Post on 09-Jan-2017
1
Project Risk ManagementChapter 11
2
Risk & Hazard
Definitions.
11.1 Plan Risk Management
11.2 Identify Risk
11.3 Perform Qualitative Risk Analysis
11.4 Perform Quantitative Risk Analysis
11.5 Plan Risk Response
KEY TERMS
3
Risk )Uncertainty(Threats……Opportunities
Hazard
Project Risk Management
3
Knowledge
Area
Process
Initiating Planning ExecutingMonitoring &
ControlClosing
Human
Resource
11.1 Plan Risk Management
11.2 Identify Risk
11.3 Perform Qualitative Risk
Analysis
11.4 Perform Quantitative Risk
Analysis
11.5 Plan Risk Response
11.6 control risk
Enter phase/
Start project
Exit phase/
End project
Initiating
Processes
Closing
Processes
Planning
Processes
Executing
Processes
Monitoring &
Controlling Processes
5
11.1 Plan Risk Management
The process of defining how to conduct risk
management activities for a project.
11.2 Identify Risks
The process of determining which risks may affect
the project and documenting their characteristics.
11.3 Perform Qualitative Risk Analysis
The process of prioritizing risks for further analysis
or action by assessing and combining their
probability of occurrence and impact.
6
11.4 Perform Quantitative Risk Analysis
The process of numerically analyzing the effect of
identified risks on overall project objectives.
11.5 Plan Risk Responses
The process of developing options and actions to
enhance opportunities and to reduce threats to
project objectives.
11.6 Control Risks
The process of implementing risk response plans,
tracking identified risks, monitoring residual risks,
identifying new risks, and evaluating risk process
effectiveness throughout the project.
7
Risk Factors
1. The probability that a risk event will occur
(how likely)
2. The range of possible outcomes
(impact or amount at stake)
3. Expected timing for it to occur in the project life
cycle (when)
4. The anticipated frequency of risk events from that
source (how often)
8
Sources Of Risks• Schedule
• Cost
• Quality
• Scope
• Resources
• Customer satisfaction (stakeholder satisfaction)
Risk Categories• External Regulatory, environmental, government, market shifts
• Internal Time, cost, or scope changes…………..
• Unforeseeable Only a small portion of risks (some say about 10
percent)
• Technical Changes in technology.
9
Risk Categories ( Risk Breakdown Structure )
10
Definitions
• Risk appetite a general, high-level description of the
acceptable level of risk.
• Risk tolerance the degree, amount, or volume of risk that
an organization or individual will accept.
• Risk threshold the specific point at which risk becomes
unacceptable
11
Definitions
• Risk Averse ( Averter ) :
someone who does not want to
take risks.
• Risk Seeker :
someone who want to take risks.
12
• Probability and Impact Matrix
• Risks are prioritized according to their potential implications
• Each risk is rated on its probability of occurrence and
impact on an objective if it does occur.
• Used in Qualitative analysis
13
• Probability and Impact Matrix
No Category Description of Risk IMPACT PROBABILITYRISK
LEVEL
1 Resource Testing environment not available 4 B ORANGE
2 ScheduleDocumentation approval took longer
time4 A RED
Colors shows
level of
importance
14
• Probability and Impact Matrix ( PMBOK )
• Probability x Impact = Rate to categorize
15
• Expected monetary value analysis
• Decision Tree Diagram used in Quantitative Analysis
• Probability x Impact = Value to categorize
• EVM is the largest value.
16
Quiz
Prototype
setup cost
200,000 $
Don’t
Prototype
setup cost
0 $
Failure: 35% probability
and $120,000 impact
Pass: No impact
Failure: 70% probability
and $450,000 impact
Pass: No impact
?
17
Quiz
Prototype
setup cost
200,000 $
Don’t
Prototype
setup cost
0 $
Failure: 35% probability
and $120,000 impact
Pass: No impact
Failure: 70% probability
and $450,000 impact
Pass: No impact
?
EMV= 0.35X -120= 42,000$
EMV= 0.7X -450= 315,000$
EMV= -315,000$
EMV= -200-42= -242,000$
We go with prototype
We will pay less 242.000 $
18
11.1 Plan Risk Management
19
11.1 Plan Risk Management
The process of defining how to conduct risk
management activities for a project.
20
21
11.1 Plan Risk Management Inputs
1. Project Management Plan
2. Project Charter
3. Stakeholder Register
4. EEF
risk attitudes, thresholds, and tolerances
5. OPA
1. Analytical Techniques
2. Expert Judgment
3. Meetings
11.1 Plan Risk Management T & T
22
11.1 Plan Risk Management Outputs
• Risk Management Plan : includes
Methodology
Roles and Responsibilities
Budgeting
Timing
Risk Categories
Definition of probability and impact
Probability and Impact Matrix
Revised stakeholders’ tolerance
Reporting format
Tracking
23
11.2 Identify Risk
24
11.2 Identify Risk
The process of determining which risks may affect
the project and documenting their characteristics.
25
11.2 Identify Risk Inputs
Risk Management Plan
Cost management Plan
Schedule Management Plan
Quality Management Plan
Human Resource Management Plan
Scope Baseline
Activity Cost Estimates
Activity Duration Estimates
Stakeholder Register
Project Documents
Procurement Documents
EEF
OPA
26
11.2 Identify Risk T & T
1. Expert Judgment
2. Documentation Reviews
3. Information Gathering Techniques
Brainstorming / Delphi Technique
Interviewing / Root cause analysis
4. Checklist Analysis from
historical information / RBS
5. Assumptions Analysis
Explores the validity of assumptions as they apply
to the project
27
11.2 Identify Risk T & T
6. Diagramming Techniques
• Cause-and-effect (fishbone diagrams / Ishikawa diagrams)
Trace the problem’s source back to its “actionable root
cause”
28
11.2 Identify Risk T & T
6. Diagramming Techniques
• Flowcharting (Process Map) a graphical representation of
a process showing the relationships among process steps
and display the sequence of steps
29
11.2 Identify Risk T & T
6. Diagramming Techniques
• Influence diagrams. A graphical representations of
situations showing causal influences, time ordering of
events, and other relationships among variables and
outcomes.
30
11.2 Identify Risk T & T
7. SWOT Analysis
This analysis looks at the project to identify its strengths and
weaknesses and thereby identify risks
31
11.2 Identify Risk Outputs
Risk Register
• List of identified risks
• List of potential responses
• Root causes of risks
• Updated risk categories
32
Risk Register Template
33
11.3 Perform Qualitative Risk
Analysis
34
11.3 Perform Qualitative Risk Analysis
The process of prioritizing risks for further analysis
or action by assessing and combining their
probability of occurrence and impact.
35
36
11.3 Perform Qualitative Risk Analysis Inputs
1. Risk Management Plan
2. Scope Baseline
3. Risk Register
4. EEF
5. OPA
37
11.3 Perform Qualitative Risk Analysis T & T
1. Probability and Impact Assessment
investigates the likelihood and impact for each risk
2. Risk Probability and Impact Matrix
38
11.3 Perform Qualitative Risk Analysis T & T
2. Risk Data Quality Assessment evaluate project data
3. Risk Categorization RBS
4. Risk Urgency Assessment
Risks requiring near-term responses may be
considered more urgent to address
2. Expert Judgment
39
11.3 Perform Qualitative Risk Analysis Outputs
Risk Register
Updates
• Risk ranking for the project compared
to other projects
• List of prioritized risks and their
probability and impact
• Risk grouped by categories
• List of risks for additional analyses and
responses
• Watch list (noncritical risks)
• List of risks need analyses in the near
term
40
11.4 Perform Quantitative Risk
Analysis
41
11.4 Perform Quantitative Risk Analysis
The process of numerically analyzing the effect of
identified risks on overall project objectives.
42
43
11.4 Perform Quantitative Risk Analysis Inputs
1. Risk Management Plan
2. Cost Management Plan
3. Schedule Management Plan
4. Risk Register
5. EEF
6. OPA
44
11.4 Perform Quantitative Risk Analysis T & T
1. Data Gathering and Representation Techniques
• Interviews with experts using 3 point estimating for
cost & time
45
11.4 Perform Quantitative Risk Analysis T & T
1. Data Gathering and Representation Techniques
• Probability distributions. Using simulation software
46
11.4 Perform Quantitative Risk Analysis T & T
2. Quantitative Risk Analysis and Modeling Techniques
• Sensitivity analysis ( tornado diagram )
Determine which risks have the most potential impact.
