Risk Management

Risk management process for project managers

Get Started. It's Free
Risk Management

2. Perform Quantitative Risk Analysis

2.1. What is it?

2.1.1. Drop the subjetive risk score concept from qualitative analysis in favor of the more objective concept of expected monetary value

2.1.2. Look at specific time and cost impacts of each risk

2.1.3. Iterative to see results

2.1.4. Decide wich risks warrant a response

2.1.5. Objectively evaluate the probability and impact of each risks

2.1.6. Determine the level of risk the project currently has and wether that level of risk is acceptable for the expected gain from the product of the project

2.1.7. Determine how much the project will cost and how long it will take if no further risk management actions are taken to decrease project risk

2.1.8. Determine which risks require response planning

2.1.9. Determine the probability af archieving cost and schedule objetives for the project

2.2. Steps

2.2.1. Determine what methods of quantitative risk analysis to use, how they will be used and who will be involved

2.2.2. Determine the quantified probability and impact of each risk using one of the choices provied

2.2.3. Determine which risks warrant a response in the plan risk responses plan

2.2.4. Determine wich activities include risks that warrant a response in the plan risk responses process

2.2.5. Determine the level of risk the project currently has

2.2.6. Determine how much the project will cost and how long the project will take if no further risk management actions are taken to decrease the project risk

2.2.7. Determine the probability of achieving the cost or schedule objetives for the project

2.3. Inputs

2.3.1. Risk management plan

2.3.2. Risk register

2.3.2.1. Prioritized risks from perform qualitative risk analysis process

2.3.2.2. List of risks carried forward for additional analysis

2.3.3. Historical records

2.3.4. Outputs from other parts of the project planning, including the cost management plan and schedule management plan

2.4. Tools & Techniques

2.4.1. Probability & Impact

2.4.1.1. Juicio subjetivo de la probabilidad

2.4.1.2. Calculate the actual cost and/or time impact

2.4.1.3. Use historical records

2.4.1.4. Delphi Technique

2.4.1.5. Conduct interviews

2.4.2. Risk Exposure

2.4.2.1. Expected monetary value of risks

2.4.2.1.1. What the overall probable circumstance will be as a result of the events

2.4.2.1.2. EMV= Cost Impact X Probability

2.4.2.2. Expected monetary value fo the project is the sum of the expected monetary value of the risk

2.4.2.2.1. To forecast how much the project will cost or long it will take

2.4.3. Monte Carlo Simulation

2.4.3.1. Translate uncertanties into impacts to the total project

2.4.3.2.1. Helps determine the overall risk of meeting required project time or cost

2.4.3.2.2. Does not weigh estimates toward the most likely estimate and do some other estimating methods

2.4.3.2.3. Helps identify early in the project if time or cost changes are necessary

2.4.3.2.4. Helps determine the most realistic length of time the project will take

2.4.3.2.5. Provides and overall view of the amount of time or cost contingency needed

2.4.3.2.6. Indicates what activities might have the highest probability of becoming critical activities, allowing better management and oversight

2.4.3.2.7. Provides a vehicle for improved project planning

2.4.3.3.1. ONLY evaluate overall (not detailed) project risk, time and cost necessary to manage the project

2.4.3.3.2. Many people do not realize that specific risks must be identified as part of risk management in addition to Monte Carlo simulations

2.4.3.3.3. Requires software

2.4.4. Decision tree

2.4.4.1. Are models of real situation and are used to see the potential impacts of decisions by taking into account the associated risks, probabilities and impacts

2.4.4.2. Takes into account future events in trying to make a decision today

2.4.4.3. It calculates the expected monetary value in more complex situations

2.4.4.4. It involves mutual exclusivity (two events are said to be mutually exclusive of they cannot both occur in a single trial)

2.4.5. FMEA

2.4.5.1. Failure Mode

2.4.5.2. fault tree Analysis

2.5. Output

2.5.1.1. Prioritized list of quantified risks

2.5.1.2. Amount of contingency time and cost reserves needed

2.5.1.3. Possible realistic and achievable completion dates and project costs, with confidence levels, versus the time and cost objetives for the project

2.5.1.4. The quantified probability of meeting project deliverables

2.5.1.5. Trends

3. Plan Risk Response

3.1. What is it?

3.1.1. Determine what can be done to reduce the overall risk of the project by decreasing the probability and impact of threats and increasing the probability and impact of opportunities

