Wondershare EdrawMind
EdrawMindInformation Systems Project Manager Tutorial (4th Edition) Chapter 15_Project Risk Management
MindMap Gallery Information Systems Project Manager Tutorial (4th Edition) Chapter 15_Project Risk Management
- 6
Information Systems Project Manager Tutorial (4th Edition) Chapter 15_Project Risk Management
This file is a self-made mind map of "Chapter 15_Project Risk Management" of the Information System Project Management Tutorial (4th Edition). It includes planning risk management, identifying risks, implementing qualitative risk analysis, implementing quantitative risk analysis, planning risk response, implementing risk response, supervising risk, etc. According to the key points of previous exams, the importance is marked and all the contents are integrated in detail, which can make the final review and the beginning of study more effective with half the effort. I spent more than ten hours compiling and summarizing the reading of all chapters, all of which are the latest version.
Edited at 2023-12-13 10:20:53- bacteria
This is a mind map about bacteria, and its main contents include: overview, morphology, types, structure, reproduction, distribution, application, and expansion. The summary is comprehensive and meticulous, suitable as review materials.
- Plant asexual reproduction
This is a mind map about plant asexual reproduction, and its main contents include: concept, spore reproduction, vegetative reproduction, tissue culture, and buds. The summary is comprehensive and meticulous, suitable as review materials.
- Reproductive development of animals
This is a mind map about the reproductive development of animals, and its main contents include: insects, frogs, birds, sexual reproduction, and asexual reproduction. The summary is comprehensive and meticulous, suitable as review materials.
Information Systems Project Manager Tutorial (4th Edition) Chapter 15_Project Risk Management
- bacteria
This is a mind map about bacteria, and its main contents include: overview, morphology, types, structure, reproduction, distribution, application, and expansion. The summary is comprehensive and meticulous, suitable as review materials.
- Plant asexual reproduction
This is a mind map about plant asexual reproduction, and its main contents include: concept, spore reproduction, vegetative reproduction, tissue culture, and buds. The summary is comprehensive and meticulous, suitable as review materials.
- Reproductive development of animals
This is a mind map about the reproductive development of animals, and its main contents include: insects, frogs, birds, sexual reproduction, and asexual reproduction. The summary is comprehensive and meticulous, suitable as review materials.
- Recommended to you
- Outline
project risk management
basic concept
Project risk
It is an uncertain event or condition that, once it occurs, will have some positive or negative impact on the project goals (not necessarily bad)
Includes both threats to project objectives and opportunities to further project objectives
Known risks
Known risks are those that have been identified and analyzed. For known risks, it is feasible to plan for them and find solutions.
unknown risk
Although project managers can take general emergency measures to deal with unknown risks based on their experience with similar projects in the past, unknown risks cannot be managed.
Such as: natural disasters and man-made disasters
Risks will change as the project progresses, and uncertainty will gradually decrease as the project progresses.
To reduce losses, you need to proactively pay the necessary costs at an early stage
management basics
Project risk overview
Every project has risks on two levels
1. First, every project has individual risks that will affect the achievement of the project goals.
2. The second is the overall project risk caused by a combination of individual risks and other sources of uncertainty (such as scope creep leading to project overruns and delays)
Project risks can have a negative or positive impact on project objectives, that is, risks and opportunities
Project risk management aims to exploit or enhance positive risks (opportunities) and avoid or mitigate negative risks (threats)
attributes of risk
1. The randomness of risk events
The occurrence of risk events and their consequences are accidental
2. relative risk
Risks are always relative to project activity entities. The same risk has different impacts on different entities.
For project risks, the factors that affect people’s risk tolerance mainly include
1. size of benefit
The greater the likelihood and amount of the loss, the greater the gain one can hope to make to compensate for the loss.
The greater the benefits, the greater the risks people are willing to take
Example
drug trafficking
2. size of investment
The more investment in project activities, the greater the hope that people have for success and the smaller the risks they are willing to take.
3. The status and resources of the project activity subject
Higher-level managers can take greater risks than lower-level managers.
The more resources a person or organization has, the greater its risk tolerance
Example
A person has 1,000,000 yuan and spends 5,000 yuan on business. He can earn 1,000,000 yuan. He can still accept a loss of 5,000 yuan.
The other person only has 5w, losing all the property is a huge risk
3. risk variability
1. Changes in the nature of risk
Over time, a risk that previously had a negative impact now has a positive impact
For example, a piece of software was not perfect in the early days and was full of loopholes in its work. Over time, the software was gradually optimized, and using it now will greatly increase work efficiency.
2. Changes in Risk Consequences
Risk consequences include the frequency of consequences and the magnitude of gains or losses.
With the development of science and technology and the improvement of productivity, people's ability to understand and resist risk events has gradually increased, which can reduce the frequency of risk events and reduce losses or damages to a certain extent.
3. New risks emerge
For example, when additional resources are invested to avoid delaying the project progress, it may cause cost overruns.
Classification of risks
1. Divided by risk consequences
1. pure risk
definition
Risks that bring no opportunities and no possibility of benefit (purely bad, no one benefits)
as a result of
Causing loss (absolute loss) and not causing loss
The main body of the activity suffered losses, and the whole society also suffered losses.
Example: The air compressor room of a certain construction project caught fire during the construction process and suffered losses. The losses were not only for the project, but also for the whole society.
2. speculative risk
definition
It may bring opportunities and benefits, but also implies threats and risks of losses (it may be good, it may be bad, or it may have no impact)
as a result of
causing loss, not causing loss and gaining benefit
If speculative risks cause the active entities to suffer losses, the whole society may not necessarily suffer losses as well. On the contrary, others may benefit from it
For example: If a privately invested real estate development project fails, the investor will suffer losses; but the lending bank can take back the mortgaged property and resell it at a high price to make a profit.
Example: Stock trading, you may make money, you may make no profit or lose money, you may jump off the building
Project managers must avoid speculative risks turning into pure risks. Risk is not a zero-sum game. In many cases, all parties involved in the risk will suffer losses (multiple parties suffer), and no one is spared.
