RISK MANAGEMENT

Mohamed Omar - PMP®,PMI-RMP®

[email protected] 10/02/2018
 References
1. PMBOK (5th edition).
2. Practice_Standard_Project_Risk_Management.
3. Risk management exam outline.

Content
1. CHAPTER 1 - INTRODUCTION.
2. CHAPTER 2 - PRINCIPLES AND CONCEPTS.
3. CHAPTER 3 - INTRODUCTION TO PROJECT RISK MANAGEMENT PROCESSES.
4. CHAPTER 4 - PLAN RISK MANAGEMENT.
5. CHAPTER 5 - IDENTIFY RISKS.
6. CHAPTER 6 - PERFORM QUALITATIVE RISK ANALYSIS.
7. CHAPTER 7 - PERFORM QUANTITATIVE RISK ANALYSIS.
8. CHAPTER 8 - PLAN RISK RESPONSES.
9. CHAPTER 9 - MONITOR AND CONTROL RISKS.
_____________________________________________________
A. GLOSSARY
B. Individual Risk Attitudes
C. Important Notes
D. Domains

1
 CHAPTER 1
INTRODUCTION
 1.1 Purpose of the Practice Standard for Project Risk Management
 Practice Standard covers risk management to single projects only, does not cover in programs or portfolios.
 1.2 Project Risk Management
 Definition: Project Risk Management includes processes concerned with conducting risk management
planning, identification, analysis, responses, and monitoring and control on a project.
 Objectives: is increase the probability and impact of positive events, and decrease the probability and impact of
negative events in the project.
 Risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s
objectives (scope, schedule, cost, and quality).
 Project Risk Management aims to identify and prioritize risks in advance of their occurrence, and provide
action-oriented information to project managers.
 1.3 Role of Project Risk Management in Project Management
 Project Risk Management is not an optional activity, it is essential to successful project management.
 Project Risk Management is not a substitute for the other project management processes.
 Risk management provides the basis of estimate amount of cost and schedule contingency reserves are needed
to cover risk response actions to a required level of confidence for meeting project objectives.
 In the early stages of a project, the level of risk exposure is at its maximum but information on the project risks
is at a minimum.
 During project execution, risk management processes monitor changes project undergoes for new risks that
may emerge so that appropriate responses to them can be developed, as well as check for existing risks that are
no longer plausible.
 Project Risk Management providing realistic expectations for the completion dates and cost of the project.
 Throughout the project and during project closure, risk-related lessons are reviewed in order to contribute
and support continuous improvement.
 1.4 Good Risk Management Practice
 Project Risk Management is a valuable component of project management and it enhances the value of the
other project management processes.
 Project Risk Management should :-
1. Conducted in compliance with these internal and external requirements.
2. Conducted on an ethical basis.
3. Carried out in a realistic and objective way and should not be subject to political or unreasonable.
4. Conducted on all projects.
 1.5 Critical Success Factors for Project Risk Management
1. Recognize the Value of Risk Management
 Project Risk Management recognized as a valuable discipline that provides a positive potential return on
investment for organizational management, stakeholders, project management, and team members.
2
2. Individual Commitment/Responsibility
 Risk management is everybody’s responsibility.
3. Open and Honest Communication
 Any actions or attitudes that hinder communication about project risk reduce the effectiveness of Project Risk
Management in terms of proactive approaches and effective decision-making.
4. Organizational Commitment
 Project Risk Management may require a higher level of managerial support above the project manager.
5. Risk Effort Scaled to Project
 Cost of Project Risk Management should be appropriate to its potential value to the project and organization.
6. Integration with Project Management
 Successful Project Risk Management requires the correct execution of other project management processes.
 1.6 Conclusion
 Project Risk Management should be appropriately applied based on the specifics of a project and the
organizational environment.
 Project Risk Management provides benefits when it is implemented according to good practice principles and
with organizational commitment to taking decisions and performing actions in an open and unbiased manner.
CHAPTER 2
PRINCIPLES AND CONCEPTS
 2.2 Definition of Project Risk
 The definition includes two key dimensions of risk: uncertainty and effect on a project’s objectives.
 The uncertainty called (probability or likelihood) and the effect called (impact or consequence).
 Causes are events or circumstances currently exist or are certain to exist in future and might give rise to risks.
 Effects are conditional future events or conditions which would directly affect one or more project objectives if
the associated risk occurs.
 When a risk event occurs, it ceases (stop) to become uncertain.
 Threats which occur called issues or problems; opportunities which occur called benefits.
 2.3 Individual Risks and Overall Project Risk
 Individual risks are specific events or conditions that might affect project objectives.
 Individual risk may positively or negatively that affect the project objectives, elements, or tasks.
 Day-to-day Project Risk Management focuses on these individual risks.
 Overall project risk represents the effect of uncertainty on the project as a whole.
 Overall project risk is more than the sum of individual risks on a project, since it applies to the whole project
rather than to individual elements or tasks. It is an important component of strategic decision-making,
program and portfolio management, and project governance.
 2.4 Stakeholder Risk Attitudes
 A wide range of factors influence risk attitude.
1. The scale of the project.
2. the strength of public commitments made about the performance of the project

3
 3. the stakeholders’ sensitivity to issues such as environmental impacts, industrial relations,
 Risk is regarded is usually also strongly influenced by an organization’s culture.
 2.5 Iterative Process
 Risks information usually increase as time goes on, some risks will occur while others will not, new risks will
arise or be discovered.
 Project Risk Management processes should be repeated and the corresponding plans progressively elaborated
throughout the lifetime of the project.
 The identification and analysis of risks should be revisited periodically to ensure that Project Risk Management
remains effective, the progress on risk response actions should be monitored.
 Development of an initial risk management plan and risk assessment is the start of the process, not the end.
 2.6 Communication
 Risk Management cannot take place in isolation, Success relies on communication throughout the process.
 Communication of the results of the Project Risk Management process should be targeted to meet the specific
needs of each stakeholder and should be reflected within the overall project communications strategy.
 2.7 Responsibility for Project Risk Management
 It may be considered simplistic to say “risk management is everyone’s responsibility” as previously stated.
 Project Risk Management should be included as an integral part of all other project processes.
 2.8 Project Manager’s Role for Project Risk Management
 Project manager has overall responsibility for delivering a successful project to meets defined objectives.
 Project manager is accountable for the day-to-day management of the project, including risk management.
 The role of the project manager may include:
1. Encouraging senior management support for Project Risk Management activities.
2. Promoting the Project Risk Management process for the project.
3. Developing and approving the risk management plan.
4. Determining the acceptable levels of risk for the project in consultation with stakeholders.
5. Facilitating open and honest communication about risk within the project team, management, stakeholders.
6. Participating in all aspects of the Project Risk Management process.
7. Approving risk responses and associated actions prior to implementation.
8. Applying project contingency funds to deal with identified risks that occur during the project.
9. Overseeing risk management by subcontractors and suppliers.
10. Regularly reporting risk status to key stakeholders, with recommendations for appropriate strategic decisions.
11. Escalating identified risks to senior management where appropriate: such risks which are outside the authority or
control of the project manager, and any for the release of management reserve.
12. Monitoring the efficiency and effectiveness of the Project Risk Management process.
13. Auditing risk responses for their effectiveness and documenting lessons learned.

4
 CHAPTER 3
INTRODUCTION TO PROJECT RISK MANAGEMENT PROCESSES
 3.1 Project Risk Management and Project Management
 Uncertainty is inevitable since projects are unique and temporary undertakings based on assumptions and
constraints.
 Project Risk Management is not viewed as an optional process or performed as an additional overhead task.
 Project management effectiveness is increased by using information and results from Risk Management.
 Effective Project Risk Management requires input from other project management processes.
 3.2 Project Risk Management Processes
 The Project Risk Management process always starts with an initiation step.
 The emergent nature of risk requires the Project Risk Management process to be iterative, repeating the
Identify Risks process in order to find risks which were not evident earlier in the project.
 Scalable elements of the process include:
1. Available resources,
2. Methodology and processes used,
3. Tools and techniques used,
4. Supporting infrastructure,
5. Review and update frequency,
6. Reporting requirements.
 Project Risk Management activities, resources, and attention should be appropriate to the project since
different projects warrant different levels of risk management application.
 The main actions to provide the required tailoring are as follows:
1. Define those objectives against which risks will be identified.
2. Define how the elements of the Project Risk Management process will be scaled for this project.
3. Define risk thresholds, tolerances, and the assessment framework.
 Input should be sought from a wide range of project stakeholders when identifying risks.
 Qualitative techniques are used on most projects, the outputs from qualitative should be documented and
communicated to key project stakeholders and form a basis for determining appropriate responses.
 Quantitative techniques provide insights into the combined effect of identified risks on the project outcome,
these techniques take into account probabilistic or project-wide effects, such as correlation between risks,
interdependency, and feedback loops, thereby indicating the degree of overall risk faced by the project.
 Results of quantitative analysis used to focus the development of appropriate responses, particularly the
calculation of required contingency reserve levels. Quantitative techniques not be required for all projects.
 Risk owner is designated for each identified risk, it is the responsibility of the risk owner to manage the
corresponding risk through all of the subsequent Project Risk Management processes.
 Risk owner should select a suitable strategy for each individual risk, based on its characteristics and assessed
priority, ensuring that the strategy is achievable, affordable, cost effective, and appropriate.

5
 Risk owner is responsible for defining actions to implement the chosen strategy, these actions may be
delegated to action owners as appropriate.
 Risk owner should monitor actions to determine their effectiveness, and also to identify any secondary risks.
 It is vital that the Project Risk Management process be repeated at regular intervals throughout the life of the
project, this will enable the project team to reevaluate the status of previously identified risks, to identify
emergent and secondary risks, and to determine the effectiveness of the Project Risk Management process.

6
 CHAPTER 4
PROJECT RISK MANAGEMENT
 Objectives of project risk management are to increase the likelihood and impact of positive events, and
decrease the likelihood and impact of negative events in the project.
 Risk is an uncertain event, if it occurs, has a positive or negative effect on project objectives.
 Project risk has its origins in the uncertainty present in all projects.
 Known risks that have been identified and analyzed, making it possible to plan responses.
 Known risks that cannot be managed proactively assigned a contingency reserve.
 Unknown risks that cannot be managed proactively assigned a management reserve.
 Negative project risk that has occurred is considered an issue.
 Overall project risk represents the effect of uncertainty on the project as a whole, and it is more than the sum
of the individual risks within a project.
 The risk attitudes classified into three themes:
 Risk appetite, is the degree of uncertainty an entity is willing to take on in anticipation of a reward.
 Risk tolerance, is the degree of risk that an organization or individual will withstand.
 Risk threshold, refers to measures along the level of uncertainty or the level of impact at which a stakeholder
may have a specific interest, below that risk threshold, the organization will accept the risk. Above that risk
threshold, the organization will not tolerate the risk.
 Positive and negative risks are commonly referred to as opportunities and threats.
 The project may be accepted if the risks are within tolerances and are in balance with the rewards that may be
gained by taking the risks, Communication about risk and its handling should be open and honest.
 Project risk could exist at the moment a project is initiated.
 Moving forward on a project without a proactive focus on risk management is likely to lead to more problems
arising from unmanaged threats.
11.1 Plan Risk Management
 Is the process of defining how to conduct risk management activities for a project.
 Key benefit of this process is it ensures that the degree, type, and visibility of risk management are
commensurate with both the risks and the importance of the project to the organization.
 Risk management plan is vital to communicate with and obtain agreement and support from stakeholders.
 Plan Risk Management process should begin when a project is conceived and should be completed early
during project planning.
 11.1.1 Plan Risk Management: Inputs
 11.1.1.1 Project Management Plan
o Provides baseline or current state of risk affected areas including scope, schedule, and cost.
 11.1.1.2 Project Charter
o Provide various inputs such as high-level risks, project descriptions, and high-level requirements.
 11.1.1.3 Stakeholder Register
o Contains all details related to the project stakeholders, provides an overview of their roles.
 11.1.1.4 Enterprise Environmental Factors
o Risk attitudes, thresholds, and tolerances.
7
  11.1.1.5 Organizational Process Assets
o Risk categories, Common definitions of concepts and terms, Risk statement formats, Standard templates, Roles
and responsibilities, Authority levels for decision making, and Lessons learned.
 11.1.2 Plan Risk Management: Tools and Techniques
 11.1.2.1 Analytical Techniques
o A.T are used to understand and define the overall risk management context of the project.
o Risk management context is a combination of stakeholder risk attitudes (profile) and the strategic risk
exposure of a given project based on the overall project context.
o Stakeholder risk profile analysis may be performed to grade and qualify the project stakeholder risk appetite
and tolerance.
o Other techniques, such as the use of strategic risk scoring sheets, are used to provide a high-level assessment
of the risk exposure of the project based on the overall project context
 11.1.2.2 Expert Judgment
o Senior management, Project stakeholders, Project managers who have worked on projects in the same area
(directly or through lessons learned), Subject matter experts (SMEs).
 11.1.2.3 Meetings
o Attendees meetings include project manager, selected project team and stakeholders, anyone in the
organization with responsibility to manage the risk planning and execution activities.
o Risk contingency reserve application approaches may be established or reviewed.
o Risk management responsibilities should be assigned.
o The outputs of these activities are summarized in the risk management plan.
 11.1.3 Plan Risk Management: Outputs
 11.1.3.1 Risk Management Plan
1. Methodology. The approaches, tools, and data sources that will be used to perform risk management.
2. Roles and responsibilities. Defines the lead, support, and risk management team members for each type of
activity in the risk management plan, and clarifies their responsibilities.
3. Budgeting. Estimates funds needed, based on assigned resources, for inclusion in the cost baseline and
establishes protocols for application of contingency and management reserves.
4. Timing. Defines when and how often the risk management processes will be performed throughout the project
life cycle, establishes protocols for application of schedule contingency reserves, and establishes risk
management activities for inclusion in the project schedule.
5. Risk categories. Provide a means for grouping potential causes of risk, Can be use a risk breakdown structure
(RBS) is a hierarchical representation of risks according to their risk categories.
6. Definitions of risk probability and impact. The quality and credibility of the risk analysis requires that
different levels of risk probability and impact be defined that are specific to the project context.
7. Probability and impact matrix. A grid for mapping the probability of each risk occurrence and its impact on
project objectives if that risk occurs, A typical approach to prioritizing risks is to use a look-up table or a
probability and impact matrix.
8. Revised stakeholders’ tolerances. (EEF)
9. Reporting formats. Outcomes of risk management process will be documented, analyzed, communicated.
8
10. Tracking. Tracking documents how risk activities will be recorded for the benefit of the current project and
how risk management processes will be audited.

