Summary

Here is a quick ● The objectives of Identify Risks process are identify risks, document risks,
recap of what was and categorize risks.
covered in this ● The critical success factors for Identify Risks process are early identification,
lesson:
multiple perspective, iterative identification, risks linked to project
objectives, emergent identification, complete risk statement,
comprehensive identification, ownership and level of details, explicit
identification of opportunities, and objectivity.
● The three categories of tools and techniques of Identify Risks process are
historical review, current assessments, and creativity technique.
● The best practices in Identify Risks process include the use of structured risk
descriptions which can ensure clarity.
● Recording is one of the important activities, which helps in capturing all the
relevant information on each identified risk.

72
This concludes ‘Identify Risks.’

The next lesson is ‘Perform Qualitative Risk Analysis.’

73
RMP® Certification Course
Lesson 7—Perform Qualitative Risk Analysis

1
Objectives

After completing ● Define the purposes and objectives

this lesson, you will
● Identify critical success factors
be able to:
● Explain inputs, tools and techniques along with their characteristics, and
outputs
● Describe how to document the results

2
Purposes and Objectives

Prioritizing the risks of the project is important. The purposes and

objectives of qualitative risk analysis are to:
● Assess and evaluate characteristics of individually identified risk.
● Prioritize risks based on agreed-upon characteristics.
● Assess individual risk, which evaluates the probability that each risk will
occur and the effect it can have on project objectives.
● Categorize risks according to their sources or causes.
● Qualitative risk analysis is used to determine the risk exposure of the
project by multiplying the probability and impact.

3
Critical Success Factors

Following are the critical success factors for qualitative risk analysis:

Iterative

High-Quality
Information

Agreed-Upon Definitions

Agreed-Upon Approach

4
Use Agreed-Upon Approach

An agreed-upon approach applies to all the identified risks in any project. All risks may be assessed
according to the probability of occurrence and impact on individual objectives.
Other factors to be considered are as follows:
● Urgency (proximity): Implies that risks that need near-term responses may be considered as urgent
to deal with. Indicators of urgency can include lead time to execute a risk response and clarity of
symptoms and warning signs (detectability).
● Manageability: Implies that some risks are not manageable and if you try to address those, it may
be a waste of time and resources.
● Impact external to the project: The importance of a risk may be increased if it affects the
enterprise beyond the project.

5
Use Agreed-Upon Definitions of Risk Terms

Risk assessment should be based on agreed-upon definitions of

important terms and should be used consistently.
For example: Levels of probability (25%) and impact on objectives
(cost -$10,000.)
● The use of definitions assists the providers of information in
giving realistic assessments for each risk.
● Communication will be better for the management and the
stakeholders.

6
Collect High-Quality Information on Risks

For any risk analysis, quality of data is very important.

● Data should be gathered from interviews, workshops, and using

expert judgment.

● It may be unbiased or intentionally biased.

● Biased data should be remedied.

● The remedy or the corrective action comes with experience and

communication with the stakeholders.

7
Perform Iterative Qualitative Risk Analysis

Qualitative risk analysis is not complete with one analysis.

Qualitative risk analysis:
● is done throughout the phases of a project's lifecycle; and
● ensures accurate analysis of risks in accordance with the changes
happening in the project.
The frequency of this effort will be planned in the Plan Risk
Management process, but it may also depend on events occurring
within the project.

8
Inputs, Tools and Techniques, and Outputs

Following is the list of the inputs, tools and techniques, and outputs of Perform Qualitative Risk
Analysis process:
Inputs Tools and Techniques Outputs

● Risk register ● Risk probability and impact ● Project documents updates

● Risk management plan assessment
● Scope baseline ● Probability and impact
● Enterprise environmental matrix
factors ● Risk data quality assessment
● Organizational process assets ● Risk categorization
● Risk urgency assessment
● Expert judgment

9
Inputs

Following are the inputs required to Perform Qualitative Risk Analysis:

Input Description

Risk register Contains the list of identified risks.

Contains important information on roles and assignments in risk management,

Risk management plan risk categories, the probability and impact matrix, scheduled activities for risk
management, and revised stakeholders’ risk tolerances.
Projects with first-of-its-kind technology will have more uncertainties and this
Scope baseline
will be addressed in scope baseline.
Provide insight and context to risk assessment, like industry studies of similar
Enterprise environmental
projects by risk specialists, risk databases available from the industry, or
factors
proprietary sources.
Organizational process
Include information on prior completed projects of similar scope.
assets

10
Tools and Techniques

Following are the tools and techniques required to Perform Qualitative Risk Analysis:
Risk probability and impact assessment +
Probability and impact matrix +
Risk data quality assessment +
Risk categorization +
Risk urgency assessment +
Expert judgment +

11
Tools and Techniques

Risk probability and impact assessment -

Risk probability investigates the likelihood that each specific risk will occur. Risk impact is used
to assess potential effects on schedule, cost, and quality, including threat and/or opportunity.

Probability and impact matrix +

Risk data quality assessment +
Risk categorization +
Risk urgency assessment +
Expert judgment +
12
Tools and Techniques

Risk probability and impact assessment +

Probability and impact matrix -
Helps in the rating or prioritization of risks using the table.

Risk data quality assessment +

Risk categorization +
Risk urgency assessment +
Expert judgment +
13
Tools and Techniques

Risk probability and impact assessment +

Probability and impact matrix +
Risk data quality assessment -
Evaluates the degree to which the data about risks is useful for risk management.

Risk categorization +
Risk urgency assessment +
Expert judgment +
14
Tools and Techniques

Risk probability and impact assessment +

Probability and impact matrix +
Risk data quality assessment +
Risk categorization -
Risk can be categorized based on its sources, and the area of the project affected due to
uncertainties.

Risk urgency assessment +

Expert judgment +
15
Tools and Techniques

Risk probability and impact assessment +

Probability and impact matrix +
Risk data quality assessment +
Risk categorization +
Risk urgency assessment
-
Risk requiring near-term responses may be considered more urgent to address.

Expert judgment +
16
Tools and Techniques

Risk probability and impact assessment +

Probability and impact matrix +
Risk data quality assessment +
Risk categorization +
Risk urgency assessment +
Expert judgment
-
Required to assess the probability and impact of each risk to determine its location in the
probability and the impact matrix table.

17
Tools and Techniques—Characteristics

The tools and techniques used for qualitative risk analysis include risk probability
and impact assessment; and probability and impact matrix.
● Collect and analyze data (For example: Risk quality assessment and expert
judgment).
● Prioritize risks by probability and impact on specific objectives and overall
project (For example: Risk urgency assessment).
● Categorize risk causes (Risk categorization).
● Document the results of the Perform Qualitative Risk Analysis process.
A project manager has to make sure that the data obtained of the risk is unbiased,
accurate, and of high quality. Also, as a part of qualitative risk analysis, it is
. important to identify the urgency of the risk
18
Risk Probability and Impact Assessment—Example

During qualitative risk analysis, Steven, a risk SME, is concerned with the probability and impact scores
that the project team determined for a project he is assigned to. The team had previously agreed that the
majority would determine the probability and impact.

This is to remove group thinking and bias in any area during early risk analysis. After the first round of
analysis, and after reviewing the results, Steven is concerned about the validity of the team’s conclusions.
Reluctant to sign off on results he does not believe are accurate he decided to assess the data quality of
the available information that was used to assign probability and impact to each risk.

19
Risk Probability and Impact Assessment—Example (contd.)

During assessment Steven decides that the data is not good enough to accurately draw conclusions about
the majority of risks. After gathering additional information from industry sources Steven provides more
accurate data to the team, who then conducts a probability and impact assessment again.

Armed with better data, the qualities of the individual risks reflect a previously unforeseen category of
risks that are now near term and require immediate attentions. If Steven had not sought a better quality
of data to support the team’s conclusions they would not have identified the unforeseen risk category.
The team then reacts appropriately by performing further analysis and assigning action plans for the risks
in case they occur.

20
Root Cause Analysis

An example of root cause analysis is shown below:

[1]
ROOT CAUSE ANALYSIS

Repeated Schedule Low

Mistrust Rework Extra Cost
Audits Slips Morale

Incorrect Incomplete
Reports Requirements

Ignoring Phase
Entry Prerequisites
Figure D8. Example of a Root Cause Analysis
21
Estimating Techniques

A common estimating technique associated with risk management

is the probability and impact assessment.
This tool will be used concurrently with a predefined probability
and impact matrix. It must be used consistently throughout the
project with clearly defined definitions for probability and impact.

22
Historical Documentation

One invaluable source of information for a project is any

available data on previous projects that were similar to the
current one. There are many risks that will reoccur from one
project to the next.
To capitalize on lessons learned, you will need access and it
must be well structured.
Examples of historical documentation includes previous:
● risk plans,
● risk registers,
● contracts,
● project post-mortem documentation,
● change requests,
● cost and time estimates, etc.
23
Analytical Hierarchy Process

Analytical Hierarchy Process (AHP) is a tool used to determine the preferences for achieving the
project objectives.
Input Matrix (Preference Factors)

Cost Time Scope Quality In step 2,

Preference Factor Each constraint is compared to one
Cost 1.00 0.25 0.33 0.20
1 Constraints equal another and scored. Quality is always
Time 4.00 1.00 1.00 0.25
preferred to cost. Then calculate
2 Slightly preferred
Scope 3.00 1.00 1.00 0.25 1/preference factor for each and score.
3 Moderately preferred Notice the sum of each column.
Quality 5.00 4.00 4.00 1.00
4 Mostly preferred
Sum 13.00 6.25 6.33 1.70
5 Always preferred
Calculated factor (Preference Weighting
Factor/Column Total) Factors Row In step 3,
Average
Cost Time Scope Quality Divide each factor by the column
Cost 0.08 0.04 0.05 0.12 0.1 sum.
Example: 1/13=.08 Then average
In step 1, Time 0.31 0.16 0.16 0.15 0.2
each row to determine
Preference factors Scope 0.23 0.16 0.16 0.15 0.2 preference list of quality, scope,
are determined.
Quality 0.38 0.64 0.63 0.59 0.6 time and then cost.
Sum 13 6.25 6.33 1.7 1

24
Risk Urgency Assessment

Risk urgency appears in two forms. First, the risks which are near-term and must be addressed
immediately. The second type of urgency concerns the time required to plan for a risk.

