Monday, January 28, 2013

Changes in PMBOK 5th Edition


The PMBOK 5th Edition was released a couple of weeks back and the Project Management Community (Especially the group that is currently preparing for their PMP Credential Examination) has been abuzz with news and loads of rumors about the PMBOK standard as well as the PMP Exam itself. The purpose of this article is to summarize the changes to the PMBOK Guide 5th Edition as compared to the PMBOK Guide 4th Edition.

To Start With - The Important Date - 1st August 2013:

All individuals who are appearing for their PMP Examination up until the end of July 2013 can continue to prepare using the PMBOK Guide 4th Edition. The new syllabus or should I say PMBOK Guide 5th Edition will be the syllabus for everyone appearing for the exam from the 1st of August 2013 onwards.

Action Item For You: If you are a PMP Credential Aspirant and have started preparing or intend on doing so in the next few weeks I would say, you pick up pace and schedule your exam dates ASAP. The PMBOK 5th Edition has a whole new Knowledge Area and a bunch of new processes to remember. So, most people would feel that it would be easier to take a crack at the PMP Credential with the 4th Edition of the PMBOK Guide. As a result, dates will start getting booked at a much faster pace than usual.

So, if I were you, I will probably go ahead and schedule an available date in May or June right away (You need solid preparation for at least 3 months in order to stand a good chance of clearing the Exam in your first attempt)

Changes to the PMBOK Guide 5th Edition

The PMBOK Guide 5th Edition is a much bigger book than the 4th Edition. The pdf copy of the 5th Edition PMBOK Guide that you can download from PMI Website as a Member benefit has 616 Pages whereas the 4th Edition only had 497 pages - An Addition of 119 Pages

The 4th Edition of the PMBOK Guide had a total of 42 processes while the 5th Edition has 47 processes (5 more than its predecessor)

I hear you mumbling - So many more pages to read & more processes to understand/remember - All the more reasons to pick up pace and take up the Exam before June!!!

Let us now look at the changes to the PMBOK Guide 5th Edition - Knowledge Area Wise...

Project Integration Management:

There are no changes to the Project Integration Management Knowledge Area. All of its processes (From the 4th Edition) have been retained and continue to have the same name.

Project Scope Management:

The Project Scope Management Knowledge Area has two changes. We have one new Process and one process from the 4th Edition has been renamed. They are as follows:

New Process - Plan Scope Management

Renamed Process - Validate Scope (Was called Verify Scope in the 4th Edition)

Project Time Management:

The Project Time Management Knowledge Area has just one change. A New process to plan for this knowledge area has been added named - Plan Schedule Management

Project Cost Management:

The Project Cost Management Knowledge Area has just one change. A New process to plan for this knowledge area has been added named - Plan Cost Management

Project Quality Management:

The Project Quality Management Knowledge Area has two changes - Two of the older processes from the 4th Edition have been Renamed in the 5th Edition. They are:

Plan Quality Process has been Renamed to "Plan Quality Management"
Perform Quality Control Process has been Renamed to "Control Quality"

Project Human Resource Management:

The Project Human Resource Management Knowledge Area has just one change. One of its older processes from the 4th Edition has been renamed in the 5th Edition as follows:

Develop Human Resource Plan Process has been Renamed to Plan Human Resource Management

Project Communications Management:

The Project Communications Management is the knowledge area that is the most affected in the 5th Edition of the PMBOK Guide. One of the older processes has been renamed, 4 processes have been moved/deleted and two new processes have been added to the Knowledge Area. They are as follows:

Plan Communications has been Renamed to Plan Communications Management

Moved/Removed Processes:

1. Identify Stakeholder Process
2. Distribute Information
3. Manage Stakeholder Expectations and
4. Report Performance

New Processes:

1. Manage Communications - Added to the Project Execution Phase
2. Control Communications - Added to the Monitor and Control Phase

Project Risk Management:

There are no changes to the Project Risk Management Knowledge Area. All of its processes (From the 4th Edition) have been retained and continue to have the same name.

Project Procurement Management:

The Project Procurement Management Knowledge Area has two changes - Two of the older processes from the 4th Edition have been Renamed in the 5th Edition. They are:

1. Plan Procurements has been Renamed to Plan Procurement Management
2. Administer Procurements has been Renamed to Control Procurements

Project Stakeholder Management:

This is a whole New Knowledge Area that has been added to the 5th Edition of the PMBOK Guide. It includes 4 processes out of which 2 got moved from the Project Communications Management Knowledge Area and 2 are new processes.

Identify Stakeholders - Moved from Project Communications Management Knowledge Area
Plan Stakeholder Management - New Process in the Project Planning Phase
Manage Stakeholder Engagement - Manage Stakeholder Expectations got Renamed & Moved from Project Communications Management Knowledge Area
Control Stakeholder Engagement - New Process in the Monitor & Control Phase

Around May/June I will start writing about these new/modified processes that will be useful to the readers of my blog who will be taking up the PMP Exam based on the PMBOK Guide 5th Edition.

Sunday, January 20, 2013

Introduction to Quantitative Risk Analysis


We have successfully completed Qualitative Risk Analysis and updated the Risk Register. The next step would be Quantitative Risk Analysis. This section is dedicated to look in great detail about the Quantitative Risk Analysis process.

Quantitative Risk Analysis:

In the previous section on “Qualitative Risk Analysis” we prioritized risks and came up with a list of risks that are high priority and require additional analysis. Well, in Quantitative Risk Analysis, we are going to focus on those risks. The purpose of Quantitative analysis is to assign a numeric rating to the risk. This will help the risk management team to numerically analyze the risk which will aid them in the decision making process.

If you have already prepared for the PMP Exam or are PMP Certified, you must know by now that Quantitative analysis is the 4th process in the PMBOK Guides coverage of Risk Management. If you do not remember this, then I suggest you revisit the chapter titled Big Picture of Risk Management in our PMP Certification study series.

According to the PMBOK guide, we will analyze all those risks that potentially and substantially impact our project and our project objectives. Risks that have higher impact on our project with a higher probability of occurrence are those that we need to concentrate on.

While Qualitative Analysis is quick and cost effective, Quantitative analysis can be more time consuming and costly. Depending on the size of our project, the time and effort/cost we need to spend in this step (Quantitative Analysis) will vary. In some smaller projects, we may ignore this step altogether because it may not be prudent or feasible to spend that much time or resources in this activity. However, in most cases, a feasibility analysis or a cost benefit analysis is undertaken to decide whether to proceed with Quantitative analysis or not.

As you might have guessed by now, performing quantitative analysis can be very useful because it helps us make informed decisions in uncertain circumstances. So, if you have the time and resources to take up this step, it is advisable to perform Quantitative Risk Analysis.

Before we dig into the details of Quantitative Risk Analysis, let me repeat something that I have said multiple times. This step is not done only once after Qualitative Analysis. It is repetitive and may be required to be taken up after the “Develop Risk Responses” step or the “Monitor & Control Risks” step. At the end of day, we need to have as much information as possible about the risks that may impact our project and the only way to accomplish that is by thorough analysis.

Prev: Updates to Risk Register - After Qualitative Analysis

Next: Inputs Used in Quantitative Risk Analysis

Saturday, January 19, 2013

Updating the Risk Register – After Qualitative Analysis


We have successfully arrived at the end of the Qualitative Risk Analysis process. In the section summary chapter of the previous section which was titled “Qualitative Risk Analysis” I had mentioned that there is going to be a separate section that covers all the updates or outputs generated in the qualitative risk analysis process. Well, here we are.

The Risk Register was created as an output of the “Identify Risks” process. As mentioned in the chapter titled “Contents of the Risk Register” the Risk Register is the key document that is going to contain all the information we know about risks and it will be constantly updated throughout the project’s risk management lifecycle.

In this case, the qualitative risk analysis process does not create a separate output by itself. It will only update the Risk Register will all the new information we have uncovered regarding each of the risks so far.

All the updates to the risk register as a result of Qualitative Risk Analysis can be summarized using the picture below:


The updates to the Risk Register – in detail are as follows:

Update to Risk Priority & Ranking

Do you remember that, in the Qualitative Risk Analysis process, we assigned a risk rating score to our risk? Now, we will take the risk register and update the priority of each risk based on this score.

Sounds straightforward doesn’t it? It is straightforward in terms of what needs to be done as well. All you are going to do in this step is, update the risks in the risk register with their respective priority based on the qualitative analysis we just finished.

We must remember the following at this point:

• We prioritized our risks using the probability and impact matrix and we cannot use this matrix until we finish the risk probability and impact assessment
• Risks can be separately listed by project objectives like scope, cost, quality etc. each project may place a certain amount of importance to each of the objectives and may concentrate on one or more objectives and place lower importance to the others.
• We must document the basis of all the assessments we have made. We can’t just say that the probability of a risk is 0.8. We need to substantiate and explain how we arrived at that number. This not only adds credibility to the data you have arrived at but also reduces uncertainty.

The Risk Ranking & Priority is updated based on the outputs of the Risk Probability & Impact Assessment activity of Qualitative risk analysis.

Update to Risk Categories & Grouping

As outlined in the chapter on “Risk Categorization” in the Qualitative Analysis process, risks can be categorized and grouped based on the source of the risk. This categorization can be based on the following:
a. Risk Breakdown Structure (RBS)
b. Work Breakdown Structure (WBS) and
c. Project Phase
As part of the updates to the Risk Register, we will be grouping risks by category to give an overall picture of the number of risks in each category so that the manager can prioritize those categories that contribute the most number of critical or high priority risks.


Watchlist

The Watchlist is a subset of the risk register. It is nothing but a list of low priority risks that are not important as of now. However, we do not ignore those risks. We make a note of these risks in the “Watchlist” so that we can track their status periodically. If the status (priority or impact) of any of these risks changes, then we may have to analyze/assess them and formulate a response to handle the risk.

Near-Term Response List

The Near-Term Response list too is a subset of the risk register. It is the total opposite of the Watchlist. This contains a list of high priority risks that may materialize in the very near future. We must be prepared to handle them appropriately.

Both the Watchlist and Near-Term response list are created/updated as a result of the “Risk Urgency Assessment” technique of Qualitative Risk Analysis.


Trends in Qualitative Risk Analysis:

This is the update that often causes confusion to everyone. The other updates were simple and easy to understand but this one is kind of misleading.

Remember that several of the risk management processes are iterative and occur multiples times throughout the life of the project. The qualitative analysis process too is iterative in nature. Trends begin to emerge whenever a process is repeated. The purpose of this update is to capture details reg. these trends in our risk register. One trend could be:
• High priority risks in the Quality category are caused when project requirements change towards the later stage of the project

When trends emerge, they may guide the risk management team in:
• Formulating effective risk responses
• Guiding the team to take up additional analysis as required

With trends documented in the risk register, we may try to figure out why these trends are occurring and in turn use that knowledge to identify better responses.

Trivia:
Can you guess which process this trends is an input to???

The answer is - The plan risk response process


Each project/organization could have a separate template for how they want to track the risks. For ex: we can create a simple Microsoft excel spreadsheet format with different categories of risks as lists in different tables in the spreadsheet. We can also have a summary tab that lists all the risks. The individual tabs may have additional details like priority, justification etc. The watchlist or the near-term response list too could be separate tabs in our spreadsheet.

As we keep updating the risk register, we must make sure that we expand the risk register template to suit our project needs. There is no one-stop-template for risk registers that can be used by all projects. The register for a short-term project could be very simple while the register for a long-term strategic project could be pretty complicated.