Change one element and freeze the others to see the relationship
47
11.4 Perform Quantitative Risk Analysis T & T
2. Quantitative Risk Analysis and Modeling Techniques
• Expected monetary value analysis(Decision Tree Diagram)
• Modeling and simulation
48
11.4 Perform Quantitative Risk Analysis Outputs
Project
Documents
Updates
• Probabilistic analysis of the project
• Probability of achieving cost and
time objectives
• Prioritized list of quantified risks
• Trends in quantitative risk analysis
results
• Initial amount of contingency time
and cost reserves needed
49
11.5 Plan Risk Responses
50
11.5 Plan Risk Responses
The process of developing options and actions to
enhance opportunities and to reduce threats to
project objectives.
• Do something to eliminate the threats before they happen.
• Do something to make sure the opportunities happen.
• Decrease the probability and/ or impact of threats.
• Increase the probability and/ or impact of opportunities.
51
52
11.5 Plan Risk Responses T & T
1. Strategies for Negative Risks or Threats
Avoidance:
• Risk prevention
• Changing the plan to eliminate a risk
by avoiding the cause/source of risk
Examples:
Change the implementation strategy
Do it ourselves (do not subcontract)
Reduce scope to avoid high risk deliverables
Adopt a familiar technology or product
53
11.5 Plan Risk Responses T & T
1. Strategies for Negative Risks or Threats
Mitigation
• Seeks to reduce the impact or probability of the risk
• Take early actions to reduce impact/probability and
don’t wait until the risk hits your project
• Examples:
Staging - More testing
Redundancy planning
Use more qualified resources
54
11.5 Plan Risk Responses T & T
1. Strategies for Negative Risks or Threats
Transfer
• Shift responsibility of risk consequence to another party
• Does not eliminate risk
• Most effective in dealing with
financial exposure
• Examples:
Buy/subcontract: move liabilities
Insurance: liabilities + bonds + Warranties
Selecting type of Procurement contracts: Fixed Price
55
11.5 Plan Risk Responses T & T
1. Strategies for Negative Risks or Threats
Acceptance
• Used when project plan cannot be changed
& other risk response strategy cannot be
used
Active Acceptance
• Develop a contingency plan to execute if the risk occur
• Contingency plan = be ready with Plan B
Passive Acceptance
• Deal with the risks as they occur = No Plan B prepared
56
11.5 Plan Risk Responses T & T
2. Strategies for Positive Risks or Opportunities
• Exploit :
Ensure opportunity is realized.
Ex: Assigning organization most talented resources to the
project to reduce cost lower than originally planned.
• Share
• Allocating some or all of the ownership to third part best
able to capture the opportunity.
Ex: Joint ventures, special-purpose companies
57
11.5 Plan Risk Responses T & T
2. Strategies for Positive Risks or Opportunities
• Enhance:
Increase the probability and/or the positive impact of
the opportunity
Ex: Adding more resources to finish early
Accept:
Welling to take advantage of opportunity if it comes, but not
actively pursuing it.
3. Contingent Response Strategies.
4. Expert Judgment.
58
11.5 Plan Risk Responses Outputs
1. Project Management Plan Updates
2. Project Documents Updates
• Residual risks These are the risks that remain after
risk response planning
• Contingency plans are plans describing the actions
that will be taken if the opportunity or threat occurs.
• Fallback plans These plans are specific actions that
will be taken if the contingency plans are not effective.
• Risk owners the person who will be assigned to carry
out the risk response
59
• Secondary risks Any new risks created by the
implementation of selected risk responses.
• Risk triggers These are events that trigger the
contingency response. The early warning signs for each
risk.
• Contracts Before the contract is finalized, the project
manager should have completed a risk analysis and
included contract terms and conditions required.
• Reserves (contingency) Having reserves for time and
cost is required
(known-unknown) (unknown-unknown)
60
What do you do with noncritical risks?
Document them in a watch list and revisit them periodically
Would you choose only one risk response strategy?
No, you can select a combination of choices.
What risk management activities are done during the
execution of the project?
Watching out for watch-listed (noncritical) risks that
increase in importance, and looking for new risks.
What is the most important item to address in project team
meetings?
Risk.
61
11.6 Control Risk
62
11.6 Control Risk
The process of implementing risk response plans,
tracking identified risks, monitoring residual risks,
identifying new risks, and evaluating risk process
effectiveness throughout the project.