25
Perform Qualitative Risk Analysis Process

The steps involved in the Perform Qualitative Risk Analysis process are shown below:

Select Risk Characteristics

Collect and Analyze Data

Prioritize Risks

Categorize Risk Causes

Document Results

26
Select Risk Characteristics

Qualitative risk analysis helps in prioritization of risks which

are important for response or further analysis.
● The tools help in specifying levels and risk characteristics
which are of management’s interest.
● Most tools help to assess the risk importance from a
combination of probability of occurrence and degree of
impact on objectives.
● The output of using the tools of qualitative risk analysis
includes a list of risks in priority order, or in priority groups
like high, medium, and low.

27
Collect and Analyze Data

Assessment of risks is based on the information collected.

● Data collection and evaluation tools require management support and attention.
● It is necessary to be unbiased in data gathering, which is important when relying on expert
judgment for information.

28
Prioritize Risks by Probability and Impact on Specific Objectives

Risks will have uneven impact and probability of occurrence on various project objectives.
These tools help in the prioritization of risks in terms of affected specific project objectives like time,
cost, quality, etc.

29
Prioritize Risks by Probability and Impact on Overall Project

The reason to prioritize risks by probability and impact based on specific and overall project
perspective is to have better communication and convey the right information to the right people
based on their interest.
The technique for determining the overall risk priority should be documented in the Plan Risk
Management process.

30
Categorize Risk Causes

Categorization of risk leads to improved analysis of probability and

magnitude of project risk, and effective responses.
● Some risks may be linked with others, and interpreting this chain of
risks may lead to a better understanding of the implication of risk on
the project.
● A combination of risk analysis information with WBS can show which
areas of the project exhibit more risk.
● Assessing high-priority risks, for example on schedule, may indicate
which activities must be addressed to reduce that objective’s
uncertainty.

31
Document the Results

The probability, impact, and priority (specific objective or overall project) of

risks are documented in the risk register.
● The risk register lists the prioritized risks, which are posted to
stakeholders for further analysis or action.
● Risks of high priority are analyzed further and monitored frequently.
● Risks of low priority are under watch list and are reviewed less often for
changes in their status.

32
Perform Qualitative Risk Analysis Process—Example

Samuel is a risk analyst for a new startup company that specializes in software products for a variety of
industries. Samuel has recently begun qualitative analysis after identifying several hundred risks for a
medium sized project.

While assigning a probability and impact score to each risk Samuel begins to notice a trend by having
many high scores in one particular area. After completing analysis he ranks the risks accordingly from
greatest to least and confirms his previous suspicion about a category of risks. His conclusion is that the
majority of his risks are largely related to human resources, and specifically focused on training.

33
Perform Qualitative Risk Analysis Process—Example (contd.)

He checks the risk breakdown structure and updates it with this new sub-category. He also reviews the
scope baseline to determine which work packages contain the greatest concentrations of human resource
requirements in order to complete them.

He then assesses the quality of these particular areas as having a high risk quality to the project, and
prepares to quantify the impact to the overall project. By grouping risks together Samuel was able to see
the big picture and determine where high concentrations of risks might occur, as well as confirm these
areas require quantitative analysis.

34
Output

Following is the Output required to Perform Qualitative Risk Analysis:

Output Description

The project documents updates include risk register updates and assumptions log
updates.
Updates to the risk register include new information based on qualitative risk analysis of
Project documents updates individual risks like probability, impact, ranking, urgency, as well as categorization; and
watch list for high-priority and low-priority risks respectively.
Assumptions log updates are required if there is any change in the assumptions due to
analysis. This may be updated in a project scope statement.

35
Quiz

36
 You are the project manager for a software project. You have completed the risk response
QUIZ planning with your team and are now ready to update the risk register with probability and
1 impact on different project objectives. Which of the following statements best describes the
level of detail you should include with the risk responses created?

a. The level of detail is set by historical information

b. The level of detail should correspond with the priority ranking
c. The level of detail must define the risk response for each identified risk
d. The level of detail is set for project risk governance

37
 You are the project manager for a software project. You have completed the risk response
QUIZ planning with your team and are now ready to update the risk register with probability and
1 impact on different project objectives. Which of the following statements best describes the
level of detail you should include with the risk responses created?

a. The level of detail is set by historical information

b. The level of detail should correspond with the priority ranking
c. The level of detail must define the risk response for each identified risk
d. The level of detail is set for project risk governance

Answer: b.
Explanation: The level of detail should correspond with the priority ranking. Prioritization
helps in taking actions by comparing the different project objectives.

38
QUIZ
What is the output of Perform Qualitative Risk Analysis process?
2

a. Risk register
b. Organizational process asset updates
c. Project documents updates
d. Enterprise environmental factors updates

39
 QUIZ
What is the output of Perform Qualitative Risk Analysis process?
2

a. Risk register
b. Organizational process asset updates
c. Project documents updates
d. Enterprise environmental factors updates

Answer: c.
Explanation: Project documents updates is the output, which updates the ranking of the
identified risks in the risk register.

40
 You are the project manager of an organization. You are working with your project team
QUIZ to complete the qualitative risk analysis process. The first tool and technique you are
3 using requires that you assess the probability of each identified risk in the project.
Which other characteristic of a risk do you need to assess?

a. Impact
b. Cost
c. Risk category
d. Risk owner

41
 You are the project manager of an organization. You are working with your project team
QUIZ to complete the qualitative risk analysis process. The first tool and technique you are
3 using requires that you assess the probability of each identified risk in the project.
Which other characteristic of a risk do you need to assess?

a. Impact
b. Cost
c. Risk category
d. Risk owner

Answer: a.
Explanation: To find the urgency of the risk, you need to know its probability and impact.
The qualitative risk analysis process uses the probability and impact matrix as one of its
tools and techniques.

42
 You are the manager of a project in your organization. You are assessing the risk events
QUIZ and creating a probability and impact matrix for the identified risks. Which one of the
4 following statements best describes the requirements for the data type used in
qualitative risk analysis?

a. A qualitative risk analysis requires fast and simple data to complete the
analysis
b. A qualitative risk analysis requires accurate and unbiased data if it is to
be credible
c. A qualitative risk analysis encourages biased data to reveal risk
tolerances
d. A qualitative risk analysis requires unbiased stakeholders with biased risk
tolerances

43
 You are the manager of a project in your organization. You are assessing the risk events
QUIZ and creating a probability and impact matrix for the identified risks. Which one of the
4 following statements best describes the requirements for the data type used in
qualitative risk analysis?

a. A qualitative risk analysis requires fast and simple data to complete the
analysis
b. A qualitative risk analysis requires accurate and unbiased data if it is to
be credible
c. A qualitative risk analysis encourages biased data to reveal risk
tolerances
d. A qualitative risk analysis requires unbiased stakeholders with biased risk
tolerances
Answer: b.
Explanation: A qualitative risk analysis requires accurate and unbiased data if it is to be
credible.

44
 You are preparing to start the qualitative risk analysis process for your project.
QUIZ You will be relying on some organizational process assets to influence the process.
5 Which one of the following is NOT a probable reason for relying on organizational
process assets as an input for qualitative risk analysis?

a. Studies of similar projects by risk specialists

b. Risk databases that may be available from industry sources
c. Review of vendor contracts to examine risks in past projects
d. Information on prior, similar projects

45
 You are preparing to start the qualitative risk analysis process for your project.
QUIZ You will be relying on some organizational process assets to influence the process.
5 Which one of the following is NOT a probable reason for relying on organizational
process assets as an input for qualitative risk analysis?

a. Studies of similar projects by risk specialists

b. Risk databases that may be available from industry sources
c. Review of vendor contracts to examine risks in past projects
d. Information on prior, similar projects

Answer: c.
Explanation: Review of vendor contracts to examine risks in past projects is not the
probable reason for relying on organizational process assets as an input for qualitative risk
analysis. These should have been reviewed during the identify risks process.

46
QUIZ
Which of the following is NOT an input for qualitative risk analysis?
6

a. Risk register
b. Risk management plan
c. Stakeholder register
d. Organizational process updates

47
 QUIZ
Which of the following is NOT an input for qualitative risk analysis?
6

a. Risk register
b. Risk management plan
c. Stakeholder register
d. Organizational process updates

Answer: c.
Explanation: Except for stakeholder register, all other options provided here are inputs for
the qualitative risk analysis process.

48
Summary

Here is a quick ● The critical success factors for Perform Qualitative Risk Analysis process are
recap of what was
agreed-upon approach, agreed-upon definitions, high-quality information,
covered in this
lesson: and iterative qualitative risk analysis.
● The inputs of this process are risk register, risk management plan, scope
baseline, enterprise environmental factors, and organizational process
assets.
● The tools and techniques used in this process are risk probability and impact
assessment, probability and impact matrix, risk data quality assessment, risk
categorization, risk urgency assessment, and expert judgment.
● The output of this process is project documents updates.

49
This concludes ‘Perform Qualitative Risk Analysis.’

The next lesson is ‘Perform Quantitative Risk Analysis.’

50
Reference

[1] Taken from Practice Standard for Project Risk Management: Page. 84

51
RMP® Certification Course
Lesson 8—Perform Quantitative Risk Analysis

Copyright 2014, Simplilearn, All rights reserved.

Objectives

After completing ● Explain the purposes and objectives

this lesson, you will
be able to: ● List the tools and techniques

● Describe EMV analysis

● List the uses of Monte Carlo analysis

● Describe probability distribution

2
Purposes and Objectives

Following are the purposes and objectives of Perform Quantitative Risk

Analysis process:
● Performing Quantitative Risk Analysis provides a numerical estimate
of the overall effect of risk on the project objectives.
● Helps in evaluating the likelihood of success in achieving the project
objectives and estimating contingency reserve.
● Usually applicable for time and cost invested in the project.
● Quantitative analysis is not mandatory, especially for smaller projects.
● Calculating estimates of overall project risk is the main focus of this
process.

