PMP Exam Prep - Chapter 11

Risk Management

The risk management process includes six processes. Plan risk management, identify risks, perform qualitative risk analysis, perform quantitative risk analysis, and plan risk response all occur in the planning process group. Monitor and control risks is the odd process out in risk management, as it occurs in the monitoring and controlling process group. "Through risk management, you work to increase the probability and impact of opportunities on the project (positive events), while decreasing the probability and impact of threats to the project (negative events)." defines PMP Exam Prep. Risk management deals with inputs in coordination with the entire risk management process, and inputs to individual processes involved in risk management. An example PMP Exam Prep provides as an input question is, "What do I need before I can begin..?" and an output question is, "What will I have when I am done with..?" Simple enough. The list of risk management processes I listed above should be remembered in that order, as they are done in that sequence.

Plan risk management is the first of the risk management processes. You need to plan out the structure of risk management before using it. Having a layout of the execution of risk management is going to be beneficial to the project as it creates a clear understanding for every person involved. The output of planning risk management is a risk management plan that may include, "Methodology, roles and responsibilities, budgeting, timing, risk categories, definitions of probability and impact, stakeholder tolerances, reporting formats, and tracking." lists PMP Exam Prep. A list of risk categories should be created to ensure no areas of risk are missed. PMP Exam Prep gives multiple examples of ways to classify risk, for example internal and external, specific categories, or by source. Business risk and pure risk are the two main types of risk listed in PMP Exam Prep.

In the planning process group, under risk management, is identifying risks. Identifying risks mainly occurs in the planning phase, but has the possibility to occur throughout the project. PMP Exam Prep suggests, "Risks should be continually reassessed." Documentation reviews is a helpful tool in identifying risks. Brainstorming, Delphi technique, interviewing, and root cause analysis are information gathering techniques that can also be helpful in the identifying risks process. Strength, Weaknesses, Opportunities, and Threats (SWOT) analysis, checklist analysis, assumptions analysis, and diagramming techniques are a few other risk identification techniques PMP Exam Prep provides. The risk register is the final output of the identify risks process and includes, "List of risks, list of potential responses, root causes of risk, and updated risk categories." lists PMP Exam Prep.

Perform Qualitative Risk Analysis occurs in the planning process group and in the risk management knowledge area, of course. This process involves figuring out which risks warrant a response and then creating a list of them. To do this you must rate the probability of each risk occurring and rate the impact of each risk occurring. This can be done using a standard 1 to 10 scale. A probability and impact matrix can be used to rate each risk, with probability on one side and impact on the lower portion of the graph. This matrix is useful in that it can be recycled throughout the project. A risk data quality assessment assesses the "accuracy and reliability of the data and determines whether more research is necessary to understand the risk before a qualitative assessment can be done." defines PMP Exam Prep. Categorizing risks can be a helpful tool in performing qualitative risk analysis, as it groups risks together and therefore allows you to eliminate an entire cause, instead of individual risks. A risk urgency assessment classifies risks on their urgency. The risk's probability and impact rating, as well as it's urgency can be helpful to a project manager in determining which risks are more severe than others.
As stated previously, the output of the identify risks process is a risk register, whereas the output of the perform qualitative risk analysis is updates to the risk register. Once qualitative risk analysis is complete, the following can be added to the risk register. "Risk rating for the project compared to other projects, list of prioritized risks and their probability and impact ratings, risks grouped by categories, list of risks for additional analysis and response, list of risks requiring additional analysis in the near term, watchlist, and trends." lists PMP Exam Prep.

The forth process in the risk management knowledge area is Perform Quantitative Risk Analysis. According to PMP Exam Prep, this process can be skipped over if it is not worth the time and money of your project. If you do perform quantitative risk analysis, PMP Exam Prep suggests remembering the following actions:

• "Further investigate the highest risks on the project."
• "Determine the type of probability distribution that will be used, such as triangular, normal, beta, uniform, or log normal distributions."
• "Perform sensitivity analysis to determine which risks have the most impact on the project."
• "Determine how much quantified risk the project has through expected monetary value analysis or Monte Carlo analysis."

There are several ways to determine quantitative probability and impact. Three of those techniques are Expected Monetary Value analysis, Monte Carlo analysis and Decision trees. Expected Monetary Value equals probability times impact. The formula is EMV = P x I. If a work package has a probability of 10%, with an impact of $30,000, the expected monetary value would equal $3,000. The Monte Carlo analysis formula does not need to be known for the exam, but PMP Exam Prep suggests you know the following about Monte Carlo analysis:

• "Is usually done with a computer based program because of the intricacies of the calculations."
• "Evaluates the overall risk in the project."
• "Determines the probability of completing the project on any specific day, or for any specific cost."
• "Takes into account path convergence."
• "Translates uncertainties into impacts to the total project."
• "Can be used to assess cost and schedule impacts."
• "Results in a probability distribution."

Decision trees are based on your decision. Imagine that. It branches out from a decision, or multiple possible decisions, with results of what would occur if the decision was made. PMP Exam Prep lists the following as things to remember for the exam about decision trees, "Takes into account future events in making a decision today, calculates EMV in more complex situations than the expected monetary value example previously presented, and it involves mutual exclusivity."

Like performing qualitative risk analysis, performing quantitative risk analysis results in the output of updates to risk register. Once quantitative risk analysis is complete, the risk register will be updated with, "Prioritized list of quantified risks, amount of contingency time and cost reserves needed, possible realistic and achievable completion dates and project costs, with confidence levels, versus the time and cost objectives for the project, the quantified probability of meeting project objectives, and trends in quantitative risk analysis." lists PMP Exam Prep.

The Plan Risk Responses process is part of the planning process group. It focuses on what should be done to take care of the risks involved. "Avoid, mitigate, or transfer." are the three risk response strategies PMP Exam Prep lists for threats. As for response strategies for opportunities, PMP Exam Prep includes, "Exploit (the reverse of avoid), enhance (the reverse of mitigate), or share." Accept is the one strategy for threats and opportunities.

The Plan Risk Responses process comes with two outputs: risk register updates and project management plan and project document updates. Updates to the risk register, once planning risk responses is complete, include, "Residual risks, contingency plans, risk response owners, secondary risks, risk triggers, contracts, fallback plans, and reserves (contingency)" lists PMP Exam Prep.

Monitor and Control Risks is the last process in Risk Management and it falls into the monitoring and controlling process group. Monitoring and controlling risks includes many processes, including noticing new risks and creating new responses. In this process you are monitoring the effectiveness of the risk management processes and correcting them, or taking action, when need be. Workarounds, risk reassessments, risk audits, reserve analysis, status meetings, and closing of risks that are no longer applicable are all part of the Monitor and Control Risks process and should be remembered. Workarounds are "unplanned responses developed to deal with the occurrence of unanticipated events or problems on a project." defines PMP Exam Prep. Reserve analysis is checking the amount of reserve available, and possibly, how much may be needed. Closing risks allows the team to focus on present risks. Monitoring and controlling risks results in risk register, project management plan, project document and organizational process assets updates, and change requests, recommended preventive and corrective actions. 

Many people make mistakes when it comes to risk management. A few of these errors listed in PMP Exam Prep include, "risk identification ending too soon or being completed without much knowledge of the project, contracts being signed long before risks to the project are discussed, project managers not explaining the risk management process to their team during project planning, or the processes of Identify Risks through Perform Quantitative Risk Analysis are blended, resulting in risks that are evaluated or judged as they come to light." The last error, "decreases the number of total risks identified and causes people to stop participating in risk identification." reports PMP Exam Prep.