Risk Management Flashcards Preview

PMP > Risk Management > Flashcards

Flashcards in Risk Management Deck (47):


Lack of knowledge about an event that reduces confidence in conclusions drawn from the data; the work that needs to be done, the cost, the time etc can be uncertain


Risk averse

Someone who does not want to take risks


Risk factors

Likelihood of the risk occurring
Impact or possible outcomes ( what is at stake )
When it could occur in the project
How often the risk events could occur


Threats and opportunities

Threat - something that can go wrong and negatively impact the project

Opportunity - can have a positive impact on the project; if we provide training to improve efficiency this work package can be done 3 days sooner


Risk appetite

High level description of the acceptable level of risk

Example; the sponsor is willing to accept little risk to the schedule of this project


Risk tolerance

Measurable amount of acceptable risk

Example; so sorry would be willing to accept schedule risk of up to 14 days on this project

A company may have more tolerance for cost related risks than for risks that affect customer satisfaction


Risk thresholds

Specific point at which risk becomes unacceptable

Example; the sponsor will not accept a risk of the scheduled being delayed 15 days or longer


Plan risk management

Answers the questions of how much time should be spent on risk management based on the needs of the project and who will be involved and now the team will go about performing risk management


Risk management plan

Methodology - how you will perform risk management
Roles and responsibilities - who will do what
Budget - cost of risk management process
Timing - when to do risk management for the project
Risk categories - standard list of risk categories to ensure areas of risk are not forgotten
Tracking - how the risk process would be audited
Reporting - reports related to risk management and now they will be used
Stakeholder tolerances
Definitions of probability and impact


Risk categories

External - regulatory, environmental, government, market shifts
Internal - time, cost, or scope changes, inexperience, poor planning, people, staffing
Technical - changes in technology


Sources of risk ( also risk categories )

Customer or stakeholder satisfaction


Business risk

Risk of a gain or loss


Pure insurable risk

Risk of loss ( fire, theft, personal injury )


Tools to identify risks

Documentation reviews
Information gathering techniques
SWOT analysis
Checklist analysis
Assumption analysis
Diagramming techniques


Documentation reviews

What is and is not included in documentation like the charter contracts and planning information can help identify risks; lessons learned


Information gathering techniques

Delphi technique - technique to achieve consensus among experts who participate anonymously; request is sent responses are compiled and result are sent back until there is a consensus
Root cause analysis - identified risks are reorganized by their root causes to help identify more risks


Strengths weaknesses opportunities and threats ( SWOT ) analysis

Identify project strengths and weaknesses and thereby identify risks


Checklist analysis

Checklist of risk categories and use that to identify specific risks within each category


Assumption analysis

Analysis of assumptions and whether or not they are valid may lead to identifying more risks


Diagramming techniques

Causes and effect diagrams and flow charts that can be used to identify the root causes of issues


Risk register

Is where most of the risk information is kept and is a document for the whole risk management process that will be constantly updated with information

Is the main output of several of the risk management processes


Risk management

You work to increase the probability and impact of opportunities on the project (positive events) while decreasing the probability and impact of threats to the project (negative events)

Risks are identified in initiating and continually kept up to date or added to while the project is underway


Qualitative risk analysis

The probability of each risk occurring and the impact of each risk occurring using a standard scale; and based on subjective evaluation

Compare the risk of the project to the risk of other projects
Determine whether the project should continue or be terminated
Determine whether to proceed to perform quantitative risk analysis or plan risk responses


Probability and impact matrix

Can be used to sort or rate risks to determine which ones warrant an immediate response and which ones should be put on the watch list and results in a consistent evaluation of low medium and high for the project


Risk data quality assessment

How accurate and well understood is this risk information; you assess the accuracy and reliability of the data and determine whether more information is needed to understand the risk before a qualitative assessment can be done


Risk categorization

What will we find if we regroup the risks by categories or by work package; understanding which work packages processes or people have the most risk associate with them


Risk urgency assessment

Noting risks that should move more quickly through the process ; risk may occur soon or will require a long time to plan a response


Perform quantitative risk analysis

Involves numerically analyzing the probability and impact of risks; is not always required for all projects

Example the risk in qualitative risk analysis might be a 5 and is stated as a $40,000 impact in quantitative analysis


Sensitivity analysis

Technique used to compare the potential impacts of risks identified using a tornado diagram; risks are represented with horizontal bars the longest bars represent greater risk and progressively shorter bars represent lower risk.


Expected monetary value analysis

EMV = P x I

Calculating the expected monetary value to determine overall ranking of risks


Monte Carlo analysis

Uses network diagram and estimates to perform the project many times and to simulate the cost of schedule results of the project

Usually done with a computer based program
Evaluates the overall risk in the project
Determines the probability of completing the project on any specific day or for any specific cost
Determines the probability of any activity actually being on the critical path
Takes into account path convergence
Translates uncertainties into impacts to the total project
Can be used to assess cost and schedule impact
Results in a probability distribution


Decision tree

Takes into account future events in making a decision today
Calculates the expected monetary value in more complex situations

It involves mutual exclusivity


Plan risk response

Do something the eliminate the threats before they happen
Do something to make sure the opportunities happen
Decrease the probability and or impact of threats
Increase the probability and or impact of opportunities

For residual risks / threats
Do something if the risk happens (contingency plans)
Do something if contingency plans are not effective (fallback plan)


Risk response strategies ( threats )

Avoid - eliminate the threat by eliminating the cause such as removing the work package or person

Mitigate - reduce the probability and impact of a threat by making it smaller in risk and possibility removing it from the list of top risks

Transfer - make another party responsible for the risk by purchasing insurance performance bonds warranties or guarantees by outsourcing the work

Avoidance and mitigation are used for high priory high impact risks
Transference and acceptance are used for low priority low impact risks


Risk response strategies (opportunities)

Exploit - add work or change the project to make sure the opportunity occurs

Enhance - increase the likelihood and or positive impacts of the risk event

Share - allocate ownership or partial ownership of the opportunity to a third party


Risk response strategies (threats and opportunities)

Accept - do nothing; may involve the creation of contingency plans and must be communicated to stakeholders; acknowledge the risk but not take any action

Active acceptance - establish a contingency reserve
Passive acceptance - no action but to document the strategy



Unplanned responses to deal with the occurrence of an unanticipated event or problems on a project


Risk reassessments

Periodically review the risk management plan and risk register and adjust the documentation as required


Risk audits

Assess the overall process of risk management on the project as well as the effectiveness of specific risk responses that have been implemented


Reserve analysis

Checking to see how much reserve remains and how much might be needed

Contingency reserves may only be used to handle the impact of the specific risk it was set aside for.


Closing of risks

Allows the team to focus on managing risks the are still open and will result in the associated risk reserve being returned to the company


Residual risks

Risks that remain after risk response planning


Contingency plan

Plans describing the specific actions that will be taken if the opportunity or threat occurs


Fallback plans

Actions that will be taken if the contingency plans are not effective


Risk triggers

Events that trigger the contingency response



Reserves for time and cost

Contingency reserve - known unknowns; identified in risk management

Management reserves - Unknown known; items you did not or could not identify in risk management


Secondary risks

Any new risk created by the implementation of selected risk responses should also be analyzed as part of risk response planning.