PMP Chapter 11 2004

1/22/2006
PMP
Preparation Training
Your key in Successful Project

Management
Akram Al-Najjar, PMP

Project Management Consultant
Chapter 11
Project Risk
Management
Akram Al-Najjar, PMP.

Source: pmbok guide 2004 Slide 2 Akram_alnajjar@hotmail.com +20105394312
1/22/2006
Lesson Objectives
In this lesson , you will analyze project risks you will :

Create a risk management plan.
Identify project risks and triggers.
Perform qualitative risk analysis.
Perform quantitative risk analysis
Develop a risk response plan
Monitor and control project risk
Discussion
Project Risk Management

Project Risk Management includes the processes concerned with conducting
Risk management planning, identification, analysis, responses, and
monitoring and control on a project; most of these processes are updated
throughout the project.
The objectives of Project Risk Management are to increase the probability
and impact of positive events, and decrease the probability and impact of
events adverse to the project.
11.1 Risk Management Planning
11.2 Risk Identification
11.3 Qualitative Risk Analysis
11.4 Quantitative Risk Analysis
11.5 Risk Response Planning
11.6 Risk Monitoring & Control

1/22/2006
Commercials Project
database
Enterprise Management Plan Develop Project
Risk Management
Project Risk Management Process Flow Diagram
Environmental Management Plan
Factors Planning 11.1 4.3
Polices ,
Organizational procedures, Risk Approved change request
Process Lesson Learned & corrective action
Management
Assets Plan And prevention action
Risk Approved change

Scope Definition Scope Statement Identification Request
5.2 11.2
Risk register
Qualitative Risk
Analysis
Develop Project 11.3
Management Plan Project cost and
4.3 schedule Risk register update
Management plan
Quantitative
Risk Analysis
Performance Performing 11.4
reporting
reporting Risk register update
10.3
Risk Response Project Management Plan
update
Work performance Planning
Direct and Manage information
Project Execution
11.5
4.4 Risk register update Recommended corrective action
Recommended prevention action
Requested change
Risk register &
Close Project Organizational Risk Monitoring Risk register update
Integrated Change
4.7 Process & Control Control
Assets Project Management
11.6 4.6
Plan update
Risk Management Planning
Risk management planning is the process of deciding how to approach and

plan the risk management activities for a project ,
•First , we identify project charter , current policies , roles , risk tolerance ,

the project management plan , and any templates for risk management.
•Thenwe perform an analysis on inputs.
•Finally , we output the risk management plan.

1/22/2006

Tools & Techniques
1. Planning Meetings &
analysis
Inputs
1. Enterprise environmental factors
2. Organizations process assets Outputs
3. Project scope statement
1. Risk Management Plan
4. Project management plan


input
1. Enterprise environmental factors :
Factors that influence the project management plan include: attitudes toward risk
and the risk tolerance of organizations and people involved in the project .These
attitudes and tolerances may be expressed in policy statements or revealed in
Personal actions.
Organizational Process Assets :
Organizations may have predefined approaches to risk management such as risk
categories, common definition of concepts and terms, standard templates, roles and
responsibilities, and authority levels for decision-making.
3. Project Scope Statement (Boundaries , requirements , constrain , assumption ,
project needs )
4. Project Management Plan: Other elements of the plan impacting the
acquisitions planning process may include ….
Risk Register , Risk related contracts , Activity resource requirements
The project schedule , Activity cost estimates , and the cost baseline
1/22/2006

Tools and Technique
1. Planning meeting and analysis :
Planning meeting are the only tools for risk management planning. Project teams
conduct planning meeting to develop the risk management. Generally , the
project manager , project team leaders , and any one in the organization with
responsibility to manage risk planning and execute activities will attend risk
management planning meetings.
Basic plans for conducting the risk management activities are defined in these
meetings. Risk cost elements and schedule activities will be developed for
inclusion in the project budget and schedule, respectively. Risk responsibilities will
be assigned. General organizational templates for risk categories and definitions of
terms such as levels of risk, probability by type of risk, impact by type of
objectives, and the probability and impact matrix will be tailored to the specific
project. The outputs of these activities will be summarized in the risk management

Output
1. Risk Management plan :
Describes how risk identification, qualitative and quantitative analysis, response
planning, monitoring, and control will be structured and performed during the
project life cycle, and it may include the followings:
n Methodology : define the tools, approaches and sources that may be used to
perform risk management on the project
n Roles and responsibilities : define the lead , support and risk management
team membership for each type of action in the risk management plan.
n Budgeting: Established budget for Risk Management
n Timing : Define how often the risk management activities will be performed
throughout the project life cycle.

1/22/2006

Output
n Risk categories
Risks that may affect the project for better or worse can be
identified and organized into categories
Macro Project Managerial

Environment Target Team
Market Design Control
Political Procurement Funding
Financial Technical Contractual
Social Job Site
Act of God


Output
n Risk probability and impact : Risks and their probabilities are defined for use
in Qualitative risk analysis using a scale of “ very unlikely “ to “ almost certain”
Alternatively, assigned numerical probabilities on a general scale (e.g., 0.1, 0.3,
0.5, 0.7, 0.9) can be used.
n Probability and impact matrix : Risks are prioritized according to their

potential implications for meeting the project’s objectives. The typical approach
to prioritizing risks is to use a look-up table or a Probability and Impact Matrix

1/22/2006

Output


Output

1/22/2006
Risk
A risk is an uncertain event that either a positive or negative effect on the

project.
Its primary components are a measure of probability that a risk occur and
the impact of the risk on a project.
Some common ways to classify risk are business risk versus insurable risk ,
effect-based classification , source base classification , and level of
uncertainty.
Risk may also be classified by much is known about them, such as known ,
known – unknown , and unknown - unknown

Example
Due to its relative unpredictability , the weather is a risk com mon to

business.
For example , an organization planning an outdoor festival will likely

choose a location and day with highest probability for agreeable weather.
In this scenario , the threat of rain is a risk that could seriously impact
attendance and profits. Because the weather is known to be possible risk ,
but its impact is yet unknown , this risk would be classified as
Known - Unknown

1/22/2006
Risk vs. insurable Risk

When a company opens it doors, it assumes that it will make money as well as
spend money. This type of risk is called business risk, when undertaking a
new project, an organization takes a business risk based on the assumption
that the project has a potential for both profit and loss.
Insurable risk: focuses on the potential for loss. Companies often purchase
insurance to offset these risks.
Direct property risk : Risk of property damage due to weather, fire and so on
Indirect property risk: Risk of additional expenditures needed to recover from
property loss.
Liability risk : Risk of needing to make good after causing damage to another
Personnel-related risk : Liability risk for damage to employees.
Risks Classifications
Effect Based risk classification: addresses risk in term of what it might affect.
On a project, the major issues that can be effected are time ,cost ,quality and
scope. All these risks are interrelated such that changes to one will affect of
the others. You need to be sensitive to these relationship and how changing
one can cause problems in another.
Source Based risk classification: addresses risk in terms of where it originates

Source may be internal or external to project, as well as technical , non-
technical , industry-specific , or generic.

1/22/2006
Risks Classifications
Levels of uncertainty : address risks classified based on how much is known

about them
Known : Items that you are aware of and that will affect you, but you have no
control over.
Known-unknown : Items that will affect you, although you are not able to
predict how or how much they will affect you.
Unknown-unknown : Items beyond your ability to foresee.

Risks Tolerance
Risk tolerance address the level of risk a project manager or key stakeholder
is willing to take when money at stake is compared to the potential payoff.
It’s measured in terms of the amount of satisfaction or pleasure the
individual receives from payoff.
Risk tolerance can be classified as risk-averter , risk-seeker , and risk-neutral
Risk averter : Not likely to take a risk that is considered a high risk
Risk seeker : Prefers an uncertain outcome and may be willing to pay a

penalty to take a high risk.
Risk neutral : Tolerance to risk is proportional to the amount of money at

stake
1/22/2006
Decision – Making and Categories

Decision making encompasses three elements :
Certainty : Completely sure of the states of nature to be faced and their

respective payoffs.
Risk : known states of nature and their respective payoff, but probability must
be assigned to the occurrence of each state of nature
Uncertainty : Each state of nature must be estimated and payoffs may be

unknown.