2. By risk source
1. natural risks
definition
The risk of damage to property or casualties due to natural forces is a natural risk
For example, engineering damage, loss of materials and equipment caused by floods or landslides during the construction of water conservancy projects
2. man-made risk
definition
Man-made risks refer to risks caused by human activities
Segmentation
Behavioral, economic, technical, policy and organizational risks, etc.
3. Classified by whether the risk is manageable
1. manageable risk
definition
Refers to risks that can be predicted and corresponding measures can be taken to control
Whether risks can be managed depends on whether risk uncertainty can be eliminated and the management level of the activity entity.
To eliminate risk uncertainty, it is necessary to have relevant data, materials and other information
2. unmanageable risk
With the increase of data, information and other information and the improvement of management level, the risk can be transformed into manageable risk.
4. Divided by risk impact scope
1. local risk
Small scope of influence
For example: delays in activities on non-critical routes
2. overall risk
Large scope of influence
Project management teams pay special attention to overall risks
Example: All activities in the project have the risk of delay, but once the activities on the critical route are delayed, the completion date of the entire project will be postponed, forming an overall risk.
5. Divided by risk bearer
Project owner risk, government risk, contractor risk, investor risk, design unit risk, supervision unit risk, supplier risk, guarantor risk and insurance company risk, etc.
6. Divided by risk predictability
1. Known risks
"Known-known" risks
definition
Refers to those risks that occur frequently and whose consequences are foreseeable that can be identified after careful and rigorous analysis of the project and its plans.
as a result of
The probability of occurrence is high, but the consequences are generally mild and not serious.
Example
Unclear project goals, overly optimistic schedules, design or construction changes, and material price fluctuations, etc.
2. Predictable risk
"Known-unknown" risks
definition
Refers to risks whose occurrence can be foreseen based on experience, but whose consequences cannot be foreseen
as a result of
The consequences of such risks can sometimes be severe
Example
The owner cannot review and approve in time, the subcontractor cannot deliver the work in time, the construction machinery fails, unforeseen geological conditions, etc.
3. Unpredictable risks
“Unknown-unknown” risk
definition
Refers to a risk that may occur, but the likelihood of which cannot be foreseen by even the most experienced person
Sometimes called unknown risks or unrecognized risks, they are risks that are new, not previously observed, or that manifest themselves only very late.
Example
These risks are generally the result of external factors, such as earthquakes, COVID-19, heavy rains that have not happened in a century, inflation and policy changes, etc.
Cost of risk and its burden
The losses or reduced profits caused by risk events and the cost of taking preventive measures to prevent the risk from occurring constitute risk costs.
Cost classification
1. tangible cost of risk loss
1. direct loss
Refers to the value of property damage and casualties
For example: if a fire breaks out in a compressed air machine room during construction, the direct losses include the replacement cost of the air compressor, the medical expenses of the injured, recuperation expenses, wages, etc.
2. indirect loss
Refers to other losses other than direct losses, liability losses and the resulting reduction in income.
Including costs incurred due to fire fighting, shutdown, etc.
2. Intangible cost of risk loss
Refers to the price that the project entity pays before or after the risk event occurs due to the uncertainty of the risk.
Manifestations
1. Risk loss reduces opportunity
Some preparations made to avoid risks often occupy a large amount of funds or other resources, making them unable to be invested in reproduction, unable to add value, and reducing opportunities.
2. Risks hinder productivity gains
Reluctance to invest funds in high-risk new technology industries hinders the application and promotion of new technologies and hinders the improvement of social productivity
3. Risks result in misallocation of resources
Because they are worried about losing money in risky industries or sectors, people are willing to invest resources in less risky industries or sectors.
3. The cost of risk prevention and control
In order to prevent and control risk losses, various measures must be taken, and the costs incurred include both direct and indirect costs.
For example: buy insurance
risk cost burden
Risk costs are not only borne by the project entity, but in many cases, other aspects related to project activities also objectively bear part of the risk costs.
The part borne by the project subject is the individual cost, and the part borne by other relevant parties is the social cost.
Example
Compressed air machine room caught fire during construction
The losses incurred by the construction unit are individually borne costs
The cost of the fire brigade coming to put out the fire is borne by society. When fire vehicles rush to the fire scene, the losses incurred by pedestrians and other vehicles that affect their work due to avoidance are all costs borne by society.
new management practices
1. non-event risks
variability risk
Uncertainty about some key aspect of a planned objective, activity or decision
For example: productivity may be higher or lower than target, testing may find more or fewer bugs than expected
how to respond
It can be handled through Monte Carlo analysis, that is, using a probability distribution to represent the possible range of variations, and then taking actions to narrow the range of possible outcomes.
ambiguity risk
Uncertainty about what may happen in the future
Cause
Insufficient knowledge about the requirements or elements of the technical solution, future developments in the regulatory framework, or the system complexities inherent in the project
how to respond
Gaps in knowledge or understanding need to be defined and then filled by seeking input from external experts or benchmarking against best practice.
Incremental development, prototyping or simulation can also be used to deal with ambiguity risks
2. project resilience
There is a kind of risk that can only be discovered after it occurs. This risk is called an unexpected risk. This risk can be dealt with by strengthening the resilience of the project.
Ways to Strengthen Project Resilience
Set aside reserves, strong change management, empower your team, watch for warning signs, solicit input from stakeholders, etc.
3. Integrated risk management
Risks exist at the project, program, portfolio and organizational levels and should be assumed and managed at the appropriate level
An organizational risk management approach should be used to ensure consistency and coherence of risk management efforts at all levels so that programs and portfolios are structured with risk control efficiency that is conducive to achieving a given level of risk tolerance. Create the greatest overall value under
management process
Tailoring considerations
Project size, project complexity, project importance, development approach
Agile and adaptive methods
Frequently review incremental work products and accelerate knowledge sharing to ensure risk awareness and management
Requirements documents should be updated regularly and work reprioritized as the project progresses based on a deep understanding of current risk tolerance
planning risk management
Process overview
definition
Is the process of defining how project risk management activities will be implemented
main effect
Ensure the level, approach and visibility of risk management are commensurate with the level of project risk and importance to the organization and other stakeholders
The planning risk management process should start at the project establishment stage and be completed early in the project. Later in the project life cycle, it may sometimes be necessary to redo this process.
For example: when a major stage change occurs, when the project scope changes significantly, or when the effectiveness of risk management is subsequently reviewed and it is determined that the project risk management process needs to be adjusted.
enter
1. Project Charter
Record the overall description and boundaries of the project, overall requirements and risks
2. project management plan
All approved project management subplans
The risk management plan should be coordinated with each sub-plan; at the same time, the methodologies listed in each sub-plan may also affect the planning risk management process
3. project files (Classified by process output)
Identify stakeholders
Stakeholder register
Outlines the roles of stakeholders in the project and their attitudes towards project risks, which can be used to determine the roles and responsibilities of project risk management and set risk thresholds for the project
4. business environment factors
The overall risk threshold set by the organization or key stakeholders
5. organizational process assets
Tools & Techniques
1. expert judgment
2. data analysis
stakeholder analysis
Determine the risk appetite of project stakeholders
3. Meeting
output
risk management plan
definition
Describe how to organize and implement risk management activities
main content
1. risk management strategy
Describe the general approach used to manage risks on this project
2. methodology
Determine the specific methods, tools and data sources used to carry out risk management for this project
3. Roles and Responsibilities
Identify leaders, sponsors and team members for each risk management activity and clarify responsibilities
4. funds
Determine the funds required to carry out project risk management activities, and formulate plans for the use of emergency reserves and management reserves
5. Schedule
Determine the timing and frequency of implementing project risk management processes during the project life cycle, identify risk management activities and incorporate them into the project schedule
6. risk category
Determine how to classify project risks
Risk categories are usually constructed with the help of a risk breakdown structure (RBS). The risk breakdown structure helps the project team consider all possible sources of risks for a single project and is particularly useful for identifying risks or classifying identified risks.
7. Stakeholder risk appetite
Details that will affect the planning risk management process should express stakeholder risk appetite into measurable risk thresholds for each project objective.
8. Risk probability and impact
The number of probability and impact levels should be determined based on the level of detail of the proposed project risk management process, with more levels (usually five) corresponding to a more detailed risk management approach; fewer levels (usually three) corresponding to a simpler approach Methods
9. Probability and Impact Matrix
In a common probability and impact matrix, both opportunities and threats are listed; opportunities are defined by positive impacts and threats are defined by negative impacts
Probability * Impact = Probability-Impact score for each risk, used to rank individual risks relative to each other within each priority group
10. report format
Determine how the results of the project risk management process will be recorded, analyzed, and communicated
11. track
Determine how risk activities will be recorded and how the risk management process will be audited
Identify risks
Process overview
definition
It is the process of identifying the sources of individual project risks and overall project risks, and recording risk characteristics.
main effect
1. Document existing individual project risks, as well as sources of overall project risk
2. Aggregate relevant information so that the project team can appropriately respond to identified risks
should be carried out throughout the project
participants
All project stakeholders (all personnel) should be encouraged to participate in the identification of project risks
A unified risk description format should be used to describe and record project risks to ensure that each risk is clearly and unequivocally understood to provide support for effective analysis and risk response development.
Identifying risks is an iterative process
Throughout the project life cycle, individual project risks may continue to change as the project progresses, and the level of overall project risk may also change.
The frequency of iterations and the level of involvement required for each iteration will vary from case to case and should be specified accordingly in the risk management plan
enter
1. project management plan
1. demand management plan
May identify particularly risky project goals
2. progress management plan
3. cost management plan
4. quality management plan
5. resource management plan
May list some xx areas (schedule, cost, quality, resources) that are affected by uncertainty or ambiguity, or some xx areas where key assumptions may cause risk
6. risk management plan
Defines risk management roles and responsibilities, describes how risk management activities will be integrated into budgets and schedules, and describes risk categories
7. Scope Baseline
Includes deliverables and their acceptance criteria, some of which may pose risks; and a work breakdown structure, which can be used as a framework for arranging risk identification efforts
8. progress baseline
You can view the progress baseline to identify milestone and deliverable date dates where there is uncertainty or ambiguity, or key assumptions that may create risk
9. cost basis
You can review your cost baseline to identify areas where there is uncertainty or ambiguity in cost estimates or funding requirements, or where key assumptions may create risk
2. project files (Classified by process output)
1. Develop project charter
Hypothetical log
Documented assumptions and constraints may give rise to individual project risks and may also affect the level of overall project risk
2. Direct and manage project activities
Problem log
Documented issues may raise individual project risks and may also affect the level of overall project risk
3. management knowledge
Experience Teaching Register
Lessons learned related to risks identified early in the project can be reviewed to determine whether similar risks are likely to reoccur during the remainder of the project
4. Gather requirements
requirements document
Project requirements are spelled out, allowing the team to determine which requirements are at risk
5. Estimate activity duration
duration estimate
6. Estimate cost
Cost Estimate
7. Estimate activity resources
Resource requirements
Quantitative assessment of project xx (activity duration, cost, activity resources), ideally expressed as an interval, the size of the interval indicates the degree of risk A structured review of xx (duration estimate, cost estimate, activity resource estimate) documents may reveal that current estimates are insufficient, thereby causing project risk
8. Identify stakeholders
Stakeholder register
Specifies which individuals or groups may be involved in identifying risks for the project and details which individuals are suitable to play the role of risk owner
3. Procurement documents
If project resources need to be sourced externally, the initial procurement documentation should be reviewed as sourcing goods and services from outside the organization may increase or decrease overall project risk and may introduce additional project risk
4. protocol
If project resources need to be procured from outside, the milestone dates, contract types, acceptance criteria and reward and penalty clauses stipulated in the agreement may pose threats or create opportunities.
5. business environment factors
6. organizational process assets
Tools & Techniques
1. expert judgment
2. data collection
1. Brainstorming
The goal is to obtain a comprehensive list of sources of project risk
Risk categories (such as a risk breakdown structure) can be used as a framework for identifying risks
2. Checklist
Checklists can be based on completed projects, or a generic risk checklist for a specific industry can be used
While the checklist is simple and easy to use, it cannot exhaust all risks
It is important to ensure that checklists are not used to replace the required risk identification work; at the same time, the project team should also pay attention to items not listed in the checklist.
