Manual 3

Project Risk Management

Book 1 of 4
Introduction
 Manual 3: Project Risk Management

Contents
Topic 1: Project Risk Management 3
Section A: Introducing Project Risk Management 3
Project Risk Management 3
Section B: General Facts about Project Risk Management 7
Section Objectives 7
Project Risk 7
Goals of Risk Management 7
Why is Managing Risk Important? 9
The Importance of Risk Management 9
Benefits of Risk Management 9
Consequences of Not Managing Risk 10

Book 1 of 4: Introduction Page 2 of 10

 Manual 3: Project Risk Management

Topic 1: Project Risk

Management
Section A: Introducing Project Risk
Management
Project Risk Management
Project Risk Management includes the processes concerned with conducting risk management planning,
identification, analysis, responses, and monitoring and control on a project; most of these processes are
updated throughout the project. The objectives of Project Risk Management are to increase the probability
and impact of positive events, and decrease the probability and impact of events adverse to the project.
Figure 1 provides an overview of the Project Risk Management processes, and Figure 2 provides a process
flow diagram of those processes and their inputs, outputs, and other related Knowledge Area processes.
The Project Risk Management processes include the following:

• Risk Management Planning – deciding how to approach, plan, and execute the risk management
activities for a project.
• Risk Identification – determining which risks might affect the project and documenting their
characteristics.
• Qualitative Risk Analysis – prioritizing risks for subsequent further analysis or action by assessing
and combining their probability of occurrence and impact.
• Quantitative Risk Analysis – numerically analyzing the effect on overall project objectives of
identified risks.
• Risk Response Planning – developing options and actions to enhance opportunities, and to reduce
threats to project objectives.
• Risk Monitoring and Control – tracking identified risks, monitoring residual risks, identifying new
risks, executing risk response plans, and evaluating their effectiveness throughout the project life
cycle.

These processes interact with each other and with the processes in the other Knowledge Areas as well.
Each process can involve effort from one or more persons or groups of persons based on the needs of the
project. Each process occurs at least once in every project and occurs in one or more project phases, if the
project is divided into phases. Although the processes are presented here as discrete elements with well-
defined interfaces, in practice they may overlap and interact in ways not detailed here.

Project risk is an uncertain event or condition that, if it occurs, has a positive or a negative effect on at
least one project objective, such as time, cost, scope, or quality (i.e., where the project time objective is to
deliver in accordance with the agreed-upon schedule; where the project cost objective is to deliver within
the agreed-upon cost; etc.). A risk may have one or more causes and, if it occurs, one or more impacts.
For example, a cause may be requiring an environmental permit to do work, or having limited personnel
assigned to design the project. The risk event is that the permitting agency may take longer than planned
to issue a permit, or the design personnel available and assigned may not be adequate for the activity. If
either of these uncertain events occurs, there may be an impact on the project cost, schedule, or
performance.

Risk conditions could include aspects of the project’s or organization’s environment that may contribute to
project risk, such as poor project management practices, lack of integrated management systems,
concurrent multiple projects, or dependency on external participants who cannot be controlled.

Book 1 of 4: Introduction Page 3 of 10

 Manual 3: Project Risk Management

PROJECT RISK
MANAGEMENT

1. Risk Management 2. Risk Identification 3. Qualitative Risk Analysis

1. Inputs 1. Inputs 1. Inputs

1. Enterprise environmental 1. Enterprise environmental 1. Organizational process
factors factors assets
2. Organizational process 2. Organizational process 2. Project scope statement
assets assets 3. Risk management plan
3. Project scope statement 3. Project scope statement 4. Risk register
4. Project management plan 4. Risk management plan
5. Project management plan 2. Tools & Techniques
2. Tools & Techniques 1. Risk probability and
1. Planning meetings and 2. Tools & Techniques impact assessment
analysis 1. Documentation review 2. Probability and impact
2. Information gathering matrix
3. Outputs techniques 3. Risk data quality
1. Risk management plan 3. Checklist analysis assessment
4. Assumptions analysis 4. Risk categorization
5. Diagramming techniques 5. Risk urgency assessment

3. Outputs 3. Outputs
1 Risk register 1. Risk register (updates)

4. Quantitative Risk Analysis 5. Risk Response Planning 6. Risk Monitoring and Control

1. Inputs 1. Inputs
1. Inputs 1. Risk management plan 1. Risk management plan
1. Organizational process 2. Risk register 2. Risk register
assets 3. Approved change requests
2. Project scope statement 2. Tools & Techniques 4. Work performance
3. Risk management plan 1. Strategies for negative information
4. Risk register risk or threats 5. Performance reports
5. Project management 2. Strategies for positive
plan risk or opportunities 2. Tools & Techniques
• Project schedule 3. Strategy for both threats 1. Risk reassessment
management plan and opportunities 2. Risk audits
• Project cost 4. Contingent response 3. Variance and trend analysis
management plan strategy 4. Technical performance
measurement
2. Tools & Techniques 3. Outputs 5. Reserve analysis
1. Data gathering and 1. Risk register (updates) 6. Status meetings
representation 2. Project management plan
techniques (updates) 3. Outputs
2. Quantitative risk analysis 3. Risk-related contractual 1. Risk register (updates)
and modeling techniques agreements 2. Requested changes
3. Recommended corrective
3. Outputs actions
4. Recommended preventive
actions
5. Organizational process
assets (updates)
6. Project management plan
(updates)

Figure 1 - Project Risk Management Overview

Book 1 of 4: Introduction Page 4 of 10

 Manual 3: Project Risk Management

Project risk has its origins in the uncertainty that is present in all projects. Known risks are those that
have been identified and analyzed, and it may be possible to plan for those risks using the processes
described in this chapter. Unknown risks cannot be managed proactively, and a prudent response by the
project team can be to allocate general contingency against such risks, as well as against any known risks
for which it may not be cost-effective or possible to develop a proactive response.

Organizations perceive risk as it relates to threats to project success, or to opportunities to enhance

chances of project success. Risks that are threats to the project may be accepted if the risk is in balance
with the reward that may be gained by taking the risk. For example, adopting a fast track schedule that
may be overrun is a risk taken to achieve an earlier completion date. Risks that are opportunities, such as
work acceleration that may be gained by assigning additional staff, may be pursued to benefit the project’s
objectives.

Persons and, by extension, organizations have attitudes toward risk that affect both the accuracy of the
perception of risk and the way they respond. Attitudes about risk should be made explicit wherever
possible. A consistent approach to risk that meets the organization’s requirements should be developed
for each project, and communication about risk and its handling should be open and honest. Risk
responses reflect an organization’s perceived balance between risk-taking and risk avoidance. To be
successful, the organization should be committed to addressing the management of risk proactively and
consistently throughout the project.

Book 1 of 4: Introduction Page 5 of 10

 Manual 3: Project Risk Management

Project management
Enterprise Commercial databases Risk plan Develop Project
Environmental Management Management
Factors Planning Plan

Policies, procedures Risk

and guidelines Management Approved change requests
Lessons learned plan Approved corrective actions
Organizational
knowledge base Approved preventive actions
Process Assets
Risk Approved change requests
Identifica-
tion

Scope Project Scope Statement

Definition Risk Register

Qualitative
Risk
Analysis

Risk Register (updates)

Develop
Cost Management plan
Project Quantitative
Schedule Management plan
Management Risk
Planning Analysis

Risk Register (updates)

Performance Performance reporting
Reporting
Risk Project management plan
Response (updates)
Planning

Direct & Work Performance

Manage Information Risk Register (updates)
Project Risk related contractual agreements
Execution
Recommended preventive actions
Risk register Recommended corrective actions
Organizational process Requested changes
Close assets (updates) Risk Integrated
Risk register (updates)
Project Monitoring Change
and Control Project management plan Control
(updates)

Figure 2 - Project Risk Management Process Flow Diagram

Note: Not all process interactions and data flow among the processes are shown.

Book 1 of 4: Introduction Page 6 of 10

 Manual 3: Project Risk Management

Section B: General Facts about Project Risk

Management
This manual introduces key project risk management definitions, concepts, and processes, using the step-
by-step procedure.

The step-by-step learning style utilizes a “building block” approach for presenting concepts in a step-by-
step procedural learning style. This approach is particularly appropriate and used in this manual for the
task-oriented areas that have clear step-by- step procedures involved in them.

Section Objectives
• Identify the benefits of managing risk and the consequences of failing to deal with risk
• Determine how the five management process groups integrate with the risk management knowledge
area to create the basis of the risk management processes
• Determine how risks evolve during the project life cycle
• Explain the fundamental principles of risk management
• Identify the participants of risk management and their responsibilities

Project Risk
Definition: Project Risk
A project risk is an uncertain event or condition that, if occurs, has a positive or negative effect on
a project objective.

A project risk is any event or occurrence, whether internally or externally driven, that will impact the
project’s stated technical scope, schedule, and cost objectives. This is not a dictionary definition; this is a
project management definition. “Project risk is an uncertain event or condition that, if it occurs, has a
positive or negative effect on a project objective.” Project risks are risks that impact one or more of the
project baseline elements: technical, schedule, or cost.

Risk is not always an event or occurrence that adversely or negatively affects a project. Some types of risk
may result in a positive opportunity with a gain for the project and company. This type of risk is known as
upside risk. Conversely, risk that has a negative impact upon a project may be considered downside risk.
Upside risks may represent steps taken to reduce cost or schedule, or to increase profit.

Risk is inherent in any project and may impact one or more elements of the project baseline. A project risk
assessment will assist the project manager and project team in identifying risks and preparing for risk
management and mitigation. Successfully identifying risks, and then mitigating and managing them, will
contribute directly to the ultimate success of the project by ensuring on-time, on-budget completion of
stated project technical objectives.

Goals of Risk Management

The goal of risk management is to:

• Maximize the impact of positive events.

• Minimize the probability and impact of negative events.

Risk management requires the project manager to anticipate problems long before they occur and take
appropriate action to keep the project running smoothly. Similarly, the project manager should actively
seek opportunities to introduce positive events, thereby enhancing project performance. Although risk
management may mean different things depending on the industry in question, this course covers all
aspects of risk management as defined by the Project Management Institute, Inc. (PMI). Despite
differences across industries, the fundamentals of risk management are universally recognized.

Book 1 of 4: Introduction Page 7 of 10

 Manual 3: Project Risk Management

Book 1 of 4: Introduction Page 8 of 10

 Manual 3: Project Risk Management

Definition: Risk Management

A systematic process to identify, analyze, and respond to project risk.

Why is Managing Risk Important?

Risk is an inherent part of all human endeavors. Because of the inherent nature of risks and their
potential to adversely affect project success, project managers and project teams should analyze risks
and document their risk management and mitigation approach. The risk assessment, in conjunction with
the project’s dollar value, visibility, and complexity, determines how the graded approach applies to the
project. Since application of an effective management strategy is a risk-based graded approach, a risk
analysis must be performed to determine the basis of grading.

Most decisions, including the most simple, involve risk. Today’s projects are increasingly more technically
diverse and complex. Proper risk management requires a systematic approach to the identification of
these risks and the risk potential. Failing to recognize risk and risk potential can lead to project failure.
This is particularly true with respect to achieving stated technical objectives.

Risk management is a proactive process that permits identification of, and preparation for, addressing
risks that may occur, or be realized, during the life of the project. Where risk can be avoided, properly
graded alternatives are studied and incorporated. Where risk cannot be avoided, mitigating strategies are
developed and incorporated as part of the project’s execution plan.

The basis for the performance and acceptance criteria for the project is a well-conceived project plan that
identifies, analyzes, and incorporates the existence and impact of risk in its setting of baseline objectives.

All risks cannot be controlled, but failure to use tools that can mitigate and manage risks may result in
adverse consequences on projects. The consequences of failing to deal effectively with risk can include
loss of credibility and may include personal or organizational liability and fines. Other important
consequences include significant cost overruns, inability to achieve desired project technical objectives,
schedule delays, reducing project scope, and ultimately, project cancellation.

The Importance of Risk Management

Risk management is important because it:

• Leads to early recognition of risks

• Ensures design and application of effective risk responses
• Becomes the basis of the graded approach to project control
• Reduces burnout of team members
• Helps ensure success by mitigating risk

Benefits of Risk Management

Managing risk is beneficial to the project, because risk management:

• Increases project viability (profit and success)

• Allows the project manager and team to focus attention on mitigation
• Is proactive rather than reactive
• Improves morale by providing rewards and incentives
• Provides a competitive advantage
• Generates personal success

Book 1 of 4: Introduction Page 9 of 10

 Manual 3: Project Risk Management

Consequences of Not Managing Risk

The consequences of failing to use risk management are:

• Significant cost overruns

• Schedule delays
• Inability to achieve stated objectives
• Project descoying
• Project cancellation
• Fines and penalties
• Injuries and damages
• Personal and/or organizational liabilities
• Loss of credibility
• Loss of market share

Book 1 of 4: Introduction Page 10 of 10