelihood and impact of negative events in the project.
3. the Project Risk Management processes, which are as follows:
A. 11.1 Plan Risk Management—The process of defining how to conduct risk management
activities for a project.
B. 11.2 Identify Risks—The process of determining which risks may affect the project and
documenting their characteristics.
C. 11.3 Perform Qualitative Risk Analysis—The process of prioritizing risks for further
analysis or action by assessing and combining their probability of occurrence and impact.
D. 11.4 Perform Quantitative Risk Analysis—The process of numerically analyzing the
effect of identified risks on overall project objectives.
E. 11.5 Plan Risk Responses—The process of developing options and actions to enhance
opportunities and to reduce threats to project objectives.
F. 11.6 Control Risks—The process of implementing risk response plans, tracking identified
risks, monitoring residual risks, identifying new risks, and evaluating risk process
effectiveness throughout the project.
4. Project risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one
or more project objectives such as scope, schedule, cost, and quality.
5. A risk may have one or more causes and, if it occurs, it may have one or more impacts.
6. A cause may be a given or potential requirement, assumption, constraint, or condition that creates the
possibility of negative or positive outcomes.
7. For example, causes could include the requirement of an environmental permit to do work, or having
limited personnel assigned to design the project.
8. Risk conditions may include aspects of the project’s or organization’s environment that contribute to
project risk, such as immature project management practices, lack of integrated management systems,
concurrent multiple projects, or dependency on external participants who are outside the project’s direct
control.
9. Known risks are those that have been identified and analyzed, making it possible to plan responses for
those risks.
10. Known risks that cannot be managed proactively, should be assigned a contingency reserve.
11. Unknown risks cannot be managed proactively and therefore may be assigned a management
reserve.
12. A negative project risk that has occurred is considered an issue.
13. Individual project risks are different from overall project risk.
14. Overall project risk represents the effect of uncertainty on the project as a whole. It is more than the
sum of the individual risks within a project, since it includes all sources of project uncertainty.
15. Organizations perceive risk as the effect of uncertainty on projects and organizational objectives.
16. Organizations and stakeholders are willing to accept varying degrees of risk depending on their risk
attitude.
3
Prepared by: Amer Elbaz
PMI-PMP& PMI-RMP
17. The risk attitudes of both the organization and the stakeholders may be influenced by a number of factors,
which are broadly classified into three themes:
A. Risk appetite, which is the degree of uncertainty an entity is willing to take on
in anticipation of a reward.
B. Risk tolerance, which is the degree, amount, or volume of risk that an
organization or individual will withstand.
C. Risk threshold, which refers to measures along the level of uncertainty or the
level of impact at which a stakeholder may have a specific interest. Below that
risk threshold, the organization will accept the risk. Above that risk threshold,
the organization will not tolerate the risk.
18. an organization’s risk attitude may include its appetite for uncertainty, its threshold for risk levels
that are unacceptable, or its risk tolerance at which point the organization may select a different risk
response.
19. Positive and negative risks are commonly referred to as opportunities and threats.
20. The project may be accepted if the risks are within tolerances and are in balance with the rewards
that may be gained by taking the risks.
21. Positive risks that offer opportunities within the limits of risk tolerances may be pursued in order
to generate enhanced value.
22. For example, adopting an aggressive resource optimization technique is a risk taken in
anticipation of a reward for using fewer resources.
23. Individuals and groups adopt attitudes toward risk that influence the way they respond.
24. These risk attitudes are driven by perception, tolerances, and other biases, which should be made
explicit wherever possible.
4
Prepared by: Amer Elbaz
PMI-PMP& PMI-RMP
CHAPTER 1: INTRODUCTION
This chapter includes the following sections:
1.1 Purpose of the Practice Standard for Project Risk Management
1.2 Project Risk Management Definition
1.3 Role of Project Risk Management in Project Management
1.4 Good Risk Management Practice
1.5 Critical Success Factors for Project Risk Management
1.1 Purpose of the Practice Standard for Project Risk Management
The purpose of the Practice Standard for Project Risk Management is
1. provide a standard for project management practitioners and other stakeholders that defines the
aspects of Project Risk Management that are recognized as good practice on most projects most
of the time and
2. provide a standard that is globally applicable and consistently applied. This practice standard
has a descriptive purpose rather than one used for training or educational purposes.
Figure 1-1. Hierarchy of PMI Project Risk Management Resources
This practice standard is organized in three main sections:
1. Introductory material including the framework, purpose, principles, context of, and
introduction to Project Risk Management processes as defined in the PMBOK®
Guide –
Fourth Edition.
2. Principles underlying the six Project Risk Management processes in the PMBOK® Guide –
Fourth Edition. The six processes are as follows:
A. Plan Risk Management,
B. Identify Risks,
C. Perform Qualitative Risk Analysis,
D. Perform Quantitative Risk Analysis,
E. Plan Risk Responses, and
F. Monitor and Control Risks.
Each of these six processes is described in a chapter that addresses the following four topics:
A. purpose and objectives of the process;
B. critical success factors for the process;
C. tools and techniques for the process; and
D. documenting the results of the process.
These principles can and should be stated at a general level for several reasons:
1. Principles are expected to be agreed upon now and to be valid in the future. While tools
and techniques are constantly evolving, the principles have more stability and persistence.
2. Different projects, organizations, and situations will require different approaches to
Project Risk Management.
A. Risk management is a discipline that contains a series of processes to apply to
both large and small projects.
B. Risk management will be more effective if its practice is tailored to the project
and congruent with the organizational culture, processes and assets.
C. There are many different ways of conducting risk management that may comply
with the principles of Project Risk Management as presented in this practice
standard.
3. The principles are applicable to projects carried out in a global context, reflecting the
many business and organizational arrangements between participants.
1.2 Project Risk Management Definition
The definition of Project Risk Management,
A. Project Risk Management includes the processes concerned with conducting risk
management planning, identification, analysis, responses, and monitoring and control on a
project.
B. The objectives of Project Risk Management are to increase the probability and impact of
positive events, and decrease the probability and impact of negative events in the project.”
C. project risk is an uncertain event or condition that, if it occurs, has a positive or negative
effect on a project’s objectives.” Project objectives include scope, schedule, cost, and
quality.
D. Project Risk Management aims to identify and prioritize risks in advance of their
occurrence, and provide action-oriented information to project managers.
E. This orientation requires consideration of events that may or may not occur and are
therefore described in terms of likelihood or probability of occurrence in addition to other
dimensions such as their impact on objectives.
1.3 Role of Project Risk Management in Project Management
A. Project Risk Management is not an optional activity: it is essential to successful project
management.
B. It should be applied to all projects and hence be included in project plans and operational
documents. In this way, it becomes an integral part of every aspect of managing the project,
in every phase and in every process group.
C. Project Risk Management is not a substitute for the other project management processes.
D. Project Risk Management requires that these project management processes (e.g.
scheduling, budgeting, and change management) be performed at the level of the best
practices available.
E. Project Risk Management adds the perspective of project risk to the outputs of those other
processes and adds to their value by taking risk into account.
F. Risk management provides the basis upon which to estimate the amount of cost and
schedule contingency reserves that are needed to cover risk response actions to a required
level of confidence for meeting project objectives.
G. A risk management approach is applicable throughout a project’s life cycle. The earlier in
the project life cycle that the risks are recognized, the more realistic the project plans and
expectations of results will be.
H. Risk management continues to add value as project planning progresses and more
information becomes available about all aspects and components of the project and its
environment, such as stakeholders, scope, time, and cost, as well as the corresponding
assumptions and constraints.
1.4 Good Risk Management Practice
A. Project Risk Management is a valuable component of project management and it enhances
the value of the other project management processes.
B. Project Risk Management should be conducted in a manner consistent with existing
organizational practices and policies.
C. Project Risk Management should be conducted in a way that is appropriate to the project.
D. Project Risk Management should recognize the business challenges as well as the multi-
cultural environment associated with an increasingly global environment including many
joint venture projects and customers, suppliers, and workforces spread around the globe.
E. Project Risk Management should always be conducted on an ethical basis, in keeping with
the Project Management code of ethics or conduct. Honesty, responsibility, realism,
professionalism and fair dealing with others are among the characteristics of successful
Project Risk Management.
F. Effective Project Risk Management benefits from robust communication and consultation
with stakeholders. This enables agreement among stakeholders that Project Risk Management
in general, and risk identification, analysis, and response,
G. Project Risk Management should be conducted on all projects. So ,The degree, level of
detail, sophistication of tools, and amount of time and resources applied to Project Risk
Management should be in proportion to the characteristics of the project under management
and the value that they can add to the outcome.
1.5 Critical Success Factors for Project Risk Management
Figure 1-2. Critical Success Factors for Project Risk Management
Specific criteria for success of each Project Risk Management process are listed in the
chapters dealing with those processes.
The general criteria for success include:
1. Recognize the Value of Risk Management: Project Risk Management should be
recognized as a valuable discipline that provides a positive potential return on investment
for organizational management, project stakeholders (both internal and external), project
management, and team members.
2. Individual Commitment/Responsibility: Project participants and stakeholders should all
accept responsibility for undertaking risk-related activities as required. Risk management
is everybody’s responsibility.
3. Open and Honest Communication: Everyone should be involved in the Project Risk
Management process. Any actions or attitudes that hinder communication about project
risk reduce the effectiveness of Project Risk Management in terms of proactive
approaches and effective decision-making.
4. Organizational Commitment— Organizational commitment can only be established if
risk management is aligned with the organization’s goals and values. Project Risk
Management may require a higher level of managerial support than other project
management disciplines because handling some of the risks will require approval of or
responses from others at levels above the project manager.
5. Risk Effort Scaled to Project: Project Risk Management activities should be consistent
with the value of the project to the organization and with its level of project risk, its scale,
and other organizational constraints. In particular, the cost of Project Risk Management
should be appropriate to its potential value to the project and the organization.
6. Integration with Project Management: Project Risk Management does not exist in a
vacuum, isolated from other project management processes. Successful Project Risk
Management requires the correct execution of the other project management processes.
1.6 Conclusion
A. The principles of Project Risk Management described in this practice standard
should be appropriately applied based on the specifics of a project and the
organizational environment.
B. Project Risk Management provides benefits when it is implemented according to
good practice principles and with organizational commitment to taking the decisions
and performing actions in an open and unbiased manner.
CHAPTER 2: PRINCIPLES AND CONCEPTS
2.1 Introduction
A. This chapter introduces the key ideas required to understand and apply Project Risk Management to
projects following the approach described
B. The execution of the Project Risk Management process is dealt with in subsequent chapters of this
practice standard and so is not discussed here.
2.2 Definition of Project Risk
1. Project risk is an uncertain event or condition that, if it occurs, has a positive or a negative effect on a
project’s objectives.
2. This definition includes two key dimensions of risk: uncertainty and effect on a project’s objectives.
3. The uncertainty dimension may be described using the term “probability” and the effect may be called
“impact” (though other descriptors are possible, such as “likelihood” and “consequence”).
4. The definition of risk includes both distinct events which are uncertain but can be clearly described, and
more general conditions which are less specific but also may give risk to uncertainty.
5. The definition of project risk also encompasses uncertain events which could have a negative effect on a
project’s objectives, as well as those which could have a positive effect.
6. It is important to address both threats and opportunities within a unified Project Risk Management
process. This allows for the gain of synergies and efficiencies such as addressing both in the same analyses
and coordinating the responses to both if they overlap or can reinforce each other.
7. Risks are uncertain future events or conditions which may or may not occur, but which would matter if
they did occur.
8. It is important to distinguish risks from risk-related features, such as cause and effect. Causes are events
or circumstances which currently exist or are certain to exist in the future and which might give rise to risks.
9. Effects are conditional future events or conditions which would directly affect one or more project
objectives if the associated risk occurs.
10. The cause-risk-effect chain can be used in a structured risk statement or risk description to ensure that
each of these three elements is properly described
11. When a risk event occurs, it ceases to become uncertain.
12. Threats which occur may be called issues or problems; opportunities which occur may be called benefits.
13. Both issues/problems and benefits entail project management actions that are outside the scope of the
Project Risk Management process.
2.3 Individual Risks and Overall Project Risk:
 It is useful to consider project risk at two levels: individual risks and overall project risk.
1. Individual risks are specific events or conditions that might affect project objectives.
2. An individual risk may positively or negatively affect one or more of the project objectives, elements,
or tasks.
3. Understanding individual risks can assist in determining how to apply effort and resources to enhance
the chances of project success.
4. Day-to-day Project Risk Management focuses on these individual risks in order to enhance the
prospects of a successful project outcome.
5. Overall project risk represents the effect of uncertainty on the project as a whole.
6. Overall project risk is more than the sum of individual risks on a project, since it applies to the whole
project rather than to individual elements or tasks.
7. Overall project risk represents the exposure of stakeholders to the implications of variations in project
outcome.
8. Overall project risk is an important component of strategic decision-making, program and portfolio
management, and project governance where investments are sanctioned or cancelled and priorities are set.
2.4 Stakeholder Risk Attitudes:
1. The risk attitudes of the project stakeholders determine the extent to which an individual risk or overall
project risk matters.
2. A wide range of factors influence risk attitude, these include the scale of the project within the range of
stakeholders’ overall activities, the strength of public commitments made about the performance of the
project, and the stakeholders’ sensitivity to issues such as environmental impacts, industrial relations, and
other factors.
3. Stakeholder risk attitudes usually result in a desire for increased certainty in project outcomes, and may
express a preference for one project objective over another.
4. How risk is regarded is usually also strongly influenced by an organization’s culture. Different
organizations are more or less open, and this often impacts the way risk management can be applied.
5. Understanding stakeholders’ attitudes toward risk is an important component of risk management
planning that precedes risk identification and analysis, in order to optimize both project success and
stakeholder satisfaction with the project’s results.
6. These attitudes should be identified and managed proactively and deliberately throughout the Project Risk
Management process.
7. It is also important to understand the particular implications of stakeholder risk attitudes on projects
where the team is international, cross-industry, or multi-organizational.
2.5 Iterative Process
1. It is the nature of projects that circumstances change as they are being planned and executed.
2. To ensure that Project Risk Management remains effective, the identification and analysis of risks
should be revisited periodically, the progress on risk response actions should be monitored, and the action
plans adjusted accordingly.
3. The frequency and depth of reviews and updates will depend on the nature of the project, the volatility
of the environment in which the project is being implemented, and the timing of other project
management reviews and updates.
2.6 Communication
1. Project Risk Management cannot take place in isolation. Success relies heavily on communication
throughout the process.
2. Risk identification and analysis depend on comprehensive input from stakeholders in a project to
ensure that nothing significant is overlooked and that risks are realistically assessed.
3. the effective and honest communication from the Project Risk Management process to the rest of the
project team and other project stakeholders.
4. Communication of the results of the Project Risk Management process should be targeted to meet the
specific needs of each stakeholder and should be reflected within the overall project communications
strategy
2.7 Responsibility for Project Risk Management
1. risk management is everyone’s responsibility”
2. Project Risk Management should be included as an integral part of all other project processes. Since
project risks can affect project objectives, anyone with an interest in achieving those objectives should
play a role in Project Risk Management.
3. The specific roles depend on the project team members’ and other stakeholders’ place within the project
and their relation to project objectives.
4. Roles and responsibilities for Project Risk Management should be clearly defined and communicated,
and individuals should be held responsible and accountable for results.
5. the resulting actions required to implement agreed-upon responses and Responsibility should also be
allocated for ensuring that risk-related lessons are captured for future use.
2.8 Project Manager’s Role for Project Risk Management … Very Important
1. The project manager has particular responsibilities in relation to the Project Risk Management
process.
2. The project manager has overall responsibility for delivering a successful project which fully meets
the defined objectives.
3. The project manager is accountable for the day-to-day management of the project, including effective
risk management.
4. The role of the project manager may include:…… Important
1. Encouraging senior management support for Project Risk Management activities.
2. Determining the acceptable levels of risk for the project in consultation with stakeholders.
3. Developing and approving the risk management plan.
4. Promoting the Project Risk Management process for the project.
5. Facilitating open and honest communication about risk within the project team and with
management and other stakeholders.
6. Participating in all aspects of the Project Risk Management process.
7. Approving risk responses and associated actions prior to implementation.
8. Applying project contingency funds to deal with identified risks that occur during the project.
9. Overseeing risk management by subcontractors and suppliers.
10. Regularly reporting risk status to key stakeholders, with recommendations for appropriate
strategic decisions and actions to maintain acceptable risk exposure.
11. Escalating identified risks to senior management where appropriate: such risks include any which
are outside the authority or control of the project manager, any which require input or action from
outside the project, and any for which the release of management reserve funds might be
appropriate.
12. Monitoring the efficiency and effectiveness of the Project Risk Management process.
13. Auditing risk responses for their effectiveness and documenting lessons learned.
CHAPTER 3: INTRODUCTION TO PROJECT RISK
MANAGEMENT PROCESSES
3.1 Project Risk Management and Project Management
1. Uncertainty is inevitable since projects are unique and temporary undertakings based on assumptions and
constraints, delivering project results to multiple stakeholders with different requirements.
2. Project management can control this uncertain environment, through the use of structured and disciplined
techniques such as estimating, planning, cost control, task allocation, earned value analysis, monitoring and
review meetings, etc.
3. Project Risk Management provides an approach by which uncertainty can be understood, assessed, and
managed within projects.
4. The outputs of Project Risk Management should be taken into account within many of the project
management processes. They can, for example, impact:
A. Estimating resource requirements, cost, or duration;
B. Assessing the impact of proposed scope changes;
C. Planning or re-planning the forward strategy of the project;
D. Allocating resources to tasks; and
E. Reporting progress to stakeholders.
5. effective Project Risk Management requires input from other project management processes.
6. Outputs such as the work breakdown structure (WBS), estimates, the project schedule, assumptions list,
etc. are all important prerequisites for effective Project Risk Management.
3.2 Project Risk Management Processes
1. It is essential at the start of the Project Risk Management process to clearly define the objectives and
different levels of risk, so each step in the Project Risk Management process should be scalable to meet the
varying degrees of risk.
2. Scalable elements of the process include:
A. Available resources,
B. Methodology and processes used,
C. Tools and techniques used,
D. Supporting infrastructure,
E. Review and update frequency, and
F. Reporting requirements.
3. Project Risk Management activities, resources, and attention should be appropriate to the project since
different projects warrant different levels of risk management application.
4. The main actions to provide the required tailoring are as follows:
A. Define those objectives against which risks will be identified,
B. Define how the elements of the Project Risk Management process will be scaled for this
project, and
C. Define risk thresholds, tolerances, and the assessment framework.
Project Risk Management Process Flow Diagram
11.1 Plan Risk Management
 Plan Risk Management is the process of defining how to conduct risk management activities for a
project.
 The key benefit of this process is it ensures that the degree, type, and visibility of risk management
are commensurate with both the risks and the importance of the project to the organization.
 The risk management plan is vital to communicate with and obtain agreement and support from all
stakeholders to ensure the risk management process is supported and performed effectively over the
project life cycle.
 Purpose and Objectives of the Plan Risk Management Process are:
1. develop the overall risk management strategy for the project,
2. decide how the risk management processes will be executed,
3. integrate Project Risk Management with all other project management activities.
4. initial risk management planning should be carried out early in the overall planning of the
project.
5. the corresponding risk management activities integrated into the overall project management
plan.
6. The risk management plan may subsequently need to be adapted as the needs of the project and
its stakeholders become clearer or change.
7. the risk management plan should describe how the project budget is evaluated, allocated, and
managed.
8. The project management is a process of progressive elaboration, and repeated throughout the
project.
 There are two categories of success criteria for risk management
1. Project-Related Criteria. To assess the success of Project Risk Management, the stakeholders
must agree
1. on an acceptable level of results for the project-related criteria (such as cost, time, and
scope). In order to ensure consistency and agreement among stakeholders,
2. To provide guidance in risk management, particularly in prioritizing risk responses,
stakeholders should also prioritize each project objective.
2. Process-Related Criteria. The measures for success in Project Risk Management depend on a
number of factors,
1. The level of risk that is considered acceptable in a project depends on the risk attitudes
of the relevant stakeholders.
2. The risk attitudes of both the organization and the stakeholders may be influenced by a
number of factors, all of which need to be identified.
 Guidelines and rules for escalating risk-related information to management and other
stakeholders should reflect the risk attitudes and expectations of the corresponding stakeholders.
 The project manager should maintain effective communication with the stakeholders as the
project evolves, in order to become aware of any changes in the stakeholders’ attitudes and adapt
the risk management approach to take any new facts into account.
 If qualitative analysis uses such terms as “high impact” or “medium probability,” these should be
defined objectively in the risk management plan. Similarly, the risk management plan should
specify any key numerical values required in quantitative analysis or for decision-making in risk
response planning or risk monitoring and control.
 Risk management planning should establish the type and level of risk detail to be addressed and
provide a template of the risk register that will be used for recording risk-related information.
 The risk management plan should also indicate the intensity of effort and the frequency with
which the various Project Risk Management processes should be applied;
In order for the Project Risk Management processes to be carried out correctly and effectively,
 the project team and other stakeholders need to know where and when they will be expected to
participate, their criteria for determining success, their level of authority, and what action to
take relative to actions or decisions beyond this level.
Risk-related communication occurs at two levels:
 within the project team, and between the project team and the other project stakeholders.
 For the team, the plan describes the frequency and scope of the various risk management
meetings and reports required to carry out the corresponding Project Risk Management
processes as well as the structure and content of such meetings and reports.
 For the other stakeholders, the plan sets their expectations as to the structure, content, and
frequency of routine documents to be received
Figure 11-2. Plan Risk Management: Inputs, Tools & Techniques, and Outputs
11.1.1 Plan Risk Management: Inputs
11.1.1.1 Project Management Plan
The risk management plan is a component of the project management plan. The project
management plan provides baseline or current state of risk-affected areas including scope,
schedule, and cost.
11.1.1.2 Project Charter:
The project charter can provide various inputs such as high-level risks, high-level project
descriptions, and high-level requirements.
11.1.1.3 Stakeholder Register
The stakeholder register, which contains all details related to the project’s stakeholders, provides an
overview of their roles.
11.1.1.4 Enterprise Environmental Factors
The enterprise environmental factors include,
 risk attitudes,
 thresholds, and
 tolerances that describe the degree of risk that an organization will withstand.
11.1.1.5 Organizational Process Assets
The organizational process assets that can influence the Plan Risk Management process include,
Project charter
Stakeholder register Meetings
 Risk categories,
 Common definitions of concepts and terms,
 Risk statement formats,
 Standard templates,
 Roles and responsibilities,
 Authority levels for decision making, and
 Lessons learned.
11.1.2 Plan Risk Management: Tools and Techniques
11.1.2.1 Analytical Techniques
 Analytical techniques are used to understand and define the overall risk management context
of the project.
 Risk management context is a combination of stakeholder risk attitudes and the strategic risk exposure of
a given
 Stakeholder risk profile analysis may be performed to grade and qualify the project
stakeholder risk appetite and tolerance.
 Strategic risk scoring sheets, are used to provide a high-level assessment of the risk exposure
of the project based on the overall project context.
11.1.2.2 Expert Judgment
To ensure a comprehensive establishment of the risk management plan, such as:
 Senior management,
 Project stakeholders,
 Project managers who have worked on projects in the same area (directly or through lessons
learned),
 Subject matter experts (SMEs) in business or project area,
 Industry groups and consultants, and
 Professional and technical associations.
11.1.2.3 Meetings
Project teams hold planning meetings to develop the risk management plan. Attendees at these
meetings may include the project manager, selected project team members and stakeholders, anyone in
the organization with responsibility to manage the risk planning and execution activities, and others, as
needed.
4.3 Tools and Techniques for the Plan Risk Management Process
4.3.1 Planning Sessions
 Planning sessions are recommended in order to build a common understanding of the project’s
risk approach between project stakeholders and to gain agreement on the techniques to be used for
managing risk.
 The participants should include: the project manager, selected project team members and other
stakeholders, members of the broader organization having responsibility for risk, and other subject
matter experts or facilitators, as needed.
 The initial risk responsibilities, methodology, templates, terms, definitions, time schedules, and
cost budgets for the other Project Risk Management processes should be assigned and accepted.
 These Session should be documented in the risk management plan, which, when formally
approved,
4.3.2 Templates
In order to benefit from experience and existing best practice, existing templates for work products,
