Wollega University

MA in Project Management Program

Decision Theory and Project Risk

Management [MAPM 6073]
Instructor: Geda J. (MBA in Mgt, PhD Candidate)
Phone: 09-13-34-59-97
E-mail: gedaj81@gmail.com
6 Monitoring and Controlling
Risks

2
 After completing this lesson, you should be able to

1. Discuss what is monitor risks

2. Know the Critical Success Factors for Monitoring Risks
3. Understand how to utilize the tools and techniques of the Monitor
Risks process
4. Explain how to monitor and control risk, and use lessons learned to
refine risk policies and practices

3
 The PMBOK 6th Edition changed the process name of "Control Risks" to
"Monitor Risks."
 "Monitor Risks is the process of monitoring the implementation of agreed-
upon risk response plans, tracking identified risks, identifying and analyzing
new risks, and evaluating risk process effectiveness throughout the project.“
 Risk monitoring and control records risk metrics that are associated with
implementing contingency plans.
− The key benefit of this process is that it enables project decisions to be
based on current information about overall project risk exposure and
individual project risks.
 Monitoring and controlling risks is an ongoing concern that span throughout
the entire life of the project and is carried out during the day-to-day work.
4
 In order to ensure that the project team and key stakeholders are aware of the
current level of risk exposure, project work should be continuously monitored for
new, changing, and outdated individual project risks and for changes in the level
of overall project risk by applying the Monitor Risks process.
 The Monitor Risks process uses performance information generated during
project execution to determine if:
− Implemented risk responses are effective,
− Level of overall project risk has changed,
− Status of identified individual project risks has changed,
− New individual project risks have arisen,
− Risk management approach is still appropriate,
− Project assumptions are still valid,
− Risk management policies and procedures are being followed,
− Contingency reserves for cost or schedule require modification, and
− Project strategy is still valid.
5
 Risk control may involve choosing alternative strategies, implementing a
contingency plan, taking corrective action, or re-planning the project.
 The risk response owner should report periodically to the project manager
and the risk team leader on the effectiveness of the plan, any unanticipated
effects, and any midcourse correction needed to mitigate the risk.

6
 Integrate Risk Monitoring and Control with Project Monitoring and Control
− Early in the planning, the actions required to monitor and
control project risk should be included in the project
management plan.
− Then adjusted in view of the risk response planning
decisions, for example, the actions associated with
monitoring specific conditions or metrics.
− Once risk response planning has been carried out, the project
schedule should include all of the agreed-upon actions.
− So that they can be carried out as a normal part of project
execution and tracked accordingly.
7
 Continuously Monitor Risk Trigger Conditions
− Checking for specifically defined risks that may trigger conditional responses is
the responsibility of the risk action owner, in close collaboration with the risk
owner under the overall authority of the project manager.
 Maintain Risk Awareness
− Risk management reports should be regular item on every status meeting
agenda to ensure that all team members remain aware of the importance of risk
management and to ensure that it is fully integrated into all of the project
management decisions.
− The senior-level sponsor should require regular reports on the risks and the
planned responses to ensure that stakeholders are aware of the importance of
keeping a focus on risk.
− Sponsor feedback motivates project team by demonstrating senior-level interest
in Project Risk Management.
− This should be supported by a well-executed communications 8
 Text Here Text Here

Easy to change colors. Easy to change colors.

Inputs Tools & Techn. Outputs

1. Project management plan 1. Work performance information
1. Data Analysis
• Risk management plan 2. Change requests
• Technical performance
2. Project documents 3. Project Mgt plan updates
analysis
• Issue log 4. Project documents updates
• Reserve analysis
• Lessons learned register • Assumption & Issue log
2. Audits
• Risk register • Lesson learned register
3. Meetings
• Risk report • Risk register
3. Work performance data • Risk report
4. Work performance reports 5. Organizational process assets
updates

9
 Project Management Plan
 Project management plan components include but are not limited to the
risk management plan.
− This will give guidance on how often risks should be reviewed, which
policies and procedures for the organization should be followed, when
doing the review, the roles and responsibilities of the people doing the
monitoring process, formats for reporting the results of the process.
 Project Documents
 Project documents that should be considered as inputs for this process include
but are not limited to the following:
− Issue log, Lessons learned register, Risk register and Risk report.