Prev: Section Summary - Qualitative Risk Analysis

Next: Introduction to Quantitative Risk Analysis

Friday, January 4, 2013

Section Summary – Qualitative Risk Analysis


In the previous few chapters in this section, we took a detailed look at what qualitative risk analysis is, the inputs that are required to perform this analysis and the tools & techniques that we will be using during this analysis. Let us now quickly summarize what we have learnt in this section so far:

• The purpose of qualitative risk analysis process is to prioritize risks in order to determine which risks require additional analysis. This helps the risk management team to focus on the higher priority risks.
• There are 4 inputs to this process:
o Risk Register
o Risk Management Plan
o Project Scope Statement &
o Organizational Process Assets
• There are a total of 6 tools & techniques that we learnt in this section. They are:

1. Risk Probability & Impact Assessment
2. Probability & Impact Matrix
3. Risk Data Quality Assessment
4. Risk Categorization
5. Risk Urgency Assessment
6. Expert Judgment
• Risk Probability & Impact Assessment provides us with the initial risk rating for each of the risks that we have identified so far. To arrive at this risk rating, we will be using the definition of risk probability and impact that we defined when the Risk Management Plan was created
• The Risk Probability & Impact Matrix is used to assign a risk score to our risk and categorize it as “High-Medium-Low” priority
• Risk Data quality Assessment focuses on making sure that the information we are using to perform the risk analysis activities is unbiased and credible. This is because; conducting risk analysis using poor quality data may result in results that are useless. Frankly speaking, if we cannot trust our data or information, how can we trust the findings that were made based on that data or information?
• The idea of Risk Categorization is to uncover areas of risk concentration so that we can create effective responses to handle them. This is because; dealing with sources of risks is easier and cost effective than dealing with each risk individually. In fact, it can have a greater level of effectiveness as well
• The purpose of this risk urgency assessment technique is to identify near term risks. We are trying to determine which risks are to be considered urgent. In other words, we are trying to identify those risks that require our immediate attention
• Expert Judgment refers to the decisions or suggestions given by knowledgeable experts during the various activities in qualitative risk analysis. The individuals who provide us with their expert judgment are called as “Experts”

By now you should have a very good idea and understanding of the Qualitative Risk Analysis process. To wrap up this section you need to:
• Remember what tools are used in this process
• Remember what each tool does and produces
• Understand that not all tools are used in each process

Trivia:
Are you wondering that I haven’t touched upon the topic of what is the output of this whole Qualitative Risk Analysis process? If you did then you deserve a big pat on the back. Every process creates some sort of output and our Qualitative risk analysis is no different. But, I haven’t covered it in this section because; the whole of the next section is going to be dedicated just to cover that.

If you did not think about the output of this process, no worries. Just brush up your PMBOK basics and re-read some of the initial chapters to refresh your memory and you will be on your way to being a Risk Management Professional.

Prev: Expert Judgment

Next: Updates to Risk Register after Qualitative Analysis

Expert Judgment


In the past few chapters, we have covered all of the tools and techniques used in Qualitative Risk Analysis. The last item in our list which we saw in the “Intro? Chapter is “Expert Judgment”

Expert judgment is included as a separate tool because; we are following the PMBOK 4th edition. Though expert judgment is used in almost every tool or technique in project management the PMBOK guide started referring to this as a separate technique only starting the 4th edition. Frankly speaking I could’ve clubbed this with any of the other tools because this chapter is going to be pretty short. But, for the same of uniformity (Each of the tool was given a separate chapter and this tool is very important) we are going to give Expert Judgment a separate chapter as well.

Expert Judgment

Expert Judgment refers to the decisions or suggestions given by knowledgeable experts during the various activities in qualitative risk analysis. The individuals who provide us with their expert judgment are called as “Experts”. This could include:
a. Individuals with similar project experience
b. Project team members who contribute to project planning and management activities
c. Specialists in risk management from outside the project

Expert judgment will be used during workshops, interviews or meetings when risk management activities are carried out. For ex: during the risk probability and impact assessment activity, the team comes together in a meeting to assess the probability and impact of each risk. During this meeting, our risk experts could share their views with the team thereby providing us with expert judgment.

One important thing we need to remember about expert judgment is – To filter out the bias of the experts. Some expert’s views could be biased towards their specific way of thinking and may be contrarian to how the project functions or from the majority view. In such cases, as the project manager we need to eliminate the bias and perform a reassessment of the risk without bias to ensure that we consider and/or do what is best for the project.