such as risk status reports, risk breakdown structures or the risk register.
D.1.1.3 Risk Statement “Metalanguage”
In order for all risks to be clearly defined, should be specified and applied.
 “Because of <one or more causes>, <risk> might occur, which would lead to <one or more effects>”.
D.1.1.4 Risk Prioritization and Selection Guidelines
The selection and prioritization of risks must be linked to the project objectives.
 reliability takes precedence over time,
 one linked to a resource that will soon disappear should be given greater urgency
11.1.3 Plan Risk Management: Outputs
11.1.3.1 Risk Management Plan
The risk management plan is a component of the project management plan and describes how risk
management activities will be structured and performed. The risk management plan includes the
following:
a. Methodology. Defines the approaches, tools, and data sources that will be used to perform
risk management on the project.
b. Roles and responsibilities. Defines the lead, support, and risk management team members
for each type of activity in the risk management plan, and clarifies their responsibilities.
c. Budgeting. Estimates funds needed, based on assigned resources, for inclusion in the cost
baseline and establishes protocols for application of contingency and management reserves.
d. Timing. Defines when and how often the risk management processes will be performed
throughout the project life cycle,
e. Risk categories. Provide a means for grouping potential causes of risk. for example, a structure
based on project objectives by category. A risk breakdown structure (RBS) helps the project
team to look at many sources from which project risk may arise in a risk identification
exercise.
f. Definitions of risk probability and impact. The quality and credibility of the risk analysis
requires that different levels of risk probability and impact be defined that are specific to the
project context.
g. Probability and impact matrix. is a grid for mapping the probability of each risk
occurrence and its impact on project objectives if that risk occurs.
h. Revised stakeholders’ tolerances. Stakeholders’ tolerances, may be revised in the Plan Risk
Management process.
i.
j. Reporting formats. Reporting formats define how the outcomes of the risk management
process will be documented, analyzed, and communicated.
k. Tracking. Tracking documents how risk activities will be recorded for the benefit of the
current project and how risk management processes will be audited.
4.2 Critical Success Factors for the Plan Risk Management Process
The principal criteria for a valid risk management plan are:
 acceptance by the stakeholders,
 alignment with the internal and external constraints on the project,
 balance between cost or effort and benefit,
 completeness with respect to the needs of the Project Risk Management process.
4.2.1 Identify and Address Barriers to Successful Project Risk Management
 The time and effort required to carry out the Plan Risk Management process will not be supported
unless the stakeholders, and especially management in the organization responsible for the project,
 A clear definition of the project objectives and a high-level view of the project environment and
solution approach are required to provide a valid basis for risk management.
 An organization inexperienced in risk management planning may need to develop its own approach
such as: standard templates, predefined risk categories, and definition of concepts and terms, roles,
responsibilities, and authority levels. Access to relevant lessons learned at this stage will allow this
experience to be taken into account from the start of the project.
 The risk management plan will not deliver its value unless Project Risk Management is carried out as
an integral part of the project.
 The corresponding activities should be built into the project work breakdown structure and included in
the corresponding schedule, budget, and work-assignment documents.
4.2.2 Involve Project Stakeholders in Project Risk Management
 The project manager needs to involve the project stakeholders in the Plan Risk Management activities
to ensure their understanding of, and commitment to, the full Project Risk Management process.
 The provision for risk management resources should be approved by management in accordance with
agreed-upon objectives.
 Management should be involved in the analysis of the level of resourcing required for managing
project risk and accept the risks that may arise from specific limitations placed on the provision of
resources.
 Disagreements between stakeholders in the areas of risk tolerance and evaluation measures should be
addressed and resolved.
4.2.3 Comply with the Organization’s Objectives, Policies, and Practices
The feasibility of risk management planning is: dependent upon
 the features of the organization in which it is carried out.
 The rules and guidelines defined in the risk management plan should be compatible with the culture of the
organization,
 its capabilities from the point of view of people and facilities, and its values, goals, and objectives.
 Project management in general, and risk management in particular, contribute to the organization’s
effective governance. such as strategic risk management or corporate governance processes.
11.2 Identify Risks
 Identify Risks is the process: determining which risks may affect the project and documenting their
characteristics.
 The key benefit of this process is the documentation of existing risks and the knowledge and ability it provides to the
project team to anticipate events.
 Purpose and Objectives of the Identify Risks Process
 Risk cannot be managed unless it is first identified.
 impossible to identify all the risks at the outset of a project.
 to identify risks to the maximum extent that is practicable.
 The fact that some risks are unknowable or emergent requires the Identify Risk process to be iterative,
 repeating the Identify Risks process to find new risks which have become knowable since the previous
iteration of the process.
Figure 11-5. Identify Risks: Inputs, Tools & Techniques, and Outputs
11.2.1 Identify Risks: Inputs
11.2.1.1 Risk Management Plan
 the Identify Risks process are the assignments of roles and responsibilities, provision for risk
management activities in the budget and schedule, and categories of risk, which are sometimes
expressed as a risk breakdown structure
11.2.1.2 Cost Management Plan
 The cost management plan provides processes and controls that can be used to help identify risks
across the project.
Schedule management
Activity cost estimates
Stakeholder register
techniques
11.2.1.3 Schedule Management Plan
 The schedule management plan provides insight to project time/schedule objectives and
expectations which may be impacted by risks (known and unknown).
11.2.1.4 Quality Management Plan
 The quality management plan provides a baseline of quality measures and metrics for use in
identifying risks.
11.2.1.5 Human Resource Management Plan
 The human resource management plan provides guidance on how project human resources should be
defined, staffed, managed, and eventually released. It can also contain roles and responsibilities, project
organization charts, and the staffing management plan, which form a key input to identify risk process.
11.2.1.6 Scope Baseline
 Project assumptions are found in the project scope statement.
 The WBS is a critical input to identifying risks as it facilitates an understanding of the potential risks at both
the micro and macro levels.
11.2.1.7 Activity Cost Estimates
 Activity cost estimate reviews are useful in identifying risks as they provide a quantitative assessment of the
likely cost to complete scheduled activities and ideally are expressed
11.2.1.8 Activity Duration Estimates
 Activity duration estimate reviews are useful in identifying risks related to the time allowances for the
activities or project as a whole, again with the width of the range of such estimates indicating the relative
degree(s) of risk.
11.2.1.9 Stakeholder Register
 Information about the stakeholders is useful for soliciting inputs to identify risks, key stakeholders,
especially the sponsor and customer, are interviewed or otherwise participate during the Identify Risks
process.
11.2.1.10 Project Documents
Project documents provide the project team with information and improve cross-team and stakeholder
communications and include:
 Project charter,
 Project schedule,
 Project schedule network diagrams,
 Issue log,
 Quality checklists, and
 Other information proven to be valuable in identifying risks.
11.2.1.11 Procurement Documents
 the procurement of resources, procurement documents become a key input to the Identify Risks
process.
11.2.1.12 Enterprise Environmental Factors
Enterprise environmental factors include:
 Published information, including commercial databases,
 Academic studies,
 Published checklists,
 Benchmarking,
 Industry studies, and
 Risk attitudes.
11.2.1.13 Organizational Process Assets
Organizational process assets n include :
 Project files, including actual data,
 Organizational and project process controls,
 Risk statement formats or templates,
 Lessons learned.
11.2.2 Identify Risks: Tools and Techniques
11.2.2.1 Documentation Reviews
A structured review of the project documentation may be performed,
11.2.2.2 Information Gathering Techniques
Examples of information gathering techniques used in identifying risks can include:
• Brainstorming.
 The goal of brainstorming is to obtain a comprehensive list of project risks.
 Risk is generated under the leadership of a facilitator,
 Categories of risk, such as in a risk breakdown structure,
• Delphi technique.
 The Delphi technique is a way to reach a consensus of experts.
 Project risk experts participate in this technique anonymously.
 A facilitator uses a questionnaire to solicit ideas
 The Delphi technique helps reduce bias in the data and keeps any one person from
having undue influence on the outcome.
• Interviewing.
 Interviewing experienced project participants, stakeholders, and subject matter experts
helps to identify risks.
• Root cause analysis.
 Root-cause analysis is a specific technique used to identify a problem, discover the
underlying causes that lead to it, and develop preventive action.
11.2.2.3 Checklist Analysis
 Risk identification checklists are developed based on historical information and
knowledge
 The lowest level of the RBS can also be used as a risk checklist.
 The checklist should be reviewed during project closure to incorporate new
lessons learned and improve it for use on future projects.
11.2.2.4 Assumptions Analysis
 Assumptions analysis is identifying risks to the project from inaccuracy,
instability, inconsistency, or incompleteness of assumptions.
11.2.2.5 Diagramming Techniques
Risk diagramming techniques may include:
 Cause and effect diagrams: known as Ishikawa or fishbone diagrams and are
useful for identifying causes of risks.
 System or process flow charts. To show how various elements of a system
interrelate and the mechanism of causation.
 Influence diagrams. These are graphical representations of situations showing
causal influences, time ordering of events, and other relationships among
variables and outcomes, as shown
11.2.2.6 SWOT Analysis
 This technique examines the project from each of the strengths, weaknesses, opportunities, and threats
(SWOT) perspectives to increase the breadth of identified risks by including internally generated risks.
 The technique starts with identification of strengths and weaknesses of the organization, focusing on
either the project, organization, or the business area in general.
 SWOT analysis then identifies any opportunities for the project that arise from organizational strengths,
and any threats arising from organizational weaknesses.
 The analysis also examines the degree to which organizational strengths offset threats, as well as
identifying opportunities that may serve to overcome weaknesses.
11.2.2.7 Expert Judgment
 Risks may be identified directly by experts with relevant experience with similar projects or
business areas.
 previous experience and areas of expertise. The experts’ bias should be taken into account in
this process.
5.3 Tools and Techniques for the identify Risks Process:
5.3.1 Historical Review ===Past === Identification Cheek list:
1. Historical reviews are based on what occurred in the past, either on this project, or other similar
projects
2. Historical review approaches rely on careful selection of comparable situations
3. The risks identified in the selected historical situation should be considered,
5.3.2 Current Assessments === Present === Assumptions analysis:
1. Current assessments rely on detailed consideration of the current project to expose areas of
uncertainty.
2. current assessment techniques do not rely on outside reference points,
5.3.3 Creativity Techniques === Future === Brainstorming:
1. A wide range of creativity techniques can be used for risk identification,
2. The outcomes or effectiveness of these techniques depend on the ability of participants to think
creatively.
3. These techniques depend on the ability of participants to think creatively, and their success is
enhanced by use of a skilled facilitator.
4. E ach category of risk identification technique has strengths and weaknesses, and no single technique
can be expected to reveal all knowable risks.
For example,
1. a project may choose to use a risk identification checklist (historical review), together with assumptions
analysis (current assessment) and brainstorming (creativity).
Note:
1. Risk breakdown structure Use to organizes the categories of potential risks on the project,
2. a prompt list, or a set of generic list categories may assist in ensuring that as many sources of risk as
practicable have been addressed, while recognizing that no such tools are complete nor can they replace
original thinking.
3. Use of structured risk descriptions can ensure clarity, Risk meta-language offers: a useful way of
distinguishing a risk from its cause(s) and effect(s), describing each risk using three-part statements in the
form: “As a result of cause, risk may occur, which would lead to effect.” The relationship between cause,
risk, and effect
Figure 5-2. Cause, Risk, and Effect
D.2 Techniques, Examples and Templates for Identify Risks
Identify Risks is carried out in order to develop a comprehensive list of all knowable
uncertainties that could have an effect on the project’s objectives.
D.2.1.1 Assumptions and Constraints Analysis:
 List assumptions and constraints for the project and generate a risk,
D.2.1.2 Brainstorming
 Brainstorming is commonly used in a facilitated risk identification workshop to identify risks.
D.2.1.3 Cause and Effect (Ishikawa) Diagrams
 when using this technique for risk identification to distinguish between risks (uncertain causes of
the impact) and issues (certain causes of the impact).
D.2.1.4 Checklists
 Checklists are compiled to capture previous project experience and allow it to be used for
subsequent similar projects and It is useful to present the checklist as a set of risks
D.2.1.5 Delphi Technique
 The Delphi technique uses a facilitated anonymous polling of subject matter experts to identify
risks in their area of expertise by The facilitator
D.2.1.6 Document Review
 Risks can be identified through careful review of project documentation, including the project
charter, statement of work, contract terms and conditions, subcontracts, technical specifications,
regulatory requirements, legal stipulations etc (where relevant).
D.2.1.7 FMEA/Fault Tree Analysis
Failure Modes and Effects Analysis (FMEA) or Fault Tree Analysis is
1. the analysis of a model structured to identify the various elements that can cause system failure by
themselves, or in combination with others,
2. Fault tree analysis is typically used in engineering contexts.
3. It can be adapted for use to identify risks by analyzing how risk impacts might arise.
4. Another result is the probability of failure (or of reliability, mean time between failure, etc.) of the
overall system, indicating the level of quality of the system or product.
D.2.1.8 Force Field Analysis
 Force Field Analysis is typically used in the change management context risk identification by
identifying driving forces (“forces for change”) and restraining forces (“forces against
change”)
D.2.1.9 Industry Knowledge Base
 An industry knowledge base is a special case of a checklist and is used similarly.
D.2.1.10 Influence Diagrams it is:
1. a diagrammatic representation of a project situation, showing the main entities, decision points,
uncertainties, and outcomes, and indicating the relationships (influences) between them.
2. The influence diagram can identify risks when combined with sensitivity analysis or Monte Carlo
simulation to reveal sources of risk within the project.
D.2.1.11 Interviews
Risk identification interviews
1. all main stakeholders be conducted by an independent skilled interviewer using a structured agenda,
in an atmosphere of confidentiality, honesty, and mutual trust.
2. A risk breakdown structure, checklist or prompt list can be used as a framework for risk interviews.
D.2.1.12 Nominal Group Technique
 The Nominal Group Technique is an adaptation of brainstorming
D.2.1.13 Post-Project Reviews/Lessons Learned/Historical Information
 databases might arise from post-project reviews or lessons learned exercises.
D.2.1.14 Prompt Lists
1. A prompt list is a set of risk categories which can be used to stimulate risk identification.
2. The prompt list may be presented as a risk breakdown structure
D.2.1.15 Questionnaire
 A risk identification questionnaire can be presented as a special form of checklist “Is the client’s
requirement clearly defined?”)
D.2.1.16 Risk Breakdown Structure (RBS)
 The risk breakdown structure (RBS) is a hierarchical framework of potential sources of risk to a project
D.2.1.17 Root-Cause Analysis
1. A root cause analysis seeks to identify basic causes of risks that may be visible symptoms of more
fundamental forces.
2. care needs to be taken when using this technique for risk identification to distinguish between risks
(uncertain causes of the impact) and issues (certain causes of the impact).
D.2.1.18 SWOT Analysis
1. SWOT Analysis identifies four characteristics of a given situation: strengths, weaknesses,
opportunities and threats.
2. The technique is commonly used in strategic decision making.
3. It can be adapted for risk identification by changing the interpretation of the four perspectives, such
that strengths and weaknesses relate to the characteristics of the organization conducting the project,
and opportunities and threats identify the project risks.
4. The technique is particularly useful for identifying internally-generated risks arising from within the
organization.
D.2.1.19 System Dynamics
 System dynamics (SD) is model represents entities and information flows within a project, and analysis
of the model can reveal feed-back and feed-forward loops which lead to uncertainty or instability.
D.2.1.20 WBS Review
 The work breakdown structure (WBS) for a project can form a framework for a number of other risk
identification techniques, such as brainstorming, risk interviews, checklists or prompt lists.
Risk 0-risk-guide book for pmi-rmp by amer elbaz
11.2.3 Identify Risks: Outputs
11.2.3.1 Risk Register
 The primary output from Identify Risks is the initial entry into the risk register.
 List of identified risks.
 The identified risks are described in as much detail as is reasonable. For example,
EVENT may occur causing IMPACT, or If CAUSE exists, EVENT may occur leading
to EFFECT.
 In addition to the list of identified risks, the root causes of those risks may become
more evident.
 These are the fundamental conditions or events that may give rise to one or more
identified risks. They should be recorded and used to support future risk identification
for this and other projects.
 List of potential responses.
 Potential responses to a risk may sometimes be identified during the Identify Risks
process.
 These responses, if identified in this process, should be used as inputs to the Plan Risk
Responses process.
5.2 Critical Success Factors for the Identify Risks Process
The practices described:
 maximize the value and effectiveness of the Identify Risks process and enhance the likelihood of
identifying as many risks as practicable.
5.2.1 Early Identification
 Risk identification should be performed as early as possible in the project lifecycle
 Early risk identification enables key project decisions to take maximum account of risks inherent in
the project, and may result in changes to the project strategy.
 maximizes the time available for development and implementation of risk responses, which
enhances efficiency.
5.2.2 Iterative Identification:
 The risk identification is repeated throughout the project life cycle.
 It should be done periodically, at a frequency determined during the Plan Risk Management
process.
 Risk identification might also be repeated at key milestones in the project, or whenever there is
significant change to the project or its operating environment.
5.2.3 Emergent Identification:
 In addition to invoking the Identify Risks process, the Project Risk Management process should permit
risks to be identified at any time,
5.2.4 Comprehensive Identification:
 A broad range of sources of risk should be considered to ensure that many uncertainties that might affect
objectives have been identified.
5.2.5 Explicit Identification of Opportunities:
 The Identify Risks process should ensure opportunities are properly considered.
5.2.6 Multiple Perspectives:
 The Identify Risks process should take input from a broad range of project stakeholders to ensure that all
perspectives are represented and considered.
5.2.7 Risks Linked to Project Objectives:
 Each identified project risk should relate to at least one project objective (time, cost, quality, scope, etc.).
 Defines risk as an uncertain event or condition that, if it occurs, has a positive or a negative effect on a
project’s objectives.
 Noting that some risks may affect more than one objective.
5.2.8 Complete Risk Statement
 Identified risks should be clearly and unambiguously described.
 Single words or phrases such as “resources” or “logistics” are inadequate and do not properly communicate
the nature of the risk. 26
5.2.9 Ownership and Level of Detail:
 Risks can be identified at a number of levels of detail.
 A generalized or high-level description of risk can make it difficult to develop responses and assign
ownership,
 Describing risks in a lot of detail can create a great deal of work.
 Each risk should be described at a level of detail at which it can be assigned to a single risk owner
with clear responsibility and accountability for its management.
 Trigger conditions should also be identified where this is possible and appropriate.
5.2.10 Objectivity:
 All human activities are susceptible to bias
 motivational biases, where someone is trying to bias the result in one direction or another
 cognitive biases, where biases occur as people are using their best judgment and applying heuristics, may
occur.
 Sources of bias should be exposed wherever possible, and their effect on the risk process should be
managed proactively.
 The aim is to minimize subjectivity, and allow open and honest identification of as many risks as possible
to the project.
5.4 Documenting the Results of the Identify Risks Process
1. The results from the Identify Risks process should be recorded in order to capture all relevant information
currently available for each identified risk.
2. The main output from the Identify Risks process
 is the risk register.
 structured risk description
 the nominated risk owner for each risk,
 Information on the causes and effects of the risk,
 trigger conditions, and preliminary responses.
11.3 Perform Qualitative Risk Analysis
 Perform Qualitative Risk Analysis is
 the process of prioritizing risks for further analysis or action by assessing and combining their
probability of occurrence and impact.
 The key benefit of this process is
 it enables project managers to reduce the level of uncertainty and to focus on high-priority risks.
 Perform Qualitative Risk Analysis assesses the priority of identified risks using their
relative probability or likelihood of occurrence, such assessments reflect the risk attitude
of the project team and other stakeholders.
 Effective assessment therefore requires explicit identification and management of the risk
approaches of key participants in the Perform Qualitative Risk Analysis process.
 Perform Qualitative Risk Analysis is usually a rapid and regularly throughout the project
life cycle,
6.1 Purpose and Objectives of the Perform Qualitative Risk Analysis Process
1. The Perform Qualitative Risk Analysis process assesses and evaluates characteristics of individually
identified project risks and prioritizes risks based on agreed-upon characteristics.
2. Assessing individual risks using qualitative risk analysis evaluates the probability that each risk will
occur and the effect of each individual risk on the project objectives.
3. it does not directly address the overall risk to project objectives that results from the combined effect of
all risks and their potential interactions with each other.
4. to categorize risks according to their sources or causes.
5. Risks that are assessed as high priority to either threaten or to enhance the achievement of project
objectives will be an important focus in the Plan Risk Responses process.
Perform Qualitative Risk Analysis: Inputs, Tools & Techniques, and Outputs
11.3.1 Perform Qualitative Risk Analysis: Inputs
11.3.1.1 Risk Management Plan
 Key elements of the risk management plan used in the Perform Qualitative Risk Analysis process
include roles and responsibilities for conducting risk management, budgets, schedule activities
for risk management, risk categories, definitions of probability and impact, the probability and
impact matrix, and revised stakeholders’ risk tolerances.
11.3.1.2 Scope Baseline
 Projects using state-of-the-art or first-of-its-kind technology, and highly complex projects, tend
to have more uncertainty.
11.3.1.3 Risk Register
 The risk register contains the information that will be used to assess and prioritize risks.
11.3.1.4 Enterprise Environmental Factors
Enterprise environmental factors may provide insight and context to the risk assessment, such as:
 Industry studies of similar projects by risk specialists, and
 Risk databases that may be available from industry or proprietary sources.
11.3.1.5 Organizational Process Assets
 The organizational process assets that can influence the Perform Qualitative Risk Analysis process include
information on prior, similar completed projects.
11.3.2 Perform Qualitative Risk Analysis: Tools and Techniques
11.3.2.1 Risk Probability and Impact Assessment:
 Risk probability assessment investigates the likelihood that each specific risk will occur.
 Probability and impact are assessed for each identified risk.
 Risks can be assessed in interviews or meetings with Project team members and knowledgeable persons
external to the project are included.
 Risks with low ratings of probability and impact will be included within the risk register as part of the watch
list for future monitoring.
11.3.2.2 Probability and Impact Matrix:
 Risks can be prioritized for further quantitative analysis and planning risk responses based on their risk
rating.
 Ratings are assigned to risks based on their assessed probability and impact.
 Evaluation of each risk’s importance and priority for attention is typically conducted using a look-up
table or a probability and impact matrix.
 Risk rating rules can be tailored in the Plan Risk Management process to the specific project.
11.3.2.3 Risk Data Quality Assessment:
 Risk data quality assessment is a technique to evaluate the degree to which the data about risks is useful
for risk management.
 Examining the degree to which the risk is understood and the accuracy, quality, reliability, and integrity
of the data about the risk.
 The use of low-quality risk data may lead to a qualitative risk analysis of little use to the project. If data
quality is unacceptable
11.3.2.4 Risk Categorization:
Risks to the project can be categorized by:
 sources of risk (e.g., using the RBS),
 the area of the project affected (e.g., using the WBS),
 other useful categories (e.g., project phase) to determine the areas of the project most exposed to the
effects of uncertainty.
 Risks can also be categorized by common root causes to determine work packages, activities, project
phases or even roles in the project,
11.3.2.5 Risk Urgency Assessment:
 Risks requiring near-term responses may be considered more urgent to address.
 Indicators of priority may include probability of detecting the risk, time to affect a risk response,
symptoms and warning signs, and the risk rating.
11.3.2.6 Expert Judgment:
 Expert judgment is required to assess the probability and impact of each risk to determine its
location in the matrix
6 .3 Tools and Techniques for the Perform Qualitative Risk Analysis Process
The tools and techniques used for assessing individual risks will identify the risks that are important to the
project’s success.
Figure 6-2. The Perform Qualitative Risk Analysis Process
6.3.1 Select Risk Characteristics that Defi ne Risks’ Importance:
1. Qualitative risk analysis tools provide ways to distinguish those risks that are important for response or
further analysis from those that are less important.
2. The criteria that make a risk of interest to management are agreed upon in advance and implemented in
the tools used.
3. Output from qualitative risk analysis tools includes a listing of risks in priority order or in priority groups
(e.g., high, moderate, and low).
4. The tools for qualitative risk analysis allow the organization or project stakeholders to specify those levels
or combinations of risk characteristics that make a particular risk of interest to management.
6.3.2 Collect and Analyze Data :
1. Assessment of individual risks is based on information collected about them.
2. Data collection and evaluation tools, including interviews, workshops, and references to databases of prior
projects, require management support and attention.
3. It is important to protect against bias in data gathering, which is important when relying on expert
judgment for the information.
6.3.3 Prioritize Risks by Probability and Impact on Specific Objectives:
1. Some tools permit distinguishing a risk’s priority in terms of the affected objective.
2. This capability provides a list of risks that are important for any specific objective of interest to
management.
6.3.4 Prioritize Risks by Probability and Impact on Overall Project:
 The technique for creating the overall risk priority measure should be documented in the
Plan Risk Management process.
6.3.5 Categorize Risk Causes
1. Categorizing risks appropriately lead to improved analysis of the probability and magnitude of project risk
and to effective responses.
2. Understanding the relationships between risks may provide a better understanding of the possibility and
magnitude of project risk than if risks are only considered as separate and independent events.
3. Identifying common root causes of a group of risks, for instance, may reveal both the magnitude of the
risk event for the group as a whole along with effective strategies that might address several risks
simultaneously.
4. A combination of the risk analysis information with the work breakdown structure (WBS) can show
which areas of the project exhibit the most risk.
5. Assessing the high-priority risks’ impact on one objective, such as the schedule, may indicate which
activities to address to reduce that objective’s uncertainty.
D.3 Techniques, Examples and Templates for Perform Qualitative Risk
D.3.1.3 Analytic Hierarchy Process (AHP)
1. A HP is a method to calibrate preferences for achieving the different objectives of a project.
2. This prioritization can be important in determining how trade-offs affecting different objectives
(e.g., Should we reduce scope to finish on time?) will be decided.
3. It can also be used to create an overall project risk priority list from risks that have been assessed
on their implications for individual objectives.
4. Specialized software implementing AHP is available. A spreadsheet implementation is shown
below.
11.3.3 Perform Qualitative Risk Analysis: Outputs
11.3.3.1 Project Documents Updates
Project documents that may be updated include, :
Risk register updates.
1. As new information becomes available through the qualitative risk assessment, the risk register
is updated.
2. Updates to the risk register may include assessments of probability and impacts for each risk,
