Project Management

Professional
Risk Management

Eugene Nguyen, PMP, PMI-ACP

Concept
What is risk?

• Risk • Issue
• Is an uncertain event or condition that, if it • When a risk happens, then it may be called an
occurs, has an effect on at least one of the event or issue.
project objectives.
• If a person develops cancer, it is no longer a
• Uncertainty and associated risks are always risk, but a health issue. Now the uncertainty
on FUTURE. became certain.

• There is 25% chance that a person may

develop cancer. It is an uncertain event
Risk
and a risk. trigger
Issues

2 months ago

Risks
• Risk Trigger: An indication that
a risk has occurred or is about to occur.

Eugene Nguyen, PMP, PMI-ACP

Concept

• Risk attributes
• 1. Probability
• The probability of it occurring can range
anywhere from just above 0 %to just
below 100 %.

• Note: it can't be exactly 100 percent,

because then it would be a certainty, not a
risk. And it can't be exactly 0 percent, or it
wouldn't be a risk.)

• 2. Impact
• The size of the impact varies in terms of
cost and impact on health, human life, or
some other critical factor

Eugene Nguyen, PMP, PMI-ACP

Concept
Individual Risk vs Overall Risk

• Individual risk • Overall project risk

• Individual project risk is an uncertain event or • Overall project risk is the effect of uncertainty
condition that, if it occurs, has a positive or on the project as a whole, arising from all
negative effect on one or more project sources of uncertainty including individual
objectives. risks, both positive and negative.

• What are the risks in my project? • How risky is my project?

• Specific risks within the project • The overall riskiness of the project
• Recorded in a Risk Register or similar • Result in project selection and Risk Reports
document.
• From the project sponsor’s perspective
• From the project manager’s perspective
• During the pre-project or concept phase
• Mostly during the remainder of the project
lifecycle

Eugene Nguyen, PMP, PMI-ACP

Concept
Known or Un-known?

• Known Risks • Un-Known Risks

• Project management team is aware of this • Project management team is unaware of this
risks and can be analyzed. Also called known risks and cannot be analyzed. Also called
unknowns risks. unknown unknowns risks.

• Ex: The new food developed contains gluten • Ex: Heavy rain and tornado in Baltimore
and result in claims related to gluten allergy delayed shipment of cooling tower. (Unknown
(Known risk). risk)

Eugene Nguyen, PMP, PMI-ACP

Concept

• Negative Risks or Threats • Positive Risks or Opportunities

• If occurs will negatively affect objectives • If occurs will positively affect objectives

Eugene Nguyen, PMP, PMI-ACP

Concept
Why Project Risk Management?

• Decrease the probability and/or impact of • Increase the probability and/or impact of positive
negative risks

Eugene Nguyen, PMP, PMI-ACP

Project Risk Management

Monitoring &
Initiating Planning Executing Closing
Controlling
1. Plan Risk 6. Implement Risk 7. Monitor Risks
Management Response
2. Identify Risks
3. Perform Qualitative
Risk Analysis
4. Perform Quantitative
Risk Analysis
5. Plan Risk
Responses

Eugene Nguyen, PMP, PMI-ACP

I. Plan Risk Management

• What?
• The process of defining how to conduct risk How to manage
project risks?
management activities for a project.

• Why?
• It ensures that the degree, type, and visibility
of risk management are proportionate to both
risks and the importance of the project to the
organization and other stakeholders.

• When?
• Once or at predefined points in the project.

Eugene Nguyen, PMP, PMI-ACP

I. Plan Risk Management
Tools and Techniques

• 1. Stakeholder analysis
• This is useful in determining stakeholders’ roles and responsibilities for managing risk on the project,
as well as their risk attitudes .

• A person can be both risk averse and risk seeking at different times.

Risk Averse Risk Neutral Risk Seeker Risk Tolerant

Uncomfortable with Embraces risks for Look at risks as a Don’t worry too
uncertainty future payoff challenge much about risk
Eugene Nguyen, PMP, PMI-ACP
I. Plan Risk Management
Tools and Techniques

• 1. Stakeholder analysis Best outcomes

Performance
if “good thing”
• To determine the risk appetite of project happens
stakeholders, as well as setting risk
thresholds for the project.
Risk universe
• Risk appetite: the amount and type of
risk an organization is willing to accept in Risk tolerance
pursuit of its business objectives.
Risk appetite
• Risk tolerance: the specific maximum risk Target performance
that an organization is willing to take
regarding each relevant risk.

• Risk threshold: specific point at which

risk become unacceptable Worst outcomes Time
if “bad thing”
happens

Eugene Nguyen, PMP, PMI-ACP

I. Plan Risk Management
Tools and Techniques

• Definitions of risk probability and impacts

• Definition of Probability and Impact matrix

Eugene Nguyen, PMP, PMI-ACP

I. Plan Risk Management
Tools and Techniques

• 2. Expert judgment
• Expertise should be considered from
individuals or groups with specialized
knowledge in the risk management topics

• 3. Meetings
• The risk management plan may be developed
as part of the project kick-off meeting or a
specific planning meeting may be held.

