RISK MGMT Flashcards Preview

PgMP > RISK MGMT > Flashcards

Flashcards in RISK MGMT Deck (85):
1

2 TYPES OF RISK

Pure Risk and Business Risk

2

3 TYPES OF RISK TOLERANCES

1. Risk-Averse, 2. Risk Seeker, 3. Risk-Neutral

3

4 Strategies for Negative Risks/Threats

Avoid, Transfer, Mitigate, Accept

4

4 STRATEGIES for POSITIVE RISKS/OPPORTUNITIES

Exploitation, Sharing, Enhancement, and Acceptance

5

ACCEPTANCE RISK STRATEGY

tolerate the risk and deal with it if the risk actually occurs. Usually only chosen if no other option is available

6

ANALYZE PROGRAM RISKS

The process of prioritizing risks for action or further anlaysis, documenting incident probability and effect, and assessing the impact of risks on the program and its components

7

ANALYZE RISKS INPUTS (5)

1. Pg Risk Register - What to analyze 2. Pg Mgmt Plan - format and criteria for integrating risk analysis 3. Pg Risk Mgmt Plan - establishes R/R for risk, budgets, risk categories, RBS template, etc 4. Pg Architecture Baseline - Is this new structure? greater risk 5. Lessons Learned Database - history

8

ANALYZE RISKS OUTPUTS (1)

Pg Risk Register Updates - how analysis done, results of analysis

9

ASSUMPTION ANALYSIS

A technique to determine if the program or project assumptions are accurate, consistent, and complete and, if not, the resultant risks to the program or project

10

AVOID RISK STRATEGY

modifying the plan to remove the risk - get rid of the problem

11

BRAINSTORMING

A data-generating technique which includes team members or subject matter experts for the purpose of solving problems, identifying risk, and planning-related activities for programs or projects

12

BUFFER

Compensation in the planning for unknown items that could occur; typically schedule or cost-related; sometimes calles reserve

13

BUSINESS RISK

typically uninsurable - inherent in the process of doing business

14

COMPONENT RISK MGMT PLANS

Risks escalated by component managers are incorporated and merged, then inter-dependent risk factors are identified

15

CONTINGENCY PLAN

pre-established actions that the team executes if a known risk event occurs on the program or project. Contains information such as triggers, effect on schedule, impact on cost, required resources, and status (planned, ready, activated, obsolete)

16

CONTINGENCY RESERVES

For risk events you know can happen on a project (Known Unknowns). reserves that can help mitigate schedule or cost issues (risk), in the case of changes with the scope or quality on the program or project

17

DECISION TREE ANALYSIS

looking at the probability and impact of all potential decisions to determine the potential Expected Monetary Value of the opportunity; helps an organization make decisions based on potential outcome and impact.

18

DELPHI TECHNIQUE

A technique to attain consensus wihtin a group of experts; typically used to gain vision about future direction or development

19

DIAGRAMMING TECHNIQUES

used to help decompose or categorize risks (ishikawa, flowcharts, influence diagrams)

20

ENHANCE RISK STRATEGY

takes steps to improve the size or capacity of the risk event by determining the key variable involved and then maximizing that variable

21

EXPECTED MONETARY VALUE (EMV)

the product of multiplying the monetary value impact and probability of the risk event; helps an organization make decisions based on potential outcome and impact. EMV = %Prob outcome 1 * Result of outcome 1 + % Prob outcome 2 * result of outcome 2

22

EXPLOIT RISK STRATEGY

takes steps to ensure the opportunity will occur

23

FALLBACK PLANS

A type of plan created for risks with a great impact on program or project goals, to be executed if attempts to minimize the risk are not successful

24

ID RISKS INPUTS (7)

1. Pg Scope Doc - lists assumptions or dependencies 2. Pg Risk Mgmt Plan - method for ID risks, tracking, etc 3. Comp Risk Mgmt Plans - ID'd risks from components and approaches 4. Pg Mgmt Plan - How to integrate risks into other areas 5. Pg Governance Structure - mech to monitor 6. Lessons Learned Database - history to ID 7. Pg Stakeholder Mgmt Plan - Risk tolerances and how to influence levels

25

ID RISKS OUTPUTS (2)

1. Pg Risk Register - ID'd risks, descrip, potential effect 2. Root Causes of Risk Updates - what might cause a risk (?)

26

IDENTIFY PROGRAM RISKS

The process of distinguishing risks to the program and recording their traits

27

ISSUE

An unresolved item needing attention or a program or project item causing confusion or disagreement

28

LESSONS LEARNED DATABASE

Contains the knowledge learned during the execution of similar programs, both in-house and public domain; the information is vital to the development of a comprehensive risk management plan

29

M/C PG RISKS INPUTS (7)

