PMCAMPUS.

com PMP® Exam Prep Course

eNOTES
Risk
PMBOK 4th Edition

-------------------------------------

PMCAMPUS.com / Mokanova Inc. is a PMI R.E.P Global provider: R.E.P. #2193

PMI, PMBOK, PMP, CAPM, and the R.E.P. logo

are owned and registered trademarks and logo of the Project Management Institute Inc.

Last update: March 10, 2010

© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors

All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.
 TABLE OF CONTENTS

OVERVIEW OT THE 6 RISK PROCESSES........................................................................... 1

HOW THE OUTPUTS ARE LINKED AS INPUTS................................................................... 2
PLAN RISK MANAGEMENT............................................................................................... 4
IDENTIFY RISKS ............................................................................................................ 5
PERFORM QUALITATIVE RISK ANALYSIS ......................................................................... 6
PERFORM QUANTITATIVE RISK ANALYSIS ....................................................................... 7
PLAN RISK RESPONSE .................................................................................................... 8
MONITOR AND CONTROL RISKS ..................................................................................... 9

© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors

All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.
 1

OVERVIEW OT THE 6 RISK PROCESSES

PROCESS DESCRIPTION GROUP INPUTS T&T OUTPUTS

Project scope
Plan Risk Determine statement
Risk
Managem approach and plan Mgmt Plans: Planning meetings
management
ent risk mgmt Cost; Schedule; and analysis
plan
activities Communications
EEF; OPA
Risk mgmt plan
Activity cost Documentation
estimates reviews
Activity duration Info-gathering
Determine and estimates techniques
Identify document Scope baseline Checklist analysis
Risk register
Risks characteristics of Stakeholder register Assumptions analysis
potential risks Mgmt Plans: Diagramming
Cost; Schedule techniques
Quality SWOT analysis
Project documents Expert judgment
EEF; OPA
Risk P/I assessment
Probability & impact
Perform Conduct qualitative Risk register matrix
Qualitativ analysis of risks Plan Risk mgmt plan Risk data quality
UPDATES to:
e and conditions and Project scope assessment
Risk register
Risk prioritize their statement Risk categorization
effects OPA Risk urgency
Analysis
assessment
Expert judgment
Data gathering &
Measure probability Risk register
Perform and consequences representation
techniques
Quantitati of risks and Mgmt Plans: UPDATES to:
Quantitative risk
ve Risk estimate Risk; Cost; Risk register
analysis & modeling
Analysis implications for Schedule
techniques
project objectives OPA
Expert judgment
Risk related
Strategies for:
Develop options contract
Negative risks or
Plan and actions to decisions
threats
enhance UPDATES to:
Risk Risk register Positive risks or
opportunities and Risk register
Responses reduce threats to
Risk mgmt plan opportunities
Project mgmt
Contingent response
the project's plan
strategies
objectives Procurement
Expert judgment
docs
Risk reassessment
Monitor residual Change requests
Risk register Risk audits
Risk risks, identifying UPDATES to:
Project Variance & trend
new risks, Risk register
Monitoring management plan analysis
executing risk Control Work performance
OPA Project
and response plans and
Technical performance
mgmt plan
Control information measurement
evaluating their Project
Performance reports Reserve analysis
effectiveness. documents
Status meetings

© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors

All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.
 2
HOW THE OUTPUTS ARE LINKED AS INPUTS

Review this table to understand how the various outputs (O) are then input (I) to the next process.

MONITOR &
CONTROL
PLANNING

Documents/Tools/Techniques

Perform Quantitative
Perform Qualitative

Risk Monitoring &

Risk Management
Legend: Inputs -> I

Risk Response
Identify Risks

Risk Analysis

Risk Analysis
Tools & Techniques -> T

Planning

Control
Outputs -> O

Plan
Project scope statement I I
Cost management plan I I
Schedule management plan I I
Communications management plan I
Enterprise environmental factors I I
Organizational process assets I I I I
Planning meetings and analysis T
Risk management plan O I I I I
Activity cost estimates I
Activity duration estimates I
Scope baseline I
Stakeholder register I
Quality management plan I
Project documents I
Documentation reviews T
Info-gathering techniques T
Checklist analysis T
Assumptions analysis T
Diagramming techniques T
SWOT analysis T
Expert judgment T T T T
Risk register O I I I I
Risk P/I assessment T
Probability & impact matrix T
Risk data quality assessment T
Risk categorization T
Risk urgency assessment T
UPDATES: Risk register O O O O
Data gathering & representation techniques T
Quantitative risk analysis & modeling techniques T
Strategies for Negative risks or threats T
Strategies for Positive risks or opportunities T
Strategies for Contingent response strategies T
Risk related contract decisions O
© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors
All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.
 3

