1 / 50

Project Risk Management A Preparation Guide for the PMI-RMP Exam

Project Risk Management A Preparation Guide for the PMI-RMP Exam. Scott Reynolds MBA, PMP, PMI-RMP. What is Project Risk Management?. Project risk management is actively managing the risks on your project The goal of risk management is to be more proactive and less reactive. What is a Risk?.

vachel
Download Presentation

Project Risk Management A Preparation Guide for the PMI-RMP Exam

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Project Risk ManagementA Preparation Guide for the PMI-RMP Exam Scott Reynolds MBA, PMP, PMI-RMP

  2. What is Project Risk Management? • Project risk management is actively managing the risks on your project • The goal of risk management is to be more proactive and less reactive

  3. What is a Risk? A risk is an uncertain event that could have a positive or negative effect on your project * This means there is a probability between 1-99% that the event could occur • If there is a 0% chance of an event occurring, there is no risk (example; there is a 0% chance your project will be adequately funded, this is not a risk, it is a reality) • If there is a 100% chance of an event occurring, this would be an issue, not a risk • Risks with negative consequences are called threats • Risks with positive consequences are called opportunities (Yes, risk can be good! Stop thinking of risk as bad, and start thinking of it in terms of probabilities!)

  4. Types of Risk Risks can be broken out into two primary types • Pure Risk (hazard)– risk with potential loss only ex. Fire, theft, personal injury • Business Risk (speculative risk) – risk with potential loss or gain ex. A highly skilled employee becomes available to work on your project, reducing your schedule time, the tax rate changes, a new server costs less (or more) than you budgeted for

  5. Risk Management Processes There are six project risk management processes * Go ahead and learn them now (in order), this is the only knowledge area in the Project Management Body of Knowledge (PKBOK) that must be completed in successive order • Plan Risk Management • Identify Risks • Perform Qualitative Analysis • Perform Quantitative Analysis • Plan Risk Response • Monitor & Control Risks

  6. Risk Management Processes • Risk Planning – this is how you plan on conducting risk management. You wouldn’t start managing your project without a plan, so why would you approach risk management that way? * Remember ‘Plan the work, and work the plan’? Applies to risk management as well. • Identify Risks – this is the phase where you attempt to identify most of your risks • Qualitative analysis – this is a subjective analysis of your risks that produces a risk ranking, usually in the order of high, medium, low, or on an ordinal scale. Rankings are by agreement of your project team, sponsors and key stakeholders.

  7. Risk Management Processes • Quantitative Analysis – a numerical analysis of the probability and impact of the risk on your project • Plan Risk Response– a course of action you will take to deal with your risks should they go from risk to issue • Monitor & Control Risks – monitoring your lists (there are two lists which I will discuss later) of risks to enact a risk response plan, to move a risk from one list to the other, or to remove a risk because it is no longer a risk

  8. Risk Management Planning Before you start dealing with risks, you should first plan on how you will handle risk on your project Things to consider when creating your Risk Management plan • The risk tolerance of your project sponsors and stakeholders – In order to gain buy-in, you need to create a plan your sponsors can support. It is not likely they will support a plan that is in opposition to their agenda or is out of their comfort zone • The size and value of your project – there is a cost to risk management, you shouldn’t spend more on preventing the risk than the cost of the risk occurring • The methodology you will use – the methodology you use is not as important as gaining agreement and buy-in on the methodology chosen • Sources of risk – risk categories; think of all possible areas or events that could introduce risk to your project

  9. Plan Risk Management Inputs to Risk Management Planning • Enterprise environmental factors – company culture or existing systems the project will have to deal with or can make use of • Organizational process assets – processes, procedures, and historical information • Project scope statement – statement of what the project shall deliver and what it should not deliver (if you don’t know what the scope of your project is, can you really identify all areas of risk?) • Project management plan – the guide on how you will manage your project

  10. Plan Risk Management Inputs to Risk Management Planning • Cost Management Plan – The guide on how you and your team will control costs on the project to try to stay within budget • Schedule Management Plan – The guide on how you and your team will manage the schedule of the project • Communications Management Plan -The guide on who you need to communicate to, what information, how it needs to be communicated and how often

  11. Plan Risk Management Outputs of Risk Management Planning • Risk Management Plan - Methodology - Roles & Responsibilities - Budgeting - Timing - Risk Categories - Definitions of risk & impact - Stakeholder tolerances - Reporting formats - Tracking

