Manual 3-Project Risk Management-Book 3

Manual 3
Project Risk Management
Book 3 of 4
Identifying Monitoring and Controlling
Manual 3: Project Risk Management
Contents
Topic 1: Risk Management Process 4
Section A: Introducing Risk Management Process 4
Risk Management Processes 4
Project Risk Management 4
Risk Management Process Group 4
Fundamental Principles of Risk Management 5
Basis for Grading 6
Section B: Risk Management Team 7

The Risk Management Team 7
Project Team 7
Discussion Topic 7
Topic 2: Risk Management Planning 8

Section A: Introducing Risk Management Planning 8
Risk Management Planning: Inputs 8
Risk Management Planning: Tools and Techniques 9
Planning Meetings and Analysis 9
Risk Management Planning: Outputs 9
Risk Management Plan 9
Section B: An Overview of risk Management Planning 12

Section Objectives 12
Risk Management Planning 12
Section C: Inputs, Tools and Techniques, and Outputs of Risk Management Planning 13
Risk Management Planning 13
Inputs to Risk Management Planning 13
Tools and Techniques of Risk Management Planning 14
CASE STUDY: DREAM BUILDERS INC. 15
CURRENT PROJECT 16
CONSTRAINTS & ASSUMPTIONS 19
Topic 3: Risk Response Planning 21

Section A: Introducing Risk Response Planning 21
Risk Response Planning: Inputs 21
Risk Management Plan 21
Risk Register 22
Risk Response Planning: Tools and Techniques 22
Strategies for Negative Risks or Threats 22
Strategies for Positive Risks or Opportunities 23
Strategy for Both Threats and Opportunities 23
Risk Response Planning: Outputs 23
Book 3 of 4: Identifying, Monitoring and Controlling Page 2 of 36

Section B: An Overview of Risk Response Planning 25

Risk Response Planning 25
Purpose of Risk Response Planning 26
Proactive Approach to Risk Response 26
Section C: Inputs, Tools and Techniques, and Outputs of Risk Response Planning 27
Inputs to Risk Response Planning 27
Tools and Techniques of Risk Response Planning 27
Transference Using Contracts 28
Inputs: Can We Answer the Questions? 28
Schedule Mitigation Strategies 29
Cost Mitigation Strategies 29
Technical Mitigation Strategies 29
Suggested Risk Management and Mitigation Strategies 30
Using a Graded Approach in Determining Risk Response Strategies 31
Low and Medium Risks 31
High Risks 31
Application of a Graded Approach 32
Factors Affecting Choice of Control Techniques 32
Benefits of Balancing Controls 33
Benefits of Balancing Controls with Risk 33
Minimum techniques 34
Outputs from Risk Response Planning 34
Reserve Management vs. Contingency Reserve 36

Topic 1: Risk Management

Process
Section A: Introducing Risk Management
Process
Risk Management Processes
It is important that a risk strategy be established early in a project and that a risk be continually addressed
throughout the project life cycle. Risk management requires the project manager to anticipate problems
long before they occur and take appropriate action to keep the project running smoothly.
Similarly, the project manager should actively seek opportunities to introduce positive events, thereby
enhancing project performance. Although risk management may mean different things depending on the
industry in question, this course covers all aspects of risk management as defined by the Project
Management Institute. Despite differences across industries, the fundamentals of risk management are
universally recognized.

Definition: Project Risk Management
Project risk management is the systematic process of identifying, analyzing and responding to
project risk. It includes maximizing the probability and consequence of positive events and
minimizing the probability and consequence of adverse events to project objectives. It includes
the processes of risk management planning, risk identification, qualitative risk analysis,
quantitative risk analysis, and risk response planning and risk monitoring and control.
The risk management process should begin even before the project initiation phase, as it should be rooted
in the organization’s culture and policy. Without a well-established expectation and modeled behavior by
senior management, attempts by individual project managers to manage risk are likely to be
misunderstood and unfruitful.
Planning for risk management is similar to the other processes in the planning phase (quality planning,
communications planning, human resource planning). In these processes, organizational standards and
policies often provide guidance to ensure a degree of consistency across projects. Likewise, planning for
risk management on the project involves choosing the best application of organizational policies
commensurate with the overall risk of the project.
The risk management plan is the project manager’s commitment to the sponsor and organization
concerning standards for risk management.
Risk Management Process Group

Risk Management Planning: The process of deciding how to approach and plan the risk management
activities for a project.
Risk Identification: The process of determining which risks might affect the project and documenting
their characteristics.
Qualitative Risk Analysis: The process of assessing the impact and likelihood of identified risks.

Quantitative Risk Analysis: The process of analyzing numerically the probability of each risk and its
consequence on project objectives, as well as the extent of overall project risk.
Risk Response Planning: The process of developing options and determining actions to enhance
opportunities and reduce threats to the project objectives.
Risk Monitoring and Control: The process of keeping track of the identified risks, monitoring residual
risks, and identifying new risks, ensuring the execution of risk plans, and evaluating their effectiveness in
reducing risk.
Fundamental Principles of Risk Management

Listed are the fundamental principles of risk management:
• Fundamental Principles 1: Determine Proportionate Expenditure

• Fundamental Principles 2: Use a Pragmatic Approach
• Fundamental Principles 3: Apply a graded approach
• Fundamental Principles 1: Determine Proportionate Expenditure

The time and money spent in analyzing risk and determining risk management and mitigation strategies
should be considered from a cost to benefit perspective. It should) not cost more to manage or mitigate
the risk than to realize the risk. It should be the goal for the risk management or mitigation strategy to
significantly reduce the risk potential and to cost significantly less than the realized risk.
What do we mean by realized risk? Simply stated, this term describes the impact to the project should the
risk actually occur in an unmitigated manner. An illustration would be the development of a work-around
strategy that adds five days to the project schedule in order to avoid a prospective risk, but implementing
the strategy causes an additional schedule delay of three days. This is not wise risk management.
In some project domains, the idea of realized risk is replaced by the value of the risk factored by the
probability of it occurring. Statistically, a risk with an impact of $50,000 but only 10% likely to occur is
worth, or has an expected value of, $5,000. Using the above illustration, you should not spend more than
$5,000 to defeat such a risk. In a given project you will have dozens of risks, and only a portion of them will
actually occur. You could not reasonably spend up to the full value of each risk in order to defend your
project. Additional discussion of the statistical basis of risk will be seen in the material on Monte Carlo
analysis covered in the concept: Quantitative Risk Analysis.
• Fundamental Principle 2: Use a Pragmatic Approach

It may be more cost effective to concentrate management attention on the mitigation of some medium
risks, which can be controlled, than on some high risks with results largely determined by outside
influences. It may not be possible to manage or mitigate every risk; therefore, some risks must simply be
accepted. Also, a risk with an extremely high consequence but an extremely low potential may not need to
be considered as a risk with any real potential for the project. These types of risk strategies will be
discussed further in the concept: Risk Response Planning.
To summarize the pragmatic approach:
• Differentiate between high and medium risks

• Identify those risks that can be managed or mitigated
• Fundamental Principle 3: Apply a Graded Approach

Throughout the course, students will hear about the graded approach to risk management. The graded
approach is a flexible selection process that permits the project manager to choose a more or less
rigorous application of project management approaches, controls, and tools to actually manage the
project. The graded approach applies to all projects.

A formal, documented process should be used in determining the application of the graded approach.
Such a process should be documented in the risk management plan. This process normally begins with an
analysis of the risk to the project’s successful completion as conceived and planned. It is an analysis of
those potential problems that may interfere with the successful completion of the project. In one sense,
project management is the art and skill of bringing a project to successful completion through the
management and mitigation of risk. Project managers are risk managers.
Select a flexible process, or one that permits the project manager to choose a more or less rigorous
project management approach and use:
• A constant measure to determine the basis for grading

• A process to selectively apply project management tools commensurate with project risk
• A methodology that can be applied to all projects
Basis for Grading

The basis for grading is formulated by using a quantitative and qualitative process or by considering and
applying the proportionate resources and pragmatic response with the:
• Dollar value associated with the project

• Complexity of the project
• Visibility of the project
• Consequence of project failure
The project dollar value, complexity, visibility, and stake, i.e., what is at stake if this project fails, are the
basis for determining the application of a graded approach. Typically, dollar value, complexity, and
visibility are just other types or forms of the idea of project stake or project risk.
When determining and applying the graded approach, project stake should be the only basis. This could
lead to a clearer definition of the application of the graded approach: the risk-based graded approach.