3
Implementation of Overall Risk Analysis

Implementation of overall risk analysis requires the following:

● Complete and accurate representation of the project objectives built
from individual project elements.
● Identifying risks on individual project elements such as schedule
activities or line-item costs, at a level of detail that lends itself to
specific assessment of individual risks.
● Including generic risks that have a broader effect than individual
project elements.
● Applying a quantitative method using Monte Carlo simulation that
incorporates multiple risks simultaneously in determining the impact
on the overall project objective.

4
Overall Risk Analysis—Post Implementation

The following can be predicted after implementing the overall risk analysis:

● The probability of meeting the project objectives.

● The total contingency reserve required.

● The line-item costs or schedule activities that contribute more risks when all risks are considered
simultaneously.

● The individual risks that contribute the most to overall project risk.

● Projects where the quantified risks threaten objectives beyond the tolerance of the stakeholders.

● Project objectives that have risks well within acceptable tolerances.

5
Qualitative and Quantitative Risk Analysis—High-Level Comparison

High-level comparison of qualitative and quantitative risk analysis are as follows:

Qualitative risk analysis Quantitative risk analysis

● Addresses individual risks in detail. ● Predicts likely project outcomes based on combined
● Assesses the discrete probability of occurrence and effects of risks.
project
impact on objectives if risk occurs. ● Uses probability distribution to characterize the risk
● Helps prioritize the individual risks for subsequent related to cost and schedule values.
undertaking the
treatment. ● Uses a quantitative method, and requires specialized
● Adds to risk register. tools.
●
and benefits of
Leads to quantitative risk analysis. ● Estimates the likelihood of achieving targets and
contingency needed to achieve desired level of
ascertaining the costs comfort.
● Identifies risks with greatest effect on the overall
project.

6
Critical Success Factors

Following are the critical success factors for Perform Quantitative Risk Analysis process:
Prior Risk Identification and Qualitative Risk Analysis +
Appropriate Project Model +
Commitment to Collecting High-Quality Risk Data +
Unbiased Data +
Overall Project Risk Derived from Individual Risks +
Interrelationships between Risks in Quantitative Risk Analysis +

7
Critical Success Factors

Prior Risk Identification and Qualitative Risk Analysis -

● All the important risks are taken into account before analyzing them quantitatively.

Appropriate Project Model +

Commitment to Collecting High-Quality Risk Data +
Unbiased Data +
Overall Project Risk Derived from Individual Risks +
Interrelationships between Risks in Quantitative Risk Analysis +
8
Critical Success Factors

Prior Risk Identification and Qualitative Risk Analysis +

Appropriate Project Model -
● An appropriate model should be used as the basis of quantitative risk analysis such as
project schedule for time, line-item cost estimate for cost, decision tree for risk, etc.
● The outcome of Perform Quantitative Risk Analysis process depends upon the selected
project model.

Commitment to Collecting High-Quality Risk Data +

Unbiased Data +
Overall Project Risk Derived from Individual Risks +
Interrelationships between Risks in Quantitative Risk Analysis +
9
Critical Success Factors

Prior Risk Identification and Qualitative Risk Analysis +

Appropriate Project Model +
Commitment to Collecting High-Quality Risk Data -
● Can be gathered by interviews, workshops, and expert judgment.
● This calls for time, resources, and management support.

Unbiased Data +
Overall Project Risk Derived from Individual Risks +
Interrelationships between Risks in Quantitative Risk Analysis +
10
Critical Success Factors

Prior Risk Identification and Qualitative Risk Analysis +

Appropriate Project Model +
Commitment to Collecting High-Quality Risk Data +
Unbiased Data -
● Two common sources of bias are motivational and cognitive bias. Motivational bias is
where someone tries to bias the result in one direction or another and cognitive bias is
where bias occur as people are using their best judgment and applying heuristics.[1]
● Dispose the biased data and use the unbiased data.

Overall Project Risk Derived from Individual Risks +

Interrelationships between Risks in Quantitative Risk Analysis +
11
Critical Success Factors

Prior Risk Identification and Qualitative Risk Analysis +

Appropriate Project Model +
Commitment to Collecting High-Quality Risk Data +
Unbiased Data +
Overall Project Risk Derived from Individual Risks -
● Risks are specified at the level of detailed tasks or line-item costs, and incorporated into the
model of the project to calculate effects on project objectives like cost, time, etc.

Interrelationships between Risks in Quantitative Risk Analysis +

12
Critical Success Factors

Prior Risk Identification and Qualitative Risk Analysis +

Appropriate Project Model +
Commitment to Collecting High-Quality Risk Data +
Unbiased Data +
Overall Project Risk Derived from Individual Risks +
Interrelationships between Risks in Quantitative Risk Analysis -
● For the successful execution of the Quantitative Risk Analysis process, correlate and link
risks that have a common root cause.

13
Inputs, Tools and Techniques, and Outputs

Following are the inputs, tools and techniques, and outputs required for Perform Quantitative Risk
Analysis process:

Inputs Tools and Techniques Outputs

● Risk register ● Data gathering and ● Project documents updates

● Risk management plan representation techniques
● Cost management plan ● Quantitative risk analysis and
● Schedule management plan modeling techniques
● Enterprise environmental ● Expert judgment
factors
● Organizational process
assets

14
Inputs

Following are the Inputs required for Perform Quantitative Risk Analysis process:

Inputs Description
Risk register Identifies and categorizes risks, potential risk responses, and triggers warning signs.
Risk management Includes roles and responsibilities, budgets and schedule for risk management activities, Risk
plan Breakdown Structure (RBS), risk categories, probability and impact matrix, and risk tolerances.
Cost management Establishes the criteria for making plans, structuring, preparing an estimate, budgeting, and
plan establishing control over project costs.
Schedule Describes the scheduling methodology, the scheduling tool(s) to be used, and the format and
management plan established criteria for developing and controlling the project schedule.
Enterprise Provide context and insight to risk assessment, such as industry studies conducted by risk
environmental specialists for similar projects, and risk databases obtained from proprietary sources or the
factors industry.
Organizational Include existing processes that may impact a project's success. These may comprise policies,
process assets guidelines, historical information, or knowledge gained from previous projects.

15
Tools and Techniques

The 3 main techniques to Perform Quantitative Risk Analysis process are as follows:

Data gathering and

representation techniques

Quantitative risk analysis

and modeling techniques

Expert judgment

16
Tools and Techniques

Interviewing:
Interviewing draw on experience and historical data, to quantify the probability and
Data gathering and impact of risks on project objectives.
representation techniques Probability distribution:
Used extensively in modeling and simulation, representing the uncertainty in values
such as duration of scheduled activities and costs of project components.
Quantitative risk analysis
and modeling techniques

Expert judgment

17
Tools and Techniques

Sensitivity analysis:
Places a value on the effect of changing a single variable within a project by analyzing
Data gathering and that effect on the project plan.
representation techniques
Expected Monetary Value (EMV) analysis:
Assesses the average outcome of both known and unknown scenarios.
Decision tree analysis:
Quantitative risk analysis Factors both probability and impact for each variable, indicating the decision providing
and modeling techniques
the greatest expected value when all uncertain implications and subsequent decisions
are quantified.
Modeling and simulation:
Uses models that calculate potential impact of events on the project, based on random
Expert judgment
input values.

18
Tools and Techniques

Expert judgment:
It is required to identify potential cost and schedule impacts, to evaluate probability,
Data gathering and and to define inputs such as probability distributions into the tools.
representation techniques

Quantitative risk analysis

and modeling techniques

Expert judgment

19
Sensitivity Analysis—Example

Jimmy is a construction project manager for a bridge project in New Jersey. He is just beginning
quantitative analysis for his project and is notified from his boss that there might be a union
strike in the near future. This would mean that some human resources, which are members of
the union, might not show up for work, which is supposed to begin in three weeks. Jimmy
immediately has the team begin reviewing near-term work packages to determine how many
people might be needed to complete them, as well as other areas of the project where various
types of work are required. After receiving the results later in the day, he conducts sensitivity
analysis to see which areas of his project will be most impacted by the potential strike.

20
Sensitivity Analysis—Example (contd.)

Jimmy determines that the foundation work packages are the most impacted as many union
employees will be mixing and pouring concrete. He also discovers that the transport areas of
the project are also at risk because the concrete must be moved around the job location by
construction vehicles. The least sensitive area appears to be designed as none of the engineers
are members of the union. Jimmy forwards his results to his boss who uses it to negotiate with
the union to avoid the strike. To further protect the project from the risk, Jimmy enters into a
contract with another labor construction company to fill these positions in case the union
decides to go on a strike later in the project. The proper use of sensitivity analysis enabled
Jimmy to see which areas of his project were most impacted by the potential strike, and then
to plan accordingly.

21
Tools and Techniques—Characteristics

The characteristics of tools and techniques are as follows:

Quantitative Method
Comprehensive Risk
Risk Impact Calculation Appropriate to Analyze Data Gathering Tools
Representation
Uncertainty

● Risk models provide the risk representations that affect the project objective simultaneously.
● Representation of both opportunities and threats.

22
Tools and Techniques—Characteristics

Quantitative Method
Comprehensive Risk
Risk Impact Calculation Appropriate to Analyze Data Gathering Tools
Representation
Uncertainty

● Quantitative models facilitate the correct calculation of many risks on the project objectives.

23
Tools and Techniques—Characteristics

Quantitative Method
Comprehensive Risk
Risk Impact Calculation Appropriate to Analyze Data Gathering Tools
Representation
Uncertainty

● Probability models address uncertainty.

● An example of such a model is Monte Carlo simulation, which permits the combination of probability
distributions of line item costs or schedule.

24
Tools and Techniques—Characteristics

Quantitative Method
Comprehensive Risk
Risk Impact Calculation Appropriate to Analyze Data Gathering Tools
Representation
Uncertainty

● Assessment of historical data and workshops, interviews, or questionnaires to gather information.

● For example, probability distribution provides impact on cost or time, and relationship between risks.

25
Tools and Techniques—Characteristics (contd.)

A few other characteristics of tools and techniques are as follows:

The Elements and

Effective Presentation of
Structure of Iterative Quantitative Information for
Quantitative Analysis
Quantitative Risk Risk Analysis Response Planning
Results
Analysis

● Results from quantitative analysis are generally not available in standard methods/formats.
● Choosing the probability distribution, gives the following results:
o Whether the project can be completed within the time or budget;
o Contingency reserve requirement in terms of cost, time, or resource; and
o Identity or location of most important risks.

