RISK MANAGEMENT

11.1 Plan Risk Management: The process of DEFINING HOW to conduct risk management activities for a project. In Plan Risk Management, the remaining
FIVE risk management processes are PLANNED (creating a road map for them) and HOW they will be conducted is documented. Here focus will be on
"HOW RISKS WILL BE APPROACHED ON THE PROJECT".
Risk attitudes
Risk appetite, which is the degree of uncertainty an entity, is willing to take on in anticipation of a reward.
Risk tolerance, which is the degree, amount, or volume of risk that an organization or individual will withstand. (measurable amount of acceptable risk)
Risk threshold, specific Point at which risk becomes unacceptable. Above that risk threshold, the organization will not tolerate the risk.
# Risk Management Plan defines WHAT LEVEL of risk will be considered tolerable for the project, HOW risk will be managed, WHO will be responsible
for risk activities, the AMOUNT OF TIME and COST that will be allotted to risk activities, and HOW risk findings will be COMMUNICATED.
# Risk Breakdown Structure (RBS): It is not breaking down the actual risks; instead, we are breaking down the CATEGORIES of risks that we will
evaluate.
1. Project Management Plan 1. Analytical Techniques 1. Risk Management Plan (It includes the
following:
2. Project Charter 2. Expert Judgment a) Methodology, b) Roles and Responsibilities, c)
PLANNING

3. Stakeholder Register 3. Meetings Budgeting, d) Timing, e) Risk Categories,(RBS) f)

4. EEF Definitions of risk probability and impact, g)
5. OPA Probability and impact matrix, h) Revised
stakeholders' tolerances, i) Reporting formats,
and j) Tracking.

It is based on PMBOK 5. Please note that these are my personal notes and created using several books, online forums, already created notes by others. If you have any suggestions please feel free to drop an email to
shraddha.pmp@gmail.com. There is no liability assumed for damages resulting from the use of information.
11.2 Identify Risk: The process of determining WHICH risks may affect the project and documenting their characteristics.
# TT1: Assumptions analysis is when we look at project assumptions.
# TT2 : lowest level of RBS can also be used as a risk checklist.
# TT3: SWOT: It is a tool to measure each RISK's SWOT. Each risk is plotted, and the quadrant where the Weakness (usually Internal) and Threats
(usually External) are HIGHEST, and the quadrant where Strengths (again, usually Internal) and Opportunities (usually External) are HIGHEST will
present the HIGHEST RISK on the project.
# TT4: Diagramming Techniques: Ishikawa/Cause-and-effect/Fishbone Diagram, Influence Diagram, and System or Process Flow Charts.
# TT5: Most common Techniques are 1. Brainstorming, 2. Delphi Technique, 3. Expert Interviews and 4. Root Cause Identification.
# TT6: Documentation reviews are when you look at OPA and any documents to squeeze any possible risk out of them.
1. Risk Management Plan 1. Assumptions Analysis 1. Risk Register
2. Schedule Management Plan 2. Checklist Analysis (it uses RBS) (List of Identified Risks and List of Potential
Responses)
3. Cost Management Plan 3. SWOT Analysis It is a part of Project Documents.
4. Quality Management Plan 4. Diagramming Techniques Root causes, risk categories
5. Human Resource Management Plan 5. Information Gathering Techniques Responses are documented here as well.
PLANNING

6. Activity Duration Estimates 6. Documentation Reviews

7. Activity Cost Estimates 7. Expert Judgement
8. Stakeholder Register
9. Scope Baseline
10. Project Documents + Procurement
Document
11. Enterprise Environmental Factors
12. Organizational Process Assets

It is based on PMBOK 5. Please note that these are my personal notes and created using several books, online forums, already created notes by others. If you have any suggestions please feel free to drop an email to
shraddha.pmp@gmail.com. There is no liability assumed for damages resulting from the use of information.
11.3 Perform Qualitative Risk Analysis: The process of PRIORITIZING risks for further analysis or action by assessing and combining their probability of
occurrence and impact.
# It is usually a RAPID and COST-EFFECTIVE means of establishing priorities for Plan Risk Responses and lays the foundation for Perform QUANTITATIVE
Risk Analysis, if required. This process can lead into Perform Quantitative Risk Analysis or directly into Plan Risk Responses. # Qualitative risk analysis
helps you prioritize each risk and figure out its probability and impact.
#TT1 - Risk probability assessment investigates the likelihood that each specific risk will occur.
#TT2 - Each risk is rated on its probability of occurrence and impact on an objective if it does occur. The organization should determine which
combinations of probability and impact result in a classification of high risk, moderate risk, and low risk. In a black-and-white matrix, these conditions
are denoted using different shades of gray.
#TT3 - Risk data quality assessment is a technique to evaluate the degree to which the data about risks is useful for risk management.
1. Risk Register 1. Risk Probability and Impart Assessment 1. Project Document updates - Risk Register
2. Risk Management Plan 2. Probability and Impact Matrix (Updates include: 1. Relative ranking or priority
3. Scope Baseline 3. Risk Data Quality Assessment list of project risks, 2. Risks grouped by
PLANNING

4. Organizational Process Assets
5. Enterprise Environmental Factor
4. Risk Urgency Assessment categories, 3. Causes of risk or project areas
5. Risk Categorization requiring particular attention, 4. List of risks
6. Expert Judgment requiring response in the near-term, 5. List of
risks for additional analysis and response, 6.
Watchlists of low-priority risks, and 7. Trends in
qualitative risk analysis results).

It is based on PMBOK 5. Please note that these are my personal notes and created using several books, online forums, already created notes by others. If you have any suggestions please feel free to drop an email to
shraddha.pmp@gmail.com. There is no liability assumed for damages resulting from the use of information.
11.4 Perform Quantitative Risk Analysis: The process of NUMERICALLY ANALYZING the effect of identified risks on overall project objectives. It relies on
the prioritized list of risks from the Perform Qualitative Risk Analysis process. COST and SCHEDULE are easily quantified, and this process is concerned
with quantifying the risks. SCOPE generally fits better into the Qualitative Risk Analysis.
# TT1: 1. Interviewing, 2. Probability Distribution (Beta Distribution, Triangular Distribution). Uniform Distribution can be used if there is no obvious
value (early concept stage of design). Probability Distributions are very useful for analysing risks.
# TT2: 1. Sensitivity Analysis (Tornado Diagram shows HOW SENSITIVE each analysed area of the project is to risk. It ranks the bars from GREATEST to
LEAST on the project so that the chart takes on a Tornado-like shape). 2. Expected Monetary Value Analysis (EMV): The EMV of OPPORTUNITIES will
generally be expressed as POSITIVE VALUES, while those of THREATS will be NEGATIVE. EMV requires a Risk-Neutral assumption, neither risk averse,
nor risk seeking. A common type is "Decision Tree Analysis". 3. Modelling and Simulation: Monte Carlo Analysis throws large numbers of scenarios at
the schedule to see the impact of certain risk events.
1. Risk Register 1. Data Gathering and Representation 1. Project Document Updates - Risk Register
Techniques Updates
PLANNING

2. Risk Management Plan 2. Quantitative Risk Analysis and Modelling (Updates include 1. Probabilistic analysis of the
Techniques project, 2. Probability of achieving cost and time
3. Cost Management Plan 3. Expert Judgment objectives, 3. Prioritized list of quantified risks,
4. Schedule Management Plan and 4. Trends in quantitative risk analysis
5. OPA+EEF results)

It is based on PMBOK 5. Please note that these are my personal notes and created using several books, online forums, already created notes by others. If you have any suggestions please feel free to drop an email to
shraddha.pmp@gmail.com. There is no liability assumed for damages resulting from the use of information.
11.5 Plan Risk Responses: The process of DEVELOPING OPTIONS and ACTIONS to enhance opportunities and to reduce threats to project objectives. It
creates a plan for HOW each risk will be handled. It assigns specific tasks and responsibilities to specific team members. Here, the ACTION PLANS for
HOW Risks should be handled are determined.
# TT1: Avoid - Undesirable Risks, Transfer/Deflect - to another party (Contractual Agreements and Insurance), Mitigate - to make it less, Accept
(Negative/Positive) - best strategy may not be to Avoid, Transfer, Mitigate, Share, or Enhance it. Instead, the best strategy may be simply to Accept it
and continue with the project. If the cost or impact of the other strategies is too greater, acceptance is the best strategy.
# TT2: Exploit - trying to remove any uncertainty, Share - improve their chances of the positive risk occurring by working with another party, Enhance -
first we have to understand the underlying cause(s) of the risk. By influencing the underlying risk triggers, you can increase the likelihood of the risk
occurring.
#TT3: Some responses are designed for use only if certain events occur. Actions to be taken when +ve or ve risks occur. E.g. drop in price of raw
materials, Risk triggers are designed. Risk responses identified using this technique are often called contingency plans or fallback plans and include
identified triggering events that set the plans in effect.
Secondary Risks (New Risks) A risk that arises as a result of implementing risk response
Residual Risks (Existing Risks) A risk that remains even after the risk response has been performed
Business Risk - Risk of gain or loss
Pure (Insurable) Risk Only Risk of loss (Fire, theft, injury)
1. Risk Register Updates: Residual Risks, Secondary Risks, Contingency Plan, Risk Response Owners, Fall-back Plans, Reserves/Contingency, and Risk
Triggers.
1. Risk Register 1. Strategies for Negative Risks or Threats 1. Risk Register Updates
PLANNING

2. Risk Management Plan 2. Strategies for Positive Risks or Opportunities 2. Risk-related Contract Decisions
3. Contingent Response Strategies 3. Project Management Plan Updates
4. Expert Judgment 4. Project Document Updates

