Online Mind Mapping and Brainstorming

Create your own awesome maps

Online Mind Mapping and Brainstorming

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account? Log In

Risk Management by Mind Map: Risk Management
5.0 stars - 7 reviews range from 0 to 5

Risk Management

Can be used to determine how much the project will cost ar how long it will take

Project Management Plan

What is it?

Create a plan for handling risk management for the project

Adapt any policies and procedures for risk to the needs of the project

Taylor Risk management activities to the needs of the project, The Type & Size of the project, The experience of the project team, The perceived level of project risk, The importance of the project to the organization

Determine how you will measure the success of your risk efforts

What it contains?


Roles & Responsabilities



Risk Categories

Definitios of probability & Impact

Stakeholders Tolerance

Reporting Formats



Review available risk management procedures, historical records & lessons learned

Define methodology to identify risks

Determine who will be involved (Rol & responsabilities)

Determine how much the risk effort will cost and include that cost in the budget

Determine the timing of the risk efforts

Determine the definitions of probability & impact you will use to qualify and quantify risks

Determine the stakeholder tolerances and thresholds

Determine wich risk categories will be used to identify risks

Define how risks will be documented, analyzed and communicated to the project team and others

Determine how you will track and keep records of risks for use on future projects


Risk Management Plan

Identify Risk

What is it?

Identify and record a long list of threats and opportunities for the project and by work package

Make sure all risks are in the cause-risk-effect format

Understand the risks

What it contains

Use "Cause - Risk - Effect"


Collect historical information

Determine who may have insight into risks

Determine which risk identification method to use

Identify risks with others

Make a list of all identified risks on a risk register

Determine with the risk team, how confident you are that the major risks have been identified

If you are not confident, redo the previous step

Ask the remaining questions and collect the information

Add new risks to the list and eliminate any items identified as not really risks in your data collection

Discuss remaining risks as necessary to understand them


Project Charter

Risk Management Plan

Outputs from project planning

List of common risk categories

Historical records and project documents

Stakeholder register

Tools & Techniques

Ways to document, Forms, Sticky labels

Methods, Prompt list, Generic list of risk categories, Technical, Quality, Performance, Project Management, Organizational, External, Cultural, Contracts, Sellers, Changes in the marketplace, Changes to the competitors customers, Risk Breakdown Structure, Historical records and other documentation, Brainstorming, Determine who to involve in the sessions, Find two scribes, Have a comfortable room with comfortable chairs, a flip chart or sticky notes, Instruct the scribes to record risks, State the objetives, Aks "What are the risks related to this project as a whole?", Ask " What are the related risk for each activity?", Ask " What are the risks by Category?", Group Risks by category, Ask for clarification of the risks, State risk in the cause - Risk - Effect format, Rank Risks, Further analyze the risks, Conduct pre-mortem, The project has failed to meet one or more of its objetives, so, the group must imagine why the project failed, Affinity Diagrams, Expert interview, Be prepared, what you want to gain from the interview and with specific questions, Explain him the goals and why you need to talk to him/her, Explain roles and responsabilities, Ask an open ended question to get their individual thoughts before start with the stablished questions, Ask questions to clarify responses, Ask prepared questions, Ask follow up questions for each question you ask to dig into each area of inquiry, Clarify responses if needed, Ask for other ideas, Thell them you may need to meet with them again, Thell them how to get in touch with you, Thanks them for their time, Nominal group Technique, Determine participants, Form groups of invitees, Collect a list of risks from Each group member, Provide the group with a list of all their risks, Ask each group to rate each risk with a scale 1 - 10, Tabulate all the ratings to obtain the group opinion, Delphi Technique, Determine which experts can help you ascertain risks, keep it anonymous, Send out a specific request with attached details of the project to each expert and request his or her opinion, Collect all experts opinion and compile them into one list, Resend the list to every expert, ask them for further comments based on the compiled list, Try to reach consensus, Cause - Effect Diagram, Failure mode and effect analysis / FMEA / Fault tree analysis, SWOT analysis


