Скачать презентацию Risk Management This material is based on the Скачать презентацию Risk Management This material is based on the

9107d1d2dfe5b7d4d72fce039ad7a3fb.ppt

  • Количество слайдов: 131

Risk Management This material is based on the Fifth Edition of the Guide to Risk Management This material is based on the Fifth Edition of the Guide to the Project Management Body of Knowledge (PMBOK® Guide*) published by the Project Management Institute (PMI*) in 2013. *PMI and PMBOK are registered marks of Project Management Institute, Inc. 1

CONTENTS n n n n Module 1: Risk Management: An Overview Module 2: Project CONTENTS n n n n Module 1: Risk Management: An Overview Module 2: Project Risk Management Module 3: Identifying Project Risks Module 4: Analyzing Project Risks Module 5: Planning Risk Responses Module 6: Monitoring and Controlling Risks Appendix: Some PMP-Style Questions 2

MODULE 1 Risk Management: An Overview 3 MODULE 1 Risk Management: An Overview 3

Decisions Under Uncertainty n n Management seeks to make formal judgments and take actions Decisions Under Uncertainty n n Management seeks to make formal judgments and take actions that lead to successful projects If all necessary information is available, decision-making can be done in a predictable and confident manner by experienced managers In reality, most decisions must be taken with incomplete information Hence outcomes of most decisions will have some inherent uncertainty 4

Projects Intrinsically Involve … n n n Desire to achieve something new Attempt to Projects Intrinsically Involve … n n n Desire to achieve something new Attempt to capitalize on an opportunity Willingness to venture into the unknown In two words … Uncertainty and Risk ? Risk in itself is not bad; risk is essential to progress, and failure is often a key part of learning. But we must learn to balance the possible negative consequences of risk against the potential benefits of its associated opportunity. ? Risk adverse people should NOT be project managers ? If we are risk adverse we can loose competitive edge 5

Project Risk Defined (cont’d) Project risk is a possible future event that will lead Project Risk Defined (cont’d) Project risk is a possible future event that will lead to an undesirable outcome. A risk is a problem that has yet to occur. A problem is a risk that has already materialized. T. De. Marco and T. Lister Waltzing with Bears Project risk is the cumulative effect of the chances of uncertain occurrences adversely affecting the project objectives. R. Max Wideman Project and Program Risk Management

Project Risk Management: Definition Project risk management includes the processes of conducting risk management Project Risk Management: Definition Project risk management includes the processes of conducting risk management planning, identification, analysis, response planning, and controlling risk on a project. The objectives of Project risk management are to increase the likelihood and impact of positive events, and decrease the likelihood and impact of negative events in the project. PMBOK® Guide, 5 th Edition. 7

Goals of Risk Management … n n Identify potential risk events q What things Goals of Risk Management … n n Identify potential risk events q What things might go wrong? q What things are likely to change? Avoid risks where possible q Can we avoid altogether some things that might go wrong? q Can we stabilize dynamic risk factors? Balance risk avoidance to retain opportunities q What risks are necessary to achieve success? q Mitigate these necessary risks. Make a risk management plan 8

Risk Management is… n n A software engineering practice with processes, methods, and tools Risk Management is… n n A software engineering practice with processes, methods, and tools for managing risks in a project It provides a disciplined environment for proactive decisionmaking to: q q q Assess continuously what can go wrong (risks) Determine what risks are important to deal with Implement strategies to deal with those risk Software Engineering Institute (SEI) Carnegie-Mellon University 9

We Can Plan for Risk, Employing Assessment. . . n n Identify factors that We Can Plan for Risk, Employing Assessment. . . n n Identify factors that are likely to impact the triple constraints of Quality, Time, and Cost Avoid risk factors altogether if possible Quantify the likely impact of each residual risk factor (those factors we can’t avoid) Prioritize the residual risk factors 10

We Can Plan for Risk, Employing Strategies. . . n n n Establish a We Can Plan for Risk, Employing Strategies. . . n n n Establish a baseline of project risks Track risks and update the baseline throughout the project Mitigate impacts by exercising influence over project factors you can control q Reduce chances of risk events occurring q Reduce impact of risk events if they do occur 11

Exercise#1 Let’s look at the online book store project from a prior lecture described Exercise#1 Let’s look at the online book store project from a prior lecture described on the next slide: 1) 2) 3) 4) 5) Identify some risk factors (uncertainties) that are likely to impact the triple constraints of Quality, Time, and Cost for this project Which of these risk factors can be avoided altogether? Would avoiding any of these impact the project’s chance of success? Of the risk factors you cannot avoid, which would you classify as factors that are essentially out of your control? What strategies can you identify that might exercise some influence over the remaining (presumably “controllable”) risk factors? 12

