PhD, M.Sc, MBA, B.Sc, PMI-PMP, PBA.

SIX SIGMA, SMC, ACP

 11.1 Plan Risk Management

11.2 Identify Risks

11.3 Perform Qualitative Risk Analysis

11.4 Perform Quantitative Risk Analysis

11.5 Plan Risk Responses

11.6 Implement Risk Responses.

11.7 Monitor Risks.

Risk Seeker
 Risk Averter
Not likely to take a risk that is considered a high risk
TAILORING CONSIDERATIONS

• Project size.

• Project complexity

• Project importance

• Development approach.
 PLAN RISK MANAGEMENT

it ensures that the degree, type,

defining how to conduct risk
management activities for a
project
and visibility of risk management
are proportionate to
1- risks
2- the importance of the project
to the organization and other
stakeholders
11.1 PLAN RISK MANAGEMENT
Risk Management Plan
• Risk management plan describe how risk management will be structured and performed on
the project.
. Methodology (Defines the approaches, tools, and data sources)
• Roles & responsibilities (Defines the lead, support, and risk management team members)
• Budgeting (Assigns resources, estimates funds needed)
• Timing (when and how often the risk management process )
• Risk categories. (Provides a structure that ensures a comprehensive process of systematically identifying
risks ).
Risk Management Plan
- Definition of probability and impact
- Stakeholder tolerances

• Reporting formats how the outcomes of the risk management processes will be documented, analyzed, and
communicated.

• Tracking how risk activities will be recorded and how risk management processes will be audited.

• Probability and impact matrix (Risks are prioritized according to their potential implications for having an
effect on the project’s objectives.
 IDENTIFY RISKS

1-identifying individual project risks

the documentation of existing
as well as sources of overall project
individual project risks and the
risk
sources of overall project risk.
2-documenting their characteristics
11.2 IDENTIFY RISKS
• 3 Checklists.
Inputs
❑ Agreements
If the project requires external procurement of resources, the agreements may have
information such as milestone dates, contract type, acceptance criteria, and awards and
penalties that can present threats or opportunities.
 SWOT Analysis
• Examines project from all SWOT perspectives:
• Strength
• Weakness
• Opportunity
• Threats
-Delphi Technique
Reach consensus from EXPERTS.
PROMPT LISTS
• predetermined list of risk categories that might give rise risks

• can be used as idea generation when using risk identification

• The risk categories in the lowest level of the risk breakdown structure can
be used as a prompt list for individual project risks
 Risk Register

Include
List of identified risks.
-the list of identified risks,
-The root causes of those risks
-the fundamental conditions of risks

List of potential responses.

- Potential responses to a risk may sometimes be identified during the Identify Risks process.
RISK REPORT
❑Sources of overall project risk, indicating which are the most important drivers of
overall project risk exposure

❑Summary information on identified individual project risks, such as :-

1- number of identified threats and opportunities
2- distribution of risks across risk categories
3- metrics
4- trends
 PERFORM QUALITITATIVE RISK
ANALYSIS

prioritizing individual project risks

for further analysis or action by
assessing focuses efforts on high-priority risks
1-their probability of occurrence
2- impact
11.3 PERFORM QUALITATIVE RISK ANALYSIS
 Probability Impact Matrix
• Different matrices can be used for cost, time, scope
• It helps guide risk responses (priority action & response strategies)
Risk Data Quality Assessment

A qualitative risk analysis requires accurate data

. Analysis of the quality of risk data is a technique to
evaluate the degree to which the data about risks are
useful for risk management.
Risk Breakdown Structure (RBS)
• Showing risk categorization
• Help to ensure a comprehensive process of systematically
identifying risk to a consistent level of detail
Risk Register Updates

• Update/add additional information to previous output i.e. Risk Register, which include:

• Relative ranking/priority
• Risk grouped by categories
• List of risk requiring additional analysis in the near term
• List of risk for additional analysis and response
• Watch-list (non-critical or non-top risks)
• Trends
• Cause of risk requiring particular attention
 PERFORM QUANTITATIVE RISK
ANALYSIS

numerically analyzing the

combined effect of quantifies overall project risk
1- identified individual project risks exposure
2- other sources of uncertainty
11.4 PERFORM QUANTITATIVE RISK ANALYSIS
• Data Gathering and Representation Techniques

