Risk Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives. A frequently overlooked aspect of project management, risk management can often result in significant improvements in the ultimate success of projects. Risk management can have a positive impact on selecting projects, determining their scope, and developing realistic schedules and cost estimates. It helps project stakeholders understand the nature of the project, involves team members in defining strengths and weaknesses, and helps to integrate the other project management knowledge areas. [1]

RIsk
RIsk

Objectives and Skills

edit

Objectives and skills for the risk portion of Project+ certification include:[2]

  • Outline the components of a risk management plan
    • Initial risk assessment
    • Risk matrix
    • Risk register
    • Risk response strategies
    • Stakeholder risk tolerance
  • Using the risk management plan determine an appropriate response to potential risk / opportunity events
    • Perform qualitative and quantitative risk analysis
    • Opportunities
      • Sharing
      • Exploiting
      • Enhancing
    • Threats
      • Avoidance
      • Acceptance
      • Mitigation
    • Update risk register with appropriate changes

Objectives and skills for the schedule portion of Project+ PK0-004 certification include:[3]

  • Explain the importance of risk strategies and activities.
    • Strategies
      • Accept
      • Mitigate
      • Transfer
      • Avoid
      • Exploit
    • Risk activities
      • Identification
      • Quantification
      • Planning
      • Review
      • Response
      • Register
      • Prioritization
      • Communication

Readings

edit
  1. Wikipedia: Risk management
  2. Wikipedia: Risk management plan
  3. Wikipedia: Risk breakdown structure
  4. Wikipedia: Risk assessment
  5. Wikipedia: Risk register
  6. Wikipedia: Risk Matrix
  7. Qualitative Risk Analysis

Multimedia

edit
  1. YouTube: Definitions of Risk
  2. YouTube: What is Project Risk Management?
  3. YouTube: What is a Risk Register and When To Use It
  4. YouTube: Probability and Risk Matrix
  5. YouTube: Project Management Concept #2: Qualitative Risk Analysis vs Quantitative Risk Analysis
  6. YouTube: Controlling Risks

Activities

edit
  1. Brainstorm with your team members to create a list of risks associated with your current project (10 total).
  2. Develop a SWOT analysis based on identified risks from your current project.
    • Place the strengths, weaknesses, opportunities and threats in a table.
    • Rank each based on the greatest impact on the outcome of the project.
  3. Review Wikipedia: Risk breakdown Structure.
    • Create a risk breakdown structure for identified risks in your current project.
  4. Establish a Risk Register using the identified risks from your current project.
    • Draw a register using the following components: risk name, risk description, cause of risk, impact, probability, response to risk, risk owner, and risk status.
  5. Review YouTube: Probability and Risk Matrix: Risk Management | PMI-RMP Certification Training | PMI RMP Exam Tips.
    • Read Wikipedia: Risk.
    • Build a Risk Matrix using the risks identified in your current project.
    • Use scale of 1-5 for probability and a scale of 1-3 for impact.
    • Calculate Risk score (impact X probability).
    • Prioritize list of risks (high to low).
  6. Review YouTube: Drawing a Decision Tree & Expected Monetary Values.
    • Draw a decision tree diagram and calculate the EMV to determine which vendor to choose using the following scenario:
    • You are about to start working on a major project for your organization. The company wants you to obtain two bids from vendors they have worked with in the past to do part of the work on the project. Vendor A and Vendor B both bid $10,000 to do the work. Vendor A has a 50% probability of coming in on time and on budget, a 30% chance of going $20,000 over budget and a 20% chance of being $10,000 under budget. On the other hand, Vendor B has a 30% chance of of delivering on time with no additional costs, a 40% of going $15,000 over budget and a 30% of being $10,000 under budget.