1. Pg Risk Mgmt Plan - schedules and resources for M/C risks 2. Pg Risk Register - what to monitor and triggers to what for 3. Contingency Reserves - review for usage rate - High indicates not managing risks well 4. Pg Architecture Baseline - review to examine current risks and see if they are passed or if new ones exist 5. Pg Performance Reports - how we are progressing? are risks prob increasing? 6. Pg Issue Register - Are the Risk Resp Plans effective in resolving issues? 7. Contract Reviews - review for risk levels and if properly address issues with supplier

30

M/C PG RISKS OUTPUTS (4)

1. Preventative Actions - action requests to address risks 2. Pg Risk Register Updates - updates to existing risks and new ID Risks 3. Pg Risk Mgmt Plan Updates - feed improvements needed regarding risk into plan 4. Lessons Learned Updates - for use now and for pg final report

31

MANAGEMENT RESERVES

Money set aside to account for events you cannot forecast happening. (unknown unknowns such as natural disastor)

32

MITIGATE RISK STRATEGY

minimizes the bad characteristics of the risk. Ex: Choosing to do the work internally instead of externally if the risk would be decreased

33

MONITOR AND CONTROL PROGRAM RISKS

The process of tracking and regulating risks, determining new risks, conducting ris response plan activities, and assessing the effectiveness of the risk response plan

34

MONTE CARLO ANALYSIS

A technique to simulate the outcome of a program or project many times to determine the range of possible outcomes and the probability of their occurrence. Often used in scheduling area.

35

PLAN PG RISK MGMT INPUTS (7)

1. Pg Scope (sets scope of risk mgmt)

2. Pg Mgmt Plan (sets how risk is incorporated with other parts of program)

3. Pg Architectural Baseline (sets what made when - assess for risks)

4. Pg Governance Structure - group that will help address risks

5. Resource Plan - what resources will be available)

6. Pg Stakeholder Mgmt Plan - What are the tolerance levels and how they might respond to various risks 

7. Lessons Learned Database (historical info)

36

PLAN PG RISK MGMT OUTPUTS (1)

Pg Risk Mgmt Plan

37

PLAN PG RISK RESPONSES INPUTS (3)

1. Pg Risk Register - risks and analysis 2. Component Risk Response Plans - for interactions with each other 3. Pg Risk Mgmt Plan - guide process

38

PLAN PG RISK RESPONSES OUTPUTS (4)

1. Pg Risk Register - add plans, owner, triggers, etc 2. Contingency Reserves - funds needed to cover plans if enacted 3. Contingency Plans - plan to enact if risk occurs 4. Change Requests - proactive plans may affect schedule, budget, resources, quality, etc

39

PLAN PROGRAM RISK MANAGEMENT

The process of defining responses to program opportunities and threats

40

PLAN PROGRAM RISK RESPONSES

the process of determining what risk responses will be used on risk events and who will be responsible for implementing the responses if the risks occur

41

PREVENTIVE ACTION

Documented activities to execute, if needed, that should minimize or eliminate the impact of a negative risk on the program or project

42

PROBABILITY TABLES

Tables which show the probability associated with costs and duration projections on a program/project. Often derived from a Monte Carlo analysis. Note: The greater the cost and duration estimate, the higher the confidence level.

43

PROGRAM ISSUES REGISTER

Comprised of issues; the responses compiled during Plan Program Risk Responses must adequately address those issues

44

PROGRAM RISK MANAGEMENT PLAN

A document that details and describes the plan for managing risk over the life of the program

45

PURE RISK

a risk for which insurance can be purchased, thereby transferring the risk for financial benefit to the party accepting the risk

46

QUANTITATIVE RISK ANALYSIS AND MODELING TECHNIQUES

Monte Carlo simulation, sensitivity analysis, and scenario modeling are done to learn about the characteristics of the risks.

47

RESERVES

Compensation in the planning for unknown items that could occur; typically schedule or cost-related; sometimes calles buffer

48

RESIDUAL RISK

Risk that remains aftere response strategies have been applied

49

RESOURCE PLAN

Developed to establish the resources required to manage the program or conduct program governance

50

RISK

The possibilty of a negative (threat) or positive (opportunity) event

51

RISK & CONTRACTING RELATIONSHIP

If you outsource, you transfer SOME of the risk, but not all. Also, you take on different risks related to contracting.

52

RISK ACCEPTANCE

Opting to accept the impact or consequences of a risk event

53

RISK AUDIT

formal examination of risk-related items done typically at major mielstones. The Pg mgmt team should the review the results and adjust risk mgmt plan accordingly

54

RISK AVERSE

mentality of Risk Avoidance. Seleccting the low risk item or the sure thing often

55

RISK AVOIDANCE

Eliminating a risk of threat, usually by eliminating the cause

56

RISK BREAKDOWN STRUCTURE (RBS)

A decomposition of the risk categorization, and the risks within those categories that could occur on a program or project. Often created via brainstorming type of environmet

57

RISK CATEGORIES (6)

A grouping of types of risk on a program or project. 1. Environmental - external, internal culture, political & stakeholder positions 2. Program Level - Pg Definition, governance, interactions 3. Project Risks - Prj Mgs handle, NOT prg mgr) 4. Operational Level - transfer of results to ops, integration of changes to processes/proc/tools/system 5. Portfolio Level - interaction between progs 6. Benefits Related - collection of benefits risks from proj, but also interaction of those risks

58

RISK DATABASE

a data repository that stores and manipulates information associated with the risk management processes

59

RISK EVENTS

events that may impact the program or project either negatively or positively

60

RISK FACTORS

numbers representing the risk of certain events, the likelihood of their occurring, plus the impact on the program or project if the event does occur.

61

RISK IMPACT

Consequence or amount at stake if something does happen.

62

RISK MGMT PLAN PARTS (11)

1. Approach ? define methods, tools used, data sources 2. R&R - RACI for each activity in risk mgmt. plan 3. Budgeting ? assigns resources, estimate risk mgmt. costs, protocol to apply contingency reserves 4. Timing ? reviews sched and when activities occur 5. Risk Categories ? Simple list or RBS 6. Probability & Impact Matrix 7. Revised Stakeholder Tolerances 8. Reporting Formats ? format, content template 9. Tracking ? Docs how risk activities will be recorded 10. Approval ? map to governance structure 11. Input to Enterprise Pg Risk Mgmt Process

63

RISK MITIGATION

minimizing the impact of a risk event by minimizing the likelihood or probability of its occurrence

64

RISK OWNER

The person who is responsible for implementing the risk response plan if the risk occurs.

65

RISK PROBABILITY

Likelihood that something will happen. The sum of all possible outcomes for a single event totals 100%.

66

RISK PROBABILITY AND IMPACT MATRIX

A tool used to determine where a risk fits on a program or project; the typical rating for is high, medium, or low for probability and impact regarding scope, time, cost, and quality.

67

RISK REGISTER

the documented results of Plan Risk Management which can include the outputs of Perform Qualitative Risk Analysis and Perform Quantitative Risk Analysis, as well as Plan Risk Responses. Contains the following: Risk #, Risk Name, Triggers, Probability of occuring, Impact if occurs, Planned Responses, Risk Owner, Reserve Amount.

68

RISK RESPONSE STRATEGIES (SEE the ATM)

Share, Exploit, Enhance, Avoid, Transfer, Mitigate, Accept for both)

69

RISK REVIEWS

Assess the documented risks for changes in the assessment and the program for any new risks

70

RISK SEEKING

Possessing a higher tolerance than most for risk. Often looking for risk (or at least not afraid). Typically early adopter of new products, or a business/person willing for an "all or nothing" approach to an initiative

71

RISK SYMPTOMS

Characteristics which indicate that a risk event is possibly starting to occur; could also be called risk triggers

72

RISK TOLERANCE

The level of satisfaction from a potential risk payoff; also known as risk utility

73

RISK TRANSFERENCE

Allocating the responsibility for and impact of the risk event to another party

74

RISK-AVERSE

Possessing a low desire or tolerance for risk

75

RISK-NEUTRAL

A middle ground mentality. (between the risk taken and the benefit received). Can shift to seeker or averse under some situations.

76

ROOT CAUSES OF RISK UPDATES

The environments or occurrences that engender identified risks and must be updated as the change

77

SECONDARY RISKS

Risks that result from the execution of a risk response. For example - the risk you take on by choosing to outsource work as a Transfer Risk Strategy

78

SENSITIVITY ANALYSIS

A technique used in risk management that helps show which risks will likely have the most impact on the program or project

79

SHARE RISK STRATEGY

splits the resonsibility and benefit of the risk with a third party to maximize an opportunity

80

STRENGTHS, WEAKNESSES, OPPORTUNITIES, AND THREATS (SWOT) ANALYSIS

A risk analysis technique which considers the strengths of, weaknesses of, opportunities of, and threats to the program or project to facilitate a more knowledgeable risk management analysis

81

THREAT

A negative risk to the program or project

82

TRANSFER RISK STRATEGY

reassign the risk exposure to another party. NOTE: do not remove all risk, just decrease. Also take on others. Ex: hire outside company to do something. Buy insurance.

83

TRIGGER(S)

A signal that a risk event could occur in the near future

84

WORKAROUND

A response to a risk that wasn't planned or the original plan did not work. Reactive response

85

PLAN PROGRAM RISK MGMT T/T (2)

1. RISK PLANNING METINGS - bring together key team members and experts to plan. NOTE: Key to share results with component managers for truly Integrated Program Risk Mgmt

2. LESSONS LEARNED REVIEWS - review historical info, BUT must use judgment for relevancy