risk ranking or scores, risk urgency information or risk categorization, and a watch list for low
probability risks or risks requiring further analysis.
 Assumptions log updates.
1. As new information becomes available through the qualitative risk assessment, assumptions
could change.
2. The assumptions log needs to be revisited to accommodate this new information. Assumptions
may be incorporated into the project scope statement or in a separate assumptions log.
6.2 Critical Success Factors for the Perform Qualitative Risk Analysis
Process
Several factors that lead to successful qualitative risk analysis are:
1. Agreement of the project stakeholders is a fundamental criterion and a common theme.
2. The agreed-upon approach is the foundation of process credibility.
3. Then, agreed-upon definitions enable high-quality information to be collected.
4. Finally, with these conditions in place, the process can be executed reliably, which contributes to the
credibility of its outputs.
Figure 6 -1. Building Risk Analysis Credibility
6.2.1 Use Agreed-Upon Approach
The process is based on an agreed-upon approach
1. to this assessment that is applied across all of the identified risks in any project.
2. By the nature of project risk, all risks may be assessed according to probability of occurrence
and impact on individual objectives should the risk occur.
Other factors may be considered in determining the importance of a risk as follows:
• Urgency (proximity).
1. Risks requiring near term responses may be considered more urgent to address.
2. Indicators of urgency can include the lead time necessary to execute a risk response and the
clarity of symptoms and warning signs (also known as detectability) that may trigger the
response.
• Manageability.
1. Some risks are not manageable and it would be a waste of resources to attempt to address
them.
2. The project team may examine these and decide to:
 Go forward, perhaps establishing a contingency reserve.
 Stop or re-scope the project because these risks pose an unmanageable threat or an
opportunity that should not be missed with high probability and consequences.
 Inform the customer of the risks and ask for a decision from their point of view.
 Impact external to the project. A risk may increase in importance if it affects the
enterprise beyond the project.
6.2.2 Use Agreed-Upon Definitions of Risk Terms
1. The risk assessment should be based on agreed-upon definitions of important terms, and
those definitions should be used consistently when assessing each risk.
2. For example, of levels of probability and of impact on objectives, assists the providers of
the information in giving realistic assessments for each risk, and facilitates the
communication of the results to management and other stakeholders.
32 6.2.3 Collect High-Quality Information about Risks
1. Collection of high-quality information about risks is required.
2. Any historic database and should be gathered by interviews, workshops, and other means using expert
judgment.
3. Data gathered from individuals may be subject to reporting or intentional bias.
4. When this occurs, the bias should be identified and remedied where possible, or a different, unbiased source
of information should be found and used.
6.2.4 Perform Iterative Qualitative Risk Analysis
1. The success of qualitative risk analysis is enhanced if the process is used periodically throughout the
project.
2. The Identify Risks and Perform Qualitative Analysis processes should be repeated periodically for
individual risks.
3. The frequency of this effort will be planned in the Plan Risk Management process, but may also depend
on events within the project itself.
6.3. Document the Results of the Perform Qualitative Risk Analysis Process
1. The Perform Qualitative Risk Analysis process adds structure to the list of undifferentiated risks into
categories of priority.
2. Priorities are usually based on the risk’s probability of occurring and its potential impact on specific
project objectives or on the whole project.
3. Each identified risk is assigned a priority, perhaps by objective or for the entire project.
4. The information is usually stored in the risk register which is easy to use and update with new
information.
5. The risk register list of prioritized risks is posted to the project participants who are responsible for
further analysis or action to improve the project plan.
6. Risks that are judged to have high priority are segregated for further analysis and response planning
and are generally monitored frequently.
7. Risks of low priority to the project may be placed on a watch list and are reviewed less often for
changes in their status.
Amer Elbaz PMI-PMP&RMP Page # 9
11.4 Perform Quantitative Risk Analysis
 Perform Quantitative Risk Analysis is
 the process of numerically analyzing the effect of identified risks on overall
project objectives.
 The key benefit of this process is
it produces quantitative risk information to support decision making in order to
reduce project uncertainty.
1. Perform Quantitative Risk Analysis is performed on risks that have been
prioritized by the Perform Qualitative Risk Analysis process as potentially and
substantially impacting the project’s competing demands.
2. The Perform Quantitative Risk Analysis process analyzes the effect of those risks
on project objectives.
3. It is used mostly to evaluate the aggregate effect of all risks affecting the project to
assign a numerical priority rating to those risks individually.
4. Perform Quantitative Risk Analysis generally follows the Perform Qualitative
Risk Analysis process.
5. Perform Quantitative Risk Analysis should be repeated, as needed, as part of the
Control Risks process to determine if the overall project risk has been
satisfactorily decreased.
7.1 Purpose and Objectives of the Perform Quantitative Risk
Analysis Process
1. The Perform Quantitative Risk Analysis process provides a numerical estimate of the
overall effect of risk on the objectives of the project, based on current plans and information,
when considering risks simultaneously.
2. it used to evaluate the likelihood of success in achieving project objectives and to estimate
contingency reserves, usually for time and cost that are appropriate to both the risks and the
risk tolerance of project stakeholders.
3. It is generally accepted that analyzing uncertainty in the project using quantitative techniques
such as Monte Carlo simulation
4. Partial risk analyses, such as qualitative risk analysis, aim at prioritizing individual risks
viewed one at a time and therefore cannot produce measures of overall project risk when all
risks are considered simultaneously.
5. Calculating estimates of overall project risk is the focus of the Perform Quantitative Risk
Analysis process.
6. The implementation of overall risk analysis using quantitative methods requires:
A. Complete and accurate representation of the project objectives built up from
individual project elements. Examples of these representations include the project
schedule or cost estimate.
B. Identifying risks on individual project elements such as schedule activities or line-
item costs at a level of detail that lends itself to specific c assessment of individual
risks.
C. Including generic risks that have a broader effect than individual project elements.
D. Applying a quantitative method (such as Monte Carlo simulation or decision tree
analysis) that incorporates multiple risks simultaneously in determining overall
impact on the overall project objective.
Amer Elbaz PMI-PMP&RMP Page # 10
7 Results of the quantitative analysis will be compared to the project plan (baseline or
current) to give management an estimate of the overall project risk and will answer
important questions such as:
A. What is the probability of meeting the project’s objectives?
B. How much contingency reserve (e.g., reserves or buffers of time, resources, and
cost) is needed to provide the organization with the level of certainty it requires
based upon its risk tolerance?
C. What are those parts of the project, such as line-item costs or schedule activities,
which contribute the most risk when all risks are considered simultaneously?
D. Which individual risks contribute the most to overall project risk?
E.
A high-level comparison of quantitative and qualitative risk analysis processes is
Figure 7-1. Comparison of Qualitative and Quantitative Approaches
Figure 11-11. Perform Quantitative Risk Analysis: Inputs, Tools & Techniques,
and Outputs
Schedule management techniques
Quantitative risk analysis
updates
Amer Elbaz PMI-PMP&RMP Page # 11
11.4.1 Perform Quantitative Risk Analysis: Inputs
11.4.1.1 Risk Management Plan
11.4.1.2 Cost Management Plan
11.4.1.3 Schedule Management Plan
11.4.1.4 Risk Register
11.4.1.5 Enterprise Environmental Factors
Enterprise environmental factors may provide:
• Industry studies of similar projects by risk specialists, and
• Risk databases that may be available from industry or proprietary
sources.
11.4.1.6 Organizational Process Assets
The organizational process assets that can influence the Perform Quantitative Risk Analysis
process include information from prior, similar completed projects.
11.4.2 Perform Quantitative Risk Analysis: Tools and
Techniques
11.4.2.1 Data Gathering and Representation Techniques
• Interviewing.
1. Interviewing techniques draw on experience and historical data to quantify
the probability and impact of risks on project objectives.
• Probability distributions.
1. Continuous probability distributions, which are used extensively in
modelling and simulation, represent the uncertainty in values such as
durations of schedule activities and costs of project components.
2. Discrete distributions can be used to represent uncertain events, such as
the outcome of a test or a possible scenario in a decision tree.
3. Uniform distributions can be used if there is no obvious value that is
more likely than any other between specified high and low bounds,
such as in the early concept stage of design.
11.4.2.2 Quantitative Risk Analysis and Modelling Techniques
Commonly used techniques use both event-oriented and project-oriented analysis
approaches, including:
• Sensitivity analysis.
1. Sensitivity analysis helps to determine which risks have the most potential
impact on the project.
2. It helps to understand how the variations in project’s objectives correlate
with variations in different uncertainties.
3. The Tornado diagram is also helpful in analyzing risk-taking scenarios
enabled on specific risks whose quantitative analysis highlights possible
benefits greater than corresponding identified negative impacts.
Amer Elbaz PMI-PMP&RMP Page # 12
4. A tornado diagram is a special type of bar chart used in sensitivity
analysis for comparing the relative importance of the variables.
•Expected monetary value analysis.
1. Expected monetary value (EMV) analysis is a statistical concept that
calculates the average outcome when the future includes scenarios that
may or may not happen (i.e., analysis under uncertainty).
2. The EMV of opportunities are generally expressed as positive values,
while those of threats are expressed as negative values.
3. EMV requires a risk-neutral assumption— neither risk averse nor risk
seeking.
4. EMV for a project is calculated by multiplying the value of each possible
outcome by its probability of occurrence and adding the products together.
• Modelling and simulation.
1. project simulation uses a model that translates the specified detailed
uncertainties of the project into their potential impact on project objectives.
2. Simulations are typically performed using the Monte Carlo technique.
11.4.2.3 Expert Judgment
 Expert judgment is required to identify potential cost and schedule impacts, to
evaluate probability, and to define inputs such as probability distributions into
the tools.
7.3 Tools and Techniques for the Perform Quantitative Risk
Analysis Process
Tools and techniques used appropriately for quantitative risk analysis have several characteristics,
as follows:
7.3.1 Comprehensive Risk Representation …. Important
1. Risk models permit representation of many, if not all, of the risks that have impact on an
objective simultaneously.
2. They also permit the representation of both opportunities and threats to the project’s
objectives.
7.3.2 Risk Impact Calculation
 Quantitative models facilitate the correct calculation of the effect of many risks, which
are typically described at the level of the total project.
7.3.3 Quantitative Method Appropriate to Analyzing Uncertainty
1. Probability models use a quantitative method that addresses uncertainty.
2. A good example of this is the use of Monte Carlo simulation tools that permit the
combination of probability distributions of line-item costs or schedule activity durations,
many of which are uncertain.
7.3.4 Data Gathering Tools
1. Data gathering tools used in this process include assessment of historical data and
workshops, interviews, or questionnaires to gather quantified information
2. for example, on the probability of a risk occurring, a probability distribution of its
potential impacts on cost or time, or relationships such as correlation between risks.
7.3.5 Effective Presentation of Quantitative Analysis Results
1. Results from the quantitative tools are generally not available in standard deterministic
project management methods such as project scheduling or cost estimating.
Amer Elbaz PMI-PMP&RMP Page # 13
2. Examples of these are the probability distribution of project completion dates or total
costs and the expected value of a project decision.
3. These results, when all risks are considered simultaneously, include the following:
A. Probability of achieving a project objective such as finishing on time or within
budget.
B. Amount of contingency reserve in cost, time, or resources needed to provide a
required level of confidence.
C. Identity or location within the project model of the most important risks. An
example of this is a sensitivity analysis in a cost risk analysis or a criticality
analysis in a schedule risk analysis.
The elements of a quantitative risk analysis are illustrated …. Important
Figure 7-2. Structure of a Quantitative Risk Analysis
7.3.6 Iterative Quantitative Risk Analysis
1. The success of the Perform Quantitative Risk Analysis process is enhanced if the process
is used periodically throughout the project.
2. It is impossible to know in advance all of the risks that may occur in a project.
3. Often quantitative risk analysis should be repeated as the project proceeds.
7.3.7 Information for Response Planning
1. Overall project contingency reserve in time and cost should be reflected in the project’s
schedule and budget.
Quantitative risk analysis provides information that may be used to modify the project
plan
D.4 Techniques, Examples and Templates for Perform
Quantitative Risk Analysis (Chapter 7)
1. Perform Quantitative Risk Analysis seeks to determine the overall risk to project
objectives when all risks potentially operate simultaneously on the project.
2. It provides answers to several questions:
Amer Elbaz PMI-PMP&RMP Page # 14
A. How likely is the project to complete on the schedule date or earlier? How likely is the
project actual cost to be the budgeted cost or less? How reliable will the product be that
the project produces? What is the best decision to make in the face of uncertain results?
B. How much contingency in time and cost is needed to provide the organization with its
desired degree of confidence in the results? How should the design of the product or
system be changed most economically to increase its reliability?
C. What are the individual risks that seem to be the most important in determining the
overall project risk?
D.4.1 Techniques for Perform Quantitative Risk Analysis
D.4.1.1 Decision Tree Analysis
 Decision tree analysis is: usually performed using specialized, but widely available
software.
 The software allows the user to specify the structure of the decision with decision
nodes, chance nodes, costs, benefits, and probabilities.
D.4.1.2 Expected Monetary Value
1. Expected Monetary Value (EMV) is: a simple calculation of a value such as weighted
average or expected cost or benefit when the outcomes are uncertain.
2. The EMV calculation is made for the entire event by weighting the individual possible
outcomes by their probabilities of occurring,
D.4.1.3 Monte Carlo Simulation
1. Monte Carlo simulation is a detailed, computer-intensive simulation approach to
determining the value and probability of possible outcomes of a project objective such as a
project schedule (e.g., the completion date) or cost estimate (e.g., the total cost).
2. random from ranges specified with probability distribution functions for schedule
activity durations or cost line items.
Amer Elbaz PMI-PMP&RMP Page # 15
Amer Elbaz PMI-PMP&RMP Page # 16
11.4.3 Perform Quantitative Risk Analysis: Outputs
11.4.3.1 Project Documents Updates
Project documents are updated include:
• Probabilistic analysis of the project.
 Estimates are made of potential project schedule and cost outcomes listing
the possible completion dates and costs with their associated confidence
levels.
 it is used with stakeholder risk tolerances to permit quantification of the
cost and time contingency reserves.
 The contingency reserves are needed to bring the risk of overrunning stated
project objectives to a level acceptable to the organization.
• Probability of achieving cost and time objectives.
 the probability of achieving project objectives under the current plan can
be estimated using quantitative risk analysis results.
• Prioritized list of quantified risks.
 These include the risks that may have the greatest effect on cost
contingency and most likely to influence the critical path.
• Trends in quantitative risk analysis results.
 As the analysis is repeated, a trend may become apparent that leads to
conclusions affecting risk responses.
7.2 Critical Success Factors for the Perform Quantitative
Risk Analysis Process
 Success in achieving the objectives of quantitative risk analysis depends explicitly on at
least the factors described in
7.2.1 Prior Risk Identification and Qualitative Risk Analysis
1. The Perform Quantitative Risk Analysis process occurs after the Identify Risks and
Perform Qualitative Risk Analysis processes have been completed.
2. Reference to a prioritized list of identified risks ensures that the Perform Quantitative
Risk Analysis process will consider all significant risks when analyzing their effects
quantitatively.
7.2.2 Appropriate Project Model
1. A n appropriate model of the project should be used as the basis for quantitative risk
analysis.
2. Project models most frequently used in quantitative risk analysis include the project
schedule (for time), line-item cost estimates (for cost), decision tree (for decisions in the
face of uncertainty) and other total-project models.
3. Quantitative risk analysis is especially sensitive to the completeness and correctness of
the model of the project that is used.
7.2.3 Commitment to Collecting High-Quality Risk Data
1. Often high-quality data about risks are not available in any historic database and should
be gathered by interviews, workshops, and other means using expert judgment of those
present.
2. Collection of risk data requires resources and time as well as management support.
Amer Elbaz PMI-PMP&RMP Page # 17
7.2.4 Unbiased Data
1. Success in gathering risk analysis data requires the ability to recognize when biases occur
and combating that bias or developing other unbiased sources of the data.
2. Bias in risk data can occur for many reasons, but two common sources of bias are
cognitive bias and motivational bias.
7.2.5 Overall Project Risk Derived from Individual Risks
1. The Perform Quantitative Risk Analysis process is based upon a methodology that
correctly derives the overall project risk from the individual risks.
2. In risk analysis of cost and schedule, for example, an appropriate method is Monte Carlo
simulation.
3. A decision tree is an appropriate method for making decisions when future events are not
certain, using the probability and impact of all risks, and combining their effect to derive
an overall project measure such as value or cost.
4. In each of these methods, the risks are specified at the level of the detailed tasks or line-
item costs and incorporated into the model of the project to calculate effects on objectives
such as schedule or cost for the entire project, by combining those risks.
7.2.6 Interrelationships Between Risks in Quantitative Risk Analysis
1. Attention should be given to the possibility that the individual risks in the project model
are related to each other.
2. For example, several risks may have a common root cause and therefore are likely to
occur together.
3. Another common way to represent the risks which occur together is by using the risk
register listing of the risk or root cause and attaching it to several project elements such as
schedule activities or cost elements.
7.4 Documenting the Results of the Perform Quantitative Risk
Analysis Process …. Important
1. The contingency reserves calculated in quantitative project cost and schedule risk
analysis are incorporated, respectively, into the cost estimate and the schedule to establish
a prudent target and a realistic expectation for the project.
2. Contingency reserves may also be established to provide for the capture of
opportunities that are judged to be priorities for the project.
3. If the contingency reserve required exceeds the time or resources available, changes in
the project scope and plan may result.
4. The results of a quantitative risk analysis are recorded and passed on to the person
and/or group responsible for project management within the organization for any further
actions required to make full use of these results.
Amer Elbaz PMI-PMP&RMP Page # 18
11.5 Plan Risk Responses
 Plan Risk Responses is
 the process of developing options and actions to enhance opportunities and to reduce
threats to project objectives.
 The key benefit of this process is
 it addresses the risks by their priority, inserting resources and activities into the budget,
schedule and project management plan as needed.
 The Plan Risk Responses process presents commonly used approaches to planning
responses to the risks. Risks include threats and opportunities that can affect project
success, and responses are discussed for each.
8.1 Purpose and Objectives of the Plan Risk Responses
Process
1. The Plan Risk Responses process determines effective response actions that are
appropriate to the priority of the individual risks and to the overall project risk.
2. It takes into account the stakeholders’ risk attitudes and any constraints and assumptions
that were determined when the risks were identified and analyzed.
3. The objective of the Plan Risk Responses process is to determine the set of actions which
most enhance the chances of project success while complying with applicable organizational
and project constraints.
4. Contingent risk response actions need to be executed at the optimum time. For this reason,
the response specification for each such risk should include a description of any
corresponding trigger conditions.
5. Every risk should have been allocated to a risk owner as part of the Identify Risks process,
and each of the corresponding risk responses should now be assigned to a specific risk action
owner.
6. The risk owner is responsible for ensuring that the risk response is effective and for
planning additional risk responses if required,
7. the risk action owner is responsible for ensuring that the agreed-upon risk responses are
carried out as planned, in a timely manner.
8. Responses, when implemented, can have potential effects on the project objectives and, as
such, can generate additional risks as secondary risks
9. The secondary risks have to be analyzed and planned for in the same way as those risks
which were initially identified.
10. the residual risks that will remain after the responses have been implemented.
11. The residual risks should be clearly identified, analyzed, documented, and communicated
to all relevant stakeholders.
12. All the approved, unconditional actions arising from risk response planning should be
integrated into the project management plan in order to ensure that they are carried out as
part of normal project implementation.
13. The corresponding organizational and project management rules should also be
invoked, including the following:
 Project change management and configuration control;
 Project planning, budgeting, and scheduling;
 Resource management; and
 Project communication planning.
Amer Elbaz PMI-PMP&RMP Page # 19
Figure 11-18. Plan Risk Responses: Inputs, Tools & Techniques, and Outputs
11.5.1 Plan Risk Responses: Inputs
11.5.1.1 Risk Management Plan
11.5.1.2 Risk Register
11.5.2 Plan Risk Responses: Tools and Techniques
1. Specific actions are developed to implement that strategy, including primary
and backup strategies, as necessary.
2. A fall back plan can be developed for implementation if the selected strategy
turns out not to be fully effective or if an accepted risk occurs.
3. Secondary risks should also be reviewed.
4. Secondary risks are risks that arise as a direct result of implementing a risk
response.
5. A contingency reserve is often allocated for time or cost. If developed,
11.5.2.1 Strategies for Negative Risks or Threats
• Avoid. Risk avoidance is :
1. a risk response strategy whereby the project team acts to eliminate the threat or
protect the project from its impact.
2. It usually involves changing the project management plan to eliminate the threat
entirely.
3. Examples of this include extending the schedule, changing the strategy, or reducing
scope.
4. The most radical avoidance strategy is to shut down the project entirely.
5. Some risks that arise early in the project can be avoided by clarifying requirements,
obtaining information, improving communication, or acquiring expertise.
• Transfer. Risk transference is:
1. risk response strategy whereby the project team shifts the impact of a threat to a third party,
together with ownership of the response.
2. Transferring liability for risk is most effective in dealing with financial risk exposure.
3. Transference tools can be quite diverse and include : insurance, performance bonds,
warranties, guarantees, etc. Contracts or agreements may be used to transfer liability for
specified risks to another party
4. cost-plus contract may transfer the cost risk to the buyer, while a fixed-price contract may
transfer risk to the seller.
• Mitigate. Risk mitigation is:
1. a risk response strategy whereby the project team acts to reduce the probability of
occurrence or impact of a risk.
Strategies for negative
risks or threats
Strategies for positive
updates
updates
Amer Elbaz PMI-PMP&RMP Page # 20
2. It implies a reduction in the probability and/or impact of an adverse risk to be within
acceptable threshold limits.
3. Taking early action to reduce the probability and/or impact of a risk occurring on the
project is often more effective than trying to repair the damage after the risk has
occurred.
4. Examples of mitigation actions are: Adopting less complex processes, conducting
more tests, or choosing a more stable supplier or prototype development to reduce the
risk of scaling up from a bench-scale model of a process or product and the designing
redundancy into a system
• Accept. Risk acceptance is
1. a risk response strategy whereby the project team decides to acknowledge the risk and
not take any action unless the risk occurs.
2. This strategy is adopted where it is not possible or cost-effective to address a specific
risk in any other way.
3. This strategy indicates that the project team has decided not to change the project
management plan to deal with a risk, or is unable to identify any other suitable
response strategy.
4. This strategy can be either passive or active.
 Passive acceptance requires no action except to document the strategy, leaving
the project team to deal with the risks as they occur, and to periodically
review the threat to ensure that it does not change significantly.
 The most common active acceptance strategy is to establish a contingency
reserve, including amounts of time, money, or resources to handle the risks.
11.5.2.2 Strategies for Positive Risks or Opportunities
Exploit. The exploit strategy may be selected for :
1. the organization wishes to ensure that the opportunity is realized.
2. This strategy seeks to eliminate the uncertainty associated with a particular upside
risk by ensuring the opportunity definitely happens.
3. Examples of directly exploiting responses include assigning an organization’s most
talented resources to the project to reduce the time to completion or using new
technologies or technology upgrades to reduce cost and duration required to realize
project objectives.
• Enhance. The enhance strategy
1. It is used to increase the probability and/or the positive impacts of an opportunity.
2. Identifying and maximizing key drivers of these positive-impact risks may increase
the probability of their occurrence.
3. Examples of enhancing opportunities include adding more resources to an activity
to finish early.
• Share. Sharing a positive risk
1. allocating some or all of the ownership of the opportunity to a third party who is best
able to capture the opportunity for the benefit of the project.
2. Examples of sharing actions include forming risk-sharing partnerships, teams,
special-purpose companies, or joint ventures, which can be established with the
express purpose of taking advantage of the opportunity
• Accept. Accepting an opportunity
 It is being willing to take advantage of the opportunity if it arises, but not actively
pursuing it.
Amer Elbaz PMI-PMP&RMP Page # 21
11.5.2.3 Contingent Response Strategies:
1. Some responses are designed for use only if certain events occur.
2. missing intermediate milestones or gaining higher priority with a supplier, should be
defined and tracked.
3. Risk responses identified using this technique are often called contingency plans or
fall back plans and include identified triggering events that set the plans in effect.
11.5.2.4 Expert Judgment:
 Expert judgment is Expertise may be provided by any group or person with
specialized education, knowledge, skill, experience, or training in establishing risk
responses.
8.3 Risk Response Strategies
 The project manager should develop risk response strategies for individual risks, sets of
risks, and project level risks.
8.3.1 Avoid a Threat or Exploit an Opportunity
This strategy involves taking the actions required to :
1. ensure either that the threat cannot occur or can have no effect on the project,
2. the opportunity will occur and the project will be able to take advantage of it.
8.3.2 Transfer a Threat or Share an Opportunity
 This strategy entails transference to a third party that is better positioned to address a
particular threat or opportunity.
8.3.3 Mitigate a Threat or Enhance an Opportunity
Mitigation and enhancement are used response strategies.
1. to decrease the probability and/or the impact of a threat
2. To increase the probability and/or the impact of an opportunity.
8.3.4 Accept a Threat or an Opportunity
1. This strategy applies when the other strategies are not considered applicable or
feasible.
2. Acceptance entails taking no action unless the risk actually occurs, in which case
contingency or fall-back plans may be developed ahead of time, to be implemented
if the risk presents itself.
8.3.5 Applying Risk Response Strategies to Overall Project Risk
the four risk response strategies can be applied to address overall project risk as follows:
1. Cancel the project, as a last resort, if the overall level of risk remains unacceptable.
2. Set up a business structure in which the customer and the supplier share the risk.
3. Re-plan the project or change the scope and boundaries of the project, for example, by
modifying the project priority, resource allocations, delivery calendar, etc.
4. Pursue the project despite a risk exposure that exceeds the desired level.
8.4 Tools and Techniques for the Plan Risk Responses Process
There are four categories of tools and techniques, as follows:
a. Creativity tools to identify potential responses,
b. Decision-support tools for determining the optimal potential response.
c. Strategy implementation techniques designed to turn a strategy into action, and
d. Tools to transfer control to the Monitor and Control Risks process.
These categories of tools can be used respectively
1. to identify potential responses,
2. select the most appropriate response,
3. translate strategy into planning,
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz

Mais conteúdo relacionado

Mais procurados

Risk 3 simplelearn-exam2-ans
Risk 3 simplelearn-exam2-ansRisk 3 simplelearn-exam2-ans
Risk 3 simplelearn-exam2-ansMohamed Saeed
 
Projectriskmanagement pmbok5
Projectriskmanagement pmbok5Projectriskmanagement pmbok5
Projectriskmanagement pmbok5Dhamo daran
 
Risk Management Knowledge Area
Risk Management Knowledge AreaRisk Management Knowledge Area
Risk Management Knowledge AreaJoshua Render
 
PMI-RMP Exam Prep Presentation
PMI-RMP Exam Prep PresentationPMI-RMP Exam Prep Presentation
PMI-RMP Exam Prep Presentationscottdreynolds
 
Risk Management Procedure PowerPoint Presentation Slides
Risk Management Procedure PowerPoint Presentation Slides Risk Management Procedure PowerPoint Presentation Slides
Risk Management Procedure PowerPoint Presentation Slides SlideTeam
 
Risk management
Risk managementRisk management
Risk managementMECandPMV
 
Enterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practiceEnterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practiceSegun Ogunwale
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Risk Management Plan In Business PowerPoint Presentation Slides
Risk Management Plan In Business PowerPoint Presentation Slides Risk Management Plan In Business PowerPoint Presentation Slides
Risk Management Plan In Business PowerPoint Presentation Slides SlideTeam
 
Risk 2 simplelearn-exam1-ans
Risk 2 simplelearn-exam1-ansRisk 2 simplelearn-exam1-ans
Risk 2 simplelearn-exam1-ansMohamed Saeed
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Adnan Naseem
 
Project Manangement Introduction
Project Manangement IntroductionProject Manangement Introduction
Project Manangement Introductionasim78
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk ManagementMauro Jasse
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101Wil Rickards
 

Mais procurados (20)

Risk 3 simplelearn-exam2-ans
Risk 3 simplelearn-exam2-ansRisk 3 simplelearn-exam2-ans
Risk 3 simplelearn-exam2-ans
 
Projectriskmanagement pmbok5
Projectriskmanagement pmbok5Projectriskmanagement pmbok5
Projectriskmanagement pmbok5
 
Risk Management Knowledge Area
Risk Management Knowledge AreaRisk Management Knowledge Area
Risk Management Knowledge Area
 
PMI-RMP Exam Prep Presentation
PMI-RMP Exam Prep PresentationPMI-RMP Exam Prep Presentation
PMI-RMP Exam Prep Presentation
 
Risk Management Procedure PowerPoint Presentation Slides
Risk Management Procedure PowerPoint Presentation Slides Risk Management Procedure PowerPoint Presentation Slides
Risk Management Procedure PowerPoint Presentation Slides
 
Risk management
Risk managementRisk management
Risk management
 
Enterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practiceEnterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practice
 
Risk management
Risk managementRisk management
Risk management
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business Strategy
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 
Risk Management Plan In Business PowerPoint Presentation Slides
Risk Management Plan In Business PowerPoint Presentation Slides Risk Management Plan In Business PowerPoint Presentation Slides
Risk Management Plan In Business PowerPoint Presentation Slides
 
Risk 2 simplelearn-exam1-ans
Risk 2 simplelearn-exam1-ansRisk 2 simplelearn-exam1-ans
Risk 2 simplelearn-exam1-ans
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)
 
Project Manangement Introduction
Project Manangement IntroductionProject Manangement Introduction
Project Manangement Introduction
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
 
Pmi rmp-2020 - v6
Pmi rmp-2020 - v6Pmi rmp-2020 - v6
Pmi rmp-2020 - v6
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101
 
PMP_Project Risk Management
PMP_Project Risk ManagementPMP_Project Risk Management
PMP_Project Risk Management
 
Risk management
Risk managementRisk management
Risk management
 

Semelhante a Risk 0-risk-guide book for pmi-rmp by amer elbaz

2.11 risk management 1
2.11 risk management 12.11 risk management 1
2.11 risk management 1reddvise
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentationRaven Morgan
 
Pmbok 5th planning process group part four _ Project Risk Management
Pmbok 5th planning process group part four _ Project Risk ManagementPmbok 5th planning process group part four _ Project Risk Management
Pmbok 5th planning process group part four _ Project Risk ManagementHossam Maghrabi
 
Project of entrepreneurship
Project of entrepreneurship Project of entrepreneurship
Project of entrepreneurship AliAbbas390458
 
MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
 MBA 6941, Managing Project Teams 1 Course Learning Ou.docx MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
MBA 6941, Managing Project Teams 1 Course Learning Ou.docxaryan532920
 
Construction project management &amp; risk mitigation
Construction project management &amp; risk mitigationConstruction project management &amp; risk mitigation
Construction project management &amp; risk mitigationrajlaxmipardeshi
 
5 Project Risk Managementadrian825iStockThinkstockLe.docx
5 Project Risk Managementadrian825iStockThinkstockLe.docx5 Project Risk Managementadrian825iStockThinkstockLe.docx
5 Project Risk Managementadrian825iStockThinkstockLe.docxgilbertkpeters11344
 
UCISA Toolkit - Effective Risk Management for Business Change and IT Projects
UCISA Toolkit - Effective Risk Management for Business Change and IT Projects UCISA Toolkit - Effective Risk Management for Business Change and IT Projects
UCISA Toolkit - Effective Risk Management for Business Change and IT Projects Mark Ritchie
 
Managing risk as Opportunity
Managing risk as OpportunityManaging risk as Opportunity
Managing risk as OpportunityGlen Alleman
 
NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5Future Managers
 
11. Project Risk Management.pptx
11. Project Risk Management.pptx11. Project Risk Management.pptx
11. Project Risk Management.pptxKamranKhan353531
 

Semelhante a Risk 0-risk-guide book for pmi-rmp by amer elbaz (20)

2.11 risk management 1
2.11 risk management 12.11 risk management 1
2.11 risk management 1
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentation
 
Pmbok 5th planning process group part four _ Project Risk Management
Pmbok 5th planning process group part four _ Project Risk ManagementPmbok 5th planning process group part four _ Project Risk Management
Pmbok 5th planning process group part four _ Project Risk Management
 
Project of entrepreneurship
Project of entrepreneurship Project of entrepreneurship
Project of entrepreneurship
 