Lesson Summary

edit
  • Risk, is an event that will impact something or someone in a positive or negative way. Two factors that affect risk include the likelihood of the event occurring and the consequences of it occurring. Positive risks result in opportunities, whereas negative risks result in threats to the project.[4]
  • Risk assessment involves answering six questions:[5]
    1. What is the purpose of the project?
    2. What possible benefits or hindrances could alter the project's outcome?
    3. Which identified risks are most important?
    4. Which identified risks will have the greatest impact?
    5. What should the response be to these identified risks?
    6. What changes have occurred due to responding to these risks?
  • There are different responses to risks depending on the nature of a risk. Responses to positive risks include exploitation, enhancement, sharing and acceptance. On the other hand, responses to negative risks include avoidance, mitigation, transference and acceptance.[6] [7]
    • Exploitation ensures that the opportunity associated with the risk definitely occurs.
    • Enhancement increases the impact and/or the probability of the opportunity that results from the risk.
    • Sharing allocates the ownership of the opportunity that results to a third party to ensure the benefits from the risk occur.
    • Acceptance of a positive risk means being willing to take advantage of the opportunity that may arise as a result of the risk.
    • Avoidance tries to eliminate the risk or its impact entirely from the project.
    • Mitigation reduces the impact and/or the probability of the risk from occurring.
    • Transference shifts the impact of the risk and its response to a third party.
    • Acceptance of negative risks acknowledges that risks may occur, but takes no action until the risk surfaces.
  • Risk management is a process therefore to identify, analyze, respond, monitor and control risks that may arise when working on a project.[8]
  • In order to avoid risk or take advantage of risk, first we have to identify it and classify it. The goal of Risk Management is to take adequate action when classified events may harm, delay, or change the course of a developing project.[9]
  • The Risk Management Plan is a continuous process that occurs throughout the duration of the project because only identified risks can be properly managed. Its aim is to increase the impact of positive risks while lessening the impact and probability of negative risks.[10]
  • The assessment part is nothing else, but risk appraisal using qualitative and quantitative approaches, the assessment is done after identifying a risk.
  • Qualitative analysis looks at the qualities (impact and probability) related to risks by using a grading scale (high, medium, or low) or a numeric scale. Using a numeric scale allows for the calculation of a risk score. This type of analysis is subjective.
  • Quantitative analysis quantifies the impact of risk in relation to costs and schedule. This analysis is used to justify increasing the budget or using contingency reserves.
  • In order to quantify the impact of the risk, a few different techniques or specialized software can be used. These techniques include decision tree analysis, Expected Monetary Value (EMV) and Monte Carlo method.[11]
  • One can also estimate risk by doing the following things: creating a Risk Breakdown Structure, using a Risk Matrix, and devising a Risk Register.
  • Risk Breakdown Structure is a tool that is used to identify risks. It is a comprehensive list of risk events that are likely to occur and it is organized hierarchy. It uses a drill down technique to identify subcategories of risks.[12]
  • Risk matrix is a tool that is used to prioritize the risks associated with a current project. Probability is plotted on the x-axis and impact is plotted on the y-axis. A score is generated when a numeric scale is used by multiplying impact and probability. The team determines what score is an acceptable and unacceptable level of risk.[13]
  • Risk register is a log that catalogs the identified risks to the project and documents how the team plans to respond. The components that make up a risk register include the following: risk number, risk name, description, cause of risk, risk owner, risk response, probability of risk, impact of risk, and risk status. These tools allow one to assess how likely a risk will occur, the impact of the risk, and how to address these risks so that the project has a favorable outcome.[14]

Key Terms

edit
brainstorming
A group creativity technique by which efforts are made to find a conclusion for a specific problem by gathering a list of ideas spontaneously contributed by its members.[15]
contingency plans
A plan devised for an outcome other than in the usual (expected) plan. It is often used for risk management when an exceptional risk that, though unlikely, would have catastrophic consequences. During times of crisis, contingency plans are often developed to explore and prepare for any event.[16]
decision tree
A decision support tool that uses a tree-like graph or model of decisions and their possible consequences, including chance event outcomes, resource costs, and utility.[17]
Delphi technique
A structured communication technique or method, originally developed as a systematic, interactive forecasting method which relies on a panel of experts. Delphi is based on the principle that forecasts (or decisions) from a structured group of individuals which are more accurate than those from unstructured groups.[18]
flowcharts
A type of diagram that represents an algorithm, workflow or process, showing the steps as boxes of various kinds, and their order by connecting them with arrows. This diagram representation illustrates a solution model to a given problem.[19]
influence diagram
A compact graphical and mathematical representation of a decision situation. ID is directly applicable in team decision analysis, since it allows incomplete sharing of information among team members to be modeled and solved explicitly.[20]
interviewing
A conversation between two or more people where questions are asked by the interviewer to elicit facts or statements from the interviewee. Interviews are a standard part of qualitative research.[21]
Monte Carlo analysis
A broad class of computational algorithms that rely on repeated random sampling to obtain numerical results.[22]
probability/impact matrix
A matrix that is used during Risk Assessment to define the various levels of risk as the product of the harm probability categories and harm severity categories. This is a simple mechanism to increase visibility of risks and assist management in decision making.[23]
residual risks
The risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures).[24]
risk
The intentional interaction with uncertainty. Uncertainty is a potential, unpredictable, unmeasurable and uncontrollable outcome, risk is a consequence of action taken in spite of uncertainty.[25]
risk activities
The identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.[26]
risk appetite
The level of risk that an organization is prepared to accept, before action is deemed necessary to reduce it. It represents a balance between the potential benefits of innovation and the threats that change inevitably brings.[27]
risk averse
The behavior of humans (especially consumers and investors), when exposed to uncertainty, to attempt to reduce that uncertainty. It is the reluctance of a person to accept a bargain with an uncertain payoff rather than another bargain with a more certain, but possibly lower, expected payoff.[28]
risk breakdown structure
A depiction of the identified project risks arranged in a hierarchy by category.[29]
risk factors
A variable that is quantitatively associated with a disease or other outcome, but direct alteration of the risk marker does not necessarily alter the risk of the outcome. [30]
risk management plan
A document that a project manager prepares to foresee risks, estimate impacts, and define responses to issues. It also contains a risk assessment matrix.[31]
risk neutral
Preferences are neither risk averse nor risk seeking. A risk neutral party's decisions are not affected by the degree of uncertainty in a set of outcomes, so a risk neutral party is indifferent between choices with equal expected payoffs even if one choice is riskier.[32]
risk register
A risk management tool commonly used in risk management and regulatory compliance. It acts as a central repository for all risks identified by the organization and, for each risk, includes information such as source, nature, treatment option, existing counter-measures, recommended counter-measures and so on.[33]
risk seeking
A risk-seeker or risk-lover is a person who has a preference for risk. [34]
risk strategies
A document that a project manager prepares to foresee risks, estimate impacts, and define responses to issues.[35]
risk tolerance
A more specific measure of the degree of uncertainty that an investor is willing to accept in respect of negative changes to its business or assets, as opposed to risk appetite being a broad-based level.[36]
sensitivity analysis
The study of how the uncertainty in the output of a mathematical model or system (numerical or otherwise) can be apportioned to different sources of uncertainty in its inputs.[37]
workarounds
A bypass of a recognized problem in a system. A workaround is typically a temporary fix that implies that a genuine solution to the problem is needed.[38]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Risk,is an event that will impact something or someone in a _____or _____way.
    Risk,is an event that will impact something or someone in a positive or negative way.
  2. Risk management is a process therefore to identify, analyze, respond,_____and _____ risks, that may arise when working on a project.
    Risk management is a process therefore to identify, analyze, respond, monitor and control risks, that may arise when working on a project.
  3. Responses to _____ risks include exploitation, enhancement, sharing and acceptance.
    Responses to positive risks include exploitation, enhancement, sharing and acceptance.
  4. Responses to _____ risks include avoidance, mitigation, transference and acceptance.
    Responses to negative risks include avoidance, mitigation, transference and acceptance.
  5. _____ increases the impact and/or the probability of the opportunity that results from the risk.
    Enhancement increases the impact and/or the probability of the opportunity that results from the risk.
  6. The Risk Management Plan is a _____process that occurs throughout the duration of the project.
    The Risk Management Plan is a continuous process that occurs throughout the duration of the project.
  7. The assessment part is nothing else, but risk appraisal using _____and _____ approaches.
    The assessment part is nothing else, but risk appraisal using qualitative and quantitative approaches.
  8. _____ is a bypass of a recognized problem in a system. A workaround is typically a temporary fix that implies that a genuine solution to the problem is needed.
    Workaround is a bypass of a recognized problem in a system. A workaround is typically a temporary fix that implies that a genuine solution to the problem is needed.
  9. _____ analysis quantifies the impact of risk in relation to costs and _____ .
    Quantitative analysis quantifies the impact of risk in relation to costs and schedule.
  10. In order to quantify the impact of the Risk, a few different techniques and specialized software can be used. These techniques include decision tree analysis, Expected Monetary Value (EMV) and _____ _____ method.
    In order to quantify the impact, a few different techniques and specialized software can be used. These techniques include decision tree analysis, Expected Monetary Value (EMV) and Monte Carlo method.
  11. One can also estimate risk by doing the following things: creating a Risk Breakdown Structure, using a _____ _____,and devising a Risk Register.
    One can also estimate risk by doing the following things: creating a Risk Breakdown Structure, using a Risk Matrix ,and devising a Risk Register.
  12. A risk register is a log that catalogs the identified _____ to the project and documents how the team plans to respond.
    A risk register is a log that catalogs the identified risks to the project and documents how the team plans to respond.
  13. _____ reduces the impact and/or the probability of the risk from occurring.
    Mitigation reduces the impact and/or the probability of the risk from occurring.
  14. _____ shifts the impact of the risk and its response to a third party.
    Transference shifts the impact of the risk and its response to a third party.
  15. _____ _____ _____ is a tool that is used to identify risks. It is a comprehensive list of risk events that are likely to occur and it is organized hierarchy.
    Risk Breakdown Structure is a tool that is used to identify risks. It is a comprehensive list of risk events that are likely to occur and it is organized hierarchy.
  16. _____ is a group creativity technique by which efforts are made to find a conclusion for a specific problem by gathering a list of ideas spontaneously contributed by its members.
    Brainstorming is a group creativity technique by which efforts are made to find a conclusion for a specific problem by gathering a list of ideas spontaneously contributed by its members.
  17. A broad class of computational algorithms that rely on repeated random sampling to obtain numerical results is called _____ _____ analysis.
    A broad class of computational algorithms that rely on repeated random sampling to obtain numerical results is called Monte Carlo analysis.
  18. _____ _____ is a tool that is used to prioritize the risks associated with a current project.
    Risk matrix is a tool that is used to prioritize the risks associated with a current project.
  19. _____ are a type of diagram that represents an algorithm, workflow or process, showing the steps as boxes of various kinds, and their order by connecting them with arrows. This diagram representation illustrates a solution model to a given problem.
    Flowcharts are a type of diagram that represents an algorithm, workflow or process, showing the steps as boxes of various kinds, and their order by connecting them with arrows. This diagram representation illustrates a solution model to a given problem.
  20. ____ _____, a variable that is quantitatively associated with a disease or other outcome, but direct alteration of the risk marker does not necessarily alter the risk of the outcome.
    Risk factors, a variable that is quantitatively associated with a disease or other outcome, but direct alteration of the risk marker does not necessarily alter the risk of the outcome.
  21. ______ is a document that a project manager prepares to foresee risks, estimate impacts, and define responses to issues.
    Risk strategies is a document that a project manager prepares to foresee risks, estimate impacts, and define responses to issues.
  22. ______ is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events[1] or to maximize the realization of opportunities.
    Risk activities is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