Risk Register, List of risks, Root causes of risks, Potential risks owners, Risk Owner, Watch for triggers to manage the risk response if the risk occurs, Involved in helping to create the contingency of fallback plans for his or her assigned risk and then be responsible for carrying out the plans, What if contingency plan does not work?, Fallback plan is a plan in case contingency plan fails, Risk action owners, The responsible to implement preapproved risk responses, leaving the risk owner with the responsability of ensuring that the risk response is effective, List of potential responses, Triggers, Early warining sign that tells risk owners and project managers that an accepted risk has occurred or is about to occur, When to implement contingency or fallback plans, Updated risk categories

Perform Qualitative Risk Analysis

What is it?

Subjetively evaluate the probability and impact of each risk

Create a shorter list of risks by determining the top or critical risk that you will quantify further and/or address in the Plan Risk Responses process

Make a go/no go decision

What it contains

Threshold, Amount of risk acceptable

Risk Score, Probability * Impact

Risk Ranking, Risk score compared to the risk scores of other projects

Overall risk

Activity Risk

Network diagram risk, Path convergence, Path divergence


How well understood is the risk

Collect additional information you may need in order to evaluate the risks

Determine if you will use risk owner to help to qualifying risk or only assign risk owners later during the Plan Risk Response process

Look for and test any assumtion made in qualifying risks and look for any data that is biased

Determine what scales of probability and impact to use and what methods of qualitative risk analysis to use, how they will be used and who will be involved

Do it!! determine probability, impact, limits, timing for each risk

Determine wich risks activities and causes you will move forward in the risk management process

Determine the overall risk score and ranking

Document the risks

Look for trends

Make a go/no go decision

Move on thto the next step, Quantitative risk analysis, You think you have identified all project risks, It is worth the time and money on your project, You have a very high priority or visible project, There is very little tolerance for cost or schedule overruns, Plan Risk Response, You have asmall budget or short lenght project, You are new to risk management and have not perfected quantitative risk analysis


Risk Management plan

Risk Register

Project Scope Statement

Project type and an understanding of the work needed to complete the project

Data about the risks to be used during this step to measure their precision

Assumption to test, Be realistic, Dig deeper

Scales for probability and impact, Probability, Likehood that a risk will occur, Impact, The effect the risk will have on the project if it occurs

Historical Records

Tools & Techniques


Uptadete to the risk register, Risk ranking for the project compared to other projects, List of prioritized risks and their probability and impact rating, Risks grouped by categories, List of risks requiring additional analysis in the near term, List of risk for additional analysis and response, Watchlist non top risks, Trends, Go / No go decision

Perform Quantitative Risk Analysis

What is it?

Drop the subjetive risk score concept from qualitative analysis in favor of the more objective concept of expected monetary value

Look at specific time and cost impacts of each risk

Iterative to see results

Decide wich risks warrant a response

Objectively evaluate the probability and impact of each risks

Determine the level of risk the project currently has and wether that level of risk is acceptable for the expected gain from the product of the project

Determine how much the project will cost and how long it will take if no further risk management actions are taken to decrease project risk

Determine which risks require response planning

Determine the probability af archieving cost and schedule objetives for the project


Determine what methods of quantitative risk analysis to use, how they will be used and who will be involved

Determine the quantified probability and impact of each risk using one of the choices provied

Determine which risks warrant a response in the plan risk responses plan

Determine wich activities include risks that warrant a response in the plan risk responses process

Determine the level of risk the project currently has

Determine how much the project will cost and how long the project will take if no further risk management actions are taken to decrease the project risk

Determine the probability of achieving the cost or schedule objetives for the project


Risk management plan

Risk register, Prioritized risks from perform qualitative risk analysis process, List of risks carried forward for additional analysis

Historical records

Outputs from other parts of the project planning, including the cost management plan and schedule management plan

