Professional Documents
Culture Documents
01 Project Risk Management PDF
01 Project Risk Management PDF
Perform Perform
Plan Risk Identify Qualitative Quantitative Plan Risk Control
Management Risks Risk Risk Responses Risks
Analysis Analysis
Deciding how to Determining Prioritizing risks Numerically Developing Implementing risk
approach, plan, which risks might for subsequent analyzing the options and response plans,
and execute the affect the project further analysis effect on overall actions to tracking identified
risk management and documenting or action by project enhance risks, monitoring
activities for a their assessing and objectives of opportunities, residual risks,
project (Risk characteristics combining their identified risks and to reduce identifying new
management (Risk probability of (Risk Register threats to risks, and
Plan). Who? Register). At occurrence and Update), project evaluating risk
When? What? least 300 risk impact (Risk Watchlist. objectives. process
How? How much? should be Register effectiveness
P, I, PI matrix, identified. Update), throughout the
RBS. Risk Ranking, project.
tolerance. Watchlist.
Opportunity Threat
A project risk that has a positive A project risk that has a negative
effect is referred to as an effect is referred to as a threat.
opportunity. A project manager will proactively
A project manager will proactively manage threats to the project and
manage opportunities to the project look for ways to reduce the
and look for ways to exploit, probability or impact of the threat
enhance, or share the opportunity. (Mitigate) or eliminate the threat
all together (avoid) or transfer to
another party.
That have been identified and Unknown risks cannot be A negative project risk
analyzed, making it possible to managed proactively and that has occurred is
plan responses for those risks. therefore may be assigned considered an issue.
Risk Attitude
Organizations perceive risk as the effect of uncertainty on projects and organizational objectives.
Organizations and stakeholders are willing to accept varying degrees of risk depending on their risk
attitude.
The risk attitudes of both the organization and the stakeholders may be influenced by a number
of factors, which are broadly classified into three themes:
1. Risk appetite
2. Risk tolerance
3. Risk threshold
Tolerances are the areas of risk that are acceptable or unacceptable OR which is the degree,
For example, "a risk that affects our reputation will not be tolerated”.
Tolerance areas can include any project constraints (such as scope, time, cost, quality, etc.), as
well as reputation and other intangibles that may affect the customer.
Three common classifications used for describing risk tolerance or risk profile are the risk averse
“The process of defining how to conduct risk management activities for a project”
All approved subsidiary management plans and baselines should be taken into
consideration in order to make the risk management plan consistent with them.
2. Project charter
The project charter can provide various inputs such as high-level risks, high-level
3. Stakeholder register
The stakeholder register, which contains all details related to the project’s
Risk attitudes, thresholds, and tolerances that describe the degree of risk that
Risk categories,
Standard templates,
Lessons learned.
PROJECT RISK MANAGEMENT February 2016
TOOLS AND TECHNIQUES
1. Analytical Techniques
Analytical techniques are used to understand and define the overall risk management
strategic risk exposure of a given project based on the overall project context.
Senior management,
Project stakeholders,
Project managers who have worked on projects in the same area (directly or
through lessons learned),
Project teams hold planning meetings to develop the risk management plan.
Attendees at these meetings may include the project manager, selected project
team members and stakeholders, anyone in the organization with responsibility to
manage the risk planning and execution activities, and others, as needed.
High-level plans for conducting the risk management activities are defined in these
meetings.
Risk management cost elements and schedule activities will be developed for
inclusion in the project budget and schedule, respectively.
General organizational templates for risk categories and definitions of terms such as
levels of risk, probability by type of risk, impact by type of objectives, and the
If templates for other steps in the process do not exist they may be generated in
these meetings.
plan.
A risk breakdown structure (RBS) helps the project team to look at many sources from which
project risk may arise in a risk identification exercise.
