11.1 Plan Risk management
11.1 Plan Risk Management
Inputs | Tools and techniques | Outputs |
---|---|---|
Project management plan | Analytical techniques | Risk management plan |
Project charter | Expert judgment | |
Stakeholder register | Meetings | |
Enterprise environmental factors | ||
Organizational process assets |
Inputs
Project management plan
Project Charter
Stakeholder register
Enterprise Environmental Factors
Organizational Process Assets
Please refer to the common ITTOs
Tools and Techniques
Analytical techniques
Expert judgment
Meetings
Please refer to the common ITTO section
Output
Risk management plan
A document that explains how to identify risks, prioritize them, respond to them and monitor and control them. This document stipulates the conventions for categorizing the identified risks, how risk probability and impacts are scored and how the risk is prioritized based on the PI scores and what type of responses are necessary for risks of what priority.
11.2 Identify risks
11.2 Identify Risks
Inputs | Tools and techniques | Outputs |
---|---|---|
Risk management plan | Document reviews | Risk register |
Cost management plan | Information gathering techniques | |
Schedule management plan | Checklist analysis | |
Quality management plan | Assumptions analysis | |
Human resource management plan | Diagramming techniques | |
Scope baseline | SWOT analysis | |
Activity cost estimates | Expert judgment | |
Activity duration estimates | ||
Stakeholder register | ||
Project documents | ||
Procurement documents | ||
Enterprise environmental factors | ||
Organizational process assets |
Input
Risk management plan
Cost management management plan
Schedule management plan
Quality management plan
Human resource management plan
Scope baseline
Activity cost estimates
Activity duration estimates
Stakeholder register
Project documents
Procurement documents
Enterprise environmental factors
Organizational process assets
Tools and Techniques
Documentation reviews
Information gathering techniques
- Brainstorming – Used for idea generation
- Delphi technique – Anonymity is a key in this technique. The Delphi technique is a way to reach a consensus of experts. Project risk experts participate in this technique anonymously. A facilitator uses a questionnaire to solicit ideas about the important project risks. The responses are summarized and are then recirculated to the experts for further comment. Consensus may be reached in a few rounds of this process.
- Interviewing
- Root cause analysis
Checklist analysis
Risk identification checklists are developed based on historical information and knowledge that has been accumulated from previous similar projects and from other sources of information. The lowest level of the RBS can also be used as a risk checklist.
Assumptions analysis
Every project and its plan is conceived and developed based on a set of hypotheses, scenarios, or assumptions. Assumptions analysis explores the validity of assumptions as they apply to the project. It identifies risks to the project from inaccuracy, instability, inconsistency, or incompleteness of assumptions.
Diagramming techniques
- Cause and effect diagram
- System or process flow charts
- Influence diagrams – These are graphical representations of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes
SWOT Analysis
This technique examines the project from each of the strengths, weaknesses, opportunities, and threats (SWOT) perspectives to increase the breadth of identified risks by including internally generated risks. The technique starts with identification of strengths and weaknesses of the organization, focusing on either the project, organization, or the business area in general. SWOT analysis then identifies any opportunities for the project that arise from organizational strengths, and any threats arising from organizational weaknesses. The analysis also examines the degree to which organizational strengths offset threats, as well as identifying opportunities that may serve to overcome weaknesses.
Expert judgment
Output
Risk register
A document that is progressively filled and contains information about risks. Typically, it contains a list of identified risks, priorities and potential responses.
11.3 Perform qualitative risk analysis
11.3 Perform Qualitative Risk Analysis
Inputs | Tools and techniques | Outputs |
---|---|---|
Risk management plan | Risk probability and impact assessment | Project documents updates |
Scope baseline | Probability and impact matrix | |
Risk register | Risk data quality assessment | |
Enterprise environmental factors | Risk categorization | |
Organizational process assets | Risk urgency assessment | |
Expert judgment |
Input
Risk Management Plan
Scope baseline
Risk register
EEF
OPA
Please refer to previous section and the common ITTO section.
Tools and Techniques
Risk probability and impact assessment
Risks have a probability of occurrence and an impact on project objectives. These have to be assessed in order to prioritize them.
Probability and impact matrix
Risks can be prioritized for further quantitative analysis based on their risk rating which will be based on their scores on probability and impact. This is determined through a probability and impact matrix.
Risk data quality assessment
Risk data quality assessment is a technique to evaluate the degree to which the data about risks is useful for risk management. It involves examining the degree to which the risk is understood and the accuracy, quality, reliability, and integrity of the data about the risk.
Risk categorization
Risks to the project can be categorized by sources of risk (e.g., using the RBS), the area of the project affected (e.g., using the WBS), or other useful categories (e.g., project phase) to determine the areas of the project most exposed to the effects of uncertainty.
Risk urgency assessment
Risks requiring near-term responses may be considered more urgent to address. Indicators of priority may include probability of detecting the risk, time to affect a risk response, symptoms and warning signs, and the risk rating.