3.1.2. Must be documented in the ris register

3.2. What it contains

3.2.1. The analysis activities with the highest risk scores, the most common causes of risk and any individual activities with high risk scores

3.2.2. Use risk owners in the process

3.2.3. Any decrease in project risk causes a decrease in the project schedule and/or cost

3.3. Steps

3.3.1. Get the risk register

3.3.2. Description of the risks

3.3.3. The activities related to

3.3.4. Potential risk owners, risk responses and triggers

3.3.5. The final probability and impact rating of each risk

3.3.6. The risk ranking among the remaining risks on the project

3.3.7. Contingency plans

3.3.8. Fallback plans for each risk

3.3.9. List of non-top risks for future reference

3.3.10. Probability - impact and expected monetary value

3.3.11. Others according to the project

3.4. Inputs

3.4.1. Risk Management Plan

3.4.2. Risk Register

3.4.2.1. List of prioritized risks

3.4.2.2. Ranking of the project risks

3.4.2.3. Risk scores and expected monetary values of top risks

3.4.2.4. Potential risk owners

3.4.2.5. Watchlist

3.4.3. Forecast of potential schedule and cost for the project

3.4.4. Monte Carlo Analysis probability of achieving the project objetives

3.4.5. Historical records about risk responses from past projects and common risk causes

3.4.6. Risk tresholds

3.5. Tools & Techinques

3.5.1. Strategies

3.5.1.1. Threats

3.5.1.1.1. Avoid

3.5.1.1.2. Mitigate

3.5.1.1.3. Transfer

3.5.1.1.4. Accept

3.5.1.2. Opportunities

3.5.1.2.1. Exploit

3.5.1.2.2. Enhance

3.5.1.2.3. Share

3.5.1.2.4. Accept

3.5.1.3. Must be timely

3.5.1.4. The effort selected must be appropiate to the severity of the risk, avoid spending more money to preventing te risk than the impact of the risk would cost if it occured

3.5.1.5. One response can be used to address more than one risk

3.5.1.6. Involve the team, other stakeholders and experts in selecting a strategy

3.5.2. Seconday risk

3.5.2.1. Is a risk generated by a response strategy to another risk

3.5.2.1.1. In other words, the response to a risk can create another risk

3.5.3. Reserve

3.5.3.1. Amount of time/cost added to the project to account for risks

3.5.3.2. Contingency

3.5.3.2.1. knows - Unknowns

3.5.3.3. Management

3.5.3.3.1. Unknowns - Unknowns

3.5.3.3.2. Percentaje

3.5.3.4. Project Schedule = Critical path duration + Contingency reserve + Management reserve

3.5.3.5. Methods

3.5.3.5.1. 10%

3.5.3.5.2. Guess

3.5.3.5.3. Expected monetary value

3.5.3.5.4. Monte Carlo

3.5.4. Procurement

3.5.4.1. Contracts

3.5.4.1.1. Terms and conditions to put into contract to decrease project threats, increase opportunities and distribute risk between buyer & seller

3.5.4.2. Proposal and bids

3.5.4.3. Insurance

3.5.4.3.1. Transference strategy

3.5.4.3.2. Mitigation

3.6. Output

3.6.1. Risk Response plan

3.6.2. Go / No go decision

3.6.2.1. If all the options still don`t work to meed the project objetives, management may choose to cancel the project

3.6.3. Contracts

3.6.4. Fallback plans

3.6.5. Reserves

3.6.6.1. Residual risks

3.6.6.1.1. Risks that remain after the plan risk responses process

3.6.6.2. Contingency plans

3.6.6.3. Risk owners

3.6.6.4. Secondary risks

3.6.6.5. Triggers

3.6.6.6. Update the project management plan

3.6.6.6.1. Project description

3.6.6.6.2. Scope statement

3.6.6.6.3. WBS

3.6.6.6.4. Network diagram

3.6.6.6.5. Schedule

3.6.6.6.6. Risk Analysis

3.6.6.6.7. Budget

3.6.6.6.8. Assumptions

3.6.6.6.9. Management plans

4. Monitor & Control Risks

4.1. What is it?

4.1.1. The benefits of the previous processes are realized by the project manager and the team

4.1.2. Implement the risk response plan, ensure compliance and manage progress

4.1.3. Manage the contingency and management reserves

4.1.4. Create workarounds

4.1.4.1. Unlanned response to an unidentified risk that occours

4.1.4.2. Reactive

4.1.5. Control the project Risk

4.1.6. Refine and update the risk register

4.1.7. PErform additional risk identification, qualitative and quantitative risk analysis and risk response planning

4.1.8. Reestimate the project

4.1.9. Keep stakeholders informed about the status of risks on the project, communicate about risks

4.1.10. Create lessons learned

4.1.11. Evaluate the risk impact of scope, schedule, cost and other change request

4.1.12. Benefits

4.1.12.1. Implement

4.1.12.2. Manage progress

4.1.12.3. Communicate

4.1.12.4. Ensure compliance

4.1.12.5. Reassess

4.1.12.6. Refine

4.1.12.8. Reestimate the project

4.1.12.9. Measure

4.1.12.10. Take corrective actions

4.1.12.11. Evaluate the effectiveness of corrective action

4.1.13. Risk owner wll respond to risk triggers by implementing contingency plans and fallback plans

4.1.14. Project manager should make sure the contingency plans and fallback are understood and complied with

4.1.15. Unauthorized changes to these plans have the same impact to the project as other unauthorized project changes and should therefore be avoided

