RMP Workbook

RMP® Certification Course
Lesson 1—Introduction to PMI-RMP® Certification Course
1
Objectives
After completing ● Describe the PMI-RMP® certification exam outline

this lesson, you will
be able to: ● Explain the eligibility criteria for PMI-RMP® exam
● Explain the application processing timeline and the exam syllabus
● List the domains and processes in Project Risk Management
2
Course Overview
This training course provides the following:
● Information on PMI-RMP® and PMI®
● Prerequisites for the PMI-RMP® exam
● Information about the PMI-RMP® exam
● Timeline of the RMP® application process
● PMI-RMP® exam syllabus
● Overview of different domains
● Information on Simplilearn’s RMP® certification course structure
3
Course Overview (contd.)
There are following 10 Lessons in this course:
Lesson Number Name of the Lesson

1 Introduction to PMI-RMP® Certification Course
2 Risk Management Framework
3 Principles and Concepts
4 Introduction to Project Risk Management processes
5 Plan Risk Management
6 Identify Risks
7 Perform Qualitative Risk Analysis
8 Perform Quantitative Risk Analysis
9 Plan Risk Responses
10 Control Risks
4
PMI-RMP® and PMI®—Information
Following are the terms and information related to PMI-RMP® and PMI®:
● PMI®: Project Management Institute
● PMI® is an organization and PMI-RMP® is a certification
● PMI-RMP®: Project Management Institute-Risk Management
Professional
● PMI® conducts PMI-RMP® examinations
● PMI-RMP® certification is valid for 3 years
● PDU: Professional Development Unit
● REP: Registered Education Provider
● PMBOK®: Project Management Body of Knowledge
● PMBOK® is the base text book for most of the PMI® certifications
● The other text book for RMP® exam preparation is Practice Standard
for Project Risk Management
5
Prerequisites for the PMI-RMP® Exam
The eligibility norms for the PMI-RMP® exam are as follows:
Category College/University Education Project Risk Management Project Risk Management

Education Experience
One Four-year degree (Bachelor’s degree or 30 contact hours or PDUs 3,000 hours within the last
global equivalent) five consecutive years
Two Secondary Diploma (High school diploma, 40 contact hours or PDUs 4,500 hours within the last
associate’s degree, or global equivalent) five consecutive years
● Application can be submitted online to REPs.

● Visit the website www.pmi.org for more details.
● Authorization mail is sent by PMI®.
● The exam must be written within an year of receiving the authorization mail.
6
RMP® Credential Process—Timeline
The following details the application processing timeline:
Application Application
Application Certification
Completeness Payment Exam Eligibility Audit Process
Submission Review Cycle
Process
3 years from the If application is

date the Multi- selected, you
Cannot schedule Rater Assessment 1 year from the have 90 days to
Windows open 5 days after exam until you (MRA) is passed date of the send your audit
90 days submitted online submit payment to obtain and application material and
of credential fees report PDUs approval PMI® takes
toward credential approximately
maintenance 5–7 days
7
About the PMI-RMP® Exam
Details of the examination are as follows:

● Total number of Questions: 170, of which, 20 questions are test questions for future tests.
● Only 150 questions are scored.
● 1 point for every right question, and no penalty for wrong answers.
● Exam duration is 3.5 hours.
● PMI® grades students on each of the four Project Risk Management domains and based on this
grading, it declares a PMI-RMP® pass or fail.
● The number of grades one has to score to pass the PMI-RMP® exam is not made public by PMI®.
● The grades used are “Below Proficient”, “Proficient”, and “Moderately Proficient.”
8
About the PMI-RMP® Exam (contd.)
Exam questions will cover all the five domains of Project Risk Management.
Project Risk Management Domains Percentage of Questions

Domain 1 - Risk strategy and planning (5 tasks) 19-20%
Domain 2 - Stakeholder engagement (9 tasks) 19-20%
Domain 3 - Risk process facilitation (7 tasks) 25-28%
Domain 4 - Risk monitoring and reporting (7 tasks) 19-20%
Domain 5 - Perform specialized risk analyses (3 tasks) 14-16%
Total 100%
9
PMI-RMP® Exam Syllabus
There are 5 domains and 6 processes in Project Risk Management. The first five processes belong to
the planning process group, and the last process belongs to the monitor and control process group.
Domains Processes
● Risk strategy and planning (5 tasks) ● Plan risk management

● Stakeholder engagement (9 tasks) ● Identify risks
● Risk process facilitation (7 tasks) ● Perform qualitative risk analysis
● Risk monitoring and reporting (7 tasks) ● Perform quantitative risk analysis
● Perform specialized risk activities (3 tasks) ● Plan risk responses
● Control risks
10
Domain 1—Risk Strategy and Planning
Risk Strategy and Planning domain contains activities related to developing policies, processes, and
procedures; risk assessment, planning, and response. The tasks in this domain are the following:
Task: 1 Develop risk assessment processes and tools.
Task: 2 Update risk policies and procedures.
Task: 3 Develop and recommend project risk strategy.
Task: 4 Produce risk management plan for the project.
Task: 5 Establish evaluation criteria for risk management processes.
11
Domain 1—Risk Strategy and Planning—Knowledge and Skills
Listed below are the knowledge and skills required in Risk Strategy and Planning domain:
Knowledge Skills
● Continuous process improvement ● Assessing stakeholder risk tolerance
● Knowledge management technique ● Building stakeholder consensus
● Metrics for effective risk process
● Risk attitude concept
● Risk Breakdown Structure
● Risk tolerance concepts
● Barriers to effective risk management
● Risk management ITTOs
● Reserve analysis
● Research and analysis technique
● Basic strategy development
methodologies
12
Domain 2—Stakeholder Engagement
Stakeholder Engagement domain contains activities related to promoting the understanding of

Project Risk Management for stakeholders and project team members, assessing stakeholder risk
tolerance, prioritizing project risk, and promoting risk ownership. The tasks in this domain are the
following:
Task: 1 Promote common understanding of value of risk management.
Task: 2 Train, coach, and educate stakeholders in risk principles and processes.
Task: 3 Coach project team members.
Task: 4 Assess stakeholder’s risk tolerance.
Task: 5 Identify stakeholder’s risk attitudes.
Task: 6 Engage stakeholders based on risk prioritization.
Task: 7 Provide risk-related recommendations to stakeholders.
Task: 8 Promote risk ownership by proactive communication.
Task: 9 Liaise with stakeholders of other projects.
13
Domain 2—Stakeholder Engagement—Knowledge and Skills
Listed below are the knowledge and skills required in Stakeholder Engagement domain:
Knowledge Skills
● Information resources, both internal, like ● Assessing stakeholder’s risk
organizational process asset, and external, tolerance
like enterprise environmental factors ● Collaborating with stakeholders
● Project performance information ● Managing teams in multicultural
● Stakeholder sensitivity analysis models environments
● Training and coaching techniques ● Influencing change
● Types of stakeholder risk attitudes like risk
seeking, tolerance, and averse
● Group decision-making
● Group creativity like brainstorming, Delphi
technique
14
Domain 3—Risk Process Facilitation
Risk Process Facilitation domain contains activities related to facilitating risk identification, evaluation,
prioritization, and response among project team members.
The tasks in this domain are the following:
Task: 1 Apply risk assessment processes and tools.
Task: 2 Facilitate risk identification.
Task: 3 Facilitate project team’s evaluation of the identified risks attributes.
Task: 4 Facilitate development of an aligned risk response strategy and actions.
Task: 5 Facilitate the formulation of project contingency reserve.
Task: 6 Provide risk data to cost and schedule analysts.
Task: 7 Validate potential risk responses, key dependencies, and requirements.
15
Domain 3—Risk Process Facilitation—Knowledge and Skills
Listed below are the knowledge and skills required in Risk Process Facilitation domain:
Knowledge Skills
● Basic risk identification tools and ● Analytical software tools for Project
techniques Risk Management
● Basic qualitative and quantitative risk ● Managing teams in multicultural
analysis tools and techniques environments
● Risk perception and behavior ● Estimating probability and impact of
● Risk response strategy types identified risks
● Contingency management tools and
techniques
● Risk monitoring and control techniques
● Group decision-making
● Group creativity like brainstorming, Delphi
technique
16
Domain 4—Risk Monitoring and Reporting
Risk Monitoring and Reporting domain contains activities related to monitoring risk, evaluating risk
response against established metrics, and communicating risk response performance to stakeholders
and project team.
Task: 1 Document and periodically update project risk information.
Task: 2 Coordinate with project manager.
Task: 3 Create periodic standard and custom reports.
Task: 4 Monitor risk response metrics.
Task: 5 Analyze risk process performance against metrics.
Task: 6 Update Project Risk Management plan.
Task: 7 Capture risk lessons learned.
17
Domain 4—Risk Monitoring and Reporting—Knowledge and Skills
Listed below are the knowledge and skills required in Risk Monitoring and Reporting domain:
Knowledge Skills
● Continuous process improvement and ● No specific skill required
quality management as applied to risk
management
● Knowledge management techniques
● Alternative formats for project risk reports
● Requirements for risk register data fields
● Risk statement construction
● Risk response activity construction
● Risk response metrics
● Risk process performance metrics
● Risk assessment analysis metrics
● Risk management reserves
18
Domain 5—Perform Specialized Risk Analyses
Perform Specialized Risk Analyses domain contains activities related to the specialized qualitative and
quantitative tools and techniques used by Project Risk Management professionals.
Task: 1 Evaluate the attributes of identified risks.
Task: 2 Analyze risk data produced during the project.
Task: 3 Perform specialized risk analysis.
19
Domain 5—Perform Specialized Risk Analyses—Knowledge and Skills
Listed below are the knowledge and skills required in Perform Specialized Risk Analyses domain:
Knowledge Skills
● Advanced risk identification tools and ● Converting qualitative information into
techniques risk data
● Advanced quantitative risk analysis tools and ● Building representative risk models
techniques ● Managing and interpreting quantitative
● Tools and techniques for identifying and and qualitative data
analyzing overall project risk
● Basic and advanced statistics
● Estimation tools and techniques to support risk
decision-making
● Advanced theory of heuristics and other
resources
● Variance analysis using earned value method
20
Summary
Here is a quick ● PMI-RMP® stands for Project Management Institute-Risk Management

recap of what was
Professional.
covered in this
lesson: ● The exam format and exam syllabus are defined by PMI®.
● The five domains in Project Risk Management are: Risk strategy and
planning, Stakeholder engagement, Risk process facilitation, Risk monitoring
and reporting, and Perform specialized risk activities.
● The six processes in Project Risk Management are: Plan risk management,
Identify risks, Perform qualitative risk analysis, Perform quantitative risk
analysis, Plan risk responses, and Control risks.
21
This concludes ‘Introduction to PMI-RMP® Certification Course.’
The next is ‘Risk Management Framework.’
©©
Copyright
Copyright2014, Simplilearn,AllAll
2014, Simplilearn, rights
rights reserved.
reserved. 22
Lesson 2—Risk Management Framework
© Copyright 2014, Simplilearn, All rights reserved. 1

Objectives
After completing ● Describe the purposes of Practice Standard for Risk Management
be able to: ● Define Project Risk Management
● List the good risk management practices
● List the different types of risks
2
Purposes of Practice Standard for Risk Management
The purposes of Practice Standard for Risk Management are as follows:

● To provide a standard for stakeholders, and a framework which are recognized as good practices.
● To provide a standard that is globally applicable and consistently applied.
Practice Principles of the Specialization

Standard
A Guide to the Project
Management Body of
Knowledge Processes
(PMBOK® Guide - 5th Edition)
Handbooks Textbooks Courses Theory, Tools/Techniques
3
Project Risk—Definition
The Standard for Project Risk Management defines project risk as:
“An uncertain event or condition that, if it occurs, has a positive or a
negative effect on a project’s objectives.”
The negative effect is called threat and the positive effect is called
opportunity.
4
Project Risk Management—Definitions
The Standard for Project Risk Management defines Project Risk Management as follows:
Project Risk Management includes the processes concerned with conducting risk management
planning, identification, analysis, responses, and monitoring and controlling of a project.
The objective is to increase the probability and the impact of positive risks and decrease the
probability and the impact of negative risks.
Exploit
Uncertainty/ Enhance
Probability Positive Opportunity Benefit
Share
Project Risk
Accept
Impact
Avoid
Mitigate
Negative Threat Issue
Transfer
Accept
5
Project Risk Management—Definitions (contd.)
Following are the definitions which are frequently used in the course:
Issue
It is something that is occurring in the present; It is known, and it is being dealt with.
Risk Event
Description of a scenario that may occur if the risk were to materialize (good to capture it in the cause-risk-effect
format).
Risk Trigger
Sign or indicator that a risk event is about to occur.
Risk Management Plan
Documents how risk management processes will be carried out.
6
Project Risk Management—Definitions (contd.)
Other definitions are as follows:

Risk Register
The risk register details all identified risks, including description, category, cause, probability of occurring, impact(s)
on objectives, proposed responses, owners, and current status.
Risk Breakdown Structure
A hierarchical breakdown of risks organized by risk categories.
Probability
Defines the likelihood of the occurrence of the risk.
Impact
The result and consequence of the probability of risk occurring.
7
Roles of Project Risk Management
The roles of Project Risk Management are as follows:
● Essential for successful project management because of high level of

uncertainties.
● Addresses uncertainty in project estimates and assumptions.
● Not a substitute for other project management processes.
● Integral part of project management processes.
The risk management outcomes act as inputs for considering the

contingency reserve in case of scheduling and cost management. Risk
management should be conducted throughout the life cycle of the project.
8
Good Risk Management Practices
To achieve risk management successfully, good practices need to be followed.

The good practices in Risk Management are as follows:
● Project Risk Management should be consistent.
● It should consider enterprise environmental factors and organizational process assets.
● It should be conducted in compliance with internal and external requirements.
● It should be conducted in an ethical manner following the code of conduct.
● Periodic review should be conducted.
In general, large projects that provide value to an important customer require more resources, time,
and attention to project risk management.
9
Critical Success Factors
The following image shows the critical success factors for Project Risk Management:
Integrate with Project Recognize the Value of Risk

Management Management
Risk Management Individual

Scale Risk Effort to Project Success Commitment/Responsibility
Organizational Commitment Open and Honest

Communication
10
Functional Organization
The image below is an example of a functional organization.
CEO
VP-Marketing VP-Engineering VP-Manufacturing
Staff Manager Staff Manager Staff Manager
Team Team Team Team Team Team

Member Member Member Member Member Member
11
Functional Organization—Advantages and Disadvantages
Following are the advantages and disadvantages of functional organizations:
Advantages Disadvantages
Easier management of specialists Team member loyalty
Clear reporting structure No project management career path
Similar resources are centralized Project manager has no authority
Since the functional organization shows interest in their functional-related activities rather than
project-related activities, the projects which are running under this functional organization may carry
project-related risks like schedule delays due to lack of human resource commitment.
12
Projectized Organization
In a projectized organization, the project manager is in total control of resources and budget.
CEO
Project Manager Project Manager Project Manager
Project Project Project Project Project Project Project Project Project

Member Member Member Member Member Member Member Member Member
13
Projectized Organization—Advantages and Disadvantages
Following are the advantages and disadvantages of projectized organizations:
Effective project organization No home after project completion
Loyalty to project No competency in specialization
More effective communication than Less efficient use of resources

functional organization
14
Matrix Organization
The matrix organizations combine the aspects of functional and projectized structures.
CEO
VP-
VP-Marketing VP-Engineering VP-Projects
Manufacturing
Program
Staff Manager Staff Manager Staff Manager
Manager
Team Team Team Team Team Team Team Team

Member Member Member Member Member Member Member Member
15
Matrix Organization—Advantages and Disadvantages
Following are the advantages and disadvantages of matrix organizations:
Highly visible project objectives Dual reporting structures
Improved control over resources Not cost effective because of extra admin
Better horizontal and vertical dissemination of Functional managers may have different priorities
information than functional organizations than project managers
Team members maintain a home Tougher problems with resource allocation
Maximum utilization of scarce resources Higher potential of conflicts and effort duplication
16
Types of Risk
The two types of risks are business and pure risks.
Types of Risk
Business Risks Pure Risks
Possibility of gain Only possibility of

or loss loss
Examples: Raw material price Examples: Direct property

fluctuation damage, fire, flood, windstorm,
accidents, damage to equipment
in transit, theft, legal liability like
lawsuits, and work-related injuries
May either be a threat or

opportunity
17
Types of Risk—Knowledge of Risk Level
Risks could be captured by impact

on the following project Types of Risk
objectives:
● Scope; Known Unknown

Known Risks
Unknown Risks Unknown Risks
● Quality;
Knowledge of No awareness
Risk is clear
Risk of Risk
● Schedule; and
● Cost. No uncertainty Uncertainty on Uncertainty on

exists influence influence
18
Quiz
19
QUIZ
Which of the following statements is NOT true about risk events?
1
a. Project risks are uncertain events

b. If risks occur, they can have a positive or negative effect on project objectives
c. Risks are always negative
d. Risks that have more perceived rewards to the organization than the
consequences of the risk should be accepted
20
QUIZ
Which of the following statements is NOT true about risk events?
1
a. Project risks are uncertain events

b. If risks occur, they can have a positive or negative effect on project objectives
c. Risks are always negative
d. Risks that have more perceived rewards to the organization than the
consequences of the risk should be accepted
Answer: c.
Explanation: Risks are not always negative. It might be threats, or opportunities to the
project.
21
QUIZ
Which of the following statements is the best answer for known risk?
2
a. Risk is clear
b. Uncertainty on influence is high
c. Risk is known, but impact is not
d. No awareness of risk
22
QUIZ
Which of the following statements is the best answer for known risk?
2
a. Risk is clear
b. Uncertainty on influence is high
c. Risk is known, but impact is not
Answer: a.
Explanation: In case of a known risk, the risk is clear and there is no uncertainty.
23
QUIZ
What is the definition of impact with respect to risk?
3
a. The likelihood that risk will occur

b. The result and consequence of the probability of risk occurring
c. Sign or indicators that a risk event is about to occur
d. Description of a scenario that may occur if the risk were to materialize
24
QUIZ
What is the definition of impact with respect to risk?
3
a. The likelihood that risk will occur

b. The result and consequence of the probability of risk occurring
c. Sign or indicators that a risk event is about to occur
d. Description of a scenario that may occur if the risk were to materialize
Answer: b.
Explanation: By definition, the result and consequence of the probability of risk occurring is
called impact.
25
QUIZ
What is the definition of pure risk?
4
a. May either be a threat or opportunity

b. Possibility of gain or loss
c. Only possibility of loss
26
QUIZ
What is the definition of pure risk?
4
a. May either be a threat or opportunity

b. Possibility of gain or loss
c. Only possibility of loss
Answer: c.
Explanation: The definition of pure risk is the only possibility of loss like flood, theft, fire,
etc.
27
Summary
Here is a quick ● Purpose of the Practice Standard for Project Risk Management is to provide
recap of what was
a standard for stakeholders that is globally applicable and consistently
covered in this
lesson: applied.
● Project Risk Management includes the processes concerned with
conducting risk management planning, identification, analysis, responses,
and monitoring and controlling of a project.
● Good risk management practice is to keep it consistent, consider enterprise
environmental factors, organizational process assets, and so on.
● The two types of risks are business risks and pure risks.
28
This concludes ‘Risk Management Framework.’
The next lesson is ‘Principles and Concepts.’
29
Lesson 3—Principles and Concepts
1
Objectives
After completing ● Explain individual and overall project risk

● Identify stakeholder risk attitudes
be able to:
● Explain iterative process
● Define communication
● Describe responsibility for Project Risk Management
● Recognize the role of project manager
2
Individual and Overall Project Risks
The project risk is an uncertain event or a condition that has a positive or a

negative effect on the project objectives. Project risk is classified into two levels:
1. Individual risk
2. Overall project risk
Understanding individual risk helps in overcoming the project-related risks and
increases the probability of project success.
The overall project risk represents the effect of uncertainty on the project as a
whole.
The assessment of project risk helps in decision-making at strategic level and in
turn at program, portfolio, and project governance levels to decide priorities.
3
Stakeholder Risk Attitudes
It is important for a project or a risk manager to understand stakeholders’ risk attitudes. The risk
attitudes of the project stakeholders determine the extent to which an individual risk or overall
project risk matters.
It usually result in a desire for increased certainty in project outcomes and it may express a preference
for one project objective over the other. Understanding stakeholders’ attitudes towards risk is an
important component of risk management planning.
! The priority of the risk depends upon the risk attitudes and tolerance levels of the stakeholders.
4
Stakeholder Risk Attitudes
Risk seeker Risk neutral Risk averse
Stakeholders are risk seeking in nature.
5
Stakeholder Risk Attitudes (contd.)
Stakeholders are neither risk averse nor risk seeking.
6
Stakeholder Risk Attitudes (contd.)
Stakeholders who does not take risks.
7
Iterative Process
Risk management is not a one-time activity. Some important

pointers, which must be kept in mind when discussing the
iterative processes of risk management are as follows:
● Risk identification is repeated throughout the project life
cycle.
● Periodicity should be determined.
● Risk identification can be repeated at a key milestone or
when there is a change in the project or its operating
environment.
8
Communication
Communication is essential while conducting Project Risk

Management. Important points to be kept in mind to make the
risk management informative or to create awareness are as
follows:
● Project Risk Management cannot be conducted in siloes.
● Risk identification and analysis depends on stakeholders’
input.
● Effective and honest communication among the stakeholders.
● The result of the communication should meet the need of
each stakeholder as well as the overall project objectives.
9
Responsibility for Project Risk Management
Since project risks can affect project objectives,

anyone with an interest in achieving those objectives
should play a role in Project Risk Management. Some
of the responsibilities for Project Risk Management
are as follows:
● Project Risk Management should be an integral
part of all the other project knowledge areas.
● Roles and responsibilities like owner, should be
RACI
clearly identified and communicated. R: Responsibility, A: Accountability,
● RACI model can be used to define the roles and C: Consult, I: Inform.
responsibility.
10
Role of Project Manager
The various roles of a project manager are as follows:
11
Quiz
12
QUIZ A project team is in the process of risk tracking and control. The risk control action
defined by the mitigation and contingency plans is being implemented in accordance
1 with the details of those plans. Who is responsible for implementing these actions?
a. Project manager
b. Project team
c. Risk owner
d. Risk manager
13
QUIZ A project team is in the process of risk tracking and control. The risk control action
defined by the mitigation and contingency plans is being implemented in accordance
1 with the details of those plans. Who is responsible for implementing these actions?
a. Project manager
b. Project team
c. Risk owner
d. Risk manager
Answer: c.
Explanation: A risk owner for a risk is identified during the planning stage of risk
management; and he helps to assess the risk and produce probability and impact
information.
14
You are a project manager in a financial firm. You feel that the financial meltdown in
QUIZ one of the client's countries could affect your project adversely thus you want to hedge
2 your risks. Although, the probability of occurrence of the event is low, you are advised
to play it safe. In terms of risk attitude, your organization could best be described as?
a. Risk seeker
b. Risk averse
c. Risk neutral
d. Risk mitigation
15
You are a project manager in a financial firm. You feel that the financial meltdown in
QUIZ one of the client's countries could affect your project adversely thus you want to hedge
2 your risks. Although, the probability of occurrence of the event is low, you are advised
to play it safe. In terms of risk attitude, your organization could best be described as?
a. Risk seeker
b. Risk averse
c. Risk neutral
d. Risk mitigation
Answer: b.
Explanation: Someone who does not want to take risks is called risk averse and the project
manager in this case seems to be part of such an organization.
16
QUIZ
What is the meaning of iterative process in case of risk management?
3
a. Risk identification is repeated throughout the project life cycle

b. Risk identification happens only during the start of the project
c. Risk identification happens only during the end of the project
d. Risk identification happens during the peak of the project
17
QUIZ
What is the meaning of iterative process in case of risk management?
3
a. Risk identification is repeated throughout the project life cycle

b. Risk identification happens only during the start of the project
c. Risk identification happens only during the end of the project
d. Risk identification happens during the peak of the project
Answer: a.
Explanation: Iterative process in case of risk management means it is repeated throughout
the life cycle of the project based on the milestones or predefined period.
18
QUIZ
The responsibility of Project Risk Management lies with:
4
a. Everyone
b. Project manager
c. Functional manager
d. Project sponsor
19
QUIZ
The responsibility of Project Risk Management lies with:
4
a. Everyone
b. Project manager
c. Functional manager
d. Project sponsor
Answer: a.
Explanation: Project Risk Management is everyone’s responsibility.
20
Summary
Here is a quick ● Individual risk and overall project risk are the two levels of project risk.
recap of what was
● Stakeholder’s risk attitudes may be risk seeker, risk neutral, and risk averse.
covered in this
lesson: ● Risk identification is an iterative process.
● Communication should be effective and honest to meet the needs of
stakeholders and project objectives.
● RACI model can be used to define the roles and responsibility in Project Risk
Management.
● Project Risk Management should be an integral part of all the other project
knowledge areas.
21
This concludes ‘Principles and Concepts of Project Risk Management.’
The next is ‘Introduction to Project Risk Management Processes.’
22
Lesson 4—Introduction to Project Risk Management Processes
1
Objectives
After completing ● Define Project Risk Management

● Explain Project Management
be able to:
● Identify Project Risk Management processes
2
Project Risk Management
The definition of Project Risk Management is as follows:
Project Risk Management includes the processes of conducting risk management planning,
identification, analysis, response planning, and controlling risk on a project.[1]
Project Risk Management:

● is an integral part of Project Management.
● provides an approach to understand, assess, and manage uncertainties within projects.
! Effective Project Risk Management is essential for the success of a project.
3
Project Risk Management and Project Management
The output of the Project Management process can be considered as an input for risk management
and vice versa.
Project Management is an attempt to control the uncertain environment through the use of
structured techniques like estimating, planning, cost control, activity allocation, earned value
analysis, monitoring, and review meetings.
4
Project Risk Management and Project Management (contd.)
The management or the project manager should not look at

Project Risk Management as an optional activity or overhead.
The outputs of Project Risk Management can impact:
● estimating resource, cost, or duration;
● assessing the impact of scope changes;
● resource allocation; and
● project progress report to the stakeholders.
5
Project Risk Management Processes
Risk management can be effective by using processes, methodologies, or a set of

activities.
Risk management process should be scalable to meet different elements like:
● Available resources
● Methodology and process used
● Tools and techniques used
● Supporting infrastructure
● Review and update frequency
● Reporting requirements
It is important to have a clear understanding of the risk threshold that defines
the views of key stakeholders on acceptable levels of risk. The outputs should be
documented, communicated, and reviewed to ensure common understanding of
the scope and objectives for the Project Risk Management Processes.
6
Project Risk Management Processes (contd.)
The following are the high level activities carried out in the six Project Risk Management processes:
Perform Perform Plan

Plan Risk Identify Quantitative Risk Control
Qualitative
Management Risk Risk Analysis Responses Risks
Risk Analysis
7
The working and typical flow of the six Project Risk Management processes is shown below:

Qualitative
Risk Analysis
Identifying the tailored mechanism for each process; risk thresholds; and process rules.
8

Qualitative
Risk Analysis
Listing down the risks and the risk owners against each risk.
9

Qualitative
Risk Analysis
Analyzing identified risk with respect to the probability, impact, and root causes.
Importance and prioritized lists can be derived by using different tools.
10

Qualitative
Risk Analysis
Using numerical models this process can be effective. Quantitative techniques provide
insights into the combined effect of identified risks on project outcome. Agreed
confidence limits or levels and sensitivity analysis techniques can be used to increase
the effectiveness.
11

Qualitative
Risk Analysis
Finding the response for each risk, based on the opportunity and threat. Identifying
contingency plans, strategies, actions, action owners, timing, analysis, project plan
updates, and communication are also involved in this step.
12

Qualitative
Risk Analysis
Tracking of the risks in terms of its status and trends, and taking actions as appropriate.
This step is also about reporting and trends in risk exposures.
13
Quiz
14
QUIZ What is the typical order in which all the risk management processes should be carried
1 out?
a. Any order
Plan Risk Management, Plan Risk Responses, Identify Risk, Perform
b. Quantitative Risk Analysis, Perform Qualitative Risk Analysis, and Control
Risks
c. Plan Risk Management, Identify Risk, Perform Quantitative Risk Analysis,

Perform Qualitative Risk Analysis, Plan Risk Responses, and Control Risks
d. Plan Risk Management, Identify Risk, Perform Qualitative Risk Analysis,

Perform Quantitative Risk Analysis, Plan Risk Responses, and Control
Risks
15
QUIZ What is the typical order in which all the risk management processes should be carried
1 out?
a. Any order
b. Plan Risk Management, Plan Risk Responses, Identify Risk, Perform Quantitative Risk
Analysis, Perform Qualitative Risk Analysis, and Control Risks
Plan Risk Management, Identify Risk, Perform Quantitative Risk Analysis, Perform
c. Qualitative Risk Analysis, Plan Risk Responses, and Control Risks
Plan Risk Management, Identify Risk, Perform Qualitative Risk Analysis, Perform
d. Quantitative Risk Analysis, Plan Risk Responses, and Control Risks
Answer: d.
Explanation: The typical order in which all the risk management processes should be carried
are: Plan Risk Management, Identify Risk, Perform Qualitative Risk Analysis, Perform
Quantitative Risk Analysis, Plan Risk Responses, and Control Risks.
16
QUIZ
Which process develops the overall project risk strategy?
2
a. Plan Risk Management
b. Identify Risk
c. Plan Risk Responses
d. Control Risks
17
QUIZ
Which process develops the overall project risk strategy?
2
b. Identify Risk
c. Plan Risk Responses
d. Control Risks
Answer: a.
Explanation: The strategy for the overall risk management will be developed during Plan
Risk Management process.
18
QUIZ
Which process in the risk management prioritizes the risk?
3
b. Identify Risk
c. Perform Quantitative Risk Analysis
d. Perform Qualitative Risk Analysis
19
QUIZ
Which process in the risk management prioritizes the risk?
3
b. Identify Risk
c. Perform Quantitative Risk Analysis
d. Perform Qualitative Risk Analysis
Answer: d.
Explanation: Perform Qualitative Risk Analysis is used for prioritization or ranking of the
risks.
20
QUIZ
Which process is used to measure the implementation of risk response?
4
b. Identify Risk
c. Control Risks
d. Plan Risk Responses
21
QUIZ
Which process is used to measure the implementation of risk response?
4
b. Identify Risk
c. Control Risks
d. Plan Risk Responses
Answer: c.
Explanation: Control Risk is used to measure and track the implemented risk response.
22
Summary
Here is a quick ● Project Risk Management and Project Management provides an approach
recap of what was
through which uncertainty can be understood, assessed, and managed
covered in this
lesson: within the projects.
● Risk management can be effective by using processes or methodologies
or a set of activities.
● Project Risk Management has six processes: Plan Risk Management, Identify
Risks, Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis,
Plan Risk Responses, and Control Risks.
23
This concludes ‘Introduction to Project Risk Management Processes.’
The next lesson is ‘Plan Risk Management.’
24
Reference
[1] Based on PMBOK ® Guide—Fifth Edition: Project Risk Management, Page 309.
25
Lesson 5—Plan Risk Management
Objectives
After completing ● Explain the objectives and purposes

be able to: ● List the critical success factors
● Define risk tolerance
● List the three levels of risk tolerance
2
Objectives of Plan Risk Management Process
Following are the objectives of Plan Risk Management

process:
● To develop an overall risk management strategy for a

project.
● To know how the processes are executed.
● To integrate with other project management activities.
3
Purposes of Plan Risk Management Process
Risk management plan describes the following:

● Method of carrying out the risk management processes.
● The way in which they fit in with other project management processes.
● Relationship between project risk management, general project
management, and project management processes in the organization.
● The roles and responsibilities of the people involved in the risk
management process, the amount of money required, the timelines to
be set aside for risk management activities, and the predetermined risk
categories to be documented as part of the risk management plan.
4
Purposes of Plan Risk Management Process (contd.)
Risk management planning is not a one-time activity.
● Risk management activities need to be repeated

throughout the project. This is similar to the concept of
progressive elaboration in project management.
● Risk management plan should define both the normal

frequency for repeating the processes as well as the
specific or exceptional conditions.
5
Success Criteria
The two success criteria for risk management are as follows:
Project-related Criteria Process-related Criteria
● The stakeholders must agree on an ● Level of uncertainty.

project
acceptable level of results for the ● The level of risk that is acceptable in a
project-related criteria like cost,
undertaking the project depends on the risk attitudes of
time, and scope. the relevant stakeholders.
●
costs and benefits of
The objectives should be created and ● Escalation on risk related information to
agreed. management and stakeholders should
●
ascertaining the
Risk response and project objective come in the form of guidelines as part of
should be prioritized. communications.
6
Following are the critical success factors for Plan Risk Management process:
Identify and Address Barriers to Successful Project Risk Management +
Involve Project Stakeholders in Project Risk Management +
Comply with the Organization’s Objectives, Policies, and Practices +
7
Identify and Address Barriers to Successful Project Risk Management -

● Acceptance of the benefits of managing risk.
● Ensuring that valid definition and planning information is available for the
Plan Risk Management process.
● Leveraging the assets of the organization such as templates, predefined risk
categories, lessons learned, etc.
● Acknowledging roles and responsibilities, terms and conditions, and authority
level.
● Obtaining access privileges to the knowledge management system.

8

Involve Project Stakeholders in Project Risk Management -
● To build on their skills and experience as well as to ensure their understanding
of the project management process and their commitment.
● Management should be involved in the level of resourcing required for
managing project risk, and accept the risk.
● Disagreements in the areas of risk threshold, risk tolerance, and evaluation
measures should be addressed and resolved.

9

Comply with the Organization’s Objectives, Policies, and Practices -
● The rules and guidelines defined in the risk management plan should be
compatible with culture of the organization and its capabilities.
● People’s views, values, objectives, and goals should be considered.
● Should identify and take into account the relevant organizational procedures,
and any other enterprise environmental factors.
10
Inputs, Tools and Techniques, and Outputs
Following are the Inputs, Tools and Techniques, and Outputs required to make the Plan Risk
Management process successful:
Inputs Tools and Techniques Outputs
● Project management plan ● Analytical techniques ● Risk management plan

● Project charter ● Expert judgment
● Stakeholder register ● Meetings
● Enterprises environmental
factors
● Organizational process assets
11
Inputs
Following are the inputs required to create a risk management plan:

Inputs Description
Project management plan Contains all approved subsidiary plans and baselines. Provides the current state of risk-
affected areas including scope, cost, and schedule.
Provides inputs such as high-level risks, high-level project descriptions, and high-level
Project charter
requirements.
Stakeholder register Contains all details related to the project’s stakeholders, and provides an overview of their
roles.
Enterprise environmental
Factors that influence the risk management plan, including attitudes towards risk and risk
factors
tolerance, and the individuals involved in the project.
Predefined approaches to risk management that include risk categories, common definition
Organizational process
of concepts and terms, risk statement formats, standard templates, roles and
assets
responsibilities, authority levels for decision-making, lessons learned, and stakeholder
registers.
12
Tools and Techniques
According to the Project Management Institute, the tools and techniques for creating a risk
management plan are as follows:
Analytical
Expert Judgment
Meetings
13
Analytical techniques:
● Used to understand risk management context.
Analytical
● Analysis based on stakeholder risk appetite and tolerance.
● Assessment based on strategic risk scoring sheets.
Expert Judgment ● Help in allocation of appropriate resources and focus on risk management
activities.
Meetings
14
Expert Judgment will ensure comprehensive establishment of risk management

plan.
Analytical
Audience:
● Senior management;
Expert Judgment ● Project stakeholders;

● Project managers in the same area;
● Subject Matter Experts or SMEs;
● Industry groups and consultants; and
Meetings ● Professional and technical associations.
15
Participants:
● Project manager;
Analytical
● Selected project team members and stakeholders; and
● Anyone responsible to manage risk planning and execution activities.
Expert Judgment Outcomes:

● High-level plans;
● Approach to contingency reserve application;
● Risk management responsibilities; and
Meetings ● Consideration to level of risk, probability, impact, matrix, and templates.
16
Output
The output of Plan Risk Management process is the Risk Management Plan document.
Plan Risk Management output and its descriptions are as follows:
Output Description
Consists of methodology, descriptions of roles and responsibilities, budgeting,

Risk management plan
timing, risk categories, definitions of risk probability and impact, probability and
impact matrix, revised stakeholders' tolerances, reporting formats, and tracking.
17
Project Templates
A properly prepared risk management plan should have several supporting templates. These may
include the following:
Risk Management Plan Templates
Formal risk Meeting

Risk breakdown Status report
statement agenda
structure template
structure template
Definitions for Probability and

Definitions for Definitions for
opportunity impact matrix
threat impacts probabilities
impacts template
18
Documenting the Results
Planning is documented in the risk management plan. The key factors are people, tools, and business.
People:
● Attitudes
● Roles and responsibilities, authority, interest, and influence
● Communications
Tools:
● Toolbox
● Definitions
● Parameters
Business:
● Constraints
● Details of business case and scope, effort, and cost aspects
19
Standardized Approach to Risk Management—Example
During a status meeting with a key stakeholder on a project, Susan is asked to detail her team’s
methods with respect to how they have conducted risk management till date. The stakeholder
praises Susan on how her team has consistently been able to apply objective risk management
procedures without becoming biased as the project progressed.
She then invites her to write a standard that will be utilized by other project managers who are not
performing as well. Susan knows that she must clearly document the steps she and the team have
taken before and during the project. She begins by outlining some of the details in the risk plan
that were developed very early in project planning, which her team followed without deviation.
20
Standardized Approach to Risk Management—Example (contd.)
Susan highlights that the plan contained important directions such as the methodology, roles of
each risk SME, risk funds that were identified, common terms and definitions that everyone
agreed to, as well as reporting formats and risk tracking steps. She also points out that the team
determined the risk activities schedule for audits and risk reassessments and integrated them in
the overall project plan.
Susan delivers the risk guidelines to the stakeholders who then distribute them to the other
project managers. Over the next six months, the company’s projects enjoy a more standardized
approach to risk management and fewer avoidable problems are encountered as a result. Susan
also receives an award for her willingness to improve the risk methodology across the company by
capitalizing on her team’s methodology and successes.
21
Risk Management Plan—Components
Below are the components of risk management plan:

Component Description
Risk management
Defines the tools, approaches, and data sources that may be used to perform risk
methodology
management on the project.
Roles, responsibilities, and Defines the lead, support, and risk management team membership for each type of
authority action in the risk management plan.
Definitions of risk probability Scales of risk probabilities and impact are defined in qualitative risk analysis, using
and impact terms such as “very unlikely” to “almost certain” with respective values in numbers
for these terms.
Probability and impact matrix A predefined matrix with risk priority areas is marked, which has the product of
impact value on X axis and the probability value on Y axis.
Revised stakeholder tolerances Revised stakeholder tolerances may need to be updated as a result of the Plan Risk
Management process.
22
Risk Management Plan—Components (contd.)
A few other components are as follows:

Component Description
A budget for project risk management should be established and included in the
Budgeting risk management plan. Budgeting also specifies how the contingency reserve
should be applied.
Defines how often the risk management activities will be performed throughout
Timing
the project lifecycle.
Risk categories Documentation such as a Risk Breakdown Structure (RBS) or categories from
previous projects will help in identifying and organizing risks.
Reporting formats Define how outputs of this process will be documented, analyzed, and
communicated.
Tracking Documents how risk activities will be recorded and audited.
23
Probability Scales
Given below is an example of probability scales:
● Very Low (0.1): The event is unlikely to occur: 1% to 20% probability.

● Low (0.3): The event may occur: 21% to 40% probability.
● Medium (0.5): The event is likely to occur: 41% to 60% probability.
● High (0.7): The event will probably occur: 61% to 80% probability.
● Very High (0.9): The event will most likely occur: 81% or higher probability.
24
Impact Scales
Given below is an example of impact scales:
● Very Low (0.1): Slippage on noncritical paths, yet the float exists.
● Low (0.3): Noncritical paths have made use of all their float, or an overall increase in schedule by
1% to 5%.
● Medium (0.5): Between 5% and 10% overall schedule increase.
● High (0.7): Between 10% and 20% overall schedule increase.
● Very High (0.9): Greater than 20% overall schedule increase.
25
Probability and Impact Matrix
An example of the probability definition scales is illustrated below:

0.09 0.27 0.45 0.63 0.81
Very
(0.9)
High
0.07 0.21 0.35 0.49 0.63
(0.7)
High
0.05 0.15 0.25 0.35 0.45

Medium
(0.5)
Impact Scales
0.03 0.09 0.15 0.21 0.27

(0.3)
Low
0.01 0.03 0.05 0.07 0.09

(0.1)
Very
Low
Very Low (0.1) Low (0.3) Medium (0.5) High (0.7) Very High (0.9)
Probability Scales
26
Risk Breakdown Structure (RBS)
A hierarchical arrangement of identified risks that help project managers to organize potential sources
of risk to the project.
Level 0 Level 1 Level 2 Level 3
Management Corporate History experiences culture, organizational stability, and financial.
Customer and
Historical experiences culture, contractual, requirement definition, and stability.
stakeholder
Natural
Physical environment, facilities, and local services.
environment
Project External Cultural Political, legal/regulatory, and interest groups.

Risk
Economic Labor market, labor conditions, and financial market.
Requirements Scope uncertainty, conditions of use, and complexity.
Technology Performance Technology maturity, and technology limits.
Organizational experience, personal skill sets and experience, and physical

Application
resources.
27
Risk Tolerance
Risk tolerance refers to the level of risk acceptability of a project

manager or key stakeholder when the investment required for
managing the risk is compared to the potential payoff.
The definition of probability and impact scales, and the definition of risk
exposures on the probability and impact matrix are influenced by your
understanding of the risk tolerance of stakeholders.
28
Techniques to Determine Risk Tolerance and Risk Exposure—Example
Jerry recently left a meeting with a project sponsor where he was informed that he will be leading
a new project for his company, Telecom Solutions. His company is a leading provider of cellular site
installation services. So, Jerry wants to ensure that he is well prepared for all aspects of his
upcoming project. He is concerned about how detailed the risk plan and the risk methodology
should be for this project.
He knows that each project has a risk plan tailored specifically to it based on many factors. Jerry
decides to review the project charter which contains high-level risks, summary budget, early
requirements information, and summary milestone schedule.
29
Techniques to Determine Risk Tolerance and Risk Exposure—Example (contd.)
He knows that the complexity of these variables should provide enough information to determine
if limited risk management will be conducted on this project, or if it will be a more involved
undertaking. Jerry then utilizes multiple analytical techniques to determine stakeholder risk
tolerances and the company’s risk exposure for this particular project. At the conclusion of his
analysis, he drafts a risk plan template for team review and comments.
At the next team meeting, Jerry explains and presents the proposed risk plan to the rest of the
team. They all agree that it is a good plan and the team uses it to conduct risk management in an
objective manner during the project life cycle. The team’s ability to remain objective was directly
related to Jerry’s tailored plan approach for this project and his willingness to engage them for
buy-in.
30
Risk Management—Roles and Responsibilities
The roles and responsibilities of risk management are as follows:
Risk Manager Risk Owner Risk Action Owner
Ensures that the risk response,

Creates the risk management Ensures that the appropriate risk
as defined in the plan, is carried
plan, the risk register, and the response actions are performed
out in a timely manner when a
RBS. when the risks occur.
risk occurs.
31
Levels of Uncertainty
The Project Management Institute describes three types of risks based on the understanding of
uncertainty.
Types of Risk
Known Known-Unknown Unknown-Unknown
Risks that you know could affect Risks that will affect us, Risks beyond your ability to
you, and for which you can although you cannot predict identify.
roughly predict the nature and how or how much they will
extent of the effect. affect you.
32
Levels of Risk Tolerance
Risk tolerance is classified into three levels as follows:
Risk averse Not likely to take a risk that is considered a high risk.
Accepts an uncertain outcome and may be willing to take a high risk

Risk seeking
regardless of the consequences.
Risk neutral Tolerance to risk is proportional to the amount of money at stake.
33
Quiz
34
QUIZ You work as a project manager of an organization. Your project has several risks that
will affect several stakeholder requirements. Which project management plan will
1 define who will be available to share information on the project risks?
a. Risk management plan

b. Schedule management plan
c. Communication management plan
d. Risk register
35
QUIZ You work as a project manager of an organization. Your project has several risks that
will affect several stakeholder requirements. Which project management plan will
1 define who will be available to share information on the project risks?

d. Risk register
Answer: c.
Explanation: Communication management plan details about which, what, when, and how
the sharing of information occurs.
36
QUIZ
What is the output of Plan Risk Management process?
2

d. Risk register
37
QUIZ
What is the output of Plan Risk Management process?
2

d. Risk register
Answer: a.
Explanation: Risk management plan is the output of Plan Risk Management process which
has definitions of tolerance, threshold, probability, impact, etc.
38
You are completing the qualitative risk analysis process with your project team and are
QUIZ relying on the risk management plan to help you determine the budget, schedule for
3 risk management, and risk categories. You discover that the risk categories have not
been created. When should you have the risk categories created?
a. Create WBS
b. Plan risk management
c. Risk identification process
d. Monitor and control risk
39
You are completing the qualitative risk analysis process with your project team and are
QUIZ relying on the risk management plan to help you determine the budget, schedule for
3 risk management, and risk categories. You discover that the risk categories have not
been created. When should you have the risk categories created?
a. Create WBS
b. Plan risk management
c. Risk identification process
d. Monitor and control risk
Answer: b.
Explanation: During the Plan Risk Management process, the risk categories should be
created.
40
QUIZ Which of the following is one of the tools and techniques used in Plan Risk
4 Management process?
a. Analytical techniques
b. Inspection
c. Reserve analysis
d. Checklist analysis
41
QUIZ Which of the following is one of the tools and techniques used in Plan Risk
4 Management process?
a. Analytical techniques
b. Inspection
c. Reserve analysis
d. Checklist analysis
Answer: a.
Explanation: Analytical techniques is one of the tools and techniques used in the Plan Risk
Management process.
42
QUIZ
Which are the key factors used while documenting Plan Risk Management process?
5
a. People, process, and product

b. People, tools, and business
c. People, partners, and process
d. Input, output, and tools and techniques
43
QUIZ
Which are the key factors used while documenting Plan Risk Management process?
5
a. People, process, and product

b. People, tools, and business
c. People, partners, and process
d. Input, output, and tools and techniques
Answer: b.
Explanation: Attitudes, tools, and constraints are used, which are part of people, tools, and
business.
44
Summary
Here is a quick ● Risk management plan should define both the normal frequency for
recap of what was
repeating the processes as well as the specific or exceptional conditions.
covered in this
lesson: ● The critical success factors for the Plan Risk Management process are
identifying and addressing barriers, involving project stakeholders in project
risk management, and complying with the organization’s objectives, policies
and practices.
● Risk tolerance refers to the level of risk acceptability of a project manager or
key stakeholder when the investment required for managing the risk is
compared to the potential payoff.
● The three levels of risk tolerance are risk averse, risk seeking, and risk neutral.
45
This concludes ‘Plan Risk Management’
The next lesson is ‘Identify Risks.’
46
Lesson 6—Identify Risks
1
Objectives
After completing ● Define the purposes and objectives

● Discuss the critical success factors
be able to:
● List the three categories of tools and techniques
● Describe the best practices
● Explain how to document the results
2
Purposes of Identify Risks Process
Following are the purposes of Identify Risks process:
Identify risks Identify risks to the maximum extent that is practicable.
Recognize identifiable
Recognize all the identifiable risks to project objectives.
risks
Make risk identification Make risk identification process iterative to ensure that the process is not
process iterative only restricted to planning phase.
Identify potential
Identify potential responses at the time when a risk is first identified.
responses
Record and consider

Record and consider for immediate action if such action is appropriate.
risks
3
Objectives of Identify Risks Process
Following are the objectives of Identify Risks process:
Identify risks Document risks Categorize risks
4
Following are the critical success factors for Identify Risks process:
Multiple
Early identification
perspectives
Iterative Risks linked to

identification project objectives
Emergent Complete risk

identification statement
Comprehensive Ownership and

identification level of details
Explicit
identification of Objectivity
opportunities
5
Multiple Early identification:

perspectives
● Identifies risk as early as possible in the project lifecycle.
Iterative Risks linked to ● Enables key project decisions which may result in successful
implementation of the risk response.
Emergent Complete risk ● Gives time for implementation of risk responses.

● Responses taken early are normally less costly than the ones

taken later.
Explicit
opportunities
6
Multiple Iterative identification:

perspectives
● All the risks cannot be identified at the initial stage of the
Iterative Risks linked to project.
● Risk identification should be repeated throughout the project
Emergent Complete risk lifecycle.

● Periodicity should be defined.

Explicit
opportunities
7
Multiple Emergent identification:

perspectives
● Risks should be identified at any time during the project.
Iterative Risks linked to ● No need to wait for the risk management or status meeting to
work on identifying the risks.


Explicit
opportunities
8
Multiple Comprehensive identification:

perspectives
● Find all the sources from where the risk can be identified. It
Iterative Risks linked to can be internal, external, technical, or project management
related risks.


Explicit
opportunities
9
Multiple Explicit identification of opportunities:

perspectives
● The Identify Risks process should ensure that the opportunities
Iterative Risks linked to are properly explored.


Explicit
opportunities
10
Multiple Multiple perspectives:

perspectives
● The Identify Risks process should take input received from a
Iterative Risks linked to broad range of project stakeholders to ensure that all
perspectives are represented and considered.
Emergent Complete risk ● Limiting risk identification to the immediate project team is
unlikely to expose some identifiable risks.

Explicit
opportunities
11
Multiple Risks linked to project objectives:

perspectives
● These risks are identified as opportunities or threats for the
Iterative Risks linked to project objectives.
● Identified risks should relate to any of the project objectives
Emergent Complete risk like time, cost, scope, quality, etc.
● These risks can be linked to a single or multiple objectives.

Explicit
opportunities
12
Multiple Complete risk statement:

perspectives
● It is always good to capture risk in the form of a complete risk
Iterative Risks linked to statement.
● Identified risks should be clear and unambiguous.
Emergent Complete risk ● Detailed risk descriptions with description of uncertainty and
its cause and effects should be mentioned as early as possible
in the project lifecycle.
Explicit
opportunities
13
Multiple Ownership and level of details:

perspectives
● The need to identify risks and respond appropriately is not the
Iterative Risks linked to ownership of the project manager alone.
● Risk should be identified at a number of levels of details.
Emergent Complete risk ● A high-level description makes it difficult to understand and

develop response, or assign ownership.
● Triggers should be identified wherever possible and
identification level of details appropriate.
Explicit
opportunities
14
Multiple Objectivity:
perspectives
● Human intervention is susceptible to bias when dealing with
Iterative Risks linked to uncertainty. This occurs as people apply heuristics. This
sensitivity should be dealt during risk identification process.
Emergent Complete risk ● Sources of bias should be exposed and their effect should be
managed proactively.
● The aim is to minimize subjectivity, and allow open and honest
identification level of details identification of as many risks to the project as possible.
Explicit
opportunities
15
Inputs, Tools and Techniques, and Output
Following are the inputs, tools and techniques, and outputs required for Identify Risks process:
● Risk management plan ● Documentation reviews ● Risk register
● Scope baseline ● Information-gathering
● Activity cost estimates techniques
● Activity duration estimates ● Checklist analysis
● Stakeholder register ● Assumptions analysis
● Cost management plan ● Diagramming techniques
● Schedule management plan ● SWOT analysis
● Quality management plan ● Expert judgment
● Human resource management plan
● Project documents
● Procurement documents
● Enterprises environmental factors
● Organizational process assets
16
Inputs
Following are the inputs of Identify Risks process:

Inputs Description
Risk management plan Describes the team's approach to identify risks.
Provides a quantitative assessment of costs involved in completing each scheduled
Activity cost estimate
activity with a range of estimates indicating risk range.
Activity duration estimate Indicates the time allotted for each activity or for the whole project.
Contains the project scope statement that includes project assumptions and their
Scope baseline
uncertainties, and the detailed WBS of potential risks.
Stakeholder register Contains all details related to the identified stakeholders.
Contains a cost management approach specific to the project that helps to generate or
Cost management plan
mitigate risks.
Includes guidelines for handling changes to the schedule, updated risks, and associated
Schedule management plan
response plans.
17
Inputs (contd.)
Following are the other inputs of Identify Risks process:

Inputs Description
Quality management plan Describes the project management team’s approach to implement the quality policy.
Provides guidance on how project human resources should be defined, managed, and
Human resource management
eventually released along with roles and responsibilities, project organization charts,
plan and staffing management plan.
Includes assumptions log, earned value reports, work performance reports, and
Project document network diagrams. In addition, it includes baselines, and other project information that
helps to identify risks.
Becomes the base for identification of risks, when the project requires external
Procurement document
procurement of resources.
Includes commercial databases, academic studies, published checklists, industry
Enterprise environmental factor
studies, risk attitudes, or benchmarking.
Includes files from previous projects, lessons learned, risk statement templates,
Organizational process asset historical information, and commercially available published information such as
benchmarking or best practices data.
18
Following are the tools and techniques for Identify Risks process:
Documentation reviews +
Information-gathering techniques +
Checklist analysis +
Assumptions analysis +
Diagramming techniques +
SWOT analysis +
Expert judgment +
19
Documentation reviews -
A structured review of the project documentation may be performed including plans, assumptions,
previous project files, agreements, and other information.
SWOT analysis +
Expert judgment +
20
Information-gathering techniques -
These include data collection methods such as brainstorming, Delphi technique, interviewing, and root
cause analysis.
SWOT analysis +
Expert judgment +
21
Checklist analysis -
Checklist analysis is an analysis which is conducted on the basis of historical information, as a
standardized way of identifying risks.
SWOT analysis +
Expert judgment +
22
Assumptions analysis -
Assumptions analysis is used to explore the validity of project assumptions.
SWOT analysis +
Expert judgment +
23
Diagramming techniques -
The diagramming techniques include cause-and-effect diagrams, influence diagrams, and process
flowcharts which helps in identifying the causes of risks.
SWOT analysis +
Expert judgment +
24
SWOT analysis -
The SWOT analysis examines the project from the perspectives of strength, weakness, opportunity, and
threat.
Expert judgment +
25
SWOT analysis +
Expert judgment -
Expert judgment includes the inputs given by subject matter experts or team members who have the
relevant knowledge and experience on similar business areas or projects.
26
Assumption Analysis and Documentation Reviews—Example
Jeremiah has begun looking for risks on his project, which is to a deliver a new product for his
company. In fact, his company has no experience at all in this area but the company’s leadership
thought that the return on investment was worth it.
During initial planning, Jeremiah is concerned with the cost and duration estimates that his team
delivers to him. Since this is a new type of project, and they are inexperienced, he does not want
to leave anything to chance.
He decides to use assumptions analysis and documentation reviews to determine how accurate
the estimates might be. He also interviews subject matter experts on other projects to increase his
confidence level with the estimates.
27
Assumption Analysis and Documentation Reviews—Example (contd.)
At the conclusion of his analysis, he determines that the existing estimates are as accurate as they
could possibly be under the circumstances.
Jeremiah then decides to ask for additional contingency funds to account for the uncertainty and
to protect the project budget. Jeremiah’s use of multiple tools enabled him to determine the
uncertainty of his project estimates and to ask for appropriate funding.
During the life cycle of his project, he was then able to capture more accurate data that he will use
on future projects.
28
Tools and Techniques—Categories
The three categories of tools and techniques required to identify risks are as follows:
● Historical review is based on past occurrence of risks, either in the current project
or other similar projects within the organization, or comparable projects in other
Historical review organizations.
● It relies on careful selection of comparable situations, which are genuinely similar
to the current project, and are filtered to select the only relevant previous risks.
Current assessment
Creativity technique
29
● They rely on current project, analysis against the framework, and models to find
uncertainties.
Historical review ● They do not rely on external reference points, but are based purely on
examination of the project.
● Current assessments are based on present data (documentation reviews,
Current assessments information-gathering techniques, assumption analysis, diagramming technique,
and SWOT analysis).
30
● Creativity technique is based on future data (like expert judgment and

brainstorming).
Historical review ● It encourages stakeholders to use their imagination to find the risk in the project.
● It creates room for creative or out-of-the-box thinking.
● It can be used either in single or in groups.
Current assessment
31
Tools and Techniques—Facts
Facts of the tools and techniques are as follows:
● Each technique has its own strength and weaknesses.
● No single technique can reveal all identifiable risks.
● If required, use a combination of different techniques.
Choose checklist (historical review) with assumption analysis (current assessment) and brainstorming
(creativity technique).
32
Other Tools and Techniques
Given below are the other tools and techniques of Identify Risks process.
Interview with Nominal Group

Brainstorming Delphi Technique
SMEs Technique (NGT)
Checklist, Forms,
Crawford Slip Analogy
and Templates
33
Interview with SMEs
Interviewing helps to inquire on issues related to doubts and other technical

characteristics that the project team usually does not take care of.
It involves engaging:
● experts internal and external to the project;
● consultants; and
● project team.
34
Interview with Experts Process
The process of interviewing subject matter experts are as follows:
1 2 3 4
Introduce the Introduce the Develop the
Define the scope
facilitator interviewees questions
5 6 7 8
Receive the Fill up the register
Send the questions Consolidate the
answers from with the list of
to interviewees responses
interviewees identified risks
35
Brainstorming Technique
Brainstorming includes the following:
Identification of
many risks
Team must be
available
Leads to chaos, if
executed
inadequately
Highly creative
and synergetic
sessions
Encourages
teamwork
36
Brainstorming Process
The process of brainstorming includes the following:
Conduct Fill up the list

Introduce Introduce Consolidate
Define scope brainstorming with the
facilitator participants responses
session identified risks
37
Delphi Technique
Delphi technique includes the following:
A type of interview
with SMEs
The interviews
are
anonymous
Slow and requires
hard work
Used when there are
conflicts or when
brainstorming
is not
Used to get
recommended
comments from
competitors
38
Delphi Technique Process
The process to carry out Delphi technique is as follows:
1 2 3 4
Introduce the Develop the Introduce the
Define the scope
facilitator questions interviewees
5 6 7 8
Distribute the Receive the Consolidate the Redistribute the
questions/survey answers responses questions
9 10
Fill up the register
Consolidate the
with the
final results
identified risks
39
Nominal Group Technique
Nominal Group Technique (NGT) includes the following:
Individual
brainstorming
Allows a certain
degree of
prioritization
Reduces the chaos
of brainstorming
Mix of individual
and group
participation
Fast and
effective
40
Nominal Group Technique—Process
The process to carry out Nominal Group Technique (NGT) is as follows:
1 2 3 4
Introduce the
Introduce the
Define the scope participants Schedule the meeting
facilitator
(between 6 and 8)
5 6 7 8
Start the meeting Each participants Facilitator writes
Each participants
and state the rules, creates his/her own down the first risk of
orders his/her risks
time, and process risk list each participant
9 10 11
Facilitator writes Fill up the list of
Consolidate the final identified risks
down the second risk
result (prioritized)
of each participant
41
Crawford Slip Technique
Crawford Slip technique includes the following:
Used to identify many

risks in a short period
of time
Uses a slip or a
Group consolidation piece of paper
like post-it®
Individual brainstorming
42
Crawford Slip Process
The process to of Crawford Slip technique is as follows:
1 2 3 4
Introduce the
Introduce the
Define the scope participants (between Schedule the meeting
facilitator
6 and 8)
5 6 7 8
Start the meeting by Each participants Collect slips and Distribute the list to
stating the rules, time, writes down one risk consolidate the list of the participants for
and number of risks for a minute identified risks final comments
9 10
Consolidate the final Fill up the register
result with identified risks
43
Analogy Technique
Analogy technique includes the following:
It is based on previous history
Available
information is A reference is needed.
adjusted to suit the
current scenario
44
Analogy—Process
The process of Analogy technique is as follows:

1 2 3
Define which
Consolidated the
previous projects
Define the scope risks from previous
can be used as
projects
references
4 5 6
Adapt the lists of
Develop the initial Distribute the list
risks to the current
lists of risks to team members
projects
7 8 9
Team analyzes the Fill up the register
Consolidate the
preliminary list of with the identified
final results
risks risks
45
Checklists, Surveys, and Templates
Checklists, surveys, and templates are some of the commonly used techniques
for identifying risks on the project.
● The critical success factor for these techniques is the availability of data from
within and outside the organization.
● These techniques are based on the concept that no new project has a
complete new set of risks.
● These techniques help to refine the list of risks and they use the risk
breakdown structure, which is usually defined as a part of the risk
management plan.
46
Assumptions Analysis
Assumptions analysis is a process of validating the assumptions made. Assumptions need to be

validated on the project; otherwise, they turn out to be risks on the project. It involves documenting
the assumptions and then determining the risks that may be caused due to inaccuracy, instability, or
incompleteness of the project assumptions.
47
Checklist Analysis
Checklist analysis is the process of systematically evaluating the pre-created checklists and developing
a checklist based on relevant historical information.
● It is a standardized way to identify risks.
● It is applicable to any process or system, including equipment, and human issues.
48
SWOT Analysis
SWOT analysis is a popular tool which is used for risk identification. In this technique, strengths and
weaknesses that are of internal origin, that is, related to the organization are identified. Also,
opportunities and threats of external origin are identified.
Helpful Harmful
to achieve the to achieve the
objective objective
(attributes of the
Internal origin
S W
organization)
Strengths Weaknesses
(attributes of the
External origin
environment)
O T
Opportunities Threats
49
Cause-and-Effect Diagram
Cause-and-effect diagram is also called Ishikawa or Fishbone diagram. It is a popular diagrammatic

technique for risk identification.
An example of Fishbone diagram is illustrated below.
Machine Method Materials
Incompatible file formats Poor specs

Nonstandard software
Poor training
Mac or PC Late storyboards
No style guide
Rejected
Inexperienced Low morale Images
Wrong specs
Overworked Noise
Measurement Personnel Environment
50
Root Cause Analysis—Example
The ABC Company has identified a problem during a recent program review. Management realizes
that the same types of risk events are occurring on almost every project and they cannot seem to
understand the reason.
So, they hire an outside risk consultant, who sets out to investigate the matter. The consultant
begins by looking at historical documentation on projects that have been performed over the last
three years.
During the review of project documents, the consultant begins to discover that, most risks are
related to human resources and scope. The consultant then employs multiple diagramming
techniques to assign each risk area to common root causes. It is then evident that Pareto’s Law is
clearly defined with the results.
51
Root Cause Analysis—Example (contd.)
Pareto’s Law generally states that the smallest number of causes will result in the largest number
of problems. By working in reverse from effect to cause, the consultant is able to pinpoint which
root causes are to blame for the majority of the risks within this company.
There is a lack of training for the employees, too many understaffed activities during execution and
poor requirements documentation.
By using root cause analysis, and understanding Pareto’s Law, the consultant was able to track
down the root causes and report it back to the company with his recommendations. The ABC
company then utilizes the results to begin correcting the problem.
52
Output
The output of Identify Risks process is as follows:
Output Description
The risk register contains the list of identified risks and potential responses. When
complete, the risk register will ultimately contain the outcomes of the other risk
Risk register management processes, including the results of the qualitative risk analysis,
quantitative risk analysis, and risk response planning. It also includes risk actions, risk
statuses, and names of risk owners.
53
Prompt Lists
A prompt list refers to several risk categories that may be presented as a RBS and used when
identifying risks in a project.
Prompt lists include the following:
PESTLE TECOP SPECTRUM
The PESTLE prompt list is The TECOP prompt list is The SPECTRUM prompt list is
determined by political, determined by technical, determined by socio-cultural,
economical, social, technological,
undertaking the project environmental, commercial, political, economic, competitive,
ascertaining the costs and benefits of
legal, and environmental factors. operational, and political factors. technological, regulatory or legal,
uncertainty or risk, and market
factors.
54
Risk Categories
The risk categories are as follows:

Risk Category Examples
● Technical changes;
Technical, quality, or ● Changes to industry standards during the project;
performance risks ● Dependence on unproven or complex technology; and
● Unrealistic performance goals.
● Inadequate time and resource allocation;
Project management
● Ineffective project plan development; and
risks
● Poor cost estimates.
● Resource conflicts with other projects;
Organizational risks ● Inadequate project funding; and
● Inconsistent management support.
● Union issues;
External risks ● Change of management in customer’s organization; and
● Regional security issues.
55
Best Practices
The best practices in the Identify Risks process include the use of structured risk descriptions which
can ensure clarity. Risk meta-language offers a useful way of finding the causes and effects of a risk.
Meta-language describes each risk using three-part statements in the following forms:
Cause
(Fact or condition)
Risk
(Uncertainty)
Effect
(Possible result)
56
Historical Documentation
One invaluable source of information for a project is any available

data on previous projects that were similar to the current one.
There are many risks that will reoccur from one project to the next.
To capitalize on lessons learned, you will need access and it must be
well structured.
Examples of historical documentation includes previous:
● risk plans,
● risk registers,
● contracts,
● project post-mortem documentation,
● change requests,
● cost and time estimates, etc.
57
Recording is one of the important activities, which helps in capturing all

the relevant information on each identified risk. The information on
these risks is maintained in the form of risk register. This register
contains the following:
● Description of risks
● Name of risk owner
● Cause and effects of risks
● Triggers
● Preliminary risk responses
● Risk category
58
Quiz
59
QUIZ
What is the output of Identify Risks process?
1
a. Risk register
b. Risk register updates
c. Change requests
d. Project document updates
60
QUIZ
What is the output of Identify Risks process?
1
a. Risk register
c. Change requests
d. Project document updates
Answer: a.
Explanation: Risk register is the output of Identify Risks process.
61
QUIZ Which risk identification technique allows participants to identify the project risks in an
2 anonymous manner?
a. Influence diagrams
b. Assumptions analysis
c. Surveys
d. Delphi technique
62
QUIZ Which risk identification technique allows participants to identify the project risks in an
2 anonymous manner?
a. Influence diagrams
b. Assumptions analysis
c. Surveys
d. Delphi technique
Answer: d.
Explanation: In case of Delphi Technique, risk from the stakeholders will be identified
anonymously or secretly.
63
A project manager working on a construction project identifies a risk of a heavy storm
QUIZ in the coming months which might affect the construction activity. However, he doesn't
3 have any reliable information on the weather forecast or the severity of the storm. In
this case, what best can the project manager do?
a. Capture the risk in the risk register

b. Ignore the risk as nothing can be done to avoid it
c. Actively accept the risk and allocate time and cost reserve in contingency
fund
d. Proceed with a risk response strategy to counter the risk
64
A project manager working on a construction project identifies a risk of a heavy storm
QUIZ in the coming months which might affect the construction activity. However, he doesn't
3 have any reliable information on the weather forecast or the severity of the storm. In
this case, what best can the project manager do?
a. Capture the risk in the risk register

b. Ignore the risk as nothing can be done to avoid it
c. Actively accept the risk and allocate time and cost reserve in contingency
fund
d. Proceed with a risk response strategy to counter the risk
Answer: c.
Explanation: The best option is to actively accept the risk but plan a contingency reserve in
terms of cost and time in case the risk occurs.
65
QUIZ
What is PESTLE?
4
a. People, economic, social, technological, legal, and environmental factors

Political, economic, security, technological, legal, and environmental
b.
factors
c. Political, economic, social, technological, legal, and environmental
factors
d. Political, economic, social, technological, legacy, and environmental
factors
66
QUIZ
What is PESTLE?
4
a. People, economic, social, technological, legal, and environmental factors

Political, economic, security, technological, legal, and environmental
b.
factors
c. Political, economic, social, technological, legal, and environmental
factors
d. Political, economic, social, technological, legacy, and environmental
factors
Answer: c.
Explanation: PESTLE prompt list is determined by political, economic, social, technological,
legal, and environmental factors.
67
A project manager is determining which risk can affect the project. Which of the
QUIZ following inputs of the Identify Risks process is useful in recognizing risks associated to
5 the time allowances for the activities or projects as a whole, with a width of the range
indicating the degrees of risk?
a. Activity duration estimate

c. Risk management plan
d. Activity cost estimate
68
A project manager is determining which risk can affect the project. Which of the
QUIZ following inputs of the Identify Risks process is useful in recognizing risks associated to
5 the time allowances for the activities or projects as a whole, with a width of the range
indicating the degrees of risk?
a. Activity duration estimate

c. Risk management plan
Answer: a.
Explanation: Activity duration estimate will be used as an input to identify risk associated
with timeline at activity level.
69
QUIZ Suppose you are doing the SWOT analysis for your project. Which process of risk
6 management are you working on?
a. Quantitative risk analysis

b. Qualitative risk analysis
c. Identify risks
70
QUIZ Suppose you are doing the SWOT analysis for your project. Which process of risk
6 management are you working on?
a. Quantitative risk analysis

b. Qualitative risk analysis
c. Identify risks
Answer: c.
Explanation: SWOT analysis is one of the tools and techniques used in the Identify Risks
process.
71
Summary
Here is a quick ● The objectives of Identify Risks process are identify risks, document risks,
recap of what was and categorize risks.
covered in this ● The critical success factors for Identify Risks process are early identification,
lesson:
multiple perspective, iterative identification, risks linked to project
objectives, emergent identification, complete risk statement,
comprehensive identification, ownership and level of details, explicit
identification of opportunities, and objectivity.
● The three categories of tools and techniques of Identify Risks process are
historical review, current assessments, and creativity technique.
● The best practices in Identify Risks process include the use of structured risk
descriptions which can ensure clarity.
● Recording is one of the important activities, which helps in capturing all the
relevant information on each identified risk.
72
This concludes ‘Identify Risks.’
The next lesson is ‘Perform Qualitative Risk Analysis.’
73
Lesson 7—Perform Qualitative Risk Analysis
1
Objectives
After completing ● Define the purposes and objectives

● Identify critical success factors
be able to:
● Explain inputs, tools and techniques along with their characteristics, and
outputs
● Describe how to document the results
2
Purposes and Objectives
Prioritizing the risks of the project is important. The purposes and

objectives of qualitative risk analysis are to:
● Assess and evaluate characteristics of individually identified risk.
● Prioritize risks based on agreed-upon characteristics.
● Assess individual risk, which evaluates the probability that each risk will
occur and the effect it can have on project objectives.
● Categorize risks according to their sources or causes.
● Qualitative risk analysis is used to determine the risk exposure of the
project by multiplying the probability and impact.
3
Following are the critical success factors for qualitative risk analysis:
Iterative
High-Quality
Information
Agreed-Upon Definitions
Agreed-Upon Approach
4
Use Agreed-Upon Approach
An agreed-upon approach applies to all the identified risks in any project. All risks may be assessed
according to the probability of occurrence and impact on individual objectives.
Other factors to be considered are as follows:
● Urgency (proximity): Implies that risks that need near-term responses may be considered as urgent
to deal with. Indicators of urgency can include lead time to execute a risk response and clarity of
symptoms and warning signs (detectability).
● Manageability: Implies that some risks are not manageable and if you try to address those, it may
be a waste of time and resources.
● Impact external to the project: The importance of a risk may be increased if it affects the
enterprise beyond the project.
5
Use Agreed-Upon Definitions of Risk Terms
Risk assessment should be based on agreed-upon definitions of

important terms and should be used consistently.
For example: Levels of probability (25%) and impact on objectives
(cost -$10,000.)
● The use of definitions assists the providers of information in
giving realistic assessments for each risk.
● Communication will be better for the management and the
stakeholders.
6
Collect High-Quality Information on Risks
For any risk analysis, quality of data is very important.
● Data should be gathered from interviews, workshops, and using

expert judgment.
● It may be unbiased or intentionally biased.
● Biased data should be remedied.
● The remedy or the corrective action comes with experience and

communication with the stakeholders.
7
Perform Iterative Qualitative Risk Analysis
Qualitative risk analysis is not complete with one analysis.

Qualitative risk analysis:
● is done throughout the phases of a project's lifecycle; and
● ensures accurate analysis of risks in accordance with the changes
happening in the project.
The frequency of this effort will be planned in the Plan Risk
Management process, but it may also depend on events occurring
within the project.
8
Following is the list of the inputs, tools and techniques, and outputs of Perform Qualitative Risk
Analysis process:
● Risk register ● Risk probability and impact ● Project documents updates

● Risk management plan assessment
● Scope baseline ● Probability and impact
● Enterprise environmental matrix
factors ● Risk data quality assessment
● Organizational process assets ● Risk categorization
● Risk urgency assessment
● Expert judgment
9
Inputs
Following are the inputs required to Perform Qualitative Risk Analysis:
Input Description
Risk register Contains the list of identified risks.
Contains important information on roles and assignments in risk management,

Risk management plan risk categories, the probability and impact matrix, scheduled activities for risk
management, and revised stakeholders’ risk tolerances.
Projects with first-of-its-kind technology will have more uncertainties and this
Scope baseline
will be addressed in scope baseline.
Provide insight and context to risk assessment, like industry studies of similar
Enterprise environmental
projects by risk specialists, risk databases available from the industry, or
factors
proprietary sources.
Organizational process
Include information on prior completed projects of similar scope.
assets
10
Following are the tools and techniques required to Perform Qualitative Risk Analysis:
Risk probability and impact assessment +
Probability and impact matrix +
Risk data quality assessment +
Risk categorization +
Risk urgency assessment +
Expert judgment +
11
Risk probability and impact assessment -

Risk probability investigates the likelihood that each specific risk will occur. Risk impact is used
to assess potential effects on schedule, cost, and quality, including threat and/or opportunity.

Expert judgment +
12

Probability and impact matrix -
Helps in the rating or prioritization of risks using the table.

Expert judgment +
13

Risk data quality assessment -
Evaluates the degree to which the data about risks is useful for risk management.
Expert judgment +
14

Risk categorization -
Risk can be categorized based on its sources, and the area of the project affected due to
uncertainties.

Expert judgment +
15

Risk urgency assessment
-
Risk requiring near-term responses may be considered more urgent to address.
Expert judgment +
16

Expert judgment
-
Required to assess the probability and impact of each risk to determine its location in the
probability and the impact matrix table.
17
Tools and Techniques—Characteristics
The tools and techniques used for qualitative risk analysis include risk probability
and impact assessment; and probability and impact matrix.
● Collect and analyze data (For example: Risk quality assessment and expert
judgment).
● Prioritize risks by probability and impact on specific objectives and overall
project (For example: Risk urgency assessment).
● Categorize risk causes (Risk categorization).
● Document the results of the Perform Qualitative Risk Analysis process.
A project manager has to make sure that the data obtained of the risk is unbiased,
accurate, and of high quality. Also, as a part of qualitative risk analysis, it is
. important to identify the urgency of the risk
18
Risk Probability and Impact Assessment—Example
During qualitative risk analysis, Steven, a risk SME, is concerned with the probability and impact scores
that the project team determined for a project he is assigned to. The team had previously agreed that the
majority would determine the probability and impact.
This is to remove group thinking and bias in any area during early risk analysis. After the first round of
analysis, and after reviewing the results, Steven is concerned about the validity of the team’s conclusions.
Reluctant to sign off on results he does not believe are accurate he decided to assess the data quality of
the available information that was used to assign probability and impact to each risk.
19
Risk Probability and Impact Assessment—Example (contd.)
During assessment Steven decides that the data is not good enough to accurately draw conclusions about
the majority of risks. After gathering additional information from industry sources Steven provides more
accurate data to the team, who then conducts a probability and impact assessment again.
Armed with better data, the qualities of the individual risks reflect a previously unforeseen category of
risks that are now near term and require immediate attentions. If Steven had not sought a better quality
of data to support the team’s conclusions they would not have identified the unforeseen risk category.
The team then reacts appropriately by performing further analysis and assigning action plans for the risks
in case they occur.
20
Root Cause Analysis
An example of root cause analysis is shown below:

[1]
ROOT CAUSE ANALYSIS
Repeated Schedule Low

Mistrust Rework Extra Cost
Audits Slips Morale
Incorrect Incomplete
Reports Requirements
Ignoring Phase
Entry Prerequisites
Figure D8. Example of a Root Cause Analysis
21
Estimating Techniques
A common estimating technique associated with risk management

is the probability and impact assessment.
This tool will be used concurrently with a predefined probability
and impact matrix. It must be used consistently throughout the
project with clearly defined definitions for probability and impact.
22
One invaluable source of information for a project is any

available data on previous projects that were similar to the
current one. There are many risks that will reoccur from one
project to the next.
To capitalize on lessons learned, you will need access and it
must be well structured.
● risk plans,
● risk registers,
● contracts,
23
Analytical Hierarchy Process
Analytical Hierarchy Process (AHP) is a tool used to determine the preferences for achieving the
project objectives.
Input Matrix (Preference Factors)
Cost Time Scope Quality In step 2,

Preference Factor Each constraint is compared to one
Cost 1.00 0.25 0.33 0.20
1 Constraints equal another and scored. Quality is always
Time 4.00 1.00 1.00 0.25
preferred to cost. Then calculate
2 Slightly preferred
Scope 3.00 1.00 1.00 0.25 1/preference factor for each and score.
3 Moderately preferred Notice the sum of each column.
Quality 5.00 4.00 4.00 1.00
4 Mostly preferred
Sum 13.00 6.25 6.33 1.70
5 Always preferred
Calculated factor (Preference Weighting
Factor/Column Total) Factors Row In step 3,
Average
Cost Time Scope Quality Divide each factor by the column
Cost 0.08 0.04 0.05 0.12 0.1 sum.
Example: 1/13=.08 Then average
In step 1, Time 0.31 0.16 0.16 0.15 0.2
each row to determine
Preference factors Scope 0.23 0.16 0.16 0.15 0.2 preference list of quality, scope,
are determined.
Quality 0.38 0.64 0.63 0.59 0.6 time and then cost.
Sum 13 6.25 6.33 1.7 1
24
Risk Urgency Assessment
Risk urgency appears in two forms. First, the risks which are near-term and must be addressed
immediately. The second type of urgency concerns the time required to plan for a risk.
25
Perform Qualitative Risk Analysis Process
The steps involved in the Perform Qualitative Risk Analysis process are shown below:
Select Risk Characteristics
Collect and Analyze Data
Prioritize Risks
Categorize Risk Causes
Document Results
26
Select Risk Characteristics
Qualitative risk analysis helps in prioritization of risks which

are important for response or further analysis.
● The tools help in specifying levels and risk characteristics
which are of management’s interest.
● Most tools help to assess the risk importance from a
combination of probability of occurrence and degree of
impact on objectives.
● The output of using the tools of qualitative risk analysis
includes a list of risks in priority order, or in priority groups
like high, medium, and low.
27
Collect and Analyze Data
Assessment of risks is based on the information collected.

● Data collection and evaluation tools require management support and attention.
● It is necessary to be unbiased in data gathering, which is important when relying on expert
judgment for information.
28
Prioritize Risks by Probability and Impact on Specific Objectives
Risks will have uneven impact and probability of occurrence on various project objectives.
These tools help in the prioritization of risks in terms of affected specific project objectives like time,
cost, quality, etc.
29
Prioritize Risks by Probability and Impact on Overall Project
The reason to prioritize risks by probability and impact based on specific and overall project
perspective is to have better communication and convey the right information to the right people
based on their interest.
The technique for determining the overall risk priority should be documented in the Plan Risk
Management process.
30
Categorize Risk Causes
Categorization of risk leads to improved analysis of probability and

magnitude of project risk, and effective responses.
● Some risks may be linked with others, and interpreting this chain of
risks may lead to a better understanding of the implication of risk on
the project.
● A combination of risk analysis information with WBS can show which
areas of the project exhibit more risk.
● Assessing high-priority risks, for example on schedule, may indicate
which activities must be addressed to reduce that objective’s
uncertainty.
31
Document the Results
The probability, impact, and priority (specific objective or overall project) of

risks are documented in the risk register.
● The risk register lists the prioritized risks, which are posted to
stakeholders for further analysis or action.
● Risks of high priority are analyzed further and monitored frequently.
● Risks of low priority are under watch list and are reviewed less often for
changes in their status.
32
Perform Qualitative Risk Analysis Process—Example
Samuel is a risk analyst for a new startup company that specializes in software products for a variety of
industries. Samuel has recently begun qualitative analysis after identifying several hundred risks for a
medium sized project.
While assigning a probability and impact score to each risk Samuel begins to notice a trend by having
many high scores in one particular area. After completing analysis he ranks the risks accordingly from
greatest to least and confirms his previous suspicion about a category of risks. His conclusion is that the
majority of his risks are largely related to human resources, and specifically focused on training.
33
Perform Qualitative Risk Analysis Process—Example (contd.)
He checks the risk breakdown structure and updates it with this new sub-category. He also reviews the
scope baseline to determine which work packages contain the greatest concentrations of human resource
requirements in order to complete them.
He then assesses the quality of these particular areas as having a high risk quality to the project, and
prepares to quantify the impact to the overall project. By grouping risks together Samuel was able to see
the big picture and determine where high concentrations of risks might occur, as well as confirm these
areas require quantitative analysis.
34
Output
Following is the Output required to Perform Qualitative Risk Analysis:
Output Description
The project documents updates include risk register updates and assumptions log
updates.
Updates to the risk register include new information based on qualitative risk analysis of
Project documents updates individual risks like probability, impact, ranking, urgency, as well as categorization; and
watch list for high-priority and low-priority risks respectively.
Assumptions log updates are required if there is any change in the assumptions due to
analysis. This may be updated in a project scope statement.
35
Quiz
36
You are the project manager for a software project. You have completed the risk response
QUIZ planning with your team and are now ready to update the risk register with probability and
1 impact on different project objectives. Which of the following statements best describes the
level of detail you should include with the risk responses created?
a. The level of detail is set by historical information

b. The level of detail should correspond with the priority ranking
c. The level of detail must define the risk response for each identified risk
d. The level of detail is set for project risk governance
37
You are the project manager for a software project. You have completed the risk response
QUIZ planning with your team and are now ready to update the risk register with probability and
1 impact on different project objectives. Which of the following statements best describes the
level of detail you should include with the risk responses created?
a. The level of detail is set by historical information

b. The level of detail should correspond with the priority ranking
c. The level of detail must define the risk response for each identified risk
d. The level of detail is set for project risk governance
Answer: b.
Explanation: The level of detail should correspond with the priority ranking. Prioritization
helps in taking actions by comparing the different project objectives.
38
QUIZ
What is the output of Perform Qualitative Risk Analysis process?
2
a. Risk register
b. Organizational process asset updates
c. Project documents updates
d. Enterprise environmental factors updates
39
QUIZ
What is the output of Perform Qualitative Risk Analysis process?
2
a. Risk register
b. Organizational process asset updates
d. Enterprise environmental factors updates
Answer: c.
Explanation: Project documents updates is the output, which updates the ranking of the
identified risks in the risk register.
40
You are the project manager of an organization. You are working with your project team
QUIZ to complete the qualitative risk analysis process. The first tool and technique you are
3 using requires that you assess the probability of each identified risk in the project.
Which other characteristic of a risk do you need to assess?
a. Impact
b. Cost
c. Risk category
d. Risk owner
41
You are the project manager of an organization. You are working with your project team
QUIZ to complete the qualitative risk analysis process. The first tool and technique you are
3 using requires that you assess the probability of each identified risk in the project.
Which other characteristic of a risk do you need to assess?
a. Impact
b. Cost
c. Risk category
d. Risk owner
Answer: a.
Explanation: To find the urgency of the risk, you need to know its probability and impact.
The qualitative risk analysis process uses the probability and impact matrix as one of its
tools and techniques.
42
You are the manager of a project in your organization. You are assessing the risk events
QUIZ and creating a probability and impact matrix for the identified risks. Which one of the
4 following statements best describes the requirements for the data type used in
qualitative risk analysis?
a. A qualitative risk analysis requires fast and simple data to complete the
analysis
b. A qualitative risk analysis requires accurate and unbiased data if it is to
be credible
c. A qualitative risk analysis encourages biased data to reveal risk
tolerances
d. A qualitative risk analysis requires unbiased stakeholders with biased risk
tolerances
43
You are the manager of a project in your organization. You are assessing the risk events
QUIZ and creating a probability and impact matrix for the identified risks. Which one of the
4 following statements best describes the requirements for the data type used in
qualitative risk analysis?
a. A qualitative risk analysis requires fast and simple data to complete the
analysis
b. A qualitative risk analysis requires accurate and unbiased data if it is to
be credible
c. A qualitative risk analysis encourages biased data to reveal risk
tolerances
d. A qualitative risk analysis requires unbiased stakeholders with biased risk
tolerances
Answer: b.
Explanation: A qualitative risk analysis requires accurate and unbiased data if it is to be
credible.
44
You are preparing to start the qualitative risk analysis process for your project.
QUIZ You will be relying on some organizational process assets to influence the process.
5 Which one of the following is NOT a probable reason for relying on organizational
process assets as an input for qualitative risk analysis?
a. Studies of similar projects by risk specialists

b. Risk databases that may be available from industry sources
c. Review of vendor contracts to examine risks in past projects
d. Information on prior, similar projects
45
You are preparing to start the qualitative risk analysis process for your project.
QUIZ You will be relying on some organizational process assets to influence the process.
5 Which one of the following is NOT a probable reason for relying on organizational
process assets as an input for qualitative risk analysis?
a. Studies of similar projects by risk specialists

b. Risk databases that may be available from industry sources
c. Review of vendor contracts to examine risks in past projects
d. Information on prior, similar projects
Answer: c.
Explanation: Review of vendor contracts to examine risks in past projects is not the
probable reason for relying on organizational process assets as an input for qualitative risk
analysis. These should have been reviewed during the identify risks process.
46
QUIZ
Which of the following is NOT an input for qualitative risk analysis?
6
a. Risk register
b. Risk management plan
c. Stakeholder register
d. Organizational process updates
47
QUIZ
Which of the following is NOT an input for qualitative risk analysis?
6
a. Risk register
b. Risk management plan
c. Stakeholder register
d. Organizational process updates
Answer: c.
Explanation: Except for stakeholder register, all other options provided here are inputs for
the qualitative risk analysis process.
48
Summary
Here is a quick ● The critical success factors for Perform Qualitative Risk Analysis process are
recap of what was
agreed-upon approach, agreed-upon definitions, high-quality information,
covered in this
lesson: and iterative qualitative risk analysis.
● The inputs of this process are risk register, risk management plan, scope
baseline, enterprise environmental factors, and organizational process
assets.
● The tools and techniques used in this process are risk probability and impact
assessment, probability and impact matrix, risk data quality assessment, risk
categorization, risk urgency assessment, and expert judgment.
● The output of this process is project documents updates.
49
This concludes ‘Perform Qualitative Risk Analysis.’
The next lesson is ‘Perform Quantitative Risk Analysis.’
50
Reference
[1] Taken from Practice Standard for Project Risk Management: Page. 84
51
Lesson 8—Perform Quantitative Risk Analysis
Copyright 2014, Simplilearn, All rights reserved.

Objectives
After completing ● Explain the purposes and objectives

be able to: ● List the tools and techniques
● Describe EMV analysis
● List the uses of Monte Carlo analysis
● Describe probability distribution
2
Following are the purposes and objectives of Perform Quantitative Risk

Analysis process:
● Performing Quantitative Risk Analysis provides a numerical estimate
of the overall effect of risk on the project objectives.
● Helps in evaluating the likelihood of success in achieving the project
objectives and estimating contingency reserve.
● Usually applicable for time and cost invested in the project.
● Quantitative analysis is not mandatory, especially for smaller projects.
● Calculating estimates of overall project risk is the main focus of this
process.
3
Implementation of Overall Risk Analysis
Implementation of overall risk analysis requires the following:

● Complete and accurate representation of the project objectives built
from individual project elements.
● Identifying risks on individual project elements such as schedule
activities or line-item costs, at a level of detail that lends itself to
specific assessment of individual risks.
● Including generic risks that have a broader effect than individual
project elements.
● Applying a quantitative method using Monte Carlo simulation that
incorporates multiple risks simultaneously in determining the impact
on the overall project objective.
4
Overall Risk Analysis—Post Implementation
The following can be predicted after implementing the overall risk analysis:
● The probability of meeting the project objectives.
● The total contingency reserve required.
● The line-item costs or schedule activities that contribute more risks when all risks are considered
simultaneously.
● The individual risks that contribute the most to overall project risk.
● Projects where the quantified risks threaten objectives beyond the tolerance of the stakeholders.
● Project objectives that have risks well within acceptable tolerances.
5
Qualitative and Quantitative Risk Analysis—High-Level Comparison
High-level comparison of qualitative and quantitative risk analysis are as follows:
Qualitative risk analysis Quantitative risk analysis
● Addresses individual risks in detail. ● Predicts likely project outcomes based on combined
● Assesses the discrete probability of occurrence and effects of risks.
project
impact on objectives if risk occurs. ● Uses probability distribution to characterize the risk
● Helps prioritize the individual risks for subsequent related to cost and schedule values.
undertaking the
treatment. ● Uses a quantitative method, and requires specialized
● Adds to risk register. tools.
●
and benefits of
Leads to quantitative risk analysis. ● Estimates the likelihood of achieving targets and
contingency needed to achieve desired level of
ascertaining the costs comfort.
● Identifies risks with greatest effect on the overall
project.
6
Following are the critical success factors for Perform Quantitative Risk Analysis process:
Prior Risk Identification and Qualitative Risk Analysis +
Appropriate Project Model +
Commitment to Collecting High-Quality Risk Data +
Unbiased Data +
Overall Project Risk Derived from Individual Risks +
Interrelationships between Risks in Quantitative Risk Analysis +
7
Prior Risk Identification and Qualitative Risk Analysis -

● All the important risks are taken into account before analyzing them quantitatively.

Unbiased Data +
8

Appropriate Project Model -
● An appropriate model should be used as the basis of quantitative risk analysis such as
project schedule for time, line-item cost estimate for cost, decision tree for risk, etc.
● The outcome of Perform Quantitative Risk Analysis process depends upon the selected
project model.

Unbiased Data +
9

Commitment to Collecting High-Quality Risk Data -
● Can be gathered by interviews, workshops, and expert judgment.
● This calls for time, resources, and management support.
Unbiased Data +
10

Unbiased Data -
● Two common sources of bias are motivational and cognitive bias. Motivational bias is
where someone tries to bias the result in one direction or another and cognitive bias is
where bias occur as people are using their best judgment and applying heuristics.[1]
● Dispose the biased data and use the unbiased data.

11

Unbiased Data +
Overall Project Risk Derived from Individual Risks -
● Risks are specified at the level of detailed tasks or line-item costs, and incorporated into the
model of the project to calculate effects on project objectives like cost, time, etc.

12

Unbiased Data +
Interrelationships between Risks in Quantitative Risk Analysis -
● For the successful execution of the Quantitative Risk Analysis process, correlate and link
risks that have a common root cause.
13
Following are the inputs, tools and techniques, and outputs required for Perform Quantitative Risk
Analysis process:
● Risk register ● Data gathering and ● Project documents updates

● Risk management plan representation techniques
● Cost management plan ● Quantitative risk analysis and
● Schedule management plan modeling techniques
● Enterprise environmental ● Expert judgment
factors
● Organizational process
assets
14
Inputs
Following are the Inputs required for Perform Quantitative Risk Analysis process:
Inputs Description
Risk register Identifies and categorizes risks, potential risk responses, and triggers warning signs.
Risk management Includes roles and responsibilities, budgets and schedule for risk management activities, Risk
plan Breakdown Structure (RBS), risk categories, probability and impact matrix, and risk tolerances.
Cost management Establishes the criteria for making plans, structuring, preparing an estimate, budgeting, and
plan establishing control over project costs.
Schedule Describes the scheduling methodology, the scheduling tool(s) to be used, and the format and
management plan established criteria for developing and controlling the project schedule.
Enterprise Provide context and insight to risk assessment, such as industry studies conducted by risk
environmental specialists for similar projects, and risk databases obtained from proprietary sources or the
factors industry.
Organizational Include existing processes that may impact a project's success. These may comprise policies,
process assets guidelines, historical information, or knowledge gained from previous projects.
15
The 3 main techniques to Perform Quantitative Risk Analysis process are as follows:
Data gathering and

representation techniques
Quantitative risk analysis

and modeling techniques
Expert judgment
16
Interviewing:
Interviewing draw on experience and historical data, to quantify the probability and
Data gathering and impact of risks on project objectives.
representation techniques Probability distribution:
Used extensively in modeling and simulation, representing the uncertainty in values
such as duration of scheduled activities and costs of project components.
Expert judgment
17
Sensitivity analysis:
Places a value on the effect of changing a single variable within a project by analyzing
Data gathering and that effect on the project plan.
Expected Monetary Value (EMV) analysis:
Assesses the average outcome of both known and unknown scenarios.
Decision tree analysis:
Quantitative risk analysis Factors both probability and impact for each variable, indicating the decision providing
the greatest expected value when all uncertain implications and subsequent decisions
are quantified.
Modeling and simulation:
Uses models that calculate potential impact of events on the project, based on random
Expert judgment
input values.
18
Expert judgment:
It is required to identify potential cost and schedule impacts, to evaluate probability,
Data gathering and and to define inputs such as probability distributions into the tools.

Expert judgment
19
Sensitivity Analysis—Example
Jimmy is a construction project manager for a bridge project in New Jersey. He is just beginning
quantitative analysis for his project and is notified from his boss that there might be a union
strike in the near future. This would mean that some human resources, which are members of
the union, might not show up for work, which is supposed to begin in three weeks. Jimmy
immediately has the team begin reviewing near-term work packages to determine how many
people might be needed to complete them, as well as other areas of the project where various
types of work are required. After receiving the results later in the day, he conducts sensitivity
analysis to see which areas of his project will be most impacted by the potential strike.
20
Sensitivity Analysis—Example (contd.)
Jimmy determines that the foundation work packages are the most impacted as many union
employees will be mixing and pouring concrete. He also discovers that the transport areas of
the project are also at risk because the concrete must be moved around the job location by
construction vehicles. The least sensitive area appears to be designed as none of the engineers
are members of the union. Jimmy forwards his results to his boss who uses it to negotiate with
the union to avoid the strike. To further protect the project from the risk, Jimmy enters into a
contract with another labor construction company to fill these positions in case the union
decides to go on a strike later in the project. The proper use of sensitivity analysis enabled
Jimmy to see which areas of his project were most impacted by the potential strike, and then
to plan accordingly.
21
The characteristics of tools and techniques are as follows:
Quantitative Method
Comprehensive Risk
Risk Impact Calculation Appropriate to Analyze Data Gathering Tools
Representation
Uncertainty
● Risk models provide the risk representations that affect the project objective simultaneously.
● Representation of both opportunities and threats.
22
Quantitative Method
Comprehensive Risk
Representation
Uncertainty
● Quantitative models facilitate the correct calculation of many risks on the project objectives.
23
Quantitative Method
Comprehensive Risk
Representation
Uncertainty
● Probability models address uncertainty.

● An example of such a model is Monte Carlo simulation, which permits the combination of probability
distributions of line item costs or schedule.
24
Quantitative Method
Comprehensive Risk
Representation
Uncertainty
● Assessment of historical data and workshops, interviews, or questionnaires to gather information.

● For example, probability distribution provides impact on cost or time, and relationship between risks.
25
Tools and Techniques—Characteristics (contd.)
A few other characteristics of tools and techniques are as follows:
The Elements and

Effective Presentation of
Structure of Iterative Quantitative Information for
Quantitative Analysis
Quantitative Risk Risk Analysis Response Planning
Results
Analysis
● Results from quantitative analysis are generally not available in standard methods/formats.
● Choosing the probability distribution, gives the following results:
o Whether the project can be completed within the time or budget;
o Contingency reserve requirement in terms of cost, time, or resource; and
o Identity or location of most important risks.
26
The Elements and

Results
Analysis
Risk Prioritization
Perform Quantitative Analysis
(E.g., Monte Carlo simulation, decision tree analysis, etc.)
Examine Interrelationships
between Risks
Collect High-Quality Risk

Results
Data
● Likelihood of success
● Required contingency
Project Model (E.g.,
● High priority risks
Schedule, cost estimate, etc.)
27
The Elements and

Results
Analysis
● It is impossible to know all the risks in advance.

● Iterative method is best suitable to analyze risks as the project progresses.
28
The Elements and

Results
Analysis
● Overall contingency reserve in time and cost should be reflected in the project’s schedule and budget.
● If adjustment is required in scope, then the changes are agreed upon and documented. A new quantitative risk
analysis is carried out to reflect the new aspects of the project.
29
Basic Principles of Probability
The following details the basics on principles of probability and its description:
Principles of Probability Description
The sum of the probabilities of all events that may occur should be equivalent to 1
Sum of probabilities
(100%).
Probability of single event The probability of any single event must be greater than or equal to 0 and less than
or equal to 1.
Let A and B be two dependent joint events. The probability of occurrence of events
Dependent joint events A and B will be denoted as P(A) and P(B) respectively. Then the probability of a
dependent joint event will be calculated as [P(A)*P(B/A)], where P(B/A) denotes the
probability of occurrence of event B, provided event A has already occurred.
Let A and B be two independent joint events. Then the probability of an

Independent joint events independent joint event will be calculated as [P(A)*P(B)]. When the probability of
occurrence of joint events is the product of the probabilities of each, the events are
considered to be independent.
30
Basic Principles of Probability (contd.)
A few other basics on principles of probability and its description are as follows:
Principles of Probability Description
Mean The sum of the events divided by the number of occurrences.
The number that separates the higher half of a probability distribution from the
Median
lower half.
The number which typifies the data in a set. It is calculated by adding the values of a
Average
group of numbers and dividing the sum by the number of objects considered.
Standard deviation This is a measure of the spread of data, or the statistical dispersion of the values in
your data set.
31
One invaluable source of information for a project is any available

data on previous projects that were similar to the current one. There
are many risks that will reoccur from one project to the next.
To capitalize on lessons learned, you will need access and it must be
well structured.
● risk plans,
● risk registers,
● contracts,
32
Fault Tree Analysis
Fault Tree Analysis is also known as Failure Modes and Effects Analysis (FMEA). This type of model is
structured to identify the points of failure that are risks by themselves, or in combinations with one
another.
An example is illustrated below.
Improper Account
Settings
Non-Payment of Lack of Vendor
Electric Bill Notice Wrong Contact
Phone Number
Lack of AC Power
Poor
Automatic
Maintenance
Power Outage Transfer Switch UPS Error
Problem No Monthly Run
Insufficient Outdated Energy Test
Lack of DC Power
Battery Backup Analysis
33
System Dynamics
The System Dynamics (SD) model represents the flow of information and interactions among
stakeholders or teams on a project.
An example of SD is shown below.
Customer Sales Maintenance Customer Care Marketing
● Complaint ● Initial sales ● Functional ● Rebate ● False

filed ● Post sales error demanded advertising
● Feedback
request
34
EMV Analysis
EMV Analysis is also called as Expected Monetary Value Analysis.
● It is a method of calculating the average outcome when the future

is uncertain.
● It is the product of the expected monetary value of an outcome

and the probability that it will occur.
● It is used in decision tree analysis.
● It is calculated to find the best outcome, which is the lowest

combination of cost and EMV.
35
Decision Tree Analysis
An example of the decision tree analysis is illustrated below.
36
Monte Carlo Analysis
Following are the uses of Monte Carlo analysis:
● Uses the optimistic, most likely, and pessimistic estimates.
● Simulates various outcomes.
● Predicts a range of possible results.
● Used to predict likely outcome for schedules and costs.
● Uses sophisticated software applications.
● Effective with large number of inputs.
● Effective while predicting business risks.
37
Monte Carlo Software for Risk Modeling—Example
After deciding which risks require further analysis, Bob, a project manager with an IT company,
decides to assess the overall project risk by quantifying the impact of several risks. During
analysis he discovers that the impacts of several risks are beyond the company’s
predetermined thresholds. Bob is concerned that this new development could mean that the
project may have had unrealistic expectations set against it. He employs the use of Monte
Carlo software for risk modeling. He carefully inputs all available data and discovers that there
is a low probability of meeting the management determined finish date utilizing the available
budget allotted for this project.
38
Monte Carlo Software for Risk Modeling—Example (contd.)
Bob takes the supporting information to upper management and explains the precarious
situation. Bob’s boss determines that the project is underfunded and also has an unrealistic
finish date. Because Bob supported his conclusions with software, management decides to
provide additional funding and postpones the projected finish date by sixty days. Bob then
inputs the new budget and schedule data into the Monte Carlo program, which reflects a much
higher probability of project completion.
39
Probability Distribution
The Normal or Gaussian distribution is a continuous probability distribution, defined on the entire
real line that has a bell-shaped probability density function, known as the Gaussian function or
informally known as the bell curve.
● Bell curve is a visual depiction of the likelihood of events occurring.
● The events are plotted as values, and this representation in mathematical language is termed as
Probability Density Function (PDF).
40
Project Risk Ranking
The project risk ranking table helps in the following:

● Overall risk ranking for the final deliverable.
● Allows for comparisons among other projects.
Risk Exposure Table Risk Ranking Table
41
Steps to Perform Quantitative Risk Analysis
Following are the steps to perform quantitative risk analysis:

● Review the risk, cost, and schedule management plans.
● Begin with the original estimate of time or cost.
● Calculate and assess the impact of changing the range of results on
the overall project estimate.
● Refer to historical information.
● Use the appropriate interviewing technique and obtain probability
distributions from stakeholders and subject matter experts.
● Depict the distributions in a PDF format.
● Perform a sensitivity analysis.
● Conduct a project simulation.
● Update the risk register, project management plan, and other project
documents.
42
Output
Plan Risk Management output and its descriptions are as follows:
Outputs Description
Includes a probabilistic analysis of the project, the probability of fulfilling

Project documents updates
cost and time objectives, an updated list of quantified risks arranged in
order of priority, and trends in the results of quantitative risk analysis.
43
Components of Quantitative Risk Analysis Update
Following are the components of Quantitative Risk Analysis Update:

Components Description
Once risks are qualitatively and quantitatively analyzed, the project team should be able to
Probabilistic analysis
forecast the possible completion dates and costs, and provide a level of confidence for each
of the project
decision.
Probability of fulfilling
Using quantitative risk analysis, the project team can estimate the likelihood of fulfilling the
the cost and time
project objectives with the current plan and knowledge of the project risks.
objectives
Identified risks are prioritized according to the threat they pose or the opportunity they
Prioritized list of
present to the project. This prioritized list includes a measure of the impact of each
quantified risks
identified risk.
Repeating the quantitative risk analysis process helps the project's risk management team to
Trends in quantitative analyze the trends and make adjustments as necessary. Information on the project schedule,
risk analysis results cost, quality, etc., and performance gained through the Perform Quantitative Risk Analysis
process will help the team to prepare a quantitative risk analysis report.
44
Following are the points which are documented upon completing this process:
● The contingency reserve calculated in quantitative project cost and
schedule risk analysis to be incorporated into the cost estimate and
schedule.
● Contingency reserve established to capture the opportunities that are
judged to be priorities of the project.
● If contingency reserve exceeds the time or resource available, changes the
scope and plan, then these have to be documented.
● The results of quantitative risk analysis must be recorded and passed on to
the project management team for further actions to be taken.
45
Quiz
46
You are the manager for a project. You are working with several subject matter experts
QUIZ to perform the quantitative risk analysis process. During this process, you find several
1 risk events that were not previously identified. What should you do with these risk
events?
a. The events should be considered for qualitative risk analysis

b. It should be determined if the events need to be accepted or responded to
c. The events should be entered into the risk register
d. The events should be considered for quantitative risk analysis
47
You are the manager for a project. You are working with several subject matter experts
QUIZ to perform the quantitative risk analysis process. During this process, you find several
1 risk events that were not previously identified. What should you do with these risk
events?
a. The events should be considered for qualitative risk analysis

b. It should be determined if the events need to be accepted or responded to
c. The events should be entered into the risk register
d. The events should be considered for quantitative risk analysis
Answer: c.
Explanation: If you come across a new risk at any point of time, enter the event into the risk
register.
48
You are the manager of a project in your company. You want to utilize a risk analysis
QUIZ process that will help the team make decisions in presence of the current uncertainty
2 surrounding the new environment. Which risk analysis approach can you use to make
decisions in the presence of uncertainty?
a. Monte Carlo simulation

b. Qualitative risk analysis process
c. Quantitative risk analysis process
d. Delphi technique
49
You are the manager of a project in your company. You want to utilize a risk analysis
QUIZ process that will help the team make decisions in presence of the current uncertainty
2 surrounding the new environment. Which risk analysis approach can you use to make
decisions in the presence of uncertainty?

b. Qualitative risk analysis process
c. Quantitative risk analysis process
d. Delphi technique
Answer: c.
Explanation: Quantitative risk analysis provides the opportunity to make decisions based on
numerical values assigned to the identified risks.
50
You are the manager for a project. Your team and you are working on the following
QUIZ activities: i) Probabilistic analysis of a project, ii) Probability of achieving cost and time
3 objectives, and iii) Trends in qualitative risk analysis results. On which of the following
processes are you working?

b. Perform Quantitative Risk Analysis
c. Perform Qualitative Risk Analysis
d. Identification of risks
51
You are the manager for a project. Your team and you are working on the following
QUIZ activities: i) Probabilistic analysis of a project, ii) Probability of achieving cost and time
3 objectives, and iii) Trends in qualitative risk analysis results. On which of the following
processes are you working?

Answer: b.
Explanation: All these activities will be carried out as part of Quantitative Risk Analysis.
52
QUIZ Which of the following processes must be repeated after plan risk responses and
control risks process, to determine if the overall project risk has been satisfactorily
4 decreased?

53
QUIZ Which of the following processes must be repeated after plan risk responses and
control risks process, to determine if the overall project risk has been satisfactorily
4 decreased?

Answer: b.
Explanation: Perform quantitative risk analysis is used to make sure that risk is minimized as
the project progresses.
54
QUIZ Which of the following simulation or modeling tools is used in case of quantitative risk
5 analysis?

b. Trend analysis
c. Three-point estimate
d. Sampling technique
55
QUIZ Which of the following simulation or modeling tools is used in case of quantitative risk
5 analysis?

b. Trend analysis
c. Three-point estimate
d. Sampling technique
Answer: a.
Explanation: Monte Carlo simulation is used in quantitative risk analysis to determine the
numerical impact due to risk in the project.
56
QUIZ
What is the output of quantitative risk analysis?
6
a. Risk register
b. Project performance examination
d. Project management plan updates
57
QUIZ
What is the output of quantitative risk analysis?
6
a. Risk register
b. Project performance examination
d. Project management plan updates
Answer: c.
Explanation: Project documents updates are the output of quantitative risk analysis
process.
58
Summary
Here is a quick ● Performing Quantitative Risk Analysis provides a numerical estimate of the
recap of what was overall effect of risk on the project objectives.
covered in this ● The three techniques to Perform Quantitative Risk Analysis process are data
lesson:
gathering and representation techniques, quantitative risk analysis and
modeling techniques, and expert judgment.
● EMV analysis is a method of calculating the average outcome when the
future is uncertain.
● Monte Carlo analysis is used to predict likely outcome for schedules and
costs.
● The Normal or Gaussian distribution is a continuous probability distribution,
defined on the entire real line that has a bell-shaped probability density
function, known as the Gaussian function or informally known as the bell
curve.
59
This concludes ‘Perform Quantitative Risk Analysis.’
The next lesson is ‘Plan Risk Responses.’
60
Reference
[1] Based on Practice Standard for Project Risk Management: Project Risk Management, Page 27.
61
Lesson 9—Plan Risk Responses
1
Objectives

be able to: ● Identify the critical success factors
● List the inputs, tools and techniques, and outputs
● Define contingency plan
● List the different forms of contingency reserves
2
Plan Risk Responses process determines the effective responses that are appropriate to the priority of
individual risks and overall project risk.
While deciding the risk response, it is important to consider a few factors which includes the
following:
Stakeholders’ Stakeholders’ Stakeholders’ Stakeholders’

Attitude Conventions Assumptions Constraints
The objective of the Plan Risk Responses process is to determine the set of actions which enhances
the chances of project’s success while complying with organizational and project constraints.
3
Activities and Roles
Following are the important activities and roles to be carried out as

part of the Plan Risk Responses process:
● The risk response plans are developed on the basis of threats or
the opportunities offered by negative or positive risk.
● Potential changes to budget, schedule, and scope of the project
should be considered while planning for risk response.
● The implementation of response process can generate additional
risks called secondary risk.
● Secondary risks should be analyzed and the required responses
should be planned.
4
Activities and Roles (contd.)
A few other important activities and roles are as follows:
● Risks that remain after the primary and secondary risks have been
eliminated are called residual risks.
● Residual risks should be identified, analyzed, documented, and

communicated to the stakeholders.
● Contingent risk response actions should be executed at the

optimum time.
5
Interfaces
Risk response processes along with all approved and unconditional actions occurring due to risk
response planning should be integrated within project management plan.
The corresponding organizational and project management rules should be invoked including the
following:
Project change Project planning, Project

Resource
management and budgeting, and communication
management
configuration control scheduling planning
6
Critical success factors for Risk Resource Planning process are as follows:
People
Planning
Analysis
7
Communicating to different stakeholders:

● Communication should be open and appropriate.
● The risk responses should ensure acceptance among the stakeholders.
People
● Organizational factors like culture, attitudes, or disagreements should be addressed
openly.
Defining roles and responsibilities:
● Key roles in project risk management must be assigned to risk owner and risk action
Planning owner.
● The team should understand what is expected of them. The stakeholders should
understand and accept the need and authority.
● The senior management should approve and track the contingency reserve.
Analysis
8
Specify response timing:

● The agreed-upon responses should be integrated into the project management plan.
People ● The responses should be scheduled and assigned for execution.
Provide resources, budget, and schedule:
● The approval from the management for resources, costs, and duration needs to be
obtained.
Planning
● The commitment from risk owners and risk action owners needs to obtained.
Analysis
9
Address the interaction of risks and responses:

● Control the potential effects of strategy developed for treating the original risk.
Ensure appropriate, timely, effective, and agreed-upon responses:
People
● Consistency with organizational values, project objectives, and stakeholder
expectations.
● Capability to balance the project objectives and improve the risk situation.
Analyze the threats and opportunities:
Planning ● If threats or opportunities are not addressed fully, the combined response strategy
may be invalid.
Develop strategies to address tactical responses:
● The risk response strategy should be carried out at a general, strategic level; and the
Analysis strategy should be validated and agreed upon.
10
The Inputs, Tools and Techniques, and Outputs of Plan Risk Responses process are as follows:
● Risk register ● Strategies for negative risks ● Project management plan

● Risk management plan or threats updates
● Strategies for positive risks ● Project document updates
or opportunities
● Contingent response
strategies
● Expert judgment
11
Inputs
Following are the inputs of Plan Risk Responses process:
Inputs Description
Contains prioritized lists of project risks, root causes of risk, lists of potential
Risk register responses, risk ranking, lists of near-term and long-term risks, trend in
qualitative risk analysis, categorized risks, and a watch-list of low-priority risks.
Risk
Contains the guidelines, methodology, templates, and formats necessary to
management
perform all risk management processes including Plan Risk Responses.
plan
12
Updating the Risk Register—Example
While finalizing risk responses on a high visibility project that is set to begin in another country, you review your
available choices for risk responses. There is a set of risks that is related to using company employees in that region
of the world, they are:
1. Company employees are not versed in the local cultural norms
2. They do not even speak the language
These shortcomings could potentially result in major problems when dealing with local politicians, construction
workers and in various other situations and as a result of this option, the risk to the project will increase.
13
Updating the Risk Register—Example (contd.)
On the other hand, you have the option of only using local workers. The benefits are as follows:
● While less skilled, they are from this region of the world.
● They should be able to increase their performance quickly.
● It will not cause any problems with the local customs and people.
● Local resources would not cause the same problems as the employees might.
Due to the higher risk and expense associated with using company employees, you decide to use local resources
and completely avoid problems that might arise from not understanding the local customs, language and
traditions. You update the risk register and begin making the arrangements immediately.
14
Following are the tools and techniques of Plan Risk Responses process:
Strategies for
The three strategies for negative risks or threats are avoid, transfer, and mitigate. The
negative risks
fourth strategy accept, can be used for positive and negative risks.
or threats
Strategies for
The three strategies are exploit, share, and enhance; and the fourth strategy is accept.
positive risks
Contingent
response It is the response strategy used if risks occurs.
strategies
Expert It is the input from Subject Matter Experts (SMEs) to take required actions on specific
judgment and defined risk.
15
Strategies for Threats
Four strategies which address threats are as follows:
A negative risk strategy that involves It is a negative risk strategy that

changing the project plan to prevent a Avoid Accept a threat involves accepting that a risk exists.
potentially detrimental risk condition The acceptance may be passive or
or event from happening. active.
A negative risk strategy that shifts A negative risk strategy that

the impact of a risk event and attempts to reduce the probability or
ownership of the risk response to a Transfer Mitigate impact of a potential risk event to an
third party. acceptable level.
16
Accepting a Threat—Example
There is a threat, that a competitor may launch a rival product first. This affects the expected market share for the
product. To overcome this threat, the project can be accelerated by increasing the resources and reducing the
product’s scope, so that it can be launched earlier.
Alternatively, action need not be taken to re-schedule the launch to an earlier date. Accelerating the project may
lead to product quality issues and reducing the scope can make the product less appealing. Therefore, in this case,
the risk is simply accepted and no action is taken to overcome it.
17
Strategies for Opportunities
Four strategies which address opportunities are as follows:
A positive risk strategy that is often It is a positive risk strategy that

Accept an
used when a project team wants to Exploit opportunity involves accepting the risk and
make sure that a positive risk is fully actively responding to it as it comes,
realized. but not through the pursuit.
A positive risk strategy that involves

A positive risk strategy that
partnering up with another party, in
Share Enhance attempts to increase the probability.
an effort to give a project team the
that an opportunity will occur.
best chance of seizing an opportunity.
18
Exploit Strategy—Example
As a project manager for a housing development project you are constantly concerned with the cost of housing
materials such as lumber, drywall, carpeting, and tile. The prices of these products are constantly fluctuating and
causing you to review your budget for available funds.
After finishing a previously contentious project, you decide to try something different on an upcoming block of
houses that are set to begin building shortly.
Determined to control the cost of materials, you decide to meet your suppliers and negotiate for better pricing.
Your suppliers are willing to negotiate but only if you buy in bulk, which is equal to two blocks worth of houses.
19
Exploit Strategy—Example (contd.)
After the discussion with the suppliers, you perform the following actions:
● You take this pricing to your investors who approve the idea and ask if there is a way to keep the pricing on the
remaining six blocks.
● You meet your suppliers again and present the idea of a fixed price on a much larger order, to which they agree.
● After finalizing negotiations and signing all the necessary paperwork, you return to your office and update the
risk register.
● You notify your investors that you have taken full advantage of the material price opportunity, which is also
known as the exploit strategy.
Pricing is much less of a problem after this response strategy.
20
The four categories of tools and techniques are as follows:
● Creativity tools for potential response;
● Decision support tools for optimal potential response;
● Strategy implementation techniques to convert strategy into action; and
● Tools to transfer control to the control risks process.
21
Steps Involved in Planning Risk Responses Process
The following flowchart helps in understanding the steps involved in Plan Risk Responses process:
Plan Risk Responses Update Project

Management Plan
Yes
Identify Responses
Predicted
Select Responses Exposure
No Acceptable?
All Risks Review Predicted

Addressed? No Residual Exposure
Yes
Plan and Resource Update Risk
Actions Register
22
Applying Risk Response Strategies to Overall Project Risk
The four risk response strategies that are applied to individual risks can also be applied to address the
overall project risk in the following manner:
Constructing Re-planning
Constructing a strategy where Re-planning the project or change
customer and supplier share the risk. the scope.
Pursuing Cancelling
Pursuing the project in spite of the Cancelling the project, if the overall
desired level exceeded. level of risk is unacceptable.
23
Response Identification
Response identification is based on the information available on potential

risk. It aims to determine the optimal set of responses. As a result, it
should involve subject matter experts and employ creativity techniques to
explore all the options.
Project planning and execution techniques are used to evaluate the

potential effects on the project objectives.
24
Response Selection
Potential responses are identified using a decision-support technique.
Following factors should be considered while selecting potential responses:
Cost of the Impact on project Uncertainty of

response objective outcomes
Possible secondary Residual risks
25
Risk Addressing
Risk addressing includes the following:
● Project planning tools are used to implement actions and to integrate

them into the existing plan.
Action Planning
● Responsibility assignment has to be created by identifying risk owner

and risk action owner.
● Every contingency response should include a trigger condition.
Ownership and ● Monitoring of these conditions should be assigned in Plan Risk Response
Responsibility Assignment process, and they should be managed in the control risks process.
26
Outputs
Outputs of Plan Risk Responses process is given below:
Outputs Description
Include subsidiary management plans and their various requirements

Project management plan updates
for the Plan Risk Responses process.
Contain assumptions, log updates, and technical documentation

Project document updates
updates.
27
Contingency Plan
A contingency plan is a plan developed in anticipation of the

occurrence of a risk, to be executed only if specific, predetermined
trigger conditions arise. [1]
A residual risk is a risk that remains after risk responses have been
implemented.[2]
This plan is used in the event when identified risks become reality.
28
Risk Tolerance
Risk tolerance refers to the level of risk acceptability of a project manager, an organization, or a key
stakeholder when the investment required for managing the risk is compared to the potential payoff.
29
Business Continuity Plan
A Business Continuity Plan (BCP) is a logistical risk response plan that

documents the restoration and recovery methods of an organization during
crisis.
This plan involves tested solutions to increase the chances of continuing

operations, during or after disasters. BCP also contains details on the
recovery timeline methods, procedures and tested action plans, and any
alternate recovery resources, including facilities.
30
Contingency Reserves
Contingency reserve is a predetermined amount that is set aside to be used when known risks
become reality.
Different forms of contingency reserves are as follows:
Additional time Money Resources
31
Critical Chain Project Management
Critical Chain Project Management (CCPM) is a method that allows the project team to place buffers
on any path to account for limited resources and other types of risk. A buffer is a non-work schedule
activity with a duration based on the risk for that path. A resource constrained critical path is referred
to as the critical chain.
Activity Activity Feeding

A D Buffer
Activity Activity Activity Activity Project

Start Finish
B E F F Buffer
Activity Feeding
C Buffer
32
Force Field Analysis
Force Field Analysis technique is often used when a change is under consideration. The two sets of
variables that are compared are driving forces and restraining forces.
Lack of
authority
Easily de-
scoped
33
Industry Knowledge Base
There are plenty of mature industries that publish lessons

learned or scientific data that can be used in your project.
This type of data is valuable for benchmarking on your
project. The biggest concern is getting access to relevant and
accurate information.
A truck carrying cargo on the highway has numbered placards on its rear end. These
are numbers associated with material safety data sheets or MSDS. This information
is readily available to the public and also to the first responders in case there is an
accident.
34
Interviews
It may be necessary to have a one on one conversation with

stakeholders to gather their feedback.
● To properly perform an interview, the questions must be prepared in
advance and the interviewer should have sound questioning skills.
● Active listening and the ability to build rapport with the stakeholder
is also important.
● Appropriate time should be allotted for interviews.
● Be prepared to filter issues and non-risks during the session.
You might conduct an interview with a heavy equipment operator who is performing work on site for
your project. The operator is the most qualified to identify risks about the equipment.
35
Multi-Criterion Selection Techniques
Multi-Criterion Selection tool uses a weighted approach to compare options. The stakeholders must
agree upon the weights, criteria, and scoring results.
Vendor A Vendor B
Criteria Weight Rating Points Rating Points
Price 10 9 90 8 80
History 5 9 45 7 35
Time 8 7 56 8 64
Quality 8 10 80 9 72
Risk 7 7 49 8 56
Score 320 307
36
One invaluable source of information for a project is any available data on

previous projects that were similar to the current one. There are many
risks that will reoccur from one project to the next.
To capitalize on historical documentation, you will need access and it
must be well structured.
● risk plans,
● risk registers,
● contracts,
37
Quantitative Risk Analysis
Quantitative risk analysis may be used to determine which responses are cost effective based on the
impact to the project.
Decision tree analysis might help you determine whether you should purchase a
piece of equipment or just rent it during the project. The cost or rental of the
equipment, and the impact to the budget might be clearly displayed.
38
Root Cause Analysis
Root Cause Analysis technique can be used proactively or reactively. A commonly used example is the
fishbone diagram which is shown below.
ROOT CAUSE ANALYSIS
Process Management Geography
Offsite management Overland route

Supplier problems
Unclear requirements Extreme cold
Waiting time
Poor Maintenance degradation Lack of buy-in Seismic activity
Quality Defects
Lack of training Low tolerance to cold Poor ventilation
Too much overtime Incompatibilities Poor ventilation
Low morale Easily damaged Poor ventilation
People Material Environment
39
Scenario Analysis
Scenario Analysis technique involves planning and assessing the feasibility of multiple responses. This
will help determine which response is the most appropriate, cost effective, and causes the least
amount of secondary risks.
40
Scenario Analysis—Example
You are the project manager for a telecommunication’s company and you are reviewing possible scenarios to deal
with winter storm outages. Quite often, heavy snowfall causes power services to be disrupted, which then causes
your cellular sites to fail after one hour.
So, you have several possible responses to deal with this risk. They are:
1. You might install a generator onsite with an automatic switch to turn the generator on if the power fails.
However:
● you need to check the time duration for installation.
● you also need to think about the cost and space to install it.
41
Scenario Analysis—Example (contd.)
2. In another scenario you might decide to rent a generator and keep it on site. This option will require an
employee to go to the site and turn it on if the power fails. In this case the considerations are:
● You need to think about the arrival time.
● There could be dangerous driving conditions.
● You also need to check if the employee is qualified for it.
3. Another scenario under consideration is to contract with a generator company to handle the entire response.
Once again, you need to think about the cost and the onsite arrival time.
42
Residual Risks
Residual Risks refer to risks that remain in a project even after the risk response action is
implemented.
It is essential to add the contingency costs and duration to account these residual risks.
43
Creating a Risk Response Plan—Guidelines
Guidelines for creating a risk resource plan are as follows:
Examine each identified risk to Brainstorm possible response

determine its causes strategies for each risk
Choose the response strategy Develop specific actions for

that is most likely to be effective implementing the strategy
Identify backup strategies risks Determine the amount of

with high risk factor scores required contingency reserve
Consult the risk management plan Incorporate the risk response plan
for the description of the content into the overall project plan
Examine trends in analysis results
44
Documenting the results of the Plan Risk Responses process includes the following:
Adding risk responses to the risk register +

Adding corresponding risk responses to the project management plan +
Reviewing and documenting the predicted exposure +
45
Adding risk responses to the risk register -

● For each risk, the response should be documented in the risk register and updated
regularly.
● The stakeholders should be able to access the relevant information to verify and
manage their responsibilities according to the response.

Reviewing and documenting the predicted exposure -
46

Adding corresponding risk responses to the project management plan -
● Based on the risk responses, the project related implications are evaluated for
project objectives like cost, time, resource, and changes to the documentation.
● The risk response planning is complete only when all these changes are approved.
Reviewing and documenting the predicted exposure +

47

Reviewing and documenting the predicted exposure -
● After risk response is defined and integrated into the project management plan,
the individual and overall residual risks should be evaluated.
● The evaluation should provide the expected post-response and the potential
improvement, assuming that the proposed responses are effective.
● This evaluation should be documented.
48
Quiz
49
QUIZ
How many risk responses are there in the positive risk response type?
1
a. Four
b. Three
c. Seven
d. Eight
50
QUIZ
How many risk responses are there in the positive risk response type?
1
a. Four
b. Three
c. Seven
d. Eight
Answer: a.
Explanation: There are four positive risk responses. They are, exploit, share, enhance, and
accept.
51
QUIZ You are the manager of a project for your company. You have completed qualitative and
quantitative analysis of your identified project risks. Which should be the next step
2 according to project management process?
a. Monitoring and controlling project risks
b. Creating a risk governance approach
c. Creating the project risk register
d. Planning risk responses
52
QUIZ You are the manager of a project for your company. You have completed qualitative and
quantitative analysis of your identified project risks. Which should be the next step
2 according to project management process?
a. Monitoring and controlling project risks
b. Creating a risk governance approach
c. Creating the project risk register
d. Planning risk responses
Answer: d.
Explanation: After completion of qualitative and quantitative risk analysis, the next step is
to Plan Risk Responses.
53
QUIZ While monitoring the project, you find that an accepted risk is going to occur. Which of
3 the following measures will you take to develop the response?
a. Risk response plan
b. Fallback plan
c. Mitigation plan
d. Risk register
54
QUIZ While monitoring the project, you find that an accepted risk is going to occur. Which of
3 the following measures will you take to develop the response?
a. Risk response plan
b. Fallback plan
c. Mitigation plan
d. Risk register
Answer: a.
Explanation: The risk response plan communicates how specific risks will be dealt with and
what action steps are required as part of the risk response process.
55
QUIZ You finished risk response planning and found that cost and schedule baselines are to
be modified. Why would the risk response planning call for changing the cost and
4 schedule baselines?
a. New or omitted work which is a part of risk response can cause changes
to the schedule baseline and/or cost
b. Risk responses protect the investment and time of the project
c. Risk responses should not take money or time to implement
d. Baselines must not be updated, but should be refined through versions
56
QUIZ You finished risk response planning and found that cost and schedule baselines are to
be modified. Why would the risk response planning call for changing the cost and
4 schedule baselines?
a. New or omitted work which is a part of risk response can cause changes
to the schedule baseline and/or cost
b. Risk responses protect the investment and time of the project
c. Risk responses should not take money or time to implement
d. Baselines must not be updated, but should be refined through versions
Answer: a.
Explanation: A project is a progressive elaboration. While carrying out risk management,
you will find that the funding and timeline may not be sufficient. So you need to update the
baseline by considering the new risk response planning.
57
You are the manager running a project for an organization, and during the course of the
QUIZ project, the organization receives an additional funding from VCs as bonus, which can
5 be used for your project to compress the schedule by crashing. Which response helps in
utilization of opportunity?
a. Transferring
b. Mitigation
c. Exploitation
d. Enhancement
58
You are the manager running a project for an organization, and during the course of the
QUIZ project, the organization receives an additional funding from VCs as bonus, which can
5 be used for your project to compress the schedule by crashing. Which response helps in
utilization of opportunity?
a. Transferring
b. Mitigation
c. Exploitation
d. Enhancement
Answer: c.
Explanation: If you receive the money and then decide to crash the schedule, you have
exploited the situation.
59
QUIZ
Which risk response is acceptable for both positive and negative risk events?
6
a. Transferring
b. Acceptance
c. Sharing
d. Enhancing
60
QUIZ
Which risk response is acceptable for both positive and negative risk events?
6
a. Transferring
b. Acceptance
c. Sharing
d. Enhancing
Answer: b.
Explanation: Acceptance is the only risk response which is used both in positive and
negative risk response planning.
61
Summary
Here is a quick ● While deciding the risk response, it is important to consider stakeholders’
recap of what was attitude, conventions, assumptions, and constraints.
covered in this ● The critical factors to ensure the success of Plan Risk Responses process
lesson: are people, planning, and analysis.
● The inputs of Plan Risk Responses process are risk register, and risk
management plan.
● A contingency plan is a plan developed in anticipation of the occurrence
of a risk, to be executed only if specific, predetermined trigger conditions
arise.
● The different forms of contingency reserves are additional time, money,
and resources.
62
This concludes ‘Plan Risk Responses.’
The next lesson is ‘Control Risks.’
63
Reference
[1] Based on Practice Standard for Project Risk Management: Glossary, Page 109.
[2] Based on PMBOK ® Guide—Fifth Edition: Glossary, Page 558.
64
Lesson 10—Control Risks
1
Objectives

be able to: ● Identify the critical success factors
● Describe the inputs, tools and techniques, and outputs
● Discuss how to document the results
● Describe risk audits
2
The primary objectives of Control Risks process are as follows:
Monitoring residual Ensuring risk response

Tracking identified risks Identifying new risks
risks plans are implemented
Monitoring the Reviewing the

Making improvements
effectiveness of risk effectiveness of risk
to the process
response plans management processes
For each risk where a contingent response is identified, the corresponding trigger conditions should
be specified. Risk owners should monitor the implementation in a timely manner.
3
Purposes and Objectives (contd.)
Once the Plan Risk Responses process is complete, all the approved unconditional response actions
should be included and defined in the risk register.
● The first action then is to check if it has been completed and take action as necessary, such as
invoking change management process if required.
● Effective communication needs to be maintained between them and the project manager, so that
the respective stakeholders accept the accountability.
● In addition to the response actions and trigger conditions, a mechanism for measuring the
effectiveness of the response is provided by the Plan Risk Responses process.
● In the event of major organizational changes, risk management planning may need to be revised.
4
Following are the critical success factors for Control Risks process:
Integrate Risk Monitoring and Control with Project Monitoring and Control +
Continuously Monitor Risk Trigger Conditions +
Maintain Risk Awareness +
5
Integrate Risk Monitoring and Control with Project Monitoring and Control -
● Project management plan should address actions used to carry out and control
risks.
● After the risk response plan, monitoring and controlling of risks should be carried
out as a part of the monitoring and controlling of project.

Maintain Risk Awareness +
6
● Specifically defined risks may trigger conditional responses by the risk action
owner in collaboration with the risk owner.
Maintain Risk Awareness -
7
Maintain Risk Awareness -
● Risk management report should be a regular item on every status meeting to
create awareness about risk management and its importance.
● Regular reports on risks should be shared with the senior-level sponsor and the
stakeholders.
8
Following are the inputs, tools and techniques, and outputs required for Control Risks process:

● Risk register ● Risk reassessment ● Work performance
● Project management plan ● Risk audits information
● Work performance data ● Variance and trend analysis ● Organizational process assets
● Work performance reports ● Technical performance updates
measurement ● Change requests
● Reserve analysis ● Project management plan
● Meetings updates
● Project document updates
9
Inputs
Following are the inputs for Control Risks process:
Inputs Description
Identifies risks, risk owners, actions to respond to risks, characteristics of risks, and a watch-list of
Risk register
risks of low priority.
Project management Contains risk management plan which includes risk tolerances, risk owners, protocols, human
plan resources, time, and other resources allocated for project risk management.
Provides items related to project performance results, which may be impacted by risks such as
Work performance data
deliverable status, progress with respect to schedule, and cost incurred to accomplish the work.
Work performance Provides information on project work performance that may affect the processes of risk
reports management or the actual occurrence of risk.
10
Following are the tools and techniques of Control Risks process:
Technical
Variance and trend
Risk reassessment Risk audits performance Reserve analysis
analysis
measurement
Risk reassessment is the identification of new risks, reassessment of current risks, and the closing of risks that are
outdated.
11
Technical
Variance and trend
analysis
measurement
Risk audits examine and document the effectiveness of risk responses in dealing with identified risks.
12
Technical
Variance and trend
analysis
measurement
Variance analysis is used to compare the planned results to the actual results. Trends in the project’s execution
should be reviewed using performance information.
13
Technical
Variance and trend
analysis
measurement
Technical performance measurement compares technical accomplishments during project execution to the
schedule of technical achievement.
14
Technical
Variance and trend
analysis
measurement
Reserve analysis compares the amount of the contingency reserves remaining to the amount of risk remaining at
any time in the project.
15
A few other tools and techniques of Control Risk process are as follows:
Managing
Tracking trigger Tracking overall Tracking
Meeting contingency
conditions risk compliance
reserve
Management reserve for unplanned changes to time, scope, and cost.
16
Managing
Meeting contingency
reserve
Tools are required to identify trends and forecast future outcomes, and to track the progress and spending.
17
Managing
Meeting contingency
reserve
Tools are required to evaluate and track trigger conditions against the project thresholds based on the actual
status. This provides risk-related information for the project parameters such as time and cost.
18
Managing
Meeting contingency
reserve
Tools are required to determine whether the responses have the expected effect on the project’s overall level of
risk.
19
Managing
Meeting contingency
reserve
Quality of execution of risk related plans and process are monitored against the metrics, to see if there is any
variation.
20
Outputs
Following are the outputs of Control Risk process:
Outputs Description
Work performance
Provides a mechanism to communicate and support project decision-making.
information
Organizational process Project risk management processes should be documented in the organizational process
assets updates assets as references for future projects.
Anything that deviates from the project baseline results in changes to the project management
Change requests
plan.
Project management The project management plan needs to be revised and reissued, if there is any approved
plan updates change which has an effect on risk management processes.
Project document Various project documents that require updates include the assumptions log, the technical
updates documentation, the contract terms, and the schedule and cost baselines.
21
Risk Audits
Risk audits help in examining the following:
Team's ability to identify Effectiveness of risk

Performance of risk owners
risks and causes for the risks response plans
Risk audits may be performed by
● a third party,
● a project's risk officer, or
● a qualified personnel.
22
Risk Reassessment
The process of reassessing the risks in a project risk register includes the following:
Identify new risks and Reassess current risks Close outdated risks
determine responses for their probability
and impact
23
Risk Audit—Guidelines
Guidelines for conducting risk audit are as follows:
Understand risk management Review the risk

rules and process management plan
Assess stakeholder tolerance

General risk management
and risk impact definitions
Document the Create reports and

identified results submit for approval
Make recommendations for improvement
24
Risk Audits—Example
During execution late into a project, the Project Manager (PM) feels that he is constantly
reacting to risk events that should have been identified early. Each time a risk event occurs,
he is asked by upper management why this risk was not identified proactively, analyzed,
and a response plan designated.
Concerned with this rising trend of missed risks, he calls for a team meeting to discuss the
issue. During the conversation, one of the team members suggests that a risk audit might
be appropriate under the circumstances, and the PM agrees.
The team then conducts the risk audit by using the steps within the audit format that had
been defined in the risk plan.
25
Risk Audits—Example (contd.)
After the audit is complete it is obvious that the team has been using a flawed risk plan.
The original plan was biased and caused the team to subjectively miss an entire category of
risks, which have now began to occur while in execution.
With this problem identified, the PM immediately updates the risk plan and all the
supporting documentation. He then instructs the team to begin risk reassessment in an
effort to identify risks in a proactive manner. The PM also informs upper management
about the audit conclusions and the new focus on risk.
26
Trend Analysis
Trend analysis involves reviewing the various trends in project performance on a regular basis.
Trend analysis examines project performance over time to determine whether performance is
improving or deteriorating.
This technique helps in reviewing the various trends in project performance on a regular basis, and it
can also be used to predict future performance.
27
Variance Analysis
Variance analysis is the measurement of deviation from expected results, or the analysis of variance
from the planned and the actual risk impacts.
On the basis of variance analysis, corrective action is taken for the progress of the project.
28
Variance and Trend Analysis—Example
During a routine risk reassessment meeting with the team, Sonny is alerted to a potential
problem by a team member. It seems that the same risk is reoccurring in a technical area of
the project. This area is critical to the success of the project and has a predetermined data
throughput speed that is a quality requirement from an internal customer.
Sonny instructs the team members to pull the test data from the previous test and
inspection paperwork so they can compare these technical measurements over a span of
time.
After compiling the data, it is evident that the risk does in fact seem to occur 24 hours after
each finalized test. Perplexed by this strange phenomenon, Sonny and his team members
investigate further by using variance and trend analysis.
29
Variance and Trend Analysis—Example (contd.)
It appears that every server has suffered this same problem over the last month and no one
had noticed the trend. As every server seems to be affected, Sonny and the team are able
to trace them all to a common cause.
They are all pulling power from the same power bay which has begun exceeding the
maximum capacity in the last month. Apparently, no one thought to check to see if there
would be enough available power for the new servers.
After discovering this problem, Sonny determines several courses of action, submits a
change request, which is approved and performs a minor upgrade on the power bay
distribution breakers to handle this increase power requirement.
30
Technical Performance Measurement
The definition of technical performance measurement is as follows:
Technical performance measurement is a comparison of the project's actual technical

accomplishments to the planned technical objectives as outlined in the project management plan.
Technical performance measurement helps to determine if the technical targets can be achieved.
31
Critical Chain Project Management
Critical Chain Project Management (CCPM) is a method that allows the project team to place buffers
on any path to account for limited resources and other types of risk. A buffer is a non-work schedule
activity with a duration based on the risk for that path. A resource constrained critical path is referred
as a critical chain.
An example of CCPM is illustrated below:
Activity Activity Feeding

A D Buffer
Activity Activity Activity Activity Project

Start B E F F Buffer Finish
Activity Feeding
C Buffer
32
Reserve Analysis
Reserve analysis refers to, identifying and adding the following:
Extra time and money
Extra time and money for identified and unidentified risk.
Contingency reserve
Contingency reserve for scheduled risk.
Management reserve
Management reserve for unplanned changes to time, scope, and cost.
33
Status Meetings
Status meetings are conducted to discuss the current status of the project with the project team
members and the stakeholders.
The project manager should include the following for status meetings:
Agenda Items for Status Meetings
Examining the status

Identifying and Identifying risks that Identifying risks that
of risks and risk
managing risks are of high priority need to be closed
responses
Analyzing the
Discussing the
effectiveness of risk
lessons learned
responses
34
Evaluating Project Risks and Risk Status
Evaluating the status of risks include the following:
Monitor Identify Update
Monitor the existing status of each risk event in the risk register.
35
Evaluate the status of risks include the following:
Identify risk events whose status may be changed based on their status at the time of evaluating risks.
36
Evaluate the status of risks include the following:
Update the risk register by modifying the appropriate status of each risk event.
37
One invaluable source of information for a project is any available data on

previous projects that were similar to the current one. There are many
risks that will reoccur from one project to the next.
To capitalize on lessons learned, you will need access and it must be well
structured.
● risk plans,
● risk registers,
● contracts,
38
The final control action of risk controlling is to record the actual data for future use.
Some documented risk management information includes the following:
Occurrence of Effectiveness of risk Unexpected or

risk responses undocumented risk
39
Quiz
40
QUIZ Which of the following processes involves choosing the alternative strategies, executing
a contingency or fallback plan, taking corrective action, and modifying the project
1 management plan?
a. Control risk
b. Risk response plan
c. Scope control
d. Integrated change control
41
QUIZ Which of the following processes involves choosing the alternative strategies, executing
a contingency or fallback plan, taking corrective action, and modifying the project
1 management plan?
a. Control risk
b. Risk response plan
c. Scope control
d. Integrated change control
Answer: a.
Explanation: Control Risk process takes care of choosing alternative strategies, executing
fallback plan, taking corrective action, and modifying the project management plan.
42
QUIZ
Which of the following is not a tool or technique of Control Risks?
2
a. Bringing in an outside party to review your risk response strategies
b. Revisiting your risk register to review and reassess risks
c. Using earned value analysis to find variances that point to

potential project problems
d. Gathering information about how the work is being performed
43
QUIZ
Which of the following is not a tool or technique of Control Risks?
2
a. Bringing in an outside party to review your risk response strategies
b. Revisiting your risk register to review and reassess risks
c. Using earned value analysis to find variances that point to

potential project problems
d. Gathering information about how the work is being performed
Answer: d.
Explanation: Gathering information about how the work is being performed is not a tool or
technique of Control Risks.
44
QUIZ
Which one of the following is not an output of Control Risk process?
3
a. Organizational process assets updates
c. Variance and trend analysis
d. Change requests
45
QUIZ
Which one of the following is not an output of Control Risk process?
3
a. Organizational process assets updates
c. Variance and trend analysis
d. Change requests
Answer: c.
Explanation: Variance and trend analysis is the tool and technique used in Control Risk
process. Rest of them are output of this process.
46
QUIZ Every status meeting should have time allotted for risk monitoring and control. Which
4 of the following sentences about risk monitoring and control is not true?
a. Risk identification and monitoring should occur throughout the life of the
project.
b. Risk audits randomly occur.
c. Risks should be monitored for their status and to determine whether the
impacts to the objectives have changed.
d. Technical performance measurement variances may indicate that a risk is
looming and should be reviewed at status meetings.
47
QUIZ Every status meeting should have time allotted for risk monitoring and control. Which
4 of the following sentences about risk monitoring and control is not true?
a. Risk identification and monitoring should occur throughout the life of the
project.
b. Risk audits randomly occur.
c. Risks should be monitored for their status and to determine whether the
impacts to the objectives have changed.
d. Technical performance measurement variances may indicate that a risk is
looming and should be reviewed at status meetings.
Answer: b.
Explanation: The auditing happens as per the predefined period, and when the auditing
happens, risk auditing may become part of it. The frequency of auditing is less compared to
the status meeting in which identification and monitoring of risk happens.
48
QUIZ
During the risk control, the risk response owner should be:
5
a. Identifying which risks he/she wants to monitor
b. Controlling the identification of response strategies
c. Informing the project manager of any mid-course correction needed
d. Updating stakeholders of new strategies for mitigating risks
49
QUIZ
During the risk control, the risk response owner should be:
5
a. Identifying which risks he/she wants to monitor
b. Controlling the identification of response strategies
c. Informing the project manager of any mid-course correction needed
d. Updating stakeholders of new strategies for mitigating risks
Answer: c.
Explanation: The risk response owner is assigned to carry out responses and must keep the
project manager informed of any mid-course correction needed.
50
QUIZ
Which of the following is not a primary objective of control project risk?
6
a. Tracking identified risks
b. Identifying new risks
c. Implementing risk response plans
d. Categorize risks
51
QUIZ
Which of the following is not a primary objective of control project risk?
6
a. Tracking identified risks
b. Identifying new risks
c. Implementing risk response plans
d. Categorize risks
Answer: d.
Explanation: Categorize risks is the objective of identify risk process.
52
Summary
Here is a quick ● In the event of major organizational changes, risk management planning
recap of what we may need to be revised to reassess.
have learned in this ● Critical success factors for the Control Risks process are integrate risk
lesson: monitoring and control with project monitoring and control, monitor risk
trigger conditions continuously and maintain risk awareness.
● Inputs of Control Risk process are risk register, project management plan,
work performance data, and work performance reports.
● Some documented risk management information includes occurrence of
risk, effectiveness of risk responses, and unexpected or undocumented
risk.
● Risk audits may be performed by a third party, a project's risk officer, or a
qualified personnel.
53
This concludes ‘Control Risks.’
Thank You and Happy Learning!
54

RMP Workbook

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

RMP Workbook

Transféré par

Droits d'auteur :

Formats disponibles

RMP® Certification Course

Lesson 1—Introduction to PMI-RMP® Certification Course

After completing ● Describe the PMI-RMP® certification exam outline

● Explain the application processing timeline and the exam syllabus

● List the domains and processes in Project Risk Management

This training course provides the following:

● Information on PMI-RMP® and PMI®

● Prerequisites for the PMI-RMP® exam

● Information about the PMI-RMP® exam

● Timeline of the RMP® application process

● PMI-RMP® exam syllabus

● Overview of different domains

● Information on Simplilearn’s RMP® certification course structure

There are following 10 Lessons in this course:

Lesson Number Name of the Lesson

The eligibility norms for the PMI-RMP® exam are as follows:

Category College/University Education Project Risk Management Project Risk Management

● Application can be submitted online to REPs.

The following details the application processing timeline:

3 years from the If application is

Details of the examination are as follows:

Project Risk Management Domains Percentage of Questions

● Risk strategy and planning (5 tasks) ● Plan risk management

Task: 1 Develop risk assessment processes and tools.

Task: 2 Update risk policies and procedures.

Task: 3 Develop and recommend project risk strategy.

Task: 4 Produce risk management plan for the project.

Task: 5 Establish evaluation criteria for risk management processes.

Stakeholder Engagement domain contains activities related to promoting the understanding of

The tasks in this domain are the following:

Task: 1 Apply risk assessment processes and tools.

Task: 2 Facilitate risk identification.

Task: 3 Facilitate project team’s evaluation of the identified risks attributes.

Task: 4 Facilitate development of an aligned risk response strategy and actions.

Task: 5 Facilitate the formulation of project contingency reserve.

Task: 6 Provide risk data to cost and schedule analysts.

Task: 7 Validate potential risk responses, key dependencies, and requirements.

Task: 2 Coordinate with project manager.

Task: 3 Create periodic standard and custom reports.

Task: 4 Monitor risk response metrics.

Task: 5 Analyze risk process performance against metrics.

Task: 6 Update Project Risk Management plan.

Task: 7 Capture risk lessons learned.

The tasks in this domain are the following:

Task: 1 Evaluate the attributes of identified risks.

Task: 2 Analyze risk data produced during the project.

Task: 3 Perform specialized risk analysis.

Here is a quick ● PMI-RMP® stands for Project Management Institute-Risk Management

The next is ‘Risk Management Framework.’

© Copyright 2014, Simplilearn, All rights reserved. 1

● List the good risk management practices

● List the different types of risks

The purposes of Practice Standard for Risk Management are as follows:

Practice Principles of the Specialization

Handbooks Textbooks Courses Theory, Tools/Techniques

Sign or indicator that a risk event is about to occur.

Risk Management Plan

Documents how risk management processes will be carried out.

Other definitions are as follows:

Risk Breakdown Structure

A hierarchical breakdown of risks organized by risk categories.

Defines the likelihood of the occurrence of the risk.

The result and consequence of the probability of risk occurring.

The roles of Project Risk Management are as follows: