2. Project Risk Management
Knowledge
Area
Process
Initiating Planning Executing Monitoring & Contol Closing
Risk
Plan Risk Management
Identify Risk
Perform Qualitative Risk Analysis
Perform Quantitative Risk Analysis
Plan Risk Response
Monitor and Control Risks
Enter phase/
Start project
Exit phase/
End project
Initiating
Processes
Closing
Processes
Planning
Processes
Executing
Processes
Monitoring &
Controlling Processes
3. Perform Quantitative Risk Analysis
• The process of numerically analyzing the effect of identified
risks on overall project objectives.
Inputs
1. Risk register
2. Risk management plan
3. Cost management plan
4. Project scope statement
5. Organizational process
assets
Tools &
Techniques
1. Data gathering and
representation
techniques
2. Quantitative risk
analysis and modeling
techniques
3. Expert judgment
Outputs
1. Risk register updates
If not necessary, this process may
be skipped.
4. Quantitative Risk Analysis
• Is a numerical evaluation (more objective)
• This process may be skipped.
• Purpose of this process
– Determine which risk events warrant a response.
– Determine overall project risk (risk exposure).
– Determine the quantified probability of meeting project
objectives.
– Determine cost and schedule reserves.
– Identify risks requiring the most attention.
– Create realistic and achievable cost, schedule, or scope
targets.
5. • Data Gathering and Representation Techniques
• • Interviewing. quantify the probability and
impact of risks on project objectives. For
instance, information would be gathered on the
optimistic (low), pessimistic (high), and most
likely scenarios for some commonly used
distributions.
6. Probability distributions.
Continuous probability distributions, used in modeling
and simulation represent the uncertainty in values such as
durations of schedule activities and costs of project
components.
7. Quantitative Risk Analysis and Modeling Techniques
Commonly used techniques include both event-oriented and project-oriented
analysis
Sensitivity Analysis
• To determine which risks have the most potential impact to the project
• Changing one or more elements/variables and set other elements to
its baseline then see the impact.
• One typical display of sensitivity analysis is the tornado diagram
8. Decision Tree and EMV
• EMV used with Decision Tree to choose between
many alternative which take into account the future
events
• Example:
(Impact)ty)(ProbabiliEVM
Expected monetary value
P=0.2
P=0.8
P=0.2
P=0.1
P=0.7
outcome
300.000$
- 40.000$
- 50.000$
- 20.000$
60.000$
EMV
300.000x0.2 =60.000
-40.000x0.8 =-32.000
-50.000x0.2 =-10.000
-20.000x0.1=-2.000
60.000x0.7 =42.000
=28.000$
=30.000$
9. • Modeling and simulation.(Monte Carlo technique)
• A project simulation uses a model that
translates the specified detailed uncertainties
of the project into their potential impact on
project objectives.
• Iterative simulations are typically performed
using the Monte Carlo technique.
10. Risk Register Updates
• Update/add additional information to previous output i.e. Risk
Register, which include:
– Prioritize list of quantified risks
– Amount of contingency time and cost reserve needed
– Possible realistic and achievable completion dates,
project cost, with confidence level
– The quantified probability of meeting project objectives
– Trends
11. Plan Risk Response
• The process of developing option and action to enhance
opportunities and to reduce threats to project objectives.
Inputs
1. Risk register
2. Risk management plan
3. Cost management plan
4. Project scope statement
5. Organizational process
assets
Tools &
Techniques
1. Strategies for negative
risks or threats
2. Strategies for positive
risks or opportunities
3. Contingent response
strategies
4. Expert judgment
Outputs
1. Risk register updates
2. Risk-related contract
decisions
3. Project management
plan updates
4. Project document
updates
12. Plan Risk Responses
• Do something to eliminate threats before they happens
• Do something to make sure the opportunities happens
• Decrease the probability and/or impact of threats
• Increase the probability and/or impact of opportunities
• For the remaining (residual) threats that cannot be
eliminated:
– Do something if the risk happens (contingency plan).
– Do something if contingency plan not effective (fallback plan)
– The risks result in applying risk response strategy is called
(secondary risk)
– The risk trigger is events that trigger the contingency response
– Workaround is unplanned risks
13. Strategies for Threats
1- Avoid
– Eliminate the threat entirely
– Example: remove dangerous test or
person or material from project
14. Strategies for Threats
• 2-Transfer (Deflect, Allocate)
– Shift some or all the negative impact
of a threat to a third party
Example : insurance or outsource the
work
15. Strategies for Threats
• 3-Mitigate
– Implies a reduction in the probability
and/or impact of an adverse risk
event to be within acceptable
threshold limits
• Example : provide training for team
members, Wear a helmet head
16. Strategies for Threats
• 4- Accept
– Deal with the risks
– Project management plan is
not changed
• Example : Increasing material
prices (contingency)
17. Strategies for Opportunities
• Exploit
– Seek to ensure the
opportunities definitely happen
– Example: allocate experience
manpower in critical path to
complete project early
18. Strategies for Opportunities
• Share
– Allocate some or all of the
ownership of the opportunity to
a third party who is best able to
capture the opportunity for the
project benefit.
– Example: buy machine
19. Strategies for Opportunities
• Enhance
– Increase the probability and/or
the positive impacts of an
opportunity.
– Example: negotiation for the
equipment earlier to secure
lower price
21. Monitor & Control Risk
• The process of ..
– implementing risk response plans,
– tracking identified risks,
– monitoring residual risks,
– identifying new risks, and
– evaluating risk process effectiveness throughout the project.
Inputs
1. Risk register
2. Project management
plan
3. Work performance
information
4. Performance report
Tools &
Techniques
1. Risk reassessment
2. Risk audits
3. Variance and trend
analysis
4. Technical performance
measurement
5. Reserve analysis
6. Status meetings
Outputs
1. Risk register updates
2. Organizational process
assets updates
3. Change requests
4. Project management
plan updates
5. Project document
updates
22. • Risk Reassessment
• Monitor and Control Risks often results in
identification of new risks, reassessment of
current risks , and the closing of risks that are
outdated.
• Project risk reassessments should be regularly
scheduled.
.
23. • Risk Audits
• Risk audits examine and document the
effectiveness of risk responses in dealing with
identified risks and their root causes, as well
as the effectiveness of the risk management
process
25. 1- Heba is a Project Manager for software migration at a
bank. A major risk that has been identified is attrition
of resources. As a strategy to respond to this risk,
Heba, with support from Senior Management, provides
good increments to his team members. What type of
risk response is heba following?
A-Accept
B-Avoid
C-Transfer
D-Mitigate
26. 2-Which of these is not a valid response to
positive risks?
A-Exploit
B-Mitigate
C-Enhance
D-Share
27. 3-After conducting a SWOT Analysis, you have
determined that a business deal is worth pursuing. You
are required to use Agile development practices. In
your company, there is no expertise in Agile
development. Hence, you partner with another
organization that specializes in Agile development. This
is an example of:
a) Sharing a Positive Risk
b) Mitigating a Negative Risk
c) Exploiting a Positive Risk
d) Accepting a Negative risk
28. 4-During which stage of Risk planning are modeling
techniques used to determine overall effects of
risks on project objectives for high probability,
high impact risks?
A-Risk identification
B-Risk response planning
C-Qualitative risk analysis
D-Quantitative risk analysis
29. • 5-if the team cannot identify a suitable
response to an identified risk . Which risk
response would they apply?
A- avoidance
B-acceptance
3- mitigation
4-transference
