Risk Management: Allocating ownership of a risk to a third party who is best able to capture the opportunity is an example of sharing

the risk. EMV = P x I, so if probability is 0.1 and Amount to be insured is $10,000 and insurance cost is $700, plus $250 deductible. Then it is a good insurance package because, 0.1*10,000 = 1,000. Cost plus deductible ($950) are less than expected monetary value. What is the benefit of an analysis of secondary risk on a project that has three customers and a large project team? It helps in determining which new risks have been created as result of the risk response strategies chosen. A decision tree allows you to make an informed decision today based on probability and impact analysis. You can decide based on the expected monetary value of each of your options. If a team member identifies a new risk during project execution, the PM must assess the risk. Assessment refers to the first few steps of risk management. These steps must be repeated throughout the project whenever there is a change to the project or a new risk is identified. Some risks from Perform Qualitative Risk Analysis will be candidates for further study in Perform Quantitative Risk Analysis. If a project has 60% chance of $100,000 profit and 40% chance of $100,000 loss, the expected monetary value of the project is? Expected monetary value (EMV) is computed by EMV = Probability x Impact. We need to compute both positive and negative values and then add them. 0.6 x $100,000 = $60,000. 0.4 x ($100,000) = ($40,000). Expected Monetary Value = $60,000 - $40,000 = $20,000 profit. If you have identified dependencies on six related projects that are providing deliverables to your project, and there is overlap in scope then the biggest concern must be the risks that other projects may cause to your project. It would be better to prevent those problems in the Plan Risk Response process. If you discover that the resource manager is not committing to make an expert resource available on your project, then the better estimate can be obtained using the input of multiple experts when estimating the activity. The Delphi Technique gains a consensus of expert opinions. The risk response plan is a living document that will be changed and updated over the life of the project. If a risk did not occur, then you should update the risk response plan in the risk register. The Delphi technique is most commonly used to obtain expert opinions on technical issues, the necessary project or product scope, or the risks. If a risk event happens, then we may need to identify alternative ways of sequencing the work. These alternatives are described in the contingency plan. Specific risks need to be identified before the project manager can take action to affect those specific risks. Risk should be identified per work package.

During planning risk response, the strategy of changing the project management plan to eliminate the risk is known as Avoidance. If risk event has 90% chance of occurring and the consequences will be $10,000. Then what is the EMV? Expected monetary value is computed by multiplying the probability times the impact. In this case EMV = 0.9 x $10,000 = $9,000. A watch-list is made up of low priority risks that, in the Perform Qualitative Risk Analysis process, were determined to be of too low priority or low impact to move further in the risk process. A watch-list is an output of Perform Qualitative Risk Analysis process of risk management. A simple spreadsheet listing risks and who is responsible for addressing them will be far more beneficial to a project than a complex tool or methodology that no one uses. In addressing risk management planning for complex business-critical projects, you should tailor the level, type and visibility of risk management to match the risks associated with the project and projects performance. Plan Risk Response processes MOSTLY affect the project management plan. Project management plan updates are one of the outputs of Plan Risk Responses. If you have identified only six risks for a project worth more than $100,0000 with 30 plus team members and several stakeholders. Then you must revisit the Identify Risks process. For such a large project, the PM should have identified more than six risks. Stakeholders are involved in the Identify Risks process by the Project Manager. Workarounds are created later in the risk process. Plan Risk Responses must include the involvement of all risk response owners and possibly others. The Plan Risk Responses process receives input from the risk response owners. Accepting a risk can be passive (whatever happens, happens) or active (creating contingency plans). Recovering project costs from the insurance company is NOT a possible outcome of risk acceptance. A risk rating matrix only helps identify probability and impact. Trends can only be analyzed when the work is ongoing. The purpose of data quality assessment is to test the value of the data. If you have identified a major project risk and PMO has determined that a reserve on the project is not necessary. The NEXT step is to create a risk response plan that includes the risk. If team members will learn more about a certain technology and will be able to use that information on future projects, this is described as an opportunity on a project. The sponsor is not required to see non-critical risks, but should see the residual ones. Quantitative risk analysis should be done if the risk was rated low in qualitative risk analysis.