Risk Mode Payoff matrix Example

This Risk mode payoff matrix was used by a ski resort weigh the probabilities
of different weather patterns against the cost of two different snow making
machines.
Strategy Lots of Snow Little Snow Dry and Cold

Strategy 1: Snow-maker $90,00 $55,00 $35,00
Lite
Strategy 2: Snow-maker $75,000 $70,00 $70,00
Deluxe
Strategy Calculation
Snow-maker Lite (90)(.70)+(55)(.60)+(35)(.10)=99.5

Snow –maker Deluxe (70)(.70) +(70)(.60)+(70)(.10)=101.5
1/22/2006
How to Create a Risk Management Plan

Guidelines
• Determine how you will organize your project management team
-Consider assigning a risk officer to coordinate all risk management activities
-Define the roles and responsibilities for each person on the risk management team
-The sponsor may be able to assist in some risk management activities , such as
developing response strategies for all risk classified as high risks.
• Conduct risk planning meeting to develop the risk management plan

•Establish a budget for risk management
•Consult your organization’s risk management policy and make sure your risk
planning complies with the policy
•If your organization has a risk management plan template , use it and make
modification to meet the specific needs of your project.
How to Create a Risk Management Plan

Guidelines :
•Describe the approaches , tools , and data sources that may be used to perform risk
management activities for the project.
-How will the risk be identified? Will you conduct brainstorming sessions? Will you
use the Delphi technique? Will you use subject matter expert?
-How will the identification risks be scored and analyzed so that effective response
strategies can be developed ? Is there organization policy mandating a specific
scoring and prioritization method?
-Determine and describe the schedule for performing risk management activities.
-Determine and describe how your team will document risk response efforts.
- What tools will your team use to store risk information and track responses?
- How will the risk response efforts be communicated to the project stakeholders?
-Determine and describe how the lessons learned from your risk management
activities will be documented for the benefit of future projects.
-If an organization, sponsor , or customer has specific guidelines or requirements
regarding risk thresholds , this information should be included in your risk
management plan.
1/22/2006
Risk Identification
•Risk Identification is the process of identifying and

documenting the characteristics of project risks.
•First , you review the Risk management plan , project planning output
, risk categories, and any historical information.
•You then perform analysis using such tools as documentation reviews

, checklist , information gathering , assumption analysis, and
diagramming techniques.
•Finally , you output the risk register. Initial risk identification may be
done at the macro level
Risk Identification
Tools & Techniques
1. Documentation reviews
2. Information-gathering
techniques
3. Checklists analysis
4. Assumptions analysis
5. Diagramming technique
Inputs
1. Enterprise Environmental
Factors Outputs
2. Organizational Process Assets 1. Risk Register
3. Project Scope Statement
5. Project Management Plan
1/22/2006

Input
n Environmental factors: external sources of risk information may
include commercial database , studies , or benchmarking.
n Organizational process assets :historical information ..etc
n Project scope statement : assumption may be source of risk.
n Risk management plan : describes the team’s approach to
identifying risk.
n Project management plan : understanding the project’s mission ,
scope , objectives and all other planning output.


Tools and Technique
n Documentation review: Structured review of project plans and related
documents at both the total project and detailed scope level.
n Information gathering technique :methods used to collect data that will

assist the project team in identifying risks :
-Brainstorming , Delphi technique , interviewing and SWOT analysis
n Checklists : developed bases on historical information and provide a quick ,

simple , and standardizes way to identify risk.
n Assumption analysis : technique used to explore the validity of project

assumptions.
n Diagramming technique : Cause and effect diagram , System or process

flow charts, Influences diagram
1/22/2006
Risk Categories
n Divisions into which project risks can be grouped to reflect
common sources of risk for a specific project, industry, or
application area.
n Risk Categories
n Technical, quality, or performance risks
n Project management risks (time , resources , and cost
estimate )
n Organizational risks (funding , conflicts and management
support )
n External risks ( Union , security issues …etc)


Output
n Risk register
n List of identified risk
n List of potential responses
n Root causes of risk
n Update risk categories

1/22/2006
How to Identify Project Risks

and Triggers
n Review outputs from other planning processes

(Charter , WBS , Estimates assumptions…..etc)
n Use one or more risk identification techniques to
identify risks and their possible triggers.
n Apply the method to identify project risks and
triggers consistently.
n Consult relevant historical information.
n Group identified risks into categories.
n Determine triggers for each identified risk.