  12. Identify Risks This is the phase where you work with your team to identify as many risks as possible Things to remember • Identify Risks can’t be completed without the project scope statement and Work Breakdown Structure (WBS) • Identify Risks happens at the onset of the project and throughout the project • Risks can be identified at any time and during any phase of the project • Risk management is an iterative process, you should work to identify risk during any changes to the project, working with resources, and when dealing with issues

  13. Identify Risks Techniques to identify risk • Brainstorming - the free-flow of ideas on risk, done with the project team, stakeholders, subject matter experts, and experienced resources • Delphi technique – an anonymous surveying of experts in which information is sent to a group of experts on the risk. The experts each provide input, the responses are compiled and then sent back to all of the experts for further review; the process is repeated until consensus is reached. • Interviewing – interviews of experts, project stakeholders, or associates who have worked on similar projects in order to discover risks

  14. Identify Risks Techniques to identify risk • Root Cause Analysis – Determining the cause of the risk; you might be able to identify more risks this way or you might be able to eliminate the risk by eliminating the cause • SWOT Analysis – An analysis of the strengths, weaknesses, opportunities and threats on your project • Checklist Analysis – after you have identified your categories of potential risks on your project, you create a checklist of these categories to make sure you’re not neglecting any area where risk can hide

  15. Identify Risks • Assumptions Analysis – what assumptions have you made or been given about your project? Are they valid? If not, you could have risk • Diagramming Techniques – diagramming techniques can show cause and effect. The effect would be your risk, would it be helpful to know what could cause that risk? - Cause-&-Effect diagram - System process flowcharts - Influence diagrams * Whenever possible, deal with the cause, not the effect

  16. Risk Factors When analyzing your risk, you should be aware of the following risk factors • The probability the risk will occur • The range of possible outcomes • When in the project lifecycle the risk is likely to occur (the timing); * once the expected timeframe of the risk has passed and it is no longer a risk, it can be removed from the risk list • How often the risk is expected to occur on the project (frequency)

  17. Identify Risks Outputs of Identify Risks • Risk Register - List of risks - List of potential responses - Root causes of risks - Updated risk categories

  18. Perform Qualitative Risk Analysis This is the phase where you rank the risks you’ve identified from Identify Risks to come up with a list of risks you will create plans for dealing with Things to remember • Perform Qualitative Risk Analysis is subjective • What is the probability of the risk occurring? High, medium, low? 1-10? • What is the impact if the risk does occur? High, medium, low? 1-10? What is the financial impact, are the consequences positive or negative? * the earlier you know about risk, the better prepared you will be

  19. Perform Qualitative Risk Analysis Tools and Techniques of Qualitative Analysis • Probability & Impact Matrix – a matrix that creates a consistent evaluation of high, medium, or low for your projects. This helps to make the risk rating process more repeatable between projects. • Risk Data Quality Assessment – What is the quality of the data used to determine or assess the risk? Think about the following • Extent of the understanding of the risk • Data available about the risk • Quality of the data • Reliability & Integrity of the data

  20. Perform Qualitative Risk Analysis Tools and Techniques of Qualitative Analysis • Risk Categorization – Which of your categories has more risk than others? Which of your work packages could be most affected by risk? • Risk Urgency Assessment – Which of your risks could occur soon, or require a longer planning time? Risk urgency assessment helps move these risks more quickly through the rest of the project management process * Perform Qualitative Risk Analysis is subjective

  21. Perform Qualitative Risk Analysis Outputs of Perform Qualitative Risk Analysis • Risk Register Updates • Risk ranking for the project compared to other projects • List of prioritized risks and their probability and impact ratings • Risks grouped by categories • List of risks requiring additional analysis in the near term • List of risks for additional analysis and response • Watchlist (non-critical risks) • Trends

  22. Perform Qualitative Risk Analysis Perform Qualitative Risk Analysis can help you determine the following • Which risks need to move on to Perform Quantitative Risk Analysis? • Which of your projects should be selected when compared with other projects? * You have two projects available and you can only complete one of them, both projects are projected to have the same benefit, but the qualitative risk score for one of the projects is higher than the other, would you want to know this before you decided which project you would work on?