If a new risk was identified and has undergone qualitative risk analysis but was decided that it did not rank higher than already identified risks to continue the process. The PM should look at the impact of the new risk to the project as a whole. Team members will have knowledge of the project and the product of the project and will thus have a lot to contribute to risk responses. Those responsible for risk templates will be able to provide the templates from past projects (historical records) and therefore will be very important. Key stakeholders will know more about the technical working of the project to help plan "What are we going to do about it?" The sponsor may have the least knowledge of what will work to solve the problems. Sponsors need to be involved in the project and help identify risks. They may even approve the response plans created by others, but they would not generally be major contributors to response plans. If a major problem has occurred that was not included in the risk register, the PM should create a workaround as the FIRST step. Delphi technique is the best one for gathering information when you have subject matter experts spread around the globe, but available via e-mail. The Delphi technique uses experts and builds consensus; therefore, expert opinion is the chief characteristic of this technique. Historical information, Lessons Learned and Work Breakdown Structure are ALWAYS inputs to the risk management process. Insurance premiums come into play when you determine which risk response strategy you will use. Risk Event, Risk Probability and Amount at stake are all factors in the assessment of project risk. Closed Risks are an output of Monitor and Control Risk process. Probability and impact matrix is adopted during the Plan Risk Management process. The probability of achieving objectives is calculated during Perform Quantitative Risk Analysis. The outputs of the Plan Risk Responses process include a risk response plan, risk response owners assigned and residual risks. "What is an output of the Perform Qualitative Risk Analysis process?" Prioritized list of project risks. If project has a schedule reserve of 28 days and customer is requesting to add scope with a 40% chance of delay of an addition 14 days. What can be done? Investigate the EMV of the new risk event. The expected monetary value of the new risk event is only 5.6 days (40 percent x 14 days = 5.6). Add 5.6 days to the schedule reserve. Lack of an adequate test environment, limited testing, and likely unavailability of the resources are all risks that should be identified early in the project, and for which response strategies should be developed.

If the project cannot be cancelled because there will be large expenditure on plant and equipment. The PM should perform identification of risks MOST importantly. If the impact of an anticipated risk is greater than expected. Revisit the Quantitative Risk Analysis process. Identifying secondary risks is good and expected while completing the Plan Risk Responses process. Document the new risks and continue the Plan Risk Responses process. If during planning you discover that the project team cannot come up with an effective way to mitigate or insure against a risk, it cant be outsourced or avoided. The BEST solution would be to Accept the risk. If a risk event has caused impact to the cost on the project, equaling 15% of the total project cost. The MOST appropriate action would be to inform the appropriate stakeholders. Reviewing what is and isnt mentioned in the project charter can help determine risks to the project. In Identify Risks, we make a list of risks. In Perform Quantitative Risk Analysis we assess the impact and probability that the event will happen. In Plan Risk Responses we plan our responses to the risk events. In Monitor and Control Risks, we monitor and execute the responses. To mitigate risk we either reduce the probability of the event happening or reduce its impact. Many people think of using insurance as a way of decreasing impact. However, mitigating risk is taking action before a risk event occurs. Acceptance of risk does not involve such actions as purchasing insurance. Avoidance of risk means that we change the way we will execute the project so the risk is no longer a factor. Transference is passing the risk off to another party. Purchasing insurance is BEST considered an example of risk Transfer. If the team has identified risks, tested assumptions, assessed the quality of the data used, then the PM should involve other stakeholders in order to identify any further risks. As we devise responses to the identified risks, we create new risks. These risks are the secondary risks. They are identified during risk response planning and we must determine whether we will respond to these additional risks. During Plan Risk Response process of risk management, determination to transfer a risk is made. If during a system development project which is nearing closure, an unidentified risk is discovered. You should first qualify the risk. The probabilistic analysis of the project is an input to Plan Risk Responses part of the risk management process. Prioritized risk ratings are an input to the Plan Risk Responses process. Risk tolerances are determined in order to help the team rank the projects risks.

During planning phase, a PM is planning the upcoming project execution team meetings. She should include review of upcoming identified risks that can have the most impact on the projects success. If you know the tolerances of the stakeholders, you can determine how they might react to different situations and risk events. You use this information to help assign levels of risk on each work package or activity. A risk rating matrix is developed by a department or a company to provide a standard method for evaluating risks. This improves the quality of the rating for all projects. It should not be changed as this would make it impossible to compare the risk of one project to another. Risk Rating Matrix should be standardized between projects. If you identify additional risk when preparing your risk responses, you should document the risks and calculate the expected monetary value based on probability and impact that result from the occurrences. If a risk occurs during the project that does not have a risk response plan, then the PM should hold a risk re-assessment and plan a workaround. The only other factor to help determine risk reserves that would come after risk response strategies would be the determination of secondary risks. The Perform Quantitative Risk Analysis process aims to analyze numerically the probability of each risk and its consequence on project objectives. These risks are then diminished, if possible, in the Plan Risk Responses process. When the impact of a known risk event is more significant than expected, additional risk responses are documented. Contingency reserves address known unknowns and are managed by the project manager, versus management reserves, which address unknown unknowns and are managed by senior management. It would be BEST to Deflect or Transfer the risk, if no matter what the company does the risk could occur at any point. Contract terms and conditions, risk response plan and schedule reserves are common outputs of risk management plan. Determining the risk rating of the project is done during Perform Qualitative Risk Analysis. If a PM has just finished the risk response plan for a project, he should probably add work packages to the project work breakdown structure next. The activities of the Perform Qualitative Risk Analysis process are probability and impact definition, assumptions testing (data quality assessment), and probability and impact matrix development. If the project has deviated too far from the baseline, then updated risk identification and analysis should be performed. All remaining risks (residual risks) that one decides not to do something about should be documented in the risk register and re-visited later during project execution. Monte Carlo analysis is used to get an indication of the risks involved in the project.

Determining cost and schedule reserves, identifying risk requiring the most attention and determining the overall project risk exposure are all part of the processes of Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis and Plan Risk Responses. If a project has already begun and there appear to be many risks on this project and nobody has evaluated them to assess the project outcomes. Then you must immediately perform Plan Risk Management. It is neither possible nor practical to develop a response strategy for all risks. If the team cannot identify a suitable response to an identified risk, then you should apply the Acceptance risk response strategy. The transference of a risk does not remove all impacts of the risk under contract. A management reserve is used for unknown risks, and it is wise to inform management that unknown risks can occur. In the Perform Qualitative Risk Analysis process, the impact and probability of each risk is determined. A known unknown is a risk that we can identify as possibly happening. Risk identification for a business within the flood zone of a river should include the possibility of a flood. If one of your projects to build a structure was destroyed by fire, what would be the BEST way to ensure that this would not impact the project cost? Reduce the impact of the risk by transferring. If during project initiation, management has asked you to provide an analysis of the risks on the project. It would be best to have a conversation with a team member from a similar project that failed in the past. If you cannot determine an exact cost impact of the event, use qualitative estimates such as Low, Medium, High, etc. If the team member needs training for the project activities and there is no indication that the days away from work is a problem. The PM should include the training in the project management plan. Risks change throughout the project. You need to review risks at intervals during the project to ensure that non-critical risks have not become critical. Risks on the watch-list should be documented and revisited during monitoring and controlling. If you have a major project scheduled during a seasonal storm, then you should monitor the weather and have a contingency plan in place in case of outages and damage to property. Plan Risk Responses process focuses on previously identified risks, and the Monitor and Control Risks process measures project performance, they do not need to make use of organizational process assets. Ranking of risks and list of risks for additional analysis are outputs of the Perform Qualitative Risk Analysis process. Generally, project risks are identified after you have the WBS, the project charter is created and before the Verify Scope process has taken place. It must happen after each change.

If management has decided that it would be best to make sure the risk definitely happens. This is an example of Exploit Risk Response strategy. This risk must be an opportunity. The Monitor and Control Risks process involves executing the risk response plan in order to respond to risk events over the course of the project. Risk control procedures encompass all of risk management, not just contingencies. Workarounds by their definition are un-planned. Contingency plans are planned responses to risk events. Workarounds are unplanned responses to risks that were previously unidentified or accepted. As new risks are identified, it is important to repeatedly update your risk management plan, including quantifying risks and developing planned responses as appropriate. It is common practice to add management reserve for unknown unknowns, especially when there are only two identified risks. Probabilistic analysis of the project and probability of achieving the project cost or time are completed during Perform Quantitative Risk Analysis. If a PM has completed Plan Risk Responses process and has a risk response plan, the NEXT thing would be to update the project management plan. Delays in obtaining required approvals can interfere with attaining a projects schedule objective. It is a risk event. Identifying root causes is part of the Identify Risks process. NOT Perform Qualitative Risk Analysis. If during project executing, team member identifies a risk that is not in the risk register. First, you want to determine what the risk entails and the impact to the project, then determine what actions you will take regarding the risk. If the risk response owner is away, the PM must watch for any risks occurring and fulfill the responsibilities in the absence of risk response owner. The risk response owners are the ones to take action when an identified risk occurs, workarounds are not planned and risk response owners are not assigned to identify risks. PM should look for unexpected impacts of implemented risk responses. If a PM has completed subjectively evaluating risks on the project, he should determine which risks to process further and which to simply document. The risk response owner should be looking for triggers and be responsible for implementing the risk response strategy. Risks are identified during Identify Risks and Monitor & Control Risks processes. Risk mitigation reduces either the probability or the impact of negative risk events (threats). The network diagram shows where activities converge from many activities to one activity or diverge from one activity to many activities. These are bottlenecks that increase the risk of the central activity. Risk management cannot proceed without a prioritized list of risks.

Analyzing secondary risks is part of the Plan Risk Responses process. These must be analyzed before moving to Monitor and Control. In order to handle a high probability risk during development, you decide to prototype the equipment. This is an example of risk mitigation. As a result of risk management, a change to the project charter is not always necessary. In fact, a change to the charter is a fundamental change to the project and may require a major adjustment to all aspects of the project management plan. Risk response owners can potentially have conflict with risk auditors because risk auditors investigate their effectiveness. The risk response owner is assigned to carry out responses and must keep the project manager informed of any changes. A risk list, process updates and change requests are not outputs of the Plan Risk Responses process. Outputs of the Plan Risk Response process include Residual risks, fallback plans and contingency reserves. If you determine that a prototype can fulfill the needs of another project requirement, then you should look for the risk impacts of fulfilling another requirement with the prototype. What is the BEST way to describe the outputs of the Identify Risks process? An understanding of the project risks. Risk avoidance removes the risk from the project. Removing a team member from the project team in order to decrease the overall project risk is an example. If the impact of the risk has changed, you need to ensure that the response is still appropriate for the situation. If a project is dropped to lower priority on the list of his departments prioritized projects. Then it would be BEST for the PM to use some of the management reserve to accommodate the change. The risk management plan identifies how risks will be managed on the project. The project management plan can be changed as a result of the actions needed to manage risks. If you noticed that the contingency plan worked only marginally. Then you should recommend a project change request. A risk rating matrix is created during the Perform Qualitative Risk Analysis process. The only tool that computes probabilities of events happening on specific days is Monte Carlo analysis. As more risks are identified, the amount of contingency reserves set aside to cover those risks will increase, not decrease. However, a project on which thorough risk response planning is done is likely to experience fewer unplanned risk events. Those unplanned events would add more cost to the project than would the reserves for identified risks.

A workaround refers to determining how to handle a risk that occurs but is not included in the risk register. The project must be in the Monitor and Control Risks process if risks have occurred. Monitor and Control Risks measure against a plan, so it does not use the project scope statement as an input. Plan Risk Responses works with identified risks, and so does not use the project scope statement as an input. Perform Qualitative Risk Analysis and Plan Risk Management use the project scope statement as an input. If the expected monetary value of the first risk is 0.3 x $3,000,000 or $900,000. The expected monetary value of the second event is 0.3 x (-$1,600,000) or $480,000. The expected monetary value of the third risk is 0.2 x (-$1,800,000 $500,000) or -$260,000. The total of all three potential risk events is $900,000 $480,000 - $260,000 or $160,000. First, you should evaluate the impact of the change. Next, determine options. Then go to management and the customer. Retainage is the planned withholding of funds under contract. Retain is not a risk response strategy. If customer requests a change to the project that would increase the project risk. Analyze the impacts of the change with the team. If the PM sends a request for proposal for work to be done by another company faster, that the team was going to perform. He is said to be attempting to work with Opportunities. A risk with a low consequence is generally not worth the money to insure against it or to reduce the consequence. It should be added to the watch-list. Risk is so important that it must be discussed at all team meetings.