Showing posts with label risk response planning. Show all posts
Showing posts with label risk response planning. Show all posts

Friday, June 8, 2012

Risk Response Planning


The Risk Response Planning domain of the Risk Management Framework is the third largest domain in terms of the no. of questions it contributes to the RMP Certification Exam. As seen in the introductory chapter on the Risk Management Framework, the exam objectives of this domain are:

a. Develop a Risk Response Strategy
b. Develop a Contingency Approach & Plan
c. Present the Recommendations to Key Stakeholders

Let us say you are the project manager for a project and the warning signs have appeared that a risk is about to happen, what will you do? This is exactly what this domain is all about.

The exam objectives are only 3 in number and may be deceptive that this domain is easy. But as with the other domains, these 3 objectives cover a lot of ground. As you may have guessed by now (If you are a PMP or atleast have read the PMBOK guide) that much of this chapter is centered around the “Plan Risk Response” chapter of the PBMBOK Guide. In the series on PMP Exam Preparation, we had covered this topic in great detail. You can click here to access the chapter on Planning Risk Responses

In order to develop a good Risk Response Plan, you first need to understand the types of strategies you can use for Negative & Positive Risks. Do you know what these Negative & Positive Risks are and how to differentiate between the two? This is one of those basic pre-requisites you need to know before you can actually manage risks for any project. You also need to understand the concepts of Secondary and Residual risks.

Trivia:
A Negative Risk is one that affects a project in a negative way (Like causing delays, bugs, monetary losses etc).
A Positive Risk is one that affects a project in a positive way (Improving schedule, monetary benefits etc).


In order to efficiently execute this domain, a project manager needs to know about:
a. Contingency Plans
b. Contingency Reserves
c. Fallback Plans
d. Workarounds
e. Various Risk Response Techniques
f. Interpreting Risk Related Data

As with other domains, we will be taking a detailed look at all the exam objectives of this domain in future…

Prev: Risk Analysis

Next: Risk Governance
Posted by Anand Vijayakumar at 4:53 AM 0 comments
Labels: , , , , , , ,

Thursday, June 7, 2012

The Risk Management Framework


In the previous section, we learnt about the basic details about the PMI Risk Management Professional certification. This is going to be the first actual chapter in our study plan for this PMI RMP certification exam.

Overview of the Risk Management Framework

The Project Management Institute suggests a Framework that is tried & tested and widely used to manage project risks. It is extremely important to understand the basics of this Risk Management Framework.

There are 4 key domains in this Risk Management Framework. They are:
1. Risk Communication
2. Risk Analysis
3. Risk Response Planning &
4. Risk Governance

Our study plan will be revolving around each of these 4 domains of the Risk Management Framework. Before we go any further into these individual domains, let us now look at the basic details related to these domains and also look at the Exam Objectives that we need to focus on for the PMI RMP Exam.

Risk Communication

The Risk Communication domain deals with how effectively we can communicate about risk related events with all the Project Stakeholders. Risk Communication plays a key role in the overall Risk Management strategy because, as the Project Manager, it is our foremost priority to keep all stakeholders apprised of the Situation in the Project. They key exam objectives of this domain are:
a. Apply Interpersonal Skills
b. Assess Stakeholder Risk Tolerance
c. Document Risk Related Information &
d. Create Regular Status Reports

Risk Analysis

The Risk Analysis domain is by-far the most critical domain of the Risk Management Framework in terms of the impact it can have on the overall Risk Management Strategy in the Project. This is because, unless you can analyze risks properly you cannot plan effectively plan how to handle them and eventually result in project delays and losses. The key exam objectives of this domain are:
a. Identify Risks
b. Evaluate Risks using Quantitative & Qualitative Risk Analysis
c. Prioritize Risks
d. Establish Control Limits


Risk Response Planning

The Risk Response Planning domain too is a very critical domain of the Risk Management Framework because, this is where we actually create plans on how we are going to handle the risk events if they occur. Unless our response is appropriate, the risk will cause project delays and losses. The key exam objectives of this domain are:
a. Develop a Risk Response Strategy
b. Develop a Contingency Approach & Plan
c. Present the Recommendations to Key Stakeholders

Risk Governance

The Risk Governance domain sets up baselines & standards that you wish your project to follow. This is where we actually handle the risk events when they occur. We also take necessary steps to improve our process to ensure that the chances of risk events occurring are kept to the minimum. The key exam objectives of this domain are:
a. Document Lessons Learned
b. Refine Risk Policies & Practices
c. Create the Risk Management Plan
d. Establish metrics for the Risk Management Processes
e. Examine Process Performance
f. Monitor Risk Performance
g. Identify Relevant Policies & Standards

If all this information seems overwhelming to you, just relax and go through the chapter once more. This is just the first chapter. We still have a very long way to go where we will be covering each of these areas in detail…

Prev: Study Plan for the RMP Certification

Next: Risk Communication
Posted by Anand Vijayakumar at 4:51 AM 0 comments
Labels: , , , , , , ,

Tuesday, December 13, 2011

Chapter 18: Risk Management


Aim: To understand the following Risk Management Processes
• Plan Risk Management
• Identify Risks
• Perform Qualitative Risk Analysis
• Perform Quantitative Risk Analysis
• Plan Risk Responses

If you have read the PMBOK or my earlier series “PMP Certification - Study Guide” you would by now know that

“A Risk is an Uncertain Event that can affect your Project”

Remember that this risk can be either Negative (An Actual Risk) or Positive (An Opportunity).