  23. Perform Quantitative Risk Analysis This is the phase of risk management where you conduct a numerical analysis of the probability and impact of the risks with the highest risk rating score determined from qualitative analysis Things to remember Quantitative analysis is used to…. • Determine which of your risks should have a response plan • Determine overall project risk • Determine the probability of delivering your project objectives

  24. Perform Quantitative Risk Analysis Things to remember • Determine cost and schedule reserves • Identify risks that will require more planning • Create more realistic and achievable cost, schedule, or scope goals

  25. Perform Quantitative Risk Analysis Tools and Techniques of Quantitative Analysis • Sensitivity Analysis – Which risks will have the most impact on the project? • Monte Carlo Analysis – A technique that uses simulation to show the probability of completing your project on time and within budget. • Determines the overall risk of the project, not the task • Determines the probability of completing the project on a specific day and for a specific cost • Takes into account path convergence (places in the network diagram where many paths converge into one activity) • Used to evaluate the impact to your schedule and budget • Due to the complicated mathematical computations used, Monte Carlo analysis is usually done with a computer program • Creates a probability distribution – triangular, normal, beta, uniform or lognormal (learn these) * Perform Quantitative Risk Analysis is a numerical analysis

  26. Perform Quantitative Risk Analysis Tools and Techniques of Quantitative Analysis EMV – Expected Monetary Value – What is the probability of the risk occurring multiplied by the impact if the risk does occur? If the risk occurs, what could the financial or time loss be to your project? In the example below, this project has an EMV of ($58,250), this means that you need to put aside $58,250 in your risk reserve account for potential risks

  27. Perform Quantitative Risk Analysis Tools and Techniques of Quantitative Analysis • Decision Tree – used for planning on individual risks instead of planning for the whole project • Takes into account future events to make a decision today • Can calculate the EMV in more complex situations • Involves mutual exclusivity

  28. Perform Quantitative Risk Analysis

  29. Perform Quantitative Risk Analysis Decision Tree * It is cheaper to make the units rather than buying them

  30. Perform Quantitative Risk Analysis Outputs of Perform Quantitative Risk Analysis • Risk Register Updates • Prioritized list of quantified risks • Amount needed for contingency reserves for time and cost • Confidence levels of completing the project on a certain date for a certain amount of money • The probability of delivering the project objectives • Trends - risk management is an iterative process; as you repeat the process you can track your overall project risk and determine the trend (if you are decreasing or increasing the level of risk on your project)

  31. Plan Risk Response This is the phase of risk management where you decide how you will respond to your most important risks • Risk Response Strategies Threats • Avoid – remove the cause of the risk so that it never materializes • Mitigate – reduce the probability and or impact of the risk • Transfer – transfer the risk to another party; usually done with insurance, performance bonds, warranties, guarantees or outsourcing the work. Opportunities • Exploit – make sure the opportunity occurs, you can add work or make a change to the project • Enhance – increase the probability and or positive impact of the risk • Share – share the opportunity with a third party to be able to take advantage of the opportunity

  32. Plan Risk Response • Risk Response Strategies For both Threats & Opportunities • Accept – Active acceptance – preparing a contingency reserve of cost or time reserves in case the risk does happen Passive acceptance – preparing for the dealing with the effects of the risk after the risk has occurred

  33. Plan Risk Response Outputs of Risk Response Planning • Project Management Plan Updates – Changes made due to risk management will be changes made to the project and should be updated in the project management plan • Updates to Risk Register • Residual Risks – risks that are left over after Plan Risk Response • Contingency Plans – plans of action in case the risk does occur • Risk Response Owners – the person on the team responsible for monitoring the risk, risk triggers, developing a response strategy, and implementing the strategy should the risk occur • Secondary Risks – new risks that result from the implementation of the contingency plans for the primary risks

  34. Plan Risk Response Outputs of Risk Response Planning • Updates to Risk Register • Risk Triggers – early warning signs that there is a high probability the risk will occur • Fallback Plans – a secondary contingency plan, in case the contingency plan does not work or is not effective • Reserves • Contingency reserves - covers the cost for ‘known unknowns’ discovered during risk management; covers the residual risks. The contingency reserve is calculated and made part of the baseline. • Management reserves – these are estimated and made part of the project budget, not the baseline. Management approval is needed to use the management reserve.

