Tuesday, December 13, 2011

Chapter 18: Risk Management


Aim: To understand the following Risk Management Processes
• Plan Risk Management
• Identify Risks
• Perform Qualitative Risk Analysis
• Perform Quantitative Risk Analysis
• Plan Risk Responses

If you have read the PMBOK or my earlier series “PMP Certification - Study Guide” you would by now know that

“A Risk is an Uncertain Event that can affect your Project”

Remember that this risk can be either Negative (An Actual Risk) or Positive (An Opportunity).

PMI’s risk management philosophy is based on a proactive approach to preventing negative risks and enhancing positive risks. Key points that you must remember about risk are:
• Risk can be either positive or negative. Positive risks are opportunities; negative risks are threats.
• A risk breakdown structure (RBS) is used to organize risk in a hierarchical structure.
• Monte Carlo analysis is a technique using simulations and probability in determining quantitative risk analysis.
• Risk categories are important in classifying risk.
• Probability and impact are both needed to assess risks.
• Quantitative analysis is generally reserved for high-probability, high-impact risk.
• Risk management planning and risk response planning are not the same activities.
• Risk identification is an iterative process that is performed throughout the project, not just during planning.
• Decision tree analysis is a technique using probabilities and costs for structured decision making.
• Five of the six risk management processes are conducted during the planning process group.
• The risk register is an important tool for capturing and tracking risks.

Exam Watch:
Risk register is a term introduced by PMI for the document detailing information on risks. The risk register includes all identified risks, the impacts of identified risks, proposed responses, responsible parties, and the current status.
Risk Management Planning and Risk Response Planning

The first step in Risk Management is to plan how we are going to conduct the whole Risk Management exercise in our project.
The risk management plan includes the risk methodology, roles/responsibilities, budget, execution timing, and definitions for risk categories, probabilities, and impacts. It is a summation of how the project team will carry out the remainder of the risk management activities for the project.

Exam Watch:
The risk management plan is not the same as the risk response plan. The Risk Response Plan will contain the possible actions you must take when a risk actually happens whereas the Risk Management Plan is the overall approach to managing Risks in the Project.

The risk management plan is the single output of the plan risk management process. The table below shows the inputs, tools and techniques, and outputs for the plan risk management process.

Plan Risk Management
Inputs Tools & Techniques Outputs

Project scope statement
Cost management plan
Schedule management plan
Communications management plan
Enterprise environmental factors
Organizational process assets

Planning meetings and analysis
Risk management plan
To know more about the Plan Risk Management Process Click Here

Risk Breakdown Structure (RBS)

A risk breakdown structure (RBS) is a tool that can be used to organize risks in a hierarchical fashion. The structure is defined using the risk categories. Even if an RBS is not used, risk categories are still defined in risk management planning. Risk categories can include
• Technical - Risk associated with using new technology.
• External - Risk associated with forces or entities outside the project organization. External risks can include external suppliers, customers, weather, and market conditions.
• Organizational - Risk associated with either the organization running the project or the organization where the project will be implemented.
• Project Management - Risk associated with project management processes.
Note that this is just a high level classification of Risks and you need to tweak this whole process to suit your needs in the Project that is being executed.

Risk Probability and Impact

Probability can be defined as the likelihood that a risk will occur. It can be expressed mathematically or as a relative scale (low, medium, high).

Impact is the effect a risk has if it actually occurs. It can also be defined on a relative scale or mathematically.

The team documents in the project management plan detail how probabilities and impacts are measured. For example, a red/yellow/green scale might be used, where high-probability, high-impact risks are red; low-probability, low-impact risks are green; and so on. Again, I repeat, how the risks are categorized and prioritized will vary based on the Project at hand and there is no Universal Rule as to how you must handle risks.

Exam Watch:
Both probability and impact are mandatory for evaluating risks. Think of it this way, how will you prioritize a risk if you do not know what the chances are of the risk happening and what the impact it would have if it occurs.

Risk Identification, Analysis, Response Planning, and Monitoring/Controlling

In the risk management process, completing the risk management plan is the first step. After the plan is in place, according to PMI the next steps in the risk management process are
• Risk Identification
• Risk Analysis (qualitative and quantitative)
• Risk Response planning
• Monitoring/controlling Risks (This is not in scope as part of this chapter on Planning. We will cover it in the chapter on Monitoring & Controlling)

Identify Risks

The identify risks process determines the risks that might affect the project and characterizes those risks.
Obviously, you need to identify all the possible risks that might affect your project if you are to have any success handling them. Isnt it? Keep in mind that identifying risks is not just the project manager’s responsibility; team members, subject matter experts, customers, stakeholders, and others are involved in this process.