MONITOR &
CONTROL
PLANNING

Documents/Tools/Techniques

Perform Quantitative
Perform Qualitative

Risk Monitoring &

Risk Management
Legend: Inputs -> I

Risk Response
Identify Risks

Risk Analysis

Risk Analysis
Tools & Techniques -> T

Planning

Control
Outputs -> O

Plan
Project management plan I
Work performance information I
Performance reports I
Risk reassessment T
Risk audits T
Variance & trend analysis T
Technical performance measurement T
Reserve analysis T
Status meetings T
Change requests O
UPDATES: OPA O
UPDATES: Project mgmt plan O O
UPDATES: Project documents O O

GENERAL CONCEPTS OF RISK

Types of Risk: Business: carry both opportunities for both gains and losses
Pure/Insurable: only opportunity for losses:
Direct property damage
Indirect consequential lost (clean up costs after)
Legal liability
Personnel

Risk Factors: Risk event: precisely what might happen to the detriment or benefit of the
project
Probability: how likely the event will occur
Amount at
Stake: the extent of the loss or gain that could result (or impact)

Risk Responsibility: The CUSTOMER is responsible for identifying risks. They know their
environment.

Highest Risk Impact: During implementation and closeout process.

© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors

All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.
 4

PLAN RISK MANAGEMENT

Deciding how to approach, plan and execute the risk management activities.
A balance must be struck between no planning, and planning to the point of
project paralysis. The key is to balance the cost of the planning process, along with
likely costs of counter measures, against the benefits to be delivered by the project.
This can only be done in conjunction with the various stockholders.
Goal is to maximize the opportunities and minimize the threats.

Project scope Assumptions specified in the scope statement should be assessed for
statement risk.
Cost Management Plan Defines how risk budgets, contingencies and management reserves will
be reported and assessed.
Schedule Mgmt Plan Defines how schedule contingencies will be reported and assessed.
Communications Mgmt Defines who is responsible for risk management, reporting frequency
Plan etc.
Enterprise Different organizations and different individuals have different
environmental factors tolerances for risk. Understand them and plan accordingly.
Risk averter: not likely to take a risk that is considered to be a high
risk. The more money at stake, the less likely the risk averter is to take
the risk since the satisfaction or tolerance diminishes.
Risk seeker: prefers an uncertain outcome and may be willing to pay a
penalty to take a high risk with a large amount of money at stake. In
other words, the higher the risk and the greater potential for benefit,
the more likely the risk seeker is to take the risk.
Risk neutral: person’s tolerance for risk is proportional to the amount of
money at stake.
Org process assets The risk management approach or policy already defined within the
organization – risk categories, templates, R& R etc.
Planning meetings Attendees include: Project manager and team, anyone in the
and analysis organization responsible for risk planning, other key
stakeholders, others as needed.
Avoid having one person do the plan.
Risk management plan Describes the project team’s approach to:
identifying, analyzing, responding to, monitoring and controlling risks.
Includes:
 Methodology (How)
 R & R (Who)
 Budget
 Timing (When)
 Risk categories
 Scoring & interpretation (risk assessment scales – P/I)
 Reporting format (How)
 Revised stakeholders tolerances
 Thresholds
 Tracking

© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors

All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.
 5

IDENTIFY RISKS
Determine what internal and external risks will likely occur
and document the characteristics of each.
Performed throughout the project life cycle repeatedly.

