introduction
Process Definition This is the process of defining how to conduct risk management activities for a project. The planning process illuminates the approach for project teams and establishes ground rules for risk management. The output from this process is the risk management plan.
Concepts
Risk
- is something identified in advance , that many or may NOT happen ,
- if it happen >> it could have positive impact (opportunity ), or negative impact (threat).
- more than of 90% of risk identified in risk management , could be eliminated
Uncertainty
- is lake of knowledge that reduce confidence
Appetite VS Tolerance ,
- appetite is measured by high general description
- while tolerance is more specific
- For example : sponsor is willing to accept little delay in schedule (appetite ),
- if sponsor is willing to accept NO more that 7 delay in schedule (tolerance )
- so the day 15 of delay is unacceptable (threshold )
Risk Averse
- : someone who don’t like to take risk
Plan Risk Management: Inputs- Techniques -Outputs
Inputs
- pm plan
- project charter
- stakeholder register
- OPA
- EEF
Techniques
- analytical techniques
- expert judgment
- meeting
Outputs
- risk management plan
Plan Risk Management: Inputs
Plan Risk Management: Inputs
Project Charter
- The project charter contains a high-level project description and project boundaries, meaning not just what is within the scope of the project but also what is excluded from the scope.
- High-level risks that the project sponsor is aware of and is concerned about can be put in the project charter as well.
- That’s why it’s the first course for a project manager to find out about the risks associated with the project.
- Sometimes there is a connection between the high-level scope description, including the exclusions, and the high-level description of the risks.
- It may be possible that something may considered “out of bounds” for the project for the very reason that it represents taking on a higher risk than the sponsor it comfortable with.
Project Management Plan
- All of the components of the project management plan, particularly the subsidiary management plans for all the other knowledge areas,
- scope management
- change/configuration management
Project Documents
- The stakeholder register is probably the most important input for this process. You will want to discuss their attitude towards overall risk, as well as getting their opinion on the identification of individual risks on the project.
Enterprise Environmental Factors
- Overall risk thresholds set by the organization or by key stakeholders will influence how much risk you intend to take on during the course of the project.
Organizational Process Assets
- Organizational risk policy
- Risk statement formats, templates for the risk management plan, risk categories organized into a risk breakdown structure, and common definitions of risk concepts and terms
- Authority levels of decision making (this will affect your risk responses)
- Roles and responsibilities within the organization, especially as it pertains to risk management
- Lessons learned repository from previous similar projects
Plan Risk Management: Techniques
Expert Judgment
In creating the risk management plan, it’s pretty clear that you will want to consult with SMEs (subject matter experts) who have expertise in the area of risk management. This may include the following:
- Experts in risk management in general, especially those who are familiar with the organization’s approach to risk management
- Those who have handled risk management on other similar projects and who can therefore advise on the types of risk likely to be encountered on the current project
Data Analysis
- Stakeholder analysis can be used to determine the risk tolerance of key stakeholders on the project.
Meetings
- Project team members, members of the organization who are responsible for risk management, and key stakeholders are those whom you want to invite to meetings to discuss the risk management plan.
- The meetings will define the risk management activities that will be done in all of the other six processes in this knowledge area.
Plan Risk Management: Outputs
here is only output and that is the Risk Management Plan. Here are the elements that should go into such a plan:
Risk strategy
- the organization’s general approach to managing risk on projects
Methodology
- specific approaches, tools like the probability and impact matrix and data sources that will be used to perform risk management on the project.
Rules and responsibilities
- who is the lead of the risk management team and who are the team members? Who will support the activities within the organization? What are the specific responsibilities of each member of the team?
Funding
- –this clarifies the protocols for application of contingency and management reserves. Remember, contingency reserves are for those risks that are on the risk register (the “known unknowns”) vs. those risks that are not (the “unknown unknowns.”
Schedule
- –defines when and how often risk management processes will be performed throughout the project life cycle, and establishes those risk management activities that will be included into the project schedule.
Risk categories
- –a risk breakdown structure or RBS is a representation of potential sources of risk on a project. Creating an RBS helps the project team consider the full range of sources from which individual project risks may arise.
Stakeholder risk appetite
- –this should be expressed in terms of measurable risk thresholds around each project objective in order to determine the acceptable level of overall project risk exposure.
Definitions of risk probability and impact
- used in process 11.3 Perform Qualitative Risk Analysis, the probability and impact matrix divides these concepts into qualitative thresholds like “low”, “medium” and “high”. The definition of these thresholds is important to establish at the beginning of the project.
Probability and impact matrix–
- not only the definitions of the individual thresholds, but how these thresholds will interact must be determined ahead of time. Also, the overall strategies of dealing with these categories should be defined. Will the company accept those risks in the “low” category, mitigate those in the “medium” category, and avoid those in the “high” category, for example?
Reporting formats–
- this shows how the outcomes of the risk management process 11.6 Implement Risk Responses and 11.7 Monitor Risks will be reported to stakeholders.
Tracking
- –shows how risk activities will be tracked using the risk register and how risk management activities will be audited.