Prev: Risk Urgency Assessment

Next: Section Summary - Qualitative Risk Analysis

Risk Urgency Assessment


In the previous few chapters we have covered a majority of the tools and techniques used in qualitative risk analysis. We have gathered a lot of information about the risk including its probability, impact and category. Now, the next logical step would be to identify those risks that are near-term or have a greater chance of happening in the near future so that we can be ready for them. Isn’t it? This is where the Risk Urgency Assessment comes into picture.

Risk Urgency Assessment

The purpose of this risk urgency assessment technique is to identify near term risks. We are trying to determine which risks are to be considered urgent. In other words, we are trying to identify those risks that require our immediate attention.

How to Identify a Near Term Risk?

According to the PMBOK guide, we can identify near-term risks by considering either/all of the below factors:
a. Time Available to put a risk response into motion – With some risks, the risk management team needs a certain amount of time to implement the response and similarly in some cases the response could be useful only when implemented within a certain timeframe. For ex: In case of opportunities (positive risks) the opportunities may not exist forever. They may become irrelevant after a few days. So, unless the project team implements the response to the positive risk immediately (within the open window) the whole activity of responding to the opportunity could be useless. There could also be scenarios where a response could totally eliminate a risk if implemented within a certain timeline. If the timeline is missed the response can only mitigate the risk and not eliminate the same.
b. The symptoms and/or warning signs of the risk – Symptoms or Warning signs are also known as Risk Triggers. Risk triggers can help us identify if a risk requires an immediate or urgent response. Some risk triggers may allow only a small response window for the risk management team to handle it. Sometimes, the risk trigger itself could be quite large and we may be forced to implement the response even before all the conditions are met. For ex: let us say one of the risks is missing a schedule deadline where the symptom is a missed deadline. A good manager may implement a response to eliminate this risk even before the schedule deadline is actually missed. Isn’t it?
c. Risk rating score – This is fairly straight forward. In the previous chapters, we assigned a numeric rating score based on the risks probability and impact. Risks that have a higher score are typically risks that may occur pretty soon.

By using all the information outlined above, the team will label a few of the identified risks as near-term risks so that the team can prepare themselves to handle them when the risk events actually materialize.

Prev: Risk Categorization

Next: Expert Judgment

Risk Categorization


We have covered three of the tools and techniques used in qualitative risk analysis; namely - Risk Probability & Impact Assessment, Probability & Impact Matrix and Risk Data Quality Assessment. The next item in the list is “Risk Categorization” which we are going to learn in this chapter.

Risk Categorization

Imagine how effective our project’s risk management efforts could be if we can pin-point what areas of our project are most affected by risks? What if we know the areas of the Work Breakdown Structure WBS that are sources of multiple risks or what if we know which project phase carries the highest level of risk?

The answer to all these questions will be “Very Good” isn’t it?

The idea of Risk Categorization is to uncover areas of risk concentration so that we can create effective responses to handle them. This is because; dealing with sources of risks is easier and cost effective than dealing with each risk individually. In fact, it can have a greater level of effectiveness as well.

We can categorize risks by source using either of the following:

1. Risk Breakdown Structure – RBS
2. Work Breakdown Structure - WBS and
3. Project Phases

If you are not too sure about what this activity is all about, let’s go back to our F1 track construction example.

Let us say that during risk identification, we have identified several high priority/impact risk items related to the equipment we will be using to lay the race track. So, if we categorize these risks, the company that is supplying these machines could be a potential source of risk. The quality of machines they supply, the availability of those machines, servicing delays in case the machines breakdown during track laying activity etc. could be potential risks that we will be exposing ourselves to when we lease or rent these machines from the company.

What if we do some analysis and find out that buying those machines ourselves could cost us a bit more than what the rental company is charging us but it could eliminate all of the risks above because we know that the machine we are buying is of good quality and will be available for our use anytime we want. Moreover, once this track is constructed, we can even re-use this machine in any subsequent tracks we may take up for construction. All in all, by grouping or categorizing a bunch of risks to its source, we have created a response that can help us handle all of those risks effectively in one shot.

Now, can you understand how useful this Risk Categorization activity is in creating effective risk responses?