4.3. Inputs

4.3.1. Risk register

4.3.1.1. Risks

4.3.1.2. Risk response plan

4.3.1.3. Risk owners

4.3.1.4. Triggers

4.3.1.5. Contracts

4.3.1.6. Watchlists

4.3.1.7. Time & Cost reserves

4.3.2. Risk management plan

4.3.3. Work results

4.3.4. Project communications

4.3.5. Risk events

4.3.6. Project Changes

4.3.7. Additional risks that have been identified as the project progress

4.4. Tools & Techniques

4.4.1. Risk Review

4.4.1.1. Additional risk response planning ideas

4.4.1.2. Changing the order of the top risks

4.4.1.3. Revisiting non-top risks to see if the ranking of no-top risks needs to change

4.4.1.4. Adjusting to the severity of actual risks

4.4.1.5. Determinin if assumptions are still valid

4.4.1.6. Looking for any unexpected effects or consequences of risks

4.4.1.7. Monitoring residual risks

4.4.1.8. Reviewing all workaround situations to see if they provide insight into the existence of additional risks

4.4.1.9. Making changes to the project management plan when new risk responses are developed

4.4.2. Workarounds

4.4.3. Measuring performance

4.4.3.1. Risk audit

4.4.3.1.1. Look backward

4.4.3.1.2. Include

4.4.3.2. Risk review

4.4.3.2.1. Look forward

4.4.4. Earn Value Management

4.4.5. Risk reassessment

4.4.5.1. Risks are identified

4.4.5.2. Changes occur

4.4.6. Reestimating the project

4.4.6.1. When new risks are identified

4.4.6.2. When new risks ratings for probability or impact are determined for existing risks

4.4.6.3. When priorization of risks changes

4.4.6.4. To accommodate the time and cost for workarounds

4.4.6.5. When any refinement or reassessing of the risk response plan is done

4.4.6.6. When reserves are used faster than expected

4.4.6.7. When the project has had many changes

4.4.6.8. When the project has never been done before

4.4.6.9. When there is a little confidence in the project management plan

4.4.6.10. When a new project manager takes over the project

4.4.6.11. When many unidentified risks occur

4.4.7. Communicating

4.4.7.1. Project management plan

4.4.7.2. Project Monthly reports

4.4.7.3. Activity status reports

4.4.7.4. Bar charts

4.4.7.5. Communication with other projects

4.4.7.6. Risk register

4.4.7.7. Activity estimating form

4.4.8. Lessons learned

4.5. Output

4.5.2. Change requests

4.5.2.1. Corrective actions

4.5.2.2. Preventive actions

5. Project Management Plan

5.1. What is it?

5.1.1. Create a plan for handling risk management for the project

5.1.2. Adapt any policies and procedures for risk to the needs of the project

5.1.3. Taylor Risk management activities to the needs of the project

5.1.3.1. The Type & Size of the project

5.1.3.2. The experience of the project team

5.1.3.3. The perceived level of project risk

5.1.3.4. The importance of the project to the organization

5.1.4. Determine how you will measure the success of your risk efforts

5.2. What it contains?

5.2.1. Methodology

5.2.2. Roles & Responsabilities

5.2.3. Budget

5.2.4. Timing

5.2.5. Risk Categories

5.2.6. Definitios of probability & Impact

5.2.7. Stakeholders Tolerance

5.2.8. Reporting Formats

5.2.9. Tracking

5.3. Steps

5.3.1. Review available risk management procedures, historical records & lessons learned

5.3.2. Define methodology to identify risks

5.3.3. Determine who will be involved (Rol & responsabilities)

5.3.4. Determine how much the risk effort will cost and include that cost in the budget

5.3.5. Determine the timing of the risk efforts

5.3.6. Determine the definitions of probability & impact you will use to qualify and quantify risks

5.3.7. Determine the stakeholder tolerances and thresholds

5.3.8. Determine wich risk categories will be used to identify risks

5.3.9. Define how risks will be documented, analyzed and communicated to the project team and others

5.3.10. Determine how you will track and keep records of risks for use on future projects

5.4. Output

5.4.1. Risk Management Plan

6. Identify Risk

6.1. What is it?

6.1.1. Identify and record a long list of threats and opportunities for the project and by work package

6.1.2. Make sure all risks are in the cause-risk-effect format

6.1.3. Understand the risks

6.2. What it contains

6.2.1. Use "Cause - Risk - Effect"

6.3. Steps

6.3.1. Collect historical information

6.3.2. Determine who may have insight into risks

6.3.3. Determine which risk identification method to use

6.3.4. Identify risks with others

6.3.5. Make a list of all identified risks on a risk register

6.3.6. Determine with the risk team, how confident you are that the major risks have been identified

6.3.7. If you are not confident, redo the previous step

6.3.8. Ask the remaining questions and collect the information

6.3.9. Add new risks to the list and eliminate any items identified as not really risks in your data collection

6.3.10. Discuss remaining risks as necessary to understand them

6.4. Inputs

6.4.1. Project Charter

6.4.2. Risk Management Plan

6.4.3. Outputs from project planning

6.4.4. List of common risk categories

6.4.5. Historical records and project documents

6.4.6. Stakeholder register

6.5. Tools & Techniques

6.5.1. Ways to document

6.5.1.1. Forms

6.5.1.2. Sticky labels

6.5.2. Methods

6.5.2.1. Prompt list

6.5.2.1.1. Generic list of risk categories

6.5.2.1.2. Risk Breakdown Structure

6.5.2.2. Historical records and other documentation

6.5.2.3. Brainstorming

6.5.2.3.1. Determine who to involve in the sessions

6.5.2.3.2. Find two scribes

6.5.2.3.3. Have a comfortable room with comfortable chairs, a flip chart or sticky notes

6.5.2.3.4. Instruct the scribes to record risks

6.5.2.3.5. State the objetives

6.5.2.3.6. Aks "What are the risks related to this project as a whole?"

6.5.2.3.7. Ask " What are the related risk for each activity?"

6.5.2.3.8. Ask " What are the risks by Category?"

6.5.2.3.9. Group Risks by category

6.5.2.3.10. Ask for clarification of the risks

6.5.2.3.11. State risk in the cause - Risk - Effect format

6.5.2.3.12. Rank Risks

6.5.2.3.13. Further analyze the risks

6.5.2.4. Conduct pre-mortem

6.5.2.4.1. The project has failed to meet one or more of its objetives, so, the group must imagine why the project failed

6.5.2.5. Affinity Diagrams

6.5.2.6. Expert interview

6.5.2.6.1. Be prepared, what you want to gain from the interview and with specific questions

6.5.2.6.2. Explain him the goals and why you need to talk to him/her

6.5.2.6.3. Explain roles and responsabilities

6.5.2.6.4. Ask an open ended question to get their individual thoughts before start with the stablished questions

6.5.2.6.5. Ask questions to clarify responses

6.5.2.6.7. Ask follow up questions for each question you ask to dig into each area of inquiry

6.5.2.6.8. Clarify responses if needed

6.5.2.6.10. Thell them you may need to meet with them again

6.5.2.6.11. Thell them how to get in touch with you

6.5.2.6.12. Thanks them for their time

6.5.2.7. Nominal group Technique

6.5.2.7.1. Determine participants

6.5.2.7.2. Form groups of invitees

6.5.2.7.3. Collect a list of risks from Each group member

6.5.2.7.4. Provide the group with a list of all their risks

6.5.2.7.5. Ask each group to rate each risk with a scale 1 - 10

6.5.2.7.6. Tabulate all the ratings to obtain the group opinion

6.5.2.8. Delphi Technique

6.5.2.8.1. Determine which experts can help you ascertain risks, keep it anonymous

6.5.2.8.2. Send out a specific request with attached details of the project to each expert and request his or her opinion