• Attendees may include the project manager,

project team members, key stakeholders, or
customers who are responsible to manage
the risk management process on the project.

Eugene Nguyen, PMP, PMI-ACP

I. Plan Risk Management
Output

• 1. Risk management plan

• The risk management plan is a component of
the project management plan that describes
how risk management activities will be
structured and performed.

• The risk management plan may include some

or all of the following elements

Eugene Nguyen, PMP, PMI-ACP

I. Plan Risk Management
Input

• 1. Project charter • 4. Enterprise environmental factors

• The high level project description and boundaries, • Overall risk thresholds set by the organization
• High level requirements, and risks. or key stakeholders.

• 2. Project management plan • 5. Organizational process assets

• All approved subsidiary management plans : the • Organizational risk policy;
methodology outlined in other project management
plan components might influence the plan risk • Risk categories, possibly organized into a risk
management process. breakdown structure;
• 3. Project documents • Common definitions of risk concepts and
terms;
• Stakeholder register:
• Overview of their project roles and responsibility • Risk statement formats
• Their attitude toward risk on this project.

Eugene Nguyen, PMP, PMI-ACP

I. Plan Risk Management

Inputs Tools and Techniques Output

1. Project charter 1. Stakeholder analysis 1. Risk management plan

2. Project management plan 2. Expert judgment
3. Project documents 3. Meetings
4. Enterprise environmental factors
5. Organizational process assets

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk

• What?
• Determining which risks are likely to affect a
project and documenting the characteristics
of each.

• Why?
• Helps project team to understand project
risks so they can respond appropriately.

• When?
• Iteratively throughout the project

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk

• How?
• Overall Risk

Political
Strength Weakness
Environmental Economic

SWOT PESTLE

Legal Social

Opportunities Threats Technological

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk

• How?
• Individual project risk
• All project stakeholders should be encouraged to identify individual project risks.

Development
Concept Phase Phase Transition Phase

WBS
Category 1
RBS

Category 2
Deliverable Deliverable Deliverable
Category 3 1 2 3

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk

• Risk statement
• When describing and recording individual • Each individual project risk is given a unique
project risks, a consistent format should be identifier in the risk register.
used for risk statements to distinguish risks
from their cause(s) and their effect(s), to • Additional data may be recorded for each
ensure that each risk is understood clearly identified risk, depending on the risk register
and unambiguously. format specified in the risk management plan.

• Example of a structured risk statement may • Identified risks are described in as much detail as
be used: required to ensure unambiguous understanding.

• [Possibility that has an effect on objectives/

deliverables] caused by [cause] resulting
in[consequence]

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk
Tools and Techniques

• 1. Prompt lists • Overall project risks:

• A prompt list is a predetermined list of risk • SWOT (Strength, Weakness, Opportunities,
categories that might give rise to individual Threats)
project risks and that could also act as
sources of overall project risk. • PESTLE (Political, Economic, Social,
Technological, Legal, Environmental)
• The prompt list can be used as a framework • TECOP (Technical, Environmental, Commercial,
to aid the project team in idea generation Operational, Political), or
when using risk identification techniques.
• VUCA (Volatility, Uncertainty, Complexity,
• The categories in the lowest level of the RBS Ambiguity).
or WBS can be used as a prompt list for
individual project risks. • Individual project risks:
• WBS (Work Breakdown Structure)
• RBS (Risk Breakdown Structure)
Eugene Nguyen, PMP, PMI-ACP
II. Identify Risk
Tools and Techniques

• 2. Checklists
• Risk checklists are developed based on
historical information and knowledge that has
been accumulated from similar projects and
from other sources of information. It is often
used as a reminder.

• The organization may maintain its own risk

checklist or may use generic risk checklists
from the industry.

• While a checklist may be quick and simple to

use, it is impossible to build an exhaustive
one, and care should be taken to ensure the
checklist is not used to avoid the effort of
proper risk identification.

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk
Tools and Techniques

• 3. Document analysis • 4. Assumptions analysis

• The project management plan, project • Assumption analysis is the process of
documents, other project files, contracts, examining the assumptions to see what risk
agreements and technical documentation may stem from false assumptions.
should be reviewed.
• 5. Root cause analysis
• Constraints and assumptions should be
reviewed, considered, and analyzed for risks. • Is a specific technique to identify a problem,
discover the underlying causes that lead to it,
• Uncertainty or ambiguity in project and develop a preventive action
documents, as well as inconsistencies within
a document or between different documents,
may be indicators of risk on the project

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk
Tools and Techniques

• 6. Meetings • 7. Facilitation
• Risk workshop • A skilled facilitator can help participants
remain focused on the risk identification task,
• Most risk workshops include some form of follow the techniques accurately, ensure clear
brainstorming, but other risk identification risk descriptions, identify and overcome
techniques may be included sources of bias, and resolve any
disagreements that may arise.
• Use of a skilled facilitator will increase the
effectiveness of the meeting.

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk
Tools and Techniques

• 8. Brainstorming • 9. Interviews
• The goal of brainstorming is to obtain a • Individual project risks and sources of overall
comprehensive list of individual project risks project risk can be identified by interviewing
and sources of overall project risk. experienced project participants,
stakeholders, and subject matter experts.
• Particular attention should be paid to
ensuring that risks identified through • Interviews should be conducted in an
brainstorming are clearly described, since the environment of trust and confidentiality to
technique can result in ideas that are not fully encourage honest and unbiased contributions.
formed.

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk
Output

• 1. Risk report
• May include but is not limited to:
• Sources of overall project risk, indicating
which are the most important drivers of
overall project risk exposure; and

• Summary information on identified

individual project risks, such as number
of identified threats and opportunities,
distribution of risks across risk categories,
metrics and trends, etc.

• Additional information may be included in

the risk report, depending on the reporting
requirements specified in the risk
management plan.

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk
Output

• 2. Risk Register • Potential risk owner

• The risk register may contain limited or • This will be confirmed during the Perform
extensive risk information depending on Qualitative Risk Analysis process
project variables such as size and complexity.
• Potential risk response
• On completion of the Identify Risks process,
the content of the risk register may include • This will be confirmed during the Plan Risk
but is not limited to: Responses process

• Identified risks.
• Potential risk owners..
• Potential risk responses.
• Risk Register will get detailed and updated
through other processes in Risk.

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk
Output

• 2. Risk Register • 3. Project documents updates

• Risk register information may include:
• Assumption log. new assumptions may be
• Unique identifier made, new constraints may be identified, and
existing assumptions or constraints may be
• A short risk title, revisited and changed.
• Risk category,
• Issue log. new issues uncovered or changes in
• Current risk status, currently logged issues.
• One or more causes,
• Lessons learned register. techniques that were
• One or more effects on objectives, effective in identifying risks to improve
• Risk triggers performance in later phases or other projects.
• WBS reference of affected activities,
• Timing information
• Contingent reserve

Eugene Nguyen, PMP, PMI-ACP

II. Identify Risk
Input

• 1. Project management plan • Schedule management plan.

• Risk management plan. • Cost management plan.

• Quality management plan.
• Risk-related roles and responsibilities,
• Resource management plan.
• How risk management activities are included • Scope baseline.
in the budget and schedule, and describes
categories of risk, which may be expressed • Deliverables and criteria for their acceptance,
as a risk breakdown structure
• WBS, which can be used as a framework to
structure risk identification techniques.
• Requirements management plan.
• Schedule baseline.
• Project objectives that are particularly at risk.
• Milestones and deliverable due dates.
• Cost baseline.
• Costs or funding requirements
Eugene Nguyen, PMP, PMI-ACP
II. Identify Risk
Input

• 3. Agreements • 5. Enterprise environmental factors

• Milestone dates, contract type, acceptance • Published material, including commercial risk
criteria, and awards and penalties that can databases or checklists,
present threats or opportunities.
• Academic studies,
• 4. Procurement documentation • Benchmarking results, and
• As the procurement documentation is • Industry studies of similar projects.
updated throughout the project, the most up
to date documentation can be reviewed for • 6. Organizational process assets
risks.
• Project files, including actual data,
• For example, seller performance reports, • Organizational and project process controls,
approved change requests and information
on inspections. • Risk statement formats, and
• Checklists from previous similar projects.
Eugene Nguyen, PMP, PMI-ACP
II. Identify Risk

Inputs Tools and Techniques Output

1. Project management plan 1. Prompt list 1. Risk report

2. Project documents 2. Risk checklist 2. Risk register
3. Agreement 3. Document analysis 3. Project document updates
4. Procurement documentation 4. Assumption analysis
5. Enterprise environmental factors 5. Root cause analysis
6. Organizational process assets 6. Meetings
- Risk workshop
7. Facilitation and team skills
8. Brainstorming
9. Interview

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis

• What?
• The process of prioritizing individual project
risks for further analysis or action

• Why?
• It may not be feasible or necessary for
organizations to put same efforts for all risks
identified. We need to prioritize where to
concentrate at a given time.

• When?
• Regularly throughout the project

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis

• How?
• Assesses the priority of identified individual
project risks using their probability of
occurrence, the corresponding impact on
project objectives if the risks occur, and other
factors.

• Such assessments are subjective as they are

based on perceptions of risk by the project
team and other stakeholders, so attention
should be paid to identifying bias and
correcting for it.

• Identifies a risk owner for each risk who will

take responsibility for planning an appropriate
risk response and ensuring that it is
implemented.

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis
Tools and Techniques

• 1. Risk Data Quality Assessment

• Mistakes in risk data collection can lead to
wrong analysis and assessment Reliability

• Team here analyze risk data collected for

quality

• Relevancy Timeliness
Risk
Data Integrity
Quality
• Reliability
• Integrity
• Timeliness Relevancy

• If found not satisfactory, a new data shall be

collected for analysis

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis
Tools and Techniques

• 2. Risk probability and impact assessment

• Probability: Probability is the likelihood that an event will occur.
• Ex: The classic example is flipping a coin. There is a .50 probability of getting heads and a .50
probability of getting tails on the flip.

• Impact: Impact is the amount of pain (or the amount of gain for positive risks) the risk event poses to
the project.

• The risk impact scale can be a relative scale that assigns values such as high-medium-low (or some
combination of these) or a numeric scale known as a cardinal scale.

• Organizations can give weightage for any specific parameter/s (Normally Scope, Cost, Quality and
Time) in definition of score.

• Organizations normally have defined parameters for risk probability and impact rating and thresholds
however team normally tailor it for specific project during creation of Risk Management Plan.

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis
Tools and Techniques

• Risk Impact Scale

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis
Tools and Techniques

• 3. Probability and Impact Matrix

• Risks now rated according to the definitions given in Risk Management Plan, and arranged in a matrix
for further analysis as per the probability and impact assessment.

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis
Tools and Techniques

• 4. Other risk parameters assessment • Other risk parameters:

• Urgency: risks that may happen soon may • Controllability
require an urgent attention
• Detectability
• Following factors are considered to decide
urgency of risk • ....
• How much time it will take for risk
response plan to be effective

• Symptoms or warning signs that one

particular risk is going to happen

• Risks with higher rating normally need urgent

attention

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis
Tools and Techniques

• 5. Hierarchical charts Bubble size = Impact Value

• Where risks have been categorized using

more than two parameters, the probability
and impact matrix cannot be used and other
graphical representations are required.

Controllability
• For example, a bubble chart displays three
dimensions of data, where each risk is
plotted as a disk (bubble), and the three
parameters are represented by the x-axis
value, the y-axis value, and the bubble size.

Detectability

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis
Tools and Techniques

• 6. Risk Categorizations: Developme Transition

Concept Phase
nt Phase Phase
• Grouping risks into categories can lead to the
development of more effective risk responses by
focusing attention and effort on the areas of
WBS
highest risk exposure, or by developing generic
risk responses to address groups of related
risks.
Deliverable 1 Deliverable 2 Deliverable 3
• Identified risks can be categorized in many
ways:

• Project phases RBS

• Work Breakdown Structure(WBS)

Category 1 Category 2 Category 3
• Risk Breakdown Structure (RBS)

• Common root causes

Eugene Nguyen, PMP, PMI-ACP
III. Perform Qualitative Risk Analysis
Tools and Techniques

• 7. Expert judgment • 8. Meetings

• Expertise should be considered from • Risk workshop
individuals or groups with specialized
knowledge or training in the qualitative risk • The goals of this meeting include the review of
analysis topics previously identified risks, assessment of
probability and impacts (and possibly other
risk parameters), categorization, and
prioritization.

• A risk owner, who will be responsible for

planning an appropriate risk response and for
reporting progress on managing the risk, will
be allocated to each individual project risk as
part of the Perform Qualitative Risk Analysis
process.

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis
Tools and Techniques

• 9. Facilitation • 10. Interviews.

• A skilled facilitator can help participants • Interviews can be used to assess the
remain focused on the risk analysis task, probability and impacts of individual project
reach consensus on assessments of risks, as well as other factors.
probability and impacts, identify sources of
bias, and resolve any disagreements that may • The participants in the risk identification and
arise. analysis may be biased and this may have
impact on risk data collected

• The interviewer should promote an

environment of trust and confidentiality in the
interview setting to encourage honest and
unbiased assessments.

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis
Output

• 1. Project documents updates • 1. Project Document updates

• Risk report. The risk report is updated to • Risk Register updates: You may update the risk
reflect the most important individual project register with the following information:
risks (usually those with the highest • Risks grouped by categories
probability and impact), as well as a
prioritized list of all identified risks on the • Risk ranking (or priority/ risk score) for the
project and a summary conclusion. identified risks

• Assumption log. new assumptions may be • The nominated risk owner

made, new constraints may be identified, and • List of risks requiring near-term responses
existing assumptions or constraints may be
revisited and changed. • List of risks for additional analysis and response
• Issue log: any new issues uncovered or • Watch list of low-priority risks
changes in currently logged issues.
• Trends in Qualitative Risk Analysis results

Eugene Nguyen, PMP, PMI-ACP

III. Perform Qualitative Risk Analysis
Input

• 1. Project management plan • 2. Project documents

• Risk management plan • Stakeholder register. who may be nominated
as risk owners.
• The roles and responsibilities
• Budgets for risk management • Assumption log. Key assumptions and
constraints that may affect the project.
• Schedule for risk management
• 3. Enterprise environmental factors
• Risk breakdown structure
• Industry studies of similar projects by risk
• Definitions of probability & impact specialists, and
• Probability and impact matrix • Risk databases that may be available from
• Stakeholders’ risk thresholds industry or proprietary sources.

• 2. Project documents • 4. Organizational process assets

• Risk register: Identified individual project risk • Information from similar completed projects.
Eugene Nguyen, PMP, PMI-ACP
III. Perform Qualitative Risk Analysis

Inputs Tools and Techniques Output

1. Project management plan 1. Risk data quality assessment 1.Project documents updates
2. Project documents 2. Probability and Impact assessment - Risk register updates
3. Enterprise environmental factors 3. Probability and Impact Matrix - Risk report
4. Organizational process assets 4. Other risk parameter assessment
5. Hierarchical chart
6. Risk categorization
7. Expert judgment
8. Meetings
9. Interpersonal and team skills
10. Interview

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis

• What?
• The process of numerically analyzing the I need to know WHY,
combined effect of identified individual project quantitatively !
risks and other sources of uncertainty on
overall project objectives.

• Why?
• It quantifies overall project risk exposure, and
it can also provide additional quantitative risk
information to support risk response planning.

• When?
• The quantitative risk analysis process can
follow either the risk identification process or
the qualitative risk analysis process.

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis

• How? • Quantitative risk analysis is usually very

lengthy and difficult and hence done for only
• Translating information on individual project high priority risks.
risks and other sources of uncertainty into
numeric inputs for the quantitative risk • This process is not required for all projects
analysis model

• Selecting the most appropriate

representation of uncertainty

• Identifying which tools for the selected

modeling techniques

• Modeling the risks or other sources of

uncertainty in the context of the project

• Interpreting the outputs of quantitative risk

analysis.

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis
Tools and Techniques

• 1. Expected Monetary Value (EMV) • A situation: a general variable is a

deterministic function of the quantities it
• A statistical technique in risk management depends on
that is used to quantify the risks, which in
turn, assists the project manager to calculate • A decision "What do we do?"
the contingency reserve.
• A chance variable "What's the outcome?"
• EMV = (Probability x Impact)
• and our final valuation "How do we like it?"
• 2. Influence diagram
• It depicts the key elements, including
decisions, uncertainties, and objectives as
nodes of various shapes and colors. It shows
influences among them as arrows.

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis
Tools and Techniques

• 3. Decision tree analysis

• Decision trees are used to support selection
of the best of several alternative courses of
action.
Rain
385k- 34k
40% 300k
Indoor
300k invest
60% Sunshine
34k+84k=118k 440k- 84k
300k

Tournam
ent Rain
210k- 4k
Decision 200k
40%
EMV=199k Outdoor
200k 60% Sunshine
invest
525k- 195k
4k+195k=199k 200k

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis
Tools and Techniques

• 4. Interviews • 5. Representations of uncertainty

• May be used to generate inputs for the • Probability distribution is to represent and
quantitative risk analysis, drawing on inputs analyze expert judgments and type and
that include individual project risks and other quantity of data collected will depend upon
sources of uncertainty. which probability distribution is used.

• Project team members, stakeholders, and • The most commonly used are triangular,
subject matter experts are prime candidates normal, lognormal, beta, uniform, or discrete
for risk interviews distributions.

• This is particularly useful where information is • Probabilistic branches

required from experts.
• Where optional activities are added to the
model to represent the time and/or cost impact
of the risk should it occur, and the chance that
these activities actually occur in a particular
simulation run matches the risk’s probability

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis
Tools and Techniques

• 6. Simulation
• Simulation typically completed through a
computer software program, performed
Monte Carlo analysis to simulates a project
with values for all possible variables to
predict the most likely model.

• Project simulations allow the project team to

play “what-if” games without affecting any
areas of production.

• Schedule simulations are usually performed

using the precedence diagramming method,
while cost simulation typically uses the WBS
as its basis.

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis
Tools and Techniques

• 7. Sensitivity analysis
• Sensitivity analysis is a method of analyzing
the potential impact of risk events on the
project and determining which risk has the
greatest potential for impact.

• All other risks are kept at the baseline while

analyzing one risk

• Sensitivity analysis helps to determine which

individual project risks or other sources of
uncertainty have the most potential impact
on project outcomes.

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis
Tools and Techniques

• 8. Expert judgment • 9. Facilitation

• Expertise should be considered from • A skilled facilitator is useful for gathering input
individuals or groups with specialized data during a dedicated risk workshop
knowledge or training in risk quantitative involving project team members and other
analysis. stakeholders.

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis
Output

• 1. Project documents updates • Detailed probabilistic analysis of the project.

• 1.1 Risk report (updates) • S-curves,
• Assessment of overall project risk • Tornado diagrams, and
exposure.
• Critical path analysis,
• The probability that the project will • Narrative interpretation of the results.
achieve its key objectives

• The range of possible project • Possible detailed results of a quantitative risk

analysis:
outcomes.
• Amount of contingency reserve
• Prioritized list of individual project risks.
• Identification of individual project risks or
• Trends in quantitative risk analysis results. other sources of uncertainty
• Recommended risk responses. • Major drivers of overall project risk
Eugene Nguyen, PMP, PMI-ACP
IV. Perform Quantitative Risk Analysis
Input

• 1. Project management plan • 2. Project documents

• Risk management plan. • Cost estimates.
• The need of quantitative analysis
• Cost forecasts.
• The resources available for the analysis and the
expected frequency of analyses. • Estimate to complete (ETC),
• Scope baseline. • Estimate at completion (EAC),
• Schedule baseline. • Budget at completion (BAC),
• Cost baseline.
• And to-complete performance index (TCPI)
• 2. Project documents
• Resource requirements.
• Duration estimates.
• Schedule forecasts. • Basis of estimates.
• Milestone list. • Information on the estimate’s purpose,
classification, assumed accuracy, methodology,
• Schedule target for quantitative risk analysis and source.

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis
Input

• 2. Project documents • 3. Enterprise Environmental Factors

• Assumption log. • Industry studies of similar projects by risk
specialists, and
• Assumptions
• Risk databases that may be available from
• Constraints industry or proprietary sources.
• Risk register. • 4. Organizational Process Assets
• Details of individual project risks to be • Information from previous projects.
used as input for quantitative risk analysis.

• Risk report.
• Sources of overall project risk and the
current overall project risk status.

Eugene Nguyen, PMP, PMI-ACP

IV. Perform Quantitative Risk Analysis

Inputs Tools and Techniques Output

1. Project management plan 1. Expected monetary value 1.Project documents updates

2. Project documents 2. Influence diagram - Risk reports
3. Enterprise environmental factors 3. Decision tree analysis
4. Organizational process assets 4. Interview
5. Representations of Uncertainty
6. Simulation and What-if scenario
7. Sensitivity analysis
8. Expert judgment .
9. Interpersonal and team skills

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response

• What?
• The process of developing options, selecting
strategies, and agreeing on actions to address
overall project risk exposure, as well as to treat
individual project risks.

• Why?
• Effective and appropriate risk responses can
minimize individual threats, maximize individual
opportunities, and reduce overall project risk
exposure.

• Unsuitable risk responses can have the converse

effect.

• When?
• Throughout the project

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response

• How? • An effective risk responses should be:

• Determine risk response strategies and • Cost-effective in meeting the challenge
consider how to respond for each risk.
• Appropriate for the significance of the risk
• Select the most appropriate response
strategy and define response activities • Realistic within the project context
• Once the risk responses are confirmed, the • Agreed upon by all parties involved
necessary budget & resources should be
allocated to each action associated with a • Owned by a responsible person.
risk response plan.

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Tools and Technique

• 1. Strategies for Negative Risks or Threats • Transfer

• Avoid

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Tools and Technique

• 1. Strategies for Negative Risks or Threats • Accept

• Mitigate

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Tools and Technique

• 2. Strategies for Positive Risks or • Share

Opportunities

• Exploit

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Tools and Technique

• 2. Strategies for Positive Risks or • Accept

Opportunities

• Exploit

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Tools and Technique

• 2. Strategies for individual project risks

• Escalate.
• Escalation is appropriate when the project
team or the project sponsor agrees that a risk
is outside the scope of the project or that the
proposed response would exceed the project
manager’s authority.

• It is important that ownership of escalated

risks is accepted by the relevant party in the
organization.

• Escalated threats/opportunities are not

monitored further by the project team after
escalation, although they may be recorded in
the risk register for information.

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Tools and Technique

• 3. Strategies for overall project risk

• The same risk response strategies that are used to deal with individual project risks can also be
applied to overall project risk:

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Tools and Technique

• 4. Contingent response strategies

• Accepting the Risks
• Risk acceptance is the process of simply
accepting the risks because no other action is
feasible; or the risks are deemed to be of
small probability, impact, or both and that a
formal response is not warranted.

• Passive acceptance requires no action; the

project team deals with the risks as they
happen.

• Active acceptance entails developing a

contingency plan (contingent response plan)
should the risk occur. Acceptance may be
used for both positive and negative risks.

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Tools and Technique

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Tools and Technique

• 4. Contingent response Strategies

• Contingent response plan will be executed
under certain predefined conditions:
Symptoms, warning signs or trigger.

• Events that trigger the contingency response,

such as missing intermediate milestones or
gaining higher priority with a supplier, should
be defined and tracked.

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Tools and Technique

• 5. Alternatives analysis • 7. Multi-criteria decision analysis

• A simple comparison of the characteristics • Used to provide a systematic approach for
and requirements of alternative risk response prioritizing risk response strategies.
options can lead to a decision on which
response is most appropriate.
• Criteria for risk response selection may include:
• Cost of response,
• 6. Cost-benefit analysis
• Likely effectiveness
• If the impact of an individual project risk can
be quantified in monetary terms, then the • Resource availability,
cost-effectiveness of alternative risk
response strategies can be determined using • Timing constraints
cost-benefit analysis • Level of impact
• Effect of response
• ….
Eugene Nguyen, PMP, PMI-ACP
V. Plan Risk Response
Tools and Technique

• 8. Expert judgment • 10. Facilitation

• Expertise should be considered from • A skilled facilitator can help risk owners
individuals or groups with specialized understand the risk, identify and compare
knowledge in plan risk responses. alternative possible risk response strategies,
choose an appropriate response strategy, and
• 9. Interviews identify and overcome sources of bias.
• Development of responses to individual
project risks and overall project risk may be
undertaken during structured or semi-
structured interviews with risk owners.

• Other stakeholders may also be interviewed if

necessary

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Output

• 1. Project Management Plan Updates • 2. Project document updates

• Contingency plans, fallback plans • Risk related contract decisions
• 2. Project Document Updates • The contract may be needed for insurance
• Risk register updates: purposes, customer acceptance, or the
acknowledgement of responsibilities
• Response strategies between the entities completing the project.
• Residual risks • More on procurement section
• Secondary risks • Assumptions log updates
• The budget and schedule for risk responses • Technical documentation updates
• Both the contingency and fallback plans • 3. Change request
• Risk owners and their assigned • Preventive actions
responsibilities

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Input

• 1. Project management plan • 2. Project documents

• Stakeholder register.
• Resource management plan.
• Potential owners for risk responses.
• How resources allocated to agreed-upon • Risk register.
risk responses will be coordinated with
other project resources. • Details of individual project risks
• The priority level
• Risk management plan.
• Nominated risk owner
• Roles and responsibilities and risk • Preliminary risk responses.
thresholds
• Risk report.
• Cost baseline. • Current level of overall risk exposure of the project
• The contingency fund • list individual project risks in priority order
• Additional analysis of the distribution of individual project
risks

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response
Input

• 2. Project documents • 4. Organizational process assets

• Project team assignments. • Templates for the risk management plan, risk
register, and risk report;
• Resources that can be allocated to agreed-
upon risk responses. • Historical databases;
• Resource calendars. • Lessons learned repositories from similar
projects.
• Potential resources.
• Project schedule.
• Lessons learned register.
• 3. Enterprise environmental factors
• Risk appetite and thresholds of key
stakeholders.

Eugene Nguyen, PMP, PMI-ACP

V. Plan Risk Response

Inputs Tools and Techniques Output

1. Project management plan 1. Strategies for negative risk or threats 1. Project management plan updates
2. Project documents 2. Strategies for positive risk or 2. Project Document updates
3. Enterprise environmental factors opportunities - Risk register (updates)
4. Organizational process assets 3. Strategies for Overall risks - Risk-related contractual
4. Contingent response Strategies agreements
5. Alternative analysis 3. Change requests
6. Benefit cost analysis
7. Decision making
8. Expert judgment
9. Interview
10. Interpersonal and team skills

Eugene Nguyen, PMP, PMI-ACP

VI. Implement Risk Response

• What?
• The process of ensuring that agreed-upon
risk responses are executed as planned in
order to address overall project risk
exposure, minimize individual project threats,
and maximize individual project
opportunities.

• Why?
• Proper attention to the implement risk
responses process will ensure that agreed-
upon risk responses are actually executed.

• When?
• Throughout the project
Eugene Nguyen, PMP, PMI-ACP
VI. Implement Risk Response

• How?
• A common problem with Project Risk
Management is that project teams spend
effort in identifying and analyzing risks and
developing risk responses, then risk
responses are agreed upon and documented
in the risk register and risk report, but no
action is taken to manage the risk.

• Only if risk owners give the required level of

effort to implementing the agreed-upon
responses will the overall risk exposure of the
project and individual threats and
opportunities be managed proactively.

Eugene Nguyen, PMP, PMI-ACP

VI. Implement Risk Response
Tools and Techniques

• 1. Influencing.
• The project manager or person responsible
for facilitating the risk process may need to
exercise influencing to encourage nominated
risk owners to take necessary action where
required.

• 2. Expert judgment
• Expertise should be considered from
individuals or groups with specialized
knowledge to validate or modify risk
responses if necessary, and decide how to
implement them in the most efficient and
effective manner.

Eugene Nguyen, PMP, PMI-ACP

VI. Implement Risk Response
Tools and Techniques

• 3. Project management information system

(PMIS)

• Schedule, resource, cost or risk management

softwares may help to ensure that agreed-
upon risk response plans and their
associated activities are integrated into the
project alongside other project activities.

Eugene Nguyen, PMP, PMI-ACP

VI. Implement Risk Response
Output

• 1. Change requests • 2. Project documents updates

• Change may happen to the cost and • Issue log.
schedule baselines or other components of
the project management plan. • Lessons learned register.
• 2. Project documents updates • Project team assignments.
• Risk register. Any changes to the previously • Suitably qualified and experienced
agreed-upon risk responses to any individual personnel to execute the agreed-upon
project risk action (usually within the project team),

• Risk report. Any changes to the previously • Any required technical resources to
agreed-upon risk response to overall project complete the action.
risk exposure

Eugene Nguyen, PMP, PMI-ACP

VI. Implement Risk Response
Tools and Techniques

• 1. Project management plan • 2. Project documents

• Risk management plan. • Risk report.
• Roles and responsibilities • An assessment of the current overall
• Risk management methodology project risk exposure,

• Risk thresholds • As well as the agreed-upon risk response

strategy.
• Risk appetite of key stakeholders
• Major individual project risks with their
• 2. Project documents planned responses.
• Risk register. • Lessons learned register.
• The agreed-upon risk responses for each
individual risk • 3. Organizational process assets
• The nominated owners for each response plan. • Lessons learned repository
Eugene Nguyen, PMP, PMI-ACP
VI. Implement Risk Response

Inputs Tools and Techniques Output

1. Project manangement plan 1. Influencing 1. Change requests

2. Project documents 2. Expert judgment 2. Project document updates
3. Organizational process assets 3. PMIS

Eugene Nguyen, PMP, PMI-ACP

VII. Monitor Risks

• What?
• The process of monitoring the implementation
of agreed-upon risk response plans, tracking
identified risks, identifying and analyzing new
risks, and evaluating risk process
effectiveness throughout the project.

• Why?
• Ensure that the project team and key
stakeholders are aware of the current level of
risk exposure and make right decisions about
overall project risk and individual project risks.

• When?
• Throughout the project
Eugene Nguyen, PMP, PMI-ACP
VII. Monitor Risks

• How?
• Determining the current level of overall • Performing risk audit to to determine if:
project risk and if project strategy is still valid.
• Implemented risk responses are effective
• Tracking identified individual risks for signs
that they may be occurring • Risk management policies and procedures
are being followed
• Monitoring residual risks
• Risk management approach is still
• Reviewing that project assumptions are still appropriate
valid

• Looking for new individual risks that may

develop during project phase

• Analyse contingency reserves for cost or

schedule require modification

Eugene Nguyen, PMP, PMI-ACP

VII. Monitor Risks
Tools and Techniques

• 1. Technical performance analysis • 2. Reserve Analysis

• Technical performance measurement • Reserve analysis compares the amount of the
compares actual results against targets: contingency reserves remaining to the amount
weight, transaction times, number of of risk remaining at any time in the project in
delivered defects, storage capacity, etc order to determine if the remaining reserve is
adequate.
• Deviation can indicate the potential impact of
threats or opportunities. • Reserve analysis from starting to end of the
project will give indications to health of the
• Level of conformance can help to forecast project and risks
the degree of success in achieving the
project’s scope. • Remember Critical Path Method, burndown
chart

Eugene Nguyen, PMP, PMI-ACP

VII. Monitor Risks
Tools and Techniques

• 3. Meeting
• The periodic risk review is a regularly
scheduled discussion throughout the project
to

• Identification of new risks,

• Reassessment of current risks,
• And the closing of risks that are outdated.
• The risk review may be conducted as part of
a periodic project status meeting or a
dedicated risk review meeting may be held,
as specified in the risk management plan.

Eugene Nguyen, PMP, PMI-ACP

VII. Monitor Risks
Tools and Techniques

• 4. Risk response audits

• The risk audit should measure the
effectiveness of the risk owner in
implementing the risk response

• As well as the effectiveness of risk

management process

• Risk audits may be included during routine

project review meetings or may form part of a
risk review meeting, or the team may choose
to hold separate risk audit meetings.

• The format for the risk audit and its

objectives should be clearly defined before
the audit is conducted.

Eugene Nguyen, PMP, PMI-ACP

VII. Monitor Risks
Output

• 1. Work performance information • 3. Project management plan updates

• Information on how project risk management • Any component of the project management
is performing by comparing the individual plan.
risks that have occurred with the expectation
of how they would occur. • 4. Project documents updates
• 2. Change requests • Risk register.
• Recommended corrective actions • New risks,
• Or preventive actions to address the current • Updating outdated risks or risks that were
level of overall project risk or to address realized,
individual project risks.
• Updating risk responses

Eugene Nguyen, PMP, PMI-ACP

VII. Monitor Risks
Output

• 4. Project documents updates • 5. Project documents updates

• Risk report. • Assumption log
• Current status of major individual project • Issue log
risks
• Lessons learned register
• Current level of overall project risk.
• 6. Organizational process assets updates
• Conclusions from risk audits on the
effectiveness of the risk management • Templates for the risk management plan, risk
process. register, and risk report

• Risk breakdown structure.

Eugene Nguyen, PMP, PMI-ACP

VII. Monitor Risks
Input

• 1. Project management plan • 3. Work performance data

• Risk management plan. • data on project status such as risk responses
that have been implemented, risks that have
• Guidance on how and when risks should be occurred, risks that are active and those that
reviewed,
have been closed out.
• The roles and responsibilities
• 4. Work performance reports
• Reporting formats.
• This relevant information for monitoring
• 2. Project documents performance-related risks:
• Risk register • variance analysis,
• Risk report • earned value data, and
• Issue log. • forecasting data.
• Lessons learned register
Eugene Nguyen, PMP, PMI-ACP
VI. Implement Risk Response

Inputs Tools and Techniques Output

1. Project management plan 1. Technical performance analysis 1. Work performance information

2. Project documents 2. Reserve analysis 2. Change requests
3. Work performance data 3. Meetings 3. Project management plan updates
4. Work performance reports 4. Risk audits 4. Project document updates
5. Organizational process assets
updates

Eugene Nguyen, PMP, PMI-ACP