10
 Project Documents
Issue Log
The issue log is used to see if 01 02
02
any of the open issues have
been updated and necessitate
an update to the risk register.
Lesson Learned Register
Lessons related to risk that were recorded earlier
in the project will be reviewed to see if they
apply to later phases in the project.
Risk Register
The key inputs will include:
identified individual project risks,
risk owners, agreed-upon risk
responses, specific risk response
03 04 implementation actions, control
actions for assessing the
effectiveness of the risk response
plans, symptoms and warning
signs of risk, residual and
secondary risks, watch-list of low-
priority risks
Risk Report
Assessment of the current overall project risk
exposure as well as the agreed-upon risk response
strategy, as well as the major individual risks with
planned responses and risk owners.
11
 Work Performance Data
 The status of the work that contains data related to risk such as:
− risk responses that have been implemented
− risks that have occurred
− risks that are active
− risks that have been closed out (because the risks associated with
certain project activities did not occur).
 Work Performance Reports
 These reports analyze the work performance data just mentioned to create
status reports and forecasts methods such as:
− Earned value data
− Variance analysis: high variance indicates increased uncertainty & risk
− Forecasting data
12
 Data Analysis
 Data analysis techniques that can be used for this process include but are not
limited to:
 Technical performance analysis–technical performance measures such as
weight of the item being produced, transaction times, number of delivered
defects, storage capacity, etc. can be analyzed to see if there is deviation,
which can indicate the possible existence of underlying risk.
 Reserve analysis–compares the amount of contingency reserves remaining
to the amount of risk remaining at any time in the project in order to
determine if the remaining reserve is adequate. So this is monitoring risk
not directly, but indirectly through the contingency reserves which are
used to pay for risk responses.
13
 Audits
 Risk audits are a type of audit that may be used to consider the
effectiveness of the risk management process.
− The team also examines the processes to identify, evaluate, respond
to, and control risks.
 The project manager is responsible for ensuring that risk audits are performed
at an appropriate frequency, as defined in the project’s risk management plan.
 Risk audits are usually performed by experts outside project team for the whole
risk management process.
 Risk audits may be included during routine project review meetings or may
form part of a risk review meeting, or the team may choose to hold separate
risk audit meetings.
− The format for the risk audit and its objectives should be clearly
defined before the audit is conducted.
14
 Meetings
 Meetings that can be used during this process include but are not limited to:
 Risk reviews are should be regularly scheduled regularly.
 Project risk should be an agenda topic at all team meetings.
− The process of periodically reviewing the risk management plan
and risk register and adjust the documentation as required is
termed as risk reassessment.
 Risk reviews may result in identification of new individual project risks,
(including secondary risks that arise from agreed-upon risk responses),
reassessment of current risks, the closing of risks that are outdated, issues that
have arisen as the result of risks that have occurred, and identification of
lessons to be learned for implementation in ongoing phases in the current
project or in similar projects in the future.
15
 Work Performance Information
 Work Performance Information
as an output of Monitor Risks,
provides a mechanism to
communicate and support decision
making within the project.
 The risk register is reviewed and any changes to the previously agreed-upon
risk responses for individual project risks are noted.
− These changes are reviewed to indicate the effectiveness of the
response planning and response implementation processes.
 Any changes in either the planning or the implementation should be made
through a change request.
16
 Change Requests
 The Monitor Risks process may result in a change request to the
cost and schedule baselines or other components of the project
management plan.
− These requests are sent to the Perform Integrated Change Control process
(Section 4.6) in order to make the decision to accept or reject them.
 If rejected, they go into the change log with the reasons for the rejection. If they
are accepted, then the changes are made to the project management plan.
 Change requests can include:
− Recommended corrective actions may be required to support contingency
plans/workarounds for known/unknown risks.
− Recommended preventive actions are taken to reduce the probability of
negative consequences of project risks.
17
 Project Management Plan Updates
 Any change to the project management plan goes through the organization’s
change control process via a change request.
 If the change requests mentioned in the last slide are accepted, the project
management plan is updated accordingly.
− Especially if the changed risk responses require changes to the cost and/or
schedule baseline (to account for the additional cost and/or time required
to implement the new or changed responses).
 The changed risk responses themselves will be recorded in the risk register (see
next slide on Project Document Updates)

18
 Project Document Updates
 Project documents that may be updated as a result of carrying
out this process include but are not limited to: risk register,
assumption log, issue log, lesson learned register,, and risk report.
 Risk register–the following are changes that might be made as a result of the
Monitor Risks process:
− Adding new risks that were not picked up during
the original risk assessment
− Updating outdated risks
− Updating risks that were realized
− Updating risk response

19
 Assumption log
− During the Monitor Risks process, new assumptions may be made, new
constraints may be identified, and existing assumptions or constraints
may be revisited and changed.
− The assumption log is updated with this new information.
 Issue log
− Issues uncovered in the process of monitoring risks, usually related not
to the contents of the risks themselves but in the handling of those
risks, are recorded in the issue log.
 Lessons learned register
− The lessons learned register is updated with any risk-related lessons
learned during risk reviews so these can be used on later phases of the
project or in future projects.

20
 Risk Report
 Another important part of the Monitor Risk process is letting the shareholders
know what is going on with respect to risk.
 This is done through the risk report, which is updated with the following based on
the results of this process:
− Current status of major individual project risks, including details of the top individual
project risks, the agreed-upon risk responses and risk owners for those risks
− Current level of overall project risks
− Conclusions and recommendations for changes to the risk responses themselves
− Conclusions from risk audits on the effectiveness of the risk management process

21
 Organizational Process Assets Updates
 The Risk Management process produces information that may be useful in future
projects. Organizational process assets that are updated as a result of the Monitor
Risks process include but are not limited to:
− Templates for the risk management plan
− Templates for the Probability and Impact Matrix
− Templates for the Risk Register
− Risk Breakdown Structure (shows the source of risk on the project by category)
and
− Lessons Learned from the project’s risk management activities.

22
 UPDATE RISK REGISTER
Identify Risks Perform Risk Analysis Plan Risk Responses Monitor Risks
Potential Defined Qualitative Risk
# Category Risk Date Impact Prob Score Notes Owner Status Date Notes
Result By Impact Strategy
With
Unable to Project on
Moderate Avoid, Approved Tech
IT Resource meet 15- PM schedule, 31 -
1 Tech Bontu 0.4 0.6 0.24 impact to extend Sponsor Tasks
Availability project June Jemal Risk Oct
schedule schedule Chg Rqst Cmplt
schedule Closed

Fixed
Inability to Contract
Project Moderate Price Cont Contract
complete 22- Transfer risk PM Completd 16 -
2 Contracts contract Wendu 0.3 0.9 0.27 impact to Limits complete
project June with contract Jemal , Risk Aug
negotiate goals Addtl d
goals Closed
Risk

With Project
Project Significant Accept, use
Scope 30- Approved PM No 25 - within
3 Cost Budget Jemal 0.8 0.7 0.56 impact to Contingency
Creep June Sponsor Jemal Change Nov revised
Overrun cost Reserve
Chg Rqst budget

Note: Register Updates in Amber

23
24