Deck 8: Project Risk Management Planning

The key deliverable from the risk identification process is the risk register.

List and describe the elements of the risk register.

The risk register is the main deliverable from the risk identification and analysis process. The risk register is a dynamic document that must be continually updated as a project progresses. The risk register consists of the following elements:
• Risk-This is the name of the risk, along with a short description. Some like to include a numbering scheme to make it easier to reference.
• Trigger event-This is an explanation of the event or events that signal to the person monitoring that this risk is about to happen or has happened; it involves looking at the root cause of the risk. For example, if a vendor hired to create a sizable portion of the code needed for the new application has been experiencing larger-than-normal turnover rates among employees, trigger event will be any missed or late milestones or software quality issues.
• Responsible-This is the name of the person (preferred) or group/department responsible for monitoring the risk and executing mitigation activities. Using the previous example, a software development project leader may be assigned responsibility for tracking a vendor's progress.
• Consequence-This is an explanation of the impact to the project if the risk occurs. For example, if a vendor is late with its part of a system, the entire project schedule will be delayed, also raising the project budget.
• Probability-This is an estimation of the likelihood that the risk will materialize and affect the project. The probability is often a qualitative rating (low, medium, high) or could be a more quantitative number.
• Mitigation-This is an explanation of the strategy being used to reduce the chances that the risk will occur. For example, say that the team decided to set up multiple two-week milestones for the vendor to keep an eye on the vendor's progress and make sure it doesn't start slipping.

What are the main objectives of risk management, and what is the opposite of good risk management?

The main objectives of risk management are to increase the probability and impact of positive outcomes and decrease the probability and impact of negative outcomes. Unfortunately, many organizations don't follow a formal risk management process; rather, they operate in a perpetual state of crisis management. Crisis management, the opposite of good risk management, involves trying to figure out what to do about a problem after it has occurred instead of planning for issues in advance. This is also referred to as perpetual fire fighting.

What is qualitative risk analysis, and describe two techniques?

List and describe an organization's three possible risk preferences.

Name and describe the four categories of risk strategy.

The PMBOK defines risk management as "the systematic process of identifying, analyzing, and responding to project risk."

The key to running a successful brainstorming session is to foster an atmosphere that allows all ideas to be spoken, regardless of likelihood.

Risk management provides maximum-cost downside protection.

Describe at least five reasons to perform risk management.

The risk management plan is created late in the planning phase of the project and updated throughout the life of the project.

A project manager's objective is to remove all risk from a project.

The primary deliverable from the risk management planning process is the risk management plan.

Describe the steps in the risk management planning process.

Executing the process to build the risk management plan is only necessary for large projects.

What are the risk management processes described by PMBOK?

Describe two quantitative risk analysis techniques.

What information composes the risk management plan?

The main objectives of risk management are to increase the probability and impact of positive outcomes and decrease the probability and impact of negative outcomes.

Risk management makes aggressive risk-taking possible.

Risk management cannot save part of a failed effort.

Organizations that are risk neutral grow in utility at a faster pace than risk and the increase in expected outcomes.

The more risks a team identifies and quantifies, the more the team reduces the amount of uncertainty on the project and gives the project manager the information necessary to build in sufficient contingency reserves to help ensure that a product is delivered as defined.

Monte Carlo simulation is a technique in quantitative risk analysis.

According to the PMBOK, risk response planning is the process of developing options and determining actions to enhance opportunities and reduce threats to a project's objectives.

The acronym EMV stands for expected monetary value.

After the initial risk identification, the project manager alone should look for new issues that may affect the success of the project.

Fallback plans are used if the project cannot be completed as originally planned so an alternate destination needs to be sought.

The success of the interviewing technique for risk identification is heavily dependent on the skills of the interviewee.

The key issue with qualitative risk assessment is estimator experience.

Risk identification tools and techniques include broad organizational categories, analogy, brainstorming, interviews, Delphi technique, and SWOT analysis.

Consequence is an explanation of the event or events that signal to the person monitoring that this risk is about to happen or has happened; it involves looking at the root cause of the risk.

Decision tree analysis is a technique in qualitative risk analysis.

A probability and impact matrix aids a project team in prioritizing the risks that need more attention than others, based on either their probability of occurring or the size of the impact to the project or both.

Monitor and control is a process of risk management.

Quantitative risk analysis consists of subjective techniques used to determine the probability of occurrence and the project impact of identified risks.

In analogy approach to risk identification, risks are examined using broad categories such as people, technology changes, quality and performance issues, customers, vendors, management, funding, political issues, legal issues, and market forces.

Every risk should have an associated mitigation strategy.

Contingency plans are used if the project cannot be completed as originally planned so an alternate destination needs to be sought.

Risk identification is a one-time process done only at the beginning of a project.

Risk management protects against invisible transfers of responsibility.

There are risks that provide new opportunities that will affect a project in a constructive way, and there are risks that threaten the success of the project.

A project manager's objective is not to remove all risk from a project-that simply can't be done-but to identify and manage risks to the benefit of the project.

Risk management sets up projects for success by providing a clear understanding of what is possible within normal operating procedures and what might be a stretch to achieve.

Risk management criminalizes risk by preventing an honest and open evaluation of risk to occur.