Project Management Professional

PMP Exam Preparation Course

Prepared By: Eng. Ahmed El Antary, PPM, MSPM
Engineering & Management Technologies LLC
Delaware, USA
emt@americamail.com www.enmatecs.com

Project Risk Management

Chapter 11
PMBOK 5th Ed.

Ahmed El Antary <antary@consultant.com>

The Course Leader

Ahmed El Antary, PPM, MSPM
Engineering and Management Consultant
Certified Professional Project Manager (PPM), WCU, USA
PhD Learner with concentration on Project Management - PhD-BA
program. NorthCenteral University, AZ, USA
Master of Science in Project Management, Colorado Technical University,
Colorado Springs, CO, USA
B. Sc. Civil Engineering, Al Azhar University, Cairo, Egypt
Project Management Certificate & PMP Preparation Course, WCU, USA
Business Management Certificate GL, CTU, CO, USA
Change Management Certificate GL, CTU, CO, USA
Project Management Certificate GL, CTU, CO, USA
Team Member of the Construction Extension Project for the PMBOK 3rd
Ed. By (PMI) and (ANSI)
Certified Green Buildings Expert (GBE)
Certified LEED Expert (CLE)
Certified Sustainable Development Expert (SDE)
Certified Building Information Modeling Expert (BIME)

Project Risk Management

Project Risk Management includes the processes of conducting risk
management planning, identification, response planning, and
monitoring and control on a project.
The objectives of Project Risk Management are to increase the
probability and impact of positive events, and decrease the probability
and impact of negative events in the project.
Projects are launched to take advantage of opportunities
Opportunities carry with them associated (adverse) risks
The greater the opportunity, the greater the degree of uncertainty and
the associated risk
Project risk management should be seen as advanced preparation for
possible adverse future events, rather than responding as they
happen.

Organizations Risk Attitude

Organizations perceive risk as the effect of uncertainty on
projects and organizational objectives. Organizations and
stakeholders are willing to accept varying degrees of risk
depending on their risk attitude. The risk attitudes of both the
organization and the stakeholders may be influenced by a
number of factors, which are broadly classified into three
themes:
Risk appetite, which is the degree of uncertainty an entity is willing
to take on in anticipation of a reward.
Risk tolerance, which is the degree, amount, or volume of risk that
an organization or individual will withstand.
Risk threshold, which refers to measures along the level of
uncertainty or the level of impact at which a stakeholder may have a
specific interest. Below that risk threshold, the organization will
accept the risk. Above that risk threshold, the organization will not
tolerate the risk.

Project Risk Management

The knowledge area of Project Risk Management consists of the
following processes:
Risk Management Processes
Process

Project Phase

Key Deliverables

Plan Risk Management

Planning

Risk Management Plan

Identify Risks

Planning

Risk register

Perform Qualitative Risk

Analysis

Planning

Risk register updates

Perform Quantitative Risk

Analysis

Planning

Risk register updates

Plan Risk Responses

Planning

Risk related contract

decisions

Control Risks

Monitoring and Controlling

Risk register updates

Plan Risk Management

Plan Risk Management is the process of defining how to conduct risk
management activities for a project.
Plan Risk Management Process
Inputs
Project management plan
Project charter
Stakeholder register
Enterprise environmental
Factors
Organizational process assets

Tools and Techniques

Analytical techniques:

Analytical techniques are

used to understand and
define the overall risk
management context of
the project.
Expert judgment
Meetings

Outputs
Risk management plan

Risk Management Plan

The risk management plan is a component of the project management plan and
describes how risk management activities will be structured and performed. The
risk management plan includes the following:
Methodology. Defines the approaches, tools, and data sources.
Roles and responsibilities.
Budgeting.
Timing.
Risk categories. Provide a means for grouping potential causes of risk. A risk
breakdown structure (RBS) helps the project team to look at many sources from which
project risk may arise in a risk identification exercise. The RBS is a hierarchical
representation of risks according to their risk categories.
Definitions of risk probability and impact. The example table definitions negative
impacts that could be used in evaluating risk impacts related to four project objectives.
(Similar tables may be established with a positive impact perspective). The example
illustrates both relative and numerical (in this case, nonlinear) approaches.
Probability and impact matrix.
Revised stakeholders tolerances.
Reporting formats.
Tracking.

Example of a Risk Breakdown Structure (RBS)

Definition of Impact Scales for Four Project Objectives

Identify Risks
Identify Risks is the process of determining which risks may affect the
project and documenting their characteristics.
Identify Risks Process
Inputs
Risk management plan
Cost management plan
Schedule management plan
Quality management plan
Human resource
management plan
Scope baseline
Activity cost estimates
Activity duration estimates
Stakeholder register
Project documents
Procurement documents
Enterprise environmental Factors
Organizational process assets

Tools and Techniques

Documentation reviews
Information gathering techniques:
Brainstorming
Delphi technique
Interviewing
Root cause analysis
Checklist analysis
Assumptions analysis
Diagramming techniques:
Cause and effect diagrams
System or process flow charts
Influence diagrams
SWOT analysis
Expert judgment

Outputs

Risk register:
List of identified risks
List of potential responses

Brainstorming
Think of all the
possible risks that
project may face
Note risks down and
be careful to define
them clearly
Monitor risks
through all project
phase and their
impact possibilities

Influence Diagram

SWOT Analysis
Strengths: (Organizational Internal)
Build on these strengths

Weaknesses: (Organizational Internal)

Eliminate or reduces these weaknesses

Opportunities: (Organizational External)

Exploit all possible opportunities

Threats: (Organizational External)

Mitigate all potential threats

Perform Qualitative Risk Analysis

Perform Qualitative Risk Analysis is the process of prioritizing risks for
further analysis or action by assessing and combining their probability
of occurrence and impact.
Perform Qualitative Risk Analysis Process
Inputs
Risk management plan

Tools and Techniques

Risk probability and impact
assessment

Outputs

Project documents
Scope baseline
updates:
Risk register
Probability and impact matrix Risk register updates
Enterprise environmental factors
Risk data quality assessment Assumptions log
Organizational process assets
updates
Risk categorization
Risk urgency assessment
Expert judgment

Probability and Impact Matrix

Probability and Impact Matrix Cont.

Perform Quantitative Risk Analysis

Perform Quantitative Risk Analysis is the process of numerically
analyzing the effect of identified risks on overall project objectives.
Perform Quantitative Risk Analysis Process
Inputs

Tools and Techniques

Risk management plan

Data gathering and representation

techniques:
Cost management plan
Interviewing
Schedule management plan
Probability distributions
Risk register
Quantitative risk analysis and
Enterprise environmental factors modeling techniques:
Sensitivity analysis: The Tornado
Organizational process assets
diagram
Expected monetary value analysis:
Decision tree analysis
Modeling and simulation
Expert judgment

Outputs

Project documents
updates:
Probabilistic analysis
of the project
Probability of
achieving cost and time
objectives
Prioritized list of
quantified risks
Trends in quantitative
risk analysis results

Range of Project Cost Estimates by Risk Interviewing

Interviewing relevant stakeholders helps determine the three-point estimates

for each WBS element for triangular, beta or other distributions.
In this example, the likelihood of completing the project at or below the most
likely estimate of $41 million is relatively small as shown in the simulation
results.

Perform Quantitative Risk Analysis

Quantitative risk analysis and modeling
techniques
Sensitivity Analysis: Tornado Diagram
determines which risks have the most potential
impact on the project
Expected monetary value analysis a statistical
concept that calculates the average outcome
when the future includes scenarios that may or
may not happen
Modeling and Simulation

Example of Tornado Diagram

Decision Tree Diagram

A decision is being made whether to invest $120M US to build a new plant or to instead invest only $50M US
to upgrade the existing plant. For each decision, the demand (which is uncertain, and therefore represents a
chance node) must be accounted for.
For example, strong demand leads to $200M revenue with the new plant but only $120M US for the upgraded
plant, perhaps due to capacity limitations of the upgraded plant. The end of each branch shows the net effect of
the payoffs minus costs. For each decision branch, all effects are added (see shaded areas) to determine the
overall Expected Monetary Value (EMV) of the decision.
Remember to account for the investment costs. From the calculations in the shaded areas, the upgraded
plant has a higher EMV of $46M also the EMV of the overall decision. (This choice also represents the lowest
risk, avoiding the worst case possible outcome of a loss of $30M).

Cost Risk Simulation Results

Plan Risk Responses

Plan Risk Responses is the process of developing options and actions
to enhance opportunities and to reduce threats to project objectives.
The key benefit of this process is that it addresses the risks by their
priority, inserting resources and activities into the budget, schedule
and project management plan as needed.
Plan Risk Responses Process
Inputs

Tools and Techniques

Outputs

Risk management Strategies for negative risks or

plan
threats

Project management plan

updates

Risk register

Project documents updates

Strategies for positive risks or

opportunities
Contingent response strategies
Expert judgment

Plan Risk Response T&T

Strategies for Negative Risks or Threats
Avoidance Change PMP to eliminate the
threat by eliminating the cause
Transference - Make another party responsible
for the risk through allocation, purchasing of
insurance, or outsourcing the work
Mitigation Reduction in the probability or
impact the risk
Accept This strategy is adopted because it is
seldom possible to eliminate all threats from a
project

Plan Risk Response T&T

Strategies for Positive Risks or Opportunities
Exploit Ensures the opportunity is realized
Share allocating ownership to a third party
who is best able to capture the opportunity
Enhance Modifies the size of an
opportunity by increasing the probability or
positive impacts
Accept

Control Risks
Control Risks is the process of implementing risk response plans,
tracking identified risks, monitoring residual risks, identifying new
risks, and evaluating risk process effectiveness throughout the project.
The key benefit of this process is that it improves efficiency of the risk
approach throughout the project life cycle to continuously optimize
risk responses.
Control Risks Process
Inputs

Tools and Techniques

Project management plan Risk reassessment

Risk register

Risk audits

Work performance data

Variance and trend analysis
Work performance reports
Technical performance measurement
Reserve analysis
Meetings

Outputs
Work performance
information
Change requests:
Project management plan
updates
Project documents updates
Organizational process
assets updates

QUESTIONS
ANSWERS

Resources
Project Management Institute. (2013). A guide to the project management body of
knowledge (5th ed.). Newtown Square, PA: Project Management Institute.

Q & A on Project Risk Management

1. Andrew has joined as the Project Manager of a project. One of the project documents
available to Andrew lists down all the risks in a hierarchical fashion. What is this document
called?
1.Risk Management Plan.
2.List of risks.
3.Monte Carlo diagram.
4.Risk Breakdown Structure.
2. Which of the following statements is true about risks?
1.When evaluating risks their impact should be considered, however probability of
occurrence is not important.
2.Risks if they happen always have negative impact and not positive.
3.Risk register documents all the risks in detail.
4.Risk response plan is another name for Risk Management Plan.
3. Beta is the Project Manager of a Road construction project. During a project review, Beta
realizes that one particular risk has occurred. To take appropriate action against risk that
has happened, Beta needs to refer to which document?
1.Risk response plan
2.Risk management plan
3.Risk breakdown structure
4.Risk register

Q & A on Project Risk Management

4. During which stage of Risk planning are risks prioritized based on probability and impact?
Identify Risks
Plan Risk responses
Perform Qualitative risk analysis
Perform Quantitative risk analysis

5. During which stage of Risk planning are modeling techniques used to determine overall
effects of risks on project objectives for high probability, high impact risks?
Identify Risks
Plan Risk responses
Perform Qualitative risk analysis
Perform Quantitative risk analysis

6. Andrew is a Project Manager for Green Valley project. A risk management plan has been
prepared for the project. Which of the following should Andrew do next?
Perform Qualitative risk analysis
Perform Quantitative risk analysis
Identify Risks
Plan Risk responses

Q & A on Project Risk Management

7. Which of the following processes has risk register as the primary output?
Plan Risk Management
Identify Risks
Monitoring and Control Risks
Perform Qualitative Risk Analysis

8. Five of the processes in Project Risk Management are from which process group?
Initiating
Planning
Executing
Monitoring and Control

9. John Strauss is a Project Manager for a reforestation project. To identify the risks
involved, John sends a questionnaire to gather inputs from experts. Which technique is
John using?
Delphi technique
Interviews
Brain storming
Documentation review

Q & A on Project Risk Management

10. Mathew is a Project Manager for software migration at a bank. A major
risk that has been identified is attrition of resources. As a strategy to
respond to this risk, Mathew, with support from Senior Management,
provides good increments to his team members. What type of risk response
is Mathew following?
Accept
Avoid
Transfer
Mitigate

11. Which of these is a valid response to positive risks?

Exploit
Mitigate
Enhance
Share

Q & A on Project Risk Management

Answers
1. d. Hierarchical description of risks is called Risk Breakdown structure.
2. c. Risk register documents the risks in detail.
3. a. Beta needs to refer to the Risk response plan that documents
responses to identified risks.
4. c. Risk probability and impact are defined during Qualitative risk analysis.
5. d.
6. c. Risk identification is performed after performing the risk management
plan.
7. b. Process of Identify Risks has Risk register as the major output.
8. b. Five of the six processes in Project Risk Management are part of the
Planning process group.
9. a. John is using the Delphi technique to identify risks.
10. d. Mathew is mitigating the risk by reducing the probability of risk
happening
11. Risk mitigation is a response to negative risks and not positive risks.
Positive risks may be responded by - "Exploit", "Enhance", "Share",
"Accept".