PMP studies notes contain all the key points that helps of to understand the knowledge area, process and ITTO's.

Wednesday, May 27, 2009

PMP - Chapter 11 – RISK Management







































































Knowledge Areas




Major Processes




Primary Inputs




 




Tools & Techniques




Primary Outputs




RISK




It's risky to have an IQ in DC.




 




 




 




 




Risk Management Planning




Deciding how to approach and plan risk management activities.




1. Enterprise Environmental Factors



2. Organizational Process Assets



3. Project Scope Statement



4. Project Management Plan




 




1. Planning meetings and analysis




1. Risk management plan




Risk Identification




Determining which risks are likely to affect the project & documenting their
characteristics




1. Enterprise Environmental Factors



2. Organizational Process Assets



3.Risk management plan



4. Project Scope Statement



5. Project Management Plan



 




 




1.Documentation reviews



2. Info-gathering techniques



3. Checklist analysis



4. Assumptions analysis



5. Diagramming techniques




1.Risk Register




Qualitative Risk Analysis




Assessing the impact and likelihood of identified risks.




1. Organizational Process Assets



2. Risk Register



3. Project Scope Statement



4. Project Management Plan



 




 




1. Risk probability & impact assessment



2. Probability and impact matrix



3. Risk data quality assessment



4. Risk Categorization



5. Risk urgency assessment



 




1.Risk Register (Updates)




Quantitative Risk Analysis




A process that analyzes numerically the probability of each risk and its
consequence on project objectives




 




1. Organizational Process Assets



2. Project Scope Statement



3. Risk Management Plan



4. Risk Register



5. Project Management Plan



* Project Schedule Management Plan



* Project Cost Management Plan




1. Data Gathering and representation techniques



(Interviewing, probability distribution and EJ)



2. Quantitative Risk analysis & modeling techniques. (Sensitivity, EMV, Decision
Tree)




1. Risk Register (Updates)




Risk Response Planning




Developing options & determining actions to enhance opportunities to reduce
threats to project objectives




 




1. Risk Management Plan



2. Risk Register




1. Strategies for negative risk or threats



2. Strategies for positive risk or opportunities



3. Strategies for both threats and opportunities



4. Contingency response strategy




1. Risk Register (Updates)



2. Project Management Plan (Updates)



3. Risk related contractual agreements




Risk Monitoring & Control




Tracking identified risk, monitoring residual risks, and identifying new risk,
ensuring the execution of risk plans and evaluating the effectiveness in
reducing risk.




 




1. Risk Management Plan



2. Risk Register



3. Approved Change Requests



4. Work Performance Information



5. Performance Reports




1. Risk reassessment



2. Risk audits



3. Variance and trend analysis



4. Technical performance measurement



5. Reserve analysis



6. Status Meetings




1. Risk Register (Updates)



2. Requested Changes



3. Recommended Corrective actions



4. Recommended Preventive actions



5. Organizational process asset (Update)



6. Project Management Plan (Updates)



 





 



Project risk - Is an uncertain event or
condition that, if it occurs, has a positive or a negative effect on a project
objective.



A risk has a cause and, if it occurs, a consequence. Risk identification is an
iterative process. (Just like core process). Objective is to decrease the
probability and impact of negative events and vice versa.



Risk Management Planning: deciding on how
to approach, plan and execute risk mgmt activities for a project.



Risk Identification: determining which
risk can effect the project and documenting their characteristics.



Qualitative Risk Analysis style="font-weight:bold"> Prioritizing risks for subsequent further
analysis or action by assessing and combining their probability of occurrence
and impact.



Quantitative Risk Analysis – Numerically
analyzing the effect on overall project objectives of identified risks.



Risk Response Planning: developing options
and actions to enhance opps and reduce threats to project objectives.



Risk Monitoring and Control: tracking
identified risk, monitoring residual risks, identifying new risks, executing
risk response plans and evaluating their effectiveness though the project life
cycle.



 



RMP: it is input to cost and time
estimating, schedule development and cost budgeting.



I/P: EE factors (attitude towards risk and
tolerance, which can be found in policy statement or revealed in actions), OP
assets, Project scope statement, PMP



TT: Planning meetings and analysis: Risk
cost element and schedule activities will be developed for inclusion in the
project budget and schedule respectively. Responsibilities will be assigned;
templates will be tailored for use later.