You work for a website design firm and a potential client has contacted your You work for a website design firm and a potential client has contacted your company with the following possible project. The client, named Diane, is the co-owner and overall manager of a local book store (with coffee shop). Diane is feeling the need to offer an “online” presence in the face of the intense competition the store is getting from Barnes and Noble, Amazon, Books-a-Million, etc. Her initial thoughts are to build a website to attract new customers and keep the loyalty of her current customers. You’ve been asked to investigate (as the likely project manager) a project for creating a system that will win this client’s business. Diane and her management team have suggested the following features, but they are open to explore others: 1. Customers will be able to buy books in the store’s inventory online – for delivery via post or for store pickup. 2. Customers will be able to order books not in inventory. 3. Customers will be able to access the shop’s schedule of book signings, readings, and other promotional offers. 4. The site should push email to “registered” customers offering them incentives to visit the store (coupons, private readings, coffee shop specials, etc. ). 5. Customers can sign up online for two different levels of loyal customer memberships (depending on the amount of purchases they made during the previous year – the site should be able to look up their buying records). 6. For this activity assume we are concerned about a competitor book store who we suspect is also planning an online presence. 13

Crisis Management n n n Crisis management is reactive q My project leader has Crisis Management n n n Crisis management is reactive q My project leader has suddenly left the company, what do I do? q My customer’s business requirements have suddenly shifted because of a new regulatory statute, what now? q Customers are upset with the new graphical interface implemented in our new release of a standard software package. Can it be changed quickly? Crisis management is not risk management Indeed, reducing the need for crisis management is one of the main reasons you employ risk management 14

Risk Management is Pro-Active n n Pro-active risk management helps you avoid reactive crisis Risk Management is Pro-Active n n Pro-active risk management helps you avoid reactive crisis management mode Pro-active approach asks these questions before a risk becomes a problem: q Can the risk be avoided by choosing a different alternative? q Should the risk be taken at all? n Do benefits and chances of success outweigh potential damage if success is not attained? n Can the project proceed without assuming the risk? q What are the chances the risk event will occur? q What are the consequences if it does? q What can we do to minimize the impact if it does? 15

Integrating Risk Management n n Risk management is not a “one and out” process Integrating Risk Management n n Risk management is not a “one and out” process It should occur regularly throughout the project It should be monitored and adjusted just like any other element of the project plan The SEI (Software Engineering Institute) risk management model depicted here illustrates the iterative nature of risk management Start From the SEI Web site 16

Integrating Risk Management (cont’d) n n The diagram illustrates a set of processes that Integrating Risk Management (cont’d) n n The diagram illustrates a set of processes that are performed through the life cycle of a project. Each risk nominally goes through these processes sequentially, but the activity occurs continuously Risks are tracked in parallel while new risks are identified analyzed The whole process is applied iteratively throughout the project life cycle 17

Exercise #2 Denver International Airport Case Study Read the document on this (handout) Here Exercise #2 Denver International Airport Case Study Read the document on this (handout) Here are some key facts about the case: n n n Project started in 1988 with a scheduled 1993 completion date Project was several years late Cost overruns totaled almost a half of billion dollars Blame was placed on software – specifically, the schedule overrun of the $193 million automated baggage handling system (ABHS) To get the airport open in 1995, $51 million was spent to retrofit a conventional baggage system as a temporary workaround to ABHS 18

Exercise#2 Denver International Airport Case Study (cont’d) After reading and discussing within your team Exercise#2 Denver International Airport Case Study (cont’d) After reading and discussing within your team the information given about the case, respond the following: 1) 2) 3) 4) 5) Was software complexity and/or a poor software development process the only “culprits” in the DIA fiasco? How would you assess the risk management process in the DIA project? What mitigating plans and strategies might have been implemented if a good risk management plan had been in place? Can you estimate (ballpark) what some of these might have cost? Who dropped the ball? BAE? Others? 19