Tools & Techniques

Probability & Impact, Juicio subjetivo de la probabilidad, Calculate the actual cost and/or time impact, Use historical records, Delphi Technique, Conduct interviews

Risk Exposure, Expected monetary value of risks, What the overall probable circumstance will be as a result of the events, EMV= Cost Impact X Probability, Expected monetary value fo the project is the sum of the expected monetary value of the risk, To forecast how much the project will cost or long it will take

Monte Carlo Simulation, Translate uncertanties into impacts to the total project, Advantages, Helps determine the overall risk of meeting required project time or cost, Does not weigh estimates toward the most likely estimate and do some other estimating methods, Helps identify early in the project if time or cost changes are necessary, Helps determine the most realistic length of time the project will take, Provides and overall view of the amount of time or cost contingency needed, Indicates what activities might have the highest probability of becoming critical activities, allowing better management and oversight, Provides a vehicle for improved project planning, Disadvantages, ONLY evaluate overall (not detailed) project risk, time and cost necessary to manage the project, Many people do not realize that specific risks must be identified as part of risk management in addition to Monte Carlo simulations, Requires software

Decision tree, Are models of real situation and are used to see the potential impacts of decisions by taking into account the associated risks, probabilities and impacts, Takes into account future events in trying to make a decision today, It calculates the expected monetary value in more complex situations, It involves mutual exclusivity (two events are said to be mutually exclusive of they cannot both occur in a single trial)

FMEA, Failure Mode, fault tree Analysis


Risk register updates, Prioritized list of quantified risks, Amount of contingency time and cost reserves needed, Possible realistic and achievable completion dates and project costs, with confidence levels, versus the time and cost objetives for the project, The quantified probability of meeting project deliverables, Trends

Plan Risk Response

What is it?

Determine what can be done to reduce the overall risk of the project by decreasing the probability and impact of threats and increasing the probability and impact of opportunities

Must be documented in the ris register

What it contains

The analysis activities with the highest risk scores, the most common causes of risk and any individual activities with high risk scores

Use risk owners in the process

Any decrease in project risk causes a decrease in the project schedule and/or cost


Get the risk register

Description of the risks

The activities related to

Potential risk owners, risk responses and triggers

The final probability and impact rating of each risk

The risk ranking among the remaining risks on the project

Contingency plans

Fallback plans for each risk

List of non-top risks for future reference

Probability - impact and expected monetary value

Others according to the project


Risk Management Plan

Risk Register, List of prioritized risks, Ranking of the project risks, Risk scores and expected monetary values of top risks, Potential risk owners, Watchlist

Forecast of potential schedule and cost for the project

Monte Carlo Analysis probability of achieving the project objetives

Historical records about risk responses from past projects and common risk causes

Risk tresholds

Tools & Techinques

Strategies, Threats, Avoid, Eliminate the threat of a risk by eliminating the cause, Mitigate, Control, Reduce the expected monetary value of a risk by reducing its impact or probability of occurrence, Transfer, Allocate, Assign the risk to someone else by subcontracting or buying insurance, Accept, Passive, If it happens, it happens, Active, Create a contingency plan, Planned actions to be taken if it the threat or opportunity happens, Opportunities, Exploit, Increase the opportunity by making the cause more probable, Enhance, Increase the expected time, quality or monetary value of risk by increasing its probability or impact of occurrnence, Share, Retain appropiate opportunities or parts of opportunities instead of attempting to transfer them to others, Accept, Must be timely, The effort selected must be appropiate to the severity of the risk, avoid spending more money to preventing te risk than the impact of the risk would cost if it occured, One response can be used to address more than one risk, Involve the team, other stakeholders and experts in selecting a strategy

Seconday risk, Is a risk generated by a response strategy to another risk, In other words, the response to a risk can create another risk

