Features
Features:

Product Tour >

Edraw AI >

Paid Plans:

Individuals >

Business >

Eduaction >
Resources
Blog

History

How-tos & Tips

Discovery

Biography

Business Analysis

Examples

AI concept Map

Free AI Mind Map Generator

Onenote Mind Map

Bcg Matrix Examples

Nike Marketing Strategy

Unilever SWOT Analysis

Make Mind Maps in Google Docs

Guide

FAQs

What's New

Resource Center
Templates
All Templates

Brain Storming Templates

Strategy and Planning Templates

Project Management Templates

Product Management Templates

Human Resources Templates

Agile Workflow Templates

Marketing Templates

Education Templates

Fun and Games Templates

User Gallery
Download
Pricing
Enterprise

MindMap Gallery Information Systems Project Manager Tutorial (4th Edition) Chapter 15_Project Risk Management

Information Systems Project Manager Tutorial (4th Edition) Chapter 15_Project Risk Management

This file is a self-made mind map of "Chapter 15_Project Risk Management" of the Information System Project Management Tutorial (4th Edition). It includes planning risk management, identifying risks, implementing qualitative risk analysis, implementing quantitative risk analysis, planning risk response, implementing risk response, supervising risk, etc. According to the key points of previous exams, the importance is marked and all the contents are integrated in detail, which can make the final review and the beginning of study more effective with half the effort. I spent more than ten hours compiling and summarizing the reading of all chapters, all of which are the latest version.

Edited at 2023-12-13 10:20:53

PlotWizard

Recent works View more works>>

Information Systems Project Manager Tutorial (4th Edition) Chapter 15_Project Risk Management

PlotWizard

Recent works View more works>>

Recommended to you
Outline

Information Management
- 143
- 5
WSB5W7xr
Information System Project Manager Examination Preparation_Chapter 1 Information Development
- 11
PlotWizard
5. Project scope management
- 7
PlotWizard
Information Systems Project Manager Tutorial (4th Edition) Chapter 14_Project Communication Management
- 13
PlotWizard
How to become an excellent IT project manager 06 Project Risk Management
- 7
PlotWizard
Information System Project Manager Tutorial (4th Edition) Chapter 16_Project Procurement Management
- 6
PlotWizard
Information System Project Manager Tutorial (4th Edition) Chapter 8_Project Integration Management
- 9
PlotWizard
Software Entrance Examination - Overall Project Management
- 4
PlotWizard
Advanced Software Exam Chapter 4 Overall Project Management
- 9
PlotWizard
Chapter 4 Overall Project Management
- 8
PlotWizard

project risk management

basic concept

Project risk

It is an uncertain event or condition that, once it occurs, will have some positive or negative impact on the project goals (not necessarily bad)

Includes both threats to project objectives and opportunities to further project objectives

Known risks

Known risks are those that have been identified and analyzed. For known risks, it is feasible to plan for them and find solutions.

unknown risk

Although project managers can take general emergency measures to deal with unknown risks based on their experience with similar projects in the past, unknown risks cannot be managed.

Such as: natural disasters and man-made disasters

Risks will change as the project progresses, and uncertainty will gradually decrease as the project progresses.

To reduce losses, you need to proactively pay the necessary costs at an early stage

management basics

Project risk overview

Every project has risks on two levels

1. First, every project has individual risks that will affect the achievement of the project goals.

2. The second is the overall project risk caused by a combination of individual risks and other sources of uncertainty (such as scope creep leading to project overruns and delays)

Project risks can have a negative or positive impact on project objectives, that is, risks and opportunities

Project risk management aims to exploit or enhance positive risks (opportunities) and avoid or mitigate negative risks (threats)

attributes of risk

1. The randomness of risk events

The occurrence of risk events and their consequences are accidental

2. relative risk

Risks are always relative to project activity entities. The same risk has different impacts on different entities.

For project risks, the factors that affect people’s risk tolerance mainly include

1. size of benefit

The greater the likelihood and amount of the loss, the greater the gain one can hope to make to compensate for the loss.

The greater the benefits, the greater the risks people are willing to take

Example

drug trafficking

2. size of investment

The more investment in project activities, the greater the hope that people have for success and the smaller the risks they are willing to take.

3. The status and resources of the project activity subject

Higher-level managers can take greater risks than lower-level managers.

The more resources a person or organization has, the greater its risk tolerance

Example

A person has 1,000,000 yuan and spends 5,000 yuan on business. He can earn 1,000,000 yuan. He can still accept a loss of 5,000 yuan.

The other person only has 5w, losing all the property is a huge risk

3. risk variability

1. Changes in the nature of risk

Over time, a risk that previously had a negative impact now has a positive impact

For example, a piece of software was not perfect in the early days and was full of loopholes in its work. Over time, the software was gradually optimized, and using it now will greatly increase work efficiency.

2. Changes in Risk Consequences

Risk consequences include the frequency of consequences and the magnitude of gains or losses.

With the development of science and technology and the improvement of productivity, people's ability to understand and resist risk events has gradually increased, which can reduce the frequency of risk events and reduce losses or damages to a certain extent.

3. New risks emerge

For example, when additional resources are invested to avoid delaying the project progress, it may cause cost overruns.

Classification of risks

1. Divided by risk consequences

1. pure risk

definition

Risks that bring no opportunities and no possibility of benefit (purely bad, no one benefits)

as a result of

Causing loss (absolute loss) and not causing loss

The main body of the activity suffered losses, and the whole society also suffered losses.

Example: The air compressor room of a certain construction project caught fire during the construction process and suffered losses. The losses were not only for the project, but also for the whole society.

2. speculative risk

definition

It may bring opportunities and benefits, but also implies threats and risks of losses (it may be good, it may be bad, or it may have no impact)

as a result of

causing loss, not causing loss and gaining benefit

If speculative risks cause the active entities to suffer losses, the whole society may not necessarily suffer losses as well. On the contrary, others may benefit from it

For example: If a privately invested real estate development project fails, the investor will suffer losses; but the lending bank can take back the mortgaged property and resell it at a high price to make a profit.