PMI’s risk management philosophy is based on a proactive approach to preventing negative risks and enhancing positive risks. Key points that you must remember about risk are:
• Risk can be either positive or negative. Positive risks are opportunities; negative risks are threats.
• A risk breakdown structure (RBS) is used to organize risk in a hierarchical structure.
• Monte Carlo analysis is a technique using simulations and probability in determining quantitative risk analysis.
• Risk categories are important in classifying risk.
• Probability and impact are both needed to assess risks.
• Quantitative analysis is generally reserved for high-probability, high-impact risk.
• Risk management planning and risk response planning are not the same activities.
• Risk identification is an iterative process that is performed throughout the project, not just during planning.
• Decision tree analysis is a technique using probabilities and costs for structured decision making.
• Five of the six risk management processes are conducted during the planning process group.
• The risk register is an important tool for capturing and tracking risks.

Exam Watch:
Risk register is a term introduced by PMI for the document detailing information on risks. The risk register includes all identified risks, the impacts of identified risks, proposed responses, responsible parties, and the current status.
Risk Management Planning and Risk Response Planning

The first step in Risk Management is to plan how we are going to conduct the whole Risk Management exercise in our project.
The risk management plan includes the risk methodology, roles/responsibilities, budget, execution timing, and definitions for risk categories, probabilities, and impacts. It is a summation of how the project team will carry out the remainder of the risk management activities for the project.

Exam Watch:
The risk management plan is not the same as the risk response plan. The Risk Response Plan will contain the possible actions you must take when a risk actually happens whereas the Risk Management Plan is the overall approach to managing Risks in the Project.

The risk management plan is the single output of the plan risk management process. The table below shows the inputs, tools and techniques, and outputs for the plan risk management process.

Plan Risk Management
Inputs Tools & Techniques Outputs

Project scope statement
Cost management plan
Schedule management plan
Communications management plan
Enterprise environmental factors
Organizational process assets
Planning meetings and analysis		 Risk management plan
To know more about the Plan Risk Management Process Click Here

Risk Breakdown Structure (RBS)

A risk breakdown structure (RBS) is a tool that can be used to organize risks in a hierarchical fashion. The structure is defined using the risk categories. Even if an RBS is not used, risk categories are still defined in risk management planning. Risk categories can include
• Technical - Risk associated with using new technology.
• External - Risk associated with forces or entities outside the project organization. External risks can include external suppliers, customers, weather, and market conditions.
• Organizational - Risk associated with either the organization running the project or the organization where the project will be implemented.
• Project Management - Risk associated with project management processes.
Note that this is just a high level classification of Risks and you need to tweak this whole process to suit your needs in the Project that is being executed.

Risk Probability and Impact

Probability can be defined as the likelihood that a risk will occur. It can be expressed mathematically or as a relative scale (low, medium, high).

Impact is the effect a risk has if it actually occurs. It can also be defined on a relative scale or mathematically.

The team documents in the project management plan detail how probabilities and impacts are measured. For example, a red/yellow/green scale might be used, where high-probability, high-impact risks are red; low-probability, low-impact risks are green; and so on. Again, I repeat, how the risks are categorized and prioritized will vary based on the Project at hand and there is no Universal Rule as to how you must handle risks.

Exam Watch:
Both probability and impact are mandatory for evaluating risks. Think of it this way, how will you prioritize a risk if you do not know what the chances are of the risk happening and what the impact it would have if it occurs.

Risk Identification, Analysis, Response Planning, and Monitoring/Controlling

In the risk management process, completing the risk management plan is the first step. After the plan is in place, according to PMI the next steps in the risk management process are
• Risk Identification
• Risk Analysis (qualitative and quantitative)
• Risk Response planning
• Monitoring/controlling Risks (This is not in scope as part of this chapter on Planning. We will cover it in the chapter on Monitoring & Controlling)

Identify Risks

The identify risks process determines the risks that might affect the project and characterizes those risks.
Obviously, you need to identify all the possible risks that might affect your project if you are to have any success handling them. Isnt it? Keep in mind that identifying risks is not just the project manager’s responsibility; team members, subject matter experts, customers, stakeholders, and others are involved in this process.