Risk mgmt plan Output from Plan Risk Management

The guide to the team on how risk will be managed throughout the PLC.
Activity cost estimates
Risk will be expressed in range of estimate. Review may determine the
Activity duration estimate is insufficient posing a risk to the project.
estimates
Scope baseline Assumptions are documented in the scope statement.
WBS is crucial to determine the overall risk to the project.
Stakeholder Register Identifies key stakeholders to assist in risk identification.
Cost mgmt plan Specific approach to cost management determines the degree of risk.
Schedule mgmt plan Specific approach to schedule management determines the degree of
risk.
Quality mgmt plan Specific approach to quality management determines the degree of risk.
Project documents Assumptions log, EV, work performance reports, network diagrams….
Enterprise Published information, risk attitudes, commercial databases,
environmental factors benchmarking, academic studies are sources of risks identification.
Org process assets Lessons learned from previous projects
Documentation reviews Quality of plans, lack of or inconsistency of various project documents
could indicate potential risk for the project.
Info-gathering Brainstorming, Delphi, Interviewing - risk oriented meetings with
techniques various stakeholders may reveal more risks not evident during planning.
Checklist analysis Organized by source of risk: project context, other planning process
outputs; technology or product issues; internal sources such as team
members
Assumptions analysis Explores the assumptions validity. Identifies risks due to inaccuracy,
inconsistency or incomplete assumptions.
Diagramming Cause and effects; system process flow charts; influence diagrams
techniques
SWOT analysis Examines the project from the strengths, weaknesses, opportunities and
threats.
Expert judgment Consider the “experts bias” during this process.
Risks register Initial entries into the risk register – lists of risks and potential
responses if available.
Risks: An uncertain event or condition that, if it occurs has a positive or
negative effect.
Includes: List of identified risks, potential responses, root causes of risk,
risk categories.

© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors

All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.
 6

PERFORM QUALITATIVE RISK ANALYSIS

Assessing the probability and consequences of risks and estimating their implications on project objectives
to determine their priority for further quantitative analysis and/or risk response planning.

• Prioritizes risks according to their impact on project objectives

• Determines the importance of addressing and planning responses for specific risks and their
time-criticality
• Evaluates the quality of the risk information available
• Requires that the probability and consequences of the risks be evaluated using established
qualitative-analysis methods and tools
• Trends in repeated qualitative analysis can indicate the need for more or less risk management
action
• Should be revisited during the project life cycle to stay current with changes in the project’s
risks
• Can lead to further analysis in quantitative risk analysis or directly to risk response planning

Qualitative (foundational) Quantitative (optional)

• What is the risk?
• Why might it happen?
• How likely is it?
• How bad/good might it be (impact)?
• Does it matter?
• What can we do?
• When should we act?
• Who is responsible?
• Modeling uncertainty
• Simulate combined effect of risks
• Predicting outcomes
• Range, min/max, expected
• Testing scenarios
• Setting confidence limits
• Identifying criticalities
• Determining options

Risk register Provides a list of the identified risks.

Risk mgmt plan How the team will manage project risk.
Scope statement The scope statement will identify if the project is similar to previous
projects or first of its’ kind which usually will have more uncertainty.
Org process assets Lessons learned on previous project risks
Risk P/I assessment Likelihood that a risk will occur
Consequences on project if the risk does occur
Probability & impact Risk probability – the likelihood that a risk will occur
matrix Risk consequences – the impact of the risk on project objectives
The above may be described in “qualitative” terms, such as “very high”,
“high”, “medium”, “low” or “very low”.
Risk data quality Description of the extent to which a risk is known and understood.
assessment Measurements
The extent of data available
The reliability of the data
Evaluation of the source of the data used to identify each risk.
Risk categorization Use the RBS or WBS to categorize the risks.
Risk urgency Immediate or near term risks can affect the risk rating making it more
assessment urgent to assess the risk response.
Expert judgment Consider experts bias.
Risk register (updates) Output from the Identify Risk process
Updates such as: ranking, categories of risk, causes, watch list low
priority risks, trends…..

© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors

All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.
 7

PERFORM QUANTITATIVE RISK ANALYSIS

Evaluating risks and risk interactions to analyze numerically the probability of each risk
and its consequence on project objectives.
Determining which risks we need to worry about. Not all risks are quantifiable.
Uses a set of structured tools to help decide which
risk events warrant a response strategy of some kind.

Risk register List of identified risks, ranking, and categories

Risk mgmt plan Risk management guide, R& R, budgets and schedules for risk
Cost mgmt plan Establishes the controls for budget which will help determine the structure
and/or application approach for quantitative analysis.
Schedule mgmt plan Establishes the controls for the schedule which will help determine the
structure and/or application approach for quantitative analysis.
Org process assets Studies of previous projects by risk specialists and risk databases from
other industries.
Data gathering and A method of taking subjective probability and representing that data
representation objectively.
techniques Dependent on types of probability used
Triangular and Beta
use 3-point estimates (P, ML and O)
Normal, log and uniform, use means and standard deviations
Quantitative risk Decision Trees: Diagram shows key interactions among decisions and
analysis and modeling associated chance events. Decisions are shown as boxes and chances as
techniques circles.

EMV: probability times the expected outcome.

Simulation: Analyze the behavior of the system. Most common is the

schedule simulation which uses the project network as the model based
on the Monte Carlo analysis.