Prev: Risk Data Quality Assessment

Next: Risk Urgency Assessment

Risk Data Quality Assessment


In the previous two chapters we had learnt a couple of the tools and techniques used in qualitative risk analysis, namely Risk Probability & Impact Assessment and Probability & Impact Matrix. The next item in the list of tools is “Risk Data Quality Assessment” which is going to be the topic of discussion in this chapter.

Risk Data Quality Assessment

This tool focuses on making sure that the information we are using to perform the risk analysis activities is unbiased and credible. This is because; conducting risk analysis using poor quality data may result in results that are useless. Frankly speaking, if we cannot trust our data or information, how can we trust the findings that were made based on that data or information?

During this step, the Risk Management team will ask questions like:

1. Is the data credible?
2. Is the data used of high quality?
3. Is the data and/or information accurate?
4. Is the risk itself understood properly?

Let’s go back to the formula one race track example we covered in the previous chapter and the risk that we identified “TAR Supply”. Let us say you read a blog article about race tracks by some author on the internet that gave you some pointers about TAR supply. You also read an article in a reputed newspaper about shortage of TAR for high-quality road laying work. Now, which source of information would you consider credible?

A reputed newspaper or some random blog on the internet? I guess by now you have gotten an idea of what data credibility means.

What would happen if the information we are using is not credible or accurate or reliable?

The answer is very simple “Our Analysis will be incorrect”.

In cases where there is not enough information or when the answer to either of the questions above is a “No”, the project team will have to go back and gather additional data and information in order to make the answer to the above questions to “Yes”. Lack of information in itself is an uncertainty which can lead to risks. So, the team has to ensure that they have all the data they need in order to conduct an efficient risk analysis.

In some cases, the cost or effort that needs to be spent in order to fix data quality issues could be far too much if we compare it with the impact the risk could have if it materializes. In such cases, the risk management team could evaluate the benefits versus the cost of uncertainty and take a judgment call. Only in those cases where the benefits outweigh the cost will we take up additional effort.

Before we wrap up this chapter, let me tell you that having 100% certainty in data quality is not practically possible in many cases. In such cases, we must at least have a good degree of confidence or certainty on the data we are using in order to be confident over the fact that our analysis and its outcome will not be useless. This confidence is something that comes with experience and can’t be learned overnight.

Prev: Probability and Impact Matrix

Next: Risk Categorization

Risk Probability and Impact Matrix


In the previous chapter we took a detailed look at “Risk Probability & Impact Assessment” and assigned a risk rating to each of our identified risks based on the risk’s probability and impact. In this chapter, we are going to assign a risk score to our risk and categorize it as “High-Medium-Low” priority. This technique is called “Risk Probability and Impact Matrix”

Let us say, we are working a project to construct a new formula one race track in our country. It’s a high-profile and high budget project. During risk identification step, we found that, the supply of top quality “tar” that is used to lay the race track is of high demand and supply of the item could be a potential risk. Let us say that after analyzing our probability and impact definitions and stakeholder risk tolerance, our risk experts have assigned the following numbers to our risk:

Probability – 0.8
Impact – 0.64
As you can see, the numbers above are in cardinal scale (0 to 1) with numbers being closer to ‘1’ are of higher probability/impact when compared to numbers that are closer to ‘0’

This was done in our previous step so, what should we do next?

We are going to use the Risk Probability & Impact Matrix that is specific to our project. Look at the example below:


This matrix is combining the probability and impact into one overall rating. This is different from the rating assigned in the previous step as well as the one that was assigned using the Probability & Impact Matrix tool (From the RM Plan).

So, in order to minimize confusion, we will be referring to this rating as the “Risk Score” that signifies the combined probability and impact score of the risk under consideration with respect to our project objectives.

If you see the image closely, the probability is on the left going top to bottom, gradually reducing from 1 (a 100% sure shot possibility) towards 0. Similarly, the Impact is on the top going left to right, gradually going up from 0 (no impact) towards 1. The values in the table cells below are just the multiplied value of the risk probability and impact which we are going to consider our Risk Score. The values in each row refer to the impact score corresponding to the probability value.