Project Duration: 36 M
Project Budget: 175 M$
3 5
1 2 4
Who What When How How much ($)
Hisham Identify 4W Brain Storming, Delphi 4000
Ahmed Qualitative 6W Risk Ranking 6000
Aly Response plan 2W Strategies 2000
The key benefit of this process is the documentation of existing risks and the knowledge and
ability it provides to the project team to anticipate events.
The cost management plan provides processes and controls that can be used to help
identify risks across the project.
The quality management plan provides a baseline of quality measures and metrics
for use in identifying risks.
PROJECT RISK MANAGEMENT February 2016
INPUTS
5. Human Resource Management Plan
The human resource management plan provides guidance on how project human
resources should be defined, staffed, managed, and eventually released.
It can also contain roles and responsibilities, project organization charts, and the
staffing management plan, which form a key input to identify risk process.
6. Scope baseline
The time allowances for the activities or project as a whole, again with the width of
the range of such estimates indicating the relative degree(s) of risk .
9. Stakeholder register
Information about the stakeholders will be useful in soliciting inputs for identifying
risks as this will ensure that key stakeholders, especially the customer, are
interviewed or otherwise participate during the “Identify Risks” process
10. Project documents
Assumptions log,
Work performance reports,
Earned value reports,
Network diagrams,
Baselines, and
Other project information proven to be valuable in identifying risks.
PROJECT RISK MANAGEMENT February 2016
INPUTS
11. Procurement Documents
If the project requires external procurement of resources, procurement documents
become a key input to the Identify Risks process.
The complexity and the level of detail of the procurement documents should be
consistent with the value of, and risks associated with, planned procurement.
12. Enterprise Environmental Factors
Published information, including commercial databases,
Academic studies,
Published checklists,
Benchmarking,
Industry studies, and
Risk attitudes.
13. Organizational Process Assets.
Project files, including actual data,
Organizational and project process controls,
Risk statement templates, and
Lessons learned.
PROJECT RISK MANAGEMENT February 2016
TOOLS AND TECHNIQUES
1. Documentation reviews
The quality of the plans, as well as consistency between those plans and the project
Affinity Diagram
This technique allows large numbers of ideas to be sorted into
groups for review and analysis.
It is a way to reach a consensus of experts on a subject.
It helps to expose crucial relationships and patterns in data
that may not be initially apparent.
The Delphi technique helps reduce bias in the data and keeps any one person
from having undue influence on the outcome
PROJECT RISK MANAGEMENT February 2016
TOOLS AND TECHNIQUES
Interviewing:
most effective.
3. Checklist Analysis
and knowledge that has been accumulated from previous similar projects and from
The lowest level of the RBS can also be used as a risk checklist.
future projects.
4. Assumptions Analysis
Analyzing and exploring the validity of the assumptions can help identify risks due to
5. Diagramming Techniques
Risk diagramming methods can be used to help in risk identification and risk trigger
These are also known as Ishikawa or fishbone diagrams and are useful for
Hypotheses: “an idea or explanation for something that is based on known facts but has not yet been proved”,
These show how various elements of a system interrelate and the mechanism of
causation.
Influence diagrams:
outcomes.
7. Expert judgment
Risks can be identified directly by experts with relevant experience of similar projects
or business areas.
Such experts should be identified by the project manager and invited to consider all
aspects of the project and suggest possible risks based on their previous experience
The outputs from risk identification are typically contained as initial entries into a
A template of the risk register can be downloaded from the Project Management
On-Line Guide.
Date Identified & Project Phase: When a risk was identified and what project
Dormant: Something that is dormant is not active or growing but has the ability to be active at a later time:
Risk Event: What the risk event is to the project with detailed description using
sensitive)
Risk Trigger: warning signs that indicate the risk is likely to occur or imminent
Once the risk has been identified, the project team can conduct further analysis
“The process of prioritizing risks for further analysis or action by assessing and
combining their probability of occurrence and impact”
Tools and
Inputs Outputs
Techniques
1. Risk management plan 1. Risk probability and impact 1. Project documents updates
2. Scope baseline assessment
3. Risk register 2. Probability and impact
4. Enterprise environmental matrix
factors 3. Risk data quality assessment
5. Organizational process 4. Risk categorization
assets 5. Risk urgency assessment
6. Expert judgment
The key benefit of this process is that it enables project managers to reduce the level of uncertainty
and to focus on high-priority risks
PROJECT RISK MANAGEMENT February 2016
INPUTS
Key elements used; roles and responsibilities for conducting risk management,
probability and impact, the probability and impact matrix, and revised stakeholders’ risk
tolerances.