Denver International Airport – An Analysis De. Marco and Lister have analyzed the Denver Denver International Airport – An Analysis De. Marco and Lister have analyzed the Denver Airport case from a risk management perspective. They asked the following questions and infer the answers given (adapted from Waltzing with Bears). As we consider these, see if you can draw parallels from troubled projects you have been involved in. q q q Why couldn’t the airport open without the automated baggagehandling software (ABHS)? n Because ABHS was on the critical path for the project Why was ABHS on the critical path? n No other way to move baggage and the airport can’t function without baggage handling Are there other ways to move baggage? n Yes, almost all airports use other methods 20

Denver International Airport - Analysis (cont’d) q q q When ABHS wasn’t ready, could Denver International Airport - Analysis (cont’d) q q q When ABHS wasn’t ready, could the airport have opened with an alternative baggage handling system? n The tunnels serving ABHS were too low for people and couldn’t accommodate carts Couldn’t the tunnels have been redesigned? n When it was discovered that ABHS was going to be late, it was judged that the time to redesign the tunnels would be longer than to fix the software Couldn’t the revamping of the tunnels have started earlier? n Yes, but this wasn’t thought necessary and would have been judged a waste of resources 21

Denver International Airport - Analysis (cont’d) q q Wasn’t the potential lateness of the Denver International Airport - Analysis (cont’d) q q Wasn’t the potential lateness of the ABHS seen as a project risk? n Only after it happened Haven’t software projects been late before? n Once in a great while Were there any projects similar to ABHS in existence? n Yes, a very similar system was implemented at Franz Josef Strauss Airport in Munich Did the DIA team visit Munich? n Yes, the Munich software team advised that they had allowed 2 full years for testing and 6 months of 24 -hour operation to tune the system before it was put into full live production 22

Denver International Airport - Analysis (cont’d) q q Did DIA management follow the Munich Denver International Airport - Analysis (cont’d) q q Did DIA management follow the Munich team’s advice? n There was no time for this kind of extensive testing Did the software team give sufficient warning that the ABHS might be late? n When the ABHS was first put out to bid, no one was willing to submit a bid for the scheduled delivery date n BAE Automated Systems finally took on the project on a best-efforts basis n During the project BAE asserted early and often that the delivery date was in jeopardy 23

Risk Management: The Benefits n n n n It increases the chances for a Risk Management: The Benefits n n n n It increases the chances for a project to succeed (the primary benefit) It enables more aggressive risk-taking It focuses attention where it is needed most It places limits on project uncertainty It can provide the most cost-effective protection against contingencies It decreases the chances of operating in crisis management mode It helps avoid “big surprises” for project stakeholders 24

Risk Management: Some Cautions n n n For risk management to be practiced effectively, Risk Management: Some Cautions n n n For risk management to be practiced effectively, you must have buy-in from stakeholders An organization must create a culture that views risk identification appropriately Identifying and analyzing risks must be balanced against opportunities that the risks enable Over-emphasis on a “can-do” attitude can be detrimental to honest risk assessment and analysis Positive thinking and reasonable caution/care need to be balanced Photo Benjamin Earwicker 25

Group Exercise On the following slides are some comments that are common from developers Group Exercise On the following slides are some comments that are common from developers and/or managers concerning risk identification, assessment, and management For each of these statements, respond to the following questions: 1. Does the statement have validity in general? 2. How would you respond if you heard this from a member of your team? 26

Group Exercise (cont’d) Statement 1: If we lay out all the risks in this Group Exercise (cont’d) Statement 1: If we lay out all the risks in this project, our customer will run for the hills. We’ll need to be real careful which of these, if any, we discuss with them. Recall our questions: • Valid in general? • How would you respond? 27

Group Exercise (cont’d) Statement 2: I know there is a lot of uncertainty here, Group Exercise (cont’d) Statement 2: I know there is a lot of uncertainty here, but if I cite a range this large for a completion date, I’ll guarantee you the project will come in -- at the earliest -- on the far end of the range. Anyway, my manager will never accept such an estimate. Recall our questions: • Valid in general? • How would you respond? 28

Group Exercise (cont’d) Statement 3: We don’t do risk management per se, but we Group Exercise (cont’d) Statement 3: We don’t do risk management per se, but we do keep an eye on risks and make sure they don’t end up biting the project. Recall our questions: • Valid in general? • How would you respond? 29

Group Exercise (cont’d) Statement 4: There are way too many uncertainties with this project Group Exercise (cont’d) Statement 4: There are way too many uncertainties with this project in its current state. It makes absolutely no sense to do a risk assessment – we’d just have to change it all later. I think we should move ahead and begin the project and when we have more information, we can start assessing some of the risks more seriously. Recall our questions: • Valid in general? • How would you respond? 30