Ch_1_PRM.pdf
Ch_1_PRM.pdfCh_1_PRM.pdf
Ch_1_PRM.pdf
 
Risk based thinking
Risk based thinkingRisk based thinking
Risk based thinking
 
Project risk management
Project risk managementProject risk management
Project risk management
 
MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
 MBA 6941, Managing Project Teams 1 Course Learning Ou.docx MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
 
Risk management
Risk management Risk management
Risk management
 
Risk project mgt, infra
Risk project mgt, infraRisk project mgt, infra
Risk project mgt, infra
 
Construction project management &amp; risk mitigation
Construction project management &amp; risk mitigationConstruction project management &amp; risk mitigation
Construction project management &amp; risk mitigation
 
Pmi 19 26
Pmi 19 26Pmi 19 26
Pmi 19 26
 
5 Project Risk Managementadrian825iStockThinkstockLe.docx
5 Project Risk Managementadrian825iStockThinkstockLe.docx5 Project Risk Managementadrian825iStockThinkstockLe.docx
5 Project Risk Managementadrian825iStockThinkstockLe.docx
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
UCISA Toolkit - Effective Risk Management for Business Change and IT Projects
UCISA Toolkit - Effective Risk Management for Business Change and IT Projects UCISA Toolkit - Effective Risk Management for Business Change and IT Projects
UCISA Toolkit - Effective Risk Management for Business Change and IT Projects
 
8. project risk management
8. project risk management8. project risk management
8. project risk management
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
 
Managing risk as Opportunity
Managing risk as OpportunityManaging risk as Opportunity
Managing risk as Opportunity
 
NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5
 
11. Project Risk Management.pptx
11. Project Risk Management.pptx11. Project Risk Management.pptx
11. Project Risk Management.pptx
 

Mais de Mohamed Saeed

Risk 9-pm study project risk management-test
Risk 9-pm study project risk management-testRisk 9-pm study project risk management-test
Risk 9-pm study project risk management-testMohamed Saeed
 
Risk 8- pm study question risk management
Risk 8- pm study question risk managementRisk 8- pm study question risk management
Risk 8- pm study question risk managementMohamed Saeed
 
Pmi sp questions with answers
Pmi sp questions with answersPmi sp questions with answers
Pmi sp questions with answersMohamed Saeed
 
Risk 6 questions - 170
Risk 6 questions - 170Risk 6 questions - 170
Risk 6 questions - 170Mohamed Saeed
 
Pmbok 6th edition summary
Pmbok 6th edition summary Pmbok 6th edition summary
Pmbok 6th edition summary Mohamed Saeed
 
خطوات تحويل مسقط معمارى الى مسقط انشائى ( الاعمدة و الكمرات و البلاطات)
خطوات تحويل مسقط معمارى الى مسقط انشائى ( الاعمدة و الكمرات و البلاطات)خطوات تحويل مسقط معمارى الى مسقط انشائى ( الاعمدة و الكمرات و البلاطات)
خطوات تحويل مسقط معمارى الى مسقط انشائى ( الاعمدة و الكمرات و البلاطات)Mohamed Saeed
 
الخوازيق مهندس أحمد عصام
الخوازيق مهندس أحمد عصامالخوازيق مهندس أحمد عصام
الخوازيق مهندس أحمد عصامMohamed Saeed
 
الحفر والاحلال مهندس أحمد عصام
الحفر والاحلال مهندس أحمد عصامالحفر والاحلال مهندس أحمد عصام
الحفر والاحلال مهندس أحمد عصامMohamed Saeed
 
4 عالم التنفيذ -عمليه صب العاديه مهندس أحمد جليدان
4  عالم التنفيذ -عمليه صب العاديه مهندس أحمد جليدان4  عالم التنفيذ -عمليه صب العاديه مهندس أحمد جليدان
4 عالم التنفيذ -عمليه صب العاديه مهندس أحمد جليدانMohamed Saeed
 
3 عالم التنفيذ مهندس أحمد جليدان
3  عالم التنفيذ مهندس أحمد جليدان3  عالم التنفيذ مهندس أحمد جليدان
3 عالم التنفيذ مهندس أحمد جليدانMohamed Saeed
 

Mais de Mohamed Saeed (20)

PMI Certificate
PMI Certificate PMI Certificate
PMI Certificate
 
Risk 9-pm study project risk management-test
Risk 9-pm study project risk management-testRisk 9-pm study project risk management-test
Risk 9-pm study project risk management-test
 
Risk 8- pm study question risk management
Risk 8- pm study question risk managementRisk 8- pm study question risk management
Risk 8- pm study question risk management
 
Pmi sp questions with answers
Pmi sp questions with answersPmi sp questions with answers
Pmi sp questions with answers
 
Risk 6 questions - 170
Risk 6 questions - 170Risk 6 questions - 170
Risk 6 questions - 170
 
Pmp test 05
Pmp test 05Pmp test 05
Pmp test 05
 
Pmbok 6th edition summary
Pmbok 6th edition summary Pmbok 6th edition summary
Pmbok 6th edition summary
 
Pmstudy exam 4
Pmstudy exam 4Pmstudy exam 4
Pmstudy exam 4
 
Pmstudy exam 3
Pmstudy exam 3Pmstudy exam 3
Pmstudy exam 3
 
Pmstudy exam 2
Pmstudy exam 2Pmstudy exam 2
Pmstudy exam 2
 
Pmstudy exam_1
Pmstudy exam_1Pmstudy exam_1
Pmstudy exam_1
 
Pmp test 04
Pmp test 04Pmp test 04
Pmp test 04
 
Pmp test 03
Pmp test 03Pmp test 03
Pmp test 03
 
Pmp test 02
Pmp test 02Pmp test 02
Pmp test 02
 
Pmp test 01
Pmp test 01Pmp test 01
Pmp test 01
 
خطوات تحويل مسقط معمارى الى مسقط انشائى ( الاعمدة و الكمرات و البلاطات)
خطوات تحويل مسقط معمارى الى مسقط انشائى ( الاعمدة و الكمرات و البلاطات)خطوات تحويل مسقط معمارى الى مسقط انشائى ( الاعمدة و الكمرات و البلاطات)
خطوات تحويل مسقط معمارى الى مسقط انشائى ( الاعمدة و الكمرات و البلاطات)
 
الخوازيق مهندس أحمد عصام
الخوازيق مهندس أحمد عصامالخوازيق مهندس أحمد عصام
الخوازيق مهندس أحمد عصام
 
الحفر والاحلال مهندس أحمد عصام
الحفر والاحلال مهندس أحمد عصامالحفر والاحلال مهندس أحمد عصام
الحفر والاحلال مهندس أحمد عصام
 
4 عالم التنفيذ -عمليه صب العاديه مهندس أحمد جليدان
4  عالم التنفيذ -عمليه صب العاديه مهندس أحمد جليدان4  عالم التنفيذ -عمليه صب العاديه مهندس أحمد جليدان
4 عالم التنفيذ -عمليه صب العاديه مهندس أحمد جليدان
 
3 عالم التنفيذ مهندس أحمد جليدان
3  عالم التنفيذ مهندس أحمد جليدان3  عالم التنفيذ مهندس أحمد جليدان
3 عالم التنفيذ مهندس أحمد جليدان
 

Último

Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Lviv Startup Club
 
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfPDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfHajeJanKamps
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Onlinelng ths
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentationbaron83
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarNathanielSchmuck
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023Steve Rader
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...AustraliaChapterIIBA
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHelene Heckrotte
 
Mihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZMihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZKanakChauhan5
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxWorkforce Group
 
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...Brian Solis
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyHanna Klim
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003believeminhh
 
7movierulz.uk
7movierulz.uk7movierulz.uk
7movierulz.ukaroemirsr
 
MC Heights construction company in Jhang
MC Heights construction company in JhangMC Heights construction company in Jhang
MC Heights construction company in Jhangmcgroupjeya
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsIntellect Design Arena Ltd
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGlokeshwarmaha
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfJohnCarloValencia4
 
Introduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptxIntroduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptxJemalSeid25
 

Último (20)

Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)
 
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfPDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Online
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentation
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry Webinar
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
 
Mihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZMihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZ
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
 
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agency
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
 
7movierulz.uk
7movierulz.uk7movierulz.uk
7movierulz.uk
 
MC Heights construction company in Jhang
MC Heights construction company in JhangMC Heights construction company in Jhang
MC Heights construction company in Jhang
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking Applications
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
 
Introduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptxIntroduction to The overview of GAAP LO 1-5.pptx
Introduction to The overview of GAAP LO 1-5.pptx
 