The table below shows the inputs, tools and techniques, and outputs for the identify risks process.

Identify Risks
Inputs Tools & Techniques Outputs

Risk management plan
Activity cost estimates
Activity duration estimates
Scope baseline
Stakeholder register
Cost management plan
Schedule management plan
Quality management plan
Project documents
Enterprise environmental factors
Organizational process assets

Documentation reviews
Information gathering techniques
Checklist analysis
Assumptions analysis
Diagramming techniques
SWOT analysis (Strength, Weakness, Opportunity, Threat)
Expert judgment
Risk register
The Risk Register

The risk register is the output of the identify risks process. The risk register contains the following information:
• Risk description
• Date identified
• Category
• Potential responses
• Current status

Exam Watch:
Identify risks is not a one-time event that occurs just during the planning process. It should be conducted throughout the project, including when major milestones are reached and when an actual risk event occurs.
To know more about the Identify Risks Process Click Here

Qualitative and Quantitative Risk Analysis

Qualitative risk analysis provides further definition to the identified risks in order to determine appropriate responses to them. The key terms are probability and impact. Probability is important because it measures how likely a risk is to occur. A high-probability risk deserves more attention than a low-probability risk. Similarly, impact is a measure of how the risk will affect the project should it occur. A risk with low impact has a different response than one with a high impact.

Exam Watch:
Qualitative risk analysis is most concerned with ranking or prioritizing risks. It is used to determine which risks pose more of a potential effect on the project.

Qualitative risk analysis quickly prioritizes risks in order to conduct response planning and quantitative risk analysis, if required. Using the probability of the impact and a probability impact matrix, the project manager develops a prioritized list of risks. The output to this step is captured in the risk register.

The table below shows the inputs, tools and techniques, and outputs for the perform qualitative risk analysis process.

Perform Qualitative Risk Analysis
Inputs Tools & Techniques Outputs

Risk register
Risk management plan
Project scope statement
Organizational process assets

Risk probability and impact assessment
Probability and impact matrix
Risk data quality assessment
Risk categorization
Risk urgency assessment
Expert judgment
Risk register updates
To know more about Qualitative Risk Analysis Click Here

Quantitative risk analysis assigns numerical values to risks and looks at those risks that are high on the list of prioritized risks (The output of qualitative risk analysis). The goal of this process is to quantify possible outcomes for the project, determine probabilities of outcomes, further identify high impacting risks, and develop realistic scope, schedule, and cost targets based on risks.

The table below shows the inputs, tools and techniques, and outputs for the perform quantitative risk analysis process.

Perform Quantitative Risk Analysis
Inputs Tools & Techniques Outputs

Risk register
Risk management plan
Cost management plan
Schedule management plan
Organizational process assets

Data gathering and representation techniques
Quantitative risk analysis and modelling techniques
Expert judgment
Risk register updates
Exam Watch:
Quantitative risk analysis is more concerned with assigning each risk a numerical value. This value can then be used to figure out the relative impact that particular risk would have on the project.

To know more about Quantitative Risk Analysis Click Here

Planning Responses to Positive and Negative Risks

After all risks are identified, options to deal with the risks must be identified. Each risk is assigned to one or more owners to carry out the planned response. The responses are documented in the risk register after it has been updated in the plan risk responses process.

The table below shows the inputs, tools and techniques, and outputs for the plan risk responses process.

Plan Risk Responses
Inputs Tools & Techniques Outputs

Risk register
Risk management plan

Strategies for negative risks or threats
Strategies for positive risks or opportunities
Contingent response strategies plan
Expert judgment
Risk register updates
Risk-related contract decisions
Project management updates
Project document updates
There are four possible responses to negative risks:
• Avoid (Best) – Eliminating the Actual Threat by taking some action
• Transfer – Shifting the Risk to another party
• Mitigate – Take steps to ensure that the chances of the Risk happening are reduced
• Accept – Let the Risk happen. Use Contingency Reserves to handle it
For positive risks the responses include
• Exploit (Best) – Take steps to ensure that the Opportunity happens
• Share – Enlist the help of a Third party to capitalize on the opportunity
• Enhance – Taking steps to increase the probability of the Opportunity happening
• Accept – Take no steps to take advantage of the situation

To know more about the Plan Risk Responses process Click Here

Exam Watch:
Risks should be re-evaluated when the following events occur:
• A risk trigger is identified
• A change request is approved
• Key project milestones are reached
• Project phases end
• Deviations are detected in variance and trend analysis
• Corrective or preventive actions are implemented

Prev: Chapter 17

Next: Chapter 19

1 comment:

© 2013 by www.getpmpcertified.blogspot.com. All rights reserved. No part of this blog or its contents may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the Author.

Followers

Popular Posts