26
Tools and Techniques—Characteristics (contd.)

The Elements and

Effective Presentation of
Structure of Iterative Quantitative Information for
Quantitative Analysis
Quantitative Risk Risk Analysis Response Planning
Results
Analysis

Risk Prioritization
Perform Quantitative Analysis
(E.g., Monte Carlo simulation, decision tree analysis, etc.)
Examine Interrelationships
between Risks

Collect High-Quality Risk

Results
Data
● Likelihood of success
● Required contingency
Project Model (E.g.,
● High priority risks
Schedule, cost estimate, etc.)

27
Tools and Techniques—Characteristics (contd.)

The Elements and

Effective Presentation of
Structure of Iterative Quantitative Information for
Quantitative Analysis
Quantitative Risk Risk Analysis Response Planning
Results
Analysis

● It is impossible to know all the risks in advance.

● Iterative method is best suitable to analyze risks as the project progresses.

28
Tools and Techniques—Characteristics (contd.)

The Elements and

Effective Presentation of
Structure of Iterative Quantitative Information for
Quantitative Analysis
Quantitative Risk Risk Analysis Response Planning
Results
Analysis

● Overall contingency reserve in time and cost should be reflected in the project’s schedule and budget.
● If adjustment is required in scope, then the changes are agreed upon and documented. A new quantitative risk
analysis is carried out to reflect the new aspects of the project.

29
Basic Principles of Probability

The following details the basics on principles of probability and its description:
Principles of Probability Description

The sum of the probabilities of all events that may occur should be equivalent to 1
Sum of probabilities
(100%).

Probability of single event The probability of any single event must be greater than or equal to 0 and less than
or equal to 1.

Let A and B be two dependent joint events. The probability of occurrence of events
Dependent joint events A and B will be denoted as P(A) and P(B) respectively. Then the probability of a
dependent joint event will be calculated as [P(A)*P(B/A)], where P(B/A) denotes the
probability of occurrence of event B, provided event A has already occurred.

Let A and B be two independent joint events. Then the probability of an

Independent joint events independent joint event will be calculated as [P(A)*P(B)]. When the probability of
occurrence of joint events is the product of the probabilities of each, the events are
considered to be independent.
30
Basic Principles of Probability (contd.)

A few other basics on principles of probability and its description are as follows:
Principles of Probability Description

Mean The sum of the events divided by the number of occurrences.

The number that separates the higher half of a probability distribution from the
Median
lower half.

The number which typifies the data in a set. It is calculated by adding the values of a
Average
group of numbers and dividing the sum by the number of objects considered.

Standard deviation This is a measure of the spread of data, or the statistical dispersion of the values in
your data set.

31
Historical Documentation

One invaluable source of information for a project is any available

data on previous projects that were similar to the current one. There
are many risks that will reoccur from one project to the next.
To capitalize on lessons learned, you will need access and it must be
well structured.
Examples of historical documentation includes previous:
● risk plans,
● risk registers,
● contracts,
● project post-mortem documentation,
● change requests,
● cost and time estimates, etc.

32
Fault Tree Analysis

Fault Tree Analysis is also known as Failure Modes and Effects Analysis (FMEA). This type of model is
structured to identify the points of failure that are risks by themselves, or in combinations with one
another.
An example is illustrated below.

Improper Account
Settings
Non-Payment of Lack of Vendor
Electric Bill Notice Wrong Contact
Phone Number
Lack of AC Power
Poor
Automatic
Maintenance
Power Outage Transfer Switch UPS Error
Problem No Monthly Run
Insufficient Outdated Energy Test
Lack of DC Power
Battery Backup Analysis

33
System Dynamics

The System Dynamics (SD) model represents the flow of information and interactions among
stakeholders or teams on a project.
An example of SD is shown below.

Customer Sales Maintenance Customer Care Marketing

● Complaint ● Initial sales ● Functional ● Rebate ● False

filed ● Post sales error demanded advertising
● Feedback
request

34
EMV Analysis

EMV Analysis is also called as Expected Monetary Value Analysis.

● It is a method of calculating the average outcome when the future

is uncertain.

● It is the product of the expected monetary value of an outcome

and the probability that it will occur.

● It is used in decision tree analysis.

● It is calculated to find the best outcome, which is the lowest

combination of cost and EMV.

35
Decision Tree Analysis

An example of the decision tree analysis is illustrated below.

36
Monte Carlo Analysis

Following are the uses of Monte Carlo analysis:

● Uses the optimistic, most likely, and pessimistic estimates.

● Simulates various outcomes.

● Predicts a range of possible results.

● Used to predict likely outcome for schedules and costs.

● Uses sophisticated software applications.

● Effective with large number of inputs.

● Effective while predicting business risks.

37
Monte Carlo Software for Risk Modeling—Example

After deciding which risks require further analysis, Bob, a project manager with an IT company,
decides to assess the overall project risk by quantifying the impact of several risks. During
analysis he discovers that the impacts of several risks are beyond the company’s
predetermined thresholds. Bob is concerned that this new development could mean that the
project may have had unrealistic expectations set against it. He employs the use of Monte
Carlo software for risk modeling. He carefully inputs all available data and discovers that there
is a low probability of meeting the management determined finish date utilizing the available
budget allotted for this project.

38
Monte Carlo Software for Risk Modeling—Example (contd.)

Bob takes the supporting information to upper management and explains the precarious
situation. Bob’s boss determines that the project is underfunded and also has an unrealistic
finish date. Because Bob supported his conclusions with software, management decides to
provide additional funding and postpones the projected finish date by sixty days. Bob then
inputs the new budget and schedule data into the Monte Carlo program, which reflects a much
higher probability of project completion.

39
Probability Distribution

The Normal or Gaussian distribution is a continuous probability distribution, defined on the entire
real line that has a bell-shaped probability density function, known as the Gaussian function or
informally known as the bell curve.
● Bell curve is a visual depiction of the likelihood of events occurring.
● The events are plotted as values, and this representation in mathematical language is termed as
Probability Density Function (PDF).

40
Project Risk Ranking

The project risk ranking table helps in the following:

● Overall risk ranking for the final deliverable.
● Allows for comparisons among other projects.

Risk Exposure Table Risk Ranking Table

41
Steps to Perform Quantitative Risk Analysis

Following are the steps to perform quantitative risk analysis:

● Review the risk, cost, and schedule management plans.
● Begin with the original estimate of time or cost.
● Calculate and assess the impact of changing the range of results on
the overall project estimate.
● Refer to historical information.
● Use the appropriate interviewing technique and obtain probability
distributions from stakeholders and subject matter experts.
● Depict the distributions in a PDF format.
● Perform a sensitivity analysis.
● Conduct a project simulation.
● Update the risk register, project management plan, and other project
documents.

42
Output

Plan Risk Management output and its descriptions are as follows:

Outputs Description

Includes a probabilistic analysis of the project, the probability of fulfilling

Project documents updates
cost and time objectives, an updated list of quantified risks arranged in
order of priority, and trends in the results of quantitative risk analysis.

43
Components of Quantitative Risk Analysis Update

Following are the components of Quantitative Risk Analysis Update:

Components Description

Once risks are qualitatively and quantitatively analyzed, the project team should be able to
Probabilistic analysis
forecast the possible completion dates and costs, and provide a level of confidence for each
of the project
decision.

Probability of fulfilling
Using quantitative risk analysis, the project team can estimate the likelihood of fulfilling the
the cost and time
project objectives with the current plan and knowledge of the project risks.
objectives

Identified risks are prioritized according to the threat they pose or the opportunity they
Prioritized list of
present to the project. This prioritized list includes a measure of the impact of each
quantified risks
identified risk.

Repeating the quantitative risk analysis process helps the project's risk management team to
Trends in quantitative analyze the trends and make adjustments as necessary. Information on the project schedule,
risk analysis results cost, quality, etc., and performance gained through the Perform Quantitative Risk Analysis
process will help the team to prepare a quantitative risk analysis report.

44
Documenting the Results

Following are the points which are documented upon completing this process:
● The contingency reserve calculated in quantitative project cost and
schedule risk analysis to be incorporated into the cost estimate and
schedule.
● Contingency reserve established to capture the opportunities that are
judged to be priorities of the project.
● If contingency reserve exceeds the time or resource available, changes the
scope and plan, then these have to be documented.
● The results of quantitative risk analysis must be recorded and passed on to
the project management team for further actions to be taken.

45
Quiz

46
 You are the manager for a project. You are working with several subject matter experts
QUIZ to perform the quantitative risk analysis process. During this process, you find several
1 risk events that were not previously identified. What should you do with these risk
events?

a. The events should be considered for qualitative risk analysis

b. It should be determined if the events need to be accepted or responded to
c. The events should be entered into the risk register
d. The events should be considered for quantitative risk analysis

47
 You are the manager for a project. You are working with several subject matter experts
QUIZ to perform the quantitative risk analysis process. During this process, you find several
1 risk events that were not previously identified. What should you do with these risk
events?

a. The events should be considered for qualitative risk analysis

b. It should be determined if the events need to be accepted or responded to
c. The events should be entered into the risk register
d. The events should be considered for quantitative risk analysis

Answer: c.
Explanation: If you come across a new risk at any point of time, enter the event into the risk
register.

48
 You are the manager of a project in your company. You want to utilize a risk analysis
QUIZ process that will help the team make decisions in presence of the current uncertainty
2 surrounding the new environment. Which risk analysis approach can you use to make
decisions in the presence of uncertainty?

a. Monte Carlo simulation

b. Qualitative risk analysis process
c. Quantitative risk analysis process
d. Delphi technique

49
 You are the manager of a project in your company. You want to utilize a risk analysis
QUIZ process that will help the team make decisions in presence of the current uncertainty
2 surrounding the new environment. Which risk analysis approach can you use to make
decisions in the presence of uncertainty?

a. Monte Carlo simulation

b. Qualitative risk analysis process
c. Quantitative risk analysis process
d. Delphi technique

Answer: c.
Explanation: Quantitative risk analysis provides the opportunity to make decisions based on
numerical values assigned to the identified risks.