Expert judgment
Output
Project Document Updates
Please refer the common ITTOs
11.4 Perform quantitative risk analysis
11.4 Perform Quantitative Risk Analysis
Inputs | Tools and techniques | Outputs |
---|---|---|
Risk management plan | Data gathering and representation techniques | Project documents updates |
Cost management plan | Quantitative risk analysis and modeling techniques | |
Schedule management plan | Expert judgment | |
Risk register | ||
Enterprise environmental factors | ||
Organizational process assets |
Input
Risk management plan
Cost management plan
Schedule management plan
Risk register
EEF
OPA
Please refer to the common ITTO section
Tools and Techniques
Data gathering and representation techniques
Data has to be gatered about risks in order to carry out a quantitative analysis. Some of the techniques are Interviewing to draw from historical information about probability and impact, Probability distributions through simulation modeling.
Quantitative risk analysis and modeling techniques
- Sensitivity analysis represented using Tornado diagrams
- Expected monetary value analysis represented using decision trees
- Modeling and simulation techniques such as Monte Carlo analysis
Expert Judgment
Please refer to the common ITTO section
Outputs
Project Document Updates
The risk register is updated with the risk quantitative information.
11.5 Plan risk responses
11.5 Plan Risk Responses
Inputs | Tools and techniques | Outputs |
---|---|---|
Risk management plan | Strategies for negative risks or threats | Project management plan updates |
Risk register | Strategies for positive risks or opportunities | Project documents updates |
Contingent response strategies | ||
Expert judgment |
Input
Risk Management Plan
Risk register
Tools and Techniques
Strategies for negative risks or threats
- Avoid – Risk avoidance is a risk response strategy whereby the project team acts to eliminate the threat or protect the project from its impact.
- Transfer – Risk transference is a risk response strategy whereby the project team shifts the impact of a threat to a third party, together with ownership of the response.
- Mitigate – Risk mitigation is a risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk.
- Accept – Risk acceptance is a risk response strategy whereby the project team decides to acknowledge the risk and not take any action unless the risk occurs. Passive acceptance involves just documenting the risk and plan a response when the risk occurs while active acceptance involves keeping aside some contingency reserves to deal with this risk.
Strategies for positive risks or opportunities
- Exploit – The exploit strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. This strategy seeks to eliminate the uncertainty associated with a particular upside risk by ensuring the opportunity definitely happens.
- Enhance – The enhance strategy is used to increase the probability and/or the positive impacts of an opportunity. Identifying and maximizing key drivers of these positive-impact risks may increase the probability of their occurrence.
- Share – Sharing a positive risk involves allocating some or all of the ownership of the opportunity to a third party who is best able to capture the opportunity for the benefit of the project.
- Accept – Accepting an opportunity is being willing to take advantage of the opportunity if it arises, but not actively pursuing it.
Contingent response strategies
Some responses are designed for use only if certain events occur. For some risks, it is appropriate for the project team to make a response plan that will only be executed under certain predefined conditions, if it is believed that there will be sufficient warning to implement the plan
Expert judgment
Please refer to previous sections and common ITTOs
Output
Project management plan updates
Schedule, cost, quality, procurement, HR management plans and scope, schedule, cost baselines are all updated based on the risk responses.
Project document updates
Assumptions logs, technical documents etc. are updated.
11.6 Implement risk responses
Input
Project Management Plan
Project Documents
- Risk register
OPAs
Please refer to previous sections and common ITTOs
Tools and Techniques
Expert judgment
Interpersonal and team skills
Project management information systems
Outputs
Change requests
Project Document Updates
11.7 Monitor risks
11.6 Control Risks
Inputs | Tools and techniques | Outputs |
---|---|---|
Risk management plan | Risk reassessment | Work performance information |
Risk register | Risk audits | Change requests |
Work performance data | Variance and trend analysis | Project management plan updates |
Work performance reports | Technical performance measurement | Project documents updates |
Reserve analysis | Organizational process assets updates | |
Meetings |
Input
Project Management Plan
Risk register
Work performance data
Work performance reports
Please refer to previous sections and common ITTOs
Tools and Techniques
Risk reassessment
Control Risks often results in identification of new risks, reassessment of current risks, and the closing of risks that are outdated.
Risk audits
Risk audits examine and document the effectiveness of risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.
Variance and trend analysis
Analysis of variance between the baseline and actual performance.
Technical performance measurement
Technical performance measurement compares technical accomplishments during project execution to the schedule of technical achievement. For instance, measurement of SPI and CPI.
Reserve analysis
Throughout execution of the project, some risks may occur with positive or negative impacts on budget or schedule contingency reserves. Reserve analysis compares the amount of the contingency reserves remaining to the amount of risk remaining at any time in the project in order to determine if the remaining reserve is adequate.
Meetings
Outputs
Work performance information
Change requests
Project management plan updates
Project Document Updates
OPA updates
Please refer to previous sections and common ITTOs
——————————- End of document ——————————