Example: Stock trading, you may make money, you may make no profit or lose money, you may jump off the building

Project managers must avoid speculative risks turning into pure risks. Risk is not a zero-sum game. In many cases, all parties involved in the risk will suffer losses (multiple parties suffer), and no one is spared.

2. By risk source

1. natural risks

definition

The risk of damage to property or casualties due to natural forces is a natural risk

For example, engineering damage, loss of materials and equipment caused by floods or landslides during the construction of water conservancy projects

2. man-made risk

definition

Man-made risks refer to risks caused by human activities

Segmentation

Behavioral, economic, technical, policy and organizational risks, etc.

3. Classified by whether the risk is manageable

1. manageable risk

definition

Refers to risks that can be predicted and corresponding measures can be taken to control

Whether risks can be managed depends on whether risk uncertainty can be eliminated and the management level of the activity entity.

To eliminate risk uncertainty, it is necessary to have relevant data, materials and other information

2. unmanageable risk

With the increase of data, information and other information and the improvement of management level, the risk can be transformed into manageable risk.

4. Divided by risk impact scope

1. local risk

Small scope of influence

For example: delays in activities on non-critical routes

2. overall risk

Large scope of influence

Project management teams pay special attention to overall risks

Example: All activities in the project have the risk of delay, but once the activities on the critical route are delayed, the completion date of the entire project will be postponed, forming an overall risk.

5. Divided by risk bearer

Project owner risk, government risk, contractor risk, investor risk, design unit risk, supervision unit risk, supplier risk, guarantor risk and insurance company risk, etc.

6. Divided by risk predictability

1. Known risks

"Known-known" risks

definition

Refers to those risks that occur frequently and whose consequences are foreseeable that can be identified after careful and rigorous analysis of the project and its plans.

as a result of

The probability of occurrence is high, but the consequences are generally mild and not serious.

Example

Unclear project goals, overly optimistic schedules, design or construction changes, and material price fluctuations, etc.

2. Predictable risk

"Known-unknown" risks

definition

Refers to risks whose occurrence can be foreseen based on experience, but whose consequences cannot be foreseen

as a result of

The consequences of such risks can sometimes be severe

Example

The owner cannot review and approve in time, the subcontractor cannot deliver the work in time, the construction machinery fails, unforeseen geological conditions, etc.

3. Unpredictable risks

“Unknown-unknown” risk

definition

Refers to a risk that may occur, but the likelihood of which cannot be foreseen by even the most experienced person

Sometimes called unknown risks or unrecognized risks, they are risks that are new, not previously observed, or that manifest themselves only very late.

Example

These risks are generally the result of external factors, such as earthquakes, COVID-19, heavy rains that have not happened in a century, inflation and policy changes, etc.

Cost of risk and its burden

The losses or reduced profits caused by risk events and the cost of taking preventive measures to prevent the risk from occurring constitute risk costs.

Cost classification

1. tangible cost of risk loss

1. direct loss

Refers to the value of property damage and casualties

For example: if a fire breaks out in a compressed air machine room during construction, the direct losses include the replacement cost of the air compressor, the medical expenses of the injured, recuperation expenses, wages, etc.

2. indirect loss

Refers to other losses other than direct losses, liability losses and the resulting reduction in income.

Including costs incurred due to fire fighting, shutdown, etc.

2. Intangible cost of risk loss

Refers to the price that the project entity pays before or after the risk event occurs due to the uncertainty of the risk.

Manifestations

1. Risk loss reduces opportunity

Some preparations made to avoid risks often occupy a large amount of funds or other resources, making them unable to be invested in reproduction, unable to add value, and reducing opportunities.

2. Risks hinder productivity gains

Reluctance to invest funds in high-risk new technology industries hinders the application and promotion of new technologies and hinders the improvement of social productivity

3. Risks result in misallocation of resources

Because they are worried about losing money in risky industries or sectors, people are willing to invest resources in less risky industries or sectors.

3. The cost of risk prevention and control

In order to prevent and control risk losses, various measures must be taken, and the costs incurred include both direct and indirect costs.

For example: buy insurance

risk cost burden

Risk costs are not only borne by the project entity, but in many cases, other aspects related to project activities also objectively bear part of the risk costs.

The part borne by the project subject is the individual cost, and the part borne by other relevant parties is the social cost.

Example

Compressed air machine room caught fire during construction

The losses incurred by the construction unit are individually borne costs

The cost of the fire brigade coming to put out the fire is borne by society. When fire vehicles rush to the fire scene, the losses incurred by pedestrians and other vehicles that affect their work due to avoidance are all costs borne by society.

new management practices

1. non-event risks

variability risk

Uncertainty about some key aspect of a planned objective, activity or decision

For example: productivity may be higher or lower than target, testing may find more or fewer bugs than expected

how to respond

It can be handled through Monte Carlo analysis, that is, using a probability distribution to represent the possible range of variations, and then taking actions to narrow the range of possible outcomes.

ambiguity risk

Uncertainty about what may happen in the future

Cause

Insufficient knowledge about the requirements or elements of the technical solution, future developments in the regulatory framework, or the system complexities inherent in the project

how to respond

Gaps in knowledge or understanding need to be defined and then filled by seeking input from external experts or benchmarking against best practice.

Incremental development, prototyping or simulation can also be used to deal with ambiguity risks

2. project resilience

There is a kind of risk that can only be discovered after it occurs. This risk is called an unexpected risk. This risk can be dealt with by strengthening the resilience of the project.

Ways to Strengthen Project Resilience

Set aside reserves, strong change management, empower your team, watch for warning signs, solicit input from stakeholders, etc.

3. Integrated risk management

Risks exist at the project, program, portfolio and organizational levels and should be assumed and managed at the appropriate level

An organizational risk management approach should be used to ensure consistency and coherence of risk management efforts at all levels so that programs and portfolios are structured with risk control efficiency that is conducive to achieving a given level of risk tolerance. Create the greatest overall value under

management process

Tailoring considerations

Project size, project complexity, project importance, development approach

Agile and adaptive methods

Frequently review incremental work products and accelerate knowledge sharing to ensure risk awareness and management

Requirements documents should be updated regularly and work reprioritized as the project progresses based on a deep understanding of current risk tolerance

planning risk management

Process overview

definition

Is the process of defining how project risk management activities will be implemented

main effect

Ensure the level, approach and visibility of risk management are commensurate with the level of project risk and importance to the organization and other stakeholders

The planning risk management process should start at the project establishment stage and be completed early in the project. Later in the project life cycle, it may sometimes be necessary to redo this process.