50
 You are the manager for a project. Your team and you are working on the following
QUIZ activities: i) Probabilistic analysis of a project, ii) Probability of achieving cost and time
3 objectives, and iii) Trends in qualitative risk analysis results. On which of the following
processes are you working?

a. Plan Risk Management

b. Perform Quantitative Risk Analysis
c. Perform Qualitative Risk Analysis
d. Identification of risks

51
 You are the manager for a project. Your team and you are working on the following
QUIZ activities: i) Probabilistic analysis of a project, ii) Probability of achieving cost and time
3 objectives, and iii) Trends in qualitative risk analysis results. On which of the following
processes are you working?

a. Plan Risk Management

b. Perform Quantitative Risk Analysis
c. Perform Qualitative Risk Analysis
d. Identification of risks

Answer: b.
Explanation: All these activities will be carried out as part of Quantitative Risk Analysis.

52
QUIZ Which of the following processes must be repeated after plan risk responses and
control risks process, to determine if the overall project risk has been satisfactorily
4 decreased?

a. Plan Risk Management

b. Perform Quantitative Risk Analysis
c. Perform Qualitative Risk Analysis
d. Identification of risks

53
 QUIZ Which of the following processes must be repeated after plan risk responses and
control risks process, to determine if the overall project risk has been satisfactorily
4 decreased?

a. Plan Risk Management

b. Perform Quantitative Risk Analysis
c. Perform Qualitative Risk Analysis
d. Identification of risks

Answer: b.
Explanation: Perform quantitative risk analysis is used to make sure that risk is minimized as
the project progresses.

54
QUIZ Which of the following simulation or modeling tools is used in case of quantitative risk
5 analysis?

a. Monte Carlo simulation

b. Trend analysis
c. Three-point estimate
d. Sampling technique

55
 QUIZ Which of the following simulation or modeling tools is used in case of quantitative risk
5 analysis?

a. Monte Carlo simulation

b. Trend analysis
c. Three-point estimate
d. Sampling technique

Answer: a.
Explanation: Monte Carlo simulation is used in quantitative risk analysis to determine the
numerical impact due to risk in the project.

56
QUIZ
What is the output of quantitative risk analysis?
6

a. Risk register
b. Project performance examination
c. Project documents updates
d. Project management plan updates

57
 QUIZ
What is the output of quantitative risk analysis?
6

a. Risk register
b. Project performance examination
c. Project documents updates
d. Project management plan updates

Answer: c.
Explanation: Project documents updates are the output of quantitative risk analysis
process.

58
Summary

Here is a quick ● Performing Quantitative Risk Analysis provides a numerical estimate of the
recap of what was overall effect of risk on the project objectives.
covered in this ● The three techniques to Perform Quantitative Risk Analysis process are data
lesson:
gathering and representation techniques, quantitative risk analysis and
modeling techniques, and expert judgment.
● EMV analysis is a method of calculating the average outcome when the
future is uncertain.
● Monte Carlo analysis is used to predict likely outcome for schedules and
costs.
● The Normal or Gaussian distribution is a continuous probability distribution,
defined on the entire real line that has a bell-shaped probability density
function, known as the Gaussian function or informally known as the bell
curve.

59
This concludes ‘Perform Quantitative Risk Analysis.’

The next lesson is ‘Plan Risk Responses.’

60
Reference

[1] Based on Practice Standard for Project Risk Management: Project Risk Management, Page 27.

61
RMP® Certification Course
Lesson 9—Plan Risk Responses

1
Objectives

After completing ● Explain the purposes and objectives

this lesson, you will
be able to: ● Identify the critical success factors

● List the inputs, tools and techniques, and outputs

● Define contingency plan

● List the different forms of contingency reserves

2
Purposes and Objectives

Plan Risk Responses process determines the effective responses that are appropriate to the priority of
individual risks and overall project risk.
While deciding the risk response, it is important to consider a few factors which includes the
following:

Stakeholders’ Stakeholders’ Stakeholders’ Stakeholders’

Attitude Conventions Assumptions Constraints

The objective of the Plan Risk Responses process is to determine the set of actions which enhances
the chances of project’s success while complying with organizational and project constraints.

3
Activities and Roles

Following are the important activities and roles to be carried out as

part of the Plan Risk Responses process:
● The risk response plans are developed on the basis of threats or
the opportunities offered by negative or positive risk.
● Potential changes to budget, schedule, and scope of the project
should be considered while planning for risk response.
● The implementation of response process can generate additional
risks called secondary risk.
● Secondary risks should be analyzed and the required responses
should be planned.

4
Activities and Roles (contd.)

A few other important activities and roles are as follows:

● Risks that remain after the primary and secondary risks have been
eliminated are called residual risks.

● Residual risks should be identified, analyzed, documented, and

communicated to the stakeholders.

● Contingent risk response actions should be executed at the

optimum time.

5
Interfaces

Risk response processes along with all approved and unconditional actions occurring due to risk
response planning should be integrated within project management plan.

The corresponding organizational and project management rules should be invoked including the
following:

Project change Project planning, Project

Resource
management and budgeting, and communication
management
configuration control scheduling planning

6
Critical Success Factors

Critical success factors for Risk Resource Planning process are as follows:

People

Planning

Analysis

7
Critical Success Factors

Communicating to different stakeholders:

● Communication should be open and appropriate.
● The risk responses should ensure acceptance among the stakeholders.
People
● Organizational factors like culture, attitudes, or disagreements should be addressed
openly.
Defining roles and responsibilities:
● Key roles in project risk management must be assigned to risk owner and risk action
Planning owner.
● The team should understand what is expected of them. The stakeholders should
understand and accept the need and authority.
● The senior management should approve and track the contingency reserve.

Analysis

8
Critical Success Factors

Specify response timing:

● The agreed-upon responses should be integrated into the project management plan.
People ● The responses should be scheduled and assigned for execution.
Provide resources, budget, and schedule:
● The approval from the management for resources, costs, and duration needs to be
obtained.
Planning
● The commitment from risk owners and risk action owners needs to obtained.

Analysis

9
Critical Success Factors

Address the interaction of risks and responses:

● Control the potential effects of strategy developed for treating the original risk.
Ensure appropriate, timely, effective, and agreed-upon responses:
People
● Consistency with organizational values, project objectives, and stakeholder
expectations.
● Capability to balance the project objectives and improve the risk situation.
Analyze the threats and opportunities:
Planning ● If threats or opportunities are not addressed fully, the combined response strategy
may be invalid.
Develop strategies to address tactical responses:
● The risk response strategy should be carried out at a general, strategic level; and the

Analysis strategy should be validated and agreed upon.

10
Inputs, Tools and Techniques, and Outputs

The Inputs, Tools and Techniques, and Outputs of Plan Risk Responses process are as follows:

Inputs Tools and Techniques Outputs

● Risk register ● Strategies for negative risks ● Project management plan

● Risk management plan or threats updates
● Strategies for positive risks ● Project document updates
or opportunities
● Contingent response
strategies
● Expert judgment

11
Inputs

Following are the inputs of Plan Risk Responses process:

Inputs Description
Contains prioritized lists of project risks, root causes of risk, lists of potential
Risk register responses, risk ranking, lists of near-term and long-term risks, trend in
qualitative risk analysis, categorized risks, and a watch-list of low-priority risks.
Risk
Contains the guidelines, methodology, templates, and formats necessary to
management
perform all risk management processes including Plan Risk Responses.
plan

12
Updating the Risk Register—Example

While finalizing risk responses on a high visibility project that is set to begin in another country, you review your
available choices for risk responses. There is a set of risks that is related to using company employees in that region
of the world, they are:
1. Company employees are not versed in the local cultural norms
2. They do not even speak the language

These shortcomings could potentially result in major problems when dealing with local politicians, construction
workers and in various other situations and as a result of this option, the risk to the project will increase.

13
Updating the Risk Register—Example (contd.)

On the other hand, you have the option of only using local workers. The benefits are as follows:
● While less skilled, they are from this region of the world.
● They should be able to increase their performance quickly.
● It will not cause any problems with the local customs and people.
● Local resources would not cause the same problems as the employees might.

Due to the higher risk and expense associated with using company employees, you decide to use local resources
and completely avoid problems that might arise from not understanding the local customs, language and
traditions. You update the risk register and begin making the arrangements immediately.

14
Tools and Techniques

Following are the tools and techniques of Plan Risk Responses process:

Strategies for
The three strategies for negative risks or threats are avoid, transfer, and mitigate. The
negative risks
fourth strategy accept, can be used for positive and negative risks.
or threats

Strategies for
The three strategies are exploit, share, and enhance; and the fourth strategy is accept.
positive risks

Contingent
response It is the response strategy used if risks occurs.
strategies

Expert It is the input from Subject Matter Experts (SMEs) to take required actions on specific
judgment and defined risk.

15
Strategies for Threats

Four strategies which address threats are as follows:

A negative risk strategy that involves It is a negative risk strategy that

changing the project plan to prevent a Avoid Accept a threat involves accepting that a risk exists.
potentially detrimental risk condition The acceptance may be passive or
or event from happening. active.

A negative risk strategy that shifts A negative risk strategy that

the impact of a risk event and attempts to reduce the probability or
ownership of the risk response to a Transfer Mitigate impact of a potential risk event to an
third party. acceptable level.

16
Accepting a Threat—Example

There is a threat, that a competitor may launch a rival product first. This affects the expected market share for the
product. To overcome this threat, the project can be accelerated by increasing the resources and reducing the
product’s scope, so that it can be launched earlier.

Alternatively, action need not be taken to re-schedule the launch to an earlier date. Accelerating the project may
lead to product quality issues and reducing the scope can make the product less appealing. Therefore, in this case,
the risk is simply accepted and no action is taken to overcome it.

17
Strategies for Opportunities

Four strategies which address opportunities are as follows:

A positive risk strategy that is often It is a positive risk strategy that

Accept an
used when a project team wants to Exploit opportunity involves accepting the risk and
make sure that a positive risk is fully actively responding to it as it comes,
realized. but not through the pursuit.

A positive risk strategy that involves

A positive risk strategy that
partnering up with another party, in
Share Enhance attempts to increase the probability.
an effort to give a project team the
that an opportunity will occur.
best chance of seizing an opportunity.

