Risk Management
Shivshanker Shenoy
PMP
www.PMExamSmartNotes.com
Copyright notice
Copyright 2014 by PMExamSmartNotes.com.
All rights reserved.
Feel free to email, tweet, blog, and pass this ebook around the web ... but please dont alter any of its contents when you do. Thanks!
Notice of Liability
The author and publisher have made every effort to ensure the accuracy of the information herein. However, the information contained
in this book is given without warranty, either express or implied. Neither the author nor PMExamSmartNotes.com will be held liable for
any damages to be caused directly or indirectly either by the instructions contained in this book, or by the software or hardware products
described herein.
Acknowledgements
All the images used in this study guide are available under Creative Commons license and credit is mentioned below
individual images.
Trademark Notice
PMI is a registered trademark and service mark of the Project Management Institute, Inc.
PMP and CAPM is a registered certification mark of the Project Management Institute, Inc.
PMBOK is a registered trademark of the Project Management Institute, Inc.
Foreword
Whenever you had to study a 'heavy' book, did you wish for a simpler guide just to get the gist of the subject?
Something like a crash-course guide that you could go through and get a handle on the stuff?
I always thought about and looked for such resources whenever I had to study a new subject (the reason I love
Wikipedia). It was a similar feeling I had when I took up PMBOK guide to study.
And when I was in a position to prepare a short guide, there was no time to waste.
So here is this guide in front of you. The very fact that you have decided to read this would mean that you might be
one of these
(a) seriously preparing for PMP or CAPM exam
(b) performing the duties of a project manager (project practitioner)
(c) simply curious to know about a systematic way of project management
You will not be disappointed.
Even the basic form of the foundation guide came to well over 200 pages, so I decided to split it into modules. One
covering project management basics and one each for the 10 knowledge areas, so you can pick up the one you wish
to understand and run through it easily.
This guide, of course, comes to you free of cost. The only aim of this guide is to provide you with a quick and succinct
account of project management concepts from PMBOK.
For all the details of concepts highlighted in this book, do visit www.PMExamSmartNotes.com blog. It will make your
exam preparation a breeze, I promise!
PS: This study guide is best viewed in 100% (or 1:1) resolution. Zooming out beyond this may slightly blur some of
visual representations.
Before moving to the content, I would like to take a moment to recommend a fast-track study resource I have used, which 1. ...saves you a ton of time on PMP or CAPM exam study
2. ...lets you study anytime, anywhere while traveling, eating, waiting in the queue you get the idea. Learn on PC or on
your smartphone!
3. fulfils the mandatory requirement to appear for the exam: 35hr project management education. This alone is
your return on investment!
4. saves you money as compared to contact classes out there that can cost as much as $2000+!
I am talking about PMPrepCast by Cornelius Fichtner!. You can view couple of sample chapters at Exam Resources section on
the blog. I do get a small commission if you use this link to purchase, but it doesnt increase your purchase price. If you dont
want to give the commission its perfectly fine but I still highly recommend this study resource, and the direct link you can use
is http://www.project-management-prepcast.com.
Thank you in advance, should you decide to invest in this study resource through this link! Click on the image below.
PMExamSmartNotes.com - Fast PMP Exam Preparation for busy Working Professionals!
4
Table of contents
What is Risk? .................................................................................................................................................................................................................................... 8
Risk attitude of organization ...................................................................................................................................................................................................... 9
Planning to manage risk on the project ................................................................................................................................................................................ 11
Identifying project risks
............................................................................................................................................................................................................ 11
............................................................................................................................................................................................................. 14
Risk Management
PMExamSmartNotes.com - Fast PMP Exam Preparation for busy Working Professionals!
Image credit: epSos.de
7
What is risk?
A possibility of change in the expected outcome of a task or event implies a risk. Every activity has an inherent
risk in it. Even walking on the road has its own risks, like getting hit by a truck.
Simplest of the tasks on a project has risks. For instance, as project release gets closer project's software architect
may fall sick, thereby increasing the risk of delivery. Any of scope, cost, schedule and quality of the project may be
affected due to materialization of a risk.
On the day you wanted to buy that project management software, you come across a discount code that saves you
50% on the cost! This is also a risk - although a positive one. Positive risk is called an opportunity.
If risk occurs on a project it may lead to a positive or negative impact on one or more of project objectives.
There are known unknowns and unknown unknowns on a project. What does this
mean?
Known unknowns are identified risks on the project. If you have only one architect working on the project you
know that if he has an emergency there is no one to fill in for him during his absence. Such risks cost you money when
they materialize. This expenditure is covered from contingency reserves.
Unknown unknowns are those risks that you cannot proactively identify. During project execution, your lead
developer may find out that a piece of scope has never been covered in requirements documentation. You cannot
plan for these types of risks. When unknown unknowns occur, their expenditure is covered from management
reserves.
Every organization has some amount or risk tolerance. Degree or tolerance depends on factors such as nature and
complexity of project, extent of rewards in the offering. If you are building a nuclear reactor the amount of risk
tolerance would be much lower, whereas you may exhibit more risk tolerance for a software product that is looking to
time the market.
Planning to management
This project management activity is a to
create a plan that identifies methods of
managing risks, assigns responsibilities for
people who handle risks, outlines risk
budget, defines risk categories, and identifies
probability and impact matrix.
This project management activity creates a
plan that identifies methods of identifying
risks, assigns responsibilities to people to
handle them, outlines risk budget, defines
risk categories, and identifies probability and
impact matrix and overall risk management.
As a planning activity this is carried out after
most of the other planning exercises are
completed - such as scope, cost, schedule
and communication. Why? Simply because
of these need to be studied in order to
assess risks inherent in them.
all
Image credit: Jscreationzs / FreeDigitalPhotos.net
this process. Only caution to be exercised is to keep things in the realm of practicality.
Who identifies risks?
It could be the same team that worked on risk planning. Or it can be the team and few more people that know about
the project and/or have experience working with similar project. Some organizations have risk management experts
to help project teams identify risks.
Involving the team increases a sense of ownership in
them. Also, when team actively thinks about risks they
develop a mental frame that helps them deal with the
risks in case they materialize.
You identified all possible risks on the project in Identify Risks process. Next logical step is to prioritize them, so that
high priority ones are addressed first. Prioritization is done based on probability of occurrence and impact on
project objectives if and when they materialize.
Since this analysis is qualitative in nature, to some extent subjective,
this can be done with relative ease. Once prioritized, this list then forms
a basis for performing quantitative risk analysis.
Planning risk
responses
This is the project management activity for developing
actions to enhance opportunities and reduce threats
to project objectives posed by risks.
Once risks are identified and prioritized, the next step
is to plan for possible responses for each of them.
Kathy from Landscaping project should think about,
what if there is torrential downpour on the day
jogging tracks are being fixed?
what if a large amount of exotic plant saplings die
within first 2 weeks due to unfavorable soil or
weather condition?
what if the lone designer on the team quits halfway through the project?
In this project management activity you think of ways to reduce threats and enhance opportunities to project
objectives.
Where do we start?
The risk register, of course. That is where all risks are listed. We also look at the risk management plan, which talks
about methods of managing risks, responsibilities for people who handle risks, outlines risk budget, defines risk
categories, and identifies probability and impact matrix.
Avoid - change project plan, adjust one or more project objectives such as reducing scope or changing schedule
to avoid a risk.
For our example, this would mean not driving a car at all.
Transfer - transfer some or all of the risk, and ownership of response to a third party.
This comes at a premium however. If it is a work that a third party vendor has expertise in, it is wise to sign a
contract and transfer the responsibility and risk of the work.
For our example, this would amount to taking an insurance. In case of an accident, at least financial losses will be
covered.
Mitigate - is about reducing the probability of risk by taking certain actions in advance. It could be measures like
adding more tests around the hi-risk areas, making simpler designs, reducing complexity of components, having
development checklists, or assigning best resources for developing risky modules/parts.
For our example, regularly servicing the car, learning the traffic rules and driving etiquette, not consuming alcohol while
driving :-) and driving within prescribed speed limits would help mitigating the likelihood of accident to some extent.
Accept - at times there is nothing one can do to avoid risk and project management team decides to deal with it if
and when it occurs. Passive acceptance would be doing nothing about it at all. Active acceptance would be
allocating specific contingency cost, schedule, resource budget for such risks.
For our example, this would be just not doing anything about it. Drive without a worry in the world. If it happens, driver's
driving instincts may save the day. Wear seat-belts.
A friend tells you about a piece of real estate available for purchase near an upcoming airport project. The total amount to
be invested is out of your reach. If you get to invest in it, the price is expected to be doubled every year for next 3-4 years and
it makes for a great investment opportunity right now.
What would you do?
Exploit - plan in such a way that you remove all uncertainties and make sure that this risk happens for sure.
Example of exploiting a risk on project could be creating vacancy for getting that star performer who is just
coming out of another project.
For our example, take all your savings even take up a loan if necessary. Go for the investment.
Share - share with a third party and get some of the benefits of this opportunity.
For our example, team up with the friend who can invest partially and two of you together buy that piece of land.
Enhance - doing all that is possible to increase likelihood of this risk materialization.
For our example, go for aggressive bargain, if possible offer all-cash-deal to get it.
Accept - just like one of the responses for negative risk, this is just not doing anything actively to pursue the
opportunity but being prepared to take the benefit if it materializes.
Then you went ahead and identified very specific risks - actual risks, residual risks and secondary risks. And then you
meticulously planned for dealing with each of them in Plan Risk Responses process.
Residual risks are the smaller risks remaining even after identifying responses for bigger risks.
Secondary risks are the new risks that come up due to responses planned to manage risks.
All of this effort is like preparing for the battle. The true usefulness of it is determined in the way we monitor and
control risks through the duration of project.
It is almost impossible to think about all of the risks upfront during planning stage itself. Environments change,
stakeholders change, and even requirements change as project progresses. This leads to changes in the risks, their
nature and planned responses.
This is a project management activity to look out for identified, residual and secondary risks, identify any new risks, to
take quick corrective action when any risks materialize, to plan for further preventive actions when you identify a
trend of a new risk, and to measure effectiveness of risk responses.
Download FREE eBooks for other Knowledge Areas from the blog!
About Shiv
Shiv Shenoy has worked over 15 years in technical, management and mentoring roles for
Software Services and Product Development companies in Enterprise, Web and Mobile
domains. He has helped several start-ups to conceptualize product idea, build prototype and
take it to the market with version 1.0 and beyond. He mentors professionals on project-,
product- and technology management.
Shiv is a passionate techno-manager, blogger, mentor, photography enthusiast and painter.
Shiv helps working professional that are hard pressed for time sail through PMP and CAPM
project management certification courses, by turning his own exam notes into easily
understandable, scientifically prepared, and simplified content that he publishes on the blog
PMExamSmartNotes.com