  35. Monitor and Control Risks This is the phase of risk management where you monitor the risk list for risks that have a higher probability of affecting your project, and the risk watchlist for risks that could change and should either be added to the risk list or removed from the watchlist • Inputs to Monitor & Control Risks • Risk Management Plan • Risk Register • Approved Change Requests • Work performance information - Deliverable status - Schedule progress - Costs incurred • Performance reports

  36. Monitor and Control Risks Things to Know • Workaround – a response to a risk that has occurred when no contingency plan exists • Risk audit – a team of experienced project team members reviews the risk management process and response strategies to see if you’ve effectively identified the major risks on the project and developed effective strategies for dealing with them • Risk Reassessment – Risk management is iterative, you should review the risks on your project throughout the project to update their qualitative and quantitative values * the earlier you know about risk, the better prepared you will be

  37. Monitor and Control Risks Things to Know • Status meetings – status meetings should be used to identify new risks or changes to existing risks. This is a great opportunity to discuss with your team and stakeholders existing risks and new risks • Reserve analysis – has the reserve kept up with changes to the risk list? Does the reserve still cover the costs of these risks should they occur? • Closing of risks – Risks are expected to happen during a particular phase of the project. When that phase has passed and the risk is no longer probable, the risk should be removed from the risk list and any reserve associated should be freed up

  38. Monitor and Control Risks Outputs of Monitor & Control Risks • Updates to Risk Register • Outcomes of the risk reassessments and risk audits • Updates to previous parts of risk management • Closing of risks that are no longer applicable • Details of what happened when risks occurred • Lessons learned • Requested Changes • Recommended Corrective & Preventive Actions • Updates to the Project Management Plan • Organizational Process Assets Updates

  39. Project Risk Management Review Plan Risk Management • Inputs • Project Scope Statement • Cost Management Plan • Schedule Management Plan • Communications Management Plan • Enterprise Environmental Factors • Organizational Process Assets • Tools & Techniques • Planning Meetings and Analysis • Output • Risk Management Plan

  40. Project Risk Management Review Identify Risks • Inputs • Risk Management Plan • Activity Cost Estimates • Activity Duration Estimates • Scope Baseline • Stakeholder Register • Cost Management Plan • Schedule Management Plan • Quality Management Plan • Project Documents • Enterprise Environmental Factors • Organizational Process Assets

  41. Project Risk Management Review Identify Risks • Tools & Techniques • Documentation Reviews • Information Gathering Techniques • Checklist Analysis • Assumptions Analysis • Diagramming Techniques • SWOT Analysis • Expert Judgment • Outputs • Risk Register

  42. Project Risk Management Review Perform Qualitative Risk Analysis • Inputs • Risk Register • Risk Management Plan • Project Scope Statement • Organizational Process Assets • Tools & Techniques • Risk Probability and Impact Assessment • Probability and Impact Matrix • Risk Data Quality Assessment • Risk Categorization • Risk Urgency Assessment • Expert Judgment

  43. Project Risk Management Review Perform Qualitative Risk Analysis • Outputs • Risk Register Updates

  44. Project Risk Management Review Perform Quantitative Risk Analysis • Inputs • Risk Register • Risk Management Plan • Cost Management Plan • Schedule Management Plan • Organizational Process Assets • Tools & Techniques • Data Gathering and Representation Techniques • Quantitative Risk Analysis and Modeling Techniques • Expert Judgment • Outputs • Risk Register Updates

  45. Project Risk Management Review Plan Risk Responses • Inputs • Risk Register • Risk Management Plan • Tools & Techniques • Strategies for negative risks or threats • Strategies for positive risks or opportunities • Contingent Response Strategies • Expert Judgment

  46. Project Risk Management Review Plan Risk Responses • Outputs • Risk Register Updates • Risk-Related Contract Decisions • Project Management Plan Updates • Project Document Updates

  47. Project Risk Management Review Monitor & Control Risks • Inputs • Risk Register • Project Management Plan • Work Performance Information • Performance Reports • Tools & Techniques • Risk Reassessment • Risk Audits • Variance and Trend Analysis • Technical Performance Measurement • Reserve Analysis • Status Meetings

  48. Project Risk Management Review Monitor & Control Risks • Outputs • Risk Register Updates • Organizational Process Assets Updates • Change Requests • Project Management Plan Updates • Project Document Updates

  49. Project Risk Management Other Sources of Information • A Guide to the Project Management Body of Knowledge (PMBOK® Guide) • PMP Exam Prep – Rita Mulcahy • Project Management: A Systems Approach to Planning, Scheduling, and Controlling – Harold Kerzner • Hot Topics: Flashcards for Passing the PMP® and CAPM® Exams – Rita Mulcahy

  50. Contact Scott Reynolds scottdreynolds@hotmail.com Please send me comments, questions, or anything else, Thanks Everyone for your time!

More Related