Sunteți pe pagina 1din 50

Project Risk Management

A Preparation Guide for the PMI-RMP Exam

Scott Reynolds MBA, PMP, PMI-RMP


What is Project Risk Management?

Project risk management is actively managing the risks on your project

The goal of risk management is to be more proactive and less reactive


What is a Risk?

A risk is an uncertain event that could have a positive or negative effect on your
project

* This means there is a probability between 1-99% that the event could occur

If there is a 0% chance of an event occurring, there is no risk


(example; there is a 0% chance your project will be adequately funded, this is
not a risk, it is a reality)

If there is a 100% chance of an event occurring, this would be an issue, not a


risk

Risks with negative consequences are called threats

Risks with positive consequences are called opportunities (Yes, risk can be
good! Stop thinking of risk as bad, and start thinking of it in terms of
probabilities!)
Types of Risk

Risks can be broken out into two primary types

Pure Risk (hazard) risk with potential loss only


ex. Fire, theft, personal injury

Business Risk (speculative risk) risk with potential loss or gain


ex. A highly skilled employee becomes available to work on your project,
reducing your schedule time, the tax rate changes, a new server costs less
(or more) than you budgeted for
Risk Management Processes

There are six project risk management processes


* Go ahead and learn them now (in order), this is the only knowledge area in
the Project Management Body of Knowledge (PKBOK) that must be
completed in successive order

Plan Risk Management


Identify Risks
Perform Qualitative Analysis
Perform Quantitative Analysis
Plan Risk Response
Monitor & Control Risks
Risk Management Processes

Risk Planning this is how you plan on conducting risk management. You
wouldnt start managing your project without a plan, so why would you
approach risk management that way?

* Remember Plan the work, and work the plan? Applies to risk
management as well.

Identify Risks this is the phase where you attempt to identify most of
your risks

Qualitative analysis this is a subjective analysis of your risks that


produces a risk ranking, usually in the order of high, medium, low, or on an
ordinal scale. Rankings are by agreement of your project team, sponsors
and key stakeholders.
Risk Management Processes

Quantitative Analysis a numerical analysis of the probability and impact


of the risk on your project

Plan Risk Response a course of action you will take to deal with your risks
should they go from risk to issue

Monitor & Control Risks monitoring your lists (there are two lists which I
will discuss later) of risks to enact a risk response plan, to move a risk from
one list to the other, or to remove a risk because it is no longer a risk
Risk Management Planning

Before you start dealing with risks, you should first plan on how you will handle risk on
your project

Things to consider when creating your Risk Management plan

The risk tolerance of your project sponsors and stakeholders In order to gain buy-
in, you need to create a plan your sponsors can support. It is not likely they will
support a plan that is in opposition to their agenda or is out of their comfort zone

The size and value of your project there is a cost to risk management, you
shouldnt spend more on preventing the risk than the cost of the risk occurring

The methodology you will use the methodology you use is not as important as
gaining agreement and buy-in on the methodology chosen

Sources of risk risk categories; think of all possible areas or events that could
introduce risk to your project
Plan Risk Management

Inputs to Risk Management Planning

Enterprise environmental factors company culture or existing systems


the project will have to deal with or can make use of

Organizational process assets processes, procedures, and historical


information

Project scope statement statement of what the project shall deliver and
what it should not deliver (if you dont know what the scope of your project
is, can you really identify all areas of risk?)

Project management plan the guide on how you will manage your project
Plan Risk Management

Inputs to Risk Management Planning

Cost Management Plan The guide on how you and your team will control
costs on the project to try to stay within budget

Schedule Management Plan The guide on how you and your team will
manage the schedule of the project

Communications Management Plan -The guide on who you need to


communicate to, what information, how it needs to be communicated and
how often
Plan Risk Management

Outputs of Risk Management Planning

Risk Management Plan


- Methodology
- Roles & Responsibilities
- Budgeting
- Timing
- Risk Categories
- Definitions of risk & impact
- Stakeholder tolerances
- Reporting formats
- Tracking
Identify Risks

This is the phase where you work with your team to identify as many risks as
possible

Things to remember

Identify Risks cant be completed without the project scope statement and
Work Breakdown Structure (WBS)

Identify Risks happens at the onset of the project and throughout the
project

Risks can be identified at any time and during any phase of the project

Risk management is an iterative process, you should work to identify risk


during any changes to the project, working with resources, and when
dealing with issues
Identify Risks

Techniques to identify risk

Brainstorming - the free-flow of ideas on risk, done with the project team,
stakeholders, subject matter experts, and experienced resources

Delphi technique an anonymous surveying of experts in which


information is sent to a group of experts on the risk. The experts each
provide input, the responses are compiled and then sent back to all of the
experts for further review; the process is repeated until consensus is
reached.

Interviewing interviews of experts, project stakeholders, or associates


who have worked on similar projects in order to discover risks
Identify Risks

Techniques to identify risk

Root Cause Analysis Determining the cause of the risk; you might be able
to identify more risks this way or you might be able to eliminate the risk by
eliminating the cause

SWOT Analysis An analysis of the strengths, weaknesses, opportunities


and threats on your project

Checklist Analysis after you have identified your categories of potential


risks on your project, you create a checklist of these categories to make
sure youre not neglecting any area where risk can hide
Identify Risks

Assumptions Analysis what assumptions have you made or been given


about your project? Are they valid? If not, you could have risk

Diagramming Techniques diagramming techniques can show cause and


effect. The effect would be your risk, would it be helpful to know what
could cause that risk?
- Cause-&-Effect diagram
- System process flowcharts
- Influence diagrams

* Whenever possible, deal with the cause, not the effect


Risk Factors

When analyzing your risk, you should be aware of the following risk factors

- The probability the risk will occur


- The range of possible outcomes
- When in the project lifecycle the risk is likely to occur (the timing);
* once the expected timeframe of the risk has passed and it is no longer a
risk, it can be removed from the risk list
- How often the risk is expected to occur on the project (frequency)
Identify Risks

Outputs of Identify Risks

Risk Register
- List of risks
- List of potential responses
- Root causes of risks
- Updated risk categories
Perform Qualitative Risk Analysis

This is the phase where you rank the risks youve identified from Identify Risks
to come up with a list of risks you will create plans for dealing with

Things to remember

Perform Qualitative Risk Analysis is subjective

What is the probability of the risk occurring? High, medium, low? 1-10?

What is the impact if the risk does occur? High, medium, low? 1-10? What
is the financial impact, are the consequences positive or negative?

* the earlier you know about risk, the better prepared you will
be
Perform Qualitative Risk Analysis

Tools and Techniques of Qualitative Analysis

Probability & Impact Matrix a matrix that creates a consistent evaluation


of high, medium, or low for your projects. This helps to make the risk rating
process more repeatable between projects.

Risk Data Quality Assessment What is the quality of the data used to
determine or assess the risk? Think about the following
Extent of the understanding of the risk
Data available about the risk
Quality of the data
Reliability & Integrity of the data
Perform Qualitative Risk Analysis

Tools and Techniques of Qualitative Analysis

Risk Categorization Which of your categories has more risk than others?
Which of your work packages could be most affected by risk?

Risk Urgency Assessment Which of your risks could occur soon, or require
a longer planning time? Risk urgency assessment helps move these risks
more quickly through the rest of the project management process

* Perform Qualitative Risk Analysis is subjective


Perform Qualitative Risk Analysis

Outputs of Perform Qualitative Risk Analysis

Risk Register Updates


Risk ranking for the project compared to other projects
List of prioritized risks and their probability and impact ratings
Risks grouped by categories
List of risks requiring additional analysis in the near term
List of risks for additional analysis and response
Watchlist (non-critical risks)
Trends
Perform Qualitative Risk Analysis

Perform Qualitative Risk Analysis can help you determine the following

Which risks need to move on to Perform Quantitative Risk Analysis?

Which of your projects should be selected when compared with other


projects?

* You have two projects available and you can only complete one of them,
both projects are projected to have the same benefit, but the qualitative
risk score for one of the projects is higher than the other, would you want
to know this before you decided which project you would work on?
Perform Quantitative Risk Analysis

This is the phase of risk management where you conduct a numerical analysis
of the probability and impact of the risks with the highest risk rating score
determined from qualitative analysis

Things to remember

Quantitative analysis is used to.

Determine which of your risks should have a response plan

Determine overall project risk

Determine the probability of delivering your project objectives


Perform Quantitative Risk Analysis

Things to remember

Determine cost and schedule reserves

Identify risks that will require more planning

Create more realistic and achievable cost, schedule, or scope goals


Perform Quantitative Risk Analysis

Tools and Techniques of Quantitative Analysis

Sensitivity Analysis Which risks will have the most impact on the project?