63
64
11.6 Control Risk Inputs
1. Risk Register
2. Project Management Plan
3. Work Performance Data
4. Work Performance Reports
65
11.6 Control Risk T & T
• Workarounds are unplanned responses developed to
deal with the occurrence of unanticipated events or problems
on a project (or to deal with risks that had been accepted )
• Risk Reassessment.
• Risk Audit.
• Variance and Trend Analysis to compare the planned
results to the actual results.
Technical Performance Measurement.
compares technical accomplishments during execution to
The schedule of technical achievement.
• Reserve Analysis.
• Meetings
66
11.6 Control Risk Outputs
1. Work Performance Information
2. Change Requests• Recommended corrective actions
• Recommended preventive actions
3. Project Management Plan Updates
4. Project Documents
Updates
Risk Register Updates
• Outcomes from risk assessment & risk
audit.
• Results of risk response implementation.
• Closing of risks which are not applicable.
5. OPA
Questions
67
1. All of the following are factors in the assessment of
project risk EXCEPT:
A. Risk events.
B. Risk probability.
C. Amount at stake.
D. Insurance premiums.
Questions
68
1. All of the following are factors in the assessment of
project risk EXCEPT:
A. Risk events.
B. Risk probability.
C. Amount at stake.
D. Insurance premiums.
Answer : D
Questions
69
2. If a project has a 60 percent chance of a US $100,000
profit and a 40 percent chance of a US $100,000 loss, the
expected monetary value (EMV) for the project is:
A. $100,000 profit.
B. $60,000 loss.
C. $20,000 profit.
D. $40,000 loss.
Questions
70
2. If a project has a 60 percent chance of a US $100,000
profit and a 40 percent chance of a US $100,000 loss, the
expected monetary value (EMV) for the project is:
A. $100,000 profit.
B. $60,000 loss.
C. $20,000 profit.
D. $40,000 loss.
Answer : C
Questions
71
3. Assuming that the ends of a range of estimates are +/- 3
sigma from the mean, which of the following range
estimates involves the LEAST risk?
A. 30 days, plus or minus 5 days
B. 22 to 30 days
C. Optimistic = 26 days, most likely = 30 days, pessimistic
= 33 days
D. Mean of 28 days
Questions
72
3. Assuming that the ends of a range of estimates are +/- 3
sigma from the mean, which of the following range
estimates involves the LEAST risk?
A. 30 days, plus or minus 5 days
B. 22 to 30 days
C. Optimistic = 26 days, most likely = 30 days, pessimistic
= 33 days
D. Mean of 28 days
Answer : C
Questions
73
4. If a risk has a 20 percent chance of happening in a given
month, and the project is expected to last five months, what
is the probability that this risk event will occur during the
fourth month of the project?
A. Less than 1 percent
B. 20 percent
C. 60 percent
D. 80 percent
Questions
74
4. If a risk has a 20 percent chance of happening in a given
month, and the project is expected to last five months, what
is the probability that this risk event will occur during the
fourth month of the project?
A. Less than 1 percent
B. 20 percent
C. 60 percent
D. 80 percent
Answer : B
Questions
75
5. Most of the risks will be identified during which risk
management processes?
A. Perform Quantitative Risk Analysis and Identify Risks.
B. Identify Risks and Control Risks/
C. Perform Qualitative Risk Analysis and Control Risks.
D. Identify Risks and Perform Qualitative Risk Analysis.
Questions
76
5. Most of the risks will be identified during which risk
management processes?
A. Perform Quantitative Risk Analysis and Identify Risks.
B. Identify Risks and Control Risks/
C. Perform Qualitative Risk Analysis and Control Risks.
D. Identify Risks and Perform Qualitative Risk Analysis.
Answer : B
Questions
77
6. Risk tolerances are determined in order to help:
A. The team rank the project risks.
B. The project manager estimate the project.
C. The team schedule the project.
D. Management know how other managers will act on the
project.
Questions
78
6. Risk tolerances are determined in order to help:
A. The team rank the project risks.
B. The project manager estimate the project.
C. The team schedule the project.
D. Management know how other managers will act on the
project.
Answer : A
Questions
79
7. Purchasing insurance is BEST considered an example of
risk:
A. Mitigation.
B. Transfer.
C. Acceptance.
D. Avoidance.
Questions
80
7. Purchasing insurance is BEST considered an example of
risk:
A. Mitigation.
B. Transfer.
C. Acceptance.
D. Avoidance.
Answer : B
Questions
81
8. Workarounds are determined during which risk
management process?