Section B: Risk Management Team

The Risk Management Team
Risk management is a discipline that originates first in the project manager’s fundamental behaviors and
motivations. Many say that the practice of risk management and project management are inseparable. The
project manager is the one who makes sure it all happens. The project manager must also model the
behavior and establish an open climate that encourages the active contributions of all team members and
stakeholders.
Whether participating in the initial, formal risk assessments, or contributing to the follow-up analysis and
control of risks, each participant must be fully involved. This may require the project manager to exercise
the soft skills to draw out the quiet team members and to gracefully control the more outspoken
members.
When doing a formal assessment, thought must be given to establishing a meeting that encourages input
from all perspectives on the project. This may include the customer and other stakeholders not normally
considered as having direct or valid input. The feedback from other individuals in an organization that have
timely and vital lessons learned from similar experiences is extremely valuable and should be included.
The project manager is ultimately responsible for the risk management, but needs participation from all
team members. Gaining that commitment to participate is a project manager’s responsibility.
Project Team
The project management team typically consists of the following members:
• Project manager
• Team leaders
• Team members
• Subject matter experts
• Engineers and other employees
• Project sponsors
• Customers
• Others as required
All project managers are essentially risk managers, using their skill to mitigate risk. Project managers
typically:
• Plan risk management strategies

• Document risk plans, risk encountered, and responses to risk
• Determine the correct level of risk management application, controls, and responses based on the
project baseline, and resources available for risk management
• Identify opportunities for regulatory participation or stakeholder participation in risk planning when
needed
Discussion Topic
Think about the organization where you work.
1. Identify the typical phases of the project life cycle in your industry or business.
2. Identify the deciding points between the phases and who makes the decision to proceed to the
next phase.
3. Does your company use a standard life cycle for projects?

Topic 2: Risk Management

Planning
Section A: Introducing Risk Management
Planning
Careful and explicit planning enhances the possibility of success of the five other risk management
processes. Risk Management Planning is the process of deciding how to approach and conduct the risk
management activities for a project. Planning of risk management processes is important to ensure that
the level, type, and visibility of risk management are commensurate with both the risk and importance of
the project to the organization, to provide sufficient resources and time for risk management activities,
and to establish an agreed-upon basis for evaluating risks. The Risk Management Planning process
should be completed early during project planning, since it is crucial to successfully performing the other
processes described in this chapter.
Inputs Tools & Techniques Outputs
1. Enterprise environmental 1. Planning meetings and 1. Risk management plan

factors analysis
2. Organizational process
assets
3. Project scope statement
4. Project management plan
Figure 1 - Risk Management Planning:

Inputs, Tools &Techniques, and Outputs
Risk Management Planning: Inputs

• Enterprise Environmental Factors
The attitudes toward risk and the risk tolerance of organizations and people involved in the project will
influence the project management plan. Risk attitudes and tolerances may be expressed in policy
statements or revealed in actions.
• Organizational Process Assets

Organizations may have predefined approaches to risk management such as risk categories, common
definition of concepts and terms, standard templates, roles and responsibilities, and authority levels
for decision-making.
• Project Scope Statement
• Project Management Plan

Risk Management Planning: Tools and Techniques

Planning Meetings and Analysis
Project teams hold planning meetings to develop the risk management plan. Attendees at these meetings
may include the project manager, selected project team members and stakeholders, anyone in the
organization with responsibility to manage the risk planning and execution activities, and others, as
needed. Basic plans for conducting the risk management activities are defined in these meetings. Risk
cost elements and schedule activities will be developed for inclusion in the project budget and schedule,
respectively. Risk responsibilities will be assigned. General organizational templates for risk categories
and definitions of terms such as levels of risk, probability by type of risk, impact by type of objectives, and
the probability and impact matrix will be tailored to the specific project. The outputs of these activities will
be summarized in the risk management plan.
Risk Management Planning: Outputs

Risk Management Plan
The risk management plan describes how risk management will be structured and performed on the
project. It becomes a subset of the project management plan. The risk management plan includes the
following:
• Methodology. Defines the approaches, tools, and data sources that may be used to perform risk
management on the project.
• Roles and responsibilities. Defines the lead, support, and risk management team membership for
each type of activity in the risk management plan, assigns people to these roles, and clarifies their
responsibilities.
• Budgeting. Assigns resources and estimates costs needed for risk management for inclusion in the
project cost baseline.
• Timing. Defines when and how often the risk management process will be performed throughout the
project life cycle, and establishes risk management activities to be included in the project schedule.
• Risk categories. Provides a structure that ensures a comprehensive process of systematically
identifying risk to a consistent level of detail and contributes to the effectiveness and quality of Risk
Identification. An organization can use a previously prepared categorization of typical risks. A risk
breakdown structure (RBS) (Figure 2) is one approach to providing such a structure, but it can also be
addressed by simply listing the various aspects of the project. The risk categories may be revisited
during the Risk Identification process. A good practice is to review the risk categories during the Risk
Management Planning process prior to their use in the Risk Identification process. Risk categories
based on prior projects may need to be tailored, adjusted, or extended to new situations before those
categories can be used on the current project.
• Definitions of risk probability and impact. The quality and credibility of the Qualitative Risk Analysis
process requires that different levels of the risks’ probabilities and impacts be defined. General
definitions of probability levels and impact levels are tailored to the individual project during the Risk
Management Planning process for use in the Qualitative Risk Analysis process.

Project
Project
Technical External Organizational Management
Requirements Subcontractors and Project

Suppliers Dependencies Estimating
Technology Regulatory Resources Planning
Complexity and Market Funding Controlling

Interfaces
Performance and Customer

Prioritization Communication
Reliability
Weather
Quality
The Risk Breakdown Structure (RBS) lists the categories and sub-categories within which risks may arise for
a typical project. Different RBSs will be appropriate for different types of projects and different types of
organizations. One benefit of this approach is to remind participants in a risk identification exercise of the
Figureproject
many sources from which 2 - Example of aarise.
risk may Risk Breakdown Structure (RBS)
Figure 2: Example of a Risk Breakdown Structure (RBS)
A relative scale representing probability values from “very unlikely” to “almost certainty” could be used.
Alternatively, assigned numerical probabilities on a general scale (e.g., 0.1, 0.3, 0.5, 0.7, 0.9) can be used.
Another approach to calibrating probability involves developing descriptions of the state of the project that
relate to the risk under consideration (e.g., the degree of maturity of the project design).
The impact scale reflects the significance of impact, either negative for threats or positive for
opportunities, on each project objective if a risk occurs. Impact scales are specific to the objective
potentially impacted, the type and size of the project, the organization’s strategies and financial state, and
the organization’s sensitivity to particular impacts. Relative scales for impact are simply rank-ordered
descriptors such as “very low,” “low,” “moderate,” “high,” and “very high,” reflecting increasingly extreme
impacts as defined by the organization. Alternatively, numeric scales assign values to these impacts.
These values may be linear (e.g., 0.1, 0.3, 0.5, 0.7, 0.9) or nonlinear (e.g., 0.05, 0.1, 0.2, 0.4, 0.8). Nonlinear
scales may represent the organization’s desire to avoid high-impact threats or exploit high-impact
opportunities, even if they have relatively low probability. In using nonlinear scales, it is important to
understand what is meant by the numbers and their relationship to each other, how they were derived,
and the effect they may have on the different objectives of the project.
Figure 3 is an example of negative impacts of definitions that might be used in evaluating risk impacts
related to four project objectives. That figure illustrates both relative and numeric (in this case, nonlinear)
approaches. The figure is not intended to imply that the relative and numeric terms are equivalent, but to
show the two alternatives in one figure rather than two.
• Probability and impact matrix. Risks are prioritized according to their potential implications for
meeting the project’s objectives. The typical approach to prioritizing risks is to use a look-up table or a
Probability and Impact Matrix. The specific combinations of probability and impact that lead to a risk
being rated as “high,” “moderate,” or “low” importance—with the corresponding importance for
planning responses to the risk—are usually set by the organization. They are reviewed and can be
tailored to the specific project during the Risk Management Planning process.