18
Exploit Strategy—Example

As a project manager for a housing development project you are constantly concerned with the cost of housing
materials such as lumber, drywall, carpeting, and tile. The prices of these products are constantly fluctuating and
causing you to review your budget for available funds.

After finishing a previously contentious project, you decide to try something different on an upcoming block of
houses that are set to begin building shortly.

Determined to control the cost of materials, you decide to meet your suppliers and negotiate for better pricing.
Your suppliers are willing to negotiate but only if you buy in bulk, which is equal to two blocks worth of houses.

19
Exploit Strategy—Example (contd.)

After the discussion with the suppliers, you perform the following actions:
● You take this pricing to your investors who approve the idea and ask if there is a way to keep the pricing on the
remaining six blocks.
● You meet your suppliers again and present the idea of a fixed price on a much larger order, to which they agree.
● After finalizing negotiations and signing all the necessary paperwork, you return to your office and update the
risk register.
● You notify your investors that you have taken full advantage of the material price opportunity, which is also
known as the exploit strategy.
Pricing is much less of a problem after this response strategy.

20
Tools and Techniques—Categories

The four categories of tools and techniques are as follows:

● Creativity tools for potential response;

● Decision support tools for optimal potential response;

● Strategy implementation techniques to convert strategy into action; and

● Tools to transfer control to the control risks process.

21
Steps Involved in Planning Risk Responses Process

The following flowchart helps in understanding the steps involved in Plan Risk Responses process:

Plan Risk Responses Update Project

Management Plan

Yes
Identify Responses

Predicted
Select Responses Exposure
No Acceptable?

All Risks Review Predicted

Addressed? No Residual Exposure

Yes
Plan and Resource Update Risk
Actions Register
22
Applying Risk Response Strategies to Overall Project Risk

The four risk response strategies that are applied to individual risks can also be applied to address the
overall project risk in the following manner:

Constructing Re-planning
Constructing a strategy where Re-planning the project or change
customer and supplier share the risk. the scope.

Pursuing Cancelling
Pursuing the project in spite of the Cancelling the project, if the overall
desired level exceeded. level of risk is unacceptable.

23
Response Identification

Response identification is based on the information available on potential

risk. It aims to determine the optimal set of responses. As a result, it
should involve subject matter experts and employ creativity techniques to
explore all the options.

Project planning and execution techniques are used to evaluate the

potential effects on the project objectives.

24
Response Selection

Potential responses are identified using a decision-support technique.

Following factors should be considered while selecting potential responses:

Cost of the Impact on project Uncertainty of

response objective outcomes

Possible secondary Residual risks

25
Risk Addressing

Risk addressing includes the following:

● Project planning tools are used to implement actions and to integrate

them into the existing plan.
Action Planning

● Responsibility assignment has to be created by identifying risk owner

and risk action owner.
● Every contingency response should include a trigger condition.
Ownership and ● Monitoring of these conditions should be assigned in Plan Risk Response
Responsibility Assignment process, and they should be managed in the control risks process.

26
Outputs

Outputs of Plan Risk Responses process is given below:

Outputs Description

Include subsidiary management plans and their various requirements

Project management plan updates
for the Plan Risk Responses process.

Contain assumptions, log updates, and technical documentation

Project document updates
updates.

27
Contingency Plan

A contingency plan is a plan developed in anticipation of the

occurrence of a risk, to be executed only if specific, predetermined
trigger conditions arise. [1]

A residual risk is a risk that remains after risk responses have been
implemented.[2]

This plan is used in the event when identified risks become reality.

28
Risk Tolerance

Risk tolerance refers to the level of risk acceptability of a project manager, an organization, or a key
stakeholder when the investment required for managing the risk is compared to the potential payoff.

29
Business Continuity Plan

A Business Continuity Plan (BCP) is a logistical risk response plan that

documents the restoration and recovery methods of an organization during
crisis.

This plan involves tested solutions to increase the chances of continuing

operations, during or after disasters. BCP also contains details on the
recovery timeline methods, procedures and tested action plans, and any
alternate recovery resources, including facilities.

30
Contingency Reserves

Contingency reserve is a predetermined amount that is set aside to be used when known risks
become reality.

Different forms of contingency reserves are as follows:

Additional time Money Resources

31
Critical Chain Project Management

Critical Chain Project Management (CCPM) is a method that allows the project team to place buffers
on any path to account for limited resources and other types of risk. A buffer is a non-work schedule
activity with a duration based on the risk for that path. A resource constrained critical path is referred
to as the critical chain.

Activity Activity Feeding

A D Buffer

Activity Activity Activity Activity Project

Start Finish
B E F F Buffer

Activity Feeding
C Buffer

32
Force Field Analysis

Force Field Analysis technique is often used when a change is under consideration. The two sets of
variables that are compared are driving forces and restraining forces.

Lack of
authority

Easily de-
scoped

33
Industry Knowledge Base

There are plenty of mature industries that publish lessons

learned or scientific data that can be used in your project.
This type of data is valuable for benchmarking on your
project. The biggest concern is getting access to relevant and
accurate information.

A truck carrying cargo on the highway has numbered placards on its rear end. These
are numbers associated with material safety data sheets or MSDS. This information
is readily available to the public and also to the first responders in case there is an
accident.
34
Interviews

It may be necessary to have a one on one conversation with

stakeholders to gather their feedback.
● To properly perform an interview, the questions must be prepared in
advance and the interviewer should have sound questioning skills.
● Active listening and the ability to build rapport with the stakeholder
is also important.
● Appropriate time should be allotted for interviews.
● Be prepared to filter issues and non-risks during the session.

You might conduct an interview with a heavy equipment operator who is performing work on site for
your project. The operator is the most qualified to identify risks about the equipment.
35
Multi-Criterion Selection Techniques

Multi-Criterion Selection tool uses a weighted approach to compare options. The stakeholders must
agree upon the weights, criteria, and scoring results.

Vendor A Vendor B
Criteria Weight Rating Points Rating Points
Price 10 9 90 8 80
History 5 9 45 7 35
Time 8 7 56 8 64
Quality 8 10 80 9 72
Risk 7 7 49 8 56
Score 320 307

36
Historical Documentation

One invaluable source of information for a project is any available data on

previous projects that were similar to the current one. There are many
risks that will reoccur from one project to the next.
To capitalize on historical documentation, you will need access and it
must be well structured.
Examples of historical documentation includes previous:
● risk plans,
● risk registers,
● contracts,
● project post-mortem documentation,
● change requests,
● cost and time estimates, etc.

37
Quantitative Risk Analysis

Quantitative risk analysis may be used to determine which responses are cost effective based on the
impact to the project.

Decision tree analysis might help you determine whether you should purchase a
piece of equipment or just rent it during the project. The cost or rental of the
equipment, and the impact to the budget might be clearly displayed.
38
Root Cause Analysis

Root Cause Analysis technique can be used proactively or reactively. A commonly used example is the
fishbone diagram which is shown below.
ROOT CAUSE ANALYSIS
Process Management Geography

Offsite management Overland route

Supplier problems
Unclear requirements Extreme cold
Waiting time
Poor Maintenance degradation Lack of buy-in Seismic activity

Quality Defects

Lack of training Low tolerance to cold Poor ventilation

Too much overtime Incompatibilities Poor ventilation

Low morale Easily damaged Poor ventilation

People Material Environment

39
Scenario Analysis

Scenario Analysis technique involves planning and assessing the feasibility of multiple responses. This
will help determine which response is the most appropriate, cost effective, and causes the least
amount of secondary risks.

40
Scenario Analysis—Example

You are the project manager for a telecommunication’s company and you are reviewing possible scenarios to deal
with winter storm outages. Quite often, heavy snowfall causes power services to be disrupted, which then causes
your cellular sites to fail after one hour.
So, you have several possible responses to deal with this risk. They are:
1. You might install a generator onsite with an automatic switch to turn the generator on if the power fails.
However:
● you need to check the time duration for installation.
● you also need to think about the cost and space to install it.

41
Scenario Analysis—Example (contd.)

2. In another scenario you might decide to rent a generator and keep it on site. This option will require an
employee to go to the site and turn it on if the power fails. In this case the considerations are:
● You need to think about the arrival time.
● There could be dangerous driving conditions.
● You also need to check if the employee is qualified for it.
3. Another scenario under consideration is to contract with a generator company to handle the entire response.
Once again, you need to think about the cost and the onsite arrival time.

42
Residual Risks

Residual Risks refer to risks that remain in a project even after the risk response action is
implemented.

It is essential to add the contingency costs and duration to account these residual risks.

43
Creating a Risk Response Plan—Guidelines

Guidelines for creating a risk resource plan are as follows:

Examine each identified risk to Brainstorm possible response

determine its causes strategies for each risk

Choose the response strategy Develop specific actions for

that is most likely to be effective implementing the strategy

Identify backup strategies risks Determine the amount of

with high risk factor scores required contingency reserve

Consult the risk management plan Incorporate the risk response plan
for the description of the content into the overall project plan

Examine trends in analysis results

44
Documenting the Results

Documenting the results of the Plan Risk Responses process includes the following:

Adding risk responses to the risk register +

Adding corresponding risk responses to the project management plan +
Reviewing and documenting the predicted exposure +

45
Documenting the Results

Adding risk responses to the risk register -

● For each risk, the response should be documented in the risk register and updated
regularly.
● The stakeholders should be able to access the relevant information to verify and
manage their responsibilities according to the response.

Adding corresponding risk responses to the project management plan +

Reviewing and documenting the predicted exposure -
46
Documenting the Results

Adding risk responses to the risk register +

Adding corresponding risk responses to the project management plan -
● Based on the risk responses, the project related implications are evaluated for
project objectives like cost, time, resource, and changes to the documentation.
● The risk response planning is complete only when all these changes are approved.

Reviewing and documenting the predicted exposure +

47
Documenting the Results

Adding risk responses to the risk register +

Adding corresponding risk responses to the project management plan +
Reviewing and documenting the predicted exposure -
● After risk response is defined and integrated into the project management plan,
the individual and overall residual risks should be evaluated.
● The evaluation should provide the expected post-response and the potential
improvement, assuming that the proposed responses are effective.
● This evaluation should be documented.