Output:



Risk Management Plan – Describes how Risk
Management will be structured and performed, it includes




  1. Methodology (Approach, tools and data sources)


  2. Roles and responsibilities


  3. Budgeting (assign Resources and
    estimated Cost for inclusion in cost baseline)


  4. Timing (When and how often;
    includes risk activities in project schedule)


  5. Risk Categories style="font-weight:normal;font-family:"Trebuchet MS";font-size:11.0pt">
    (RBS, Good practice is to review risk categories during RMP prior to Risk
    Identification Process)


  6. Definition of Risk Probability and Impact style="font-weight:normal;font-family:"Trebuchet MS";font-size:11.0pt">
    (Definition of probability and impact)



    1. Probability and Impact Matrix
      (Look up table, with impact categorized
      as Low, Moderate or High)






  1. Revised Stakeholders tolerances


  2. Reporting Formats style="font-weight:normal;font-family:"Trebuchet MS";font-size:11.0pt">
    (Describes Risk Register Contents and format)


  3. Tracking (Auditing and
    Documentation for current project, future needs and LL)



 



 



Risk Types – 1. Business (Gain or Loss) 2.
Pure Risk (Only Risk of Loss)



 



Attitude about Risk – Should be made
explicit, Communication about risk should be honest and open. Risk response
reflects organizations perceived balance between risk taking and risk avoidance.
Some one who does not want to take risks is said to be Risk Averse.



Tolerance and Threshold – Tolerance are
areas of risk that are acceptable or unacceptable. A threshold is the amount of
risk that is acceptable. You use this information to help assign levels of risk
on each work package.



 



Risk Identification



IP: EE Factors, OP assets, project scope
statement (assumptions), risk management plan(R&R, RBS, risk provisions),
project management plan



Tools:
Documentation reviews, info gathering techniques
(Brainstorming, Delphi
tech, interviewing, RCA, SWOT); Check List
Analysis
- based on Historical information of previous similar projects.
The lowest level of RBS is used as Risk Checklist; Assumption analysis style="font-style:italic">; Diagramming tech: C&E, system/process
flow chart, influence diagram,



OP: Risk Register



 



Delphi tech: is a way to reach a consensus
of experts, questionnaire is sent to solicit ideas and responses are summarized
and re-circulated to the experts. Consensus is reached in few rounds. It helps
to reduce bias in the data and keeps any one perform fro having undue influence.



 



Qualitative Risk Analysis: focuses on
prioritizing risks using probability and impact of the risk as well as time
frame and risk tolerance. It also leads to over all risks of the project. It is
also known as Risk assessment.



IP: OP assets, project scope statement,
RMP, Risk Register,



TT: Risk probability and impact
assessment, Probability and impact matrix, Risk data quality assessment, Risk
Categorization (based on common causes, using RBS/WBS/Phases), Risk urgency
assessment.



OP: risk register (updates)



 



Quantitative Risk Analysis: it assigns
numerical ranking to the prioritized risks primarily uses Monte Carlo Simulation
and Decision Tree Analysis. It should be redone after RRP and RMC to asses risk
reduction.



IP: OP Assets, Scope Statement, RMP, Risk
Register, PMP (SMP, CMP).



TT:




  1. Expert Judgment


  2. Data Gathering and Representation Techniques



    • Interviewing,


    • Probability
      Distribution

      Beta Distribution and
      Triangular Distribution
      can use
      ordinal or cardinal values. Both uses 3 point estimates and are continuous
      distribution. Decision tree uses representation of discrete distribution.
      Uniform distribution can be used when no obvious value in early concept stage of
      design.






  1. Quantitative Risk Analysis and Modeling Techniques


    • Sensitivity
      Analysis – Determine which risks have most potential impact,


      Tornado
      style="font-family:"Trebuchet MS";font-size:11.0pt"> Diagram
      (compares relative importance of variables that have a high degree of
      uncertainty to those more stable)


    • Expected
      Monetary Value – Opportunity expressed as Positive, Risk expressed as negative
      example Decision tree. Modeling and Simulation is recommended for Cost &
      Schedule Risk analysis because they are more powerful and less subject to misuse
      than EMV analysis.


    • Decision
      tree analysis – Shows available choices and their possibilities with more
      complex process than EMV. It assumes mutual exclusivity.


    • Modeling and
      Simulation – Done using

      Monte Carlo Technique style="font-family:"Trebuchet MS";font-size:11.0pt">. In
      simulation project model is calculated many time (iterated), with the input
      values randomized from a probability distribution function and a probability
      distribution is made.

      Cost Risk Analysis style="font-family:"Trebuchet MS";font-size:11.0pt"> use CBS or
      WBS.


      Schedule Risk analysis
      use PDM.





OP: Risk Register (updates)



 



Risk Response planning: it creates owner
for each agreed to and funded risk. Risks responses are developed in risk
planning and risk response planning stage



IP: RMP, Risk Register



TT: Strategy for negative risk (avoid,
transfer, mitigate), Strategy for positive risk ( exploit, share, enhance), for
both acceptance, contingent response strategy,



OP: Risk Register (Updates), PMP
(updates), Risk related contractual agreement.



Risk Management Control



Process of identifying, analyzing and planning for newly arising risks, keeping
track of identified risks and those on the watch list, reanalyzing existing
risks, monitoring trigger condition for contingency plans, monitoring residual
risks and reviewing the execution of the risk responses and their effectiveness.



IP: RMP, Risk Register, App CRs, work
performance Info



TT: Risk reassessment, Risk Audits,
Variance and trend analysis, Technical performance measurement, reserve
Analysis, Status Meetings (RM is an agenda)




  1. Risk Audits:
    examine and document the effectiveness of risk responses in dealing with
    identified risks and their root causes, well as the effectiveness of the risk
    management process.


  2. Variance and trend analysis:

    reviewed using performance data, EV anal and other methods used. Measure overall
    project performance deviation from baseline indicating the potential impact of
    threats or opps.


  3. Technical performance measurement:

    compares technical accomplishments during project ececution to the PMP’s
    schedule of technical achievement. Reveals degree of success in achieving
    project’s scope.


  4. Reserve Analysis: style="font-weight:normal;font-family:"Trebuchet MS";font-size:11.0pt">
    it monitors contingency reserves remaining to the amount of risk remaining at
    any time in the project in order to determine if the remaining reserve is
    adequate.



OP: Risk register (updates), CRs,
recommended CAs and Pas, OP asset (update), PMP (update)



 



Risk Register – (O/P of Risk
Identification)


    style="margin-left:.75in;direction:ltr;unicode-bidi:embed;
    margin-top:0in;margin-bottom:0in;font-family:"Trebuchet MS";font-size:11.0pt"
    type="1">

  1. List of Identified Risks
    (including root causes and assumptions)


  2. List of
    Potential Responses


  3. Root causes
    of Risks


  4. Updated Risk
    Categories (RBS which is developed in RMP is enhanced or amended)



Updates after Qualitative Risk Analysis


    style="margin-left:.75in;direction:ltr;unicode-bidi:embed;
    margin-top:0in;margin-bottom:0in;font-family:"Trebuchet MS";font-size:11.0pt"
    type="1">

  1. Relative Ranking or Priority
    list of Project Risks


  2. Risks
    grouped by categories


  3. List of Risk
    requiring Response in the near term


  4. Watch list
    of low priority risks


  5. Trends in
    Relative Risk analysis results



Updates after Quantitative Risk Analysis


    style="margin-left:.75in;direction:ltr;unicode-bidi:embed;
    margin-top:0in;margin-bottom:0in;font-family:"Trebuchet MS";font-size:11.0pt"
    type="1">

  1. Probabilistic Analysis of the
    project: this output typically expressed as a cumulative distribution is used
    with stakeholder risk tolerances to permit quantification of the cost and time
    contingency reserves


  2. Probability
    of Achieving Cost and Time Objective


  3. Prioritized
    List of Quantified Risks


  4. Trends in
    Quantitative Risk Analysis Results



Updates after Risk Response Planning


    style="margin-left:.75in;direction:ltr;unicode-bidi:embed;
    margin-top:0in;margin-bottom:0in;font-family:"Trebuchet MS";font-size:11.0pt"
    type="1">

  1. Identified Risks, their
    descriptions, areas of the project and how they affect project objectives


  2. Risk owners
    and their responsibilities


  3. Agreed upon
    response strategies


  4. Symptoms and
    warning signs of risks occurrence


  5. Budget and
    Schedule activities required to implement the chosen responses


  6. Contingency
    reserves of Time and Cost and Triggers.


  7. Fallback
    plan


  8. Residual and
    Secondary Risks



 



Risk Response Planning
Techniques



Strategies for Negative Risks or Threats



Avoidance (elimination/abatement)
Eliminate the threat posed by an adverse risk. Can be done by changing the
Project Plan or protecting (isolating) project objectives from its impact. Or
relaxing time, cost, scope and quality or cut scope



Mitigation (reduction) Reduce the Expected
Monetary Value by reducing probability or impact. Float can be use to mitigate
potential risks. Reduction in the probability or impact of an adverse risk.
Adoption less complex processes, conducting more tests, stable supplier.