Defined Conditions for Impact Scales of a Risk on Major Project Objectives

(Examples are shown for negative impacts only)
Relative or numerical scales are shown
Project
Objective Very low / .5 Low / .10 Moderate / .20 High / .40 Very high / .80
Insignificant cost 10-20% cost 20-40% cost >40% cost

Cost increase
<10% cost increase
increase increase Increase
Insignificant time 5-10% time 10-20% time >20% time

Time increase
<5% time increase
increase increase increase
Scope reduction Project end item
Scope decrease Minor areas of scope Major areas of
Scope barely noticeable affected scope affected
unacceptable to is effectively
sponsor useless
Quality Only very demanding Quality reduction Quality reduction Project end item
Quality degradation barely applications are requires sponsor unacceptable to is effectively
noticeable affected approval sponsor useless
This table presents examples of risk impact definitions for four different project objectives. They should be tailored in the Risk
Management Planning process to the individual project and to the organization’s risk thresholds. Impact definitions can be
developed for opportunities in a similar way.
Figure 3: Definition of Impact Scales for Four Project Objectives
• Revised stakeholders’ tolerances. Stakeholders’ tolerances may be revised in the Risk Management
Planning process, as they apply to the specific project.
• Reporting formats. Describes the content and format of the risk register as well as any other risk
reports required. Defines how the outcomes of the risk management processes will be documented,
analyzed, and communicated.
• Tracking. Documents how all facets of risk activities will be recorded for the benefit of the current
project, future needs, and lessons learned. Documents whether and how risk management processes
will be audited.

Section B: An Overview of risk

Management Planning
In this manual, you will learn about risk management planning, using the step-by-step procedure.
Guidelines for planning meetings are also discussed. Additionally, the inputs, tools and techniques, and
outputs of risk management are reviewed.
Section Objectives
• Define risk management planning
• Identify the inputs, tools and techniques, and outputs of risk management planning
• Define what should be included in planning meetings
Risk Management Planning

The risk management plan is the project manager’s commitment to the sponsor and organization
concerning standards for risk management.
Definition: Risk Management Planning

Risk management planning is the process of deciding how to approach and plan the risk
management activities for a project.

Section C: Inputs, Tools and Techniques,

and Outputs of Risk Management Planning
Risk Management Planning
Inputs to Risk Management Planning
The project manager begins risk management planning by reviewing the project charter, which defines
the boundaries of the project and states the need for which the project has been established. The charter
gives a fairly clear definition to the overall risk inherent in the project. “If this project fails, the effect on
the organization is...?” is an example of a risk statement.
Organizational policies such as specific risk management policies and other definitions of functional
(matrix) roles and responsibilities must be known prior to effectively planning for risk management.
Stakeholder tolerances for risk should be documented. The undocumented expectations or rules of
behavior of senior management should be understood, such as the expectation that certain reports will be
made.
A risk management plan template will probably exist in organizations with standards for quality systems
such as the ISO 9000 series. Applying the template ensures consistency, allowing individuals from
different projects to easily comprehend the risk plans on a specific project.
Information in the documents already contained as part of the project plan (charter, scope statement,
roles and responsibilities matrix (RAM), and the WBS) helps provide an understanding of:
• The organization culture

• Its leaders
• Current business climate
• Organization’s risk management policies
• Stakeholder risk tolerances (policies, actions)
Charter: Defines scope, project deliverables, and risks; what can be planned for based on issues
regarding risks to scope changes or the nature of deliverables.
Organization’s risk management policies: Organizations may have legal regulations or organizational
policies for specific types of risks; hazardous materials handling and disposal are good examples.
Defined roles and responsibilities: Dependent upon the organizational structure, certain types of risks
may be accountable to specific parties in an organization, and the responsibility for dealing with these
risks is the responsibility of the assigned parties.
Stakeholder risk tolerances: In working with stakeholders, the project manager should discover what
their risk tolerance is to certain types of risk. The project manager should consider any documentation
and historical data to determine risk tolerances as they relate to project scope, quality, budget, schedule,
or other risks specific to their project.
Template for the organization’s risk management plan: An organization may have a well-defined
approach and template for risk management planning. A template from previous project efforts can be
used and helps define and explain the organization’s methodology regarding risk tolerance. Company risk
tolerance can be described as one of the following:
• Risk prone, seeker, taker

• Risk neutral
• Risk averse, and avoider

Several influences may determine company risk tolerance such as:
• The economic environment

• Senior management
• Project value and complexity
Remember that it is important for the project manager and project team to know the risk tolerance of a
company early in the risk-planning phase.
Work Breakdown Structure (WBS): The WBS breaks down the project into work packages; risks can be
identified, managed, and planned by analyzing the nature of the work packages in the WBS.
Tools and Techniques of Risk Management Planning

The primary planning technique is the project planning meeting. Meetings should be managed well and
should include:
• Project manager
• Project team leaders
• Key stakeholders
• Others in organization responsible for risk activities
The project team, stakeholders, and participants from regulatory agencies may be involved in the project
planning meeting. The preparation of the plan is not simply acquiring the standard template and filling in
the paragraphs. The goal is to review the project charter (project objectives, goals, assumptions and
constraints), which leads to a definition of the overall project risk. The meeting also documents all of the
planning assumptions, which lend themselves to early identification of risks.
The planning meeting should establish an understanding of the types and extent of project controls that
will be in place for project monitoring and control. This leads to an understanding of the risk controls for
low and medium risks, which are typically sufficiently covered (under the graded approach) by prudent use
of available controls.
Planning meetings define:
• Who will lead, support, and identify team members for each type of risk action
• What approaches, tools, and data sources will be used
• What scoring and interpretation methods will be used
• What threshold criteria will be acted upon and by whom
• How much it will cost
• How often the risk management process will be performed
• How reports will be generated and what standard content will be included, analyzed, and
communicated
• How all the risk activities will be recorded and/or tracked

Outputs from Risk Management Planning
The single output of the process is a risk management plan that describes how the risk management
process will be structured and performed during the project life cycle. Typical topics covered in a risk
management plan are as follows:
• Methodology
• Roles and responsibilities
• Budgeting
• Timing
• Scoring and interpretation
• Thresholds
• Reporting formats
• Tracking
The risk management plan also describes how you will implement and carry out the various risk
processes: risk identification, qualitative and quantitative analysis, risk response planning, and risk
monitoring and control during the life of the project.
The plan does not note the responses to specific risks (which is the purpose of the risk response plan), but
notes the broader methodology of how risk will be planned for and managed during the life cycle of the
project. The project team signs off on the risk management plan. This ensures that they have a
commitment to the plan and feel empowered to actively participate in risk management activities.
The risk management plan should be part of the project baseline. Cost and budget segments of a project
plan are not complete until risk is accounted for. As project managers progress through subsequent
stages of risk management, they should adapt the risk management plan to meet the different risk
environments they encounter. This course explores the different processes of risk management. You will
adapt a risk management plan to address the risks of your course project. A template for the risk
management plan using a standard outline is normally used in an organization and distributed to all
relevant project stakeholders.
CASE STUDY: DREAM BUILDERS INC.

BACKGROUND
Joe Dreamer, the President of Dream Builders, Inc., has been building affordable homes since 1972. His
vision is to provide affordable housing to everyone. The pride of Joe Dreamer and Dream Builders Inc. is
their ability to provide the “American Dream” to all Americans by providing them with quality affordable
homes. Their homes are considered “starter homes” for young couples and first-time homebuyers.
Joe Dreamer is an incredible visionary. Back in 1979 Joe purchased four large parcels of land in Southern
California all in close proximity to each other. As of today, Joe has developed two of those four parcels of
land, resulting, in 8,000 homes built and sold to date. The interesting approach Joe has is to leave a few
choice parcels of undeveloped land in each neighborhood. The few choice parcels of land will be utilized
as model homes for the developments yet to be built. The idea is that new home shoppers will not have to
visualize what an established neighborhood will look like in years to come, but to the contrary they will be
able to see their choice model home in a real life setting. Once the adjacent neighborhood is completely
sold, the model homes in the existing neighborhoods will be sold as well.
Recently, Dream Builders has concentrated their building in Southern California. This is due to
demographic reports and feasibility studies that indicate that there is a high interest by newly married
couple for housing in that region. Through further research with banks and other lending institutions
regarding loan qualification requirements for affordable housing, Dream Builders has confirmed that their
affordable housing program fits well within the scope of requirements for this demographic group.