A. Identify Risks
B. Perform Quantitative Risk Analysis
C. Plan Risk Responses
D. Control Risks
Questions
82
8. Workarounds are determined during which risk
management process?
A. Identify Risks
B. Perform Quantitative Risk Analysis
C. Plan Risk Responses
D. Control Risks
Answer : D
Questions
83
9. A project manager analyzed the quality of risk data and
asked various stakeholders to determine the probability
and impact of a number of risks. He is about to move to the
next process of risk management. Based on this
information, what has the project manager forgotten to do?
A. Evaluate trends in risk analysis.
B. Identify triggers.
C. Provide a standardized risk rating matrix.
D. Create a fallback plan.
Questions
84
9. A project manager analyzed the quality of risk data and
asked various stakeholders to determine the probability
and impact of a number of risks. He is about to move to the
next process of risk management. Based on this
information, what has the project manager forgotten to do?
A. Evaluate trends in risk analysis.
B. Identify triggers.
C. Provide a standardized risk rating matrix.
D. Create a fallback plan.
Answer : C
Questions
85
10. A project manager is quantifying risk for her project.
Several of her experts are off-site, but wish to be included.
How can this be done?
A. Use Monte Carlo analysis using the Internet as a tool.
B. Apply the critical path method.
C. Determine options for recommended corrective action.
D. Use the Delphi technique.
Questions
86
10. A project manager is quantifying risk for her project.
Several of her experts are off-site, but wish to be included.
How can this be done?
A. Use Monte Carlo analysis using the Internet as a tool.
B. Apply the critical path method.
C. Determine options for recommended corrective action.
D. Use the Delphi technique.
Answer : D
Questions
87
11. A system development project is nearing project dosing
when a previously unidentified risk is discovered. This could
potentially affect the project's overall ability to deliver. What
should be done NEXT?
A. Alert the project sponsor of potential impacts to cost,
scope, or schedule.
B. Qualify the risk.
C. Mitigate this risk by developing a risk response plan.
D. Develop a workaround.
Questions
88
11. A system development project is nearing project dosing
when a previously unidentified risk is discovered. This could
potentially affect the project's overall ability to deliver. What
should be done NEXT?
A. Alert the project sponsor of potential impacts to cost,
scope, or schedule.
B. Qualify the risk.
C. Mitigate this risk by developing a risk response plan.
D. Develop a workaround.
Answer : BQualify it because it is not happened yet , only identified. So workaround
is not correct.
Questions
89
12. During project executing, a major problem occurs that
was not included in the risk register. What should you do
FIRST?
A. Create a workaround.
B. Reevaluate the Identify Risks process.
C. Look for any unexpected effects of the problem.
D. Tell management.
Questions
90
12. During project executing, a major problem occurs that
was not included in the risk register. What should you do
FIRST?
A. Create a workaround.
B. Reevaluate the Identify Risks process.
C. Look for any unexpected effects of the problem.
D. Tell management.
Answer : A
Questions
91
13. A watch list is an output of which risk management
process?
A. Plan Risk Responses
B. Perform Quantitative Risk Analysis
C. Perform Qualitative Risk Analysis
D. Plan Risk Management
Questions
92
13. A watch list is an output of which risk management
process?
A. Plan Risk Responses
B. Perform Quantitative Risk Analysis
C. Perform Qualitative Risk Analysis
D. Plan Risk Management
Answer : CA watch list is made up of low-priority risks that, in the Perform Qualitative
Risk Analysis process
Questions
93
14. While preparing your risk responses, you identify
additional risks. What should you do?
A. Add reserves to the project to accommodate the new risks and notify
management.
B. Document the risk items and calculate the expected monetary value
based on the probability and impact of the occurrences.
C. Determine the risk events and the associated costs, then add the cost
to the project budget as a reserve.
D. Add a 10 percent contingency to the project budget and notify the
customer.
Questions
94
14. While preparing your risk responses, you identify
additional risks. What should you do?
A. Add reserves to the project to accommodate the new risks and notify
management.
B. Document the risk items and calculate the expected monetary value
based on the probability and impact of the occurrences.
C. Determine the risk events and the associated costs, then add the cost
to the project budget as a reserve.
D. Add a 10 percent contingency to the project budget and notify the
customer.
Answer : B