3. Interview
Sources of project risk can be identified through interviews with senior project participants, stakeholders, and subject matter experts
3. data analysis
1. Root Cause Analysis
Often used to discover underlying causes of problems and develop preventive measures
2. Assumptions and constraints analysis
Explore the validity of assumptions and constraints and determine which of them pose project risks
Threats can be identified from inaccurate, unstable, inconsistent or incomplete assumptions
Opportunities are created by removing or relaxing constraints that affect project or process execution
Threats can be identified if assumptions do not hold If constraints are relaxed, opportunities can be created
3. SWOT analysis
A case-by-case examination of the project’s Strengths, Weaknesses, Opportunities and Threats (SWOT)
When identifying risks, it broadens the scope of risk identification by including internally generated risks
First, focus on the project, organization, or general business area and identify the organization's strengths and weaknesses; then, identify the opportunities that the organization's strengths may bring to the project and the threats that the organization's weaknesses may pose.
Analyze the extent to which organizational strengths can overcome threats and whether organizational weaknesses hinder opportunities.
4. File analysis
A number of risks can be identified through a structured review of project documents
Documents available for review mainly include plans, assumptions, constraints, past project files, contracts, agreements and technical documents
4. Interpersonal and team skills
5. Tip list
New in the fourth edition
A preset list of risk categories that may give rise to project risk sources
When employing risk identification techniques, a prompt checklist can be used as a framework to assist the project team in developing ideas
The risk categories at the bottom of the risk breakdown structure can be used as a prompt list to identify individual project risks; some common strategic frameworks can be used to identify the sources of overall project risk.
Difference from checklist
The checklist lists specific risks
Listed in the prompt list are the risk categories
6. Meeting
risk seminar
output
1. risk register
Record details of identified project risks
main content
Passed Dictation Test at Intermediate Level
1. List of identified risks
Each project risk is assigned a unique identification number
2. Potential Risk Responsible Person
If a potential risk holder has been identified during the risk identification process, the holder must be recorded in the risk register
This will then be confirmed by conducting a qualitative risk analysis process
3. List of potential risk response measures
If a potential risk response has been identified during the risk identification process, it should be recorded in the risk register
This will then be confirmed by the planning risk response process
2. risk report
New in the fourth edition
Provides information on overall project risks, as well as overview information on identified individual project risks
In the project risk management process, the preparation of risk reports is a progressive work
main content
1. Sources of overall project risk
Describe which are the most important factors in overall project risk
2. Overview information on identified individual project risks
For example, the number of threats and opportunities identified, the distribution of risks across risk categories, measurements and trends
As the processes of conducting qualitative risk analysis, conducting quantitative risk analysis, planning risk responses, implementing risk responses and monitoring risk are completed, the results of these processes also need to be recorded in the risk register and risk reports The difference between risk register and risk report: · The risk register records information about individual risks · Risk reports contain information on the overall risk of the project
3. Project files (updated)
1. Hypothetical log
2. Problem log
3. Lessons Learned Registration Form
Conduct qualitative risk analysis
Process overview
definition
It is the process of prioritizing risks by assessing the probability, impact and other characteristics of individual project risks to provide a basis for subsequent analysis or action.
main effect
Focus on high priority risks
Identify responsible persons for each risk so that they are responsible for planning the risk response and ensuring that the response is implemented
This process needs to be carried out regularly throughout the project
In an agile or adaptive development environment, a qualitative risk analysis process is typically performed before each iteration.
This assessment is subjective based on the risk perception of the project team and other stakeholders.
Evaluate the priority of individual identified project risks using their probability of occurrence, the corresponding impact on project objectives if the risk occurs, and other factors
Data analysis: risk probability and impact assessment, data representation: risk probability and impact matrix
Assessing the probability and impact of risks is the implementation of qualitative risk analysis
enter
1. project management plan
risk management plan
Of particular note during this process are risk management roles and responsibilities, budgeting and scheduling activities, as well as risk categories (usually defined in a risk breakdown structure), probability impact definitions, probability and impact matrices, and stakeholder risk thresholds.
The above has usually been tailored to suit the needs of the specific project during the planning risk management process
2. project files (Classified by process output)
1. Develop project charter
Hypothetical log
Used to identify, manage and monitor key assumptions and constraints that may affect the project and may impact the assessment of the priority of project risks
2. Identify risks
risk register
Include details of identified project risks that will be assessed during this process
3. Identify stakeholders
Stakeholder register
Include details of project stakeholders who may be designated risk owners
3. business environment factors
4. organizational process assets
Tools & Techniques
1. expert judgment
Gain expertise or experience through guided risk workshops or interviews
Be aware that experts may be biased
2. data collection
Interview
Structured or semi-structured interviews can be used to assess the concept and impact of individual project risks, as well as other factors
3. data analysis
1. Risk data quality assessment
Risk data is the basis for qualitative risk analysis
Risk data quality assessment aims to evaluate the accuracy and reliability of data on individual project risks
Way
Questionnaire survey to understand the evaluation of project stakeholders on various aspects of data quality, including data integrity, objectivity, relevance and timeliness, and then conduct a comprehensive assessment of the quality of risk data
2. Risk probability and impact assessment
risk probability assessment
considers the likelihood that a particular risk will occur
risk impact assessment
Considers the potential impact of a risk on one or more project objectives, such as schedule, cost, quality, or performance
Way
interviews, meetings
To conduct a probability and impact assessment for each identified individual project risk
3. Assessment of other risk parameters
Possible test choice
Urgency, proximity, latency, manageability, controllability, monitorability, connectivity, strategic influence, closeness
Contributes to more robust risk prioritization
include
1. urgency
The period of time during which response measures must be taken to effectively address a risk. Short time indicates high urgency
2. Proximity
The risk affects one or more project objectives over time. Short time indicates high proximity
3. incubation period
The likely time period between the occurrence of a risk and the manifestation of its effects. Short time means short incubation period
4. Manageability
The ease with which the risk owner (or responsible organization) can manage the occurrence or impact of the risk. Manageability is high if it is easy to manage
5. Controllability
The extent to which the risk owner (or responsible organization) can control the consequences of the risk. If the consequences are easy to control, controllability is high
6. Monitorability
The ease with which risks can be monitored as they occur or are about to occur. Monitorability is high if the occurrence of a risk is easy to monitor
7. connectivity
The degree to which a risk is related to other individual project risks. Connectedness is high if a risk is related to multiple other risks
8. strategic influence
The potential positive or negative impact of a risk on an organization's strategic objectives. Strategic influence is high if the risk has a significant impact on strategic objectives
9. closeness
The extent to which a risk is considered significant by one or more stakeholders. Risks that are considered important have a high degree of closeness
4. Data performance
1. Probability and Impact Matrix
A table that maps the probability of occurrence of each risk and the impact of the risk on the project objectives if it occurs
Evaluate the probability of occurrence of individual project risks and their impact on one or more project objectives, if they occur, on a case-by-case basis using the risk probability and impact definitions specified in the risk management plan. A probability and impact matrix is then used to assign priorities to individual project risks based on the resulting combination of probabilities and impacts.
2. hierarchy diagram
If more than two parameters are used to classify risks, the probability and impact matrices cannot be used and other graphs need to be used
Example: A bubble chart can display three-dimensional data. In the bubble chart, each risk is drawn as a bubble, and the X-axis value, Y-axis value and bubble size are used to represent the three parameters of the risk.
The X-axis represents monitorability, the Y-axis represents proximity, and the impact value is expressed as bubble size.
5. Interpersonal and team skills
guide
Ability to improve the effectiveness of qualitative analysis of individual project risks
6. Risk classification
The risk classification method that can be used for the project should be specified in the risk management plan
It helps to focus attention and energy on the areas where risks may occur the most, or to develop common risk response measures for related risks, thereby conducive to more effective risk response.
7. Meeting
Target
Includes review of identified risks, assessment of probability and impact (and other possible risk parameters), classification and prioritization of risks
output
Project files (updated)
1. Hypothetical log
2. Problem log
3. risk register
Update the risk register with new information generated by performing the qualitative risk analysis process
update content
Probability and impact assessment, priority level or risk score for each individual project risk, designated risk owner, risk urgency information or risk category, and watch list of low priority risks and risks requiring progressive analysis
4. risk report
Document the most important individual project risks (usually those with the highest probability and impact), a prioritized list of all identified risks, and a brief conclusion
Conduct quantitative risk analysis
Process overview
definition
It is the process of quantitatively analyzing (using data to speak) the impact of identified individual project risks and other sources of uncertainty on overall project objectives.
main effect
1. Quantify overall project risk to maximum likelihood
For example: the project may be delayed by a week, the project may be overvalued by 50,000
2. Provide additional quantitative risk information to support risk response planning
This process is not required for every project, but if used, it will continue throughout the project
The project risk management plan will specify whether quantitative risk analysis needs to be used. Risks that have been analyzed and frequently encountered do not need to be quantitatively analyzed, and risk responses can be directly planned.
Suitable for large or complex projects, projects of strategic importance, contracts or projects where key stakeholders require quantitative analysis
The ability to conduct robust quantitative analysis depends on the availability of high-quality data on individual project risk information and other sources of uncertainty that are assessed by the qualitative risk analysis process as having a significant potential impact on project objectives, as well as on scope, schedule, and cost Relevant and solid project baseline
Quantitative risk analysis often requires specialized risk analysis software and expertise in compiling and interpreting risk patterns, as well as additional time and cost investments.
This process can also be carried out after the Plan Risk Response process to analyze the maximum possible effectiveness of the planned responses in reducing overall project risk.
enter
1. project management plan
1. risk management plan
Determine whether the project requires quantitative risk analysis, detailing the resources available for analysis and expected frequency of analysis
2. Scope Baseline
3. progress baseline
4. cost basis
Provides a starting point for assessing the impact of individual project risks and other sources of uncertainty
2. project files (Classified by process output)
1. Develop project charter
Hypothetical log
If assumptions are considered to cause project risks, they should be included as input to quantitative risk analysis and can also be used to build models to analyze the impact of constraints.
2. Define activities
Milestone List
Critical phases of the project determine schedule goals, and these schedule goals are compared to the results of a quantitative schedule risk analysis to determine the level of confidence associated with achieving those goals.
3. Estimate activity duration
duration estimate
Provides a starting point for assessing schedule variability
4. control progress
progress forecast
Forecasts can be compared with the results of a quantitative schedule risk analysis to determine the level of confidence associated with achieving forecast goals
5. Estimate cost
Cost Estimate
Provides a starting point for assessing cost variability
6. Control costs
cost forecast
Compare forecast metrics to the results of quantitative cost risk analysis to determine the level of confidence associated with achieving those metrics
Including the project’s estimate to completion (ETC), estimate to completion (EAC), budget to completion (BAC), and performance index to completion (TCP)
7. Estimate activity resources
Resource requirements
Provides a starting point for assessing resource variability
8. Estimate xx
Estimate basis
The estimation basis used for project planning can be reflected in the established variable analysis model, which may include estimation purpose, classification, accuracy, methodology and data sources
9. Identify risks
risk register
Contains detailed information on individual risks used as input for quantitative risk analysis
risk report
Describes the sources of overall project risk, and the current overall project risk status
3. business environment factors
4. organizational process assets
Tools & Techniques
1. expert judgment
2. data collection
Interview
Can be used to generate inputs for quantitative risk analysis of individual project risks and other sources of uncertainty
Interviews are particularly useful when information needs to be solicited from experts
3. data analysis
1. simulation
Use models to simulate the combined impact of individual project risks and other sources of uncertainty to assess their potential impact on project objectives
Monte Carlo analysis
Analyze content
1. cost risk
enter
Project Cost Estimate
2. schedule risk
enter
Progress network diagrams and duration estimates
3. Quantitative Cost and Schedule Comprehensive Risk
Use both inputs above at the same time
output
Quantitative Risk Analysis Model
software simulation
Run quantitative risk analysis models through thousands of iterations using computer software
For each run, input values (such as cost estimates, duration estimates, or probabilistic branch occurrence frequencies) are randomly selected.
The output of these runs forms a range of possible project outcomes (e.g., project end date, project completion cost)
2. sensitivity analysis
Helps determine which individual project risks or sources of uncertainty have the greatest potential impact on project results
Establish a link between changes in project results and changes in elements in quantitative risk analysis models
tornado diagram
Indicates analysis results
The figure plots the correlation between each element in the quantitative risk analysis model and the project outcomes it can influence. These elements can include individual project risks, volatile project activities, and specific sources of uncertainty.
Each feature is arranged in descending order of association strength, forming a typical tornado shape
There are horizontal coordinates in the figure
project duration
positive number representation
Activities or risks result in extension of project duration
negative number representation
Activities or risks result in shortened project duration
3. Decision tree analysis
Computing seminar focuses on
Use decision trees to choose the best option among several alternative courses of action
In a decision tree, different branches are used to represent different decisions or events, that is, alternative paths for the project.
Each decision or event has associated costs and individual project risks (including threats and opportunities)
The end point of a decision tree branch represents the final outcome along a specific path, which can be a negative or positive outcome.
By calculating the expected monetary value (EMV) of each branch, the optimal path can be selected
D is quantitative risk analysis, which uses specific calculation results to quantify risks.
4. influence diagram
Graphical aids for decision-making under uncertainty
It represents a project or a situation in the project as a series of entities, results and impacts, as well as the relationships and interactions between them
Use simulation techniques such as Monte Carlo analysis to analyze which elements have the greatest impact on important outcomes. Impact diagram analysis can produce results similar to other quantitative risk analyses, such as curve charts and tornado diagrams.
4. Interpersonal and team skills
guide
5. How uncertainty manifests
New in the fourth edition
To conduct quantitative risk analysis, you need to build and provide input to a quantitative risk analysis model that reflects individual project risks and other sources of uncertainty.
If the duration, cost, or resource requirements of an activity are uncertain, a probability distribution can be used in the model to represent the possible range of its values.
The form of a probability distribution
The most commonly used are triangular distribution, normal distribution, lognormal distribution, beta distribution, uniform distribution or discrete distribution
output
Project files (updated)
risk report
Reflect the results of quantitative risk analysis
update content
1. An assessment of the maximum likelihood of overall project risk
How overall project risk is measured
Likelihood of project success
Probability of success
Inherent variability in projects
Result interval
2. Results of detailed probabilistic analysis of the project
1. Required contingency reserves
2. A list of individual project risks or other sources of uncertainty that have the greatest impact on the project critical path
3. Key drivers of overall project risk
3. Individual project risk priority list
4. Trends in Quantitative Risk Analysis Results
gradually clear
5. Risk response suggestions
Plan risk responses
Process overview
definition
It is the process of formulating alternatives, selecting response strategies, and agreeing on response actions in order to deal with project risks.
main effect
1. Develop appropriate approaches to overall project risks and individual project risks
2. Allocate resources and add related activities to project documents and project management plan as needed
This process needs to be carried out throughout the project
The risk response plan should match the importance of the risk, be able to respond to the challenge cost-effectively, be realistic and feasible in the context of the current project, obtain the consent of all stakeholders, and be specifically responsible for it by a responsible person (the responsible person is responsible for the implementation) (specified during qualitative risk analysis)
Passed the intermediate level exam
Structured decision-making techniques can be used to select the most appropriate response strategy; for large or complex projects, it may be necessary to conduct economic analysis of alternative risk response strategies based on mathematical optimization models or actual solution analysis.
Specific response actions should be developed to implement the agreed risk response strategy. Contingency plans are needed if the chosen strategy is not entirely effective, or if accepted risks occur. At the same time, secondary risks also need to be identified
Secondary risks are risks directly caused by the implementation of risk response measures, such as: speeding up to prevent being late, but may lead to the risk of collision with other vehicles.
enter
1. project management plan
resource management plan
Help coordinate resources for risk response and other project resources
risk management plan
Risk roles and responsibilities, risk thresholds
cost basis
Contains information on contingency funds intended for risk response
2. project files (Classified by process output)
1. Managing project knowledge
Lessons Learned Register
2. Develop a progress plan
Project schedule
Used to determine how to plan risk response activities concurrently with other project activities
3. Access to resources
Resource Calendar
Determined when potential resources will be available for risk response
Project team dispatches work orders
List of human resources available for risk response
4. Identify risks
risk register
Contains details of individual project risks that have been identified and prioritized and need to be addressed. The priority of each risk helps select appropriate risk responses
risk report
A prioritized list of individual project risks and additional analysis of the distribution of individual project risks, which will influence the selection of risk response strategies
5. Identify stakeholders
Stakeholder register
Potentially responsible persons for risk response are listed
3. business environment factors
4. organizational process assets
Tools & Techniques
1. expert judgment
Threats, opportunities, contingency, and overall project risk response strategies
2. data collection
Interview
3. data analysis
1. Alternatives analysis
2. cost benefit analysis
For example: If in the project, a risk will cause a loss of 100,000, and dealing with this risk requires a cost of 150,000, then you should choose: do not deal with the risk
If the impact of individual project risks can be quantified monetarily, then a cost-benefit analysis can be used to determine the cost-effectiveness of alternative risk response strategies.
The cost effectiveness of the response strategy = the change in risk impact level that the response strategy will cause / the implementation cost of the strategy
The higher the ratio (the result obtained by the formula), the greater the effectiveness
4. Interpersonal and team skills
guide
5. Threat response strategy
1. Report
An escalation strategy should be used if the project team or project sponsor believes that a threat is outside the scope of the project or that the proposed response is beyond the project manager's authority
Escalated risks will be managed at the program level, portfolio level or other relevant parts of the organization rather than at the project level
Relevant people in the organization must be willing to take responsibility for responding to reported threats
Once a threat is reported, it will not be subject to further monitoring by the project team, although it may still appear in the risk register for reference
2. avoid
Refers to actions taken by the project team to eliminate threats, or to protect the project from threats
Suitable for high-priority threats with a high probability of occurrence and serious negative impact
Strategies include
Eliminate the cause of the threat, extend the schedule, change the project strategy, or reduce the scope
Some risks can be avoided by clarifying requirements, obtaining information, improving communication, or acquiring know-how
Summary: Changing plans
3. transfer
Shift responsibility for responding to threats to a third party, allowing them to manage risks and bear the impact of threats if they occur
A risk transfer fee is usually required to be paid to the party assuming the threat
Strategies include
Purchase insurance, use performance bonds, use guarantees and use bonds
Sign an agreement to transfer the ownership and responsibility of specific risks to a third party
4. alleviate
Refers to measures taken to reduce the probability and impact of threats
Strategies include
Use simpler processes, more testing, and more reliable sellers
Employ prototyping to reduce the risk of scale-up from bench models to actual processes or products
If the probability cannot be reduced, it may be possible to mitigate the impact of the risk by looking at the factors that determine its severity.
For example: adding redundant components to a system can mitigate the impact of failure of the original component (if one fails, another one will immediately take over)
5. accept
Refers to acknowledging the existence of a threat but not taking proactive measures. It can be used for low-priority threats or threats that cannot be dealt with cost-effectively in any other way.
Classification
active acceptance strategy
Establish contingency reserves, which include setting aside time, money, or resources to respond to emerging threats
passive acceptance strategy
No proactive action is taken, only threats are regularly reviewed to ensure they have not changed significantly
6. Opportunity coping strategies
1. Report
2. open up
If an organization wants to ensure that it seizes high-priority opportunities, it can choose an exploit strategy
Increase the probability of a specific opportunity to 100% to ensure that it will definitely appear and obtain the benefits associated with it
Strategies include
Reduce completion time by allocating the organization's most capable resources to projects
Use new technologies or technology upgrades to save project costs and shorten project duration
3. share
Transfer the responsibility for responding to the opportunity to a third party, allowing them to enjoy part of the benefits of the opportunity
Usually a fee is paid to the party being shared (sharing of benefits)
Strategies include
Create partnerships, collaborative teams, special companies and joint ventures to share opportunities
4. improve
Used to increase the probability and impact of opportunities
Strategies include
Increase resources for early completion of activities
5. accept
7. Overall project risk response strategy
1. avoid
If the overall project risk has a serious negative impact and exceeds the agreed project risk threshold, avoidance strategies can be used
Take focused actions to weaken the negative impact of uncertainty on the overall project and bring the project back to within the critical value
Strategies include
Cancel high-risk work in the project scope, cancel the project
2. open up
A pioneering strategy can be used if the overall project risk has a significant positive impact and exceeds the agreed project risk threshold
Take focused action to capture the positive impact of uncertainty on the overall project
Strategies include
Add high-benefit work to the project scope to increase the value or benefit of the project to stakeholders
Consult with key stakeholders to modify project risk thresholds to include opportunities
3. transfer or share
Strategies include
Establishing a collaborative business structure where the buyer and seller share overall project risk, forming a joint venture or special purpose vehicle, or subcontracting critical work of the project
4. reduce or improve
Change the level of overall project risk to optimize the likelihood of achieving project objectives
Strategies include
Replan the project, change the project scope and boundaries, adjust project priorities, change resource allocation, adjust delivery time, etc.
5. accept
8. emergency response strategies
Design responses that are only used when certain events occur
For certain risks, if the project team believes that there will be sufficient warning signs for their occurrence, then a response plan should be developed that will be executed only when certain predetermined conditions occur.
Triggers for contingency strategies should be defined and tracked, e.g., intermediate milestones not being achieved, or receiving a higher degree of attention from the seller
A risk response plan developed using this technique is often called a contingency plan and includes identified triggering events that are used to initiate the plan.
Coping plan: I checked the weather forecast in the morning and it said it might rain when I get off work today, so I bought an umbrella in advance and put it in my bag. Emergency plan: I heard thunder on my way to get off work, so I immediately went to a nearby convenience store and bought an umbrella.
9. decision making
Multi-criteria decision analysis
Helps prioritize multiple risk response strategies
output
1. change request
Responding to risks takes time and money, so schedule and cost baselines may need to be changed.
After risk responses are planned, change requests may be made to the cost baseline and schedule baseline, or other components of the project management plan. Change requests should be reviewed and handled through the implementation of an overall change control process.
2. Project Management Plan ((updated)
1. progress management plan
Resource load and resource balance changes, schedule policy updates, etc.
2. cost management plan
Cost accounting, tracking and reporting changes, and updates to budget strategies and contingency reserve usage, etc.
3. quality management plan
Methods to meet needs, changes in quality management methods and quality control processes, etc.
4. resource management plan
Resource configuration changes and resource policy updates, etc.
5. Procurement Management Plan
Make-or-buy decisions, contract type changes, etc.
6. Scope Baseline
7. progress baseline
8. cost basis
If the agreed-upon risk response strategy results in changes to the scope/schedule estimate/cost estimate and such changes are approved, corresponding changes will be made to the scope/schedule/cost baseline
3. Project files (updated)
1. cost forecast
May change due to planned risk response strategy
2. Project schedule
Activities to implement the agreed risk response strategy can be added to the project schedule
3. Project team dispatches work orders
Once the response strategy is determined, the necessary resources should be allocated to each measure related to the risk response plan, including appropriately qualified and experienced personnel (usually within the project team), reasonable funding and time to implement the agreed measures, and necessary technical means
4. risk register
Updates required to document selected and agreed risk responses
update content
1. Agreed coping strategies
2. Specific actions required to implement selected response strategies
3. Trigger conditions, signs and early warning signals for risk occurrence
4. Budget and schedule activities required to implement the selected response strategy
5. Contingency plan and risk triggers required to activate the plan
6. Fallback plan for when risks occur and primary response measures are insufficient
7. Residual risks that remain after predetermined countermeasures have been taken, and risks that are intentionally accepted
8. Secondary risks directly caused by the implementation of risk response measures
5. risk report
Updated to document agreed responses to current overall project risk exposure and high priority risks, and expected changes following implementation of these actions
6. Hypothetical log
7. Lessons Learned Register
Implement risk responses
Process overview
definition
is the process of executing an agreed risk response plan
main effect
1. Ensure agreed risk responses are implemented as planned
2. Manage overall project risk portals, minimize individual project threats, and maximize individual project opportunities
This process needs to be carried out throughout the project
Appropriate attention to the process of implementing risk responses can ensure that agreed risk responses are actually implemented
A project's overall risk portal and individual threats and opportunities can only be proactively managed if risk owners make the necessary efforts to implement agreed responses.
enter
1. project management plan
risk management plan
Roles and responsibilities of project team members and other stakeholders relevant to risk management are spelled out. This information should be used to assign responsibility for agreed risk responses.
2. project files (Classified by process output)
1. Managing project knowledge
Lessons Learned Register
2. Identify risks
risk register
Responses to each risk are documented and responsible persons are designated
risk report
Includes an assessment of current overall project risk portals and agreed risk response strategies, as well as a description of significant individual project risks and their response plans
3. organizational process assets
Tools & Techniques
1. expert judgment
2. Interpersonal and team skills
Influence
Some risk responses may be performed by people outside the project team or by people who have other competing needs
The project manager or person responsible for guiding the risk management process needs to exert influence to encourage designated risk owners to take the required actions
3. project management information system
Includes schedule, resource and cost software
Used to ensure that the agreed risk response plan and its related activities are integrated into the overall project along with other project activities
output
1. change request
After the risk response is implemented, change requests may be made to the cost baseline and schedule baseline, or other components of the project management plan. Change requests should be reviewed and processed through the implementation of the overall change control process.
2. Project files (updated)
1. Project team dispatches work orders
Once the risk response strategy is determined, the necessary resources should be allocated to each measure related to the risk response plan, including personnel with appropriate qualifications and experience, reasonable funds and time, and necessary technical means to implement the agreed measures.
2. risk register
Reflect any changes to the agreed responses to individual project risks that result from undertaking this process
3. risk report
Reflect any changes to the agreed responses to overall project risk portals resulting from undertaking this process
4. Problem log
5. Lessons Learned Register
Oversight risk
Process overview
definition
It is the process of overseeing the implementation of risk response plans throughout the project, tracking identified risks, identifying and analyzing new risks, and evaluating the effectiveness of risk management
main effect
Ensure that project decisions are based on current information on overall project risks and individual project risks
This process needs to be carried out throughout the project
Supervision content
1. Are the risk responses implemented effective?
2. Has the overall project risk level changed?
3. Has the status of an identified individual project risk changed?
4. Whether new individual project risks arise
5. Is the risk management approach still relevant?
6. Do the project assumptions still hold?
7. Have risk management policies and procedures been followed?
8. Whether cost or schedule contingency reserves need to be modified
9. Is the project strategy still valid?
enter
1. project management plan
risk management plan
Specifies how and when risks should be reviewed, what policies and procedures should be followed, roles and responsibilities associated with oversight of this process, and reporting formats
2. project files (Classified by process output)
1. Guidance in managing project work
Problem log
Used to check if open issues are updated and make necessary updates to the risk register
2. Managing project knowledge
Lessons Learned Register
3. Identify risks
risk register
The main contents include identified individual project risks, risk owners, agreed risk response strategies, and specific response measures.
risk report
Includes an assessment of current overall project risk portals and agreed-upon risk response strategies. It also describes important individual project risks and their response plans and risk owners.
3. job performance data
Contains information about project status, such as risk responses implemented, risks that have occurred, those that are still active, and those that have been closed
4. job performance report
It can provide information about project work performance by analyzing performance measurement results, including deviation analysis results, earned value data and forecast data.
Tools & Techniques
1. data analysis
1. Technical performance analysis
Compare the technical results achieved during project execution with the plan to achieve relevant technical results. The degree to which actual results deviate from the plan can represent the potential impact of threats or opportunities.
Requires the definition of objective, quantitative measures of technical performance against which actual results can be compared with planned requirements
Technical performance measures
May include processing time, number of defects, storage capacity, etc.
2. Reserve analysis
Refers to comparing the remaining contingency reserve with the remaining risk amount at any point in time of the project to determine whether the remaining reserve is still reasonable
2. audit
risk audit
is an independent assessment process
Used to evaluate the effectiveness of risk management processes
The project manager is responsible for ensuring that risk audits are conducted at the frequency specified in the project risk management plan
Risk audits can be carried out in daily project review meetings and risk review meetings, and the team can also hold special risk audit meetings
3. Meeting
risk review meeting
Examine and document the effectiveness of risk responses in addressing overall project risks and identified individual project risks
A risk review can also identify new individual project risks (including secondary risks arising from agreed responses), reassess current risks, close obsolete risks, discuss issues raised by the occurrence of risks, and summarize what can be used Lessons learned from subsequent phases of current projects or similar projects in the future
output
1. job performance information
It is information about the performance of project risk management that is obtained by comparing the actual occurrence and expected occurrence of a single risk.
Can illustrate the effectiveness of risk response planning and response implementation processes
2. change request
Includes recommended corrective and preventive actions that address the overall project risk level or individual risks
3. Project Management Plan ((updated)
Any component of the project management plan may be affected by this process
4. Project files (updated)
1. risk register
Record information on individual project risks generated by this process, which may include adding new risks, updating obsolete risks or occurred risks, and updating risk responses, etc.
2. risk report
Reflects the current status of significant individual project risks, as well as the current level of overall project risk
3. Hypothetical log
4. Problem log
5. Lessons Learned Register
5. Organizational process assets (updated)
Templates for risk management plans, risk registers and risk reports; risk breakdown structures, etc.
Risk management example
Key risk management tools
Main risk list
Risks recorded in risk registers are more comprehensive
Specifies a list of risks faced by the project
Develop detailed risk response plans for each risk in the list of major risks. They do not need to be lengthy and should take up approximately 1 to 2 pages each.
risk list
effect
It can keep the awareness of risk management in the minds of project managers.
Updating your risk list, prioritizing these risks, and updating your risk response can help you stay alert to the severity and evolution of these risks.
The project team should make a preliminary list of risks before starting the requirements analysis and update this list until the end of the project.
This week: Risk rankings for the week Last week: Risks ranked last week Number of weeks: the time from when the risk was identified to the present