Dream Builders has kept their costs low by developing strong relationships with contractors (such as
plumbers, electricians, etc) and ensuring they pass on substantial business to these individuals. This has
enabled Dream Builders to be able to rely on the contractors to work with Dream Builders whenever
Dream Builders needs them. Unfortunately, both Dream Builders and another large construction company
have kept the plumbing contractor exceptionally busy lately and some work has been delayed. Dream
Builders is working on developing relationships with other plumbing contractors in order to ensure no
delays occur on their projects, but these relationships will take some time to cultivate.
Given that Dream Builders has concentrated their business in California, they are well known for
developing high-quality housing that fits well into existing neighborhoods. Dream Builders also works well
with surrounding property owners, ensuring they are kept updated on progress and getting their buy- in
for future development efforts in their community. Dream Builders is known for maintaining the
landscaping around housing built, including cutting down minimal trees and investing a significant amount
into lawn, flowers, and shrubs. The materials Dream Builders uses in building homes are above the
requirements of the building codes for an area where earthquakes are of concern to residents.
CURRENT PROJECT
Dream Builders Prototype 63a is Dream Builders, Inc., most recent project. This project entails building
a 1,500 square foot ranch style home on a pre-existing developed 100 foot by 200 foot building lot within a
previously developed neighborhood. If this project goes well, Dream Builders can expect to build similar
homes in other previously developed neighborhoods throughout Southern California.
GOALS
Dream Builders is planning on having the home ready to be showcased at the annual spring housing
convention, which premieres available new homes to local realty companies.
Dream Builders has developed strong relationships with local realtors by working with them to develop
affordable homes for their clients. They know that if this new home receives a favorable review at the
annual spring housing convention, Dream Builders Inc. can expect a quick sale and support for doing
additional similar projects in other neighborhoods in Southern California. Within five years, Dream
Builders would like to expand to other areas of California and eventually develop their business nationally.
PROJECT CHARTER
This Project Charter was completed during the Project Initiation phase. It is an executive overview
intended to facilitate discussion, and to provide formal authorization to proceed. This entire document is
typically between two and four pages when complete. It is not a detailed planning document. Information
wilt likely be limited in terms of reliability and completeness. It is written with the intent on supplying
information at the level of the people reading it.
PROJECT NAME Dream House 101

Project Sponsor Joe Dreamer – President “Dream Builders Inc”
Project Manager
EXECUTIVE OVERVIEW
Dream Builders will construct a 1,500 sq. ft. ranch style home on a pre-existing developed 100 foot by 200
foot building lot within a previously developed neighborhood. The house will consist of three bedrooms,
one kitchen, one bathroom, one laundry room, and a one-car garage. All electrical, plumbing, and heating
will be installed in conformance with local codes.
BUSINESS JUSTIFICATION
Dream Builders have been building affordable homes since 1972. The southern California demographics
report and our own independent feasibility study indicates a high interest by newly married couples for
housing in this region, and loan qualification records indicate Dream Builders housing program fits well
within the scope of requirements of this baby boomer generation. A significant advantage is directly
related to the rate at which Dream Builders bulk purchased land in this region. High profit margins are
well within reach based on the initial reports.
GENERAL STRATEGY
The overall approach to the project will be to segment the project into five phases, allowing dose
monitoring of progress. Subcontractors will do all work with the exception of the framing and finish work.
KEY OBJECTIVES
Dream Builders must start construction within the next four weeks in order to meet the deadline for the
annual spring housing convention, which premieres available new homes to local realty companies. This
is a key driver for success of a quick sale and return on investment. Strict adherence to the approved
plans is critical, as the neighborhood development committee has required Dream Builders to maintain
the original likeness of the adjoining homes.
KEY DELIVERABLES
a. Start construction within four weeks.

b. Deliver spec built home on time and within budget.
c. Deliver project turnkey in accordance with scope.
d. Attend annual spring housing convention, market saleable home to realtors.
e. Turn over to closing department upon executed proposal of sale.
QUALITY STATEMENT
Dream Builders will utilize our home development methodology as an integral framework for our Quality
Plan regarding this initiative. Additionally, local code enforcement agencies will perform inspections in
respect to local code standards.
INITIAL MILESTONE SCHEDULE
Permit Approval January 15

Pour Concrete Slab Complete January 30
Frame House Complete February 15
Rough In All Mechanicals Complete March 1
Insulate, Drywall Complete March 20
Finish April 15
FINANCIAL ESTIMATES
This estimate is based on current run rates of homes built by Dream Builders within the last 12 months.
Based on this data we are using a parametric model of $90.00 per square foot. This excludes the cost of
the land and associated developed costs. The accuracy of this estimate is +1- 25%. 1500 sq. ft * $90.00 =
$135,000.00.
INITIAL ASSUMPTIONS
• Based on previous experience, we expect to be able to have permit approvals within 30 days.
• We assume inspections can be completed in 48 hours.
• We expect a minimal amount of rain, based on long-range forecasts and the Farmers Almanac.
• We expect to have our internal resources available during the project. We expect to have approval for
a booth at the Spring Realtors Convention.
• We expect economic indicators to remain stable, and lending rates to remain consistent.
INITIAL CONSTRAINTS
• There is a fixed end date of April 20. This is the day of the Realtors Convention.
• There are new codes in regards to earthquakes; they require new materials and extended periods for
inspections.
• The local building department is currently short staffed; inspections have typically been delaying our
schedules.

MAJOR RISKS
• Seismic activity in the region has been high; based on research compiled at U.C. Berkeley in the
earthquake catalog, there are indications of a significant earthquake.
• Recently our plumbing contractor has been too busy to keep with the fast pace scheduling, causing
delays in other projects.
• Research of Lessons Learned during the original construction of the neighborhood back in 1976
showed some inconsistency in soil density, resulting in significant settling of the concrete slabs. This
settling caused significant increase in costs related to rework. The property proposed for development
is next door to one of the original houses that experienced this problem.
PROJECT TEAM
Name / Title Responsibilities

Joe Dreamer Formal Approval
Project Sponsor Financial Approval

• Key decision maker
• Direct escalation from project manager
• Overall responsibility for the project
Project Manager • Main communications lead
• Team leader
• Reporting & management of data
• Deliver project – on time & within budget
Project Team (Internal) Perform work package tasks as directed and within the
defined scope and time. Communicate results.
Project Team (Sub Contractors) Perform work package tasks as directed and within the
defined scope and time. Communicate results.
APPROVALS
At a minimum, the Project Sponsor, Senior Manager, and the Project Manager should sign this document.
It may be advisable to include providers of key resources (functional managers, for example) and / or key
stakeholders.
SCOPE STATEMENT
The scope statement provides a documented basis for making future project decisions and for confirming
or developing common understanding of project scope among the stakeholders. As the project
progresses, the scope statement may need to be revised or refined to reflect approved changes to the
scope of the project.
PROJ ECT NAME
Dream Builders Prototype 63a - 15334 Sunny Street, Laguna Beach, California
PROJECT JUSTIFICATION
Dream Builders have been building affordable homes since 1972. The southern California demographics
report and our own independent feasibility study indicates a high interest in newly married couples for
housing in this region, and loan qualification records indicate Dream Builders housing program fits well
within the scope of requirements of this baby boomer generation. A significant advantage is directly
related to the rate at which Dream Builders bulk purchased land in this region. High profit margins are
well within reach based on the initial reports.

PRODUCT DESCRIPTION
Dream Builders final product as a result of this project is a 1,500 sq. ft. ranch style home on a pre-existing
developed 100 foot by 200 foot building lot within a previously developed neighborhood. The house will
consist of three bedrooms, one kitchen, one bathroom, one laundry room, and a one-car garage. All
electrical, plumbing, and heating will be installed in conformance with local codes. The exterior of the
home will match the existing neighborhood, vinyl siding with vinyl builders’ grade windows.
PROJECT OBJECTIVES
• The project will be completed no later than April 15.

• The cost of this project is estimated at $135,000.00, and will not exceed $142,500.00.
• The property surrounding the home will have Perennial Rye Grass.
• The properly will retain the two existing pine and oak trees approx 10’ tall.
• The properly will have four rhododendron plants and three azalea bushes.
• The property will have a 15’ wide x 35’ long driveway.
• The property will have standard grade sidewalks in the front of the property.
• The property will have city sewer and water.
• Home finish details will be selected on a cost allowance basis.
SUPPORTING DETAIL
• Approved Plot Plan

• Approved Building Plans
• Approved Building Specifications
• Project Charter
• Permit Application
• Demographics Report
• Change Process, Change Approval Form
CONSTRAINTS & ASSUMPTIONS

ASSUMPTIONS
• Based on previous experience, we expect to be able to have permit approvals within 30 days.
• We assume inspections can be completed in 48 hours.
• We expect a minimal amount of rain, based on long-range forecasts and the Farmers Almanac.
• We expect to have our internal resources available during the project.
• We expect to have approval for a booth at the Spring Realtors Convention.
• We expect economic indicators to remain stable, and lending rates to remain consistent.
CONSTRAINTS
• There is a fixed end date of April 20. This is the day of the Realtors Convention.
• There are new codes in regards to earthquakes; they require new materials and extended periods for
inspections.
• The local building department is currently short staffed; inspections have typically been delaying our
schedules.