Risk 0-risk-guide book for pmi-rmp by amer elbaz

  • 1. 1 Prepared by: Amer Elbaz PMI-PMP& PMI-RMP The GUIDE for Understating Risk Management Prepared by: Amer Elbaz Checked and Approved by: Alaa Sultan
  • 2. 2 Prepared by: Amer Elbaz PMI-PMP& PMI-RMP PROJECT RISK MANAGEMENT 1. Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, and controlling risk on a project. 2. The objectives of project risk management are to increase the likelihood and impact of positive events, and decrease the likelihood and impact of negative events in the project. 3. the Project Risk Management processes, which are as follows: A. 11.1 Plan Risk Management—The process of defining how to conduct risk management activities for a project. B. 11.2 Identify Risks—The process of determining which risks may affect the project and documenting their characteristics. C. 11.3 Perform Qualitative Risk Analysis—The process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact. D. 11.4 Perform Quantitative Risk Analysis—The process of numerically analyzing the effect of identified risks on overall project objectives. E. 11.5 Plan Risk Responses—The process of developing options and actions to enhance opportunities and to reduce threats to project objectives. F. 11.6 Control Risks—The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project. 4. Project risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, and quality. 5. A risk may have one or more causes and, if it occurs, it may have one or more impacts. 6. A cause may be a given or potential requirement, assumption, constraint, or condition that creates the possibility of negative or positive outcomes. 7. For example, causes could include the requirement of an environmental permit to do work, or having limited personnel assigned to design the project. 8. Risk conditions may include aspects of the project’s or organization’s environment that contribute to project risk, such as immature project management practices, lack of integrated management systems, concurrent multiple projects, or dependency on external participants who are outside the project’s direct control. 9. Known risks are those that have been identified and analyzed, making it possible to plan responses for those risks. 10. Known risks that cannot be managed proactively, should be assigned a contingency reserve. 11. Unknown risks cannot be managed proactively and therefore may be assigned a management reserve. 12. A negative project risk that has occurred is considered an issue. 13. Individual project risks are different from overall project risk. 14. Overall project risk represents the effect of uncertainty on the project as a whole. It is more than the sum of the individual risks within a project, since it includes all sources of project uncertainty. 15. Organizations perceive risk as the effect of uncertainty on projects and organizational objectives. 16. Organizations and stakeholders are willing to accept varying degrees of risk depending on their risk attitude.
  • 3. 3 Prepared by: Amer Elbaz PMI-PMP& PMI-RMP 17. The risk attitudes of both the organization and the stakeholders may be influenced by a number of factors, which are broadly classified into three themes: A. Risk appetite, which is the degree of uncertainty an entity is willing to take on in anticipation of a reward. B. Risk tolerance, which is the degree, amount, or volume of risk that an organization or individual will withstand. C. Risk threshold, which refers to measures along the level of uncertainty or the level of impact at which a stakeholder may have a specific interest. Below that risk threshold, the organization will accept the risk. Above that risk threshold, the organization will not tolerate the risk. 18. an organization’s risk attitude may include its appetite for uncertainty, its threshold for risk levels that are unacceptable, or its risk tolerance at which point the organization may select a different risk response. 19. Positive and negative risks are commonly referred to as opportunities and threats. 20. The project may be accepted if the risks are within tolerances and are in balance with the rewards that may be gained by taking the risks. 21. Positive risks that offer opportunities within the limits of risk tolerances may be pursued in order to generate enhanced value. 22. For example, adopting an aggressive resource optimization technique is a risk taken in anticipation of a reward for using fewer resources. 23. Individuals and groups adopt attitudes toward risk that influence the way they respond. 24. These risk attitudes are driven by perception, tolerances, and other biases, which should be made explicit wherever possible.
  • 4. 4 Prepared by: Amer Elbaz PMI-PMP& PMI-RMP
  • 5. CHAPTER 1: INTRODUCTION This chapter includes the following sections: 1.1 Purpose of the Practice Standard for Project Risk Management 1.2 Project Risk Management Definition 1.3 Role of Project Risk Management in Project Management 1.4 Good Risk Management Practice 1.5 Critical Success Factors for Project Risk Management 1.1 Purpose of the Practice Standard for Project Risk Management The purpose of the Practice Standard for Project Risk Management is 1. provide a standard for project management practitioners and other stakeholders that defines the aspects of Project Risk Management that are recognized as good practice on most projects most of the time and 2. provide a standard that is globally applicable and consistently applied. This practice standard has a descriptive purpose rather than one used for training or educational purposes. Figure 1-1. Hierarchy of PMI Project Risk Management Resources This practice standard is organized in three main sections: 1. Introductory material including the framework, purpose, principles, context of, and introduction to Project Risk Management processes as defined in the PMBOK® Guide – Fourth Edition.
  • 6. 2. Principles underlying the six Project Risk Management processes in the PMBOK® Guide – Fourth Edition. The six processes are as follows: A. Plan Risk Management, B. Identify Risks, C. Perform Qualitative Risk Analysis, D. Perform Quantitative Risk Analysis, E. Plan Risk Responses, and F. Monitor and Control Risks. Each of these six processes is described in a chapter that addresses the following four topics: A. purpose and objectives of the process; B. critical success factors for the process; C. tools and techniques for the process; and D. documenting the results of the process. These principles can and should be stated at a general level for several reasons: 1. Principles are expected to be agreed upon now and to be valid in the future. While tools and techniques are constantly evolving, the principles have more stability and persistence. 2. Different projects, organizations, and situations will require different approaches to Project Risk Management. A. Risk management is a discipline that contains a series of processes to apply to both large and small projects. B. Risk management will be more effective if its practice is tailored to the project and congruent with the organizational culture, processes and assets. C. There are many different ways of conducting risk management that may comply with the principles of Project Risk Management as presented in this practice standard. 3. The principles are applicable to projects carried out in a global context, reflecting the many business and organizational arrangements between participants. 1.2 Project Risk Management Definition The definition of Project Risk Management, A. Project Risk Management includes the processes concerned with conducting risk management planning, identification, analysis, responses, and monitoring and control on a project. B. The objectives of Project Risk Management are to increase the probability and impact of positive events, and decrease the probability and impact of negative events in the project.” C. project risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.” Project objectives include scope, schedule, cost, and quality.
  • 7. D. Project Risk Management aims to identify and prioritize risks in advance of their occurrence, and provide action-oriented information to project managers. E. This orientation requires consideration of events that may or may not occur and are therefore described in terms of likelihood or probability of occurrence in addition to other dimensions such as their impact on objectives. 1.3 Role of Project Risk Management in Project Management A. Project Risk Management is not an optional activity: it is essential to successful project management. B. It should be applied to all projects and hence be included in project plans and operational documents. In this way, it becomes an integral part of every aspect of managing the project, in every phase and in every process group. C. Project Risk Management is not a substitute for the other project management processes. D. Project Risk Management requires that these project management processes (e.g. scheduling, budgeting, and change management) be performed at the level of the best practices available. E. Project Risk Management adds the perspective of project risk to the outputs of those other processes and adds to their value by taking risk into account. F. Risk management provides the basis upon which to estimate the amount of cost and schedule contingency reserves that are needed to cover risk response actions to a required level of confidence for meeting project objectives. G. A risk management approach is applicable throughout a project’s life cycle. The earlier in the project life cycle that the risks are recognized, the more realistic the project plans and expectations of results will be. H. Risk management continues to add value as project planning progresses and more information becomes available about all aspects and components of the project and its environment, such as stakeholders, scope, time, and cost, as well as the corresponding assumptions and constraints. 1.4 Good Risk Management Practice A. Project Risk Management is a valuable component of project management and it enhances the value of the other project management processes. B. Project Risk Management should be conducted in a manner consistent with existing organizational practices and policies. C. Project Risk Management should be conducted in a way that is appropriate to the project. D. Project Risk Management should recognize the business challenges as well as the multi- cultural environment associated with an increasingly global environment including many joint venture projects and customers, suppliers, and workforces spread around the globe. E. Project Risk Management should always be conducted on an ethical basis, in keeping with the Project Management code of ethics or conduct. Honesty, responsibility, realism, professionalism and fair dealing with others are among the characteristics of successful Project Risk Management. F. Effective Project Risk Management benefits from robust communication and consultation with stakeholders. This enables agreement among stakeholders that Project Risk Management in general, and risk identification, analysis, and response,
  • 8. G. Project Risk Management should be conducted on all projects. So ,The degree, level of detail, sophistication of tools, and amount of time and resources applied to Project Risk Management should be in proportion to the characteristics of the project under management and the value that they can add to the outcome. 1.5 Critical Success Factors for Project Risk Management Figure 1-2. Critical Success Factors for Project Risk Management Specific criteria for success of each Project Risk Management process are listed in the chapters dealing with those processes. The general criteria for success include: 1. Recognize the Value of Risk Management: Project Risk Management should be recognized as a valuable discipline that provides a positive potential return on investment for organizational management, project stakeholders (both internal and external), project management, and team members. 2. Individual Commitment/Responsibility: Project participants and stakeholders should all accept responsibility for undertaking risk-related activities as required. Risk management is everybody’s responsibility. 3. Open and Honest Communication: Everyone should be involved in the Project Risk Management process. Any actions or attitudes that hinder communication about project risk reduce the effectiveness of Project Risk Management in terms of proactive approaches and effective decision-making. 4. Organizational Commitment— Organizational commitment can only be established if risk management is aligned with the organization’s goals and values. Project Risk Management may require a higher level of managerial support than other project
  • 9. management disciplines because handling some of the risks will require approval of or responses from others at levels above the project manager. 5. Risk Effort Scaled to Project: Project Risk Management activities should be consistent with the value of the project to the organization and with its level of project risk, its scale, and other organizational constraints. In particular, the cost of Project Risk Management should be appropriate to its potential value to the project and the organization. 6. Integration with Project Management: Project Risk Management does not exist in a vacuum, isolated from other project management processes. Successful Project Risk Management requires the correct execution of the other project management processes. 1.6 Conclusion A. The principles of Project Risk Management described in this practice standard should be appropriately applied based on the specifics of a project and the organizational environment. B. Project Risk Management provides benefits when it is implemented according to good practice principles and with organizational commitment to taking the decisions and performing actions in an open and unbiased manner.
  • 10. CHAPTER 2: PRINCIPLES AND CONCEPTS 2.1 Introduction A. This chapter introduces the key ideas required to understand and apply Project Risk Management to projects following the approach described B. The execution of the Project Risk Management process is dealt with in subsequent chapters of this practice standard and so is not discussed here. 2.2 Definition of Project Risk 1. Project risk is an uncertain event or condition that, if it occurs, has a positive or a negative effect on a project’s objectives. 2. This definition includes two key dimensions of risk: uncertainty and effect on a project’s objectives. 3. The uncertainty dimension may be described using the term “probability” and the effect may be called “impact” (though other descriptors are possible, such as “likelihood” and “consequence”). 4. The definition of risk includes both distinct events which are uncertain but can be clearly described, and more general conditions which are less specific but also may give risk to uncertainty. 5. The definition of project risk also encompasses uncertain events which could have a negative effect on a project’s objectives, as well as those which could have a positive effect. 6. It is important to address both threats and opportunities within a unified Project Risk Management process. This allows for the gain of synergies and efficiencies such as addressing both in the same analyses and coordinating the responses to both if they overlap or can reinforce each other. 7. Risks are uncertain future events or conditions which may or may not occur, but which would matter if they did occur. 8. It is important to distinguish risks from risk-related features, such as cause and effect. Causes are events or circumstances which currently exist or are certain to exist in the future and which might give rise to risks. 9. Effects are conditional future events or conditions which would directly affect one or more project objectives if the associated risk occurs. 10. The cause-risk-effect chain can be used in a structured risk statement or risk description to ensure that each of these three elements is properly described 11. When a risk event occurs, it ceases to become uncertain. 12. Threats which occur may be called issues or problems; opportunities which occur may be called benefits. 13. Both issues/problems and benefits entail project management actions that are outside the scope of the Project Risk Management process. 2.3 Individual Risks and Overall Project Risk:  It is useful to consider project risk at two levels: individual risks and overall project risk. 1. Individual risks are specific events or conditions that might affect project objectives. 2. An individual risk may positively or negatively affect one or more of the project objectives, elements, or tasks. 3. Understanding individual risks can assist in determining how to apply effort and resources to enhance the chances of project success. 4. Day-to-day Project Risk Management focuses on these individual risks in order to enhance the prospects of a successful project outcome. 5. Overall project risk represents the effect of uncertainty on the project as a whole. 6. Overall project risk is more than the sum of individual risks on a project, since it applies to the whole project rather than to individual elements or tasks. 7. Overall project risk represents the exposure of stakeholders to the implications of variations in project outcome.
  • 11. 8. Overall project risk is an important component of strategic decision-making, program and portfolio management, and project governance where investments are sanctioned or cancelled and priorities are set. 2.4 Stakeholder Risk Attitudes: 1. The risk attitudes of the project stakeholders determine the extent to which an individual risk or overall project risk matters. 2. A wide range of factors influence risk attitude, these include the scale of the project within the range of stakeholders’ overall activities, the strength of public commitments made about the performance of the project, and the stakeholders’ sensitivity to issues such as environmental impacts, industrial relations, and other factors. 3. Stakeholder risk attitudes usually result in a desire for increased certainty in project outcomes, and may express a preference for one project objective over another. 4. How risk is regarded is usually also strongly influenced by an organization’s culture. Different organizations are more or less open, and this often impacts the way risk management can be applied. 5. Understanding stakeholders’ attitudes toward risk is an important component of risk management planning that precedes risk identification and analysis, in order to optimize both project success and stakeholder satisfaction with the project’s results. 6. These attitudes should be identified and managed proactively and deliberately throughout the Project Risk Management process. 7. It is also important to understand the particular implications of stakeholder risk attitudes on projects where the team is international, cross-industry, or multi-organizational. 2.5 Iterative Process 1. It is the nature of projects that circumstances change as they are being planned and executed. 2. To ensure that Project Risk Management remains effective, the identification and analysis of risks should be revisited periodically, the progress on risk response actions should be monitored, and the action plans adjusted accordingly. 3. The frequency and depth of reviews and updates will depend on the nature of the project, the volatility of the environment in which the project is being implemented, and the timing of other project management reviews and updates. 2.6 Communication 1. Project Risk Management cannot take place in isolation. Success relies heavily on communication throughout the process. 2. Risk identification and analysis depend on comprehensive input from stakeholders in a project to ensure that nothing significant is overlooked and that risks are realistically assessed. 3. the effective and honest communication from the Project Risk Management process to the rest of the project team and other project stakeholders. 4. Communication of the results of the Project Risk Management process should be targeted to meet the specific needs of each stakeholder and should be reflected within the overall project communications strategy 2.7 Responsibility for Project Risk Management 1. risk management is everyone’s responsibility” 2. Project Risk Management should be included as an integral part of all other project processes. Since project risks can affect project objectives, anyone with an interest in achieving those objectives should play a role in Project Risk Management.
  • 12. 3. The specific roles depend on the project team members’ and other stakeholders’ place within the project and their relation to project objectives. 4. Roles and responsibilities for Project Risk Management should be clearly defined and communicated, and individuals should be held responsible and accountable for results. 5. the resulting actions required to implement agreed-upon responses and Responsibility should also be allocated for ensuring that risk-related lessons are captured for future use. 2.8 Project Manager’s Role for Project Risk Management … Very Important 1. The project manager has particular responsibilities in relation to the Project Risk Management process. 2. The project manager has overall responsibility for delivering a successful project which fully meets the defined objectives. 3. The project manager is accountable for the day-to-day management of the project, including effective risk management. 4. The role of the project manager may include:…… Important 1. Encouraging senior management support for Project Risk Management activities. 2. Determining the acceptable levels of risk for the project in consultation with stakeholders. 3. Developing and approving the risk management plan. 4. Promoting the Project Risk Management process for the project. 5. Facilitating open and honest communication about risk within the project team and with management and other stakeholders. 6. Participating in all aspects of the Project Risk Management process. 7. Approving risk responses and associated actions prior to implementation. 8. Applying project contingency funds to deal with identified risks that occur during the project. 9. Overseeing risk management by subcontractors and suppliers. 10. Regularly reporting risk status to key stakeholders, with recommendations for appropriate strategic decisions and actions to maintain acceptable risk exposure. 11. Escalating identified risks to senior management where appropriate: such risks include any which are outside the authority or control of the project manager, any which require input or action from outside the project, and any for which the release of management reserve funds might be appropriate. 12. Monitoring the efficiency and effectiveness of the Project Risk Management process. 13. Auditing risk responses for their effectiveness and documenting lessons learned.
  • 13. CHAPTER 3: INTRODUCTION TO PROJECT RISK MANAGEMENT PROCESSES 3.1 Project Risk Management and Project Management 1. Uncertainty is inevitable since projects are unique and temporary undertakings based on assumptions and constraints, delivering project results to multiple stakeholders with different requirements. 2. Project management can control this uncertain environment, through the use of structured and disciplined techniques such as estimating, planning, cost control, task allocation, earned value analysis, monitoring and review meetings, etc. 3. Project Risk Management provides an approach by which uncertainty can be understood, assessed, and managed within projects. 4. The outputs of Project Risk Management should be taken into account within many of the project management processes. They can, for example, impact: A. Estimating resource requirements, cost, or duration; B. Assessing the impact of proposed scope changes; C. Planning or re-planning the forward strategy of the project; D. Allocating resources to tasks; and E. Reporting progress to stakeholders. 5. effective Project Risk Management requires input from other project management processes. 6. Outputs such as the work breakdown structure (WBS), estimates, the project schedule, assumptions list, etc. are all important prerequisites for effective Project Risk Management. 3.2 Project Risk Management Processes 1. It is essential at the start of the Project Risk Management process to clearly define the objectives and different levels of risk, so each step in the Project Risk Management process should be scalable to meet the varying degrees of risk. 2. Scalable elements of the process include: A. Available resources, B. Methodology and processes used, C. Tools and techniques used, D. Supporting infrastructure, E. Review and update frequency, and F. Reporting requirements. 3. Project Risk Management activities, resources, and attention should be appropriate to the project since different projects warrant different levels of risk management application. 4. The main actions to provide the required tailoring are as follows: A. Define those objectives against which risks will be identified, B. Define how the elements of the Project Risk Management process will be scaled for this project, and C. Define risk thresholds, tolerances, and the assessment framework.
  • 14. Project Risk Management Process Flow Diagram
  • 15. 11.1 Plan Risk Management  Plan Risk Management is the process of defining how to conduct risk management activities for a project.  The key benefit of this process is it ensures that the degree, type, and visibility of risk management are commensurate with both the risks and the importance of the project to the organization.  The risk management plan is vital to communicate with and obtain agreement and support from all stakeholders to ensure the risk management process is supported and performed effectively over the project life cycle.  Purpose and Objectives of the Plan Risk Management Process are: 1. develop the overall risk management strategy for the project, 2. decide how the risk management processes will be executed, 3. integrate Project Risk Management with all other project management activities. 4. initial risk management planning should be carried out early in the overall planning of the project. 5. the corresponding risk management activities integrated into the overall project management plan. 6. The risk management plan may subsequently need to be adapted as the needs of the project and its stakeholders become clearer or change. 7. the risk management plan should describe how the project budget is evaluated, allocated, and managed. 8. The project management is a process of progressive elaboration, and repeated throughout the project.  There are two categories of success criteria for risk management 1. Project-Related Criteria. To assess the success of Project Risk Management, the stakeholders must agree 1. on an acceptable level of results for the project-related criteria (such as cost, time, and scope). In order to ensure consistency and agreement among stakeholders, 2. To provide guidance in risk management, particularly in prioritizing risk responses, stakeholders should also prioritize each project objective. 2. Process-Related Criteria. The measures for success in Project Risk Management depend on a number of factors, 1. The level of risk that is considered acceptable in a project depends on the risk attitudes of the relevant stakeholders. 2. The risk attitudes of both the organization and the stakeholders may be influenced by a number of factors, all of which need to be identified.  Guidelines and rules for escalating risk-related information to management and other stakeholders should reflect the risk attitudes and expectations of the corresponding stakeholders.  The project manager should maintain effective communication with the stakeholders as the project evolves, in order to become aware of any changes in the stakeholders’ attitudes and adapt the risk management approach to take any new facts into account.  If qualitative analysis uses such terms as “high impact” or “medium probability,” these should be defined objectively in the risk management plan. Similarly, the risk management plan should specify any key numerical values required in quantitative analysis or for decision-making in risk response planning or risk monitoring and control.  Risk management planning should establish the type and level of risk detail to be addressed and provide a template of the risk register that will be used for recording risk-related information.
  • 16.  The risk management plan should also indicate the intensity of effort and the frequency with which the various Project Risk Management processes should be applied; In order for the Project Risk Management processes to be carried out correctly and effectively,  the project team and other stakeholders need to know where and when they will be expected to participate, their criteria for determining success, their level of authority, and what action to take relative to actions or decisions beyond this level. Risk-related communication occurs at two levels:  within the project team, and between the project team and the other project stakeholders.  For the team, the plan describes the frequency and scope of the various risk management meetings and reports required to carry out the corresponding Project Risk Management processes as well as the structure and content of such meetings and reports.  For the other stakeholders, the plan sets their expectations as to the structure, content, and frequency of routine documents to be received Figure 11-2. Plan Risk Management: Inputs, Tools & Techniques, and Outputs 11.1.1 Plan Risk Management: Inputs 11.1.1.1 Project Management Plan The risk management plan is a component of the project management plan. The project management plan provides baseline or current state of risk-affected areas including scope, schedule, and cost. 11.1.1.2 Project Charter: The project charter can provide various inputs such as high-level risks, high-level project descriptions, and high-level requirements. 11.1.1.3 Stakeholder Register The stakeholder register, which contains all details related to the project’s stakeholders, provides an overview of their roles. 11.1.1.4 Enterprise Environmental Factors The enterprise environmental factors include,  risk attitudes,  thresholds, and  tolerances that describe the degree of risk that an organization will withstand. 11.1.1.5 Organizational Process Assets The organizational process assets that can influence the Plan Risk Management process include, Project charter Stakeholder register Meetings
  • 17.  Risk categories,  Common definitions of concepts and terms,  Risk statement formats,  Standard templates,  Roles and responsibilities,  Authority levels for decision making, and  Lessons learned. 11.1.2 Plan Risk Management: Tools and Techniques 11.1.2.1 Analytical Techniques  Analytical techniques are used to understand and define the overall risk management context of the project.  Risk management context is a combination of stakeholder risk attitudes and the strategic risk exposure of a given  Stakeholder risk profile analysis may be performed to grade and qualify the project stakeholder risk appetite and tolerance.  Strategic risk scoring sheets, are used to provide a high-level assessment of the risk exposure of the project based on the overall project context. 11.1.2.2 Expert Judgment To ensure a comprehensive establishment of the risk management plan, such as:  Senior management,  Project stakeholders,  Project managers who have worked on projects in the same area (directly or through lessons learned),  Subject matter experts (SMEs) in business or project area,  Industry groups and consultants, and  Professional and technical associations. 11.1.2.3 Meetings Project teams hold planning meetings to develop the risk management plan. Attendees at these meetings may include the project manager, selected project team members and stakeholders, anyone in the organization with responsibility to manage the risk planning and execution activities, and others, as needed. 4.3 Tools and Techniques for the Plan Risk Management Process 4.3.1 Planning Sessions  Planning sessions are recommended in order to build a common understanding of the project’s risk approach between project stakeholders and to gain agreement on the techniques to be used for managing risk.  The participants should include: the project manager, selected project team members and other stakeholders, members of the broader organization having responsibility for risk, and other subject matter experts or facilitators, as needed.  The initial risk responsibilities, methodology, templates, terms, definitions, time schedules, and cost budgets for the other Project Risk Management processes should be assigned and accepted.  These Session should be documented in the risk management plan, which, when formally approved,