Transfer Deflect or share (eg. Insurance,
warranties). Shifts the negative impact of a threat to a third party it doesn’t
eliminate it, insurance, performance bonds, warranties, guarantees etc,



Strategy for positive Risks or opps



Exploit: assigning better quality resource
to reduce time to complete



Share: allocating ownership to third party
who has expertise.



Enhance: by facilitating or strengthening
the cause of the opportunity, targeting its trigger.



Strategy for both



Acceptance Accept or retain consequences.
2 types: Active Acceptance (develop a
contingency reserve) or Passive
Acceptance (no action).



 



Residual Risks – Risks that are expected
to remain after planned responses have been taken, as well as those have been
deliberately accepted.



Secondary Risks – Risks that arise as a
direct outcome of implementing a risk response.



Recommended Corrective Actions – For Risk
monitor and Control include Contingency plans
and workaround plans
.



Workaround Unplanned response to negative
risk events (requires to be impacted by the risk first).Work around plans are
not initially planned but are required to deal with emerging risks that were
previously unidentified or accepted.



Contingency Plan Planned action steps to
be taken if an identified residual risk occurs. (e.g. developing alternative
activity sequences). It is for the risks which are accepted.



Contingency Reserve: calculated based on
the quantitative analysis of the project and organization’ risk thresholds.



Fall Back Plan: It is plan executed when
contingency plan is not effective.



 



Risk database style="font-style:italic"> - A repository that provides for
collection, maintenance, and analysis of data gathered and used in the risk
management processes.



 
































































































Types of Risk




 




 




Business




 




Normal risks that offer gain and loss




Pure / Insurable




 




Only loss: property damage, indirect consequential loss, legal liability,
personnel. For risk we can outsource, we have contract. For pure risks, we
obtain insurance.




Statistical Independence




 




Occurrence of one event is not related to occurrence of the other




Data Precision Ranking




 




Purpose is to test the value of data (input to Qualitative Analysis)




Path Convergence




 




Tendency of parallel paths of equal duration to delay the completion of the
milestone where they meet. It is characterized by schedule activity with more
than one predecessor activity




Uncertainty




 




An uncommon state of nature, characterized by the absence of any information
related to a desired outcome.




Expected Monetary Value




 




= Probability * Monetary Impact (used in Decision Tree Analysis)




Risk Event




 




A discrete occurrence that may affect the project for better or worse. After a
risk event, the project manager’s role is to reassess the risk ranking. The risk
owner is responsible to take action when an identified risk occurs.




Risk Trigger




 




A symptom of risk; indirect manifestation of actual risk event; output of risk
identification; example is poor morale




Risk Portfolio




 




Risk data assembled for the management of the project




Utility Theory




 




Technique that characterizes an individual’s willingness to take risk




Sensitivity Analysis



 



Risk Auditor




 




Places a value on the impact to the project plan by adjusting a single project
variable; simplest form of analysis



Role is to investigate the effectiveness of the risk owner (which can cause
potential conflict with risk owner)




Numbers to Know




 




 




1 sigma



style="margin:0in;font-family:"Trebuchet MS";font-size:11.0pt;color:black">
68.3%




 




2 sigma



style="margin:0in;font-family:"Trebuchet MS";font-size:11.0pt;color:black">
95.5%




 




3 sigma



style="margin:0in;font-family:"Trebuchet MS";font-size:11.0pt;color:black">
99.7%




 




6 sigma




99.99%




 





The range of an estimate with the smallest range is the least risky.



 



Documentation



Risk Management Plan – would most likely
be developed during scope planning phase of the scope management process.



Decision Tree Analysis - 1. Takes into
account future events in trying to make decision today



2. It calculates EMV in more complex situations 3. Involves mutual exclusivity



Fall back Plan – Specific actions that
will be taken if the contingency plan is not effective.

No comments:

Post a Comment