SCOPE MANAGEMENT
The scope of the project will be managed against the approved building plans and specifications. The
schedule, as well as estimated costs, roles and responsibilities, and risk responses will be managed from
the project plan. Any changes in scope are subject to approval. The Project Manager for Dream Builders is
responsible for all change requests, and must follow Dream Builders policies and procedures for change.
Noncompliance or unauthorized changes may result in disciplinary action.
ISSUES & RISKS
• Seismic activity in the region has been high, based on research compiled at U.C. Berkeley in the
earthquake catalog, there are indications of a significant earthquake.
• Recently our plumbing contractor has been too busy to keep with the fast pace scheduling, causing
delays in other projects.
• Research of Lessons Learned during the original construction of the neighborhood back in 1976
showed some inconsistency in soil density, resulting in significant settling of the concrete slabs. This
settling caused significant increase in costs related to rework. The property proposed for development
is next door to one of the original houses that experienced this problem.
Written By: __________________ Date: ____________

Approved By: __________________ Date: ____________

Topic 3: Risk Response

Planning
Section A: Introducing Risk Response
Planning
Risk Response Planning is the process of developing options, and determining actions to enhance
opportunities and reduce threats to the project’s objectives. It follows the Qualitative Risk Analysis and
Quantitative Risk Analysis processes. It includes the identification and assignment of one or more persons
(the “risk response owner”) to take responsibility for each agreed-to and funded risk response. Risk
Response Planning addresses the risks by their priority, inserting resources and activities into the budget,
schedule, and project management plan, as needed. Planned risk responses must be appropriate to the
significance of the risk, cost effective in meeting the challenge, timely, realistic within the project context,
agreed upon by all parties involved, and owned by a responsible person. Selecting the best risk response
from several options is often required. The Risk Response Planning section presents commonly used
approaches to planning responses to the risks. Risks include threats and opportunities that can affect
project success, and responses are discussed for each.
Inputs Tools & Techniques Outputs
1. Risk management plan 1. Strategies for negative risk 1. Risk register (updates)
2. Risk register or threats 2. Project management plan
2. Strategies for positive risk (updates)
or opportunities 3. Risk-related contractual
3. Strategy for both threats agreements
and opportunities
4. Contingent response
strategy
Figure 1 - Risk Response Planning: Inputs,

Tools & Techniques and Outputs
Risk Response Planning: Inputs

Risk Management Plan
Important components of the risk management plan include roles and responsibilities, risk analysis
definitions, risk thresholds for low, moderate, and high risks, and the time and budget required to conduct
Project Risk Management.
Some components of the Risk Management Plan that are important inputs to Risk Response Planning may
include risk thresholds for low, moderate, and high risks to help understand those risks for which
responses are needed, assignment of personnel and scheduling and budgeting for risk response planning.

Risk Register
The risk register is first developed in the Risk Identification process, and is updated during the Qualitative
and Quantitative Risk Analysis processes. The Risk Response Planning process may have to refer back to
identified risks, root causes of risks, lists of potential responses, risk owners, symptoms, and warning
signs in developing risk responses. Important inputs to Risk Response Planning include the relative rating
or priority list of project risks, a list of risks requiring response in the near term, a list of risks for
additional analysis and response, trends in qualitative risk analysis results, root causes, risks grouped by
categories, and a watch list of low priority risks. The risk register is further updated during the
Quantitative Risk Analysis process.
Risk Response Planning: Tools and Techniques

Several risk response strategies are available. The strategy or mix of strategies most likely to be effective
should be selected for each risk. Risk analysis tools, such as decision tree analysis, can be used to choose
the most appropriate responses. Then, specific actions are developed to implement that strategy. Primary
and backup strategies may be selected. A fallback plan can be developed for implementation if the
selected strategy turns out not to be fully effective, or if an accepted risk occurs. Often, a contingency
reserve is allocated for time or cost. Finally, contingency plans can be developed, along with identification
of the conditions that trigger their execution.
Strategies for Negative Risks or Threats

Three strategies typically deal with threats or risks that may have negative impacts on project objectives if
they occur. These strategies are to avoid, transfer, or mitigate:
• Avoid. Risk avoidance involves changing the project management plan to eliminate the threat posed
by an adverse risk, to isolate the project objectives from the risk’s impact, or to relax the objective that
is in jeopardy, such as extending the schedule or reducing scope. Some risks that arise early in the
project can be avoided by clarifying requirements, obtaining information, improving communication, or
acquiring expertise.
• Transfer. Risk transference requires shifting the negative impact of a threat, along with ownership of
the response, to a third party. Transferring the risk simply gives another party responsibility for its
management; it does not eliminate it. Transferring liability for risk is most effective in dealing with
financial risk exposure. Risk transference nearly always involves payment of a risk premium to the
party taking on the risk. Transference tools can be quite diverse and include, but are not limited to, the
use of insurance, performance bonds, warranties, guarantees, etc. Contracts may be used to transfer
liability for specified risks to another party. In many cases, use of a cost-type contract may transfer
the cost risk to the buyer, while a fixed-price contract may transfer risk to the seller, if the project’s
design is stable.
• Mitigate. Risk mitigation implies a reduction in the probability and/or impact of an adverse risk event
to an acceptable threshold. Taking early action to reduce the probability and/or impact of a risk
occurring on the project is often more effective than trying to repair the damage after the risk has
occurred. Adopting less complex processes, conducting more tests, or choosing a more stable
supplier are examples of mitigation actions. Mitigation may require prototype development to reduce
the risk of scaling up from a bench-scale model of a process or product. Where it is not possible to
reduce probability, a mitigation response might address the risk impact by targeting linkages that
determine the severity. For example, designing redundancy into a subsystem may reduce the impact
from a failure of the original component.

Strategies for Positive Risks or Opportunities

Three responses are suggested to deal with risks with potentially positive impacts on project objectives.
These strategies are to exploit, share, or enhance.
• Exploit. This strategy may be selected for risks with positive impacts where the organization wishes to
ensure that the opportunity is realized. This strategy seeks to eliminate the uncertainty associated
with a particular upside risk by making the opportunity definitely happen. Directly exploiting
responses include assigning more talented resources to the project to reduce the time to completion,
or to provide better quality than originally planned.
• Share. Sharing a positive risk involves allocating ownership to a third party who is best able to
capture the opportunity for the benefit of the project. Examples of sharing actions include forming
risk-sharing partnerships, teams, special-purpose companies, or joint ventures, which can be
established with the express purpose of managing opportunities.
• Enhance. This strategy modifies the “size” of an opportunity by increasing probability and/or positive
impacts, and by identifying and maximizing key drivers of these positive-impact risks. Seeking to
facilitate or strengthen the cause of the opportunity, and proactively targeting and reinforcing its
trigger conditions, might increase probability. Impact drivers can also be targeted, seeking to increase
the project’s susceptibility to the opportunity.
Strategy for Both Threats and Opportunities

Acceptance: A strategy that is adopted because it is seldom possible to eliminate all risk from a project.
This strategy indicates that the project team has decided not to change the project management plan to
deal with a risk, or is unable to identify any other suitable response strategy. It may be adopted for either
threats or opportunities. This strategy can be either passive or active. Passive acceptance requires no
action, leaving the project team to deal with the threats or opportunities as they occur. The most common
active acceptance strategy is to establish a contingency reserve, including amounts of time, money, or
resources to handle known—or even sometimes potential, unknown—threats or opportunities.
Contingent Response Strategy

Some responses are designed for use only if certain events occur. For some risks, it is appropriate for the
project team to make a response plan that will only be executed under certain predefined conditions, if it
is believed that there will be sufficient warning to implement the plan. Events that trigger the contingency
response, such as missing intermediate milestones or gaining higher priority with a supplier, should be
defined and tracked.
Risk Response Planning: Outputs