Assessments

edit

References

edit
  Type classification: this is a lesson resource.
  1. (Schwalbe 426) Schwalbe, Kathy. Information Technology Project Management, 8th Edition. Cengage Learning, 20151027. VitalBook file.
  2. CompTIA: Project+ Certification Exam Objectives: PK0-003
  3. CompTIA: Project+ Certification Exam Objectives: PK0-004
  4. Wikipedia: Risk
  5. YouTube: Risk management basics: What exactly it is?
  6. YouTube: What is Project Risk Management?/Risk Management Professional/PMI-RMP Certification Training
  7. YouTube: PMP® Exam Prep Online, PMP Tutorial 39 | Planning | Plan Risk Responses
  8. Wikipedia:Risk management
  9. Wikipedia:Risk management
  10. Wikipedia:Risk management plan
  11. YouTube: Project Management Concept #2: Qualitative Risk Analysis vs Quantitative Risk Analysis
  12. YouTube: Risk Breakdown Structure
  13. YouTube: Probability and Risk Matrix: Risk Management | PMI-RMP Certification Training | PMI RMP Exam Tips
  14. YouTube: What is a Risk Register and When To Use It
  15. Wikipedia: Brainstorming
  16. Wikipedia: Contingency plan
  17. Wikipedia: Decision tree
  18. Wikipedia: Delphi method
  19. Wikipedia: Flowchart
  20. Wikipedia: Influence diagram
  21. Wikipedia: Interview
  22. Wikipedia: Monte Carlo method
  23. Wikipedia: Risk matrix
  24. Wikipedia: Residual risk
  25. Wikipedia:Risk
  26. Wikipedia: Risk management
  27. Wikipedia: Risk appetite
  28. Wikipedia: Risk aversion
  29. Wikipedia: Risk breakdown structure
  30. Wikipedia: Risk factor
  31. Wikipedia: Risk management plan
  32. Wikipedia: Risk neutral
  33. Wikipedia: Risk register
  34. Wikipedia: Risk-seeking
  35. Wikipedia: Risk management plan
  36. Wikipedia: Risk tolerance
  37. Wikipedia: Sensitivity analysis
  38. Wikipedia: Workaround