Group Exercise (cont’d) Statement 5: It’ll be easier to get forgiveness if we miss Group Exercise (cont’d) Statement 5: It’ll be easier to get forgiveness if we miss the delivery date a bit, than to fight the battle up front to get an extension on the date. Anyway, most of these risk events we’re worrying about probably won’t come about and it won’t be an issue. Recall our questions: • Valid in general? • How would you respond? 31

MODULE 2 Project Risk Management 32 MODULE 2 Project Risk Management 32

Risk Tolerance and Thresholds Organizations perceive risk as the effect of uncertainty on their Risk Tolerance and Thresholds Organizations perceive risk as the effect of uncertainty on their project and organizational objectives. Organizations and stakeholders are willing to accept varying degrees of risk. This is called risk tolerance. Risks that are threats to the project may be accepted if the risks are within tolerances and are in balance with the rewards that may be gained by taking the risk. For example, adopting a fast-track schedule (doing some activities in parallel that were not originally planned to be done in parallel) is a risk that might be deemed acceptable in some cases order to achieve the reward created by an earlier completion date. Risk thresholds are at the upper end of an organization’s risk tolerance in terms of uncertainty and/or impact. When a risk exceeds (or crosses) the risk threshold in its likelihood and/or potential impact, it should be placed on the risk register and managed. 33

Risk Management is Pro-Active To be successful, the organization should be committed to address Risk Management is Pro-Active To be successful, the organization should be committed to address risk management proactively and consistently throughout the project. A conscious choice must be made at all levels of the organization to actively identify and pursue effective risk management during the life of a project. 34

The Six Risk Management Processes 1. 2. 3. 4. 5. 6. Plan Risk Management The Six Risk Management Processes 1. 2. 3. 4. 5. 6. Plan Risk Management Identify Risks Perform Qualitative Risk Analysis Perform Quantitative Risk Analysis Plan Risk Responses Control Risks These processes can overlap and interact. The first five of these are in the Planning Process Group, the sixth is in the Monitoring/Controlling Group PMBOK® Guide, 5 th Edition. 35

Knowledge Areas Integration Management Project Management Process Groups Initiating • Develop Project Charter Planning Knowledge Areas Integration Management Project Management Process Groups Initiating • Develop Project Charter Planning • Develop Project Management Plan • • • • Scope Management Time Management Cost Management Quality Management Executing • Direct and Manage Project Work Plan Scope Management Collect Requirements Define Scope Create WBS Plan Schedule Management Define Activities Sequence Activities Estimate Activity Resources Estimate Activity Durations Develop Schedule Plan Cost Management Estimate Costs Determine Budget • Plan Quality Management Human Resource Management • Plan Human Resource Management Communications Management • Plan Communications Management Monitoring/Controlling Closing • Monitor and Control Project Work • Perform Integrated Change Control • Validate Scope • Control Schedule • Perform Quality Assurance • Acquire Project Team • Develop Project Team • Manage Communications • Control Quality Our Focus In this Class • Control Communications Risk Management Procurement Management • Plan Procurement Management • Conduct Procurements • Control Procurements • Plan Stakeholder Management • Manage Stakeholder Engagement • Control Stakeholder Engagement • Identify Stakeholders Adapted from 5 th Ed. PMBOK® Guide • Control Costs • • • Stakeholder Management • Close Project or Phase • Control Risks Plan Risk Management Identify Risks Quantitative Risk Analysis Qualitative Risk Analysis Plan Risk Responses • Close Procurements

1. Plan Risk Management n n n Risk management planning is necessary to provide 1. Plan Risk Management n n n Risk management planning is necessary to provide sufficient resources and time for proactive risk management activities during the project The Plan Risk Management process should begin as soon as the project is started and be completed as early as possible during project planning However, the overall process of risk management will continue throughout the project 37

Plan Risk Management: Inputs n Project management plan q q q n Project charter Plan Risk Management: Inputs n Project management plan q q q n Project charter q q q n n High-level risks High-level requirements Assumptions and constraints Stakeholder register Enterprise environmental factors q q n Scope baseline Cost baseline Schedule baseline Organizational attitudes toward risk Tolerances for risk Organizational process assets such as risk categories, risk statement formats, risk templates, lessons learned 38

Plan Risk Management: Tools and Techniques n n Analytical techniques such as stakeholder analysis, Plan Risk Management: Tools and Techniques n n Analytical techniques such as stakeholder analysis, strategic risk scoring sheets Expert judgment q q n Senior management Project stakeholders (including team members) SMEs Consultants Meetings 39