It is based on PMBOK 5. Please note that these are my personal notes and created using several books, online forums, already created notes by others. If you have any suggestions please feel free to drop an email to
shraddha.pmp@gmail.com. There is no liability assumed for damages resulting from the use of information.
11.6 Control Risks: The process of IMPLEMENTING risk response plans, TRACKING identified risks, MONITORING residual risks, IDENTIFYING new risks, and
EVALUATING risk process effectiveness throughout the project. #TT5: Focuses on functionality, looking at HOW the project has met its goals for
delivering the scope over time.
TT3 : Reserves Management Reserves (unknown unknown) money set aside to handle any unknown cost
Contingency Reserves (known unknown) risks that you know about and explicitly planned for and put in risk register
1. Risk Register Updates: Outcomes of Risk Audits and Reassessments, Identification of New Risks, Closing Risks that no longer applicable, Details what
happened when Risks occurred, and Lessons Learned.
1. Risk Register 1. Risk Audits 1. Work Performance Information
2. Project Management Plan 2. Risk Reassessment 2. Change Requests
3. Work Performance Data (4.3 Direct & Manage 3. Reserve Analysis 3. Project Management Plan Updates
M&C

project work executing )

4. Work Performance Reports (4.4 M&C Prj Wrk) 4. Meetings 4. Project Document Updates
5. Technical Performance Measurement 5. Organizational Process Assets Updates
6. Variance and Trend Analysis

It is based on PMBOK 5. Please note that these are my personal notes and created using several books, online forums, already created notes by others. If you have any suggestions please feel free to drop an email to
shraddha.pmp@gmail.com. There is no liability assumed for damages resulting from the use of information.
 1. An error value of 7% represents the threshold (Point at which a risk becomes unacceptable) the project is allowed to operate under. To get
certification threshold is to get 70 answers right out of 150. Then 70 is the threshold.
2. The utility function describes a person's willingness to tolerate risk.
3. When the scope has been changed, the project manager should require risk planning to analyse the additions for risks to the project success.
4. Monte Carlo simulations can reveal multiple scenarios and examine the risks and probability of impact.
5. Force Majeure Risks, such as Earthquakes, Floods, Acts of Terrorism, Etc., should be covered under Disaster Recovery Procedures instead of
Risk Management.
6. Monte Carlo Analysis would show you WHERE SCHEDULE RISK EXISITS (Points of Schedule Risk). It is a Computer-based Analysis & useful for
revealing Schedule Risks
7. Workaround is what you do if the RISK OCCURS, but it does NOT REDUCE THE RISK. It is not planned.
8. A decision tree allows you to make an informed decision today based on probability and impact analysis. You can decide based on the expected
monetary value of each of your options.
9. A risk rating matrix is developed by a department or a company to provide a standard method for evaluating risks. This improves the quality of
the rating for all projects. A risk rating matrix is created during the Perform Qualitative Risk Analysis process.
10. If you cannot determine an exact cost impact of the event, use qualitative estimates such as Low, Medium, High, etc.
11. Prioritized risk ratings are an input to the Plan Risk Responses process.
12. First, you should evaluate the impact of the change. Next, determine options. Then go to management and the customer.
13. The Risk Owner should be looking for triggers and implementing the risk response strategy.
14. Expected monetary value (EMV) is computed by EMV = Probability x Impact. We need to compute both positive and negative values and then
add them. 0.6 x $100,000 = $60,000. 0.4 x ($100,000) = ($40,000). Expected Monetary Value = $60,000 - $40,000 = $20,000 profit.

It is based on PMBOK 5. Please note that these are my personal notes and created using several books, online forums, already created notes by others. If you have any suggestions please feel free to drop an email to
shraddha.pmp@gmail.com. There is no liability assumed for damages resulting from the use of information.
 The expected monetary value takes into account the probability and the impact. The calculation is: (0.05 x 21) + (0.5 x 56) - (0.3 x 28) The last
part is subtracted because it represents an opportunity and should be balanced against the threat.
15. The risk response owner is assigned to carry out responses and must keep the project manager informed of any changes.
16. Force majeure is a powerful and unexpected event, such as a hurricane or other disaster.
17. Uncertainty is a lack of knowledge about an event that reduces confidence in conclusions drawn from the data. Investigations about
uncertainties can help reduce risk. Uncertainties about cost, time , quality needs etc
18. Someone who does not want to take risks is said to be Risk Averse
19. Risk factors- probability that it will occur (what). Range of possible outcomes (impact), expected timing (when), anticipated frequency (how
often)
20. Risk Tolerances are the areas that are acceptable or unacceptable. It can include any project constraints
21. Risk Categorization based on External, Internal, Technical, Unforeseeable
22. Watchlist (non-critical or non-top Risks) risks documented for later review
23. Fallback plans these are specific actions will be taken of contingency plan is not effective.
24. Closings of Risk that are no longer applicable are important.

It is based on PMBOK 5. Please note that these are my personal notes and created using several books, online forums, already created notes by others. If you have any suggestions please feel free to drop an email to
shraddha.pmp@gmail.com. There is no liability assumed for damages resulting from the use of information.