2. Scope Baseline
3. Risk Register
The risk register contains the information that will be used to assess and prioritize
risks.
The organizational process assets that can influence the Perform Qualitative Risk
It is important that all those who are evaluating the risks use a standard
interpretation for risk assessment of probability and impact, in order to achieve
consistent evaluation of risk across multiple projects.
If risk scales are NOT already standardized in your organization, you must decided
which scales to use to determine probability and impact qualitatively.
PROJECT RISK MANAGEMENT February 2016
TOOLS AND TECHNIQUES
2. Probability and Impact Matrix (PIM)
Risks can be prioritized for further quantitative analysis and response, based on their
risk rating/ranking.
Rankings are assigned to risks based on their assessed probability and impact
ratings
Risk score helps put the risk into a category that will guide risk response actions.
Evaluation of each risk’s importance and, hence, priority for attention is typically
conducted using a look-up table or a probability and impact matrix.
P-I matrix can be based on ordinal (very low, low, medium, high, and very high ) or
cardinal (.1/ .3/ .5/ .7/ .9 or 1/ 2/ 3/ 4/ 5) scales.
Risk score helps put the risk into a category that will guide risk response actions.
For consistency with other risk assessment terms, a 1-5 scale for probability is used.
Analysis of the quality of risk data is a technique to evaluate the degree to which the
It involves examining the degree to which the risk is understood and the accuracy,
The use of low-quality risk data may lead to a qualitative risk analysis of little use to
the project.
Often, collection of information about risks is difficult, and consumes time and resources
Sometimes it is difficult for people who are evaluating risks to be objective due to
BIAS.
Having a description for 1 to 10 for example in the matrix will help eliminate some of
theses biases.
Tools and
Inputs Outputs
Techniques
1. Risk management plan 1. Data gathering and 1. Project documents updates
2. Cost management plan representation techniques
3. Schedule management plan 2. Quantitative risk analysis
4. Risk register and modeling techniques
5. Enterprise environmental 3. Expert judgment
factors
6. Organizational process
assets
The key benefit of this process is that it produces quantitative risk information to support
decision making in order to reduce project uncertainty.
PROJECT RISK MANAGEMENT February 2016
INPUTS
1. Risk Management Plan
Provides guidelines, methods, and tools to be used in quantitative risk analysis.
2. Cost Management Plan
Provides guidelines on establishing and managing risk reserves.
3. Schedule Management Plan
Provides guidelines on establishing and managing risk reserves.
4. Risk Register
Used as a reference point for performing quantitative risk analysis.
5. Enterprise Environmental Factors
Industry studies of similar projects by risk specialists, and
Risk databases that may be available from industry or proprietary sources.
6. Organizational Process Assets
Information on prior, similar completed projects.
Interviewing:
Draw on experience and historical data to quantify the probability and impact of
risks on project objectives.
The information needed depends upon the type of probability distributions that
will be used.
Documenting the rationale of the risk ranges and the assumptions behind them
are important components of the risk interview because they can provide insight
on the reliability and credibility of the analysis.
Probability = 0-1
Probability distributions:
Probability distribution are used to plot range of cost and schedule associated with
a risk.
This data can also be built from the three-point technique you use while
interviewing people, and try to get a range of cost and schedule that is possible if
a risk is materialized.
PROJECT RISK MANAGEMENT February 2016
TOOLS AND TECHNIQUES
Once this data is collected you can draw one of the shape distribution graphs.