For example: when a major stage change occurs, when the project scope changes significantly, or when the effectiveness of risk management is subsequently reviewed and it is determined that the project risk management process needs to be adjusted.

enter

1. Project Charter

Record the overall description and boundaries of the project, overall requirements and risks

2. project management plan

All approved project management subplans

The risk management plan should be coordinated with each sub-plan; at the same time, the methodologies listed in each sub-plan may also affect the planning risk management process

3. project files (Classified by process output)

Identify stakeholders

Stakeholder register

Outlines the roles of stakeholders in the project and their attitudes towards project risks, which can be used to determine the roles and responsibilities of project risk management and set risk thresholds for the project

4. business environment factors

The overall risk threshold set by the organization or key stakeholders

5. organizational process assets

Tools & Techniques

1. expert judgment

2. data analysis

stakeholder analysis

Determine the risk appetite of project stakeholders

3. Meeting

output

risk management plan

definition

Describe how to organize and implement risk management activities

main content

1. risk management strategy

Describe the general approach used to manage risks on this project

2. methodology

Determine the specific methods, tools and data sources used to carry out risk management for this project

3. Roles and Responsibilities

Identify leaders, sponsors and team members for each risk management activity and clarify responsibilities

4. funds

Determine the funds required to carry out project risk management activities, and formulate plans for the use of emergency reserves and management reserves

5. Schedule

Determine the timing and frequency of implementing project risk management processes during the project life cycle, identify risk management activities and incorporate them into the project schedule

6. risk category

Determine how to classify project risks

Risk categories are usually constructed with the help of a risk breakdown structure (RBS). The risk breakdown structure helps the project team consider all possible sources of risks for a single project and is particularly useful for identifying risks or classifying identified risks.

7. Stakeholder risk appetite

Details that will affect the planning risk management process should express stakeholder risk appetite into measurable risk thresholds for each project objective.

8. Risk probability and impact

The number of probability and impact levels should be determined based on the level of detail of the proposed project risk management process, with more levels (usually five) corresponding to a more detailed risk management approach; fewer levels (usually three) corresponding to a simpler approach Methods

9. Probability and Impact Matrix

In a common probability and impact matrix, both opportunities and threats are listed; opportunities are defined by positive impacts and threats are defined by negative impacts

Probability * Impact = Probability-Impact score for each risk, used to rank individual risks relative to each other within each priority group

10. report format

Determine how the results of the project risk management process will be recorded, analyzed, and communicated

11. track

Determine how risk activities will be recorded and how the risk management process will be audited

Identify risks

Process overview

definition

It is the process of identifying the sources of individual project risks and overall project risks, and recording risk characteristics.

main effect

1. Document existing individual project risks, as well as sources of overall project risk

2. Aggregate relevant information so that the project team can appropriately respond to identified risks

should be carried out throughout the project

participants

All project stakeholders (all personnel) should be encouraged to participate in the identification of project risks

A unified risk description format should be used to describe and record project risks to ensure that each risk is clearly and unequivocally understood to provide support for effective analysis and risk response development.

Identifying risks is an iterative process

Throughout the project life cycle, individual project risks may continue to change as the project progresses, and the level of overall project risk may also change.

The frequency of iterations and the level of involvement required for each iteration will vary from case to case and should be specified accordingly in the risk management plan

enter

1. project management plan

1. demand management plan

May identify particularly risky project goals

2. progress management plan

3. cost management plan

4. quality management plan

5. resource management plan

May list some xx areas (schedule, cost, quality, resources) that are affected by uncertainty or ambiguity, or some xx areas where key assumptions may cause risk

6. risk management plan

Defines risk management roles and responsibilities, describes how risk management activities will be integrated into budgets and schedules, and describes risk categories

7. Scope Baseline

Includes deliverables and their acceptance criteria, some of which may pose risks; and a work breakdown structure, which can be used as a framework for arranging risk identification efforts

8. progress baseline

You can view the progress baseline to identify milestone and deliverable date dates where there is uncertainty or ambiguity, or key assumptions that may create risk

9. cost basis

You can review your cost baseline to identify areas where there is uncertainty or ambiguity in cost estimates or funding requirements, or where key assumptions may create risk

2. project files (Classified by process output)

1. Develop project charter

Hypothetical log

Documented assumptions and constraints may give rise to individual project risks and may also affect the level of overall project risk

2. Direct and manage project activities

Problem log

Documented issues may raise individual project risks and may also affect the level of overall project risk

3. management knowledge

Experience Teaching Register

Lessons learned related to risks identified early in the project can be reviewed to determine whether similar risks are likely to reoccur during the remainder of the project

4. Gather requirements

requirements document

Project requirements are spelled out, allowing the team to determine which requirements are at risk

5. Estimate activity duration

duration estimate

6. Estimate cost

Cost Estimate

7. Estimate activity resources

Resource requirements

Quantitative assessment of project xx (activity duration, cost, activity resources), ideally expressed as an interval, the size of the interval indicates the degree of risk A structured review of xx (duration estimate, cost estimate, activity resource estimate) documents may reveal that current estimates are insufficient, thereby causing project risk

8. Identify stakeholders

Stakeholder register

Specifies which individuals or groups may be involved in identifying risks for the project and details which individuals are suitable to play the role of risk owner

3. Procurement documents

If project resources need to be sourced externally, the initial procurement documentation should be reviewed as sourcing goods and services from outside the organization may increase or decrease overall project risk and may introduce additional project risk

4. protocol

If project resources need to be procured from outside, the milestone dates, contract types, acceptance criteria and reward and penalty clauses stipulated in the agreement may pose threats or create opportunities.

5. business environment factors

6. organizational process assets

Tools & Techniques

1. expert judgment

2. data collection

1. Brainstorming

The goal is to obtain a comprehensive list of sources of project risk

Risk categories (such as a risk breakdown structure) can be used as a framework for identifying risks

2. Checklist

Checklists can be based on completed projects, or a generic risk checklist for a specific industry can be used

While the checklist is simple and easy to use, it cannot exhaust all risks

It is important to ensure that checklists are not used to replace the required risk identification work; at the same time, the project team should also pay attention to items not listed in the checklist.

