CHAPTER 6

IMPLEMENTING RESPONSES AND

MONITORING RISKS
IMPLEMENTING RESPONSES AND MONITORING
RISKS
Implementing Responses and Monitoring
Risks
Introduction Introduction

• Every risk has a risk response plan • the agreed risk responses are executed in
this process.
and an assigned risk owner. This
risk owner will keep watching for
• The owners finalized in Perform Qualitative
risk causes, and once it occurs, Risk Analysis will execute the agreed
they will implement the risk response plans before or after the risk occurs
response plan. based on whether the strategy was to
mitigate/transfer/avoid or accept.

• Implement Risk Responses is

• The project manager would have to influence
the process of implementing risk owners to take actions, particularly if
agreed-upon risk response plans. they are outside the project team.
 Introduction

• The key benefit of this

process is that it ensures that
agreed-upon risk responses
are executed as planned in • This process is performed
order to address overall throughout the project. The
project risk exposure, inputs, tools and techniques,
minimize individual project and outputs of the process
threats, and maximize are:
individual project
opportunities.
Implement risk response
Implementing Responses and Monitoring
Risks
Introduction Introduction

• Proper attention to the Implement Risk • Only if risk owners give the
Responses process will ensure that required level of effort to
agreed-upon risk responses are actually
implementing the agreed-
executed.
upon responses will the
• A common problem with PRM is that
overall risk exposure of the
project teams spend effort in identifying
project and individual threats
and analyzing risks and developing risk and opportunities be
responses, then risk responses are managed proactively
agreed upon and documented in the risk
register and risk report, but no action is
taken to manage the risk.
 IMPLEMENT RISK RESPONSES: INPUTS
Project management plan:

• The RMP lists the roles and • It also specifies risk

responsibilities of project team thresholds for the project
members and other stakeholders for risk based on the risk appetite of
management. key stakeholders, which
define the acceptable target
• This information is used when allocating that the implementation of
owners for agreed-upon risk responses. risk responses is required to
achieve.
• The rmp also defines the level of detail
for the risk management methodology
for the project.
 Project • Risk register: The risk register

documents: records the agreed-upon risk

• Project documents that can be responses for each individual risk
considered as inputs for this process and the nominated owners for each
include but are not limited to: response plan.

• Risk report: The risk report includes

• Lessons learned register:
Lessons learned earlier in the an assessment of the current overall
project risk exposure, as well as the
project with regard to implementing
agreed-upon risk response strategy.
risk responses can be applied to
It also describes the major individual
later phases in the project to
project risks with their planned
improve the effectiveness of this
responses
process.
 Organizational
process assets: Expert judgment
• The organizational process • Expertise should be
assets that can influence the considered from individuals
Implement Risk Responses
process include but are not or groups with specialized
limited to the lessons learned knowledge to validate or
repository from similar modify risk responses if
completed projects that necessary, and decide how
indicate the effectiveness of to implement them in the
particular risk responses.
most efficient and effective
manner.
 IMPLEMENT RISK RESPONSES: TOOLS AND
TECHNIQUES
Interpersonal and team
PROJECT MANAGEMENT
skills INFORMATION SYSTEM (PMIS)

• Interpersonal and team skills • PMIS can include schedule,

that can be used for this resource, and cost software
process include but are not to ensure that agreed-upon
limited to influencing.
risk response plans and their
associated activities are
integrated into the project
• Some risk response actions may alongside other project
be owned by people outside the activities.
immediate project team or who
have other competing demands.
IMPLEMENT RISK RESPONSES: outputs

Change requests Project documents updates

• Implementation of risk responses • Project documents that may

may result in a change request to be updated as a result of
the cost and schedule baselines or
carrying out this process
other components of the project
include but are not limited to:
management plan.
• Issue log: Where issues are

• Change requests are processed for

identified as part of the
review and disposition through the Implement Risk Responses
Perform Integrated Change process, they are recorded in
Control process the issue log.
 Project documents updates Project documents updates

• Lessons learned register: The lessons • Risk register: The risk register may be
learned register is updated with information on updated to reflect any changes to the
challenges encountered when implementing previously agreed-upon risk responses for
risk responses and how they could have been individual project risks that are
avoided, as well as approaches that worked
subsequently made as a result of the
well for implementing risk responses
Implement Risk Responses process.

• Project team assignments: Once the risk

• Risk report: The risk report may be
responses are confirmed, the necessary
resources should be allocated to each action updated to reflect any changes to the
associated with a risk response plan. These previously agreed-upon risk response to
resources include suitably qualified and overall project risk exposure that are
experienced personnel to execute the agreed- subsequently made as a result of the
upon action Implement Risk Responses process.
 MONITOR RISKS Risk Monitoring and
Control
Monitor Risks

• is the process of monitoring the • is concerned with monitoring the

implementation of agreed-upon risk response
plans, tracking identified risks, identifying
status of risks associated with the
and analyzing new risks, and evaluating risk project, monitoring the project
process effectiveness throughout the project. environment, and responding to risks
as they occur.
• The key benefit of this process is that it
enables project decisions to be based on
current information about overall project risk • Risk monitoring and control is about
exposure and individual project risks.
putting the plans into action and
• This process is performed throughout the
examining the results of those plans.
project
 MONITOR RISKS
Risk Monitoring and Control

• This involves the following: o Evaluating risk response

o Tracking and monitoring plans that are put into action

identified risks o Monitoring for risk triggers

o Responding to risks as they o Ensuring that risk policies

occur and procedures are followed

o Monitoring residual and o Ensuring that risk response

secondary risks plans and contingency plans

are appropriate and effective
o Identifying new risks
The inputs, tools and techniques, and outputs of
the process are
Monitor Risks: Inputs Project
Project Management Plan
Documents
Here are the project documents
considered as inputs for the
• The risk management plan is the process.
component that is mainly used as
an input.
• Issue log–this will be used to see

• This will give guidance on how

if there are any open issues that
often risks should be reviewed have been updated which may
which policies and procedures for affect the risk register.
the organization should be followed
when doing the review the roles • Lessons learned register–lessons
and responsibilities of the people
doing the monitoring process
related to risk that were recorded
formats for reporting the results of earlier in the project will be
the process (with risk reports) reviewed to see if they apply to
later phases in the project.
 Monitor Risks: Inputs
Risk register–the key inputs
will include
1. Identified individual project risks • Risk report–include an
2. Risk owners assessment of the current
3. Agreed-upon risk responses overall project risk exposure
4. Specific risk response as well as the agreed-upon
implementation actions risk response strategy, as
5. Control actions for assessing the well as the major individual
effectiveness of the risk response risks with planned responses
plans
and risk owners.
6. Symptoms and warning signs of risk
7. Residual and secondary risks
8. Watch-list of low-priority risks
Monitor Risks: Inputs
Work Performance Data Work Performance Reports

This contains data related to risk Information from performance

such as: measurements can be analyzed
• Risk responses that have been to provide project work
implemented performance information such
• Risks that have occurred as:
• Risks that are active • Variance analysis
• Risks that have been closed out • Scheduled performance index
• Budget at completion
(because the risks associated • Time at completion
with certain project activities • Earned value data
did not occur) • Forecasting data
 Monitor Risks: Tools and Techniques
• Reserve analysis–

Data Analysis • compares the amount of contingency

reserves remaining to the amount of risk
• Technical performance
remaining at any time in the project in
analysis– order to determine if the remaining
• technical performance measures reserve is adequate.
such as weight of the item being
produced, transaction times, • So this is monitoring risk not directly, but

number of delivered defects, indirectly through the contingency

reserves which are used to pay for risk
storage capacity, etc. (depending
responses.
on the type of project) can be
analyzed to see if there is • If risks do not occur, then the contingency
deviation, which can indicate the reserves which were meant to pay for
possible existence of underlying those risks can go back into the “pool” of
risk. reserves and strengthen this ratio.
 Monitor Risks: Tools and Techniques
• The format for the risk audit
Risk Audits needs to be defined in the risk
• Risk audits consider the effectiveness management plan before the
of the risk management process. audit is conducted.

• Although the project manager is • The “quality control” part of

responsible for ensuring that risk
audits are performed, PMI suggests the risk review is reviewing
that risk audit meetings be held the effectiveness of the risk
separately from the risk review responses themselves, and
meetings in order to separate the this is done as part of the risk
“quality control” (focusing on the
results) vs. the “quality assurance”
review meetings.
(focusing on the process) aspects of
risk management.
 Monitor Risks: Tools and Techniques

Meetings
Meetings should discuss the following topics:
• Closing of risks that are outdated (and
• Documenting the effectiveness of risk
return of the contingency funds for the
responses in dealing with overall project
associated risk responses to the
risk and identified individual project risks
overall contingency reserve)
• Identification of new individual project risks
(including secondary risks that arise from
agreed-upon risk responses) • Issues that have arisen as the result of

• Reassessment of current risks (are they are risks that have occurred
any risks on the watch list, for example,
that have increased in either probability • Identification of lessons to be learned
and/or impact such that they now merit a for implementation in ongoing phases
risk response) of the current project.
Monitor Risks: Outputs
Work Performance
Information
• The risk register is reviewed • Any changes in either the
and any changes to the planning or the
previously agreed-upon risk implementation should be
responses for individual made through a change
project risks are noted. request.

• These changes are reviewed

to indicate the effectiveness
of the response planning and
response implementation
processes
 Monitor Risks: Outputs
Change Requests
• These requests are sent to the
• The process of reviewing the risk register
may result in changes to risk response Perform Integrated Change
planning and/or the implementation of Control process in order to make
those risk responses. the decision to accept or reject
them.
• If these changes in turn require changes to
the cost and/or schedule baseline (to
account for the additional cost and/or time • If rejected, they go into the
required to implemented those changed change log with the reasons for
responses), then all of these changes need
the rejection.
to be made through a change request.

• These changes may be made with respect • If they are accepted, then the
to individual project risks or to address the changes are made to the project
current level of overall project risk.
management plan
Monitor Risks: Outputs
Project
Management Plan
Updates • The changed risk responses
• If the change requests themselves will be recorded
mentioned in the last in the risk register.
paragraph are accepted, the
project management plan is
updated accordingly,
especially if the changed risk
responses require changes to
the cost and/or schedule
baseline
 • Lessons learned register–if there
Monitor Risks: Outputs
are lessons learned as a result of
Project Document Updates the risk reviews done in this
process, then these are recorded in
• Assumption log–in the process of the register so that they can be
monitoring risks, new assumptions may used on later phases of the project.
be uncovered, and existing assumptions
may be revisited and changed. The
• Risk register–register changes that
assumption log is updated with this new
might be made as a result of the
information.
Monitor Risks process
• Issue log–issues uncovered in the process
of monitoring risks, usually related not to • Risk report–another important part
the contents of the risks themselves but of the Monitor Risk process is
in the handling of those risks, are letting the shareholders know what
recorded in the issue log. is going on with respect to risk.
Monitor Risks: Outputs
Organizational Process
Assets Updates
The Monitor Risks process • Templates for the risk
may result in changes to the management plan, risk
following organizational register, and risk report
process assets: • Risk breakdown structure
(shows the source of risk on
the project by category)