Commonly used ones are beta distribution that uses two value parameters
(alpha and beta), and triangular distribution which uses three parameters
(most-likely, best-case, worst-case).
Cost and time values are represented on x-axis and probability values on y-axis.
Includes the probabilities of a full range of possible Includes the probabilities of a fixed number
outcomes. of outcomes (based on a whole number).
Typically used for cost, time and quality metrics. Used to show uncertain events where the
Show uncertainty in values. probability of occurrence can be calculated.
Values are infinitely divisible (time, mass, distance). May NOT have a probability of ZERO.
May have a probability of ZERO. Used to represent possible scenarios in a
Frequently use for modeling and simulation. decision tree, result of a prototype, and
Usually represented as a curve. result of tests.
There are five different types of Continuous For example, represented in a bar chart e.g.
Distribution: assessing the probability of a task - like the
1. Normal Distribution (standard deviations) installation of plumbing - taking from four to
2. Uniform Distribution (values equally probable, nine days to complete.
scenarios where no obvious)
3. Beta Distribution
4. Triangular Distribution (three-point estimates)
5. Lognormal distribution (standard deviations,
random values)
Expected monetary value (EMV) analysis is a statistical concept that calculates the
average outcome when the future includes scenarios that may or may not
happen.
0.10
• Transform these numbers 0.6 0.15 2/17 0.65 3/4
0.08 0.5 0.20 2/18 0.70 3/7
into useful information that 0.4 0.25 2/22 0.75 3/9
0.06
0.3 0.30 2/23 0.80 3/11
reflects quantification of 0.04 0.35 2/24 0.85 3/14
0.2
0.02
0.40 2/25 0.90 3/17
the potential risks of a real- 0.1 0.45 2/28 0.95 3/21
0.50 3/1 1.00 4/5
world situation. 1/31 3/1 4/5
Completion Date
3. Expert Judgment
This is used to analyze and prepare input data to be used for the tools that does
modeling and simulation.
1. Sensitivity Analysis: Determines which risks have the most potential impact on
the project.
The risk register updates from Perform Quantitative Risk Analysis include:
• Risks with big buffers most likely influences the critical path.
Trends in quantitative risk analysis results: showing conclusions that make affect
risk response.
Tools and
Inputs Outputs
Techniques
1. Risk management plan 1. Strategies for negative risks 1. Project management plan
2. Risk register or threats updates
2. Strategies for positive risks 2. Project document updates
or opportunities
3. Contingent response
strategies
4. Expert judgment
The key benefit of this process is that it addresses the risks by their priority, inserting resources
and activities into the budget, schedule and project management plan as needed.
responsibilities, risk analysis definitions, timing for reviews (and for eliminating risks
from review) and risk thresholds for low, moderate, and high risks.
Risk thresholds help identify those risks for which specific responses are needed.
2. Risk Register
The risk register refers to identified risks, root causes of risks, lists of potential
responses, risk owners, symptoms and warning signs, the relative rating or priority
list of project risks, a list of risks requiring response in the near term, a list of risks
for additional analysis and response, trends in qualitative analysis results, and a
Transference or Deflect
Risk transference requires shifting the negative impact of a threat, along with
Transferring liability for a risk is most effective in dealing with financial risk
exposure.
Risk transference nearly always involves payment of a risk premium to the party
Taking early action to reduce the probability and/or impact of a risk event
occurring on a project is often more effective than trying to repair the damage
Acceptance is a risk response strategy used for both threats and opportunities.
Enhance
This strategy, similar to mitigation, increased the
probability and/or positive impacts of an opportunity.
Identifying and maximizing key drivers of these
positive-impact risks may increase the probability of
their occurrence.
Examples of enhancing opportunities include adding
more resources / crashing to an activity to finish early.
Accept
Accepting an opportunity is being willing to take advantage of the opportunity if
it arises, but not actively pursuing it.