• • Interviewing. quantify the probability and impact of risks on project objectives. For instance,
information would be gathered on the optimistic (low), pessimistic (high), and most likely
scenarios for some commonly used distributions.
• Simulation
• A project simulation uses a model that translates the specified detailed
uncertainties of the project into their potential impact on project objectives.
Sensitivity Analysis
Decision Tree and EMV EMV = (Probability)  (Impact)
• EMV used with Decision Tree to choose between many
alternative which take into account the future events
• Example:
EMV
On time 90%
=10% x $4000+$900

Airline A =$400+$900=$1300
Fare $900
Late 4,000 $

On time 70%
=30% x $4000+$300
Airline B
=$1200+$300 =$1500
Fare
$300
Late 4,000 $
Expected monetary value
Risk Register Updates

• Update/add additional information to previous output i.e. Risk Register, which include:

❑Prioritize list of quantified risks

❑Amount of contingency time and cost reserve needed
❑Possible realistic and achievable completion dates, project cost, with confidence level
❑The quantified probability of meeting prosject objective
 PLAN RISK RESPONSES

1-developing options
identifies appropriate ways to
2- selecting strategies
address overall project risk and
3- agreeing on actions to address
individual project risks
overall project risk exposure
11.5 PLAN RISK RESPONSES
Strategies For Threats
Strategies for Threats

1- Escelate

• The Threat Responsibility Outside PM Authority

• Escalated To Program or Portfolio
• Example: Delaying of Supplying Spare Parts By Program
Manager.
Strategies for Threats

2- Avoid

• Eliminate the threat entirely

• Example: remove dangerous test or person or material from project
Strategies for Threats

• 3-Transfer (Deflect, Allocate)

• Shift some or all the negative impact of a threat to a third party

Example : insurance or outsource the work

Strategies for Threats

• 4-Mitigate

• Implies a reduction in the probability and/or impact of an adverse risk

event to be within acceptable threshold limits

• Example : provide training for team members, Wear a helmet head

Strategies for Threats

• 5- Accept

• Deal with the risks

• Project management plan is not changed

• Example : Increasing material prices contingency)

Strategies for Opportunities

• 1-Escelate

• The Opportunity Responsibility Outside PM Authority Escalated To

Program or Portfolio

• Example: Buy Machine For Program Use Can Decrease rojects

Duration
Strategies for Opportunities

• 2-Exploit

• Seek to ensure the opportunities definitely happen

• Example: allocate experience manpower in critical path to complete

project early
Strategies for Opportunities

• 3-Share

• Allocate some or all of the ownership of the opportunity to a third

party who is best able to capture the opportunity for the project
benefit.

• Example: buy machine

Strategies for Opportunities

• 4-Enhance

• Increase the probability and/or the positive impacts of an opportunity.

• Example: negotiation for the equipment earlier to secure lower price

 Difference Between Enhance and Exploit Risk Response Strategies:
❑ In the enhance risk response strategy you try to realize opportunity, while in the exploit risk response
strategy you ensure realizing the opportunity.
❑ In the enhance risk response strategy you increase the probability of the opportunity happening, while
in the exploit risk response strategy you increase the opportunity to 100%.

❑ The enhance risk response strategy can be considered the opposite of the mitigation risk response
strategy, and the exploit risk response strategy can be considered the opposite of the avoid risk
response strategy.
❑ Summary
❑ Enhance and exploit are two kinds of positive risk response strategies. If the opportunity is not very
important or you don’t have any extra resources, you will use the enhance risk response strategy.
❑ However, if you have extra resources available or the opportunity is so important that you cannot let
go, you will use the exploit risk response strategy. The strategy chosen for the opportunity will depend
on the situation, requirements, and resources available to you.
Strategies for Opportunities

• 5-Accept

• Not actively pursuing an opportunity

• Example: decrease material price

Plan Risk responses
• Do something to eliminate threats before they happens
• Do something to make sure the opportunities happens
• Decrease the probability and/or impact of threats
• Increase the probability and/or impact of opportunities