Go back to the beginning of this chapter and see what numbers were assigned to our “Supply of TAR” risk? Now, look at the previous image (the matrix) and try to find out the cell where our probability and impact numbers match. If you found it very good. If you couldn’t, don’t worry, the cell is highlighted below just for you:


In our matrix, the “RED” color signifies High risk; “YELLOW” signifies Moderate risk and “GREEN” signifies Low risk. Unfortunately our risk “Supply of TAR” falls in the high risk category which means it has to be monitored closely to ensure that there is minimal impact on our project objectives.

An important point to note before we wrap up is the fact that, the above matrix is just an example for illustration purposes. Each organization could have a template for this and so, you must take a look at your organizational process assets to understand your org’s preferred way of assessing risks.

Prev: Risk Probability & Impact Assessment

Next: Risk Data Quality Assessment

Risk Probability and Impact Assessment


In the previous chapter, we saw an overview of all the tools and techniques that we could use as part of the Qualitative Risk Analysis phase of Risk Management. I had also said towards the end of the chapter that we will be covering all of those tools one by one in the subsequent chapters. Well, here we are. This chapter is about the first in the list, namely “Risk Probability & Impact Assessment”

Risk Probability & Impact Assessment

Risk Probability & Impact Assessment provides us with the initial risk rating for each of the risks that we have identified so far. To arrive at this risk rating, we will be using the definition of risk probability and impact that we defined when the Risk Management Plan was created. Remember the chapter on Creating the Risk Management Plan or Contents of the Risk Management Plan?

Using the definitions from the Risk Management Plan we will determine two things that will help us assign these risk ratings to our risks. They are:
a. Determine the chances (probability) that each risk will occur &
b. Examine the effects of a risk on Project objectives if the risk were to materialize. The usual project objectives we will be worried about are Cost, Quality, Schedule etc.

An important point to note here is that, we will be analyzing/assessing both risks and opportunities at this stage. Did you forget all about Objectives? It is easy to forget about Objectives whenever we get into topics on risk management. But, a good risk manager will always keep his eyes open for objectives and capitalize on them as and when possible.

Who is Involved in this step – Risk Probability & Impact Assessment?

This is a pretty straight forward question isn’t it? Try to answer this one by yourself…

Did you say “Everyone in the Project”?

If so, you are almost right. All team members from your projects take part in this step. Along with your project team members, knowledgeable individuals from outside the team known as “Risk Experts” too are part of the team. Practically speaking, you may not have the luxury of having risk experts as part of each project team. The organization as a whole may have a pool of risk experts who are shared between multiple projects as and when required. This is how a majority of the organizations function and we are going to assume that ours too does the same way.

Usually, this whole step is performed in a meeting. The project team and the Experts analyze each risk using the probability and impact definitions and then arrive at a risk rating.

Trivia:
Evaluation or assessment of risks is very subjective. The experts will be evaluating risks based on our projects risk tolerance as well as the probability & impact definitions provided to them. This information we (as project managers) provide these experts is extremely important because, without a proper understanding of our project as well as stakeholder risk tolerance, the experts can in no way perform good assessment. So, the onus is on us as project managers to understand stakeholder risk tolerance correctly and share that information with these risk experts so that they can utilize them effectively during risk analysis.

Not all risks will be assigned a rating. Only those risks that are high up in the probability & impact scales will be assigned a rating. The ones that are very low risk are usually moved into something called a “Watchlist”. These risks that are added to the watchlist are constantly monitored throughout the lifecycle of the project and will be taken up for re-assessment when its status changes. We put these low priority risks into the watchlist to ensure that we don’t totally forget them. If the status or key aspects of that low priority risk changes, we will typically re-assess it and assign a rating to that risk as well.

The Risk Ratings assigned in this technique will be used in the next technique in our list, “Probability & Impact Matrix” which we will be covering in the very next chapter.

Prev: Overview of Tools and Techniques for Qualitative Analysis

Next: Probability and Impact Matrix

© 2013 by www.getpmpcertified.blogspot.com. All rights reserved. No part of this blog or its contents may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the Author.

Followers

Popular Posts