PLAN RISK MANAGEMENT

 4.1 Purpose and Objectives of the Plan Risk Management Process
o Key Areas of Focus for the Plan Risk Management Process
People Tools Business
Attitudes Toolbox Constraints
Roles ,responsibilities, authority Parameters Amount of detail and effort
Communication Definitions
1. The objectives of the Plan Risk Management process to decide how the risk management processes will be
executed, and to integrate Project Risk Management with all other project management activities.
2. Initial risk management planning should be carried out early in the overall planning of the project.
3. Risk management plan need to adapt as needs of project and its stakeholders.
4. Cost of treating the risks should be included appropriately in the project budget, while the risk management
plan should describe how this part of the project budget is evaluated, allocated, and managed.
5. Risk management activities need to be repeated throughout the project.
6. categories of success criteria for risk management include:
 Project-Related Criteria.
 Stakeholders must agree on an acceptable level of results for project-related criteria (cost, time, and scope).
 Process-Related Criteria.
 Measures for success in Project Risk Management depend on
1. Inherent level of uncertainty of the project.
2. Level of risk that is considered acceptable in a project depends on risk attitudes of the relevant stakeholders.
3. The risk attitudes of both the organization and the stakeholders influenced by a number of factors, include
their inherent tolerance for uncertainty, and the relative importance to them of achieving or missing specific
project objectives.
 PM should maintain effective communication with the stakeholders as the project evolves, in order to become
aware of any changes in the stakeholders’ attitudes and adapt the risk management approach.
 Risk-related communication occurs at two levels:
o (a)Within the project team, the plan describes the frequency meetings and reports required to carry out the
corresponding Project Risk Management processes.
o (b) Between the project team and the other project stakeholders. the plan sets their expectations as to the
structure, content, and frequency of routine documents to be received , information will be shared for
escalation or exceptional events
 4.2 Critical Success Factors for the Plan Risk Management Process
 The principal criteria for a valid risk management plan are
1. acceptance by the stakeholders,
2. alignment with the internal and external constraints on the project,
3. Balance between cost or effort and benefit,
4. Completeness with respect to the needs of the Project Risk Management process.
9
  Critical success factors for the Plan Risk Management process are detailed below.
 4.2.1 Identify and Address Barriers to Successful Project Risk Management
o Stakeholders and management should recognize and accept the benefits of managing risk, and the added
value of addressing this as a skill in its own right rather than as a passive or reactive component of general
project management.
o Clear definition of the project objectives and a high-level view of the project environment and solution
approach are required to provide a valid basis for risk management.
o PM should ensure that valid definition and planning information is available for plan risk management.
o The availability of OPA contributes to the chances of success of the Plan Risk Management activities: 1-
standard templates, 2-predefined risk categories, 3- established project management methodology, 4-
definition of concepts and terms, 5- roles, responsibilities, and authority levels.
o Risk management plan will not deliver its value unless Project Risk Management is carried out as an integral
part of the project.
 4.2.2 Involve Project Stakeholders in Project Risk Management
o PM needs to involve the project stakeholders in Plan Risk Management activities Build on their skills and
experience to ensure their understanding of, and commitment to Project Risk Management process.
o PM should address and resolve all disagreements between stakeholders in the areas of risk tolerance.
 4.2.3 Comply with the Organization’s Objectives, Policies, and Practices
o The feasibility of risk management planning is dependent upon the features of the organization.
o The rules and guidelines defined in the risk management plan should be compatible with the culture of the
organization, its capabilities and facilities, and its values, goals, and objectives.
 4.3 Tools and Techniques for the Plan Risk Management Process
 4.3.1 Planning Sessions
o Planning recommended to build a common understanding of the project’s risk approach between project
stakeholders and to gain agreement on the techniques to be used for managing risk.
o Participants include: project manager, selected project team members and other stakeholders, subject matter
experts or facilitators.
 4.3.2 Templates
o Primary purpose of risk status reports, RBS or risk register is to Record experience and existing best practice.
 4.4 Documenting the Results of the Plan Risk Management Process
1. Risk management methodology, Risk management organization, Roles, responsibilities, and authority,
Stakeholder risk tolerance, Criteria for success, Risk management tools and guidelines, Thresholds and
corresponding definitions, Templates, Communications plan, Strategy, RBS.
2. . D.1 Techniques, Examples and Templates for Risk Management Planning
 D.1.1.2 Templates Relevant to Risk Management Planning
1. Means of categorizing risks, for example a risk breakdown structure
2. Status report templates
3. Typical agenda for status meetings
 D.1.1.3 Risk Statement “Metalanguage”
10
o A typical such statement is: “Because of <one or more causes (present-is –do-has)>, <risk> might occur
(uncertain future-may-might-possible), which would lead to <one or more effects (conditional future-
would-could)>”.
 D.1.1.4 Risk Prioritization and Selection Guidelines
o The selection and prioritization of risks must be linked to the project objectives.

11
 CHAPTER 5
11.2 Identify Risks
 Is the process of determining which risks may affect the project and documenting their characteristics.
 The key benefit of this process is the documentation of existing risks and the knowledge and ability it provides
to the project team to anticipate events.
 All project personnel should be encouraged to identify potential risks.
 Identify risks is an iterative process, because new risks may evolve or become known.
 The format of the risk statements should be consistent to ensure that each risk is understood clearly and
unambiguously in order to support effective analysis and response development.
 11.2.1 Identify Risks: Inputs
 11.2.1.1 Risk Management Plan
 11.2.1.2 Cost Management Plan
 11.2.1.3 Schedule Management Plan
 11.2.1.4 Quality Management Plan
 11.2.1.5 Human Resource Management Plan
 11.2.1.6 Scope Baseline
o The WBS is a critical input to identifying risks as it facilitates an understanding of the potential risks at both
the micro and macro levels.
 11.2.1.7 Activity Cost Estimates
o They provide a quantitative assessment of the likely cost to complete scheduled activities.
 11.2.1.8 Activity Duration Estimates
o Related to the time allowances for the activities or project as a whole.
 11.2.1.9 Stakeholder Register
o This will ensure that key stakeholders, especially the sponsor and customer, are interviewed or otherwise
participate during the Identify Risks process.
 11.2.1.10 Project Documents
o Project charter, Project schedule, Project schedule network diagrams, Issue log, Quality checklists.
 11.2.1.11 Procurement Documents
o Bid, tender, or quotation are generally used when the seller selection decision will be based on price.
o Proposal is generally used when, such as technical capability or technical approach are paramount.
o terms are in use include request for information (RFI), invitation for bid (IFB), request for proposal (RFP),
request for quotation (RFQ), tender notice, invitation for negotiation, invitation for sellers initial response.
o These documents include a description of the desired form of the response, the relevant procurement
statement of work (SOW) and any required contractual provisions.
o Procurement documents are required to be sufficient to ensure consistent, appropriate responses, but flexible
enough to allow consideration of any seller suggestions for better ways to satisfy the same requirements.
 11.2.1.12 Enterprise Environmental Factors
o Published information, commercial databases, Academic studies, Published checklists, Benchmarking, Industry
studies, and Risk attitudes.
 11.2.1.13 Organizational Process Assets

12
o Project files, Organizational, project process controls, Risk statement formats or templates, Lessons learned.
 11.2.2 Identify Risks: Tools and Techniques
 11.2.2.1 Documentation Reviews
o The quality of the plans may be indicators of risk in the project.
 11.2.2.2 Information Gathering Techniques
1. Brainstorming. The goal is to obtain a comprehensive list of project risks.
o Project team Performs brainstorming with a multidisciplinary set of experts who are not part of the team.
o Ideas about project risk are generated under the leadership of a facilitator.
o Categories of risk, such as in a risk breakdown structure, can be used as a framework.
2. Delphi technique. A consensus of experts, Project risk experts participate in this technique anonymously.
o A facilitator uses a questionnaire to solicit ideas about the important project risks.
o The responses are summarized and are then recirculated to the experts for further comment.
o Delphi technique reduce bias in data and keeps any one person from having undue influence on outcome.
3. Interviewing.
4. Root cause analysis.
o Used to identify a problem, discover the underlying causes that lead to it, and develop preventive action.
 11.2.2.3 Checklist Analysis
o Developed based on historical information that has been accumulated from previous similar projects.
o The lowest level of the RBS can also be used as a risk checklist.
o Checklist may be quick and simple, it is impossible to build an exhaustive one, and care should be taken to
ensure the checklist is not used to avoid the effort of proper risk identification.
o Checklist should be reviewed during project closure to incorporate new lessons learned and improve it for use
on future projects.
 11.2.2.4 Assumptions Analysis
o Every project is conceived and developed based on a set of hypothesis, scenarios, or assumptions.
o It identifies risks to the project from inaccuracy, instability, inconsistency, or incompleteness of assumptions.
 11.2.2.5 Diagramming Techniques
1. Cause and effect diagrams. Ishikawa, fishbone are useful for identifying causes of risks.
2. System or process flow charts. Show how various elements of a system interrelate, the mechanism of
causation.
3. Influence diagrams. Representations of situations showing causal influences, time ordering of events.
 11.2.2.6 SWOT Analysis
o This technique examines the project from each of the strengths, weaknesses, opportunities, and threats,
perspectives to increase the breadth of identified risks by including internally generated risks.
o The technique starts with identification of strengths and weaknesses of the organization.
o SWOT analysis identifies any opportunities for the project that arise from organizational strengths, and any
threats arising from organizational weaknesses.
o The analysis also examines the degree to which organizational strengths offset threats, as well as identifying
opportunities that may serve to overcome weaknesses.
 11.2.2.7 Expert Judgment
13
o Suggest risks based on their previous experience, the experts’ bias taken into account in this process.
 11.2.3 Identify Risks: Outputs
 11.2.3.1 Risk Register
o The primary output from Identify Risks is the initial entry into the risk register.
o It contains the outcomes of the other risk management processes contained in the risk register over time.
o Preparation of the risk register begins in the Identify Risks process with the following information:
1. List of identified risks. Are described in as much detail as is reasonable.
2. List of potential responses. Potential responses may sometimes be identified during the Identify Risks process.

IDENTIFY RISKS
5.1 Purpose and Objectives of the Identify Risks Process
 The Identify Risk process to be iterative, repeating to find new risks.
 When a risk is first identified, potential responses may also be identified these should be recorded during the
Identify Risks process and considered for immediate action if such action is appropriate.
5.2 Critical Success Factors for the Identify Risks Process
 5.2.1 Early Identification
 Risk identification should be performed as early as possible in the project lifecycle, recognizing the paradox
that uncertainty is high in the initial stages of a project so there is often less information.
 Early risk identification enables key project decisions to take maximum account of risks inherent in the
project, and may result in changes to the project strategy.
 It also maximizes the time available for development and implementation of risk responses, which enhances
efficiency since responses taken early are often normally less costly than later ones.
 5.2.2 Iterative Identification
 It is essential that risk identification is repeated throughout the project life cycle.
 This should be done periodically at a frequency determined during the Plan Risk Management process.
 5.2.3 Emergent Identification
 Risks to be identified at any time, not limited to formal risk identification events or regular reviews.
 5.2.4 Comprehensive Identification
 A broad range of sources of risk should be considered to ensure that as many uncertainties as possible that
might affect objectives have been identified.
 5.2.5 Explicit Identification of Opportunities
 Identify Risks process should ensure opportunities are properly considered.
 5.2.6 Multiple Perspectives
 Input take from abroad range of project stakeholders to ensure all perspectives are represented, considered.
 5.2.7 Risks Linked to Project Objectives
 Each identified project risk should relate to at least one project objective (time, cost, quality, scope).
 5.2.8 Complete Risk Statement
 Identified risks should be clearly and unambiguously described.
 Single words “resources or logistics” are inadequate and do not properly communicate the nature of the risk.

14
  5.2.9 Ownership and Level of Detail
 A generalized or high-level description of risk can make it difficult to develop responses and assign
ownership, while describing risks in a lot of detail can create a great deal of work.
 Each risk should be described at a level of detail at which it can be assigned to a single risk owner.
 5.2.10 Objectivity
 Motivational biases, where someone is trying to bias the result in one direction or another.
 Cognitive biases, where biases occur as people are using their best judgment and applying heuristics.
 Sources of bias should be exposed wherever possible, and allow open and honest identification of risks.
 Minimize subjectivity and allow open and honest identification of as many risks as possible to the project.
5.3 Tools and Techniques for the Identify Risks Process
 5.3.1 Historical Review
 Based on the past on this project or similar projects in same organization, or comparable projects in another.
 Historical review approaches rely on careful selection of comparable situations which are genuinely similar to
the current project.
 5.3.2 Current Assessments
 Current assessments rely on analyzing project characteristics against given frameworks and models in order to
expose areas of uncertainty.
 Current assessment techniques do not rely on outside reference points, but are based purely on examination of
the project (Unlike historical review approaches).
 5.3.3 Creativity Techniques
 Depend on ability of participants to think creatively and their success is enhanced by use a skilled facilitator.
 Can be used either singly or in groups, and no single technique can be expected to reveal all knowable risks.
 Use of a risk breakdown structure, a prompt list, or a set of generic list categories may assist in ensuring that as
many sources of risk as practicable have been addressed.
 Risk meta-language offers a useful way of distinguishing a risk from its cause and effect, describing each risk
using three-part statements “cause, risk, effect”.
5.4 Documenting the Results of the Identify Risks Process
 The main output from the Identify Risks process is the risk register. This includes a properly structured risk
description and the nominated risk owner for each risk.
D.2 Techniques, Examples and Templates for Identify Risks (Chapter 5)
D.2.1 Techniques
 D.2.1.1 Assumptions and Constraints Analysis
This technique requires three steps:
1. List assumptions and constraints for the project.
2. Test assumptions and constraints by asking two questions:
A. Could the assumption/constraint be false?
B. If it were false, would one or more project objectives be affected (positively or negatively)?
3. Where both questions are answered.

15
  D.2.1.2 Brainstorming
 Brainstorming is commonly used in a facilitated risk identification workshop to identify risks.
 Brainstorm using risk categories or a risk breakdown structure to identify risks.
 Brainstorm risk identification included evaluation of proposed risks to remove non-risks.
 It is important to ensure active participation of relevant stakeholders in a risk identification brainstorm, and
for the facilitator to manage group dynamics carefully.
 D.2.1.3 Cause and Effect (Ishikawa) Diagrams
 This technique presents in diagrammatic form the causes which contribute to a given outcome.
 Each main cause can be split further into sub-causes.
 Using to distinguish between risks (uncertain causes of the impact) and issues (certain causes of the impact).
 D.2.1.4 Checklists
 Checklists are compiled to capture previous project experience and used for subsequent similar projects.
 Structure the risk identification checklist around a risk breakdown structure.
 Risk identification checklists should include both threats and opportunities.
 D.2.1.5 Delphi Technique
 Uses a facilitated anonymous polling of subject matter experts to identify risks in their area of expertise.
 The facilitator gathers the experts’ initial responses and circulates them without attribution to the group.
 The process often generates a consensus of the experts in a few iterations.
 D.2.1.6 Document Review
 Project documentation, including the project charter, statement of work, contract terms and conditions,
subcontracts, technical specifications, regulatory requirements, legal stipulations.
 Formal structured methods of document review can be used (such as the Fagan Inspection Process).
 D.2.1.7 Failure Modes and Effects Analysis (FMEA)/Fault Tree Analysis
 The analysis of a model structured to identify the various elements that can cause system failure by themselves,
or in combination with others, based on logic of the system.
 Fault tree analysis is typically used in engineering contexts.
 If the level of reliability is not acceptable, the Fault Tree can indicate where the system can be made more
reliable—therefore, it is useful in the design and engineering phase of the project.
 D.2.1.8 Force Field Analysis
 Force Field Analysis is typically used in the change management context.
 It can be adapted for risk identification by identifying driving forces (“forces for change”) and restraining
forces (“forces against change”) which currently affect achievement of a project objective.
 D.2.1.9 Industry Knowledge Base
 An industry knowledge base is a special case of a checklist.
 D.2.1.10 Influence Diagrams
 Influence diagram is a diagrammatic representation of a project situation, showing the main entities, decision
points, uncertainties, and outcomes, and indicating the relationships (influences) between them.

16
 Influence diagram can identify risks when combined with sensitivity analysis or Monte Carlo simulation to
reveal sources of risk within the project.
 D.2.1.11 Interviews
 Should include all main stakeholders and conducted by an independent skilled interviewer using a structured
agenda, in an atmosphere of confidentiality, honesty, and mutual trust.
 A risk breakdown structure, checklist or prompt list can be used as a framework for risk interviews.
 D.2.1.12 Nominal Group Technique
 Is an adaptation of brainstorming where participants share and discuss all issues before evaluation.
 D.2.1.13 Post-Project Reviews/Lessons Learned/Historical Information
 Obtained Information by reviewing databases of risks which occurred in previous similar situations, or lessons
learned exercises, or historical information, either within an organization or industry body
 D.2.1.14 Prompt Lists
 Prompt list is a set of risk categories which can be used to stimulate risk identification.
 Prompt list presented as a risk breakdown structure, or as a set of headings.
 Prompt list used as a framework for other risk identification techniques such as brainstorming, interviews.
 D.2.1.15 Questionnaire
 Questionnaire can be presented as a special form of checklist.
 Questionnaire can be used to present the headings from a prompt list.
 D.2.1.16 Risk Breakdown Structure (RBS)
 The risk breakdown structure (RBS) is a hierarchical framework of potential sources of risk to a project.
 D.2.1.17 Root-Cause Analysis
 Seeks to identify basic causes of risks that may be visible symptoms of more fundamental forces.
 It may also identify common sources of several risks, leading to broad-reaching risk response strategies.
 Using to distinguish between risks (uncertain causes of the impact) and issues (certain causes of the impact).
 D.2.1.18 SWOT Analysis
 The technique is commonly used in strategic decision making.
 The technique is particularly useful for identifying internally-generated risks arising from the organization.
 D.2.1.19 System Dynamics
 SD is a particular application of influence diagrams and used to identify risks within a project situation.
 SD model represents entities and information flows within a project, and analysis of the model can reveal
feed-back and feed-forward loops which lead to uncertainty or instability.
 D.2.1.20 WBS Review
 The work breakdown structure is a framework for a number of other risk identification techniques, such as
brainstorming, risk interviews, checklists or prompt lists.

17
 CHAPTER 6
11.3 Perform Qualitative Risk Analysis
 Prioritizing risks for further analysis by assessing and combining probability and impact, (Subjective Analysis)
 key benefit is that it enables project managers to reduce the level of uncertainty and to focus on high-priority
risks.
 The quality of the available information on project risks helps to clarify the assessment of the risks importance
to the project.
 Qualitative Risk Analysis is a rapid and cost-effective means of establishing priorities for Plan Risk Responses
and lays the foundation for Perform Quantitative Risk Analysis, if required.
 Qualitative Risk Analysis process is performed regularly throughout the project life cycle as defined at risk
management plan.
 This process can lead into Perform Quantitative Risk Analysis or directly into Plan Risk Responses.
 11.3.1 Perform Qualitative Risk Analysis: Inputs
 11.3.1.1 Risk Management Plan
 11.3.1.2 Scope Baseline
o Projects of a common or recurrent type tend to have more well-understood risks.
o Projects using state-of-the-art or first-of-its-kind technology, and highly complex projects, tend to have more
uncertainty, this can be evaluated by examining the scope baseline.
 11.3.1.3 Risk Register
 11.3.1.4 Enterprise Environmental Factors
o Industry studies and Risk databases that available from industry.
 11.3.1.5 Organizational Process Assets
o Information from prior similar completed projects.
 11.3.2 Perform Qualitative Risk Analysis: Tools and Techniques
 11.3.2.1 Risk Probability and Impact Assessment
o Risk probability assessment investigates the likelihood risk will occur. Risk impact assessment investigates
potential effect on a project objective, including negative effects (threats) and positive effects (opportunities).
o The level of probability and impact for each risk is evaluated during the interview or meeting.
o Risk probabilities and impacts are rated according to the definitions given in the risk management plan.
o Risks with low ratings of probability and impact will be included within risk register as part of watch list for
future monitoring.
 11.3.2.2 Probability and Impact Matrix
o Risks can be prioritized for further quantitative analysis and planning risk responses based on risk rating.
o Evaluation of each risks importance and priority for attention is typically conducted using a look-up table or a
probability and impact matrix, the risk score helps guide risk responses.
o Risks that have a negative impact on objectives, known as threats if they occur, and that are in the high-risk
(dark gray) zone of the matrix, require priority action and aggressive response strategies.
o Threats found in the low-risk (medium gray) zone not require proactive management action beyond being
placed in the risk register as part of the watch list or adding a contingency reserve.

18
o Opportunities, those in the high-risk (dark gray) zone, which may be obtained most easily and offer the
greatest benefit, should be targeted first.
o Opportunities in the low-risk (medium gray) zone should be monitored.
 11.3.2.3 Risk Data Quality Assessment
o It involves examining the degree to which the risk is understood and the accuracy, quality, reliability, and
integrity of the data about the risk.
o The use of low-quality risk data may lead to a qualitative risk analysis of little use to the project.
 11.3.2.4 Risk Categorization
o Risks can be categorized by sources of risk (using the RBS), the area of the project affected (using the WBS) or
(project phase) to determine the areas of the project most exposed to the effects of uncertainty.
o Risks can also be categorized by common root causes, this technique helps determine work packages, activities,
project phases, even roles in the project, which lead to development of effective risk responses.
 11.3.2.5 Risk Urgency Assessment
o Risks requiring near-term responses may be considered more urgent to address.
o In some qualitative analyses, the assessment of risk urgency is combined with the risk ranking that is
determined from the probability and impact matrix to give a final risk severity rating.
 11.3.2.6 Expert Judgment
o Required to assess the probability and impact of each risk to determine its location in the matrix.
o Gathering expert judgment is often accomplished with the use of risk facilitation workshops or interviews, the
expert’s bias should be taken into account in this process.
 11.3.3 Perform Qualitative Risk Analysis: Outputs
 11.3.3.1 Project Documents Updates
o Risk register updates. Updates include assessments of probability and impacts for each risk, risk ranking or
scores, risk urgency information or risk categorization, and a watch list.
o Assumptions log updates, as new information becomes available through the qualitative risk assessment,
assumptions could change, the assumptions log needs to be revisited, and Assumptions may be incorporated
into the project scope statement or in a separate assumptions log.
PERFORM QUALITATIVE RISK ANALYSIS
6.1 Purpose and Objectives of the Perform Qualitative Risk Analysis Process
 Process assesses and evaluates characteristics of individually identified project risks and prioritizes risks.
 Assessing individual risks using qualitative risk analysis evaluates the probability that each risk will occur and
the effect of each individual risk on the project objectives.
 As such it does not directly address the overall risk to project objectives that results from the combined effect
of all risks and their potential interactions with each other.
 One step in the analysis is to categorize risks according to their sources or causes.
 If several risks arise from a common source, sometimes called a root cause, risk responses may be more
effective when they focus on addressing this root cause.
 qualitative risk analysis are applied to list of risks created by the Identify Risks process to provide project
management with risks that have most influence (positive or negative) on achieving project’s objectives.
 Risks that are assessed as high priority to either threaten or to enhance the achievement of project objectives

19
 will be an important focus in the Plan Risk Responses process.
6.2 Critical Success Factors for the Perform Qualitative Risk Analysis Process
6.2.1 Use Agreed-Upon Approach
 factors may be considered in determining the importance of a risk as follows:
A. Urgency (proximity). Risks requiring near term responses may be considered more urgent to address.
Indicators of urgency can include the lead time necessary to execute a risk response and the clarity of
symptoms and warning signs (also known as detectability) that may trigger the response.
B. Manageability. Some risks are not manageable and it be a waste of resources to attempt to address them.
 The project team may examine these and decide to:
1. Establishing a contingency reserve.
2. Stop or re-scope project because risks is unmanageable threat or opportunity should not be missed.
3. Inform the customer of the risks and ask for a decision from their point of view.
C. Impact external to the project. Risk increase in importance if it affects the enterprise beyond the project.
6.2.2 Use Agreed-Upon Definitions of Risk Terms
 The use of definitions, for example, of levels of probability and of impact on objectives, assists in giving realistic
assessments for each risk, and facilitates the communication of the results to management and stakeholders.
6.2.3 Collect High-Quality Information about Risks
 Often this information is not available in any historic database and should be gathered by interviews, workshops,
and expert judgment.
 Data gathered from individuals may be subject to reporting or intentional bias.
 Bias should be identified and remedied, and unbiased source of information should be found and used.
6.2.4 Perform Iterative Qualitative Risk Analysis
 The success of qualitative risk analysis is enhanced if the process is used periodically throughout the project.
 Identify Risks and Perform Qualitative Analysis processes should be repeated periodically for individual risks.
 The frequency of this effort will be planned in the Plan Risk Management process.

6.3 Tools and Techniques for the Perform Qualitative Risk Analysis Process
6.3.1 Select Risk Characteristics that Define Risks’ Importance
 Qualitative risk analysis tools provide ways to distinguish those risks that are important for response from those
that are less important.
 Output from qualitative risk analysis tools includes a listing of risks in priority order or in priority groups.
 The tools for qualitative risk analysis allow the organization or project stakeholders to specify levels or
combinations of risk characteristics.
6.3.2 Collect and Analyze Data
 including interviews, workshops, and references to databases of prior projects, require management support.
 It is important to protect against bias in data gathering when relying on expert judgment for the information.
6.3.3 Prioritize Risks by Probability and Impact on Specific Objectives
 This capability provides a list of risks that are important for any specific objective of interest to management.
 This is useful since it is common for risks to have uneven impacts on various project objectives.
6.3.4 Prioritize Risks by Probability and Impact on Overall Project
 A common reason is for ease of communication with management and other stakeholders.
 Technique for creating overall risk priority measure should be documented in Plan Risk Management process.
20
6.3.5 Categorize Risk Causes
 Categorizing risks lead to improved analysis of probability and magnitude of project risk and effective responses.
 Identifying common root causes of a group of risks reveal both the magnitude of the risk event for the group as a
whole along with effective strategies that might address several risks simultaneously.
 Identifying risks that can occur at the same time or using the same resources for recovery provide a realistic picture
of problems of risk mitigation using scarce resources.
 Combining the results of Perform Qualitative Risk Analysis process with the (RBS) show clusters of priority risks
arising from specific sources.
 Combination of the risk analysis information with (WBS) show which areas of the project exhibit the most risk.
6.3.6 Document the Results of the Perform Qualitative Risk Analysis Process
 Perform Qualitative Risk Analysis adds structure to the list of undifferentiated risks into categories of priority.
 This information is usually stored in the risk register which is easy to use and update with new information.
 The risk register list of prioritized risks is posted to the project participants to improve the project plan.
 Risks of low priority to the project placed on a watch list and are reviewed less often for changes in their status.
D.3 Techniques, Examples and Templates for Perform Qualitative Risk Analysis.
 Qualitative Risk Analysis prioritizes for further analysis the undifferentiated list of risks that have been identified in
the Identify Risks process.
D.3.1 Techniques for Perform Qualitative Risk Analysis
D.3.1.1 Estimating Techniques Applied to Probability and Impact
 One benefit of this approach is that the subject matter experts only need to assess a risk’s probability within a range
rather than as a specific value.
 Opportunities to be treated as representing a positive saving in time or cost, or increased functionality.
 Threats impact scale is interpreted negatively, Time delays, increased cost, or reduced functionality.
D .3.1.2 Probability and Impact Matrix
 Organizations assess a risk’s priority from the combination of probability and impact on that project objective.
 D.3.1.3 Analytic Hierarchy Process (AHP)
 AHP is a method to calibrate preferences for achieving the different objectives of a project.
 Do they prefer to achieve time more than cost? Is quality more important than scope? What is the relative
weighting of the project’s objectives in terms of their priority to the stakeholders or to management? The results are
weights (summing to 100%) that reflect the relative priority of each objective.
 This prioritization can be important in determining how trade-offs affecting different objectives (e.g., Should we
reduce scope to finish on time?) will be decided.

21
 CHAPTER 7
11.4 Perform Quantitative Risk Analysis
 Is the process of numerically analyzing the effect of identified risks on overall project objectives.
 key benefit of this process is that it produces quantitative risk information to support decision making in order
to reduce project uncertainty.
 Quantitative Risk Analysis is performed on risks that have been prioritized by Qualitative Risk Analysis.
 Risks drive the quantitative analysis used to assign a numerical priority rating to those risks individually.
 Quantitative Risk Analysis generally follows Qualitative Risk Analysis process.
 Due to lack of sufficient data it may not be possible to execute Quantitative Risk Analysis process.
 The project manager should exercise expert judgment to determine the need for and the viability of
quantitative risk analysis.
 Quantitative Risk Analysis should be repeated, as needed, as part of the Control Risks process to determine if
the overall project risk has been satisfactorily decreased.
 11.4.1 Perform Quantitative Risk Analysis: Inputs
 11.4.1.1 Risk Management Plan
 11.4.1.3 Schedule Management Plan
 11.4.1.2 Cost Management Plan
 11.4.1.4 Risk Register
 11.4.1.5 Enterprise Environmental Factors
o Industry studies and Risk databases that available from industry.
 11.4.1.6 Organizational Process Assets
o Information from prior similar completed projects.
 11.4.2 Perform Quantitative Risk Analysis: Tools and Techniques
 11.4.2.1 Data Gathering and Representation Techniques
o Interviewing. Interviewing techniques draw on experience and historical data to quantify the probability
and impact of risks on project objectives.
o Probability distributions.
1. Continuous probability distributions, which are used extensively in modeling and simulation, represent the
uncertainty in values such as durations of schedule activities, costs of project.
2. Discrete distributions used to represent uncertain events, such as a possible scenario in a decision tree.
 11.4.2.2 Quantitative Risk Analysis and Modeling Techniques
1. Sensitivity analysis.
o Helps to determine which risks have the most potential impact on the project.
o Tornado diagram is a special type of bar chart used in sensitivity analysis for comparing the relative
importance of the variables.
o Tornado diagram analyzing risk-taking scenarios, whose quantitative analysis highlights possible benefits
greater than corresponding identified negative impacts.

22
 2. Expected monetary value analysis.
o EMV analysis is a statistical concept that calculates the average outcome when the future includes scenarios
that may or may not happen.
o EMV of opportunities are expressed as positive values, while threats are expressed as negative values.
o EMV requires a risk-neutral assumption—neither risk averse nor risk seeking.
o EMV common use is a decision tree analysis.
Decision Definition Decision Node Chance Node Net Path Value
Decision to be Made Input: Cost of Each Decision Input: Scenario Probability, Computed: Payoffs
Output: Decision Made Reward if it Occurs minus Costs along
Output: Expected Monetary Path
Value (EMV)

3. Modeling and simulation.

o A project simulation uses a model that translates the specified detailed uncertainties of the project into their
potential impact on project objectives.
o Simulations are typically performed using the Monte Carlo technique.
o In a simulation the project model is computed many times (iterated), with the input values chosen at random
for each iteration from the probability distributions of these variables.
 11.4.2.3 Expert Judgment
 11.4.3 Perform Quantitative Risk Analysis: Outputs
 11.4.3.1 Project Documents Updates
 risk register updates could include:
1. Probabilistic analysis of the project.
o This output expressed as a cumulative frequency distribution, is used with stakeholder risk tolerances to
permit quantification of the cost and time contingency reserves.
2. Probability of achieving cost and time objectives.
3. Prioritized list of quantified risks.
o These include the risks that have the greatest effect on cost contingency and those that are most likely to
influence the critical path.
o These risks evaluated through a tornado diagram generated as a result of the simulation analysis.
4. Trends in quantitative risk analysis results.
o A trend may become apparent that leads to conclusions affecting risk responses.

PERFORM QUANTITATIVE RISK ANALYSIS

 7.1 Purpose and Objectives of the Perform Quantitative Risk Analysis Process
 Provides a numerical estimate of overall effect of risk on project objectives, when considering risks simultaneously.
 Results used to evaluate likelihood of success in achieving project objectives and to estimate contingency reserves.
 Using quantitative techniques such as Monte Carlo simulation may provide more realism in the estimate of the
overall project cost or schedule.
 Quantitative risk analysis is not always required or appropriate for all projects, especially for smaller projects.

23
 The benefits of quantitative risk analysis should be weighed against the effort required to ensure that the additional
insights and value justify the additional effort.
 Partial risk analyses such as qualitative risk analysis aim at prioritizing individual risks.
 The implementation of overall risk analysis using quantitative methods requires:
 Complete and accurate representation of the project objectives built up from individual project elements.
 Including generic risks.
 Applying a quantitative method (such as Monte Carlo simulation or decision tree analysis) that incorporates
multiple risks simultaneously in determining overall impact on the overall project objective.
 Results of the quantitative analysis will be compared to the project plan (baseline) to give management an estimate
of the overall project risk and will answer important questions such as:
1. What is the probability of meeting the project’s objectives?
2. How much contingency reserve is needed to provide the organization with the level of certainty it requires based
upon its risk tolerance?
3. What are parts of the project which contribute the most risk when all risks are considered simultaneously?
4. Which individual risks contribute the most to overall project risk?
 7.2 Critical Success Factors for the Perform Quantitative Risk Analysis Process
o 7.2.1 Prior Risk Identification and Qualitative Risk Analysis
 Quantitative Risk Analysis process will consider all significant risks from Prioritized list of identified risks.
o 7.2.2 Appropriate Project Model
 Project models most frequently used in quantitative risk analysis include the project schedule, line-item cost
estimates, decision tree.
 Quantitative risk analysis is especially sensitive to the completeness and correctness of the model of the project.
o 7.2.3 Commitment to Collecting High-Quality Risk Data
 Should be gathered by historic database, interviews, workshops, and other means using expert judgment.
o 7.2.4 Unbiased Data
 Two common sources of bias are cognitive bias and motivational bias.
o 7.2.5 Overall Project Risk Derived from Individual Risks
 Quantitative Risk is based upon a methodology that correctly derives overall project risk from the individual risks.
 A decision tree is method for making decisions when future events are not certain, using the probability and impact
of all risks, and combining their effect to derive an overall project measure such as value or cost.
o 7.2.6 Interrelationships Between Risks in Quantitative Risk Analysis
 Attention should be given to several risks have a common root cause and therefore are likely to occur together.
 A common way to represent the risks which occur together is by using the risk register listing of the risk or root
cause and attaching it to several project elements such as schedule activities or cost elements.
 7.3 Tools and Techniques for the Perform Quantitative Risk Analysis Process
o 7.3.1 Comprehensive Risk Representation
 Risk models permit representation all of the risks that have impact on an objective simultaneously.
o 7.3.2 Risk Impact Calculation
 Quantitative models facilitate the correct calculation of the effect of many risks on the project objectives.
o 7.3.3 Quantitative Method Appropriate to Analyzing Uncertainty
 Probability models use a quantitative method that addresses uncertainty.
 A good example of this is the use of Monte Carlo simulation tools that permit the combination of probability

24
 distributions of line-item costs or schedule activity durations, many of which are uncertain.
o 7.3.4 Data Gathering Tools
 Include: historical data and workshops, interviews, or questionnaires to gather quantified information.
o 7.3.5 Effective Presentation of Quantitative Analysis Results
 These results when all risks are considered simultaneously, include the following:
 Probability of achieving a project objective such as finishing on time or within budget.
 Amount of contingency reserve in cost, time, or resources needed to provide a required level of confidence.
 Identity or location within the project model of the most important risks. An example of this is a sensitivity
analysis in a cost risk analysis or a criticality analysis in a schedule risk analysis.
o 7.3.6 Iterative Quantitative Risk Analysis
 Success of Quantitative Risk Analysis process is the process used periodically throughout the project.
 It is impossible to know in advance all of the risks that may occur in a project.
 The frequency of this effort will be determined during the Plan Risk Management process.
o 7.3.7 Information for Response Planning
 Overall project contingency reserve in time and cost should be reflected in the project’s schedule and budget.
 Quantitative risk analysis provides information that may be used to modify the project plan.
 7.4 Documenting the Results of the Perform Quantitative Risk Analysis Process
 Contingency reserves calculated in quantitative risk analysis to establish a prudent target and a realistic expectation
for the project.
 Contingency reserves may also be established to provide for the capture of opportunities that are judged to be
priorities for the project.
 If the contingency reserve required exceeds the time or resources available, changes in the project scope and plan
may result.
 D.4 Techniques, Examples and Templates for Perform Quantitative Risk Analysis
 Quantitative Risk Analysis determine overall risk simultaneously on the project.
 It provides answers to several questions:
1. How likely is the project to complete on the schedule date or earlier?
2. How likely is the project actual cost to be the budgeted cost or less?
3. How reliable will the product be that the project produces?
4. What is the best decision to make in the face of uncertain results?
5. How much contingency in time and cost is needed to provide the organization with its desired degree of
confidence in the results?
6. How should the design of the product or system be changed most economically to increase its reliability?
7. What are the individual risks that seem to be the most important in determining the overall project risk?
o D.4.1 Techniques for Perform Quantitative Risk Analysis
o D.4.1.1 Decision Tree Analysis
 Decision tree analysis is usually performed using specialized, but widely available software.
 Software specify the structure of the decision with decision nodes, chance nodes, costs, benefits, and probabilities.
 The user can also evaluate the different decisions using linear utility functions based on Expected Monetary Value
or on non-linear utility functions of various shapes.
o D.4.1.2 Expected Monetary Value
 Expected Monetary Value (EMV) is a simple calculation of a value such as weighted average or expected cost or

25
 benefit when the outcomes are uncertain.
 The EMV calculation is made by weighting the individual possible outcomes by their probabilities of occurring.
o D.4.1.3 Monte Carlo Simulation
 Monte Carlo (critical index) simulation is a detailed, computer-intensive simulation approach to determining the
value and probability of possible outcomes of a project objective.
 It computes the schedule or cost estimate many times using inputs drawn at random from ranges.
 The solutions using these different input values to build a histogram of possible project outcomes and their
relative probability, and cumulative probability from which to compute desired contingency reserves of
time or cost.

Qualitative Risk Quantitative Risk

1. Addresses individual risks 1. Predicts likely project outcomes based on combined effects of risks
descriptively. 2. Uses probability distributions to characterize the risks probability
2. Prioritizes individual risk for and impact
subsequent treatment. 3. Uses project model
3. Adds to risk register. 4. requires specialized tools
4. Leads to quantitative risk analysis. 5. Estimates likelihood of meeting targets and contingency needed to
achieve desired level of comfort
6. Identifies risks with greatest effect on overall project risk.

26
 CHAPTER 8
11.5 Plan Risk Responses
 Process of developing options, actions to enhance opportunities and to reduce threats to project objectives.
 The key benefit of this process is that it addresses the risks by their priority.
 Plan Risk Responses follows the Perform Quantitative Risk Analysis (if used).
 Each risk response requires an understanding of the mechanism by which it will address the risk.
 The mechanism includes the identification and assignment of one person (owner for risk response) to take
responsibility for each agreed-to and funded risk response.
 11.5.1 Plan Risk Responses: Inputs
 11.5.1.1 Risk Management Plan
 11.5.1.2 Risk Register
o The risk register refers to identified risks, root causes of risks, lists of potential responses, risk owners,
symptoms and warning signs, the relative rating or priority list of project risks, risks requiring responses in
the near term, trends in qualitative analysis results, and a watch list.
 11.5.2 Plan Risk Responses: Tools and Techniques
o Risk analysis tools, such as decision tree analysis, used to choose the most appropriate responses.
o A fallback
1.Implemented when the contingency plan fails or is not fully effective.
2.Generally made for residual risks.
3.It is a backup plan for the contingency plan.
4.Is part of the project management plan.
5.Developed if selected strategy turns out not to be fully effective or if accepted risk occurs.
o Secondary risks are risks that arise as a direct result of implementing a risk response, should reviewed.
o A contingency reserve is often allocated for time or cost.
 11.5.2.1 Strategies for Negative Risks or Threats
o Avoidance and mitigation good strategies for critical risks with high impact.
o Transference and acceptance good strategies for threats that are less critical and with low overall impact.
o Avoid.
1. The project team acts to eliminate the threat or protect the project from its impact.
2. Usually involves changing the project management plan to eliminate the threat entirely.
3. Isolate the project objectives from the risks impact or change the objective that is in jeopardy.
4. Examples, extending the schedule, changing the strategy, reducing scope.
5. The most radical avoidance strategy is to shut down the project entirely.
6. Some risks that arise early in the project can be avoided by clarifying requirements, obtaining information,
improving communication, or acquiring expertise.
o Transfer.
1. Shifts the impact of a threat to a third party, together with ownership of the response.

27
 2. Transferring the risk gives another party responsibility for its management—it does not eliminate it.
3. Transferring does not mean disowning the risk by transferring it to another person without his or her
knowledge or agreement.
4. Risk transference always involves payment of a risk premium to the party taking on the risk.
5. Transferring liability for risk is most effective in dealing with financial risk exposure.
6. Transference tools include, the use of insurance, performance bonds warranties, guarantees.
7. Cost-plus contract transfer the cost risk to the buyer, fixed-price contract transfer risk to the seller.
o Mitigate. (corrective action)
1. Reduce the probability of occurrence or impact of a risk.
2. Reduction in the probability, impact of an adverse risk to be within acceptable threshold limits.
3. Examples, adopting less complex processes, conducting more tests, choosing more stable supplier.
4. Mitigation require prototype development to reduce the risk of a process or product.
5. Mitigation response address the risk impact by targeting linkages that determine the severity.
o Accept.
1. Acknowledge the risk and not take any action unless the risk occurs.
2. Strategy is adopted where it is not possible or cost-effective to address a specific risk in any other way.
3. This strategy indicates that not to change the project management plan to deal with a risk, or is unable to
identify any other suitable response strategy.
4. This strategy can be either passive or active.
5. Passive acceptance requires no action except to document the strategy, leaving project team to deal with
the risks as they occur, and to periodically review the threat to ensure it does not change significantly.
6. Most common active acceptance strategy is to establish a contingency reserve to handle the risks.
 11.5.2.2 Strategies for Positive Risks or Opportunities
o Exploit.
1. Risks with positive impacts where the organization wishes to ensure that the opportunity is realized.
2. Examples include assigning an organizations most talented resources or using new technologies,
technology upgrades to reduce cost and duration required to realize project.
o Enhance.
1. Is strategy used to increase the probability or the positive impacts of an opportunity.
2. Identifying, maximizing of these positive-impact risks increase the probability of their occurrence.
3. Examples of enhancing opportunities include adding more resources to an activity to finish early.
o Share.
1. Sharing a positive risk involves allocating some or all of the ownership of the opportunity to a third party
who is best able to capture the opportunity for the benefit of the project.
2. Examples, sharing partnerships, teams, special-purpose companies, or joint ventures, so that all parties gain
from their actions.
o Accept.
1. Is being willing to take advantage of the opportunity if it arises, but not actively pursuing it.
 11.5.2.3 Contingent Response Strategies
28
 o Used when if certain events occur, if there will be sufficient warning to implement the plan, Such as missing
intermediate milestones or gaining higher priority with a supplier.
o Contingency plans or fallback plans include identified triggering events that set the plans in effect.
 11.5.2.4 Expert Judgment
 11.5.3 Plan Risk Responses: Outputs
 11.5.3.1 Project Management Plan Updates
 11.5.3.2 Project Documents Updates
1. Assumptions log updates.
2. Technical documentation updates.
3. Change requests.
o The risk register should be written to a level of detail that corresponds with the priority ranking and the
planned response. The high and moderate risks are addressed in detail.

PLAN RISK RESPONSES

 Plan Risk Responses process determines effective response actions that are appropriate to the priority of the
individual risks and to the overall project risk.
 8.1 Purpose and Objectives of the Plan Risk Responses Process
 The objective of the Plan Risk Responses process is to determine the set of actions which most enhance the chances
of project success while complying with applicable organizational and project constraints.
 Contingent risk response actions need to be executed at the optimum time, the response specification for each such
risk should include a description of any corresponding trigger conditions.
 Every risk should have been allocated to a risk owner as part of the Identify Risks process, and each of the
corresponding risk responses should now be assigned to a specific risk action owner.
 The risk owner is responsible for ensuring that the risk response is effective and for planning additional risk
responses if required.
 The risk action owner is responsible for ensuring that the agreed-upon risk responses are carried out as planned, in
a timely manner.
 The role of the risk owner and that of the risk action owner may be assigned to a single person.
 implemented Responses, can have potential effects can generate additional risks, known as secondary risks and
have to be analyzed and planned for in the same way as those risks which were initially identified.
 It is never feasible or even desirable to eliminate all threats from a project. Similarly, there is also a limit to the
extent to which opportunities can be proactively managed.
 There may be residual risks that will remain after the responses have been implemented, these residual risks should
be clearly identified, analyzed, documented, and communicated to all relevant stakeholders.
 8.2 Critical Success Factors for the Plan Risk Responses Process
o 8.2.1 Communicate
 Communication with the various stakeholders should be maintained in an open and appropriate manner.
 If organizational causes of risks, such as culture, attitudes, or disagreements concerning objectives are present, they
should be addressed openly, this require involving high levels of organization management, other stakeholders.
o 8.2.2 Clearly Define Risk-Related Roles and Responsibilities
 Risk response success will dependent upon full support and involvement of project team and other stakeholders.
 The key roles for Project Risk Management are those of risk owner and risk action owner.
29
 A single risk owner should be assigned to every identified risk, and each agreed-upon risk response should have
single risk action owner.
 Management may take ownership of risks with political, organizational causes. In addition, senior management
should approve and track associated risk-related contingency reserves.
o 8.2.3 Specify Timing of Risk Responses
 Agreed-upon responses should be integrated into the project management plan and will therefore be scheduled and
assigned for execution.
o 8.2.4 Provide Resources, Budget, and Schedule for Responses
 This entails estimating the resources, costs, and duration; updating the budget and schedule; obtaining approval
from management; and obtaining commitment from the risk owners and risk action owners.
 Management’s role is vital for supporting the project manager in developing risk responses and authorizing the
corresponding resources.
o 8.2.5 Address the Interaction of Risks and Responses
 Responses may be developed to address risks related either by cause and effect or by common root cause.
 Categorization of risks by the risk breakdown structure, affinity diagram, help identify and address this situation.
 Response strategy require a compromise, since some proposed responses may be mutually exclusive or
counterproductive, example mitigating a threat to time could cost money, thereby increasing pressure on budget.
o 8.2.6 Ensure Appropriate, Timely, Effective, and Agreed-Upon Responses
 Responses should be appropriate, timely, cost-effective, feasible, achievable, agreed-upon, assigned, and accepted.
 Any proposed risk response plan needs to be assessed against the following criteria:
1. Consistency with organizational values, project objectives, and stakeholder expectations.
2. Technical feasibility.
3. Ability of the project team or risk action owners outside the project to carry out the corresponding actions.
o 8.2.7 Address Both Threats and Opportunities
 Risk response planning should combine responses, threats and opportunities into a single, integrated plan.
 If either threats or opportunities are not fully addressed, the combined set of response strategies will be incomplete
and may even be invalid.
o 8.2.8 Develop Strategies before Tactical Responses
 Risk response planning should be carried out in an open-minded manner rather than adopting the first response
that seems to be feasible.
 The responses should be planned at a general, strategic level and the strategy validated and agreed upon, prior to
developing the detailed tactical approach.
 This activity may generate additional secondary risks, which will need to be addressed at this time.
 8.3 Risk Response Strategies
 Project manager should develop risk response strategies for individual risks, sets of risks, and project-level risks.
o 8.3.1 Avoid a Threat or Exploit an Opportunity
 This strategy ensure either that the threat cannot occur or can have no effect on the project, or that the opportunity
will occur and the project will be able to take advantage of it.
o 8.3.2 Transfer a Threat or Share an Opportunity
 Strategy entails transference to a third party that is better positioned to address a particular threat or opportunity.
o 8.3.3 Mitigate a Threat or Enhance an Opportunity
 Mitigation and enhancement are the most widely applicable and widely used response strategies.

30
 This approach will decrease probability or impact of a threat, and increase probability or impact of opportunity.
o 8.3.4 Accept a Threat or an Opportunity
 This strategy applies when the other strategies are not considered applicable or feasible.
 Acceptance entails taking no action unless the risk actually occurs, in which case contingency or fallback plans may
be developed ahead of time, to be implemented if the risk presents itself.
o 8.3.5 Applying Risk Response Strategies to Overall Project Risk
 the four risk response strategies can be applied to address overall project risk as follows:
1. Cancel the project, as a last resort, if the overall level of risk remains unacceptable.
2. Set up a business structure in which the customer and the supplier share the risk.
3. Re-plan the project or change the scope and boundaries of the project, for example, by modifying the project priority,
resource allocations, delivery calendar.
 8.4 Tools and Techniques for the Plan Risk Responses Process
o 8.4.1 Response Identification
 Risk response planning builds on the available information about the potential risks and aims to determine the
optimal set of responses.
 It should involve subject matter experts and creativity techniques in order to explore all of the options.
o 8.4.2 Response Selection
 The selection process should take into account the cost of the responses, the impact on the project objectives,
uncertainty of outcomes and the possible secondary and residual risks.
 This iterative approach continues until all of the individual risks are deemed acceptable and the overall risk is
within a predefined threshold.
o 8.4.3 Action Planning
 Project planning tools are used to turn the chosen strategies into concrete actions and to integrate these into
existing plans.
o 8.4.4 Ownership and Responsibility Assignment
 The responsibility for monitoring should be clearly assigned in the Plan Risk Responses process and managed in the
Monitor and Control Risks process.
 Risk action owners should monitor their assigned risks, take agreed-upon actions as required, and provide the risk
owners with relevant information on status or changes to the risk characteristics.
 Risk owners should assess the effectiveness of any actions, decide whether additional actions are required, and keep
the project manager informed of the situation.
 8.5 Documenting the Results of the Plan Risk Responses Process
 Risk response planning is based on the information placed in the risk register and Perform Analysis processes.
 Risk response information it may in fact be an integral part of the risk register.
o 8.5.1 Add Risk Responses to the Risk Register
 Risk response information is recorded in the risk register and updated regularly.
 The set of residual risks and their priorities are clearly identified and recorded.
o 8.5.2 Add Corresponding Risk Responses to the Project Management Plan
 These include costs, resource assignments, scheduling details, and changes to project documentation.
o 8.5.3 Review and Document Predicted Exposure
 Once the risk responses have been defined and integrated into the project management plan, the individual and
overall residual risks related to this plan are evaluated in order to determine whether additional response planning
31
 is required.
 D.5 Techniques, Examples, and Templates for Plan Risk Responses
 Plan Risk Responses develops the set of actions required to take into account the project’s risks and their
characteristics, and integrates them into the corresponding project management plan.
 D.5.1 Techniques for Plan Risk Response
o D.5.1.1 Contingency Planning
 For specific (normally high-impact) risks, the risk owner may choose to assemble a team to develop a response, as if
the risk had genuinely happened.
o D.5.1.2 Contingency Reserve Estimation
 An amount (time and cost) needs to be set aside to allow for these eventualities.
 This amount is made up of two components:
1. To cover specific, approved conditional responses (e.g. contingency plans).
2. To address unspecified or passively accepted risks.
 Quantitative methods used to determine the amounts that should be set aside (e.g. decision trees for conditional
responses, simulation for the set of unspecified risks).
 These reserves are tracked and managed in Monitor and Control Risks.
o D.5.1.3 Multi-Criteria Selection Techniques
 This is an adaptation of the Perform Qualitative Risk Analysis Process based on selection criteria.
 The use of a spreadsheet to calculate the weighted scores of two options, based on a predefined set of prioritized
criteria, (“points” is the product of “weight” by “rating.”)
o D.5.1.4 Scenario Analysis
 Scenario analysis for risk response planning involves defining several plausible alternative scenarios.
 Different scenarios may require different risk responses that can be evaluated for their cost and effectiveness.
 If the scenarios are out of the control of the organization, the scenario analysis can lead to effective and necessary
contingency planning.
o D.5.1.5 Critical Chain Project Management

32
 CHAPTER 9
11.6 Control Risks
 Is the process of implementing risk response plans, tracking identified risks, monitoring residual risks,
identifying new risks, and evaluating risk process effectiveness throughout the project.
 The key benefit of this process is that it improves efficiency of the risk approach throughout the project life
cycle to continuously optimize risk responses.
 Control Risks process applies techniques, such as variance and trend analysis, which require the use of
performance information generated during project execution.
 Control Risks can involve choosing alternative strategies, executing a contingency or fallback plan, taking
corrective action, and modifying the project management plan.
 Risk response owner reports periodically to the project manager on the effectiveness of the plan.
 Corrective action for risk monitor and control include contingency plan & work around plan.
 11.6.1 Control Risks: Inputs
 11.6.1.1 Project Management Plan
 11.6.1.2 Risk Register
o Risk register include identified risks and risk owners, agreed upon risk responses, control actions for assessing
the effectiveness of response plans, risk responses, specific implementation actions, symptoms and warning
signs of risk, residual and secondary risks, a watch list, and the contingency reserves.
 11.6.1.3 Work Performance Data
o Deliverable status, Schedule progress, and Costs incurred.
 11.6.1.4 Work Performance Reports
Including variance analysis, earned value data, and forecasting data Analysis of Past performance, Status of risks &
issues, Work completed, Work to be completed, Summary of changes.
 11.6.2 Control Risks: Tools and Techniques
 11.6.2.1 Risk Reassessment
o Control Risks results in identification new risks, reassessment of current risks, and closing of outdated risks.
o Project risk reassessments should be regularly scheduled.
 11.6.2.2 Risk Audits
o Risk audits examine and document the effectiveness of risk responses in dealing with identified risks and their
root causes, as well as the effectiveness of the risk management process.
o Project manager is responsible for ensuring that risk audits are performed at an appropriate frequency as
defined in the project risk management plan.
 11.6.2.3 Variance and Trend Analysis
o variance analysis to compare the planned results to the actual results
o Trends in the projects execution should be reviewed using performance information.
o Variance and trend analysis used Earned value analysis for monitoring overall project performance.
o Outcomes from these analyses may forecast potential deviation of the project.

33
o Deviation from the baseline plan may indicate the potential impact of threats or opportunities.
 11.6.2.4 Technical Performance Measurement
o Compares technical accomplishments during project execution to the schedule of technical achievement.
 11.6.2.5 Reserve Analysis
o Reserve analysis compares the amount of the contingency reserves remaining to the amount of risk remaining
at any time in the project in order to determine if the remaining reserve is adequate.
 11.6.2.6 Meetings
o Project risk management should be an agenda item at periodic status meetings.
 11.6.3 Control Risks: Outputs
 11.6.3.1 Work Performance Information
o Provides a mechanism to communicate and support project decision making.
 11.6.3.2 Change Requests
o Implementing contingency plans or workarounds results in a change request.
o Corrective actions. These are activities that realign the performance of the project work with the project
management plan, they include contingency plans and workarounds, workarounds plan were not initially
planned, but are required to deal with emerging risks that were previously unidentified or accepted passively.
o Preventive actions. These are activities that ensure that future performance of the project work is aligned with
the project management plan.
 11.6.3.3 Project Management Plan Updates
o If the approved change requests have an effect on risk management processes, the corresponding component
documents of project management plan are revised and reissued to reflect approved changes.
 11.6.3.4 Project Documents Updates
o Risk register updates may include:
1. Outcomes of risk reassessments, risk audits, and periodic risk reviews.
2. Actual outcomes of the project’s risks and of the risk responses, this information can help project managers
to plan for risk throughout their organizations, as well as on future projects.
 11.6.3.5 Organizational Process Assets Updates
1. Templates for the risk management plan, including the probability and impact matrix and risk register, Risk
breakdown structure, and Lessons learned from the project risk management activities.
2. These documents should be updated as needed and at project closure.
3. Final versions of risk register and the risk management plan templates, checklists, and RBS are included.

MONITOR AND CONTROL RISKS

 The effectiveness of Project Risk Management depends upon the way the approved plans are carried out, these
plans should be executed correctly, reviewed, and updated regularly.
 9.1 Purpose and Objectives of the Monitor and Control Risks Process
 The primary objectives of risk monitoring and controlling are to track identified risks, monitor residual risks,
identify new risks, ensure that risk response plans are executed at the appropriate time, and evaluate their
effectiveness throughout the project life cycle.
 It is the responsibility of the risk action owner to ensure that these conditions are effectively monitored and that the
34
 corresponding actions are carried out as defined, in a timely manner.
 The first action of risk monitoring and controlling is to check whether this is the case and take any appropriate
action if necessary.
 Risk owners and risk action owners need to be briefed on any changes that may affect their responsibilities.
 Effective communication needs to be maintained between them and the project manager so that the designated
stakeholders accept accountability for controlling the potential outcomes of specific risks.
 Response actions and trigger conditions and a mechanism for measuring response effectiveness is provided by Plan
Risk Responses process.
 Risk action owner should keep risk owner aware of status of the response actions so that risk owner can decide
when risk has been effectively dealt with, or whether additional actions need to be planned and implemented.
 Project manager should ensure that periodic risk reassessment, including risk identification, analysis, and response
planning, is repeated in response to project events.
 Typical reasons for risk reassessment are:
1. Occurrence of a major or unexpected risk.
2. Need to analyze a complex change request.
3. Phase end review.
4. Project re-planning or major plan elaboration.
5. Periodic review to ensure that the information remains current.
 When major organizational changes, risk management planning need to be revisited prior to reassessing the risks.
 In addition to the regular status reviews, Periodic audits performed to determine strengths and weaknesses in
handling risks within the project.
 At project closure, the project manager should ensure that a description has been given of the closure of every risk
in the risk register.
 9.2 Critical Success Factors for the Monitor and Control Risks Process
 Critical success factors relate to maintaining risk awareness throughout the project.
 9.2.1 Integrate Risk Monitoring and Control with Project Monitoring and Control
 The project management plan should include the actions required to monitor and control project risk, this should
be set up early in the project planning cycle.
 Once risk response planning carried out, project schedule should include all of agreed-upon, response-related
actions so that they can be carried out as a normal part of project execution and tracked accordingly.
 9.2.2 Continuously Monitor Risk Trigger Conditions
 Checking for specifically defined risks that may trigger conditional responses is the responsibility of the risk action
owner, in close collaboration with the risk owner under the overall authority of the project manager.
 9.2.3 Maintain Risk Awareness
 Risk management reports should be regular item on every status meeting agenda to ensure that all team members
remain aware of the importance of risk management and to ensure that it is fully integrated into all of the project
management decisions.
 The senior-level sponsor should require regular reports on the risks and the planned responses to ensure that
stakeholders are aware of the importance of keeping a focus on risk.
 Sponsor feedback motivates project team by demonstrating senior-level interest in Project Risk Management.
 This should be supported by a well-executed communications plan.
 9.3 Tools and Techniques for the Monitor and Control Risks Process
 9.3.1 Managing Contingency Reserves
35
 Techniques are required that allow the project manager to assess at any point in the project whether these provide
the required level of confidence in the success of the project.
 Tools for managing time buffers and cost should be closely integrated into the project scheduling and the financial
practices techniques.
 Tools are required to identify trends and forecast future outcomes to determine whether the reserves will remain
sufficient.
 Tools are also required for tracking progress and spending in a consolidated manner.
 9.3.2 Tracking Trigger Conditions
 Trigger conditions and the corresponding metrics are defined during the Plan Risk Responses process.
 Tools are required to evaluate and track these conditions against the project baseline based on actual status.
 9.3.3 Tracking Overall Risk
 Tools are required to determine the project progresses and the responses are having the expected effect on the
project’s overall level of risk.
 9.3.4 Tracking Compliance
 In order to monitor the quality of the execution of the risk-related plans and processes, a set of quality metrics such
as degree of variation from the baseline, should be tracked and recorded.
 These metrics will normally have been defined in the risk management plan.
 9.4 Documenting the Results of the Monitor and Control Risks Process
 The final control action of risk monitoring and controlling is to record actual data for future use.
 Risk management plan include the definition of what this information must include, the storage mechanism.
 Goal is that significant risk management information is recorded to provide concrete data to lessons learned.
 This information will need to be archived and indexed in a manner that will facilitate retrieval for easy review
during the project, at closure, and for future projects, when the need arises.
 D.6 Techniques, Examples and Templates for Monitor and Control Risks
 Monitor and Control Risks provides the assurance that risk responses are being applied, verifies whether they are
effective and as necessary initiates corrective actions.
D.6.1 Techniques for Monitor and Control Risks Process
 D.6.1.1 Reserve Analysis
 Analytical technique to establish a reserve for the schedule duration, budget or funds for a project.
 Time buffers can be used in two different ways:
1. To provide for accepted schedule risks.
2. As a scheduling-related technique in critical chain project management (CCPM).
 D.6.1.2 Risk Audits
 Risk audits are carried out in order to evaluate:
1. Are the risk management rules being carried out as specified?
2. Are the risk management rules adequate for controlling the project?
 D.6.1.3 Risk Reassessment
 The objective is to ensure that full risk management cycle is repeated as required to ensure effective control.
 D.6.1.4 Status Meetings
 Risks should be on the agenda at all project reviews, Typically the agenda items should cover the following:
1. Top priority risks at present.
 Are there any changes?
36
 2. Risks or trigger conditions that have occurred.
 What is the status of the actions?
3. Risks responded to in the last period.
 Effectiveness of actions taken.
 Are there any additional actions required?
4. Risks closed in the last period.
 Impact on the plans.
5. Lessons to be added to the Organizational Process Assets.
 D.6.1.5 Trend Analysis
 Analytical technique uses mathematical models to forecast future outcomes based on historical results.
 Examines project performance over time to determine if performance is improving or deteriorating.
 A quantitative review of what happens over a period of time.
 Evolution of the variance values over time should be analyzed in order to evaluate how risk profile is changing.
 The Earned Value formulae of the “TCPI” can be used to assess changes with respect to time and cost.
 D.6.1.6 Variance Analysis
 A technique for determining cause and degree of difference between baseline and actual performance.
 a quantitative review of the differences between what we thought would happen versus what actually happened
 The formulae in Earned Value Analysis (CV, SV, CPI, SPI) can be used to set thresholds for action, and to indicate
when the risk process may be ineffective.
 Earned value management systems use variance from plan as the basis of forecasts to the cost at completion.
 Examines the dissimilarities between the planned and the actual budget or schedule to discover unacceptable risks
to the budget, schedule, quality, or project scope

37
 Project Risk Management (RIORIO)
7. Recognize the Value of Risk Management
8. Individual Commitment/Responsibility
9. Open and Honest Communication
10. Risk Effort Scaled to Project
11. Integration with Project Management
12. Organizational Commitment
Plan Risk Management process (IIC)
4.2.1 Identify and Address Barriers to Successful Project Risk Management
4.2.2 Involve Project Stakeholders in Project Risk Management
4.2.3 Comply with the Organization’s Objectives, Policies, and Practices
Identify Risks Process (EIECEMRCOO)
5.2.1 Early Identification
5.2.2 Iterative Identification
5.2.3 Emergent Identification
5.2.4 Comprehensive Identification
5.2.5 Explicit Identification of Opportunities
5.2.6 Multiple Perspectives
5.2.7 Risks Linked to Project Objectives
5.2.8 Complete Risk Statement
5.2.9 Ownership and Level of Detail
5.2.10 Objectivity
Perform Qualitative Risk Analysis Process (CUUP)
6.2.1 Use Agreed-Upon Approach
6.2.2 Use Agreed-Upon Definitions of Risk Terms
6.2.3 Collect High-Quality Information about Risks
6.2.4 Perform Iterative Qualitative Risk Analysis
Perform Quantitative Risk Analysis Process (PIOAUC)
7.2.1 Prior Risk Identification and Qualitative Risk Analysis
7.2.2 Appropriate Project Model
7.2.3 Commitment to Collecting High-Quality Risk Data
7.2.4 Unbiased Data
7.2.5 Overall Project Risk Derived from Individual Risks
7.2.6 Interrelationships between Risks in Quantitative Risk Analysis
Plan Risk Responses Process (PSDEACAC)
8.2.1 Communicate
8.2.2 Clearly Define Risk-Related Roles and Responsibilities
8.2.3 Specify Timing of Risk Responses
8.2.4 Provide Resources, Budget, and Schedule for Responses
8.2.5 Address the Interaction of Risks and Responses
8.2.6 Ensure Appropriate, Timely, Effective, and Agreed-Upon Responses
8.2.7 Address Both Threats and Opportunities
8.2.8 Develop Strategies before Tactical Responses
Monitor and Control Risks Process (MIC)
9.2.1 Integrate Risk Monitoring and Control with Project Monitoring and Control
9.2.2 Continuously Monitor Risk Trigger Conditions
9.2.3 Maintain Risk Awareness

38
 GLOSSARY
 Assumptions. are factors that, for planning purposes, are considered to be true, real, or certain without proof
or demonstration, Assumptions generally involve a degree of risk.
 Benefit. Positive effect on a project objective arising from the occurrence of an opportunity.
 Bias. The source of information exhibits a preference or an inclination that inhibits impartial judgment. Types
of bias which commonly affect the risk process include cognitive and motivational bias.
 Constraint. An applicable restriction or limitation, which will affect the performance of the project.
 Contingency Reserve. Amount of funds, budget, or time needed above the estimate to reduce risk of overruns
of project.
 Contingency Plan. A plan developed in anticipation of the occurrence of a risk, to be executed only if specific
predetermined trigger conditions arise.
 Decision Tree Analysis. Is a diagram that describes a decision under consideration and the implications of
choosing one or another of the available alternatives, it is used when some future scenarios or outcomes of
actions are uncertain.
 Effect. Conditional future events or conditions which would directly affect one or more project objectives if
the associated risk happened.
 Emergent Risk. A risk which arises later in a project and which could not have been identified earlier.
 Identify Risks. Process of determining which risks affect the project and documenting their characteristics.
 Impact. A measure of the effect of a risk on one or more objectives if it occurs. Also known as consequence.
 Individual Risk. A specific uncertain event or condition which if it occurs has a positive or negative effect on
at least one project objective.
 Issue. See problem.
 Monitor and Control Risks. Process of implementing risk response plans, tracking identified risks, monitoring
residual risks, identifying new risks, and evaluating risk process throughout project life cycle.
 Monte Carlo Analysis. A technique that computes or iterates the project cost or project schedule many times
using input values, selected at random from probability distributions of possible costs or durations, to calculate
a distribution of possible total project cost or completion dates.
 Opportunity. A positive set of circumstances, a positive set of events, a risk that will have a positive impact on
project objectives, or a possibility for positive changes.
 Overall Project Risk. Overall project risk represents the effect of uncertainty on the project as a whole. Overall
project risk is more than sum of individual risks on a project, since it applies to the whole project.
 Perform Qualitative Risk Analysis. The process of prioritizing risks for further analysis or action by assessing
and combining their probability of occurrence and impact.
 Perform Quantitative Risk Analysis. The process of numerically analyzing the effect of identified risks on
overall project objectives.( Probabilistic analysis)
 Plan Risk Management. The process of defining how to conduct risk management activities for a project.
 Plan Risk Responses. The process of developing options and actions to enhance opportunities and to reduce
threats to project objectives.
39
 Probability. A measure of how likely an individual risk is to occur. Also known as likelihood.
 Problem. Negative effect on a project objective arising from occurrence of a threat.
 Project Risk Management. Includes the processes concerned with conducting risk management planning,
identification, analysis, responses, and monitoring and control on a project. The purpose of Project Risk
Management is to increase the probability and impact of positive events and decrease the probability and
impact of events adverse to project objectives.
 Response Strategy. A high-level approach to address an individual risk or overall project risk.
 Risk. Uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.
 Risk Action. A detailed task which implements in whole or in part a response strategy in order to address an
individual risk or overall project risk.
 Risk Action Owner. The person responsible for carrying out the approved risk actions for responding to a
given risk. Also known as “response owner” when the context allows it.
 Risk Attitude. A chosen mental disposition towards uncertainty, adopted explicitly or implicitly by individuals
and groups, driven by perception, and evidenced by observable behavior, Common risk attitudes include risk
averse, risk tolerant, risk neutral and risk seeking.
 Risk Breakdown Structure (RBS) [Tool] a hierarchically organized depiction of the identified project risks
arranged by risk category and subcategory that identifies the various areas and causes of potential risks.
 Risk Category. A group of potential causes of risk. Risk causes may be grouped into categories such as
technical, external, organizational, environmental, or project management. A category may include
subcategories such as technical maturity, weather, or aggressive estimating.
 Risk Exposure. A measure of overall project risk describing overall effect of identified risks on objectives.
 Risk Management Plan. The document describing how Project Risk Management will be structured and
performed on the project. The risk management plan can be informal and broadly framed, or formal and
highly detailed, based on the needs of the project.
 Risk Metalanguage. A structured description of a risk which separates cause, risk, and effect. Using risk
metalanguage in the form: “Because of <cause>, <risk> might occur, which would lead to <effect>.”
 Risk Model. A representation of the project including data about project elements and risks that can be
analyzed by quantitative methods.
 Risk Owner. The person responsible for ensuring that an appropriate response strategy is selected and
implemented, and for determining suitable risk actions to implement the chosen strategy, with each risk action
assigned to a single risk action owner.
 Risk Register. Document containing results of qualitative risk analysis, quantitative risk analysis, and risk
response planning. risk register details all identified risks, including description, category, cause, probability of
occurring, impact on objectives, proposed responses, owners, and current status.
 Risk Threshold. A measure of the level of risk exposure above which action must be taken to address risks
proactively, and below which risks may be accepted.
 Root Cause. An initiating cause that gives rise to a causal chain which may give rise to risks.
 Secondary Risk. A risk that arises as a direct result of implementing a risk response.
40
 Stakeholder. Person or organization (customer, sponsor, performing organization, or the public) that is
actively involved in the project, or whose interests may be positively or negatively affected by execution or
completion of the project. A stakeholder may also exert influence over the project and its deliverables.
 Threat. A condition or situation unfavorable to the project, a negative set of circumstances, a negative set of
events, a risk that will have a negative impact on a project objective if it occurs, or a possibility for negative
changes.
 Trigger Condition. Circumstance under which a risk strategy or risk action will be invoked.

41
 Individual Risk Attitudes
 Risk Averse=Risk Averter=Risk Avoider
1. They don’t like to take risk, they unwilling to take risks, they wanting to avoid risks as much as possible and they prefer a more
certain outcome.
2. Feels uncomfortable with uncertainty
3. Has a low tolerance for ambiguity ‫لديه التسامح منخفضة الغموض‬
4. Seeks security and resolution in the face of risk
5. Tends to be practical, accepting, and have commonsense, Enjoying facts more than theories
6. Increased sensitivity and over-reaction to threats‫زيادة الحساسية واإلفراط في رد الفعل على التهديدات‬
7. Threats are perceived more readily and are assessed as more severe ‫يتم النظر إلى التهديدات بسهولة أكبر ويتم تقييمها على أنها أشد‬
8. Leans to a preference for aggressive risk responses to avoid or minimize as many threats as possible
9. Under rate the significance of opportunities

 Risk Neutral
1. Neither risk-averse nor risk-seeking, but rather seek strategies and tactics that have high future pay-offs
2. Thinks abstractly and creatively, enjoying ideas and not being afraid of change
3. Focuses on long term and is a very mature approach‫هو نهج ناضجة جدا‬
4. Only takes action when it is likely to lead to a significant benefit
5. Deal objectively with risks, analyze the risk (decision tree analysis and EMV) then take decision.

 Risk Seeking
1. They like to take risks. Prefers the more uncertain outcome and may be willing to pay a penalty to take a risk.
2. Tend to be adaptable and resourceful and are not afraid to take action
3. Casual approach towards threats, as they welcome the challenge of tackling the uncertainty
4. May lead to unwise decisions and actions ‫قد تؤدي إلى اتخاذ قرارات وإجراءات غير حكيمة‬
5. Likely to identify fewer threats as they see these as part of normal business
6. Threats are underestimated
7. Opportunities may be over estimated
 Risk Tolerant ‫متساهل‬
1. Takes uncertainty in stride, with no Influence on behavior
2. For both threats and opportunities, may lead to a failure to appreciate the importance of potential risk effects
3. Risk is not managed appropriately
4. Laissez-faire approach fails to result in proactive action
5. May be the most dangerous of all risk attitudes
6. Acceptance of risk is part of the (normal)situation
7. Loss of potential benefits as a result of missed opportunities
8. May appear balanced, but progress cannot be made
9. Very conformable with ignoring the risk, they don’t care and never pay any attention to risks until becomes an issue.

42
 Important Notes
10. Since you afraid then you need voting
11. Tool and technique need effective selection of critical impact by using sensitivity analysis is cause and effect diagram (app D)
12. When you have new risk manager and you want educate him about risks of the project you let him go through risk register.
13. Uniform distribution (high &low value) early concept stage of design.
14. if the probable risk events do not occur, the unused contingency reserves may be removed from the project budget to free up
resources for other projects or operations
15. Risk has highest priority should has highest impact not highest probability.
16. The utility function
17. NLP rapport is the ability to relate to others in a way that creates trust and understanding. It is the ability to see the other’s point
of view and get them to understand yours. You don’t have to agree with their point of view or even like it. It makes any form of
communication easier.
18. NLP rapport techniques, like many other aspects of NLP are quite subtle but extremely powerful in their implications and
effects. Dictionaries define rapport as a relationship marked by harmony, conformity, accord or affinity. It supports agreement,
alignment, likeness or similarity.
19. DMAIC refers (Define, Measure, Analyze, and Improve, Control). Incremental process improvement using Six Sigma
methodology. DMAIC refers to a data-driven quality strategy for improving processes, and is an integral part of the company’s
Six Sigma Quality Initiative.
20. If identified risk occur use contingency reserve, if unidentified risk occur use management reserve.
21. Identified risk if occurred
I. Funding from contingency reserve
II. Deal with fall back plan
22. Unidentified risk if occurred
I. Funding from management reserve
II. Deal with workaround
23. Contingency reserve should include project funds that are held in reserve to offset any unavoidable threats might occur to
project (scope-schedule-cost-quality)
24. When a risk event occurs, it ceases (stop) to become uncertain.
25. Threats which occur may be called issues or problems; opportunities which occur may be called benefits.
26. Before start plan risk management process you should identify stakeholder risk tolerance.
27. Number of defects are consider as metrics.
28. Adaptive life cycles (change –driven or agile) are intended to respond to high levels of change and ongoing stakeholder
involvement.
29. Utility function is the ability of an organization which invites or handle risk.
30. Heuristic is based on rule of thumb and use trial and error to come out with estimation for an activity in terms of duration.
31. Alpha risk is defined as the risk of rejecting the Null hypothesis when in fact it is true.
32. PESTLE –political –economical-social-technological-legal-enviromental
33. DMAIC-is the tool used mostly to drive six sigma and other improvements, it is define, measure, analyze, improve and control
34. The risk management plan contains the roles and responsibilities of risk activities, along with who is assigned to each activity.
35. Risk register, which contains the owners of identified risks, as opposed to owners of risk activities.
36. Variance and trend analysis forecasts what the potential deviations may be by the completion of the project.

43
37. Risk categorization, which is utilized during Perform Qualitative Risk Analysis, involves grouping risks by common root cause
in order to determine which areas of the project are most exposed to uncertainty.
38. The roles and responsibilities for risk activities are contained within the risk management plan. Specific risk response roles are
contained in the risk register.
39. If you have an EMV of zero after performing quantitative analysis it mean that The sum of the threats and opportunities might
be equal
40. Stakeholder register is source of information contains major requirements, potential influence on the project, and contact
information.
41. contracts would be preferred by the vendor is Time and materials contract
42. A threat can only be negative while an opportunity must be positive.
43. Work performance data is compared to the plan, and the variance is called work performance information, or WPI. WPI is then
compiled into a work performance report in the process of monitor and control project work.
44. Analytical techniques are used to determine stakeholder risk profiles for risk appetite and tolerances and might use risk scoring
sheets to compare them
45. standard prompt lists are PESTLE, TECOP and SPECTRUM
46. A tornado diagrams a bar chart that compares the risk between unstable, and stables variables.
47. Contingency plans are implemented with predetermined risk triggers.
48. Quantitative analysis justified contingency reserves.
49. Reserve analysis is the estimating technique used for determine project buffers for schedule and cost risks.
50. Mitigation is the opposite of active acceptance
51. workaround An unplanned response to an unknown risk
52. The risk plan which is prepared well should help you remain objective throughout the project.
53. Enhanced an opportunity is to offering a new solution.
54. An assumption is a belief that you hold to be true, without proof.
55. The agenda for the risk meetings may be published within the risk
plan and be detailed within the risk management plan.
56. Risk identification is determining which risks may affect the project
and documenting their characteristics.
57. The cost of non-conformance is most closely associated with quality
failures. It is the risk of additional time, money, and resources for
failing to meet the quality standards. This is reflected in the quality
plan during planning a potential source of risk
58. The qualitative analysis performed on risks generally ranks them as being a low, medium or high risk.
59. Resource Breakdown Structure does not display risk information.
60. The discovery of a scope gap would increase the project risk.
61. Decides not to respond, it mean that he is accepting the opportunity, which includes passive acceptance.
62. IF EAC it is lower than BAC sound risk management methodology would have contributed to it.
63. Risk related authority level is an organizational process asset because it is contained within your specific company.
64. Stakeholder Risk Profile analysis may be performed to grade and qualify the project stakeholder Risk Appetite and Tolerance

44
 Domain 1: Risk Strategy and Planning
1. Develop risk assessment processes and tools that quantify stakeholder risk tolerances in order to assess and
determine risk thresholds for the project and set criteria for risk levels.
‫ تطويرعمليات تقييم المخاطر واألدوات التي تحدد مدى تحمل أصحاب المصلحة للمخاطر من أجل تقييم وتحديد حدود المخاطر للمشروع ووضع معايير‬-1
‫لمستويات المخاطر‬
2. Update risk policies and procedures using lessons learned and outputs of risk audits in order to improve risk
management effectiveness.
‫ تحديث سياسات وإجراءات المخاطر باستخدام معلومات مثل الدروس المستفادة من المشاريع ومخرجات عمليات مراجعة المخاطر من أجل تحسين فعالية إدارة‬-2
‫المخاطر‬
3. Develop and recommend project risk strategy based on project objectives in order to establish the outline for the
risk management plan.
‫ وضع استراتيجية مخاطر المشروع والتوصية بها استنادا إلى أهداف المشروع من أجل وضع الخطوط العريضة لخطة إدارة المخاطر‬-3
4. Produce risk management plan for the project on the basis of inputs such as project information, external factors,
stakeholder inputs, and industry policies and procedures in order to define, fund, and staff effective risk
management processes for the project that align with other project plans.
‫ اعداد خطة إدارة المخاطر للمشروع على أساس المدخالت مثل معلومات المشروع والعوامل الخارجية ومدخالت أصحاب المصلحة وسياسات وإجراءات‬-4
‫الصناعة من أجل التحديد والتمويل وفعالية الموظفين إلدارة المخاطر لعمليات للمشروع التي تتماشى مع خطط المشاريع األخرى‬
5. Establish evaluation criteria for risk management processes based on project baselines and objectives in order to
measure effectiveness of the project risk process.
‫ وضع معايير لتقييم عمليات إدارة المخاطر استنادا إلى الخطوط المرجعية للمشروع وأهدافه من أجل قياس فعالية عملية مخاطر المشروع‬-5

Domain 2: Stakeholder Engagement

1. Promote a common understanding of the value of risk management by using interpersonal skills in order to foster an
appropriate level of shared accountability, responsibility, and risk ownership.
‫ تعزيز فهم مشترك لقيمة إدارة المخاطر من خالل استخدام المهارات الشخصية من أجل تعزيز المستوى المناسب من المسؤولية المشتركة والمسؤولية وملكية‬-1
‫المخاطر‬
2. Train, coach, and educate stakeholders in risk principles and processes in order to create shared understanding of principles
and processes, and foster engagement in risk management.
‫ وتعزيز المشاركة في إدارة المخاطر‬،‫ تدريب وتمرين وتعليم اصحاب المصلحه لمبادئ وعمليات المخاطر من أجل خلق فهم مشترك للمبادئ والعمليات‬-2
3. Coach project team members in implementing risk processes in order to ensure the consistent application of risk processes.
‫ تدريب أعضاء فريق المشروع في تنفيذ عمليات المخاطر من أجل ضمان التطبيق المتسق لعمليات المخاطر‬-3
4. Assess stakeholder risk tolerance using interviewing stakeholders and reviewing historical stakeholder behaviors in order to
identify project risk thresholds.
‫ تقييم قدرة أصحاب المصلحة على تحمل المخاطر بإجراء مقابالت مع أصحاب المصلحة ومراجعة سلوكيات أصحاب المصلحة التاريخية لتحديد عتبات مخاطر‬-4
‫المشروع‬
5. Identify stakeholder risk attitudes and cognitive biases using stakeholder analysis techniques in order to manage stakeholder
expectations and responses.
‫ تحديد مواقف أصحاب المصلحة للخطر والتحيزات المعرفية باستخدام تقنيات تحليل أصحاب المصلحة من أجل إدارة توقعات أصحاب المصلحة واالستجابات طوال‬-5
‫حياة المشروع‬
6. Engage stakeholders on risk prioritization process based on stakeholder risk tolerance in order to optimize consensus regarding
priorities.
‫ إشراك أصحاب المصلحة في عملية تحديد أولويات المخاطر بناء على تحمل أصحاب المصلحة للمخاطر من أجل تحقيق التوافق األمثل فيما يتعلق باألولويات‬-6
7. Provide risk-related recommendations to stakeholders regarding risk strategy and planning, risk process facilitation, risk
reporting, and specialized risk tasks by using effective communication techniques in order to support effective risk-based
decision making.

45
 ‫ تقديم التوصيات المتعلقة بالمخاطر إلى أصحاب المصلحة فيما يتعلق باستراتيجية المخاطر والتخطيط وتيسير عمليات المخاطر واإلبالغ عن المخاطر ومهام‬-7
‫المخاطر المتخصصة باستخدام تقنيات االتصال الفعالة من أجل دعم اتخاذ القرارات الفعالة القائمة على المخاطر‬
8. Promote risk ownership by proactively communicating roles and responsibilities and engaging project team members in the
development of risk responses in order to improve risk response execution.
‫ تعزيز ملكية المخاطر بواسطة التواصل بشكل استباقي لألدوار والمسؤوليات وإشراك أعضاء فريق المشروع في تطوير االستجابة للمخاطر من أجل تحسين‬-8
‫تنفيذ االستجابة للمخاطر‬
9. Liaise with stakeholders of other projects by using effective communication techniques and sharing information on project risk
performance in order to inform them of implications for their projects.
‫التنسيق مع أصحاب المصلحة في المشاريع األخرى باستخدام تقنيات االتصال الفعالة ومشاركة المعلومات عن أداء مخاطر المشروع من أجل إطالعهم على اآلثار‬-9
‫المترتبة على مشاريعهم‬

Domain 3: Risk Process Facilitation

1. Apply risk assessment processes and tools in order to quantify stakeholder risk tolerances and determine risk levels.
‫ تطبيق عمليات وأدوات تقييم المخاطر من أجل تحديد مدى تحمل أصحاب المصلحة للمخاطر وتحديد مستويات المخاطر‬-1
2. Facilitate risk identification in order to enable project team and stakeholders to understand and determine the risk exposure of
the project.
‫ تسهيل تحديد المخاطر باستخدام لتمكين فريق المشروع وأصحاب المصلحة من فهم وتحديد المخاطر المعرض لها المشروع‬-2
3. Facilitate the project team’s evaluation of the identified risks’ attributes using qualitative and quantitative tools in order to
prioritize the risks for response planning.
‫ تسهيل تقييم فريق المشروع لخصائص المخاطر المحددة باستخدام األدوات والتقنيات النوعية والكمية من أجل إعطاء األولوية للمخاطر المتعلقة بتخطيط االستجابة‬-3
4. Facilitate the development of an aligned risk response strategy and related risk actions by risk owners in order to ensure timely
and defined action when required.
‫ تسهيل تطوير واتساق استراتيجية مواجهة المخاطر وإجراءات المخاطر ذات الصلة من قبل أصحاب المخاطر من أجل ضمان اتخاذ إجراءات محددة في الوقت‬-4
‫المناسب عند الحاجة‬
5. Facilitate the formulation of project contingency reserve based on the risk exposure of the project in order to have the
capability and resources to respond to realized risks.
‫ تيسير صياغة احتياطي الطوارئ للمشروع استنادا إلى المخاطر المعرض لها المشروع من أجل امتالك القدرة والموارد لالستجابة للمخاطر المتحققة‬-5
6. Provide risk data to cost and schedule analysts/estimators to ensure that project risk is properly reflected in cost and schedule
estimates for the project.
‫ المقدرين لضمان أن تنعكس مخاطر المشروع بشكل صحيح في تقديرات التكاليف والجدول الزمني للمشروع‬/‫ توفير بيانات المخاطر لتحليل التكلفة والجدول الزمنى‬-6
7. Use scenarios to validate potential risk responses and evaluate key dependencies and requirements in order to enhance the
likelihood of project success.
‫ استخدام سيناريوهات للتحقق من صحة المخاطر المحتملة وتقييم التبعيات الرئيسية والمتطلبات من أجل تعزيز احتمال نجاح المشروع‬-7

Domain 4: Risk Monitoring and Reporting

1. Document and periodically update project risk information using standard tools (including risk register, risk database) in order
to maintain a single, current repository of all project risk information.
‫ توثيق وتحديث معلومات مخاطر المشروع بشكل دوري باستخدام أدوات قياسية (بما في ذلك سجل المخاطر وقاعدة بيانات المخاطر) من أجل الحفاظ على مستودع‬-1
‫واحد وحالي لجميع معلومات مخاطر المشروع‬
2. Coordinate with project manager using communication techniques in order to integrate risk management throughout the
project.
‫ التنسيق مع مدير المشروع باستخدام تقنيات االتصال من أجل دمج إدارة المخاطر على مدار المشروع‬-2

46
3. Create periodic standard and custom reports using risk-related metrics as specified in the risk management plan in order to
communicate risk management activities and status.
‫ إنشاء تقارير قياسية ومعيارية دورية باستخدام مقاييس ذات صلة بالمخاطر على النحو المحدد في خطة إدارة المخاطر من أجل التواصل بين أنشطة إدارة المخاطر‬-3
‫ووضعها‬
4. Monitor risk response metrics by analyzing risk response performance information, and present to key stakeholders in order to
ensure resolution of risk and develop additional risk response strategies to address residual and secondary risks.
‫ مراقبة مقاييس االستجابة للمخاطر من خالل تحليل معلومات أداء االستجابة للمخاطر وتقديمها إلى أصحاب المصلحة الرئيسيين من أجل ضمان حل المخاطر‬-4
‫ووضع استراتيجيات إضافية لمواجهة المخاطر لمعالجة المخاطر المتبقية والثانوية‬
5. Analyze risk process performance against established metrics in order to drive risk process improvements.
‫ تحليل أداء عملية المخاطر مقابل المقاييس المحددة من أجل دفع تحسينات عملية المخاطر‬-5
6. Update the project risk management plan using relevant internal and external inputs in order to keep the plan current.
‫ تحديث خطة إدارة مخاطر المشروع باستخدام المدخالت الداخلية والخارجية ذات الصلة من أجل الحفاظ على الخطة الحالية‬-6
7. Capture risk lessons learned through comprehensive review of the project risk management plan, risk register, risk audits, risk
process performance reports, in order to incorporate into future risk planning.
‫ استخالص دروس المخاطر المستفادة من خالل المراجعة الشاملة لخطة إدارة مخاطر المشروع وسجل المخاطر وتدقيق المخاطر وتقارير أداء عمليات المخاطر‬-7
‫من أجل إدراجها في تخطيط المخاطر في المستقبل‬

Domain 5: Perform Specialized Risk Analyses

1. Evaluate the attributes of identified risks using advanced quantitative tools and specialized qualitative techniques in order to
estimate overall risk exposure of the project.
‫ تقييم سمات المخاطر التي تم تحديدها باستخدام أدوات كمية متقدمة وتقنيات نوعية متخصصة من أجل تقدير إجمالي المخاطر الكلية المعرض لها المشروع‬-1
2. Analyze risk data produced during the project using statistical analyses and expert judgment in order to determine strengths
and weaknesses of risk strategy and processes and recommend process improvements when indicated.
‫تحليل بيانات المخاطر المنتجة خالل المشروع باستخدام التحليالت اإلحصائية وحكم الخبراء من أجل تحديد نقاط القوة والضعف في استراتيجية المخاطر والعمليات‬-2
‫والتوصية بالتحسينات العملية عند اإلشارة‬
3. Perform specialized risk analysis using advanced tools and techniques in order to support stakeholder decision making.
‫ إجراء تحليل المخاطر المتخصصة باستخدام األدوات والتقنيات المتقدمة من أجل دعم اتخاذ القرار من قبل أصحاب المصلحة للمشروع‬-3
 Knowledge of:
o Advanced risk identification tools and techniques for both threats and opportunities (including force field analysis, scenario
planning, futures thinking, visualization, Delphi groups, and nominal group technique)
o Advanced quantitative risk analysis tools and techniques (including integrated cost/schedule analysis, advanced Monte Carlo
analysis, system dynamics, bowtie analysis, analytical hierarchy process, risk-based earned value analysis, risk-based critical
chain analysis, and multi-factor regression analysis, modeling techniques, advanced risk metric analysis.
o Tools and techniques for identifying and analyzing overall project risk (including risk efficiency index, risk tolerance analysis,
risk reserve analysis, risk metric trend analysis, risk taxonomy, risk connectivity analysis, Monte Carlo analysis against overall
project objectives, project risk surveys, and correlation analysis
o Estimation tools and techniques to support risk decision making (including prioritization, cost-benefit analysis, analogous,
parametric, and bottom-up)

47