Risk Register (Updates)
The risk register is developed in Risk Identification, and is updated during Qualitative Risk Analysis and
Quantitative Risk Analysis. In the Risk Response Planning process, appropriate responses are chosen,
agreed-upon, and included in the risk register. The risk register should be written to a level of detail that
corresponds with the priority ranking and the planned response. Often, the high and moderate risks are
addressed in detail. Risks judged to be of low priority are included in a “watch list” for periodic monitoring.
Components of the risk register at this point can include:
• Identified risks, their descriptions, area(s) of the project (e.g., WBS element) affected, their causes
(e.g., RBS element), and how they may affect project objectives
• Risk owners and assigned responsibilities
• Outputs from the Qualitative and Quantitative Risk Analysis processes, including prioritized lists of
project risks and probabilistic analysis of the project
• Agreed-upon response strategies
• Specific actions to implement the chosen response strategy
• Symptoms and warning signs of risks’ occurrence
• Budget and schedule activities required to implement the chosen responses

• Contingency reserves of time and cost designed to provide for stakeholders’ risk tolerances
• Contingency plans and triggers that call for their execution
• Fallback plans for use as a reaction to a risk that has occurred, and the primary response proves to be
inadequate
• Residual risks that are expected to remain after planned responses have been taken, as well as those
that have been deliberately accepted
• Secondary risks that arise as a direct outcome of implementing a risk response
• Contingency reserves that are calculated based on the quantitative analysis of the project and the
organization’s risk thresholds.
Project Management Plan (Updates)

The project management plan is updated as response activities are added after review and disposition
through the Integrated Change Control process. Integrated change control is applied in the Direct and
Manage Project Execution process to ensure that agreed-upon actions are implemented and monitored as
part of the ongoing project. Risk response strategies, once agreed to, must be fed back into the
appropriate processes in other Knowledge Areas, including the project’s budget and schedule.
Risk-Related Contractual Agreements

Contractual agreements, such as agreements for insurance, services, and other items as appropriate, can
be prepared to specify each party’s responsibility for specific risks, should they occur.

Section B: An Overview of Risk Response

Planning
Risk response planning is the process in which the project team decides how to respond to identified
risks. There is little value in simply being alert to the existence, or potential existence, of a risk; it is
necessary to plan a response to minimize risk and its impact on the project. In this lesson, students apply
strategies in responding to project risks, and develop contingencies for minimizing impact of a realized
risk, using the step-by-step procedure.
The step-by-step learning style utilizes a “building block” approach for presenting concepts in a step-by-
step procedural learning style. This approach is particularly appropriate and used in this lesson for the
task-oriented areas that have clear step-by step procedures involved in them.
Section Objectives
• Describe the factors affecting the choice of strategies chosen to respond to risks
• Determine appropriate response strategies for identified risks
• Apply a graded approach in the development or risk responses
• Evaluate risk responses and contingency plans against the project baseline
• Apply risk response techniques and tools to the course project
Risk Response Planning
Risk Management Qualitative Risk Risk Response

Planning Analysis Planning
Core Facilitating Facilitating
Risk Identification Quantitative Risk Risk Monitoring &

Analysis Control
Facilitating Facilitating Facilitating
Project Planning Phase Project Control Phase
Risk Response Planning is the natural successor to the processes of identifying and analyzing risks.
Knowledge without a plan of action may have the same result as ignorance of the risk. It is a common
pitfall for a team to perform a risk analysis, but then fail to plan a response, due to lack of diligence. A
second pitfall is that project team members fail to conceive effective response actions. The team may lack
the creativity or experience to devise actions that are practical, efficient, and perhaps credible.
Risk Response Planning
Definition: Risk Response Planning

Risk response planning is the process of developing options and determining actions to enhance
opportunities and reduce threats to the project’s objectives. It includes the identification and
assignment of individuals or parties to take responsibility for each agreed risk response.

Purpose of Risk Response Planning

The purpose of risk response planning is to ensure the risk response is:
• Appropriate to the severity of the risk

• Cost effective in meeting the challenge
• Timely to be successful
• Realistic within the project context
• Agreed upon by all parties involved
• Owned by a responsible person or party
Proactive Approach to Risk Response

This process involves identifying several response alternatives and evaluating the options that are most
appropriate and effective. The response should be measured, or graded, in accordance with the severity of
the risk. Risk response should strive to be preventive in nature. Risk response planning also includes the
development of a contingency or backup approach.
For the risks naturally encountered in life, such as accidents or illnesses, it is normally most effective to
prevent the undesired event from happening. Rarely do we ignore taking backup action should our
attempts to prevent the risk be unsuccessful. The same is time for responding to project risks.

Section C: Inputs, Tools and Techniques,

and Outputs of Risk Response Planning
Inputs to Risk Response Planning
The primary inputs to risk response planning are:
• Risk Management plan

• List of prioritized risks
• Risk ranking
• Prioritized list of quantified risks
• Probabilistic analysis of the project
• Probability of achieving objectives
• List of potential responses
• Risk thresholds
• Risk owners
• Common risk causes
• Trends in analysis results
Tools and Techniques of Risk Response Planning

The recommended tool and techniques of risk response planning include:
• Avoidance
• Transference
• Mitigation
• Acceptance
Avoidance: Avoidance is the act of changing the project plan to eliminate the risk or to protect the project
objectives from its impact. Project scope, schedule, budget, or quality requirements might be redesigned.
The project manager may arrange with stakeholders to change the intended design to a less risky one (or
perhaps engage a more risky design in expectation of significantly improving the cost, schedule, or quality
performance of the project). It is best to:
• Clarify requirements
• Improve communication
• Acquire expertise
Some examples of avoidance are listed below:
• Reduce scope to avoid high-risk activities

• Add resources or time
• Adopt a familiar approach
• Use familiar resources
• Hire an expert
Transference: Transference is the act of shifting the consequence and responsibility of a risk to another
party. It is not always clear that the project team is relieved of the responsibility for the risk but, in effect,
transference is a strategy to give the task, and its inherent risk, to another party. It is important to
remember that transference does not eliminate the risk.

Transference Using Contracts

Contractual agreements can be written to ensure a documented agreement that the task, and its risks are
accountable to the third party. It is also important to note that transference usually involves a cost to
transfer the liability. You may want to use a contract for specified risks such weather, or other acts of God
such as earthquakes and war.
Transferring liability is effective for financial risk. This usually involves paying a fee to the party taking on
the risk and may be fixed price or cost reimbursement. Types of fees include:
• Insurance
• Performance bonds
• Guarantees
Mitigation: Mitigation is the most commonly understood strategy. It attempts to prevent the risk by
reducing its probability and consequence of risk to an acceptable level. A strategy using mitigation also
has contingency plan in place to limit the impact to the project should preventative measures fail. If
reducing risk is not possible, the risk impact is addressed by targeting linkages that determine the
severity of the risk. Some examples of mitigation include:
• Developing a prototype
• Considering an alternative path
• Adopting less complex processes
• Conducting more engineering tests
• Selecting a more reliable seller
• Changing conditions to reduce the probability of the risk occurring
• Selecting better vendors
Acceptance: Acceptance is a conscious decision to allow the impact of the risk to occur if the risk is
realized. This might be chosen if the costs of mitigation, transference, or avoidance are too high in
proportion to the cost of the risk or no other suitable response strategy available. Acceptance means team
knows the risks exist, and are aware of the consequences and are willing to wait and see what happens.
There are two types of acceptance: Active and Passive.

• Active acceptance – developing a contingency plan to deal with identified risks that arise during the
project
1. Contingency plan
2. Contingency allowance or reserve
• Passive acceptance – dealing with risks as they occur
Inputs: Can We Answer the Questions?

Some questions to think about:
• What approach and rules have we agreed to follow as part of our risk management plan?
• What risks have we identified and ranked?
• Are the prioritized risks based on quantitative analysis?
• Do we have probabilistic analysis of the project and its time and cost objectives?
• Who will be owning the risk responses?
• Are several risks driven by a single cause?
Suggested Mitigation Strategies
The suggested mitigation strategies are as follows:

• Schedule mitigation strategies
• Cost mitigation strategies
• Technical mitigation strategies
Schedule Mitigation Strategies

• Include the duration of technical abatement plans in the schedule baseline and negotiate additional
schedule relief
• Use team reviews, at the work package level, to validate estimates
• Clarify definition of tasks, milestones, and deliverables
• Use a change control board to implement formal schedule freezes and schedule change processes
• Schedule critical resources and technology within acceptable windows
• Write definitions for periodic vendor reviews into the purchase contract
• Ensure vendors use scheduling/monitoring tools; include vendors as part of scheduling/design/IPD
teams
• Evaluate serial vs. parallel tasking of WBS elements; add resources to tasks
• Minimize development activities in hostile environments (political, business, weather)
Cost Mitigation Strategies
• Include cost of schedule and technical abatement plans in budget baseline

• Validate budget by use of team reviews of bottom-up estimates
• Define a clear statement of work (SOW)
• Get commitments that control or stabilize cost benefit assumptions
• Decrease technical scope
• Provide technical tools to increase productivity
• Reduce and manage costs via earned value management methods
• Conduct periodic performance reviews
Technical Mitigation Strategies

• Clarify / strengthen technical requirements; decrease / narrow technical requirements
• Negotiate variances to acceptance criteria
• Design-in margin
• Identify limitations early in the design process
• Allocate work based on skill, or train personnel in new or unfamiliar technologies
• Involve suppliers in the design process
• Conduct reducibility studies early
• Increase technical standards, procedures, and methods; conduct process training
• Redesign or simplify the technical solution
• Conduct concept reviews and internal design reviews
• Implement a phased approach to the technical solution with in-process reviews by experts
• Build prototypes; apply performance modeling, simulation, and analysis
• Implement a technical freeze and technical change process
• Analyze, allocate, and freeze tolerances
• Tie payment milestones to technical reviews

Suggested Risk Management and Mitigation Strategies

Project Activity Contributing to Risk Management and Mitigation Strategy
High or medium risks with low probability to Accept risk and document basis
low consequence where the team feels no
special mitigation is required (e.g., not cost
effective)
Testing will not provide sufficient information Formal Design Review

to verify design criteria
Use of new technology or new application of Formal Design Review

existing technology Prototype Testing
Value Engineering
Technology has been modernized such that a Functional testing of equipments

like equipment replacement is not feasible Analytical modeling
Operating adjustments
Formal Design Review
Unusually complex design Formal Design Review

Value Engineering
Functional testing of systems
A new design and / or any non reviewed Formal Design Review

safety question
Significant personnel exposure to hazards Formal Design Review

potential;
Code used as the design criteria for safety Formal Design Review
class structure, system and component
Project schedule uncertainties or restraints Additional resources

that may impact project milestones Overtime
Subcontracting work to others
Financial incentives to vendors /
subcontractors
Multiple shifts
Facility outage required for project Integrated program and project schedule
implementation with additional milestones

Using a Graded Approach in Determining Risk Response

Strategies
More
High risk:
Most rigorous controls
Controls Moderate risk:

Moderate controls
Low risk:
Minimum controls
Less
Less Risk More
Low and Medium Risks

The way to ensure the identified risks are properly addressed is to use a graded approach. In most cases,
sound application of project management control principles and practices are sufficient to manage and
mitigate low and medium risks.
Grading the application of project control tools is very effective in dealing with most low and medium
risks. This simply means choosing a less rigorous application of cost, schedule, performance, and
reporting techniques.
If the risk analysis process yields no high-risk areas, a rigorous management plan is not warranted.
However, the results of the process should be attached to the project planning documentation.
Project schedule uncertainties or restraints that may impact project milestones
High Risks
For high risks and some medium risks, the development of a risk management or mitigation strategy is
highly recommended.
It is not always possible to develop a risk mitigation strategy for every risk. In these cases, it is best to
simply accept and document the risk. It may be more cost effective to concentrate management attention
on the mitigation of other medium risks that can be controlled.
Larger risks deserve much greater expenditure of effort and control. Practical experience shows that this
is a pitfall for teams. They may identify risks but never develop appropriate action plans. A good plan
should strive to prevent or reduce the risk, but address the backup plan that may be necessary if
prevention does not work. The plan should demonstrate good leverage - what the team spends to mitigate
the risk should yield a proper return for the investment into managing the risk. Avoid spending more than
the risk is worth. Give the plan a critical review:
• What is appropriate?
• Is it practical?
• Is it likely to produce the desired result?
The project manager needs a strategy to deal with all the risks on the project. The process begins by
identifying and analyzing each risk in order to understand it in terms of probability and impact. The best
strategy is to deal with each variable of probability and impact in an independent manner.

First, project managers should focus on dealing with the probability of a given risk by striving to reduce
that probability to as small a value as possible. This, intuitively, can be termed prevention. Next, in spite of
preventive measures taken, the team cannot prevent the risk, the response plan must include a
contingency, designed to reduce the impact value to be as small as possible. The goal for any risk
response plan should be to address both variables of this model.
Given a framework for planning the response, where do those ideas come from? Project managers can
utilize the familiar techniques of brainstorming, experience, and lessons learned. The collective
experience of senior management and staff members on other projects in the organization is a valuable
resource. If the project manager lacks experience or expertise in a specific area, hiring a consultant may
be helpful. The cost should yield many times its worth in risk reduction.
Application of a Graded Approach

From risk analysis, the team should have a collection of prioritized risk. This will allow the team to select
response strategies appropriate to the risk ranking. Lower priority risks should be considered first so the
team can make a quick decision on how to deal with them, or whether to deal with them at all.
Medium and low risks might be controlled through the application of good project management
disciplines. Project managers may have spent significant time developing a detailed work breakdown
structure, project schedule, change control system, or communications plan, but all of these elements
will be impacted by risk. Diligence with these project management practices up front may suffice to keep
these risks under control. These practices are recommended for use on all projects. Just because a
project may seem to have low risks, they should not be discarded. Remember to apply these tools in a
graded fashion. Some tools are considered minimum, with no exception as to how they are applied,
because they are sound management practice, not specific to a type of risk.
Factors Affecting Choice of Control Techniques

When choosing the level of application of each technique, a project manager must consider the value of
the control provided against the cost of providing it. The factors to be considered are:
• Degree of detail provided at the level needed to obtain the desired status or performance information.
Example - Due to an identified project risk potential, schedules may be at a lower level than spend
plans.
• Frequency of the feedback is the periodicity of needed information about project status or
performance.
Example - Status/performance cutoff points can range from real time measures to weekly, monthly,
quarterly, annual, or at completion.
• Accuracy of the feedback is the accuracy of the measurement required to provide the desired status or
performance information.
Example - Is it more desirable to receive actual cost data showing approximate costs (plus or minus
1-5 percent) with 2-3 days of accounting closeout or 100 percent accurate data 2 months after the
fact?
• Timeliness of the feedback is a measure of how soon the data is desired in order to support decision-
making.
Example - In the example above, is 2-3 days more important to support decisions or is 2 months
acceptable?
• Formality of the feedback is a reference to the level of management attention (signature authority)
required to obtain the information.
Example - What type of records must be maintained of the information and whether information must
be provided in writing or verbally communicated.
• Costs of producing the information/feedback is a function of how much it costs to produce and use the
data.
Example - Generally, the more frequently the information is provided, the greater the detail, the more
accurate the information, the more timely the feedback, and the greater the cost.

Benefits of Balancing Controls

There are several benefits when controls are balanced with risk:
• Appropriate information for effective management

• Focused management on risk issues
• Cost effective tool selection
Benefits of Balancing Controls with Risk

The first benefit of balancing techniques with risk is that it provides targeted information needed to
manage the project, rather than a large amount of unnecessary data. Most project managers find
themselves in a “data rich, analysis poor” environment. Many reports are available that provide a
tremendous amount of data but no real information to effectively manage risk management decisions.
Information is needed to support decision-making in a timely manner, and this information should be
focused in areas with significant risk potential.
Proper tool selection focuses controls and management on risk issues that could significantly affect the
project. This allows the project manager to provide appropriate feedback in these areas. Effective and
appropriate selection of tools provides the greatest cost benefit for every project dollar spent on control
tools. While project control is not necessarily a significant project cost, it is an area where efficiencies can
be realized through effective selection of techniques. Streamlining control tools can reduce cost be
minimizing unnecessary data collection and reporting.

Minimum techniques
For each project control area, there are certain minimum requirements that are suggested to assist in
managing project risk. Additional techniques or a more rigorous application of the techniques are added
based on their utility in managing risk. Suggested techniques are:
Item Description
Defined technical objectives based on functional

Technical element and work scope and / or physical requirements; defined tasks are
definition necessary to accomplish the technical objectives;
and a WBS
Roles and responsibilities Identified project manager
A project master schedule with identified company

controlled milestones; milestones completion
Schedule element
criteria and dictionary; documented assumptions;
schedule contingency
Traceable to the work scope definition;

Cost estimating documented estimate bases and assumptions;
cost contingency
Traceable to the cost estimate; time phased spend

Cost element
plan
Periodic project status review; identified

Performance analysis reporting performance analysis parameters; data
specification and report frequency
Funds management Commitment plan
Cost collection consistent with time phased cost

Accounting
plan and cost accounting standards
Work authorization Formal work authorization process / procedures
Defined thresholds and authority for baseline

Change management
changes
Outputs from Risk Response Planning

Outputs from risk response planning include:
• Risk response plan

• Residual risks and secondary risks
• Contractual agreements
• Contingency reserve amounts needed
• Inputs to other processes
• Inputs to revised project plan
Risk Response Plan: the risk response plan is the primary output of this process. It differs significantly
from the risk management plan because it lists specific risks and targeted responses for a risk. The risk
management plan is a general methodology in managing risks. The risk response plan outlines identified
risks, responses, and contingencies for the risks, risk ownership and responsibilities, and residual and
secondary risks arising from risk responses.