  • 18. 4.3.2 Templates In order to benefit from experience and existing best practice, existing templates for work products, such as risk status reports, risk breakdown structures or the risk register. D.1.1.3 Risk Statement “Metalanguage” In order for all risks to be clearly defined, should be specified and applied.  “Because of <one or more causes>, <risk> might occur, which would lead to <one or more effects>”. D.1.1.4 Risk Prioritization and Selection Guidelines The selection and prioritization of risks must be linked to the project objectives.  reliability takes precedence over time,  one linked to a resource that will soon disappear should be given greater urgency 11.1.3 Plan Risk Management: Outputs 11.1.3.1 Risk Management Plan The risk management plan is a component of the project management plan and describes how risk management activities will be structured and performed. The risk management plan includes the following: a. Methodology. Defines the approaches, tools, and data sources that will be used to perform risk management on the project. b. Roles and responsibilities. Defines the lead, support, and risk management team members for each type of activity in the risk management plan, and clarifies their responsibilities. c. Budgeting. Estimates funds needed, based on assigned resources, for inclusion in the cost baseline and establishes protocols for application of contingency and management reserves. d. Timing. Defines when and how often the risk management processes will be performed throughout the project life cycle, e. Risk categories. Provide a means for grouping potential causes of risk. for example, a structure based on project objectives by category. A risk breakdown structure (RBS) helps the project team to look at many sources from which project risk may arise in a risk identification exercise.
  • 19. f. Definitions of risk probability and impact. The quality and credibility of the risk analysis requires that different levels of risk probability and impact be defined that are specific to the project context. g. Probability and impact matrix. is a grid for mapping the probability of each risk occurrence and its impact on project objectives if that risk occurs. h. Revised stakeholders’ tolerances. Stakeholders’ tolerances, may be revised in the Plan Risk Management process. i. j. Reporting formats. Reporting formats define how the outcomes of the risk management process will be documented, analyzed, and communicated. k. Tracking. Tracking documents how risk activities will be recorded for the benefit of the current project and how risk management processes will be audited. 4.2 Critical Success Factors for the Plan Risk Management Process The principal criteria for a valid risk management plan are:  acceptance by the stakeholders,  alignment with the internal and external constraints on the project,  balance between cost or effort and benefit,  completeness with respect to the needs of the Project Risk Management process. 4.2.1 Identify and Address Barriers to Successful Project Risk Management  The time and effort required to carry out the Plan Risk Management process will not be supported unless the stakeholders, and especially management in the organization responsible for the project,  A clear definition of the project objectives and a high-level view of the project environment and solution approach are required to provide a valid basis for risk management.  An organization inexperienced in risk management planning may need to develop its own approach such as: standard templates, predefined risk categories, and definition of concepts and terms, roles, responsibilities, and authority levels. Access to relevant lessons learned at this stage will allow this experience to be taken into account from the start of the project.  The risk management plan will not deliver its value unless Project Risk Management is carried out as an integral part of the project.  The corresponding activities should be built into the project work breakdown structure and included in the corresponding schedule, budget, and work-assignment documents. 4.2.2 Involve Project Stakeholders in Project Risk Management  The project manager needs to involve the project stakeholders in the Plan Risk Management activities to ensure their understanding of, and commitment to, the full Project Risk Management process.  The provision for risk management resources should be approved by management in accordance with agreed-upon objectives.  Management should be involved in the analysis of the level of resourcing required for managing project risk and accept the risks that may arise from specific limitations placed on the provision of resources.  Disagreements between stakeholders in the areas of risk tolerance and evaluation measures should be addressed and resolved. 4.2.3 Comply with the Organization’s Objectives, Policies, and Practices The feasibility of risk management planning is: dependent upon
  • 20.  the features of the organization in which it is carried out.  The rules and guidelines defined in the risk management plan should be compatible with the culture of the organization,  its capabilities from the point of view of people and facilities, and its values, goals, and objectives.  Project management in general, and risk management in particular, contribute to the organization’s effective governance. such as strategic risk management or corporate governance processes.
  • 21. 11.2 Identify Risks  Identify Risks is the process: determining which risks may affect the project and documenting their characteristics.  The key benefit of this process is the documentation of existing risks and the knowledge and ability it provides to the project team to anticipate events.  Purpose and Objectives of the Identify Risks Process  Risk cannot be managed unless it is first identified.  impossible to identify all the risks at the outset of a project.  to identify risks to the maximum extent that is practicable.  The fact that some risks are unknowable or emergent requires the Identify Risk process to be iterative,  repeating the Identify Risks process to find new risks which have become knowable since the previous iteration of the process. Figure 11-5. Identify Risks: Inputs, Tools & Techniques, and Outputs 11.2.1 Identify Risks: Inputs 11.2.1.1 Risk Management Plan  the Identify Risks process are the assignments of roles and responsibilities, provision for risk management activities in the budget and schedule, and categories of risk, which are sometimes expressed as a risk breakdown structure 11.2.1.2 Cost Management Plan  The cost management plan provides processes and controls that can be used to help identify risks across the project. Schedule management Activity cost estimates Stakeholder register techniques
  • 22. 11.2.1.3 Schedule Management Plan  The schedule management plan provides insight to project time/schedule objectives and expectations which may be impacted by risks (known and unknown). 11.2.1.4 Quality Management Plan  The quality management plan provides a baseline of quality measures and metrics for use in identifying risks. 11.2.1.5 Human Resource Management Plan  The human resource management plan provides guidance on how project human resources should be defined, staffed, managed, and eventually released. It can also contain roles and responsibilities, project organization charts, and the staffing management plan, which form a key input to identify risk process. 11.2.1.6 Scope Baseline  Project assumptions are found in the project scope statement.  The WBS is a critical input to identifying risks as it facilitates an understanding of the potential risks at both the micro and macro levels. 11.2.1.7 Activity Cost Estimates  Activity cost estimate reviews are useful in identifying risks as they provide a quantitative assessment of the likely cost to complete scheduled activities and ideally are expressed 11.2.1.8 Activity Duration Estimates  Activity duration estimate reviews are useful in identifying risks related to the time allowances for the activities or project as a whole, again with the width of the range of such estimates indicating the relative degree(s) of risk. 11.2.1.9 Stakeholder Register  Information about the stakeholders is useful for soliciting inputs to identify risks, key stakeholders, especially the sponsor and customer, are interviewed or otherwise participate during the Identify Risks process. 11.2.1.10 Project Documents Project documents provide the project team with information and improve cross-team and stakeholder communications and include:  Project charter,  Project schedule,  Project schedule network diagrams,  Issue log,  Quality checklists, and  Other information proven to be valuable in identifying risks. 11.2.1.11 Procurement Documents  the procurement of resources, procurement documents become a key input to the Identify Risks process. 11.2.1.12 Enterprise Environmental Factors Enterprise environmental factors include:
  • 23.  Published information, including commercial databases,  Academic studies,  Published checklists,  Benchmarking,  Industry studies, and  Risk attitudes. 11.2.1.13 Organizational Process Assets Organizational process assets n include :  Project files, including actual data,  Organizational and project process controls,  Risk statement formats or templates,  Lessons learned. 11.2.2 Identify Risks: Tools and Techniques 11.2.2.1 Documentation Reviews A structured review of the project documentation may be performed, 11.2.2.2 Information Gathering Techniques Examples of information gathering techniques used in identifying risks can include: • Brainstorming.  The goal of brainstorming is to obtain a comprehensive list of project risks.  Risk is generated under the leadership of a facilitator,  Categories of risk, such as in a risk breakdown structure, • Delphi technique.  The Delphi technique is a way to reach a consensus of experts.  Project risk experts participate in this technique anonymously.  A facilitator uses a questionnaire to solicit ideas  The Delphi technique helps reduce bias in the data and keeps any one person from having undue influence on the outcome. • Interviewing.  Interviewing experienced project participants, stakeholders, and subject matter experts helps to identify risks. • Root cause analysis.  Root-cause analysis is a specific technique used to identify a problem, discover the underlying causes that lead to it, and develop preventive action. 11.2.2.3 Checklist Analysis  Risk identification checklists are developed based on historical information and knowledge  The lowest level of the RBS can also be used as a risk checklist.  The checklist should be reviewed during project closure to incorporate new lessons learned and improve it for use on future projects.
  • 24. 11.2.2.4 Assumptions Analysis  Assumptions analysis is identifying risks to the project from inaccuracy, instability, inconsistency, or incompleteness of assumptions. 11.2.2.5 Diagramming Techniques Risk diagramming techniques may include:  Cause and effect diagrams: known as Ishikawa or fishbone diagrams and are useful for identifying causes of risks.  System or process flow charts. To show how various elements of a system interrelate and the mechanism of causation.  Influence diagrams. These are graphical representations of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes, as shown 11.2.2.6 SWOT Analysis  This technique examines the project from each of the strengths, weaknesses, opportunities, and threats (SWOT) perspectives to increase the breadth of identified risks by including internally generated risks.  The technique starts with identification of strengths and weaknesses of the organization, focusing on either the project, organization, or the business area in general.  SWOT analysis then identifies any opportunities for the project that arise from organizational strengths, and any threats arising from organizational weaknesses.  The analysis also examines the degree to which organizational strengths offset threats, as well as identifying opportunities that may serve to overcome weaknesses. 11.2.2.7 Expert Judgment  Risks may be identified directly by experts with relevant experience with similar projects or business areas.  previous experience and areas of expertise. The experts’ bias should be taken into account in this process. 5.3 Tools and Techniques for the identify Risks Process: 5.3.1 Historical Review ===Past === Identification Cheek list: 1. Historical reviews are based on what occurred in the past, either on this project, or other similar projects 2. Historical review approaches rely on careful selection of comparable situations 3. The risks identified in the selected historical situation should be considered, 5.3.2 Current Assessments === Present === Assumptions analysis: 1. Current assessments rely on detailed consideration of the current project to expose areas of uncertainty. 2. current assessment techniques do not rely on outside reference points, 5.3.3 Creativity Techniques === Future === Brainstorming: 1. A wide range of creativity techniques can be used for risk identification, 2. The outcomes or effectiveness of these techniques depend on the ability of participants to think creatively. 3. These techniques depend on the ability of participants to think creatively, and their success is enhanced by use of a skilled facilitator. 4. E ach category of risk identification technique has strengths and weaknesses, and no single technique can be expected to reveal all knowable risks.
  • 25. For example, 1. a project may choose to use a risk identification checklist (historical review), together with assumptions analysis (current assessment) and brainstorming (creativity). Note: 1. Risk breakdown structure Use to organizes the categories of potential risks on the project, 2. a prompt list, or a set of generic list categories may assist in ensuring that as many sources of risk as practicable have been addressed, while recognizing that no such tools are complete nor can they replace original thinking. 3. Use of structured risk descriptions can ensure clarity, Risk meta-language offers: a useful way of distinguishing a risk from its cause(s) and effect(s), describing each risk using three-part statements in the form: “As a result of cause, risk may occur, which would lead to effect.” The relationship between cause, risk, and effect Figure 5-2. Cause, Risk, and Effect D.2 Techniques, Examples and Templates for Identify Risks Identify Risks is carried out in order to develop a comprehensive list of all knowable uncertainties that could have an effect on the project’s objectives. D.2.1.1 Assumptions and Constraints Analysis:  List assumptions and constraints for the project and generate a risk, D.2.1.2 Brainstorming  Brainstorming is commonly used in a facilitated risk identification workshop to identify risks. D.2.1.3 Cause and Effect (Ishikawa) Diagrams  when using this technique for risk identification to distinguish between risks (uncertain causes of the impact) and issues (certain causes of the impact). D.2.1.4 Checklists  Checklists are compiled to capture previous project experience and allow it to be used for subsequent similar projects and It is useful to present the checklist as a set of risks D.2.1.5 Delphi Technique  The Delphi technique uses a facilitated anonymous polling of subject matter experts to identify risks in their area of expertise by The facilitator
  • 26. D.2.1.6 Document Review  Risks can be identified through careful review of project documentation, including the project charter, statement of work, contract terms and conditions, subcontracts, technical specifications, regulatory requirements, legal stipulations etc (where relevant). D.2.1.7 FMEA/Fault Tree Analysis Failure Modes and Effects Analysis (FMEA) or Fault Tree Analysis is 1. the analysis of a model structured to identify the various elements that can cause system failure by themselves, or in combination with others, 2. Fault tree analysis is typically used in engineering contexts. 3. It can be adapted for use to identify risks by analyzing how risk impacts might arise. 4. Another result is the probability of failure (or of reliability, mean time between failure, etc.) of the overall system, indicating the level of quality of the system or product. D.2.1.8 Force Field Analysis  Force Field Analysis is typically used in the change management context risk identification by identifying driving forces (“forces for change”) and restraining forces (“forces against change”) D.2.1.9 Industry Knowledge Base  An industry knowledge base is a special case of a checklist and is used similarly. D.2.1.10 Influence Diagrams it is: 1. a diagrammatic representation of a project situation, showing the main entities, decision points, uncertainties, and outcomes, and indicating the relationships (influences) between them. 2. The influence diagram can identify risks when combined with sensitivity analysis or Monte Carlo simulation to reveal sources of risk within the project. D.2.1.11 Interviews Risk identification interviews 1. all main stakeholders be conducted by an independent skilled interviewer using a structured agenda, in an atmosphere of confidentiality, honesty, and mutual trust. 2. A risk breakdown structure, checklist or prompt list can be used as a framework for risk interviews. D.2.1.12 Nominal Group Technique  The Nominal Group Technique is an adaptation of brainstorming D.2.1.13 Post-Project Reviews/Lessons Learned/Historical Information  databases might arise from post-project reviews or lessons learned exercises. D.2.1.14 Prompt Lists 1. A prompt list is a set of risk categories which can be used to stimulate risk identification. 2. The prompt list may be presented as a risk breakdown structure D.2.1.15 Questionnaire  A risk identification questionnaire can be presented as a special form of checklist “Is the client’s requirement clearly defined?”) D.2.1.16 Risk Breakdown Structure (RBS)  The risk breakdown structure (RBS) is a hierarchical framework of potential sources of risk to a project D.2.1.17 Root-Cause Analysis 1. A root cause analysis seeks to identify basic causes of risks that may be visible symptoms of more fundamental forces. 2. care needs to be taken when using this technique for risk identification to distinguish between risks (uncertain causes of the impact) and issues (certain causes of the impact).
  • 27. D.2.1.18 SWOT Analysis 1. SWOT Analysis identifies four characteristics of a given situation: strengths, weaknesses, opportunities and threats. 2. The technique is commonly used in strategic decision making. 3. It can be adapted for risk identification by changing the interpretation of the four perspectives, such that strengths and weaknesses relate to the characteristics of the organization conducting the project, and opportunities and threats identify the project risks. 4. The technique is particularly useful for identifying internally-generated risks arising from within the organization. D.2.1.19 System Dynamics  System dynamics (SD) is model represents entities and information flows within a project, and analysis of the model can reveal feed-back and feed-forward loops which lead to uncertainty or instability. D.2.1.20 WBS Review  The work breakdown structure (WBS) for a project can form a framework for a number of other risk identification techniques, such as brainstorming, risk interviews, checklists or prompt lists.
  • 29. 11.2.3 Identify Risks: Outputs 11.2.3.1 Risk Register  The primary output from Identify Risks is the initial entry into the risk register.  List of identified risks.
  • 30.  The identified risks are described in as much detail as is reasonable. For example, EVENT may occur causing IMPACT, or If CAUSE exists, EVENT may occur leading to EFFECT.  In addition to the list of identified risks, the root causes of those risks may become more evident.  These are the fundamental conditions or events that may give rise to one or more identified risks. They should be recorded and used to support future risk identification for this and other projects.  List of potential responses.  Potential responses to a risk may sometimes be identified during the Identify Risks process.  These responses, if identified in this process, should be used as inputs to the Plan Risk Responses process. 5.2 Critical Success Factors for the Identify Risks Process The practices described:  maximize the value and effectiveness of the Identify Risks process and enhance the likelihood of identifying as many risks as practicable. 5.2.1 Early Identification  Risk identification should be performed as early as possible in the project lifecycle  Early risk identification enables key project decisions to take maximum account of risks inherent in the project, and may result in changes to the project strategy.  maximizes the time available for development and implementation of risk responses, which enhances efficiency. 5.2.2 Iterative Identification:  The risk identification is repeated throughout the project life cycle.  It should be done periodically, at a frequency determined during the Plan Risk Management process.  Risk identification might also be repeated at key milestones in the project, or whenever there is significant change to the project or its operating environment. 5.2.3 Emergent Identification:  In addition to invoking the Identify Risks process, the Project Risk Management process should permit risks to be identified at any time, 5.2.4 Comprehensive Identification:  A broad range of sources of risk should be considered to ensure that many uncertainties that might affect objectives have been identified. 5.2.5 Explicit Identification of Opportunities:  The Identify Risks process should ensure opportunities are properly considered. 5.2.6 Multiple Perspectives:  The Identify Risks process should take input from a broad range of project stakeholders to ensure that all perspectives are represented and considered. 5.2.7 Risks Linked to Project Objectives:  Each identified project risk should relate to at least one project objective (time, cost, quality, scope, etc.).  Defines risk as an uncertain event or condition that, if it occurs, has a positive or a negative effect on a project’s objectives.  Noting that some risks may affect more than one objective.
  • 31. 5.2.8 Complete Risk Statement  Identified risks should be clearly and unambiguously described.  Single words or phrases such as “resources” or “logistics” are inadequate and do not properly communicate the nature of the risk. 26 5.2.9 Ownership and Level of Detail:  Risks can be identified at a number of levels of detail.  A generalized or high-level description of risk can make it difficult to develop responses and assign ownership,  Describing risks in a lot of detail can create a great deal of work.  Each risk should be described at a level of detail at which it can be assigned to a single risk owner with clear responsibility and accountability for its management.  Trigger conditions should also be identified where this is possible and appropriate. 5.2.10 Objectivity:  All human activities are susceptible to bias  motivational biases, where someone is trying to bias the result in one direction or another  cognitive biases, where biases occur as people are using their best judgment and applying heuristics, may occur.  Sources of bias should be exposed wherever possible, and their effect on the risk process should be managed proactively.  The aim is to minimize subjectivity, and allow open and honest identification of as many risks as possible to the project. 5.4 Documenting the Results of the Identify Risks Process 1. The results from the Identify Risks process should be recorded in order to capture all relevant information currently available for each identified risk. 2. The main output from the Identify Risks process  is the risk register.  structured risk description  the nominated risk owner for each risk,  Information on the causes and effects of the risk,  trigger conditions, and preliminary responses.
  • 32. 11.3 Perform Qualitative Risk Analysis  Perform Qualitative Risk Analysis is  the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.  The key benefit of this process is  it enables project managers to reduce the level of uncertainty and to focus on high-priority risks.  Perform Qualitative Risk Analysis assesses the priority of identified risks using their relative probability or likelihood of occurrence, such assessments reflect the risk attitude of the project team and other stakeholders.  Effective assessment therefore requires explicit identification and management of the risk approaches of key participants in the Perform Qualitative Risk Analysis process.  Perform Qualitative Risk Analysis is usually a rapid and regularly throughout the project life cycle, 6.1 Purpose and Objectives of the Perform Qualitative Risk Analysis Process 1. The Perform Qualitative Risk Analysis process assesses and evaluates characteristics of individually identified project risks and prioritizes risks based on agreed-upon characteristics. 2. Assessing individual risks using qualitative risk analysis evaluates the probability that each risk will occur and the effect of each individual risk on the project objectives. 3. it does not directly address the overall risk to project objectives that results from the combined effect of all risks and their potential interactions with each other. 4. to categorize risks according to their sources or causes. 5. Risks that are assessed as high priority to either threaten or to enhance the achievement of project objectives will be an important focus in the Plan Risk Responses process. Perform Qualitative Risk Analysis: Inputs, Tools & Techniques, and Outputs 11.3.1 Perform Qualitative Risk Analysis: Inputs 11.3.1.1 Risk Management Plan  Key elements of the risk management plan used in the Perform Qualitative Risk Analysis process include roles and responsibilities for conducting risk management, budgets, schedule activities for risk management, risk categories, definitions of probability and impact, the probability and impact matrix, and revised stakeholders’ risk tolerances. 11.3.1.2 Scope Baseline  Projects using state-of-the-art or first-of-its-kind technology, and highly complex projects, tend to have more uncertainty.
  • 33. 11.3.1.3 Risk Register  The risk register contains the information that will be used to assess and prioritize risks. 11.3.1.4 Enterprise Environmental Factors Enterprise environmental factors may provide insight and context to the risk assessment, such as:  Industry studies of similar projects by risk specialists, and  Risk databases that may be available from industry or proprietary sources. 11.3.1.5 Organizational Process Assets  The organizational process assets that can influence the Perform Qualitative Risk Analysis process include information on prior, similar completed projects. 11.3.2 Perform Qualitative Risk Analysis: Tools and Techniques 11.3.2.1 Risk Probability and Impact Assessment:  Risk probability assessment investigates the likelihood that each specific risk will occur.  Probability and impact are assessed for each identified risk.  Risks can be assessed in interviews or meetings with Project team members and knowledgeable persons external to the project are included.  Risks with low ratings of probability and impact will be included within the risk register as part of the watch list for future monitoring. 11.3.2.2 Probability and Impact Matrix:  Risks can be prioritized for further quantitative analysis and planning risk responses based on their risk rating.  Ratings are assigned to risks based on their assessed probability and impact.  Evaluation of each risk’s importance and priority for attention is typically conducted using a look-up table or a probability and impact matrix.  Risk rating rules can be tailored in the Plan Risk Management process to the specific project. 11.3.2.3 Risk Data Quality Assessment:  Risk data quality assessment is a technique to evaluate the degree to which the data about risks is useful for risk management.  Examining the degree to which the risk is understood and the accuracy, quality, reliability, and integrity of the data about the risk.  The use of low-quality risk data may lead to a qualitative risk analysis of little use to the project. If data quality is unacceptable 11.3.2.4 Risk Categorization: Risks to the project can be categorized by:  sources of risk (e.g., using the RBS),  the area of the project affected (e.g., using the WBS),  other useful categories (e.g., project phase) to determine the areas of the project most exposed to the effects of uncertainty.  Risks can also be categorized by common root causes to determine work packages, activities, project phases or even roles in the project, 11.3.2.5 Risk Urgency Assessment:  Risks requiring near-term responses may be considered more urgent to address.  Indicators of priority may include probability of detecting the risk, time to affect a risk response, symptoms and warning signs, and the risk rating. 11.3.2.6 Expert Judgment:  Expert judgment is required to assess the probability and impact of each risk to determine its location in the matrix
  • 34. 6 .3 Tools and Techniques for the Perform Qualitative Risk Analysis Process The tools and techniques used for assessing individual risks will identify the risks that are important to the project’s success. Figure 6-2. The Perform Qualitative Risk Analysis Process 6.3.1 Select Risk Characteristics that Defi ne Risks’ Importance: 1. Qualitative risk analysis tools provide ways to distinguish those risks that are important for response or further analysis from those that are less important. 2. The criteria that make a risk of interest to management are agreed upon in advance and implemented in the tools used. 3. Output from qualitative risk analysis tools includes a listing of risks in priority order or in priority groups (e.g., high, moderate, and low). 4. The tools for qualitative risk analysis allow the organization or project stakeholders to specify those levels or combinations of risk characteristics that make a particular risk of interest to management. 6.3.2 Collect and Analyze Data : 1. Assessment of individual risks is based on information collected about them. 2. Data collection and evaluation tools, including interviews, workshops, and references to databases of prior projects, require management support and attention. 3. It is important to protect against bias in data gathering, which is important when relying on expert judgment for the information. 6.3.3 Prioritize Risks by Probability and Impact on Specific Objectives: 1. Some tools permit distinguishing a risk’s priority in terms of the affected objective. 2. This capability provides a list of risks that are important for any specific objective of interest to management. 6.3.4 Prioritize Risks by Probability and Impact on Overall Project:  The technique for creating the overall risk priority measure should be documented in the Plan Risk Management process. 6.3.5 Categorize Risk Causes
  • 35. 1. Categorizing risks appropriately lead to improved analysis of the probability and magnitude of project risk and to effective responses. 2. Understanding the relationships between risks may provide a better understanding of the possibility and magnitude of project risk than if risks are only considered as separate and independent events. 3. Identifying common root causes of a group of risks, for instance, may reveal both the magnitude of the risk event for the group as a whole along with effective strategies that might address several risks simultaneously. 4. A combination of the risk analysis information with the work breakdown structure (WBS) can show which areas of the project exhibit the most risk. 5. Assessing the high-priority risks’ impact on one objective, such as the schedule, may indicate which activities to address to reduce that objective’s uncertainty. D.3 Techniques, Examples and Templates for Perform Qualitative Risk D.3.1.3 Analytic Hierarchy Process (AHP) 1. A HP is a method to calibrate preferences for achieving the different objectives of a project. 2. This prioritization can be important in determining how trade-offs affecting different objectives (e.g., Should we reduce scope to finish on time?) will be decided. 3. It can also be used to create an overall project risk priority list from risks that have been assessed on their implications for individual objectives. 4. Specialized software implementing AHP is available. A spreadsheet implementation is shown below.
  • 36. 11.3.3 Perform Qualitative Risk Analysis: Outputs 11.3.3.1 Project Documents Updates Project documents that may be updated include, :
