11. Risk

Question 1

What is the process of risk management?

Answer 1

• Plan risk management
• Identify risks
• Perform qualitative risk analysis
• Perform quantitative risk analysis
• Plan risk response
• Implement risk responses
• Monitor risks

Question 2

What is the key output of the Plan risk management process?

Answer 2

Risk management plan

Question 3

What are the main contents of the Risk management plan?

Answer 3

• Risk strategy
• Methodology
• Roles and responsibilities
• Funding
• Timing
• Risk categories
• Stakeholder risk appetite/thresholds
• Definitions or probability and impact
• Reporting
• Tracking

Question 4

What are the key outputs of the Identify Risks process?

Answer 4

• Risk register

* Risk report

Question 5

What key outputs of the Perform Qualitative Risk Analysis process are added to the risk register?

Answer 5

• Risk ranking for the project compared to other projects
• List of prioritised risks and their probability and impact ratings
• Results of other risk parameter assessments
• Risks grouped by categories
• List of risks for additional analysis and response
• List of risks requiring additional analysis in the near term
• Watch list (noncritical risks)

Question 6

What key outputs of the Perform Quantitative Risk Analysis process are added to the risk register?

Answer 6

• Prioritised list of quantified individual project risks
• The quantified probability of meeting project objectives
• Trends in quantitative risk analysis
• Initial contingency time and cost reserves needed
• Assessment of overall project risk exposure
• Possible realistic and achievable completion dates and project costs
• Recommended risk responses

Question 7

What key outputs of the Plan Risk Responses process are added to the risk register?

Answer 7

• Residual risks
• Contingency plans
• Fallback plans
• Risk owners
• Secondary risks
• Risk triggers
• Contracts
• Reserves (contingency) for time and cost

Question 8

What are the key outputs of the Monitor Risks process?

Answer 8

• Work performance information
• Risk register updates
• Change requests
• Project management plan updates
• OPAs updates

Question 9

What key outputs of the Monitor Risks process are added to the risk register?

Answer 9

• Outcomes of risk reassessments and risk audits
• Results of implemented risk responses
• Updates to previous parts of risk management
• Closing of risks that are no longer applicable
• Details of what happened when risks occurred
• Lessons learned

Question 10

What are the contents of the risk register?

Answer 10

• List of risks
• Potential risk owners
• Potential risk responses (Avoid, Transfer, Mitigate, Accept)
• Root causes or risks
• Risk triggers
• Potential impact of identifies Threats and Opportunities
• When each risk will occur

Question 11

What is a risk?

Answer 11

A future occurrence that may or may not happen that can have a positive (opportunity) or negative (threat) impact on the project.

Question 12

What are the four key factors that need to be determined for each risk?

Answer 12

• Probability
• Impact
• Timing
• Frequency

Question 13

Define risk appetite (tolerance) and risk threshold.

Answer 13

• Risk appetite: a general high level description of the acceptable level of risk to an individual or organisation.
• Risk threshold: the specific point at which risk becomes unacceptable.

Question 14

What are the inputs of the risk management process?

Answer 14

• Project charter
• Project management plan
• Project documents
• EEFs
• OPAs
• Agreements
• Procurement documentation
• Work performance data and reports

Question 15

Name the risk categories.

Answer 15

• External
• Internal
• Technical
• Commercial
• Unforeseeable

Question 16

On top of the categories of risk, provide some additional examples or sources of risk.

Answer 16

• Scope
• Schedule
• Cost
• Quality
• Resources
• Customer/stakeholder satisfaction

Question 17

What is a risk breakdown structure?

Answer 17

An organisational or hierarchical chart that can help identify and document risk categories.

Question 18

Name the categories of non-event risks.

Answer 18

• Ambiguity (lack of understanding)

* Variability (inability to predict changes)

Question 19

What are some examples of risk identification techniques?

Answer 19

• Brainstorming
• Checklist analysis
• interviewing
• Root cause analysis
• Assumption analysis
• Constraint analysis
• SWOT analysis
• Documentation reviews
• Prompt lists
• Facilitation

Question 20

What is assumption analysis?

When is it done?

Answer 20

Assessing the assumptions made on the project and determining whether they are valid.
It is done during Identify risks.

Question 21

What is the purpose of a prompt list?

Answer 21

A prompt list is a predetermined list of risk categories that might act as a source of individual and overall project risk.
A prompt list can help a project team identify risks to individual elements of the project as well as risks to the overall project.

Question 22

What is the purpose of a risk report?

Answer 22

The purpose of a risk report is to keep stakeholders apprised of risk management efforts and outcomes.

Question 23

What is a risk data quality assessment? When is it done?

Answer 23

Determining how accurate, reliable, and well understood the risk information is.
It is done during Perform Qualitative risk analysis.

Question 24

What is a data representation technique that can be used during the Perform Qualitative Risk Analysis process?

Answer 24

A probability and impact matrix

Question 25

What can a project manager use in order to determine quantitative probability and impact?

Answer 25

* Expert judgment from trained risk specialists and team members. * Data-gathering techniques, such as interviewing * Data-analysis techniques, such as Monte Carlo analysis. * Interpersonal and Team skills * Representations of uncertainty * Cost and schedule estimating * Use of historical records from previous projects * Probability and Impact Matrix

Question 26

What is the purpose of Monte Carlo analysis?

Answer 26

Monte Carlo analysis is used to simulate the cost or schedule results of the project. Results are in a probability distribution.

Question 27

What is sensitivity analysis?

Answer 27

A technique to analyse which individual project risks have the most potential impact on project outcomes. Tornado diagram.

Question 28

What is a decision tree?

Answer 28

Selection of the best of several alternative courses of action. Branches are representing different decisions or events. We see associated costs + probabilities in % End point of branches = + or - outcomes in $ Presentation of the Expected Monetary Value (EMV) for an event.

Question 29

What is the formula for expected monetary value?

Answer 29

Probability times impact or: Expected Monetary Value EMV = P x I P: Probability I: Impact Performed during Quantitative risk analysis

Question 30

What is the formula for schedule?

Answer 30

``` Schedule: Expected Value EV = P x I P: Probability I: Impact Performed during Quantitative risk analysis ```

Question 31

What are the possible risk response strategies for threats?

Answer 31

• Avoid: eliminate the threat by eliminating its cause. • Mitigate: reduce the probability or impact of the threat • Transfer: make another party responsible for the risk (outsourcing, insurance, warranties, bonds, guaranties) • Escalate: move the threat to the program or portfolio level • Accept: Passive acceptance - do nothing; if it happens, it happens Active acceptance - develop contingency plans in advance.

Question 32

What are the possible risk response strategies for opportunities?

Answer 32

* Exploit: make sure the opportunity occurs * Enhance: increase probability or positive impact of the risk event * Share: allocate full or partial ownership of the opportunity to a third party * Escalate: move the opportunity to the program or portfolio level * Accept: do nothing, if it happens, it happens

Question 33

What are residual risks?

Answer 33

Risks that remain after risk response planning.

Question 34

What are secondary risks?

Answer 34

New risks created by the implementation of risk response strategies.

Question 35

What are contingency plans?

Answer 35

Plans describing the specific actions that will be taken if the opportunity or threat occurs.

Question 36

What are fallback plans?

Answer 36

Actions that will be taken if the contingency plan is not effective.

Question 37

Who is a risk owner?

Answer 37

Each risk must be assigned to someone who will help lead the development of the risk response and who will be assigned to carry out the risk response or "own" the risk.

Question 38

What are risk triggers?

Answer 38

Early warning signs that a risk event has occurred, or is about to occur. They let risk owners know when to take action.

Question 39

What are reserves? | What are the two kinds of reserves?

Answer 39

Time or cost added to the project to account for risk. • Management reserve • Contingency reserve

Question 40

What are workarounds?

Answer 40

Unplanned responses developed to deal with the occurrence of unanticipated events or problems on a project (or to deal with risks that had been accepted because of the unlikelihood of occurrence and /or minimal impact).

Question 41

What is reserve analysis? | When is it done during the risk management process?

Answer 41

Reserve analysis is checking to see how much reserve remains and how much might be needed. It is done during the Monitor Risks process.

Question 42

What is a risk review? | How often do they take place?

Answer 42

A discussion of the effectiveness of planned risk responses that have been implemented on the project; it may result in the identification of new risks, secondary risks created by risk response plans, and risks that are no longer applicable; risk reviews may also result in risk reassessments, identifying new risks and/or closing risks. A risk review is held regularly.

Question 43

What are risk audits?

Answer 43

Assessments or the overall process of risk management on the project.

Question 44

What are some common risk management mistakes?

Answer 44

* Risk identification is completed without knowing enough about the project * Overall project risk is evaluated using tools that do not identify specific individual project risks * Risk identification ends too soon * Padding is used * Some things considered risks are facts, and are therefore not risks * The identified risks are general rather than specific * Whole categories of risks are missed

Question 45

What are the risk parameters?

Answer 45

* Urgency * Dormancy * Proximity * Manageability * Controllability * Detectability * Connectivity * Strategic Impact * Propinquity

Question 46

What is the difference between risk and issue?

Answer 46

``` Risk • Focused on the future • Can be positive opportunity or negative • Is documented in the risk register • Response is called a "risk response" Issue • Focused on the present • Can be positive or negative • Is documented in the issue log • Response is called a "workaround" ```

Question 47

What is the difference between risk response and contingency plan?

Answer 47

* Risk response: actions taken before the risk event occurs | * Contingency plan: action that will be taken if and when the risk event occurs.