Risk response plans vary according to company policies, standards, and forms. Risk response plans also
vary depending on the types or risks identified. However, a risk response plan generally contains:
• Identified risk, its description including the area of the project it affects
• Risk owners and assigned responsibilities
• Results from the qualitative and quantitative risk analysis processes
• Agreed responses
• Level of residual risk
• Budgeted and times responses
• Contingency plans
• List of residual risks – Risks remaining after avoidance, transfer, or mitigation responses have been
taken, Minor risks that have been accepted or addressed
• Secondary risks – Risks that arise as a result of implementing a risk response are identified and have
responses planned
• Contractual agreements – Specified responsibilities of the contracted policy for risks pertaining to
their area of responsibility
Residual and Secondary Risks: residual risks are those risks that may surface as project performance is
measured, or those risks that have been accepted and addressed (risks without mitigation strategies). It is
critical to reevaluate or reanalyze these risks using the cycle of the six risk processes. This process is on
going throughout the life of the project.
Secondary risks are those risks that result from implementing a risk response.
Each risk has a statement of:
• The individuals responsible for taking action

• The action plan, and the budget for such actions
• Additional information that may aid in measuring the progress of the risk
After creating the response plan, the risk database or register is updated to reflect the new information
(that can legitimately reduce the probability or the impact). Over time, with response plans being
executed, the risk impact should be minimized, or the probability of occurrence should be controlled. A
project risk should continually improve as response actions are completed.
Many risks are never entirely prevented; residual risks may remain in place of the original risk, or
secondary risk, which have been caused, or recognized, in the response. None of these should be ignored,
although the threshold for these risks may be more tolerant.
Another potential output from this process is a revision to the overall project. The project plan must be
updated to reflect risk response planning. Most likely, the project manager will be reallocating budget
funds from other tasks and adding new schedule events to be managed. The project manager may also
expand the use of procured services or contractual agreements to formally acknowledge risks and either
limit them or transfer liability for some of them.
Contractual Agreements: Contractual agreements may be entered into to specify each party’s
responsibility for specified risks, should they occur, and for insurance services and other items as
appropriate to avoid or mitigate risk. As a project manager, it is important for you to know who is talking
the most risk in a fixed-price contract, the buyer or seller. You should also know this when you dealing
with a cost-plus contract.
Contingency Reserve Amounts Needed: Contingency plans are predetermined actions that the project
team will take if the risk occurs. Part of the planning is to include a contingency reserve, or a specified
dollar amount, in the overall budget, the cost estimate, and in the project baseline. Sometimes this is
called “known unknowns”. The contingency reserve fund can be used to mitigate cost or schedule risk, if
changes in the scope or quality occur. For example, if the project begins to fall behind schedule due to a
lack of skilled workers, funds could be allocated to hire a consultant/contractor to provide training to the
staff. Fail back plans are alternative strategies that can be implemented should a high risk be realized or
planned risk reduction efforts are failing.
While the entire project may have an overall risk response plan, it is important to understand that the
previously developed plan is an overall methodology. It is reconsidered during risk response planning to
document details for responding to each specific risk.
Definition: Contingency Reserve

The amount of money or time needed above the estimate to reduce the risk of overruns of project
objectives to a level acceptable to the organization.
Probabilistic analysis and identified risk thresholds help the project manager determine the amount of
buffer or contingency needed to reduce the risk of overruns of project objectives to an acceptable level.
Inputs to Other Processes: Most responses to risk involve expenditures of additional time, cost,
resources, and lead to changes in the project plan. Organizations require assurance that spending is
justified for the level of risk reduction. Alternative strategies must be fed back into the appropriate
processes in other knowledge areas.
Reserve Management vs. Contingency Reserve

These two reserve types are often confused with each other, sometimes lumped under the common
reference of “contingency reserve”. Experience tells a project manager that unforeseen events occur,
sometimes impossible to plan for, that could affect the cost or schedule performance of the project. These
may include the “normal risks” retained that were not prioritized as high-risk events.
To offset this, there is management reserve. Contingency reserve is for the “known unknowns,” usually in
terms of money or time, to support contingency plans. For example, the price of fuel or the availability of a
resource may not be known, but must be planned into the project budget or schedule. Contingency is often
calculated as a percentage of the total project cost.
Reserve management is a management tool used to:
• Deal with “unknown unknowns”

• Counteract unforeseen events within defined scope
An example of reserve management is retained normal risks.
Contingency is used to:
• Deal with “known unknowns”

• Plan for risk events
Contingency should not be used to compensate for poor planning nor should it be used for major events or
changes in scope.

Manual 3-Project Risk Management-Book 3

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manual 3-Project Risk Management-Book 3

Uploaded by

Copyright:

Available Formats

Manual 3

Project Risk Management

Section B: Risk Management Team 7

Topic 2: Risk Management Planning 8

Section B: An Overview of risk Management Planning 12

Topic 3: Risk Response Planning 21

Book 3 of 4: Identifying, Monitoring and Controlling Page 2 of 36

Section B: An Overview of Risk Response Planning 25

Book 3 of 4: Identifying, Monitoring and Controlling Page 3 of 36

Topic 1: Risk Management

Project Risk Management

Risk Management Process Group

Book 3 of 4: Identifying, Monitoring and Controlling Page 4 of 36

Fundamental Principles of Risk Management

• Fundamental Principles 1: Determine Proportionate Expenditure

• Fundamental Principles 1: Determine Proportionate Expenditure

• Fundamental Principle 2: Use a Pragmatic Approach

To summarize the pragmatic approach:

• Differentiate between high and medium risks

• Fundamental Principle 3: Apply a Graded Approach

Book 3 of 4: Identifying, Monitoring and Controlling Page 5 of 36

• A constant measure to determine the basis for grading

Basis for Grading

• Dollar value associated with the project

Book 3 of 4: Identifying, Monitoring and Controlling Page 6 of 36

Section B: Risk Management Team

• Plan risk management strategies

Book 3 of 4: Identifying, Monitoring and Controlling Page 7 of 36

Topic 2: Risk Management

Inputs Tools & Techniques Outputs

1. Enterprise environmental 1. Planning meetings and 1. Risk management plan

Figure 1 - Risk Management Planning:

Risk Management Planning: Inputs

• Organizational Process Assets

• Project Scope Statement

• Project Management Plan

Book 3 of 4: Identifying, Monitoring and Controlling Page 8 of 36

Risk Management Planning: Tools and Techniques

Risk Management Planning: Outputs

Book 3 of 4: Identifying, Monitoring and Controlling Page 9 of 36

Requirements Subcontractors and Project

Technology Regulatory Resources Planning

Complexity and Market Funding Controlling

Performance and Customer

Figure 2: Example of a Risk Breakdown Structure (RBS)

Book 3 of 4: Identifying, Monitoring and Controlling Page 10 of 36

Defined Conditions for Impact Scales of a Risk on Major Project Objectives

Insignificant cost 10-20% cost 20-40% cost >40% cost

Insignificant time 5-10% time 10-20% time >20% time

Figure 3: Definition of Impact Scales for Four Project Objectives

Book 3 of 4: Identifying, Monitoring and Controlling Page 11 of 36

Section B: An Overview of risk

Risk Management Planning

Definition: Risk Management Planning

Book 3 of 4: Identifying, Monitoring and Controlling Page 12 of 36

Section C: Inputs, Tools and Techniques,

• The organization culture

• Risk prone, seeker, taker

Book 3 of 4: Identifying, Monitoring and Controlling Page 13 of 36

Several influences may determine company risk tolerance such as:

• The economic environment

Tools and Techniques of Risk Management Planning

Planning meetings define:

Book 3 of 4: Identifying, Monitoring and Controlling Page 14 of 36

Written By: ______ Date: