CHAPTER ELEVEN

Project Risk Management

 
(Source : PMBOK Guide)

Raymond Fraig
PMP,PMI-RMP, M.Sc.E., B.Eng.
All rights reserved – Raymond Fraig, PMP -01003989333 – raymond_fraig@hotmail.com
 Contents
 Introduction
 11.1 Plan Risk Management
 11.2 Identify Risks
 11.3 Perform Qualitative Risk Analysis
 11.4 Perform Quantitative Risk Analysis
 11.5 Plan Risk Responses
 11.6 Control Risks
 Sample Questions
 Project Risk Management
Introduction
 Project Risk Management includes the processes of conducting
risk management planning, identification, analysis, response
planning, and controlling risk on a project.
 The objectives of project risk management are to increase the
likelihood and impact of positive events (opportunities), and
decrease the likelihood and impact of negative events (threats) in the
project.
 Project risk is an uncertain event or condition that, if it occurs, has a
positive or negative effect on one or more project objectives such as
scope, schedule, cost, and quality.
 A risk may have one or more causes and, if it occurs, it may have
one or more impacts.
 Project Risk Management
Introduction
ID Process Definition Process
Group

11.1 Plan Risk The process of defining how to conduct risk management activities P
Management for a project.

11.2 Identify Risks The process of determining which risks may affect the project and P
documenting their characteristics.

11.3 Perform The process of prioritizing risks for further analysis or action by P
Qualitative assessing and combining their probability of occurrence and
Risk Analysis impact.

11.4 Perform The process of numerically analyzing the effect of identified risks P
Quantitative on overall project objectives.
Risk Analysis
11.5 Plan Risk The process of developing options and actions to enhance P
Responses opportunities and to reduce threats to project objectives.

11.6 Control Risks The process of implementing risk response plans, tracking M&C
identified risks, monitoring residual risks, identifying new risks,
and evaluating risk process effectiveness throughout the project.
 Project Risk Management
Introduction
 The degree of risk acceptance to the organization and stakeholders
varies according to the following factors:
o Risk Appetite
The degree of uncertainty an entity is willing to take on in anticipation of a
reward.
o Risk Tolerance
The degree, amount, or volume of risk that an organization or individual will
withstand.
o Risk Threshold
Refers to measures along the level of uncertainty or the
level of impact at which a stakeholder may have a specific
interest.
 Below that risk threshold, the organization will accept the risk.
 Above that risk threshold, the organization will not tolerate the risk.
 Project Risk Management
11.1 Plan Risk Management
 The process of defining how to conduct risk management activities
for a project.
 The key benefit of this process is it ensures that the degree, type,
and visibility of risk management are commensurate with both the
risks and the importance of the project to the organization.
 Project Risk Management
11.1 Plan Risk Management
 Project Risk Management
11.1 Plan Risk Management
 Inputs:
 Project Management Plan
All approved subsidiary management plans and baselines should be taken into
consideration to make the risk management plan consistent with them.
 Project Charter
High-level risks, high-level project descriptions, and high-level requirements.
 Stakeholder Register
 Enterprise Environmental Factors
Risk attitudes, thresholds, and tolerances that describe the degree of risk
that an organization will withstand.
 Organizational Process Assets
Risk categories - Risk statement formats – Templates – Roles – Responsibilities
- Authority levels for decision making – Lessons learned.
 Project Risk Management
11.1 Plan Risk Management
 Tools and Techniques:
 Analytical Techniques
 Used to understand and define the overall risk management context (risk
attitudes – risk exposure) of the project.
 Depending on these assessments, the project team can allocate appropriate
resources and focus on the risk management activities.
 Expert Judgment
Comprehensive inputs from Sr. Management- PMs - Consultants – Subject
Matter experts – Professional and technical associations …etc.
 Meetings
Stakeholders may discuss: risk management cost and schedule , application
of contingency reserves, templates and definitions , probabilities and impacts
, then the entire risk management plan.
 Project Risk Management
11.1 Plan Risk Management

 Outputs:
 Risk Management Plan
A component of the project management plan that describes how risk
management activities will be structured and performed. It includes:
 Methodology : approach – tools – data sources.
 Roles and Responsibilities: for risk team members.
 Budgeting : risk activities – contingency and management reserves.
 Timing: when and how risk management processes will be performed ,
and time contingency reserves.
 Risk Categories: means for grouping potential causes of risk.
 Definition of Risk Probability and Impact: different levels of risk
probability and impact must be defined in a standard specific to the
project context.
 Project Risk Management
11.1 Plan Risk Management

Risk
Categories

Probability
& Impact
standards
 Project Risk Management
11.1 Plan Risk Management
 Outputs:
 Risk Management Plan (contd.)
 Probability and Impact Matrix: A probability and impact matrix is a grid
for mapping the probability of each risk occurrence and its impact on project
objectives if that risk occurs.
 Project Risk Management
11.1 Plan Risk Management

 Outputs:
 Risk Management Plan (contd.)
 Revised Stakeholders’ Tolerances : may be revised for specific projects.
 Reporting Formats :
 They define how the outcomes of the risk management process will be
documented, analyzed, and communicated.
 It describes the content and format of the risk register as well as any
other risk reports required.
 Tracking: how risk activities will be recorded for
the benefit of the current project and how risk
management processes will be audited.
 Project Risk Management
11.2 Identify Risks
 The process of determining which risks may affect the project and
documenting their characteristics.
 The key benefit of this process is the documentation of existing
risks and the knowledge and ability it provides to the project team to
anticipate events.
Project Risk Management
11.2 Identify Risks
 Project Risk Management
11.2 Identify Risks
 Inputs:
 Risk Management Plan
Risk identification roles and responsibilities – Categories of risks (RBS)
 Cost Management Plan
Provides processes and controls used to help identify risks.
 Schedule Management Plan
Provides insight to project schedule objectives and expectations which may be
impacted by risks.
 Quality Management Plan
Provides a baseline of quality measures / metrics for use in identifying risks.
 Human Resource Management Plan
Contains roles and responsibilities, project organization charts, and the staffing
management plan, which form a key input to identify risk process.
 Project Risk Management
11.2 Identify Risks
 Inputs:
 Scope Baseline
 Uncertainty in project assumptions are potential causes of project risk.
 WBS is a critical input to identifying risks at lower levels (WP & Act.).
 Activity Cost Estimates
Useful in identifying risks when costs are expressed as a range, with the width of
the range indicating the degree(s) of risk.
 Activity Duration Estimates
Risks evaluated from time allowances and range of estimate.
 Stakeholder Register
Information about stakeholders is useful for soliciting inputs to identify risks.
 Project Documents
Project charter – Schedule – Network diagrams – Issue log – Checklists.
 Project Risk Management
11.2 Identify Risks
 Inputs:
 Procurement Documents
The complexity and the level of detail of the procurement documents should be
consistent with the risks associated with planned procurements.
 Enterprise Environmental Factors
 Published information - commercial databases - Academic studies.
 Benchmarking - Industry studies - Risk attitudes.
 Organizational Process Assets
 Project files, including actual data.
 Organizational and project process controls.
 Risk statement formats or templates
 Lessons learned.
 Project Risk Management
11.2 Identify Risks
 Tools and Techniques:
 Documentation Reviews
The quality of plans, consistency between plans and the project requirements
and assumptions, may be indicators of risk in the project.
 Information Gathering Techniques
Brainstorming – Delphi technique – Interviewing – Root cause Analysis.
 Checklist Analysis
Risk identification checklists are developed based on historical information and
knowledge, and from other sources of information.
 Assumptions Analysis
Explores the validity of assumptions. It identifies risks to the project from
inaccuracy, instability, inconsistency, or incompleteness of assumptions.
 Project Risk Management
11.2 Identify Risks
 Tools and Techniques:
 Diagraming Techniques
Cause and Effect diagram – Process Flowcharts
Influence diagrams
 SWOT Analysis

(Strengths, Weaknesses, Opportunities and Threats)

 Expert Judgment
Risks may be identified directly by experts with
relevant experience with similar projects or
business areas.
 Project Risk Management
11.2 Identify Risks
 Outputs:
 Risk Register
 The risk register is a document in which the results of risk analysis and risk
response planning are recorded.
 It contains the outcomes of the other risk management processes as they are
conducted (Progressively Elaborated).
 It begins here with the following information:
 List of identified risks
 The identified risks are described in as much detail as is reasonable.
 C.R.E . format (Cause – Risk – Effect)
 List of potential responses
 Potential responses to a risk may sometimes be identified during the Identify
Risks process.
 Input to Plan Risk Responses process.
 Project Risk Management
11.3 Perform Qualitative Risk Analysis
 The process of prioritizing risks for further analysis or action by
assessing and combining their probability of occurrence and
impact.
 The key benefit of this process is that it enables project managers to
reduce the level of uncertainty and to focus on high-priority risks.
 Project Risk Management
11.3 Perform Qualitative Risk Analysis
 Project Risk Management
11.3 Perform Qualitative Risk Analysis
 Inputs:
 Risk Management Plan
Key elements include: roles and responsibilities, budgets, schedule activities,
risk categories, definitions of probability and impact, the probability and impact
matrix, and revised stakeholders’ risk tolerances.
 Scope Baseline
Evaluating uncertainty by examining scope baseline (new or repeated work).
 Risk Register
Information to asses and prioritize risks.
 Enterprise Environmental Factors
Industry studies and risk databases available by specialists.
 Organizational Process Assets
Information on prior, similar completed projects.
 Project Risk Management
11.3 Perform Qualitative Risk Analysis
 Tools and Techniques:
 Risk Probability and Impact Assessment
 Risk probability assessment investigates the likelihood that each specific risk
will occur.
 Risk impact assessment investigates the potential effect on a project objective
( cost – schedule – quality).
 Risk probabilities and impacts are rated according to the definitions given in
the risk management plan (to reduce bias).
 Probability and Impact Matrix
 Risks can be prioritized for further quantitative analysis and planning risk
responses based on their risk rating.
 Ratings are assigned to risks based on their probability and impact.

Risk Rating = Probability * Impact

 Project Risk Management
11.3 Perform Qualitative Risk Analysis
 Project Risk Management
11.3 Perform Qualitative Risk Analysis
 Tools and Techniques:
 Risk Data Quality Assessment
A technique to evaluate the usefulness of risk data by examining the degree to
which the risk is understood and the accuracy, quality, reliability, and integrity
of the data about the risk.
 Risk Categorization
Risks can be categorized by sources of risk (RBS), area affected (WBS), or other
categories (project phase) to determine the areas of the project most exposed to
uncertainty.
 Risk Urgency Assessment
Risks requiring near-term responses may urgent to address.
 Expert Judgment
Required to assess the probability and impact of each risk to determine its
location in the matrix
 Project Risk Management
11.3 Perform Qualitative Risk Analysis
 Outputs:
 Project Documents Updates
 Risk register updates
Updates to the risk register may include: assessments of probability and impacts
for each risk, risk ranking or scores, risk urgency or risk categorization, and a
watch list for low probability risks or risks requiring further analysis.
 Assumptions log updates
The assumptions log needs to be revisited to accommodate
The new information from qualitative risk assessment.
 Project Risk Management
11.4 Perform Quantitative Risk Analysis
 The process of numerically analyzing the effect of identified
risks on overall project objectives.
 The key benefit of this process is that it produces quantitative
risk information to support decision making in order to reduce
project uncertainty.
 Project Risk Management
11.4 Perform Quantitative Risk Analysis
 Project Risk Management
11.4 Perform Quantitative Risk Analysis
 Inputs:
 Risk Management Plan
Guidelines, methods, and tools to be used in quantitative risk analysis.
 Cost Management Plan
Guidelines on establishing and managing risk reserves (money).
 Schedule Management Plan
Guidelines on establishing and managing risk reserves (time).
 Risk Register
A reference point for performing quantitative risk analysis.
 Enterprise Environmental Factors
Industry studies and risk databases from specialists.
 Organizational Process Assets
Information from prior, similar completed projects.
 Project Risk Management
11.4 Perform Quantitative Risk Analysis
 Tools and Techniques:
 Data Gathering and Representation Techniques
 Interviewing : to draw on experience and historical data to quantify the
probability and impact of risks on project objectives. Data may be in ranges
or three point estimates is used.
 Probability distributions : Continuous probability distributions, using
modeling and simulation, represent the uncertainty in values (durations and
costs) of project components.
 Project Risk Management
11.4 Perform Quantitative Risk Analysis
 Tools and Techniques:
 Quantitative Risk Analysis and Modeling Techniques
 Sensitivity Analysis: helps to determine which risks have the most potential
impact on the project. It helps to understand how the variations in project’s
objectives correlate with variations in different uncertainties and vice – versa.
(See next slide : Tornado Diagram)
 Expected Monetary Value Analysis: Expected monetary value (EMV)
analysis is a statistical concept that calculates the average outcome when the
future includes scenarios. (See next slide :EMV)
 Modeling and Simulation
 A model that translates the specified uncertainties into their potential impact
on project objectives.
 Monte Carlo technique, the project model is computed many times (iterated),
with the input values (cost estimates or activity durations) chosen at random
for each iteration from the probability distributions of these variables.
 Expert Judgment
 Project Risk Management
11.4 Perform Quantitative Risk Analysis

Tornado Diagram

EMV Analysis (decision

tree)

Mont Carlo Technique

 Project Risk Management
11.4 Perform Quantitative Risk Analysis
 Outputs:
 Project Documents Updates
 Risk Register Updates
 Probabilistic analysis of the project (distributions).
 Probability of achieving cost and time objectives.
 Prioritized list of quantified risks.
 Trends in quantitative risk analysis results (history of repeated analysis).
 Project Risk Management
11.5 Plan Risk Responses
 The process of developing options and actions to enhance
opportunities and to reduce threats to project objectives.
 The key benefit of this process is that it addresses the risks by their
priority, inserting resources and activities into the budget, schedule
and project management plan as needed.
Project Risk Management
11.5 Plan Risk Responses
 Project Risk Management
11.5 Plan Risk Responses
 Inputs:
 Risk Management Plan
Important components of the risk management plan include roles and
responsibilities, risk analysis definitions, timing for reviews (and for
eliminating risks from review).
 Risk Register
 Refers to identified risks, root causes of risks, lists of potential responses,
risk owners, symptoms and warning signs, risk ratings ,risks requiring
responses in the near term, risks for additional analysis and response.
 Trends in qualitative analysis results.
 Watch list (low priority risks).
 Project Risk Management
11.5 Plan Risk Responses
 Tools and Techniques:
 Strategies for Negative Risks (Threats)

# Strategy Definition Example

1 AVOID A risk response strategy whereby the project team acts  Changing scope
to eliminate the threat or protect the project from its  Extending schedule
impact.
2 TRANSFER A risk response strategy whereby the project team  Insurance
shifts the impact of a threat to a third party, together  Performance bonds
with ownership of response.  Subcontracting
3 MITIGATE A risk response strategy whereby the project team acts  Early actions
to reduce the probability of occurrence or impact of a  Less complex
risk. processes
4 ACCEPT A risk response strategy whereby the project team  Passive (no action)
decides to acknowledge the risk and not take any  Contingency reserve
action unless the risk occurs. (time – money )
 Project Risk Management
11.5 Plan Risk Responses
 Tools and Techniques:
 Strategies for Positive Risks (Opportunities)

# Strategy Definition Example

1 EXPLOI A strategy seeks to eliminate the uncertainty  Special resources

T associated with a particular upside risk by  New technologies
ensuring the opportunity definitely happens.
2 ENHAN A strategy to increase the probability and/or the  Adding resources
CE positive impacts of an opportunity.  New methods
3 SHARE Involves allocating some or all of the ownership  Joint ventures
of the opportunity to a third party who is best
able to capture the opportunity.
4 ACCEPT Accepting an opportunity is being willing to take  Passive (no action)
advantage of the opportunity if it arises, but not
actively pursuing it.
 Project Risk Management
11.5 Plan Risk Responses
 Tools and Techniques:
 Contingent Response Strategies
 Some responses are designed for use only if certain events occur.
 Risk responses identified using this technique are often called contingency
plans or fallback plans and include identified triggering events that set the
plans in effect.
 Expert Judgment
Expert judgment is input from knowledgeable parties pertaining to the actions
to be taken on a specific and defined risk.
 Project Risk Management
11.5 Plan Risk Responses
 Outputs:
 Project Management Plan Updates
 Schedule Management Plan.
 Cost Management Plan.
 Quality management Plan.
 Procurement Management Plan.
 Human Resource Management Plan.
 Scope Baseline.
 Schedule Baseline.
 Cost Baseline.
 Project Risk Management
11.5 Plan Risk Responses
 Outputs:
 Project Documents Updates
 Risk Register :
 risk owners – approved response strategies – Triggers – warning signs –
budget and schedule activities – Contingency plans .
 Fallback plans (after primary response inadequacy).
 Residual risks (remaining after responses).
 Secondary risks (arise upon implementing a risk response)
 Contingency reserves (time – money).
 Assumptions log
 Technical Documentations
 Change Requests
 Project Risk Management
11.6 Control Risks
 The process of implementing risk response plans, tracking identified
risks, monitoring residual risks, identifying new risks, and
evaluating risk process effectiveness throughout the project.
 The key benefit of this process is that it improves efficiency of the
risk approach throughout the project life cycle to continuously
optimize risk responses.
Project Risk Management
11.6 Control Risks
 Project Risk Management
11.6 Control Risks
 Inputs:
 Project Management Plan
Risk management plan provides guidance for risk monitoring and controlling.
 Risk Register
All key updated information (latest version).
 Work Performance Data
Deliverable status, Schedule progress, and Costs incurred.
 Work Performance Reports
Included data points (performance measurements) could be impactful in
controlling performance related risks.
 Project Risk Management
11.6 Control Risks
 Tools and Techniques:
 Risk Reassessment
Identification of new risks, reassessment of current risks (on regular basis), and the
closing of risks that are outdated.
 Risk Audits
Examine and document the effectiveness of risk responses for identified risks ,root
causes, and the effectiveness of risk management process.
 Variance and Trend Analysis
Variance analysis to compare the planned results to the actual results.
 Technical Performance Measurement
 Reserve Analysis
Compares the amount of the contingency reserves remaining to the amount of risk
remaining at any time to determine if the remaining reserve is adequate.
 Meetings
Project risk management should be an agenda item at periodic status
 Project Risk Management
11.6 Control Risks
 Outputs:
 Work Performance Information
Provides a mechanism to communicate and support project decision making.
 Change Requests
Recommended corrective and preventive actions and workarounds.
 Project Management Plan Updates
 Project Documents Updates
 Outcomes of risk reassessments, risk audits, and periodic risk reviews.
 Actual outcomes of the project’s risks and of the risk responses.
 Organizational Process Assets Updates
 Risk templates – RBS – Lessons learned.
 Question
Strategies typically used to deal with threats or risks
that may have negative impacts on project objectives
if they occur include all of the following EXCEPT:

A. Interpret.

B. Avoid.

C . Transfer.

D. Mitigate.
 Question
Risk transference nearly always involves:

A. Eliminating risk through beta testing.

B. Policies and procedures for a response system.

C. Accepting a lower profit if some activities overrun

their budget.

D. Payment of a risk premium to the party taking on

the risk.
 Question
To be successful, the organization should be
committed to address risk management:

A. Just in time before a meeting with major

stakeholders of the project.

B. Proactively and consistently throughout the project.

C. As soon as time and cost estimates are ready.

D. As early as possible in the execution phase.

 Question
In the Plan Risk Responses process, an accept strategy
indicates that the project team has decided:

A. To agree with the project manager.

B. To eliminate a specific risk or threat, to reduce the

probability and/or impact of an adverse risk event to
be within acceptable threshold limits, or to pursue an
opportunity actively.

C. Not to change the project management plan to deal

with a risk, or is unable to identify any other suitable
response strategy.

D. To purchase insurance or to require performance

bonds, warranties, and guarantees.
 Question
The main output of the Identify Risks process is:

A. Risk register.

B. Expected monetary value of the risk events.

C. List of corrective actions.

D. Risk mitigation plan.

 Question
A thorough analysis of the__________ will help identify
potential risks to the project.

A. Risk identification checklist based on historical

information and knowledge.

B. Project's change control system.

C. Project's mission statement.

D. Project's schedule and budget.

 Question
All of the following are inputs to the Identify Risks
process EXCEPT:

A. Risk management plan.

B. Scope baseline.

C. Workaround plan.

D. Quality management plan.

 Question
Outputs from the Plan Risk Responses process
include all of the following EXCEPT:

A. Risk register updates.

B. Corrective actions.

C. Risk-related contract decisions.

D. Project management plan updates.

 Question
As an output of the Perform Quantitative Risk Analysis
process, the risk register is updated. These updates
include:

A. Prioritized list of quantified risks.

B. Probabilistic analysis of the threats to ignore and

opportunities to accept.

C. Checklists, corrective actions, and quantified

decision trees.

D. Direction, resources, and contingency costs.

 Question
Risk impact assessment to investigate the potential effect on a
project objective such as schedule, cost, quality, or
performance has the following characteristics EXCEPT:

A. Evaluation of each risk can be conducted using a

probability and impact matrix that leads to rating the risks
as low, moderate, or high priority.

B. Approaches used in evaluating risk impacts related to

project objectives could be relative, numeric, linear, or
nonlinear.

C. Usually, risk-rating rules are specified by the organization

in advance of the project and can be tailored to the
specific project.

D. The impact on project objectives should be assessed

primarily at the end.
 Question
The risk rating:

A. Is calculated by multiplying the probability of the

occurrence of a risk times its impact on an objective
if it were to occur.

B. Is the slim of squares of the scale values assigned

to the estimates of probability and impact.

C. Cannot be used to determine whether a risk is

considered low, moderate, or high.

D. Is a commonly useful technique for risk avoidance.

 Question
Sensitivity analysis:

A. Examines the extent to which the uncertainty of project

objectives affects each project element simultaneously.

B. Examines the extent to which the uncertainty of each

project element affects the objective being examined
when all other uncertain elements are held at their
baseline values.

C. Is a method for assessing stakeholders' tolerance to risk.

D. Cannot be used to determine which risks have the most

potential impact on the project.
 