Qualitative Risk Analysis

n It is the process of assessing the probability and
impact of the identified risks and prioritizing them
according to their effect on project objectives.
n Initially , you gather the risk management plan, risk register,
and any relevant project documentation .
n Then , you analyze each risk using such tools as risk

probability and impact , probability / impact risk rating matrix
, project assumption testing , data precision ranking , and
urgency.
n Finally , you enter any alterations into the risk register.

1/22/2006

Tools & Techniques
1. Risk probability & impact assessment
2. Probability & impact matrix
3. Risk data quality assessment
4. Risk categorization
5. Risk urgency assessment
Inputs
1. Organizations process assets Outputs
1. Risk Register
update
4. Risk register

Input
n Organizational process assets :historical information ..etc

n Project scope statement
n Risk management plan : Roles and assignments in risk
management , risk categories and so on.
n Risk register : Contains the list of identified risk.

1/22/2006

Tools and Technique
n Risk Probability and Impact

Often described in qualitative terms such as very low, low,
moderate, high, and very high.
Probability
n The likelihood that a risk event will occur or prove true.
Impact
n The likely effect on project objectives if the risk event occurs—
often expressed in terms of the amount of money at stake.

Probability Scale
No
Probability Certainty
0 .1 .3 .5 .7 .9 1.0

1/22/2006
Impact Scales
Impact Impact Level Definition

Rating
If this risk occurs, the impact on the project’s objectives in:
1.5 Very low Minor and not noticeable outside the project.
3.5 Low Minor but noticeable to the customer or sponsor.
5.5 Moderate Significant and would create customer or sponsor
dissatisfaction with the project.
7.5 High Significant and would create major customer or sponsor
dissatisfaction. The project would be in jeopardy.
9.5 Very High Catastrophic. The project would be cancelled.


Probability/Impact Risk Rating Matrix
Tools and Technique

Very High
0.9
1.35 4.95 7.65

Probability
Medium
0.5
.75 2.75 4.25

Very Low
0.1
0.15 .55 .85
Very Low Medium Very High

1.5 5.5 8.5
Impact
1/22/2006

Tools and Technique
n Risk data quality assessment :

n The evaluation of the usefulness of the data about
risks being analyzed.
n Examining data obtained about a risk for:
n The extent to which the source of the information understands
the risk.
n The amount of data available about the risk.
n The quality of the available information.
n The legitimacy and dependability of the available data.


Tools and Technique
n Risk Urgency assessment :

n Risk that will require action in the near term may be
considered more urgent than those occurring later.

1/22/2006
Project Risk Ranking

n It is the overall risk ranking for producing the final deliverables of
the product or service of the project it is calculated by summing
the risk factor scores for the project’s individual risk and then
dividing them by the number of individual risks . It allows for
comparisons among other projects , assisting in project initiation ,
budget and resource allocation , and other decisions.
n Example:
The risk management team for a project identified and analyzed
30 risks for the project.
The total of the risk factor scores for those 30 risk was 75.
The project manager divided the number by the number of ris k to
determine that the overall risk ranking for the project was
2.5 (75/30=2.5.)


Output
n Risk register (updates)

n Relative ranking or priority list of project risks.
n Risks grouped by categories.
n List of risks requiring response in the near-term.
n List of risks for additional analysis and response.
n Watch lists of low priority risks.
n Trends in qualitative risk analysis results.

1/22/2006
How to Perform Qualitative Risk Analysis
n Examine the list of identified risks to ensure all risks are

documented. (Are all risks identified and documented?)
n Analyze the data available for each risk to assign a data
precision ranking score.
n Determine the organization's risk threshold for this
project.
n Analyze the assumptions identified during risk
identification as potential risks.
n Analyze the probability and impact of each identified risk
using well-defined probability and impact scales.

Quantitative Risk Analysis

n It is the process of numerically assessing the
probability and impact of each risk and
determining the extent of the overall project
risk.
n Initially , you gather previous document indicating risk
planning, project scope , as well as the risk register.
n Then , you analyze each risk using such tools as
interviewing , probability distributions , sensitivity analysis
expert judgement expected monetary value analysis ,
decision tree analysis and simulation.
n Finally , you enter any alterations into the risk register.