6.5.2.8.3. Collect all experts opinion and compile them into one list

6.5.2.8.4. Resend the list to every expert, ask them for further comments based on the compiled list

6.5.2.8.5. Try to reach consensus

6.5.2.9. Cause - Effect Diagram

6.5.2.10. Failure mode and effect analysis / FMEA / Fault tree analysis

6.5.2.11. SWOT analysis

6.6. Output

6.6.1. Risk Register

6.6.1.1. List of risks

6.6.1.2. Root causes of risks

6.6.1.3. Potential risks owners

6.6.1.3.1. Risk Owner

6.6.1.3.2. Risk action owners

6.6.1.4. List of potential responses

6.6.1.5. Triggers

6.6.1.5.1. Early warining sign that tells risk owners and project managers that an accepted risk has occurred or is about to occur

6.6.1.5.2. When to implement contingency or fallback plans

6.6.1.6. Updated risk categories

7. Perform Qualitative Risk Analysis

7.1. What is it?

7.1.1. Subjetively evaluate the probability and impact of each risk

7.1.2. Create a shorter list of risks by determining the top or critical risk that you will quantify further and/or address in the Plan Risk Responses process

7.1.3. Make a go/no go decision

7.2. What it contains

7.2.1. Threshold

7.2.1.1. Amount of risk acceptable

7.2.2. Risk Score

7.2.2.1. Probability * Impact

7.2.3. Risk Ranking

7.2.3.1. Risk score compared to the risk scores of other projects

7.2.4. Overall risk

7.2.5. Activity Risk

7.2.6. Network diagram risk

7.2.6.1. Path convergence

7.2.6.2. Path divergence

7.3. Steps

7.3.1. How well understood is the risk

7.3.2. Collect additional information you may need in order to evaluate the risks

7.3.3. Determine if you will use risk owner to help to qualifying risk or only assign risk owners later during the Plan Risk Response process

7.3.4. Look for and test any assumtion made in qualifying risks and look for any data that is biased

7.3.5. Determine what scales of probability and impact to use and what methods of qualitative risk analysis to use, how they will be used and who will be involved

7.3.6. Do it!! determine probability, impact, limits, timing for each risk

7.3.7. Determine wich risks activities and causes you will move forward in the risk management process

7.3.8. Determine the overall risk score and ranking

7.3.9. Document the risks

7.3.10. Look for trends

7.3.11. Make a go/no go decision

7.3.12. Move on thto the next step

7.3.12.1. Quantitative risk analysis

7.3.12.1.1. You think you have identified all project risks

7.3.12.1.2. It is worth the time and money on your project

7.3.12.1.3. You have a very high priority or visible project

7.3.12.1.4. There is very little tolerance for cost or schedule overruns

7.3.12.2. Plan Risk Response

7.3.12.2.1. You have asmall budget or short lenght project

7.3.12.2.2. You are new to risk management and have not perfected quantitative risk analysis

7.4. Inputs

7.4.1. Risk Management plan

7.4.2. Risk Register

7.4.3. Project Scope Statement

7.4.4. Project type and an understanding of the work needed to complete the project

7.4.5. Data about the risks to be used during this step to measure their precision

7.4.6. Assumption to test

7.4.6.1. Be realistic

7.4.6.2. Dig deeper

7.4.7. Scales for probability and impact

7.4.7.1. Probability

7.4.7.1.1. Likehood that a risk will occur

7.4.7.2. Impact

7.4.7.2.1. The effect the risk will have on the project if it occurs

7.4.8. Historical Records

7.6. Output

7.6.1. Uptadete to the risk register

7.6.1.1. Risk ranking for the project compared to other projects

7.6.1.2. List of prioritized risks and their probability and impact rating

7.6.1.3. Risks grouped by categories

7.6.1.4. List of risks requiring additional analysis in the near term

7.6.1.5. List of risk for additional analysis and response

7.6.1.6. Watchlist non top risks

7.6.1.7. Trends

7.6.1.8. Go / No go decision