Reserve, Amount of time/cost added to the project to account for risks, Contingency, knows - Unknowns, Management, Unknowns - Unknowns, Percentaje, 2% - 15%, Project Schedule = Critical path duration + Contingency reserve + Management reserve, Methods, 10%, Add a percentaje for both (management & Contingency, Guess, Expected monetary value, Project budget = Cost of activities + Contingency reserve (EVM) + Management reserve, Monte Carlo, Determine the acceptable probability, Refer to the monte carlo simulations to see the time and cost associated with that probability, That amount will be the project budget or schedule length, Deduct the schedule or cost length from the total activity-based schedule or cost estimate created during project planning, The difference is the contingency reserve

Procurement, Contracts, Terms and conditions to put into contract to decrease project threats, increase opportunities and distribute risk between buyer & seller, Proposal and bids, Insurance, Transference strategy, Mitigation


Risk Response plan

Go / No go decision, If all the options still don`t work to meed the project objetives, management may choose to cancel the project


Fallback plans


Risk register updates, Residual risks, Risks that remain after the plan risk responses process, Contingency plans, Risk owners, Secondary risks, Triggers, Update the project management plan, Project description, Scope statement, WBS, Network diagram, Schedule, Risk Analysis, Budget, Assumptions, Management plans, Quality, Procurement, Cost, Time, Human resource, Comunications, ETC

Monitor & Control Risks

What is it?

The benefits of the previous processes are realized by the project manager and the team

Implement the risk response plan, ensure compliance and manage progress

Manage the contingency and management reserves

Create workarounds, Unlanned response to an unidentified risk that occours, Reactive

Control the project Risk

Refine and update the risk register

PErform additional risk identification, qualitative and quantitative risk analysis and risk response planning

Reestimate the project

Keep stakeholders informed about the status of risks on the project, communicate about risks

Create lessons learned

Evaluate the risk impact of scope, schedule, cost and other change request

Benefits, Implement, Manage progress, Communicate, Ensure compliance, Reassess, Refine, Add new risks, Reestimate the project, Measure, Take corrective actions, Evaluate the effectiveness of corrective action

Risk owner wll respond to risk triggers by implementing contingency plans and fallback plans

Project manager should make sure the contingency plans and fallback are understood and complied with

Unauthorized changes to these plans have the same impact to the project as other unauthorized project changes and should therefore be avoided



Risk register, Risks, Risk response plan, Risk owners, Triggers, Contracts, Watchlists, Time & Cost reserves

Risk management plan

Work results

Project communications

Risk events

Project Changes

Additional risks that have been identified as the project progress

Tools & Techniques

Risk Review, Additional risk response planning ideas, Changing the order of the top risks, Revisiting non-top risks to see if the ranking of no-top risks needs to change, Adjusting to the severity of actual risks, Determinin if assumptions are still valid, Looking for any unexpected effects or consequences of risks, Monitoring residual risks, Reviewing all workaround situations to see if they provide insight into the existence of additional risks, Making changes to the project management plan when new risk responses are developed


Measuring performance, Risk audit, Look backward, Include, Reviewing if the right risk owners have been assigned to each risk, Determine if the risk owners are effective, Examining and documenting the effectivness of contigency plans and fallback plans, Risk review, Look forward

Earn Value Management

Risk reassessment, Risks are identified, Changes occur

Reestimating the project, When new risks are identified, When new risks ratings for probability or impact are determined for existing risks, When priorization of risks changes, To accommodate the time and cost for workarounds, When any refinement or reassessing of the risk response plan is done, When reserves are used faster than expected, When the project has had many changes, When the project has never been done before, When there is a little confidence in the project management plan, When a new project manager takes over the project, When many unidentified risks occur

Communicating, Project management plan, Project Monthly reports, Activity status reports, Bar charts, Communication with other projects, Risk register, Activity estimating form

Lessons learned


Risk Register updates

Change requests, Corrective actions, Preventive actions

Project management plan updates

Organizational process assets updates

Risk Governance