1/22/2006

Tools & Techniques
1. Data gathering and
representation techniques
2. Quantitative risk analysis and
modeling techniques
Inputs
1. Organizations process assets
4. Risk register Outputs
5. Project management plan 1. Risk Register
-Project schedule management update
plan
-Project cost management plan

Tools and Technique
n Data gathering and representation
techniques
n Interviewing
n Probability distributions
n Expert judgment

1/22/2006
Probability Distribution
Distribution Type Description
Uniform All values are likely to occur (straight line display)

Normal Most values in a sampling are close to the mean (bell-shaped
density curves with a single peak display)
Triangular Most optimistic, most likely, and most pessimistic values are
analyzed (triangle-shaped display)

Uniform Distribution
Probability
Impact
1/22/2006
Normal Distribution
Probability
Impact

Triangular Distribution
Probability
Impact

1/22/2006
Quantitative Analysis Methods
n Sensitivity Analysis
n Expected Mona try Value
n Decision Tree Analysis
n Modeling and Simulation

Sensitivity Analysis
n It is a method of assessing the relative impact of changing a

variable in a project to gain insight of the possible outcome of
one or more potential courses of action, Sensitivity analysis
places a value on the effect of changing a SINGLE VARIABLE
within a project by analyzing the effect on the project plan.
1. Begin with your original time or cost estimate.
2. Break out the components of the estimate into manageable
chunks.
3. Determine the variable to investigate and identify its likely
range of variation.
4. Calculate and assess the impact of changing the range of
results on the overall project estimate for each value in the
range.

1/22/2006
Quantitative Risk Analysis,

Tools & Tech.
n Expected Monetary Value (EMV) is a method of calculating the
average out come when the future is uncertain.
Probability
Status Payoff
%
Good Market – Good Quality 80,000 15
Good Market – Poor Quality 50,000 45
Poor Market – Good Quality 20,000 25
Poor Market – Poor Quality -20,000 15
Expected Payoff for good market = 80,000*0.15 + 50,000*0.45 = LE 34,500
Expected Payoff for good quality = 80,000*0.15 + 20,000*0.25 = LE 17,000
EMV = 80,000*0.15 + 50,000*0.45 +20,000*0.25 + (-20,000)*0.15 = LE 36,500

Decision Tree
00
$70,0
00 =
$100,0
0.7 x
0.3 x -$10,000
0 = - $3,000
,00
100
A$ 0,000
000 = $3
0.5 x $60,
B $125,000
0.5 x -
$10,00
C$ 0 = -$5
135 ,000
,00
0 0.2 x $20,000 = $4,000
0.8 x
-$10
,000
= - $8,0
00
$100,000 + $70,000 - $3,000 = $167,000

$125,000 + $30,000 - $5,000 = $150, 000
$135,000 + $4,000 - $8,000 = $131,000 (Least Cost)
1/22/2006

Tools & Tech.
n Modeling & Simulation
n Establish a model
n Use the model to study the uncertainties

specified at a detailed level using impact on
project objectives
n Monte Carlo technique
n Cost Risk Analysis use WBS as Model
n Schedule Risk Analysis use PDM, AON as Model


Tools & Tech.
Cost Risk Simulation Total project Cost
Cumulative Chart
1.000 5.000
Mean 46.67
Probability
.750
Frequency
.500
.250
12%
.000
$ 41 $ 50
30.00 38.75 47.50 56.25 65.00
Cost $

1/22/2006

Outputs

n Probabilistic analysis of the project.
n Probability of achieving cost and
time objectives.
n Prioritized list of quantified risks.
n Trends in quantitative risk analysis
results.