48
Quiz

49
QUIZ
How many risk responses are there in the positive risk response type?
1

a. Four

b. Three

c. Seven

d. Eight

50
 QUIZ
How many risk responses are there in the positive risk response type?
1

a. Four

b. Three

c. Seven

d. Eight

Answer: a.

Explanation: There are four positive risk responses. They are, exploit, share, enhance, and
accept.
51
QUIZ You are the manager of a project for your company. You have completed qualitative and
quantitative analysis of your identified project risks. Which should be the next step
2 according to project management process?

a. Monitoring and controlling project risks

b. Creating a risk governance approach

c. Creating the project risk register

d. Planning risk responses

52
 QUIZ You are the manager of a project for your company. You have completed qualitative and
quantitative analysis of your identified project risks. Which should be the next step
2 according to project management process?

a. Monitoring and controlling project risks

b. Creating a risk governance approach

c. Creating the project risk register

d. Planning risk responses

Answer: d.

Explanation: After completion of qualitative and quantitative risk analysis, the next step is
to Plan Risk Responses.
53
QUIZ While monitoring the project, you find that an accepted risk is going to occur. Which of
3 the following measures will you take to develop the response?

a. Risk response plan

b. Fallback plan

c. Mitigation plan

d. Risk register

54
 QUIZ While monitoring the project, you find that an accepted risk is going to occur. Which of
3 the following measures will you take to develop the response?

a. Risk response plan

b. Fallback plan

c. Mitigation plan

d. Risk register

Answer: a.

Explanation: The risk response plan communicates how specific risks will be dealt with and
what action steps are required as part of the risk response process.
55
QUIZ You finished risk response planning and found that cost and schedule baselines are to
be modified. Why would the risk response planning call for changing the cost and
4 schedule baselines?

a. New or omitted work which is a part of risk response can cause changes
to the schedule baseline and/or cost
b. Risk responses protect the investment and time of the project

c. Risk responses should not take money or time to implement

d. Baselines must not be updated, but should be refined through versions

56
 QUIZ You finished risk response planning and found that cost and schedule baselines are to
be modified. Why would the risk response planning call for changing the cost and
4 schedule baselines?

a. New or omitted work which is a part of risk response can cause changes
to the schedule baseline and/or cost
b. Risk responses protect the investment and time of the project

c. Risk responses should not take money or time to implement

d. Baselines must not be updated, but should be refined through versions

Answer: a.
Explanation: A project is a progressive elaboration. While carrying out risk management,
you will find that the funding and timeline may not be sufficient. So you need to update the
baseline by considering the new risk response planning.
57
 You are the manager running a project for an organization, and during the course of the
QUIZ project, the organization receives an additional funding from VCs as bonus, which can
5 be used for your project to compress the schedule by crashing. Which response helps in
utilization of opportunity?

a. Transferring

b. Mitigation

c. Exploitation

d. Enhancement

58
 You are the manager running a project for an organization, and during the course of the
QUIZ project, the organization receives an additional funding from VCs as bonus, which can
5 be used for your project to compress the schedule by crashing. Which response helps in
utilization of opportunity?

a. Transferring

b. Mitigation

c. Exploitation

d. Enhancement

Answer: c.

Explanation: If you receive the money and then decide to crash the schedule, you have
exploited the situation.
59
QUIZ
Which risk response is acceptable for both positive and negative risk events?
6

a. Transferring

b. Acceptance

c. Sharing

d. Enhancing

60
 QUIZ
Which risk response is acceptable for both positive and negative risk events?
6

a. Transferring

b. Acceptance

c. Sharing

d. Enhancing

Answer: b.

Explanation: Acceptance is the only risk response which is used both in positive and
negative risk response planning.
61
Summary

Here is a quick ● While deciding the risk response, it is important to consider stakeholders’
recap of what was attitude, conventions, assumptions, and constraints.
covered in this ● The critical factors to ensure the success of Plan Risk Responses process
lesson: are people, planning, and analysis.
● The inputs of Plan Risk Responses process are risk register, and risk
management plan.
● A contingency plan is a plan developed in anticipation of the occurrence
of a risk, to be executed only if specific, predetermined trigger conditions
arise.
● The different forms of contingency reserves are additional time, money,
and resources.

62
This concludes ‘Plan Risk Responses.’

The next lesson is ‘Control Risks.’

63
Reference

[1] Based on Practice Standard for Project Risk Management: Glossary, Page 109.

[2] Based on PMBOK ® Guide—Fifth Edition: Glossary, Page 558.

64
RMP® Certification Course
Lesson 10—Control Risks

1
Objectives

After completing ● Explain the purposes and objectives

this lesson, you will
be able to: ● Identify the critical success factors

● Describe the inputs, tools and techniques, and outputs

● Discuss how to document the results

● Describe risk audits

2
Purposes and Objectives

The primary objectives of Control Risks process are as follows:

Monitoring residual Ensuring risk response

Tracking identified risks Identifying new risks
risks plans are implemented

Monitoring the Reviewing the

Making improvements
effectiveness of risk effectiveness of risk
to the process
response plans management processes

For each risk where a contingent response is identified, the corresponding trigger conditions should
be specified. Risk owners should monitor the implementation in a timely manner.

3
Purposes and Objectives (contd.)

Once the Plan Risk Responses process is complete, all the approved unconditional response actions
should be included and defined in the risk register.

● The first action then is to check if it has been completed and take action as necessary, such as
invoking change management process if required.

● Effective communication needs to be maintained between them and the project manager, so that
the respective stakeholders accept the accountability.

● In addition to the response actions and trigger conditions, a mechanism for measuring the
effectiveness of the response is provided by the Plan Risk Responses process.

● In the event of major organizational changes, risk management planning may need to be revised.

4
Critical Success Factors

Following are the critical success factors for Control Risks process:

Integrate Risk Monitoring and Control with Project Monitoring and Control +
Continuously Monitor Risk Trigger Conditions +
Maintain Risk Awareness +

5
Critical Success Factors

Following are the critical success factors for Control Risks process:

Integrate Risk Monitoring and Control with Project Monitoring and Control -
● Project management plan should address actions used to carry out and control
risks.
● After the risk response plan, monitoring and controlling of risks should be carried
out as a part of the monitoring and controlling of project.

Continuously Monitor Risk Trigger Conditions +

Maintain Risk Awareness +

6
Critical Success Factors

Following are the critical success factors for Control Risks process:

Integrate Risk Monitoring and Control with Project Monitoring and Control +
Continuously Monitor Risk Trigger Conditions +
● Specifically defined risks may trigger conditional responses by the risk action
owner in collaboration with the risk owner.

Maintain Risk Awareness -

7
Critical Success Factors

Following are the critical success factors for Control Risks process:

Integrate Risk Monitoring and Control with Project Monitoring and Control +
Continuously Monitor Risk Trigger Conditions +
Maintain Risk Awareness -
● Risk management report should be a regular item on every status meeting to
create awareness about risk management and its importance.
● Regular reports on risks should be shared with the senior-level sponsor and the
stakeholders.

8
Inputs, Tools and Techniques, and Outputs

Following are the inputs, tools and techniques, and outputs required for Control Risks process:

Inputs Tools and Techniques Outputs

● Risk register ● Risk reassessment ● Work performance
● Project management plan ● Risk audits information
● Work performance data ● Variance and trend analysis ● Organizational process assets
● Work performance reports ● Technical performance updates
measurement ● Change requests
● Reserve analysis ● Project management plan
● Meetings updates
● Project document updates

9
Inputs

Following are the inputs for Control Risks process:

Inputs Description

Identifies risks, risk owners, actions to respond to risks, characteristics of risks, and a watch-list of
Risk register
risks of low priority.

Project management Contains risk management plan which includes risk tolerances, risk owners, protocols, human
plan resources, time, and other resources allocated for project risk management.

Provides items related to project performance results, which may be impacted by risks such as
Work performance data
deliverable status, progress with respect to schedule, and cost incurred to accomplish the work.

Work performance Provides information on project work performance that may affect the processes of risk
reports management or the actual occurrence of risk.

10
Tools and Techniques

Following are the tools and techniques of Control Risks process:

Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement

Risk reassessment is the identification of new risks, reassessment of current risks, and the closing of risks that are
outdated.

11
Tools and Techniques

Following are the tools and techniques of Control Risks process:

Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement

Risk audits examine and document the effectiveness of risk responses in dealing with identified risks.

12
Tools and Techniques

Following are the tools and techniques of Control Risks process:

Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement

Variance analysis is used to compare the planned results to the actual results. Trends in the project’s execution
should be reviewed using performance information.

13
Tools and Techniques

Following are the tools and techniques of Control Risks process:

Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement

Technical performance measurement compares technical accomplishments during project execution to the
schedule of technical achievement.

14
Tools and Techniques

Following are the tools and techniques of Control Risks process:

Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement

Reserve analysis compares the amount of the contingency reserves remaining to the amount of risk remaining at
any time in the project.

15
Other Tools and Techniques

A few other tools and techniques of Control Risk process are as follows:

Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve

Management reserve for unplanned changes to time, scope, and cost.

16
Other Tools and Techniques

A few other tools and techniques of Control Risk process are as follows:

Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve

Tools are required to identify trends and forecast future outcomes, and to track the progress and spending.

17
Other Tools and Techniques

A few other tools and techniques of Control Risk process are as follows:

Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve

Tools are required to evaluate and track trigger conditions against the project thresholds based on the actual
status. This provides risk-related information for the project parameters such as time and cost.

18
Other Tools and Techniques

A few other tools and techniques of Control Risk process are as follows:

Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve

Tools are required to determine whether the responses have the expected effect on the project’s overall level of
risk.

19
Other Tools and Techniques

A few other tools and techniques of Control Risk process are as follows:

Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve

Quality of execution of risk related plans and process are monitored against the metrics, to see if there is any
variation.

20
Outputs

Following are the outputs of Control Risk process:

Outputs Description

Work performance
Provides a mechanism to communicate and support project decision-making.
information

Organizational process Project risk management processes should be documented in the organizational process
assets updates assets as references for future projects.

Anything that deviates from the project baseline results in changes to the project management
Change requests
plan.

Project management The project management plan needs to be revised and reissued, if there is any approved
plan updates change which has an effect on risk management processes.

Project document Various project documents that require updates include the assumptions log, the technical
updates documentation, the contract terms, and the schedule and cost baselines.