Monte Carlo Analysis A technique that uses simulation to show the


probability of completing your project on time and within budget.
Determines the overall risk of the project, not the task
Determines the probability of completing the project on a specific day and
for a specific cost
Takes into account path convergence (places in the network diagram where
many paths converge into one activity)
Used to evaluate the impact to your schedule and budget
Due to the complicated mathematical computations used, Monte Carlo
analysis is usually done with a computer program
Creates a probability distribution triangular, normal, beta, uniform or
lognormal (learn these)

* Perform Quantitative Risk Analysis is a numerical analysis


Perform Quantitative Risk Analysis

Tools and Techniques of Quantitative Analysis

EMV Expected Monetary Value What is the probability of the risk occurring
multiplied by the impact if the risk does occur? If the risk occurs, what could the
financial or time loss be to your project?

In the example below, this project has an EMV of ($58,250), this means that you
need to put aside $58,250 in your risk reserve account for potential risks

Risk Probability Impact EMV


A 20% $ (100,000.00) $(20,000.00)

B 90% $ 10,000.00 $ 9,000.00


C 5% $ 30,000.00 $ 1,500.00
D 65% $ (75,000.00) $(48,750.00)

Total $(58,250.00)
Perform Quantitative Risk Analysis

Tools and Techniques of Quantitative Analysis

Decision Tree used for planning on individual risks instead of planning for
the whole project
Takes into account future events to make a decision today
Can calculate the EMV in more complex situations
Involves mutual exclusivity
Perform Quantitative Risk Analysis

Cost/Unit $27.50

Defects/10,000 units= 20
Setup Cost $200,000

Make or
Buy?

Setup Cost $0
Defects/10,000 units= 10

Cost/Unit $30
Perform Quantitative Risk Analysis

Decision Tree

Setup Cost Cost/Unit Units Needed Cost for Units Defects/Unit Defect Total Cost
Cost
Make $200,000 $27.50 500,000 $13,750,000 20/10,000 $1,375.00 $13,951,375

Buy $0 $30.00 500,000 $15,000,000 10/10,000 $1,500 $15,001,500

* It is cheaper to make the units rather than buying them


Perform Quantitative Risk Analysis

Outputs of Perform Quantitative Risk Analysis

Risk Register Updates


Prioritized list of quantified risks
Amount needed for contingency reserves for time and cost
Confidence levels of completing the project on a certain date for a
certain amount of money
The probability of delivering the project objectives
Trends - risk management is an iterative process; as you repeat the
process you can track your overall project risk and determine the trend
(if you are decreasing or increasing the level of risk on your project)
Plan Risk Response

This is the phase of risk management where you decide how you will respond
to your most important risks

Risk Response Strategies

Threats
Avoid remove the cause of the risk so that it never materializes
Mitigate reduce the probability and or impact of the risk
Transfer transfer the risk to another party; usually done with insurance,
performance bonds, warranties, guarantees or outsourcing the work.

Opportunities
Exploit make sure the opportunity occurs, you can add work or make a
change to the project
Enhance increase the probability and or positive impact of the risk
Share share the opportunity with a third party to be able to take
advantage of the opportunity
Plan Risk Response

Risk Response Strategies

For both Threats & Opportunities


Accept
Active acceptance preparing a contingency reserve of cost or time
reserves in case the risk does happen

Passive acceptance preparing for the dealing with the effects of the
risk after the risk has occurred
Plan Risk Response

Outputs of Risk Response Planning

Project Management Plan Updates Changes made due to risk


management will be changes made to the project and should be updated in
the project management plan

Updates to Risk Register


Residual Risks risks that are left over after Plan Risk Response

Contingency Plans plans of action in case the risk does occur

Risk Response Owners the person on the team responsible for


monitoring the risk, risk triggers, developing a response strategy, and
implementing the strategy should the risk occur

Secondary Risks new risks that result from the implementation of the
contingency plans for the primary risks
Plan Risk Response

Outputs of Risk Response Planning

Updates to Risk Register


Risk Triggers early warning signs that there is a high probability the
risk will occur

Fallback Plans a secondary contingency plan, in case the contingency


plan does not work or is not effective

Reserves
Contingency reserves - covers the cost for known unknowns
discovered during risk management; covers the residual risks. The
contingency reserve is calculated and made part of the baseline.

Management reserves these are estimated and made part of the


project budget, not the baseline. Management approval is needed to
use the management reserve.
Monitor and Control Risks

This is the phase of risk management where you monitor the risk list for risks
that have a higher probability of affecting your project, and the risk
watchlist for risks that could change and should either be added to the risk
list or removed from the watchlist

Inputs to Monitor & Control Risks


Risk Management Plan
Risk Register
Approved Change Requests
Work performance information
- Deliverable status
- Schedule progress
- Costs incurred
Performance reports
Monitor and Control Risks

Things to Know

Workaround a response to a risk that has occurred when no contingency


plan exists

Risk audit a team of experienced project team members reviews the risk
management process and response strategies to see if youve effectively
identified the major risks on the project and developed effective strategies
for dealing with them

Risk Reassessment Risk management is iterative, you should review the


risks on your project throughout the project to update their qualitative and
quantitative values

* the earlier you know about risk, the better prepared you will
be
Monitor and Control Risks

Things to Know

Status meetings status meetings should be used to identify new risks or


changes to existing risks. This is a great opportunity to discuss with your
team and stakeholders existing risks and new risks

Reserve analysis has the reserve kept up with changes to the risk list?
Does the reserve still cover the costs of these risks should they occur?