Plan Risk Management: Output n Risk management plan q q q q Methodologies to Plan Risk Management: Output n Risk management plan q q q q Methodologies to be used Roles and responsibilities Budgeting and timing Risk categories Definitions of qualitative risk probabilities and impact Probability and impact matrix Reporting formats Tracking mechanism 40

MODULE 3 Identifying Project Risks 41 MODULE 3 Identifying Project Risks 41

Risk Management -- the Essential Elements Plan Risk Management Risk Assessment identification analysis prioritization Risk Management -- the Essential Elements Plan Risk Management Risk Assessment identification analysis prioritization list risk events Risk Responses strategies & planning based on analysis and prioritization Probability of risk event Impact of risk of event 42

2. Identify Risks: Inputs Identifying risks is an iterative process because new risks may 2. Identify Risks: Inputs Identifying risks is an iterative process because new risks may evolve as the project progresses n n n n Risk management plan Human resource plan Scope baseline Cost baseline Schedule baseline Stakeholder register Enterprise environmental factors Benchmarking q Industry studies q Risk attitudes Organizational process assets q Project files and historical data q Risk statement formats or templates q Lessons learned q n 43

Identifying Potential Risk – Goals n n Increase our understanding of the project Identify Identifying Potential Risk – Goals n n Increase our understanding of the project Identify viable alternatives for project activities and outcomes Ensure that uncertainty and risk are thoroughly considered in a structured and systematic way Establish possible impacts of the risks and uncertainties identified on other aspects of the project (these are called 2 nd order effects) 44

Identifying Potential Risk – Benefits n n n Better information is available for project Identifying Potential Risk – Benefits n n n Better information is available for project planning A different perspective on project objectives Improved communications among team members – especially early in the project More confidence in the project plan and projections Documented support for project contingencies and a plan for their implementation Reduced likelihood of disruptive project events (even if these occur, they will not be as disruptive since they were planned for) 45

Factors to Consider in Identifying Risk n n Avoid: q Unwarranted Optimism q Unwarranted Factors to Consider in Identifying Risk n n Avoid: q Unwarranted Optimism q Unwarranted Pessimism q Ignorance (when appropriate information could be obtained) q Undue self-interest Ask: q Has something like this been done before? q If so, how close is the analogy q Who has experience with this? q Are there alternative opinions/solutions/processes I should explore? 46

2. Identify Risks: Tools and Techniques n n Documentation review Information gathering q q 2. Identify Risks: Tools and Techniques n n Documentation review Information gathering q q n n n Checklist analysis (based on historical data) Assumptions analysis (assumptions can lead to risks) Diagramming techniques q q q n n Brainstorming Delphi technique (consensus of experts) Interviewing Root cause analysis (fishbone diagrams) Cause and effects diagrams System or process flow charts Influence diagrams, showing casual influences, time ordering of events, etc. SWOT analysis (strengths, weaknesses, opportunities, threats) Expert judgment 47

Tools for Identifying Risks (cont’d) n n n Utilize your team Brainstorm about what Tools for Identifying Risks (cont’d) n n n Utilize your team Brainstorm about what could go wrong and why/how Review lessons-learned archives if available Consult with others who have done similar work or projects Use the Delphi technique (ask several experts to assess risks and consolidate this information to help evaluate possible risks) While the project leader/manager must facilitate, remember that two (or more) heads are better than one! 48

Some Potential Sources of Risk Project Management Integration Scope expectations, requirements, feasibility requirements, standards Some Potential Sources of Risk Project Management Integration Scope expectations, requirements, feasibility requirements, standards Quality schedule, constraints Time life cycle and environment variables Project Risk budget, constraints Cost Communications issues, data, accuracy availability, productivity Human Resources services, materials, performance Contracts Procurement Adapted from C. Quaife and R. Max Wideman 49

Potential Sources of Risk – Scope n n Initial q Inadequate planning q Not Potential Sources of Risk – Scope n n Initial q Inadequate planning q Not enough lead time for planning q Poor definition of scope q Inconsistent or incomplete scope documents q Unclear definition of quality and performance components of project q Inadequate user involvement q Lack of user sign-off and buy-in Ongoing q Changes in project requirements n Unanticipated events n Regulatory issues n Poor initial definition of requirements q Inadequate change control process – scope creep Photo by Dale Eurenius Dingle - Ireland 50