The table below shows the inputs, tools and techniques, and outputs for the identify risks process.

Identify Risks
Inputs Tools & Techniques Outputs

Risk management plan
Activity cost estimates
Activity duration estimates
Scope baseline
Stakeholder register
Cost management plan
Schedule management plan
Quality management plan
Project documents
Enterprise environmental factors
Organizational process assets
Documentation reviews
Information gathering techniques
Checklist analysis
Assumptions analysis
Diagramming techniques
SWOT analysis (Strength, Weakness, Opportunity, Threat)
Expert judgment
 Risk register
The Risk Register

The risk register is the output of the identify risks process. The risk register contains the following information:
• Risk description
• Date identified
• Category
• Potential responses
• Current status

Exam Watch:
Identify risks is not a one-time event that occurs just during the planning process. It should be conducted throughout the project, including when major milestones are reached and when an actual risk event occurs.
To know more about the Identify Risks Process Click Here

Qualitative and Quantitative Risk Analysis

Qualitative risk analysis provides further definition to the identified risks in order to determine appropriate responses to them. The key terms are probability and impact. Probability is important because it measures how likely a risk is to occur. A high-probability risk deserves more attention than a low-probability risk. Similarly, impact is a measure of how the risk will affect the project should it occur. A risk with low impact has a different response than one with a high impact.

Exam Watch:
Qualitative risk analysis is most concerned with ranking or prioritizing risks. It is used to determine which risks pose more of a potential effect on the project.

Qualitative risk analysis quickly prioritizes risks in order to conduct response planning and quantitative risk analysis, if required. Using the probability of the impact and a probability impact matrix, the project manager develops a prioritized list of risks. The output to this step is captured in the risk register.

The table below shows the inputs, tools and techniques, and outputs for the perform qualitative risk analysis process.

Perform Qualitative Risk Analysis
Inputs Tools & Techniques Outputs

Risk register
Risk management plan
Project scope statement
Organizational process assets
Risk probability and impact assessment
Probability and impact matrix
Risk data quality assessment
Risk categorization
Risk urgency assessment
Expert judgment
 Risk register updates
To know more about Qualitative Risk Analysis Click Here

Quantitative risk analysis assigns numerical values to risks and looks at those risks that are high on the list of prioritized risks (The output of qualitative risk analysis). The goal of this process is to quantify possible outcomes for the project, determine probabilities of outcomes, further identify high impacting risks, and develop realistic scope, schedule, and cost targets based on risks.

The table below shows the inputs, tools and techniques, and outputs for the perform quantitative risk analysis process.

Perform Quantitative Risk Analysis
Inputs Tools & Techniques Outputs

Risk register
Risk management plan
Cost management plan
Schedule management plan
Organizational process assets
Data gathering and representation techniques
Quantitative risk analysis and modelling techniques
Expert judgment
 Risk register updates
Exam Watch:
Quantitative risk analysis is more concerned with assigning each risk a numerical value. This value can then be used to figure out the relative impact that particular risk would have on the project.

To know more about Quantitative Risk Analysis Click Here

Planning Responses to Positive and Negative Risks

After all risks are identified, options to deal with the risks must be identified. Each risk is assigned to one or more owners to carry out the planned response. The responses are documented in the risk register after it has been updated in the plan risk responses process.

The table below shows the inputs, tools and techniques, and outputs for the plan risk responses process.

Plan Risk Responses
Inputs Tools & Techniques Outputs

Risk register
Risk management plan
Strategies for negative risks or threats
Strategies for positive risks or opportunities
Contingent response strategies plan
Expert judgment
 Risk register updates
Risk-related contract decisions
Project management updates
Project document updates
There are four possible responses to negative risks:
• Avoid (Best) – Eliminating the Actual Threat by taking some action
• Transfer – Shifting the Risk to another party
• Mitigate – Take steps to ensure that the chances of the Risk happening are reduced
• Accept – Let the Risk happen. Use Contingency Reserves to handle it
For positive risks the responses include
• Exploit (Best) – Take steps to ensure that the Opportunity happens
• Share – Enlist the help of a Third party to capitalize on the opportunity
• Enhance – Taking steps to increase the probability of the Opportunity happening
• Accept – Take no steps to take advantage of the situation

To know more about the Plan Risk Responses process Click Here

Exam Watch:
Risks should be re-evaluated when the following events occur:
• A risk trigger is identified
• A change request is approved
• Key project milestones are reached
• Project phases end
• Deviations are detected in variance and trend analysis
• Corrective or preventive actions are implemented

Prev: Chapter 17

Next: Chapter 19
Posted by Anand Vijayakumar at 3:52 AM 1 comments
Labels: , , , , , , , ,
Subscribe to: Comments (Atom)
© 2013 by www.getpmpcertified.blogspot.com. All rights reserved. No part of this blog or its contents may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the Author.

Followers

Popular Posts