This is the amount of funds or budget needed above the estimate to reduce the risk
of overruns of project objectives to a level acceptable to the organization (within/
below threshold limit).
4. Expert judgment
Schedule management plan: This may include changes in tolerance or behavior related to
resource loading and leveling, as well as updates to the schedule strategy.
Cost management plan: This may include changes in tolerance or behavior related to cost
accounting, tracking, and reports, as well as updates to the budget strategy and how
contingency reserves are consumed.
Quality management plan: This may include changes in tolerance or behavior related to
requirements, quality assurance, or quality control, as well as updates to the requirements
documentation.
Scope baseline: Because of new, modified or omitted work generated by the risk responses,
the scope baseline may be updated to reflect those changes.
Schedule baseline: Because of new work (or omitted work) generated by the risk responses,
the schedule baseline may be updated to reflect those changes.
Cost baseline: Because of new work (or omitted work) generated by the risk responses, the
cost baseline may be updated to reflect those changes.
Tools and
Inputs Outputs
Techniques
1. Project management plan 1. Risk reassessment 1. Work performance
2. Risk register 2. Risk audits information
3. Work performance data 3. Variance and trend analysis 2. Change requests
4. Work performance reports 4. Technical performance 3. Project management plan
measurement updates
5. Reserve analysis 4. Project document updates
6. Meetings 5. Organizational process
assets updates
The key benefit of this process is that it improves efficiency of the risk approach throughout the
project life cycle to continuously optimize risk responses
PROJECT RISK MANAGEMENT February 2016
INPUTS
1. Project Management Plan
The project management plan described contains the risk management plan which
include;
Risk tolerances
Protocols and the assignment of people (including the risk owners),
Time, and other resources to project risk management.
2. Risk Register
The risk register has key inputs that include
Identified risks
Risk owners
Agreed-upon risk responses
Specific implementation actions
Symptoms and warning signs of risk,
Residual and secondary risks
A watchlist of low-priority risks
The time and cost contingency reserves.
Deliverable status.
Schedule progress.
Costs incurred.
4. Performance Reports
Risk audits are evidence of how seriously risk should be taken on a project.
Earned value analysis and other methods of project variance and trend analysis may
be used for monitoring overall project performance.
PROJECT RISK MANAGEMENT February 2016
TOOLS AND TECHNIQUES
4. Technical performance measurement
Technical performance measurement compares technical accomplishments during
project execution to the project management plan’s schedule of technical
achievement.
Technical performance measures may include weight, transaction times, number of
delivered defects, storage capacity, etc.
Deviation, such as demonstrating more or less functionality than planned at a
milestone, can help to forecast the degree of success in achieving the project’s
scope.
5. Reserve analysis
Reserve analysis compares the amount of the contingency reserves remaining to
the amount of risk remaining at any time in the project, in order to determine if the
remaining reserve is adequate.
Throughout execution of the project, some risks may occur, with positive or negative
impacts on budget or schedule contingency reserves.
PROJECT RISK MANAGEMENT February 2016
TOOLS AND TECHNIQUES
6. Meetings
The amount of time required for that item will vary, depending upon the risks that
Frequent discussions about risk make it more likely that people will identify risks and
opportunities.
If the approved change requests have an effect on the risk management processes,
then the corresponding component documents of the project management plan are
revised and reissued to reflect the approved changes.
Actual outcomes of risk reassessments, risk audits, and periodic risk reviews.
Templates for the risk management plan, including the probability and impact
matrix, and risk register.
A. Risk event.
B. Risk probability.
C. Amount at stake.
D. Insurance premiums.
Q2: If a project has a 60 percent chance of a US $100,000 profit and a 40 percent chance of a
US $100,000 loss, the expected monetary value for the project is:
A. $100,000 profit.
B. $60,000 loss.
C. $20,000 profit.
D. $40,000 loss.
B. Project sponsor
D. Key stakeholders
B. Risk triggers
C. Contingency reserves
A. The project manager should have waited until the Perform Qualitative Risk Analysis