Risk Management Process

Questions and Answers

In project risk management, how are risk identification, analysis, and response typically handled in practice?

• As independent processes performed by different teams to ensure objectivity.
• As strictly sequential and distinct events to maintain clarity and organization.
• As integrated and iterative process steps, often intermingled as needed. (correct)
• As processes that are only revisited upon project completion for lessons learned.

What is the primary reason for retaining older project risk data even after implementing risk-response actions?

• To avoid any legal challenges related to project changes.
• To use as a historical reference for future projects or re-evaluation of current strategies. (correct)
• To ensure compliance with auditing requirements.
• To discard them and focus on current data only.

What is the significance of established risk thresholds in planning project risk responses?

• They dictate the specific individuals responsible for managing each risk.
• They define the communication protocols for reporting risk status to stakeholders.
• They serve as triggers for when specific risk responses are required. (correct)
• They determine the amount of resources allocated to risk management activities.

When balancing risk tolerance, response costs, and project objectives, what is the role of the 'Project Plan of Record' (POR)?

It represents the agreed commitments for budget, delivery dates, and service levels relative to associated risks. (B)

Which approach to project risk balancing involves using individual qualitative risk analysis to achieve the necessary balance?

Bottom-up approach. (D)

What should the overall project budget and schedule include beyond the resources to execute the scope of work?

Resources set aside as contingencies for major risks and resources to address unknown unknowns. (C)

How do overall (quantitative) project risk assessment processes contribute to balancing project risks and objectives?

By determining the risk tolerance as a probability of meeting overall cost and schedule objectives. (A)

What is the primary goal of 'bridging' differences when combining individual project risk matrix and overall project risk assessment approaches?

To improve the project plan by reconciling assumptions and opinions. (A)

What is the purpose of understanding the various risk response options available for projects?

To aid in planning, monitoring, and controlling project risks effectively. (C)

What typically happens with avoidance actions in the risk management process by the time the POR baseline project plan is established?

They have already been implemented and are shown as closed risks in the register. (A)

How might a risk avoidance strategy lead to a secondary risk?

By creating a consequential risk due to the avoidance response itself. (B)

In a 'transfer' risk response strategy, what is the primary responsibility of the third party receiving the risk?

To take ownership of the response strategy and meet specific commitments. (B)

What should a project team do when a risk mitigation strategy potentially gives rise to one or more secondary risks?

Assess if a secondary risk is created and, if so, how it should be addressed. (C)

When is it most appropriate to 'accept' a risk?

When proactively addressing the risk is too difficult or the risk falls in the low-risk zone. (B)

In opportunity response, what is the focus of the 'exploit' strategy?

To ensure that the opportunity is realized by proactively acting upon it. (C)

What is the key characteristic of the 'share' opportunity response strategy?

Interaction and collaboration with a third-party organization. (D)

What is the intention behind the enhance opportunity response strategy?

To increase the chance of the opportunity materializing. (B)

When is it appropriate to 'accept' an opportunity?

When the opportunity is too low a probability and/or impact to expend valuable project resources on. (D)

How does increasing resource estimates to avoid risks potentially create opportunities?

By increasing the probability of outperforming and receiving a benefit. (C)

How can the 'transfer' risk response strategy create a corresponding 'share' opportunity?

By outsourcing to a third party, potentially creating shared future business opportunities. (B)

Flashcards

Risk Management Process

Iteratively integrates project steps. Involves identifying individual risks, analyzing them, and determining responses.

Planning Risk Responses

Established thresholds help identify risks needing specific responses; strategies exist for both threats and opportunities.

Project Plan Approvals

Approvals require understanding and acceptance of objectives; iterates plan for balance.

Risk Avoidance Strategy

Reduces risk probability/impact; incorporates into project plan with stakeholder agreement eliminating risk impact

Risk Transference

Shifting impact to a third party with control over the risk source.

Risk Mitigation

Actions to decrease probability/impact, often leaving residual risk.

Risk Acceptance

Accepting a risk with no action, often when in a low-risk zone.

Exploit Opportunity

Acting on opportunities identified during planning.

Share Opportunity

Enhancing/exploiting opportunities via 3rd party collaboration.

Enhance Opportunity

Actions that raise probability/impact of an opportunity.

Accept Opportunity

Accepting an opportunity due to low probability/impact using minimal resources.

Bottom-Up Risk Balancing

Balancing project risks and objectives by implementing response plans.

Project Risk Review Board

A group that can meet periodically to help keep a project under control

Risk Reassessment Process

The point at which the original project plan includes initial risk-related action

Project Traffic-Light Status Charts

A tool with different ratings provides a standard for projects' status/updates.

Study Notes

• The risk management process steps of risk identification, analysis, and response are integrated and performed iteratively, not sequentially.
• Teams analyze risks and determine responses as part of the risk evaluation process.
• Assessing project cost and schedule risks requires insight into individual risks.
• Risk responses are iterative and drive project planning iterations.
• The final risk assessment differs from the initial assessment due to risk response actions.
• Retaining older data is valuable for future reference, even if no longer directly applicable.
• Responses should balance risk-taking with risk avoidance and align with risk tolerance and objectives.

Planning Risk Responses

• Risk thresholds identify risks needing specific responses.
• General risk-response strategies exist for both threats and opportunities.
• Each response requires resources like time, people, and budget.
• Limited resources necessitate prioritization and trade-offs, potentially adjusting stakeholder risk tolerances.

Balancing Risk Tolerance, Response Costs, and Project Objectives

• Project plan approvals require understanding and acceptance of primary objectives like cost, scope, schedule, quality, and risk.
• Project managers iterate the plan to achieve an acceptable balance.
• The plan of record (POR) commitments must stay within budget, meet deadlines, and satisfy customer expectations relative to risks.
• Organizations establish risk thresholds dictating tolerable risk without commensurate cost and schedule reserves.
• Implementing risk responses involves cost considerations that must be factored.
• Approaches to balance include bottom-up (qualitative), holistic (quantitative), or a combination.

Bottom-Up Project Risk Balancing

• The overall project budget and schedule should include resources for scope, planned risk responses, contingencies, and resources to address unknown unknowns.
• Project risks should not exceed the risk threshold and should include contingency, residual risk set-asides, and items on a watch list.

Holistic Project Risk Balancing

• Quantitative project risk assessment processes determine the right balance between project risks and objectives.
• Risk tolerance is defined as a probability of meeting overall project cost and schedule objectives.

Combination of Bottom-Up and Holistic Project Risk Balancing

• Combining individual risk matrix approaches with overall project assessment can improve the project plan and balance.

Risk (Threats) and Opportunity Response Options

• Four response types address individual project risks, with another set for opportunities, each threat has a counterpart opportunity response:
  • Avoidance becomes exploitation.
  • Transfer becomes sharing.
  • Mitigation becomes enhancement.
  • Acceptance remains acceptance.
• Understanding the options aids in planning, monitoring, and controlling projects risks.

Risk (Threat) Response Options

• Project teams address risks intentionally or unintentionally during planning.
• The initial risk register is created during planning.
• Avoiding risks involves changing project objectives or plans to use proven technology, or by adjusting requirements.
• Risk avoidance is immediate in the project plan, when agreed upon by stakeholders.
• A risk avoidance strategy can lead to secondary risk.
• Transferring risk shifts the impact of a risk to a third party with control over the source.
• Transfer strategies have secondary risks, such as late deliveries.
• The agreement needs to be formalized via a contract to avoid the secondary risks.
• Mitigating risks involves actions to reduce the probability or impact, and give rise to secondary risks.
• Accepting risks involves acknowledging them overtly, these types of risks are added to the watchlist.

Opportunity Response Options

• Opportunities can lead to reserve savings and help exceed project performance objectives.
• The first three opportunity response categories are direct opposites of the threat responses.
• Exploiting opportunities involves acting upon them proactively during planning.
• Sharing opportunities requires collaboration with a third party.
• Enhancing opportunities is similar to risk mitigation
• Accepting opportunities involves tracking them on a watch list and acting on them when they turn into tangible benefits.

Concurrent Risk (Threat) and Opportunity Response Strategies

• Risk responses can establish new opportunities and risks.
• "Transfer” risk response can create a “share” opportunity.

Practical Questions for Determining Risk Responses

• Addressing project objectives requires project objectives, priorities, and requirements to be understood
• Project teams must use project plans.
• Open project risks need to be identified, and be used in the project plan.
• Knowledge from past projects should be used to prevent negative impact on benefits.
• Review pending corrective actions and how the response to individual risks help the project
• How can project management "best practice" tools and techniques that should be be used?
• What is the product development process to follow?
• Can any of the other technical product requirements be relaxed? What about product quality, reliability, safety, and regulatory
• Are there any expedite opportunities and what are the additional cost premiums and expected schedule improvements?
• Is the project at risk due to resource constraints and is there any way to reduce waste or eliminate unnecessary nonvalue-added work?
• Can we leverage other works to reduce the cost?

Managing Project Risks

• Balance Project Cost, Schedule, and Product Performance
• Proactively address project risks to ensure project changes and conflicts.
• Employ Project Management Tools and Techniques to monitor and control costs.
• The risk reassessment involves risk monitoring and controlling options.

Risk Reassessment

• Reassess the risk is an integral part of the project's iterative process.
• If no additional risks have been identified, the team continues executing existing plans.
• Plan, Do, Check, Act continues the project life cycle.

Project Management Tools, Risks, and Techniques

• Tools and techniques monitor and control the risks to yield a balanced plan.
• Chapter 12 is focused on using metrics that help monitor and control over time.
• Metrics include tracked requirements changes; actual performance; simulations; and sigma quality
• This is achieved via the project team (charter, membership, schedule, meeting, etc)

Periodic Stakeholder Reviews

• Stakeholder reviews help discuss, escalate, and obtain assistance for managing risks.
• Traffic light status is a common tool that can be standarized

Some practical Risk Management Tips to consider

• It is important to arm managers with practical risk management processes.
• These must be stated previously within the processes.
• It is prudent for the team to implement project planning to reduce the project risk via
  • Bounding production requirements
  • Prioritizing the must have needs
  • Constructing the work breakdown structure where possible
  • Dedicate enough time to justify laters costs
  • Plan for slow ramp up

Project Execution tips to reduce risk

• Start with a sense of urgency
• Obtain the project resources and do not allow it to fill from behind
• Do not relinquish the buffer
• Carefully setup your contractual agreements and set incentives
• Accommoddation should be appropriately communicated to the client
• Reassess risk whenever there is negative impact