How to Perform Quantitative

Risk Analysis
n Consult historical information regarding risk.
n Use the appropriate interviewing technique to
query project stakeholders and subject matter
experts to obtain probability distributions.
n Depict the distributions obtained for use in risk
response planning.
n Perform a sensitivity analysis to determine
which risks have the most potential impact on
the project.
n Use decision tree analysis to examine the
implications of choosing one of two or more
alternatives.
1/22/2006
How to Perform Quantitative

Risk Analysis
n Conduct a project simulation using a model
to translate uncertainties into their
potential impact on project objectives at
the total project level
n Prioritize the quantified risks according to
the threat they pose or the opportunity
they present to project objectives

Risk Response planning

n Risk response planning is the process of examining
each risk and corresponding response alternatives ,
determining which response will improve the likelihood of
a positive outcome.
n First , you review the risk management plan and risk register ,
which were updated with previous risk management planning
outputs.
n Then , you employ an appropriate technique for each risk ,
either avoidance , transference , mitigation , acceptance or
exploitation .
n Finally , you enter any alternation into the risk register , risk
response plan or the necessary project documentation.

1/22/2006

Tools & Techniques
1. Strategies for negative risk or
2. threats
3. Strategies for positive risk or
4. opportunities
5. Strategies for both threats and
6. opportunities
7. Contingent response strategy
Inputs Outputs
1. Risk management plan
1. Risk management
2. Risk register (update)
plan
3. Risk-related
1. Risk register
Contractual
Slide 61 agreements
Source: pmbok guide 2004 Akram_alnajjar@hotmail.com +20105394312

Tools and Technique
1. Strategies for negative risk or threats
2. Risk Avoidance : it is involves changing the project plan to
prevent a potentially detrimental risk condition or event from
happening. One way to eliminate a risk is to reduce or change
the scope of the project in an attempt to avoid high risk
activities. The scope change could involve the requirements or
specifications , or it can mean changing the approach to
meeting the requirements or specifications.
Example : The product description for an elementary social sciences
education multimedia program references stock video clips of children
riding bikes and roller skating without helmets or knee pads. During
risk identification , the project team reviewed the product description
and identified a potential risk of school administration not buying the
program because it appears to advocate unsafe activities. Viewing
this as a high risk , the team avoided this risk by changing the project
scope so that it did not include the videos.
1/22/2006
Strategies for negative risk or threats
2. Risk transference : is involves shifting the impact of a risk

event and ownership of the risk response to a third party. This
strategy typically is used in connection with financial risk
exposure and most often involves payment of a risk premium
to the party assuming the risk.
Example: Risk sharing is a form of risk transference in which only a
portion of the risk is transferred to another party. For instance ,
organization often transfer responsibility for the risk of an employee
getting injured on the job by paying a premium for worker’s
compensation insurance. The insurance company assumes liability of
the risk and is responsible for covering the injured worker’s medical
bills and / or partial wages depending on the circumstances.
Because the initial organization has transferred part of the financial
liability to the insurance company and they now share the risk. This
would be an example of both risk sharing and risk transference.

Strategies for negative risk or threats
3. Risk mitigation: Is attempts to reduce the probability or impact

of a potential risk event to an acceptable level. Mitigation may
involve implementing a new courses of action in an effort to
reduce the problem or changing the current conditions so that
the probability of the risk occurring is reduced. Sometimes ,
when reducing the probability is not possible, the focus must
be on reducing the consequences of the risk event.
Example:
An example of risk mitigation is the develop of design model , or
prototype, the earlier this can be done in a project, the lower the risk
, Mock-ups , which are similar to prototypes, can test user interaction
with system or products. The project team can make changes to the
design based on early test result, thereby reducing the probability of
a problem once the product is released to market.

1/22/2006
Strategies for Positive risk or

Opportunities
Risk exploitation : This strategy is often used when a project team
wants to make sure that a positive risk is fully realized. This is
often done by hiring the best experts in a field or ensuring the
most technologically advanced resources are available to the
project team.
Risk sharing : This strategy entails partnering up with another
party in an effort to give your team the best chance of seizing
the opportunity, joint ventures are common example of risk
sharing.
Risk enhancement : This strategy attempts to increase the
probability that an opportunity will occur. This is done by
focusing on trigger condition of the opportunity and trying to
optimize their chances for occurrence.

Strategies for both threats and

opportunities
Risk Acceptance : Is any decision not to change the project plan to
deal with a risk. It may be chosen for a risk that has an
extremely low possibility of occurrence or for which no suitable
risk response strategy is identified. Risk acceptance is
performed either passively by doing nothing or actively by
creating a contingency plan to deal with the risk.
Example:
You own a business on a hill in an area that floods relatively often.
Because of your location, you decide not to buy flood insurance.
Instead , you set aside money that is earmarked for the repair of
water damage in case of flooding.
In this case, you are employing a risk acceptance strategy by establishing
a contingency reserve for an emergency . Although you aren’t
ignoring the risk , you will spend money only if the risk event actually
occurs.

1/22/2006
Strategies for both threats and

opportunities
Contingency plan : Is a strategy developed in advanced for
dealing with the occurrence of identified risk. It’s performed to
construct a strategy before things go wrong. With a good
contingency plan in place, you can react quick and
appropriately to the risk event , reducing its overall impact. A
contingency plan may include a fallback plan for risks with high
impact. The fallback plan is implemented if the initial
contingency plan is ineffective in responding to the risk event.
Contingency reserve : Usually , when risk acceptance is the selected
response strategy , a contingency reserve is established to deal with
unknown risks and accepted known risks. The contingency reserve
may be in the form of additional time , money or resources . It covers
risk events that are not accounted for in the project’s baseline
duration and cost estimates. The amount of the reserve is determined
by the potential impact of the risk, but should include enough to
implement any contingency plans as well as a buffer for dealing with
unidentified risks.

Output
n Identified Risk
n Risk owner
n Results from qualitative and quantitative risk analysis processes
n Agreed response
n Specific action to implement the chosen response strategy
n Residual and secondary risk (next slides)
n Budget and time of responses
n Contingency plan and triggers
n Risk related contractual agreements: Insurance , partnerships,

and risk sharing parties will generate language that specifies each
party’s responsibility for different risk

1/22/2006

Output
n Residual Risk
n The risks that remain after avoidance, transfer or
mitigation responses have been taken. Its also
include minor risks that have been accepted.
n Secondary Risk
n The risks that arise as a direct result of
implementing a risk response.

How to Develop a Risk

Response Plan
n Examine each identified risk to determine its causes
and how it might affect project objectives.
n Brainstorm possible response strategies for each risk.
n Choose the response strategy that is most likely to be
effective for each identified risk.
n Develop specific actions for implementing the chosen
strategy.
n Identify backup strategies for risks with high risk
factor scores.
n Determine the amount of contingency reserves
necessary to deal with accepted risks.
1/22/2006
How to Develop a Risk

Response Plan (cont.)
n Determine how much of a contingency reserve
you should set aside for unknown risks.
n Consult the risk management plan for the
description of the content and format of the risk
response plan.
n Incorporate the risk response plan into the overall
project plan.
n Examine trends in analysis results which may
guide response strategies.

Risk Monitoring and Control

n Is the process of responding to identified and
unforeseen risk. It involves tracking identified risk
, identifying new risks , implementing risk
response plans, and monitoring their
effectiveness.

1/22/2006
Risk Monitoring and Control

Tools & Techniques
1. Risk reassessment
2. Risk audits
3. Variance and trend
analysis
4. Technical performance Outputs
measurement 1. Risk register updates
5. Reserve analysis 2. Requested changes
3. Recommended corrective
6. Status meeting actions
4. Recommended preventative
Inputs actions
1. Risk management plan 5. Organizational process
2. Risk register assets (updates)
3. Approved change requests 6. Project management plan
4. Work performance information (updates)
5. Performance Reports
Project Risk Response Audit
n An examination of the effectiveness of risk response plans and

the performance of the risk owner.
n May be conducted by a third party, the project’s risk officer, or
other qualified personnel.
Project Risk Response Audit Process

n Gather relevant project data regarding work results including
risk database.
n Review the risk response plans and implementation of the
plans.
n Prepare a report of the findings and distribute to the project
team and key stakeholders.

1/22/2006
How to Monitor and Control

Project Risk
n Consult the risk response plan to identify risks and triggers.
n Monitor the environment for any new risks that may arise
due to changes in project scope, cost, schedule, or quality.
n Monitor the effectiveness of the risk response, contingency,
and fallback plans.
n Deal with unforeseen risks by systematically planning a
reasoned response.
n Update project documentation as changes are indicated.
n Manage the contingency reserve.
Workaround Plans
n Unplanned responses to emerging risks that were previously
unidentified or accepted.
Commercials Project
database
Enterprise Management Plan Develop Project
Risk Management
Project Risk Management Process Flow Diagram
Environmental Management Plan

Factors Planning 11.1 4.3
Polices ,
Organizational procedures, Risk Approved change request
Process Lesson Learned & corrective action
Management
Assets Plan And prevention action
Risk Approved change

Scope Definition Scope Statement Identification Request
5.2 11.2
Risk register
Qualitative Risk
Analysis
Develop Project 11.3
Management Plan Project cost and
4.3 schedule Risk register update
Management plan
Quantitative
Risk Analysis
Performance Performing 11.4
reporting
reporting Risk register update
10.3
Risk Response Project Management Plan
update
Work performance Planning
Direct and Manage information
Project Execution
11.5
4.4 Risk register update Recommended corrective action
Recommended prevention action
Requested change
Risk register &
Close Project Organizational Risk Monitoring Risk register update
Integrated Change
4.7 Process & Control Control
Assets Project Management
11.6 4.6
Plan update
1/22/2006
Discussion
Any question?


PMP Chapter 11 2004

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PMP Chapter 11 2004

Uploaded by

Copyright:

Available Formats

1/22/2006

Your key in Successful Project

Akram Al-Najjar, PMP

Akram Al-Najjar, PMP.

In this lesson , you will analyze project risks you will :

Project Risk Management

Akram Al-Najjar, PMP.

Risk Approved change

Risk Management Planning

Risk management planning is the process of deciding how to approach and

•First , we identify project charter , current policies , roles , risk tolerance ,

•Thenwe perform an analysis on inputs.

•Finally , we output the risk management plan.

Akram Al-Najjar, PMP.

Risk Management Planning

Akram Al-Najjar, PMP.

Risk Management Planning

Risk Management Planning

Risk Management Planning

Akram Al-Najjar, PMP.

Risk Management Planning

Macro Project Managerial

Akram Al-Najjar, PMP.

Risk Management Planning

n Probability and impact matrix : Risks are prioritized according to their

Akram Al-Najjar, PMP.

Risk Management Planning

Akram Al-Najjar, PMP.

Risk Management Planning

Akram Al-Najjar, PMP.

A risk is an uncertain event that either a positive or negative effect on the

Akram Al-Najjar, PMP.

Due to its relative unpredictability , the weather is a risk com mon to

For example , an organization planning an outdoor festival will likely

Akram Al-Najjar, PMP.

Risk vs. insurable Risk

Source Based risk classification: addresses risk in terms of where it originates

Akram Al-Najjar, PMP.

Levels of uncertainty : address risks classified based on how much is known

Unknown-unknown : Items beyond your ability to foresee.

Akram Al-Najjar, PMP.

Risk tolerance can be classified as risk-averter , risk-seeker , and risk-neutral

Risk seeker : Prefers an uncertain outcome and may be willing to pay a

Risk neutral : Tolerance to risk is proportional to the amount of money at

Decision – Making and Categories

Certainty : Completely sure of the states of nature to be faced and their

Uncertainty : Each state of nature must be estimated and payoffs may be

Akram Al-Najjar, PMP.

Risk Mode Payoff matrix Example

Strategy Lots of Snow Little Snow Dry and Cold

Snow-maker Lite (90)(.70)+(55)(.60)+(35)(.10)=99.5

How to Create a Risk Management Plan

• Conduct risk planning meeting to develop the risk management plan

How to Create a Risk Management Plan

•Risk Identification is the process of identifying and

•You then perform analysis using such tools as documentation reviews

Project Risk Management

Akram Al-Najjar, PMP.

Project Risk Management

n Information gathering technique :methods used to collect data that will

n Checklists : developed bases on historical information and provide a quick ,

n Assumption analysis : technique used to explore the validity of project

Expected Payoff for good market = 80,0000.15 + 50,0000.45 = LE 34,500

Expected Payoff for good quality = 80,0000.15 + 20,0000.25 = LE 17,000

EMV = 80,0000.15 + 50,0000.45 +20,0000.25 + (-20,000)0.15 = LE 36,500