Closing of risks Risks are expected to happen during a particular phase of


the project. When that phase has passed and the risk is no longer probable,
the risk should be removed from the risk list and any reserve associated
should be freed up
Monitor and Control Risks

Outputs of Monitor & Control Risks

Updates to Risk Register


Outcomes of the risk reassessments and risk audits
Updates to previous parts of risk management
Closing of risks that are no longer applicable
Details of what happened when risks occurred
Lessons learned

Requested Changes
Recommended Corrective & Preventive Actions
Updates to the Project Management Plan
Organizational Process Assets Updates
Project Risk Management Review

Plan Risk Management

Inputs
1. Project Scope Statement
2. Cost Management Plan
3. Schedule Management Plan
4. Communications Management Plan
5. Enterprise Environmental Factors
6. Organizational Process Assets

Tools & Techniques


1. Planning Meetings and Analysis

Output
1. Risk Management Plan
Project Risk Management Review

Identify Risks

Inputs
1. Risk Management Plan
2. Activity Cost Estimates
3. Activity Duration Estimates
4. Scope Baseline
5. Stakeholder Register
6. Cost Management Plan
7. Schedule Management Plan
8. Quality Management Plan
9. Project Documents
10.Enterprise Environmental Factors
11.Organizational Process Assets
Project Risk Management Review

Identify Risks

Tools & Techniques


1. Documentation Reviews
2. Information Gathering Techniques
3. Checklist Analysis
4. Assumptions Analysis
5. Diagramming Techniques
6. SWOT Analysis
7. Expert Judgment

Outputs
1. Risk Register
Project Risk Management Review

Perform Qualitative Risk Analysis

Inputs
1. Risk Register
2. Risk Management Plan
3. Project Scope Statement
4. Organizational Process Assets

Tools & Techniques


1. Risk Probability and Impact Assessment
2. Probability and Impact Matrix
3. Risk Data Quality Assessment
4. Risk Categorization
5. Risk Urgency Assessment
6. Expert Judgment
Project Risk Management Review

Perform Qualitative Risk Analysis

Outputs
1. Risk Register Updates
Project Risk Management Review

Perform Quantitative Risk Analysis

Inputs
1. Risk Register
2. Risk Management Plan
3. Cost Management Plan
4. Schedule Management Plan
5. Organizational Process Assets

Tools & Techniques


1. Data Gathering and Representation Techniques
2. Quantitative Risk Analysis and Modeling Techniques
3. Expert Judgment

Outputs
1. Risk Register Updates
Project Risk Management Review

Plan Risk Responses

Inputs
1. Risk Register
2. Risk Management Plan

Tools & Techniques


1. Strategies for negative risks or threats
2. Strategies for positive risks or opportunities
3. Contingent Response Strategies
4. Expert Judgment
Project Risk Management Review

Plan Risk Responses

Outputs
1. Risk Register Updates
2. Risk-Related Contract Decisions
3. Project Management Plan Updates
4. Project Document Updates
Project Risk Management Review

Monitor & Control Risks

Inputs
1. Risk Register
2. Project Management Plan
3. Work Performance Information
4. Performance Reports

Tools & Techniques


1. Risk Reassessment
2. Risk Audits
3. Variance and Trend Analysis
4. Technical Performance Measurement
5. Reserve Analysis
6. Status Meetings
Project Risk Management Review

Monitor & Control Risks

Outputs
1. Risk Register Updates
2. Organizational Process Assets Updates
3. Change Requests
4. Project Management Plan Updates
5. Project Document Updates
Project Risk Management

Other Sources of Information

1. A Guide to the Project Management Body of Knowledge (PMBOK


Guide)

2. PMP Exam Prep Rita Mulcahy

3. Project Management: A Systems Approach to Planning, Scheduling, and


Controlling Harold Kerzner

4. Hot Topics: Flashcards for Passing the PMP and CAPM Exams Rita
Mulcahy
Contact

Scott Reynolds
scottdreynolds@hotmail.com

Please send me comments, questions, or anything else,

Thanks Everyone for your time!

S-ar putea să vă placă și