• For the remaining (residual) threats that cannot be eliminated:

• Do something if the risk happens (contingency plan).
• Do something if contingency plan not effective (fallback plan)
• The risks result in applying risk response strategy is called (secondary risk)
• The risk trigger is events that trigger the contingency response
• Workaround is procedures to solve unplanned risks
 IMPLEMENT RISK RESPONSES

implementing agreed-upon risk ensures that agreed-upon risk

response plans responses are executed as planned
11.6 IMPLEMENT RISK RESPONSES
 MONITOR RISKS

1-monitoring the implementation of

agreed-upon risk response plans
enables project decisions to be
2-tracking identified risks,
based on current information about
identifying
overall project risk exposure and
3- analyzing new risks
individual project risks
4-evaluating risk process
effectiveness
11.7 MONITOR RISKS
Reserve analysis

• compares the amount of the contingency reserves remaining to the amount

of risk remaining at any time in the project in order to determine if the
remaining reserve is adequate.
AUDITS

• consider the effectiveness of the risk management process

• Risk audits may be included during routine project review meetings or may
form part of a risk review meeting
Monitor Risk : Tools and Techniques
❑ MEETINGS:-
➢ Risk Reviews
✓ Examine and document the effectiveness of risk responses in dealing with overall project risk and with
identified individual project risks.

✓ Identification of new individual project risks.

✓ Reassessment of current risks.

✓ The closing of risks that are outdated.
✓ Issues that have arisen as the result of risks that have occurred.

✓ identification of lessons to be learned for implementation in ongoing phases in the current project
or in similar projects in the future.
1-During which stage of Risk planning are risks prioritized based on
probability and -impact?

A-Identify Risks

B-Risk management plan

C-Perform Qualitative risk analysis

D-Perform Quantitative risk analysis

2-Mohamed has joined as the Project Manager of a project. One of the
project documents available to Mohamed lists down all the risks in a
hierarchical fashion. What is this document called?

A-Risk Management Plan.

B-List of risks.

C-Risk register

D-Risk Breakdown Structure

3- Project risk management includes all the processes concerned with
conducting risk management planning, identification, analysis,
responses, and monitoring and control on a project. In this context, all
the following statements about risk are accurate EXCEPT:

A- Risk is an uncertain event or condition

B- Risks have to be identified and properly managed

C- Risk Management should be done throughout the project

D- Risk has only negative impact on the project objective

4- you have just been assigned as the project manager for a sizeable
engineering project, and you want to quickly review the projects
Procedures for managing risk . What would be the most helpful in
finding this information?

A- a risk register
B- a risk management plan
C- environment process assets
D- a risk impact matrix
5- Heba is a Project Manager for software migration at a bank. A major
risk that has been identified is attrition of resources. As a strategy to
respond to this risk, Heba, with support from Senior Management,
provides good increments to his team members. What type of risk
response is heba following?

A-Accept

B-Avoid

C-Transfer

D-Mitigate
6-Which of these is not a valid response to positive risks?

A-Exploit

B-Mitigate

C-Enhance

D-Share
7-After conducting a SWOT Analysis, you have determined that a
business deal is worth pursuing. You are required to use Agile
development practices. In your company, there is no expertise in Agile
development. Hence, you partner with another organization that
specializes in Agile development. This is an example of:

a) Sharing a Positive Risk

b) Mitigating a Negative Risk

c) Exploiting a Positive Risk

d) Accepting a Negative risk

8-During which stage of Risk planning are Simulation used to determine
overall effects of risks on project objectives ?

A-Risk identification

B-Risk response planning

C-Qualitative risk analysis

D-Quantitative risk analysis

9-if the team cannot identify a suitable response to an identified risk . Which risk
response would they apply?

A- avoidance

B-acceptance

C- mitigation

4-transference
10-During which risk management process is a determination to transfer
a risk made?

A. Identify Risks.

B. Perform Quantitative Risk Analysis.

C. Plan Risk Responses.

D. Monitor and Control Risks.

THANK YOU safoia2222222@gmail.com

+966 50 8739484