21
Risk Audits

Risk audits help in examining the following:

Team's ability to identify Effectiveness of risk

Performance of risk owners
risks and causes for the risks response plans

Risk audits may be performed by

● a third party,

● a project's risk officer, or

● a qualified personnel.

22
Risk Reassessment

The process of reassessing the risks in a project risk register includes the following:

Identify new risks and Reassess current risks Close outdated risks
determine responses for their probability
and impact

23
Risk Audit—Guidelines

Guidelines for conducting risk audit are as follows:

Understand risk management Review the risk

rules and process management plan

Assess stakeholder tolerance

General risk management
and risk impact definitions

Document the Create reports and

identified results submit for approval

Make recommendations for improvement

24
Risk Audits—Example

During execution late into a project, the Project Manager (PM) feels that he is constantly
reacting to risk events that should have been identified early. Each time a risk event occurs,
he is asked by upper management why this risk was not identified proactively, analyzed,
and a response plan designated.

Concerned with this rising trend of missed risks, he calls for a team meeting to discuss the
issue. During the conversation, one of the team members suggests that a risk audit might
be appropriate under the circumstances, and the PM agrees.
The team then conducts the risk audit by using the steps within the audit format that had
been defined in the risk plan.

25
Risk Audits—Example (contd.)

After the audit is complete it is obvious that the team has been using a flawed risk plan.
The original plan was biased and caused the team to subjectively miss an entire category of
risks, which have now began to occur while in execution.

With this problem identified, the PM immediately updates the risk plan and all the
supporting documentation. He then instructs the team to begin risk reassessment in an
effort to identify risks in a proactive manner. The PM also informs upper management
about the audit conclusions and the new focus on risk.

26
Trend Analysis

Trend analysis involves reviewing the various trends in project performance on a regular basis.

Trend analysis examines project performance over time to determine whether performance is
improving or deteriorating.

This technique helps in reviewing the various trends in project performance on a regular basis, and it
can also be used to predict future performance.

27
Variance Analysis

Variance analysis is the measurement of deviation from expected results, or the analysis of variance
from the planned and the actual risk impacts.

On the basis of variance analysis, corrective action is taken for the progress of the project.

28
Variance and Trend Analysis—Example

During a routine risk reassessment meeting with the team, Sonny is alerted to a potential
problem by a team member. It seems that the same risk is reoccurring in a technical area of
the project. This area is critical to the success of the project and has a predetermined data
throughput speed that is a quality requirement from an internal customer.

Sonny instructs the team members to pull the test data from the previous test and
inspection paperwork so they can compare these technical measurements over a span of
time.

After compiling the data, it is evident that the risk does in fact seem to occur 24 hours after
each finalized test. Perplexed by this strange phenomenon, Sonny and his team members
investigate further by using variance and trend analysis.

29
Variance and Trend Analysis—Example (contd.)

It appears that every server has suffered this same problem over the last month and no one
had noticed the trend. As every server seems to be affected, Sonny and the team are able
to trace them all to a common cause.

They are all pulling power from the same power bay which has begun exceeding the
maximum capacity in the last month. Apparently, no one thought to check to see if there
would be enough available power for the new servers.

After discovering this problem, Sonny determines several courses of action, submits a
change request, which is approved and performs a minor upgrade on the power bay
distribution breakers to handle this increase power requirement.

30
Technical Performance Measurement

The definition of technical performance measurement is as follows:

Technical performance measurement is a comparison of the project's actual technical

accomplishments to the planned technical objectives as outlined in the project management plan.

Technical performance measurement helps to determine if the technical targets can be achieved.

31
Critical Chain Project Management

Critical Chain Project Management (CCPM) is a method that allows the project team to place buffers
on any path to account for limited resources and other types of risk. A buffer is a non-work schedule
activity with a duration based on the risk for that path. A resource constrained critical path is referred
as a critical chain.

An example of CCPM is illustrated below:

Activity Activity Feeding

A D Buffer

Activity Activity Activity Activity Project

Start B E F F Buffer Finish

Activity Feeding
C Buffer

32
Reserve Analysis

Reserve analysis refers to, identifying and adding the following:

Extra time and money

Extra time and money for identified and unidentified risk.

Contingency reserve

Contingency reserve for scheduled risk.

Management reserve

Management reserve for unplanned changes to time, scope, and cost.

33
Status Meetings

Status meetings are conducted to discuss the current status of the project with the project team
members and the stakeholders.

The project manager should include the following for status meetings:

Agenda Items for Status Meetings

Examining the status

Identifying and Identifying risks that Identifying risks that
of risks and risk
managing risks are of high priority need to be closed
responses

Analyzing the
Discussing the
effectiveness of risk
lessons learned
responses

34
Evaluating Project Risks and Risk Status

Evaluating the status of risks include the following:

Monitor Identify Update

Monitor the existing status of each risk event in the risk register.

35
Evaluating Project Risks and Risk Status

Evaluate the status of risks include the following:

Monitor Identify Update

Identify risk events whose status may be changed based on their status at the time of evaluating risks.

36
Evaluating Project Risks and Risk Status

Evaluate the status of risks include the following:

Monitor Identify Update

Update the risk register by modifying the appropriate status of each risk event.

37
Historical Documentation

One invaluable source of information for a project is any available data on

previous projects that were similar to the current one. There are many
risks that will reoccur from one project to the next.
To capitalize on lessons learned, you will need access and it must be well
structured.
Examples of historical documentation includes previous:
● risk plans,
● risk registers,
● contracts,
● project post-mortem documentation,
● change requests,
● cost and time estimates, etc.

38
Documenting the Results

The final control action of risk controlling is to record the actual data for future use.

Some documented risk management information includes the following:

Occurrence of Effectiveness of risk Unexpected or

risk responses undocumented risk

39
Quiz

40
QUIZ Which of the following processes involves choosing the alternative strategies, executing
a contingency or fallback plan, taking corrective action, and modifying the project
1 management plan?

a. Control risk

b. Risk response plan

c. Scope control

d. Integrated change control

41
 QUIZ Which of the following processes involves choosing the alternative strategies, executing
a contingency or fallback plan, taking corrective action, and modifying the project
1 management plan?

a. Control risk

b. Risk response plan

c. Scope control

d. Integrated change control

Answer: a.

Explanation: Control Risk process takes care of choosing alternative strategies, executing
fallback plan, taking corrective action, and modifying the project management plan.
42
QUIZ
Which of the following is not a tool or technique of Control Risks?
2

a. Bringing in an outside party to review your risk response strategies

b. Revisiting your risk register to review and reassess risks

c. Using earned value analysis to find variances that point to

potential project problems

d. Gathering information about how the work is being performed

43
 QUIZ
Which of the following is not a tool or technique of Control Risks?
2

a. Bringing in an outside party to review your risk response strategies

b. Revisiting your risk register to review and reassess risks

c. Using earned value analysis to find variances that point to

potential project problems

d. Gathering information about how the work is being performed

Answer: d.

Explanation: Gathering information about how the work is being performed is not a tool or
technique of Control Risks.
44
QUIZ
Which one of the following is not an output of Control Risk process?
3

a. Organizational process assets updates

b. Risk register updates

c. Variance and trend analysis

d. Change requests

45
 QUIZ
Which one of the following is not an output of Control Risk process?
3

a. Organizational process assets updates

b. Risk register updates

c. Variance and trend analysis

d. Change requests

Answer: c.

Explanation: Variance and trend analysis is the tool and technique used in Control Risk
process. Rest of them are output of this process.
46
QUIZ Every status meeting should have time allotted for risk monitoring and control. Which
4 of the following sentences about risk monitoring and control is not true?

a. Risk identification and monitoring should occur throughout the life of the
project.
b. Risk audits randomly occur.

c. Risks should be monitored for their status and to determine whether the
impacts to the objectives have changed.
d. Technical performance measurement variances may indicate that a risk is
looming and should be reviewed at status meetings.

47
 QUIZ Every status meeting should have time allotted for risk monitoring and control. Which
4 of the following sentences about risk monitoring and control is not true?

a. Risk identification and monitoring should occur throughout the life of the
project.
b. Risk audits randomly occur.

c. Risks should be monitored for their status and to determine whether the
impacts to the objectives have changed.
d. Technical performance measurement variances may indicate that a risk is
looming and should be reviewed at status meetings.
Answer: b.
Explanation: The auditing happens as per the predefined period, and when the auditing
happens, risk auditing may become part of it. The frequency of auditing is less compared to
the status meeting in which identification and monitoring of risk happens.
48
QUIZ
During the risk control, the risk response owner should be:
5

a. Identifying which risks he/she wants to monitor

b. Controlling the identification of response strategies

c. Informing the project manager of any mid-course correction needed

d. Updating stakeholders of new strategies for mitigating risks

49
 QUIZ
During the risk control, the risk response owner should be:
5

a. Identifying which risks he/she wants to monitor

b. Controlling the identification of response strategies

c. Informing the project manager of any mid-course correction needed

d. Updating stakeholders of new strategies for mitigating risks

Answer: c.

Explanation: The risk response owner is assigned to carry out responses and must keep the
project manager informed of any mid-course correction needed.
50
QUIZ
Which of the following is not a primary objective of control project risk?
6

a. Tracking identified risks

b. Identifying new risks

c. Implementing risk response plans

d. Categorize risks

51
 QUIZ
Which of the following is not a primary objective of control project risk?
6

a. Tracking identified risks

b. Identifying new risks

c. Implementing risk response plans

d. Categorize risks

Answer: d.

Explanation: Categorize risks is the objective of identify risk process.

52
Summary

Here is a quick ● In the event of major organizational changes, risk management planning
recap of what we may need to be revised to reassess.
have learned in this ● Critical success factors for the Control Risks process are integrate risk
lesson: monitoring and control with project monitoring and control, monitor risk
trigger conditions continuously and maintain risk awareness.
● Inputs of Control Risk process are risk register, project management plan,
work performance data, and work performance reports.
● Some documented risk management information includes occurrence of
risk, effectiveness of risk responses, and unexpected or undocumented
risk.
● Risk audits may be performed by a third party, a project's risk officer, or a
qualified personnel.

53
This concludes ‘Control Risks.’

Thank You and Happy Learning!

54