Monte Carlo Analysis: Superior approach to analyzing the schedule

compared to PERT or CPM as these two tend to underestimate and fail to
account for path convergence. This performs the project many times to
provide a statistical distribution of the calculated results to quantify the
risk of various schedule alternatives, different project strategies, different
paths through the network, or individual activities.

Impact Analysis: What is the likelihood the event will occur vs the
severity of the impact on the project if it does occur. I.e. You have a
high probability it will snow, but you live in Maine so the risk is low.
You have a low probability it will snow, but you live in Miami so the risk is
high and would be disastrous.

Sensitivity Analysis: Places value on impact to the project by changing a

single variable. Completed only on variables with the greatest impact on
cost, schedule or economic return on the project.
Utility Theory: Considers the attitude of the decision maker; their pain
vs pleasure.

Range Estimating: Determines the maximum tolerable variation in an

estimates total cost.
Mathematical probability that a cost overrun will occur
Risks and opportunities ranked in order of bottom-line importance
The contingency required for a given level of confidence.

© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors

All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.
 8

Expert judgment Can validate the reliability of the techniques used.

Risk register (updates) Output of Risk Identification.
Updates include: probabilistic analysis of the project, probability of
achieving cost and time objectives, prioritized list of quantified risks and
trends in quantitative risk analysis results.

PLAN RISK RESPONSE

Defining enhancement steps for opportunities and
mitigation steps to respond to threats.

Risk register Output of Identify Risk

Risk mgmt plan The guide to how risk response planning will be conducted.
Strategies for Avoid: Change the plan to eliminate risk events
negative risks or Transfer: to a third party with ownership of the response.
threats Does not eliminate the risk.
Mitigate: Taking early action/change the plan to reduce the
monetary risk by reducing the probability of
occurrence with proven technology; use a sub
contractor; use reserve.
Acceptance: Active: Develop a contingency plan to execute if
risk occurs.
Passive: Acceptance of lower profit if activities
overrun.
Positive risks or Responses to specifically address potentially positive impacts to the
opportunities project objectives by exploiting, sharing or enhancing.
Both threats and Acceptance: Active: Develop a contingency plan to execute if
opportunities risk occurs.
Passive: Acceptance of lower profit if activities
overrun
Contingent response Contingency reserves: A provision to mitigate cost and/or schedule risk.
strategy Types: mgmt, contingency, schedule
Expert judgment Will assist with the actions.
Risk register (updates) Updates at this step of the process could be: contingency reserves of time
and cost, symptoms and warning signs, agreed upon response strategies
etc.
Risk related contractual Agreements for insurance, services are prepared.
agreements
Project Mgmt Plan Agreed upon risk response strategies are processed through the
(updates) appropriate knowledge areas and updated in the project management
plan.
Project document Assumptions log, technical documentation
(updates)

© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors

All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.
 9

MONITOR AND CONTROL RISKS

Executing the Risk Mgmt Plan to respond to risk events during the project.
When changes occur the basic cycle of identify, quantify and respond is repeated.

Risk register Output of Identify Risk

Project mgmt plan Contains the risk mgmt plan with risk tolerances, guide, R & R …….
Work performance Project deliverables status, corrective actions and performance reports.
information
Performance reports Analysis of work performance may influence the risk management
process.
Risk reassessment New risks may be identified and changes to existing risks.
Risk audits Examine the effectiveness of the risk management process.
Variance and trend Earned value analysis may reflect potential risk to meeting overall project
analysis objectives.
Technical performance Deviations between the technical accomplishments to the plan help to
measurement determine or forecast the degree of success in achieving project scope.
Reserve analysis Regular review of the contingency reserves left to ensure adequate
remaining reserve is available.
Status meetings Should be held periodically
Risk register (updates) Outcomes of risk reassessments, audits, and risk reviews.
Org process assets Lessons learned and final templates, risk registers, checklist and RBS’s are
(updates) added to the assets.
Change requests Prepared and submitted through the Integrated Change Control process
and once approved are inputs to the Direct and Manage Project Execution.
Can be for preventive actions to include contingency plans and
workarounds
Can be for corrective actions taken to bring expected performance in line
with the plan.
Project mgmt plan Approved changes must be updated in the plan.
(updates)
Project document Assumptions log, technical documentation
updates

© 2003-2010 PMCAMPUS.com/Mokanova Inc. and Licensors

All rights reserved. Single and personal use only. Do not distribute electronically or print additional copies.