  • 37. Risk register updates. 1. As new information becomes available through the qualitative risk assessment, the risk register is updated. 2. Updates to the risk register may include assessments of probability and impacts for each risk, risk ranking or scores, risk urgency information or risk categorization, and a watch list for low probability risks or risks requiring further analysis.  Assumptions log updates. 1. As new information becomes available through the qualitative risk assessment, assumptions could change. 2. The assumptions log needs to be revisited to accommodate this new information. Assumptions may be incorporated into the project scope statement or in a separate assumptions log. 6.2 Critical Success Factors for the Perform Qualitative Risk Analysis Process Several factors that lead to successful qualitative risk analysis are: 1. Agreement of the project stakeholders is a fundamental criterion and a common theme. 2. The agreed-upon approach is the foundation of process credibility. 3. Then, agreed-upon definitions enable high-quality information to be collected. 4. Finally, with these conditions in place, the process can be executed reliably, which contributes to the credibility of its outputs. Figure 6 -1. Building Risk Analysis Credibility 6.2.1 Use Agreed-Upon Approach The process is based on an agreed-upon approach 1. to this assessment that is applied across all of the identified risks in any project. 2. By the nature of project risk, all risks may be assessed according to probability of occurrence and impact on individual objectives should the risk occur. Other factors may be considered in determining the importance of a risk as follows: • Urgency (proximity). 1. Risks requiring near term responses may be considered more urgent to address. 2. Indicators of urgency can include the lead time necessary to execute a risk response and the clarity of symptoms and warning signs (also known as detectability) that may trigger the response. • Manageability.
  • 38. 1. Some risks are not manageable and it would be a waste of resources to attempt to address them. 2. The project team may examine these and decide to:  Go forward, perhaps establishing a contingency reserve.  Stop or re-scope the project because these risks pose an unmanageable threat or an opportunity that should not be missed with high probability and consequences.  Inform the customer of the risks and ask for a decision from their point of view.  Impact external to the project. A risk may increase in importance if it affects the enterprise beyond the project. 6.2.2 Use Agreed-Upon Definitions of Risk Terms 1. The risk assessment should be based on agreed-upon definitions of important terms, and those definitions should be used consistently when assessing each risk. 2. For example, of levels of probability and of impact on objectives, assists the providers of the information in giving realistic assessments for each risk, and facilitates the communication of the results to management and other stakeholders. 32 6.2.3 Collect High-Quality Information about Risks 1. Collection of high-quality information about risks is required. 2. Any historic database and should be gathered by interviews, workshops, and other means using expert judgment. 3. Data gathered from individuals may be subject to reporting or intentional bias. 4. When this occurs, the bias should be identified and remedied where possible, or a different, unbiased source of information should be found and used. 6.2.4 Perform Iterative Qualitative Risk Analysis 1. The success of qualitative risk analysis is enhanced if the process is used periodically throughout the project. 2. The Identify Risks and Perform Qualitative Analysis processes should be repeated periodically for individual risks. 3. The frequency of this effort will be planned in the Plan Risk Management process, but may also depend on events within the project itself. 6.3. Document the Results of the Perform Qualitative Risk Analysis Process 1. The Perform Qualitative Risk Analysis process adds structure to the list of undifferentiated risks into categories of priority. 2. Priorities are usually based on the risk’s probability of occurring and its potential impact on specific project objectives or on the whole project. 3. Each identified risk is assigned a priority, perhaps by objective or for the entire project. 4. The information is usually stored in the risk register which is easy to use and update with new information. 5. The risk register list of prioritized risks is posted to the project participants who are responsible for further analysis or action to improve the project plan. 6. Risks that are judged to have high priority are segregated for further analysis and response planning and are generally monitored frequently. 7. Risks of low priority to the project may be placed on a watch list and are reviewed less often for changes in their status.
  • 39. Amer Elbaz PMI-PMP&RMP Page # 9 11.4 Perform Quantitative Risk Analysis  Perform Quantitative Risk Analysis is  the process of numerically analyzing the effect of identified risks on overall project objectives.  The key benefit of this process is it produces quantitative risk information to support decision making in order to reduce project uncertainty. 1. Perform Quantitative Risk Analysis is performed on risks that have been prioritized by the Perform Qualitative Risk Analysis process as potentially and substantially impacting the project’s competing demands. 2. The Perform Quantitative Risk Analysis process analyzes the effect of those risks on project objectives. 3. It is used mostly to evaluate the aggregate effect of all risks affecting the project to assign a numerical priority rating to those risks individually. 4. Perform Quantitative Risk Analysis generally follows the Perform Qualitative Risk Analysis process. 5. Perform Quantitative Risk Analysis should be repeated, as needed, as part of the Control Risks process to determine if the overall project risk has been satisfactorily decreased. 7.1 Purpose and Objectives of the Perform Quantitative Risk Analysis Process 1. The Perform Quantitative Risk Analysis process provides a numerical estimate of the overall effect of risk on the objectives of the project, based on current plans and information, when considering risks simultaneously. 2. it used to evaluate the likelihood of success in achieving project objectives and to estimate contingency reserves, usually for time and cost that are appropriate to both the risks and the risk tolerance of project stakeholders. 3. It is generally accepted that analyzing uncertainty in the project using quantitative techniques such as Monte Carlo simulation 4. Partial risk analyses, such as qualitative risk analysis, aim at prioritizing individual risks viewed one at a time and therefore cannot produce measures of overall project risk when all risks are considered simultaneously. 5. Calculating estimates of overall project risk is the focus of the Perform Quantitative Risk Analysis process. 6. The implementation of overall risk analysis using quantitative methods requires: A. Complete and accurate representation of the project objectives built up from individual project elements. Examples of these representations include the project schedule or cost estimate. B. Identifying risks on individual project elements such as schedule activities or line- item costs at a level of detail that lends itself to specific c assessment of individual risks. C. Including generic risks that have a broader effect than individual project elements. D. Applying a quantitative method (such as Monte Carlo simulation or decision tree analysis) that incorporates multiple risks simultaneously in determining overall impact on the overall project objective.
  • 40. Amer Elbaz PMI-PMP&RMP Page # 10 7 Results of the quantitative analysis will be compared to the project plan (baseline or current) to give management an estimate of the overall project risk and will answer important questions such as: A. What is the probability of meeting the project’s objectives? B. How much contingency reserve (e.g., reserves or buffers of time, resources, and cost) is needed to provide the organization with the level of certainty it requires based upon its risk tolerance? C. What are those parts of the project, such as line-item costs or schedule activities, which contribute the most risk when all risks are considered simultaneously? D. Which individual risks contribute the most to overall project risk? E. A high-level comparison of quantitative and qualitative risk analysis processes is Figure 7-1. Comparison of Qualitative and Quantitative Approaches Figure 11-11. Perform Quantitative Risk Analysis: Inputs, Tools & Techniques, and Outputs Schedule management techniques Quantitative risk analysis updates
  • 41. Amer Elbaz PMI-PMP&RMP Page # 11 11.4.1 Perform Quantitative Risk Analysis: Inputs 11.4.1.1 Risk Management Plan 11.4.1.2 Cost Management Plan 11.4.1.3 Schedule Management Plan 11.4.1.4 Risk Register 11.4.1.5 Enterprise Environmental Factors Enterprise environmental factors may provide: • Industry studies of similar projects by risk specialists, and • Risk databases that may be available from industry or proprietary sources. 11.4.1.6 Organizational Process Assets The organizational process assets that can influence the Perform Quantitative Risk Analysis process include information from prior, similar completed projects. 11.4.2 Perform Quantitative Risk Analysis: Tools and Techniques 11.4.2.1 Data Gathering and Representation Techniques • Interviewing. 1. Interviewing techniques draw on experience and historical data to quantify the probability and impact of risks on project objectives. • Probability distributions. 1. Continuous probability distributions, which are used extensively in modelling and simulation, represent the uncertainty in values such as durations of schedule activities and costs of project components. 2. Discrete distributions can be used to represent uncertain events, such as the outcome of a test or a possible scenario in a decision tree. 3. Uniform distributions can be used if there is no obvious value that is more likely than any other between specified high and low bounds, such as in the early concept stage of design. 11.4.2.2 Quantitative Risk Analysis and Modelling Techniques Commonly used techniques use both event-oriented and project-oriented analysis approaches, including: • Sensitivity analysis. 1. Sensitivity analysis helps to determine which risks have the most potential impact on the project. 2. It helps to understand how the variations in project’s objectives correlate with variations in different uncertainties. 3. The Tornado diagram is also helpful in analyzing risk-taking scenarios enabled on specific risks whose quantitative analysis highlights possible benefits greater than corresponding identified negative impacts.
  • 42. Amer Elbaz PMI-PMP&RMP Page # 12 4. A tornado diagram is a special type of bar chart used in sensitivity analysis for comparing the relative importance of the variables. •Expected monetary value analysis. 1. Expected monetary value (EMV) analysis is a statistical concept that calculates the average outcome when the future includes scenarios that may or may not happen (i.e., analysis under uncertainty). 2. The EMV of opportunities are generally expressed as positive values, while those of threats are expressed as negative values. 3. EMV requires a risk-neutral assumption— neither risk averse nor risk seeking. 4. EMV for a project is calculated by multiplying the value of each possible outcome by its probability of occurrence and adding the products together. • Modelling and simulation. 1. project simulation uses a model that translates the specified detailed uncertainties of the project into their potential impact on project objectives. 2. Simulations are typically performed using the Monte Carlo technique. 11.4.2.3 Expert Judgment  Expert judgment is required to identify potential cost and schedule impacts, to evaluate probability, and to define inputs such as probability distributions into the tools. 7.3 Tools and Techniques for the Perform Quantitative Risk Analysis Process Tools and techniques used appropriately for quantitative risk analysis have several characteristics, as follows: 7.3.1 Comprehensive Risk Representation …. Important 1. Risk models permit representation of many, if not all, of the risks that have impact on an objective simultaneously. 2. They also permit the representation of both opportunities and threats to the project’s objectives. 7.3.2 Risk Impact Calculation  Quantitative models facilitate the correct calculation of the effect of many risks, which are typically described at the level of the total project. 7.3.3 Quantitative Method Appropriate to Analyzing Uncertainty 1. Probability models use a quantitative method that addresses uncertainty. 2. A good example of this is the use of Monte Carlo simulation tools that permit the combination of probability distributions of line-item costs or schedule activity durations, many of which are uncertain. 7.3.4 Data Gathering Tools 1. Data gathering tools used in this process include assessment of historical data and workshops, interviews, or questionnaires to gather quantified information 2. for example, on the probability of a risk occurring, a probability distribution of its potential impacts on cost or time, or relationships such as correlation between risks. 7.3.5 Effective Presentation of Quantitative Analysis Results 1. Results from the quantitative tools are generally not available in standard deterministic project management methods such as project scheduling or cost estimating.
  • 43. Amer Elbaz PMI-PMP&RMP Page # 13 2. Examples of these are the probability distribution of project completion dates or total costs and the expected value of a project decision. 3. These results, when all risks are considered simultaneously, include the following: A. Probability of achieving a project objective such as finishing on time or within budget. B. Amount of contingency reserve in cost, time, or resources needed to provide a required level of confidence. C. Identity or location within the project model of the most important risks. An example of this is a sensitivity analysis in a cost risk analysis or a criticality analysis in a schedule risk analysis. The elements of a quantitative risk analysis are illustrated …. Important Figure 7-2. Structure of a Quantitative Risk Analysis 7.3.6 Iterative Quantitative Risk Analysis 1. The success of the Perform Quantitative Risk Analysis process is enhanced if the process is used periodically throughout the project. 2. It is impossible to know in advance all of the risks that may occur in a project. 3. Often quantitative risk analysis should be repeated as the project proceeds. 7.3.7 Information for Response Planning 1. Overall project contingency reserve in time and cost should be reflected in the project’s schedule and budget. Quantitative risk analysis provides information that may be used to modify the project plan D.4 Techniques, Examples and Templates for Perform Quantitative Risk Analysis (Chapter 7) 1. Perform Quantitative Risk Analysis seeks to determine the overall risk to project objectives when all risks potentially operate simultaneously on the project. 2. It provides answers to several questions:
  • 44. Amer Elbaz PMI-PMP&RMP Page # 14 A. How likely is the project to complete on the schedule date or earlier? How likely is the project actual cost to be the budgeted cost or less? How reliable will the product be that the project produces? What is the best decision to make in the face of uncertain results? B. How much contingency in time and cost is needed to provide the organization with its desired degree of confidence in the results? How should the design of the product or system be changed most economically to increase its reliability? C. What are the individual risks that seem to be the most important in determining the overall project risk? D.4.1 Techniques for Perform Quantitative Risk Analysis D.4.1.1 Decision Tree Analysis  Decision tree analysis is: usually performed using specialized, but widely available software.  The software allows the user to specify the structure of the decision with decision nodes, chance nodes, costs, benefits, and probabilities. D.4.1.2 Expected Monetary Value 1. Expected Monetary Value (EMV) is: a simple calculation of a value such as weighted average or expected cost or benefit when the outcomes are uncertain. 2. The EMV calculation is made for the entire event by weighting the individual possible outcomes by their probabilities of occurring, D.4.1.3 Monte Carlo Simulation 1. Monte Carlo simulation is a detailed, computer-intensive simulation approach to determining the value and probability of possible outcomes of a project objective such as a project schedule (e.g., the completion date) or cost estimate (e.g., the total cost). 2. random from ranges specified with probability distribution functions for schedule activity durations or cost line items.
  • 46. Amer Elbaz PMI-PMP&RMP Page # 16 11.4.3 Perform Quantitative Risk Analysis: Outputs 11.4.3.1 Project Documents Updates Project documents are updated include: • Probabilistic analysis of the project.  Estimates are made of potential project schedule and cost outcomes listing the possible completion dates and costs with their associated confidence levels.  it is used with stakeholder risk tolerances to permit quantification of the cost and time contingency reserves.  The contingency reserves are needed to bring the risk of overrunning stated project objectives to a level acceptable to the organization. • Probability of achieving cost and time objectives.  the probability of achieving project objectives under the current plan can be estimated using quantitative risk analysis results. • Prioritized list of quantified risks.  These include the risks that may have the greatest effect on cost contingency and most likely to influence the critical path. • Trends in quantitative risk analysis results.  As the analysis is repeated, a trend may become apparent that leads to conclusions affecting risk responses. 7.2 Critical Success Factors for the Perform Quantitative Risk Analysis Process  Success in achieving the objectives of quantitative risk analysis depends explicitly on at least the factors described in 7.2.1 Prior Risk Identification and Qualitative Risk Analysis 1. The Perform Quantitative Risk Analysis process occurs after the Identify Risks and Perform Qualitative Risk Analysis processes have been completed. 2. Reference to a prioritized list of identified risks ensures that the Perform Quantitative Risk Analysis process will consider all significant risks when analyzing their effects quantitatively. 7.2.2 Appropriate Project Model 1. A n appropriate model of the project should be used as the basis for quantitative risk analysis. 2. Project models most frequently used in quantitative risk analysis include the project schedule (for time), line-item cost estimates (for cost), decision tree (for decisions in the face of uncertainty) and other total-project models. 3. Quantitative risk analysis is especially sensitive to the completeness and correctness of the model of the project that is used. 7.2.3 Commitment to Collecting High-Quality Risk Data 1. Often high-quality data about risks are not available in any historic database and should be gathered by interviews, workshops, and other means using expert judgment of those present. 2. Collection of risk data requires resources and time as well as management support.
  • 47. Amer Elbaz PMI-PMP&RMP Page # 17 7.2.4 Unbiased Data 1. Success in gathering risk analysis data requires the ability to recognize when biases occur and combating that bias or developing other unbiased sources of the data. 2. Bias in risk data can occur for many reasons, but two common sources of bias are cognitive bias and motivational bias. 7.2.5 Overall Project Risk Derived from Individual Risks 1. The Perform Quantitative Risk Analysis process is based upon a methodology that correctly derives the overall project risk from the individual risks. 2. In risk analysis of cost and schedule, for example, an appropriate method is Monte Carlo simulation. 3. A decision tree is an appropriate method for making decisions when future events are not certain, using the probability and impact of all risks, and combining their effect to derive an overall project measure such as value or cost. 4. In each of these methods, the risks are specified at the level of the detailed tasks or line- item costs and incorporated into the model of the project to calculate effects on objectives such as schedule or cost for the entire project, by combining those risks. 7.2.6 Interrelationships Between Risks in Quantitative Risk Analysis 1. Attention should be given to the possibility that the individual risks in the project model are related to each other. 2. For example, several risks may have a common root cause and therefore are likely to occur together. 3. Another common way to represent the risks which occur together is by using the risk register listing of the risk or root cause and attaching it to several project elements such as schedule activities or cost elements. 7.4 Documenting the Results of the Perform Quantitative Risk Analysis Process …. Important 1. The contingency reserves calculated in quantitative project cost and schedule risk analysis are incorporated, respectively, into the cost estimate and the schedule to establish a prudent target and a realistic expectation for the project. 2. Contingency reserves may also be established to provide for the capture of opportunities that are judged to be priorities for the project. 3. If the contingency reserve required exceeds the time or resources available, changes in the project scope and plan may result. 4. The results of a quantitative risk analysis are recorded and passed on to the person and/or group responsible for project management within the organization for any further actions required to make full use of these results.
  • 48. Amer Elbaz PMI-PMP&RMP Page # 18 11.5 Plan Risk Responses  Plan Risk Responses is  the process of developing options and actions to enhance opportunities and to reduce threats to project objectives.  The key benefit of this process is  it addresses the risks by their priority, inserting resources and activities into the budget, schedule and project management plan as needed.  The Plan Risk Responses process presents commonly used approaches to planning responses to the risks. Risks include threats and opportunities that can affect project success, and responses are discussed for each. 8.1 Purpose and Objectives of the Plan Risk Responses Process 1. The Plan Risk Responses process determines effective response actions that are appropriate to the priority of the individual risks and to the overall project risk. 2. It takes into account the stakeholders’ risk attitudes and any constraints and assumptions that were determined when the risks were identified and analyzed. 3. The objective of the Plan Risk Responses process is to determine the set of actions which most enhance the chances of project success while complying with applicable organizational and project constraints. 4. Contingent risk response actions need to be executed at the optimum time. For this reason, the response specification for each such risk should include a description of any corresponding trigger conditions. 5. Every risk should have been allocated to a risk owner as part of the Identify Risks process, and each of the corresponding risk responses should now be assigned to a specific risk action owner. 6. The risk owner is responsible for ensuring that the risk response is effective and for planning additional risk responses if required, 7. the risk action owner is responsible for ensuring that the agreed-upon risk responses are carried out as planned, in a timely manner. 8. Responses, when implemented, can have potential effects on the project objectives and, as such, can generate additional risks as secondary risks 9. The secondary risks have to be analyzed and planned for in the same way as those risks which were initially identified. 10. the residual risks that will remain after the responses have been implemented. 11. The residual risks should be clearly identified, analyzed, documented, and communicated to all relevant stakeholders. 12. All the approved, unconditional actions arising from risk response planning should be integrated into the project management plan in order to ensure that they are carried out as part of normal project implementation. 13. The corresponding organizational and project management rules should also be invoked, including the following:  Project change management and configuration control;  Project planning, budgeting, and scheduling;  Resource management; and  Project communication planning.
  • 49. Amer Elbaz PMI-PMP&RMP Page # 19 Figure 11-18. Plan Risk Responses: Inputs, Tools & Techniques, and Outputs 11.5.1 Plan Risk Responses: Inputs 11.5.1.1 Risk Management Plan 11.5.1.2 Risk Register 11.5.2 Plan Risk Responses: Tools and Techniques 1. Specific actions are developed to implement that strategy, including primary and backup strategies, as necessary. 2. A fall back plan can be developed for implementation if the selected strategy turns out not to be fully effective or if an accepted risk occurs. 3. Secondary risks should also be reviewed. 4. Secondary risks are risks that arise as a direct result of implementing a risk response. 5. A contingency reserve is often allocated for time or cost. If developed, 11.5.2.1 Strategies for Negative Risks or Threats • Avoid. Risk avoidance is : 1. a risk response strategy whereby the project team acts to eliminate the threat or protect the project from its impact. 2. It usually involves changing the project management plan to eliminate the threat entirely. 3. Examples of this include extending the schedule, changing the strategy, or reducing scope. 4. The most radical avoidance strategy is to shut down the project entirely. 5. Some risks that arise early in the project can be avoided by clarifying requirements, obtaining information, improving communication, or acquiring expertise. • Transfer. Risk transference is: 1. risk response strategy whereby the project team shifts the impact of a threat to a third party, together with ownership of the response. 2. Transferring liability for risk is most effective in dealing with financial risk exposure. 3. Transference tools can be quite diverse and include : insurance, performance bonds, warranties, guarantees, etc. Contracts or agreements may be used to transfer liability for specified risks to another party 4. cost-plus contract may transfer the cost risk to the buyer, while a fixed-price contract may transfer risk to the seller. • Mitigate. Risk mitigation is: 1. a risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk. Strategies for negative risks or threats Strategies for positive updates updates
  • 50. Amer Elbaz PMI-PMP&RMP Page # 20 2. It implies a reduction in the probability and/or impact of an adverse risk to be within acceptable threshold limits. 3. Taking early action to reduce the probability and/or impact of a risk occurring on the project is often more effective than trying to repair the damage after the risk has occurred. 4. Examples of mitigation actions are: Adopting less complex processes, conducting more tests, or choosing a more stable supplier or prototype development to reduce the risk of scaling up from a bench-scale model of a process or product and the designing redundancy into a system • Accept. Risk acceptance is 1. a risk response strategy whereby the project team decides to acknowledge the risk and not take any action unless the risk occurs. 2. This strategy is adopted where it is not possible or cost-effective to address a specific risk in any other way. 3. This strategy indicates that the project team has decided not to change the project management plan to deal with a risk, or is unable to identify any other suitable response strategy. 4. This strategy can be either passive or active.  Passive acceptance requires no action except to document the strategy, leaving the project team to deal with the risks as they occur, and to periodically review the threat to ensure that it does not change significantly.  The most common active acceptance strategy is to establish a contingency reserve, including amounts of time, money, or resources to handle the risks. 11.5.2.2 Strategies for Positive Risks or Opportunities Exploit. The exploit strategy may be selected for : 1. the organization wishes to ensure that the opportunity is realized. 2. This strategy seeks to eliminate the uncertainty associated with a particular upside risk by ensuring the opportunity definitely happens. 3. Examples of directly exploiting responses include assigning an organization’s most talented resources to the project to reduce the time to completion or using new technologies or technology upgrades to reduce cost and duration required to realize project objectives. • Enhance. The enhance strategy 1. It is used to increase the probability and/or the positive impacts of an opportunity. 2. Identifying and maximizing key drivers of these positive-impact risks may increase the probability of their occurrence. 3. Examples of enhancing opportunities include adding more resources to an activity to finish early. • Share. Sharing a positive risk 1. allocating some or all of the ownership of the opportunity to a third party who is best able to capture the opportunity for the benefit of the project. 2. Examples of sharing actions include forming risk-sharing partnerships, teams, special-purpose companies, or joint ventures, which can be established with the express purpose of taking advantage of the opportunity • Accept. Accepting an opportunity  It is being willing to take advantage of the opportunity if it arises, but not actively pursuing it.
  • 51. Amer Elbaz PMI-PMP&RMP Page # 21 11.5.2.3 Contingent Response Strategies: 1. Some responses are designed for use only if certain events occur. 2. missing intermediate milestones or gaining higher priority with a supplier, should be defined and tracked. 3. Risk responses identified using this technique are often called contingency plans or fall back plans and include identified triggering events that set the plans in effect. 11.5.2.4 Expert Judgment:  Expert judgment is Expertise may be provided by any group or person with specialized education, knowledge, skill, experience, or training in establishing risk responses. 8.3 Risk Response Strategies  The project manager should develop risk response strategies for individual risks, sets of risks, and project level risks. 8.3.1 Avoid a Threat or Exploit an Opportunity This strategy involves taking the actions required to : 1. ensure either that the threat cannot occur or can have no effect on the project, 2. the opportunity will occur and the project will be able to take advantage of it. 8.3.2 Transfer a Threat or Share an Opportunity  This strategy entails transference to a third party that is better positioned to address a particular threat or opportunity. 8.3.3 Mitigate a Threat or Enhance an Opportunity Mitigation and enhancement are used response strategies. 1. to decrease the probability and/or the impact of a threat 2. To increase the probability and/or the impact of an opportunity. 8.3.4 Accept a Threat or an Opportunity 1. This strategy applies when the other strategies are not considered applicable or feasible. 2. Acceptance entails taking no action unless the risk actually occurs, in which case contingency or fall-back plans may be developed ahead of time, to be implemented if the risk presents itself. 8.3.5 Applying Risk Response Strategies to Overall Project Risk the four risk response strategies can be applied to address overall project risk as follows: 1. Cancel the project, as a last resort, if the overall level of risk remains unacceptable. 2. Set up a business structure in which the customer and the supplier share the risk. 3. Re-plan the project or change the scope and boundaries of the project, for example, by modifying the project priority, resource allocations, delivery calendar, etc. 4. Pursue the project despite a risk exposure that exceeds the desired level. 8.4 Tools and Techniques for the Plan Risk Responses Process There are four categories of tools and techniques, as follows: a. Creativity tools to identify potential responses, b. Decision-support tools for determining the optimal potential response. c. Strategy implementation techniques designed to turn a strategy into action, and d. Tools to transfer control to the Monitor and Control Risks process. These categories of tools can be used respectively 1. to identify potential responses, 2. select the most appropriate response, 3. translate strategy into planning,