3. Interview

Sources of project risk can be identified through interviews with senior project participants, stakeholders, and subject matter experts

3. data analysis

1. Root Cause Analysis

Often used to discover underlying causes of problems and develop preventive measures

2. Assumptions and constraints analysis

Explore the validity of assumptions and constraints and determine which of them pose project risks

Threats can be identified from inaccurate, unstable, inconsistent or incomplete assumptions

Opportunities are created by removing or relaxing constraints that affect project or process execution

Threats can be identified if assumptions do not hold If constraints are relaxed, opportunities can be created

3. SWOT analysis

A case-by-case examination of the project’s Strengths, Weaknesses, Opportunities and Threats (SWOT)

When identifying risks, it broadens the scope of risk identification by including internally generated risks

First, focus on the project, organization, or general business area and identify the organization's strengths and weaknesses; then, identify the opportunities that the organization's strengths may bring to the project and the threats that the organization's weaknesses may pose.

Analyze the extent to which organizational strengths can overcome threats and whether organizational weaknesses hinder opportunities.

4. File analysis

A number of risks can be identified through a structured review of project documents

Documents available for review mainly include plans, assumptions, constraints, past project files, contracts, agreements and technical documents

4. Interpersonal and team skills

5. Tip list

New in the fourth edition

A preset list of risk categories that may give rise to project risk sources

When employing risk identification techniques, a prompt checklist can be used as a framework to assist the project team in developing ideas

The risk categories at the bottom of the risk breakdown structure can be used as a prompt list to identify individual project risks; some common strategic frameworks can be used to identify the sources of overall project risk.

Difference from checklist

The checklist lists specific risks

Listed in the prompt list are the risk categories

6. Meeting

risk seminar

output

1. risk register

Record details of identified project risks

main content

Passed Dictation Test at Intermediate Level

1. List of identified risks

Each project risk is assigned a unique identification number

2. Potential Risk Responsible Person

If a potential risk holder has been identified during the risk identification process, the holder must be recorded in the risk register

This will then be confirmed by conducting a qualitative risk analysis process

3. List of potential risk response measures

If a potential risk response has been identified during the risk identification process, it should be recorded in the risk register

This will then be confirmed by the planning risk response process

2. risk report

New in the fourth edition

Provides information on overall project risks, as well as overview information on identified individual project risks

In the project risk management process, the preparation of risk reports is a progressive work

main content

1. Sources of overall project risk

Describe which are the most important factors in overall project risk

2. Overview information on identified individual project risks

For example, the number of threats and opportunities identified, the distribution of risks across risk categories, measurements and trends

As the processes of conducting qualitative risk analysis, conducting quantitative risk analysis, planning risk responses, implementing risk responses and monitoring risk are completed, the results of these processes also need to be recorded in the risk register and risk reports The difference between risk register and risk report: · The risk register records information about individual risks · Risk reports contain information on the overall risk of the project

3. Project files (updated)

1. Hypothetical log

2. Problem log

3. Lessons Learned Registration Form

Conduct qualitative risk analysis

Process overview

definition

It is the process of prioritizing risks by assessing the probability, impact and other characteristics of individual project risks to provide a basis for subsequent analysis or action.

main effect

Focus on high priority risks

Identify responsible persons for each risk so that they are responsible for planning the risk response and ensuring that the response is implemented

This process needs to be carried out regularly throughout the project

In an agile or adaptive development environment, a qualitative risk analysis process is typically performed before each iteration.

This assessment is subjective based on the risk perception of the project team and other stakeholders.

Evaluate the priority of individual identified project risks using their probability of occurrence, the corresponding impact on project objectives if the risk occurs, and other factors

Data analysis: risk probability and impact assessment, data representation: risk probability and impact matrix

Assessing the probability and impact of risks is the implementation of qualitative risk analysis

enter

1. project management plan

risk management plan

Of particular note during this process are risk management roles and responsibilities, budgeting and scheduling activities, as well as risk categories (usually defined in a risk breakdown structure), probability impact definitions, probability and impact matrices, and stakeholder risk thresholds.

The above has usually been tailored to suit the needs of the specific project during the planning risk management process

2. project files (Classified by process output)

1. Develop project charter

Hypothetical log

Used to identify, manage and monitor key assumptions and constraints that may affect the project and may impact the assessment of the priority of project risks

2. Identify risks

risk register

Include details of identified project risks that will be assessed during this process

3. Identify stakeholders

Stakeholder register

Include details of project stakeholders who may be designated risk owners

3. business environment factors

4. organizational process assets

Tools & Techniques

1. expert judgment

Gain expertise or experience through guided risk workshops or interviews

Be aware that experts may be biased

2. data collection

Interview

Structured or semi-structured interviews can be used to assess the concept and impact of individual project risks, as well as other factors

3. data analysis

1. Risk data quality assessment

Risk data is the basis for qualitative risk analysis

Risk data quality assessment aims to evaluate the accuracy and reliability of data on individual project risks

Way

Questionnaire survey to understand the evaluation of project stakeholders on various aspects of data quality, including data integrity, objectivity, relevance and timeliness, and then conduct a comprehensive assessment of the quality of risk data

2. Risk probability and impact assessment

risk probability assessment

considers the likelihood that a particular risk will occur

risk impact assessment

Considers the potential impact of a risk on one or more project objectives, such as schedule, cost, quality, or performance

Way

interviews, meetings

To conduct a probability and impact assessment for each identified individual project risk

3. Assessment of other risk parameters

Possible test choice

Urgency, proximity, latency, manageability, controllability, monitorability, connectivity, strategic influence, closeness

Contributes to more robust risk prioritization

include

1. urgency

The period of time during which response measures must be taken to effectively address a risk. Short time indicates high urgency

2. Proximity

The risk affects one or more project objectives over time. Short time indicates high proximity

3. incubation period

The likely time period between the occurrence of a risk and the manifestation of its effects. Short time means short incubation period

4. Manageability

The ease with which the risk owner (or responsible organization) can manage the occurrence or impact of the risk. Manageability is high if it is easy to manage

5. Controllability

The extent to which the risk owner (or responsible organization) can control the consequences of the risk. If the consequences are easy to control, controllability is high

6. Monitorability

The ease with which risks can be monitored as they occur or are about to occur. Monitorability is high if the occurrence of a risk is easy to monitor

7. connectivity

The degree to which a risk is related to other individual project risks. Connectedness is high if a risk is related to multiple other risks

8. strategic influence

The potential positive or negative impact of a risk on an organization's strategic objectives. Strategic influence is high if the risk has a significant impact on strategic objectives

9. closeness

The extent to which a risk is considered significant by one or more stakeholders. Risks that are considered important have a high degree of closeness

4. Data performance

1. Probability and Impact Matrix

A table that maps the probability of occurrence of each risk and the impact of the risk on the project objectives if it occurs

Evaluate the probability of occurrence of individual project risks and their impact on one or more project objectives, if they occur, on a case-by-case basis using the risk probability and impact definitions specified in the risk management plan. A probability and impact matrix is then used to assign priorities to individual project risks based on the resulting combination of probabilities and impacts.

2. hierarchy diagram

If more than two parameters are used to classify risks, the probability and impact matrices cannot be used and other graphs need to be used

Example: A bubble chart can display three-dimensional data. In the bubble chart, each risk is drawn as a bubble, and the X-axis value, Y-axis value and bubble size are used to represent the three parameters of the risk.

The X-axis represents monitorability, the Y-axis represents proximity, and the impact value is expressed as bubble size.

5. Interpersonal and team skills

guide

Ability to improve the effectiveness of qualitative analysis of individual project risks

6. Risk classification

The risk classification method that can be used for the project should be specified in the risk management plan

It helps to focus attention and energy on the areas where risks may occur the most, or to develop common risk response measures for related risks, thereby conducive to more effective risk response.

7. Meeting

Target

Includes review of identified risks, assessment of probability and impact (and other possible risk parameters), classification and prioritization of risks

output

Project files (updated)

1. Hypothetical log

2. Problem log

3. risk register

Update the risk register with new information generated by performing the qualitative risk analysis process

update content

Probability and impact assessment, priority level or risk score for each individual project risk, designated risk owner, risk urgency information or risk category, and watch list of low priority risks and risks requiring progressive analysis

4. risk report

Document the most important individual project risks (usually those with the highest probability and impact), a prioritized list of all identified risks, and a brief conclusion

Conduct quantitative risk analysis

Process overview

definition

It is the process of quantitatively analyzing (using data to speak) the impact of identified individual project risks and other sources of uncertainty on overall project objectives.

main effect

1. Quantify overall project risk to maximum likelihood

For example: the project may be delayed by a week, the project may be overvalued by 50,000

2. Provide additional quantitative risk information to support risk response planning

This process is not required for every project, but if used, it will continue throughout the project

The project risk management plan will specify whether quantitative risk analysis needs to be used. Risks that have been analyzed and frequently encountered do not need to be quantitatively analyzed, and risk responses can be directly planned.

Suitable for large or complex projects, projects of strategic importance, contracts or projects where key stakeholders require quantitative analysis

The ability to conduct robust quantitative analysis depends on the availability of high-quality data on individual project risk information and other sources of uncertainty that are assessed by the qualitative risk analysis process as having a significant potential impact on project objectives, as well as on scope, schedule, and cost Relevant and solid project baseline

Quantitative risk analysis often requires specialized risk analysis software and expertise in compiling and interpreting risk patterns, as well as additional time and cost investments.

This process can also be carried out after the Plan Risk Response process to analyze the maximum possible effectiveness of the planned responses in reducing overall project risk.

enter

1. project management plan

1. risk management plan

Determine whether the project requires quantitative risk analysis, detailing the resources available for analysis and expected frequency of analysis

2. Scope Baseline

3. progress baseline

4. cost basis

Provides a starting point for assessing the impact of individual project risks and other sources of uncertainty

2. project files (Classified by process output)

1. Develop project charter

Hypothetical log

If assumptions are considered to cause project risks, they should be included as input to quantitative risk analysis and can also be used to build models to analyze the impact of constraints.

2. Define activities

Milestone List

Critical phases of the project determine schedule goals, and these schedule goals are compared to the results of a quantitative schedule risk analysis to determine the level of confidence associated with achieving those goals.

3. Estimate activity duration

duration estimate

Provides a starting point for assessing schedule variability

4. control progress

progress forecast

Forecasts can be compared with the results of a quantitative schedule risk analysis to determine the level of confidence associated with achieving forecast goals

5. Estimate cost

Cost Estimate

Provides a starting point for assessing cost variability

6. Control costs

cost forecast

Compare forecast metrics to the results of quantitative cost risk analysis to determine the level of confidence associated with achieving those metrics

Including the project’s estimate to completion (ETC), estimate to completion (EAC), budget to completion (BAC), and performance index to completion (TCP)

7. Estimate activity resources

Resource requirements

Provides a starting point for assessing resource variability

8. Estimate xx

Estimate basis

The estimation basis used for project planning can be reflected in the established variable analysis model, which may include estimation purpose, classification, accuracy, methodology and data sources

9. Identify risks

risk register

Contains detailed information on individual risks used as input for quantitative risk analysis

risk report

Describes the sources of overall project risk, and the current overall project risk status

3. business environment factors

4. organizational process assets

Tools & Techniques

1. expert judgment

2. data collection

Interview

Can be used to generate inputs for quantitative risk analysis of individual project risks and other sources of uncertainty

Interviews are particularly useful when information needs to be solicited from experts

3. data analysis

1. simulation

Use models to simulate the combined impact of individual project risks and other sources of uncertainty to assess their potential impact on project objectives

Monte Carlo analysis

Analyze content

1. cost risk

enter

Project Cost Estimate

2. schedule risk

enter

Progress network diagrams and duration estimates

3. Quantitative Cost and Schedule Comprehensive Risk

Use both inputs above at the same time

output

Quantitative Risk Analysis Model

software simulation

Run quantitative risk analysis models through thousands of iterations using computer software

For each run, input values (such as cost estimates, duration estimates, or probabilistic branch occurrence frequencies) are randomly selected.

The output of these runs forms a range of possible project outcomes (e.g., project end date, project completion cost)

2. sensitivity analysis

Helps determine which individual project risks or sources of uncertainty have the greatest potential impact on project results

Establish a link between changes in project results and changes in elements in quantitative risk analysis models

tornado diagram

Indicates analysis results

The figure plots the correlation between each element in the quantitative risk analysis model and the project outcomes it can influence. These elements can include individual project risks, volatile project activities, and specific sources of uncertainty.

Each feature is arranged in descending order of association strength, forming a typical tornado shape

There are horizontal coordinates in the figure

project duration

positive number representation

Activities or risks result in extension of project duration

negative number representation

Activities or risks result in shortened project duration

3. Decision tree analysis

Computing seminar focuses on

Use decision trees to choose the best option among several alternative courses of action

In a decision tree, different branches are used to represent different decisions or events, that is, alternative paths for the project.

Each decision or event has associated costs and individual project risks (including threats and opportunities)

The end point of a decision tree branch represents the final outcome along a specific path, which can be a negative or positive outcome.

By calculating the expected monetary value (EMV) of each branch, the optimal path can be selected

D is quantitative risk analysis, which uses specific calculation results to quantify risks.

4. influence diagram

Graphical aids for decision-making under uncertainty

It represents a project or a situation in the project as a series of entities, results and impacts, as well as the relationships and interactions between them

Use simulation techniques such as Monte Carlo analysis to analyze which elements have the greatest impact on important outcomes. Impact diagram analysis can produce results similar to other quantitative risk analyses, such as curve charts and tornado diagrams.

4. Interpersonal and team skills

guide

5. How uncertainty manifests

New in the fourth edition

To conduct quantitative risk analysis, you need to build and provide input to a quantitative risk analysis model that reflects individual project risks and other sources of uncertainty.

If the duration, cost, or resource requirements of an activity are uncertain, a probability distribution can be used in the model to represent the possible range of its values.

The form of a probability distribution

The most commonly used are triangular distribution, normal distribution, lognormal distribution, beta distribution, uniform distribution or discrete distribution

output

Project files (updated)

risk report

Reflect the results of quantitative risk analysis

update content

1. An assessment of the maximum likelihood of overall project risk

How overall project risk is measured

Likelihood of project success

Probability of success

Inherent variability in projects

Result interval

2. Results of detailed probabilistic analysis of the project

1. Required contingency reserves

2. A list of individual project risks or other sources of uncertainty that have the greatest impact on the project critical path

3. Key drivers of overall project risk

3. Individual project risk priority list

4. Trends in Quantitative Risk Analysis Results

gradually clear

5. Risk response suggestions

Plan risk responses

Process overview

definition

It is the process of formulating alternatives, selecting response strategies, and agreeing on response actions in order to deal with project risks.

main effect

1. Develop appropriate approaches to overall project risks and individual project risks

2. Allocate resources and add related activities to project documents and project management plan as needed

This process needs to be carried out throughout the project

The risk response plan should match the importance of the risk, be able to respond to the challenge cost-effectively, be realistic and feasible in the context of the current project, obtain the consent of all stakeholders, and be specifically responsible for it by a responsible person (the responsible person is responsible for the implementation) (specified during qualitative risk analysis)

Passed the intermediate level exam

Structured decision-making techniques can be used to select the most appropriate response strategy; for large or complex projects, it may be necessary to conduct economic analysis of alternative risk response strategies based on mathematical optimization models or actual solution analysis.

Specific response actions should be developed to implement the agreed risk response strategy. Contingency plans are needed if the chosen strategy is not entirely effective, or if accepted risks occur. At the same time, secondary risks also need to be identified

Secondary risks are risks directly caused by the implementation of risk response measures, such as: speeding up to prevent being late, but may lead to the risk of collision with other vehicles.

enter

1. project management plan

resource management plan

Help coordinate resources for risk response and other project resources

risk management plan

Risk roles and responsibilities, risk thresholds

cost basis

Contains information on contingency funds intended for risk response

2. project files (Classified by process output)

1. Managing project knowledge

Lessons Learned Register

2. Develop a progress plan

Project schedule

Used to determine how to plan risk response activities concurrently with other project activities

3. Access to resources

Resource Calendar

Determined when potential resources will be available for risk response

Project team dispatches work orders

List of human resources available for risk response

4. Identify risks

risk register

Contains details of individual project risks that have been identified and prioritized and need to be addressed. The priority of each risk helps select appropriate risk responses

risk report

A prioritized list of individual project risks and additional analysis of the distribution of individual project risks, which will influence the selection of risk response strategies

5. Identify stakeholders

Stakeholder register

Potentially responsible persons for risk response are listed

3. business environment factors

4. organizational process assets

Tools & Techniques

1. expert judgment

Threats, opportunities, contingency, and overall project risk response strategies

2. data collection

Interview

3. data analysis

1. Alternatives analysis

2. cost benefit analysis

For example: If in the project, a risk will cause a loss of 100,000, and dealing with this risk requires a cost of 150,000, then you should choose: do not deal with the risk

If the impact of individual project risks can be quantified monetarily, then a cost-benefit analysis can be used to determine the cost-effectiveness of alternative risk response strategies.

The cost effectiveness of the response strategy = the change in risk impact level that the response strategy will cause / the implementation cost of the strategy

The higher the ratio (the result obtained by the formula), the greater the effectiveness

4. Interpersonal and team skills

guide

5. Threat response strategy

1. Report

An escalation strategy should be used if the project team or project sponsor believes that a threat is outside the scope of the project or that the proposed response is beyond the project manager's authority

Escalated risks will be managed at the program level, portfolio level or other relevant parts of the organization rather than at the project level

Relevant people in the organization must be willing to take responsibility for responding to reported threats

Once a threat is reported, it will not be subject to further monitoring by the project team, although it may still appear in the risk register for reference

2. avoid

Refers to actions taken by the project team to eliminate threats, or to protect the project from threats

Suitable for high-priority threats with a high probability of occurrence and serious negative impact

Strategies include

Eliminate the cause of the threat, extend the schedule, change the project strategy, or reduce the scope

Some risks can be avoided by clarifying requirements, obtaining information, improving communication, or acquiring know-how

Summary: Changing plans

3. transfer

Shift responsibility for responding to threats to a third party, allowing them to manage risks and bear the impact of threats if they occur

A risk transfer fee is usually required to be paid to the party assuming the threat

Strategies include

Purchase insurance, use performance bonds, use guarantees and use bonds

Sign an agreement to transfer the ownership and responsibility of specific risks to a third party

4. alleviate

Refers to measures taken to reduce the probability and impact of threats

Strategies include

Use simpler processes, more testing, and more reliable sellers

Employ prototyping to reduce the risk of scale-up from bench models to actual processes or products

If the probability cannot be reduced, it may be possible to mitigate the impact of the risk by looking at the factors that determine its severity.

For example: adding redundant components to a system can mitigate the impact of failure of the original component (if one fails, another one will immediately take over)

5. accept

Refers to acknowledging the existence of a threat but not taking proactive measures. It can be used for low-priority threats or threats that cannot be dealt with cost-effectively in any other way.

Classification

active acceptance strategy

Establish contingency reserves, which include setting aside time, money, or resources to respond to emerging threats

passive acceptance strategy

No proactive action is taken, only threats are regularly reviewed to ensure they have not changed significantly

6. Opportunity coping strategies

1. Report

2. open up

If an organization wants to ensure that it seizes high-priority opportunities, it can choose an exploit strategy

Increase the probability of a specific opportunity to 100% to ensure that it will definitely appear and obtain the benefits associated with it

Strategies include

Reduce completion time by allocating the organization's most capable resources to projects

Use new technologies or technology upgrades to save project costs and shorten project duration

3. share

Transfer the responsibility for responding to the opportunity to a third party, allowing them to enjoy part of the benefits of the opportunity

Usually a fee is paid to the party being shared (sharing of benefits)

Strategies include

Create partnerships, collaborative teams, special companies and joint ventures to share opportunities

4. improve

Used to increase the probability and impact of opportunities

Strategies include

Increase resources for early completion of activities

5. accept

7. Overall project risk response strategy

1. avoid

If the overall project risk has a serious negative impact and exceeds the agreed project risk threshold, avoidance strategies can be used

Take focused actions to weaken the negative impact of uncertainty on the overall project and bring the project back to within the critical value

Strategies include

Cancel high-risk work in the project scope, cancel the project

2. open up

A pioneering strategy can be used if the overall project risk has a significant positive impact and exceeds the agreed project risk threshold

Take focused action to capture the positive impact of uncertainty on the overall project

Strategies include

Add high-benefit work to the project scope to increase the value or benefit of the project to stakeholders

Consult with key stakeholders to modify project risk thresholds to include opportunities

3. transfer or share

Strategies include

Establishing a collaborative business structure where the buyer and seller share overall project risk, forming a joint venture or special purpose vehicle, or subcontracting critical work of the project

4. reduce or improve

Change the level of overall project risk to optimize the likelihood of achieving project objectives

Strategies include

Replan the project, change the project scope and boundaries, adjust project priorities, change resource allocation, adjust delivery time, etc.

5. accept

8. emergency response strategies

Design responses that are only used when certain events occur

For certain risks, if the project team believes that there will be sufficient warning signs for their occurrence, then a response plan should be developed that will be executed only when certain predetermined conditions occur.

Triggers for contingency strategies should be defined and tracked, e.g., intermediate milestones not being achieved, or receiving a higher degree of attention from the seller

A risk response plan developed using this technique is often called a contingency plan and includes identified triggering events that are used to initiate the plan.

Coping plan: I checked the weather forecast in the morning and it said it might rain when I get off work today, so I bought an umbrella in advance and put it in my bag. Emergency plan: I heard thunder on my way to get off work, so I immediately went to a nearby convenience store and bought an umbrella.

9. decision making

Multi-criteria decision analysis

Helps prioritize multiple risk response strategies

output

1. change request

Responding to risks takes time and money, so schedule and cost baselines may need to be changed.

After risk responses are planned, change requests may be made to the cost baseline and schedule baseline, or other components of the project management plan. Change requests should be reviewed and handled through the implementation of an overall change control process.

2. Project Management Plan ((updated)

1. progress management plan

Resource load and resource balance changes, schedule policy updates, etc.

2. cost management plan

Cost accounting, tracking and reporting changes, and updates to budget strategies and contingency reserve usage, etc.

3. quality management plan

Methods to meet needs, changes in quality management methods and quality control processes, etc.

4. resource management plan

Resource configuration changes and resource policy updates, etc.

5. Procurement Management Plan

Make-or-buy decisions, contract type changes, etc.

6. Scope Baseline

7. progress baseline

8. cost basis

If the agreed-upon risk response strategy results in changes to the scope/schedule estimate/cost estimate and such changes are approved, corresponding changes will be made to the scope/schedule/cost baseline

3. Project files (updated)

1. cost forecast

May change due to planned risk response strategy

2. Project schedule

Activities to implement the agreed risk response strategy can be added to the project schedule

3. Project team dispatches work orders

Once the response strategy is determined, the necessary resources should be allocated to each measure related to the risk response plan, including appropriately qualified and experienced personnel (usually within the project team), reasonable funding and time to implement the agreed measures, and necessary technical means

4. risk register

Updates required to document selected and agreed risk responses

update content

1. Agreed coping strategies

2. Specific actions required to implement selected response strategies

3. Trigger conditions, signs and early warning signals for risk occurrence

4. Budget and schedule activities required to implement the selected response strategy

5. Contingency plan and risk triggers required to activate the plan

6. Fallback plan for when risks occur and primary response measures are insufficient

7. Residual risks that remain after predetermined countermeasures have been taken, and risks that are intentionally accepted

8. Secondary risks directly caused by the implementation of risk response measures

5. risk report

Updated to document agreed responses to current overall project risk exposure and high priority risks, and expected changes following implementation of these actions

6. Hypothetical log

7. Lessons Learned Register

Implement risk responses

Process overview

definition

is the process of executing an agreed risk response plan

main effect

1. Ensure agreed risk responses are implemented as planned

2. Manage overall project risk portals, minimize individual project threats, and maximize individual project opportunities

This process needs to be carried out throughout the project

Appropriate attention to the process of implementing risk responses can ensure that agreed risk responses are actually implemented

A project's overall risk portal and individual threats and opportunities can only be proactively managed if risk owners make the necessary efforts to implement agreed responses.

enter

1. project management plan

risk management plan

Roles and responsibilities of project team members and other stakeholders relevant to risk management are spelled out. This information should be used to assign responsibility for agreed risk responses.

2. project files (Classified by process output)

1. Managing project knowledge

Lessons Learned Register

2. Identify risks

risk register

Responses to each risk are documented and responsible persons are designated

risk report

Includes an assessment of current overall project risk portals and agreed risk response strategies, as well as a description of significant individual project risks and their response plans

3. organizational process assets

Tools & Techniques

1. expert judgment

2. Interpersonal and team skills

Influence

Some risk responses may be performed by people outside the project team or by people who have other competing needs

The project manager or person responsible for guiding the risk management process needs to exert influence to encourage designated risk owners to take the required actions

3. project management information system

Includes schedule, resource and cost software

Used to ensure that the agreed risk response plan and its related activities are integrated into the overall project along with other project activities

output

1. change request

After the risk response is implemented, change requests may be made to the cost baseline and schedule baseline, or other components of the project management plan. Change requests should be reviewed and processed through the implementation of the overall change control process.

2. Project files (updated)

1. Project team dispatches work orders

Once the risk response strategy is determined, the necessary resources should be allocated to each measure related to the risk response plan, including personnel with appropriate qualifications and experience, reasonable funds and time, and necessary technical means to implement the agreed measures.

2. risk register

Reflect any changes to the agreed responses to individual project risks that result from undertaking this process

3. risk report

Reflect any changes to the agreed responses to overall project risk portals resulting from undertaking this process

4. Problem log

5. Lessons Learned Register

Oversight risk

Process overview

definition

It is the process of overseeing the implementation of risk response plans throughout the project, tracking identified risks, identifying and analyzing new risks, and evaluating the effectiveness of risk management

main effect

Ensure that project decisions are based on current information on overall project risks and individual project risks

This process needs to be carried out throughout the project

Supervision content

1. Are the risk responses implemented effective?

2. Has the overall project risk level changed?

3. Has the status of an identified individual project risk changed?

4. Whether new individual project risks arise

5. Is the risk management approach still relevant?

6. Do the project assumptions still hold?

7. Have risk management policies and procedures been followed?

8. Whether cost or schedule contingency reserves need to be modified

9. Is the project strategy still valid?

enter

1. project management plan

risk management plan

Specifies how and when risks should be reviewed, what policies and procedures should be followed, roles and responsibilities associated with oversight of this process, and reporting formats

2. project files (Classified by process output)

1. Guidance in managing project work

Problem log

Used to check if open issues are updated and make necessary updates to the risk register

2. Managing project knowledge

Lessons Learned Register

3. Identify risks

risk register

The main contents include identified individual project risks, risk owners, agreed risk response strategies, and specific response measures.

risk report

Includes an assessment of current overall project risk portals and agreed-upon risk response strategies. It also describes important individual project risks and their response plans and risk owners.

3. job performance data

Contains information about project status, such as risk responses implemented, risks that have occurred, those that are still active, and those that have been closed

4. job performance report

It can provide information about project work performance by analyzing performance measurement results, including deviation analysis results, earned value data and forecast data.

Tools & Techniques

1. data analysis

1. Technical performance analysis

Compare the technical results achieved during project execution with the plan to achieve relevant technical results. The degree to which actual results deviate from the plan can represent the potential impact of threats or opportunities.

Requires the definition of objective, quantitative measures of technical performance against which actual results can be compared with planned requirements

Technical performance measures

May include processing time, number of defects, storage capacity, etc.

2. Reserve analysis

Refers to comparing the remaining contingency reserve with the remaining risk amount at any point in time of the project to determine whether the remaining reserve is still reasonable

2. audit

risk audit

is an independent assessment process

Used to evaluate the effectiveness of risk management processes

The project manager is responsible for ensuring that risk audits are conducted at the frequency specified in the project risk management plan

Risk audits can be carried out in daily project review meetings and risk review meetings, and the team can also hold special risk audit meetings

3. Meeting

risk review meeting

Examine and document the effectiveness of risk responses in addressing overall project risks and identified individual project risks

A risk review can also identify new individual project risks (including secondary risks arising from agreed responses), reassess current risks, close obsolete risks, discuss issues raised by the occurrence of risks, and summarize what can be used Lessons learned from subsequent phases of current projects or similar projects in the future

output

1. job performance information

It is information about the performance of project risk management that is obtained by comparing the actual occurrence and expected occurrence of a single risk.

Can illustrate the effectiveness of risk response planning and response implementation processes

2. change request

Includes recommended corrective and preventive actions that address the overall project risk level or individual risks

3. Project Management Plan ((updated)

Any component of the project management plan may be affected by this process

4. Project files (updated)

1. risk register

Record information on individual project risks generated by this process, which may include adding new risks, updating obsolete risks or occurred risks, and updating risk responses, etc.

2. risk report

Reflects the current status of significant individual project risks, as well as the current level of overall project risk

3. Hypothetical log

4. Problem log

5. Lessons Learned Register

5. Organizational process assets (updated)

Templates for risk management plans, risk registers and risk reports; risk breakdown structures, etc.

Risk management example

Key risk management tools

Main risk list

Risks recorded in risk registers are more comprehensive

Specifies a list of risks faced by the project

Develop detailed risk response plans for each risk in the list of major risks. They do not need to be lengthy and should take up approximately 1 to 2 pages each.

risk list

effect

It can keep the awareness of risk management in the minds of project managers.

Updating your risk list, prioritizing these risks, and updating your risk response can help you stay alert to the severity and evolution of these risks.

The project team should make a preliminary list of risks before starting the requirements analysis and update this list until the end of the project.

This week: Risk rankings for the week Last week: Risks ranked last week Number of weeks: the time from when the risk was identified to the present