Potential Sources of Risk – Quality n n n Poor baseline requirements Inadequate design Potential Sources of Risk – Quality n n n Poor baseline requirements Inadequate design Sloppy attitude toward quality Inadequate quality assurance techniques Lack of accountability Photo by Nancy Brown 51

Potential Sources of Risk – Time & Cost n n n n Estimating errors Potential Sources of Risk – Time & Cost n n n n Estimating errors Inadequate or inaccurate work breakdown structure Changes in resource availability Poor allocation and management of float Scope not properly understood Inadequate change control process Substandard productivity External events that impact schedule and cost 52

Potential Sources of Risk – Contracts n n n Contractor insolvency Poor contractor performance Potential Sources of Risk – Contracts n n n Contractor insolvency Poor contractor performance Unenforceable clauses Adversarial relationships Inadequate assignment and distribution of risk 53

Potential Sources of Risk – Human Resources n n Resource availability Changes in personnel Potential Sources of Risk – Human Resources n n Resource availability Changes in personnel (terminations, reassignments, etc. ) Productivity of project team Lack of strong project leadership q Conflict poorly managed q Team unmotivated q Lack of accountability q Poor project organization 54

Potential Sources of Risk – Communication n n n Lack of adequate customer consultation Potential Sources of Risk – Communication n n n Lack of adequate customer consultation Incorrect information Unwarranted assumptions Improper resolution of issues Unresolved issues Ill-considered sign-offs Lack of appropriate participation by stakeholders 55

Exercise#3 Recall the earlier case study for the online book store. Within your assigned Exercise#3 Recall the earlier case study for the online book store. Within your assigned team, discuss the major risks we identified for the case study and try to relate them to one or more of the major sources of risk we just discussed: • • • Scope Quality Time & cost Contracts Human resources Communications 56

Risks Can Be Driven by Project Characteristics n n n Project scope Project deliverables Risks Can Be Driven by Project Characteristics n n n Project scope Project deliverables q Phased delivery? q Prioritized components/features? q Mandated delivery date? q Mandated specific features? Project objectives q Maximize short-term return on investment? q Lay ground work for future returns? q Minimize cost and financial risk? q Premium on reliability of product? q Is security a central objective? q Are flexibility and reuse paramount? 57

Group Exercise #2 1) Contrast risk identification issues for two projects having: § phased Group Exercise #2 1) Contrast risk identification issues for two projects having: § phased delivery § a mandated delivery date 2) Contrast risk identification issues for two projects with objectives of: § maximizing short-term return on investment § laying ground work for future returns 3) Contrast risk identification issues for two projects with: § a main objective of minimizing cost and financial risk § a premium on the reliability of product 4) Identify some risk issues that might be escalated in importance in a project where flexibility and reuse of the product are paramount 58

2. Identify Risks: Output n Risk register q q List of identified risks n 2. Identify Risks: Output n Risk register q q List of identified risks n Give cause if known n Estimated impact if possible List of potential responses 59

MODULE 4 Analyzing Project Risks 60 MODULE 4 Analyzing Project Risks 60

Risk Management – Elements Recalled Plan Risk Management Risk Assessment identification Risk Response analysis Risk Management – Elements Recalled Plan Risk Management Risk Assessment identification Risk Response analysis prioritization list risk events strategies & planning based on analysis and prioritization Probability of risk event Impact of risk of event 61

3. Perform Qualitative Risk Analysis n n n Inputs q Risk register q Scope 3. Perform Qualitative Risk Analysis n n n Inputs q Risk register q Scope baseline q Risk management plan Tools and Techniques q Risk probability and impact assessment q Probability and impact matrix q Risk data quality assessment q Risk categorization q Risk urgency assessment q Expert judgment Output – Update Risk Register q Relative ranking or priority of project risks q List of risks requiring near-term attention q List of risks for additional analysis and response q Watch list of low-priority risks 62

Qualitative Risk Assessment n n n The two most important characteristics of a risk Qualitative Risk Assessment n n n The two most important characteristics of a risk event are its likelihood (probability) of occurring and its impact if it does occur Sometimes it is very difficult to make confident estimates of probabilities and impacts associated with risk events In these cases, a qualitative assessment of these two factors may make more sense Ranking each of the two factors (low-high, low-medium-high, or similar) in a two dimensional table will still provide a basis for prioritizing risks Prioritization is crucial to planning and creating risk management strategies 63

Qualitative Risk Assessment High LH HH Low LL HL Probability Low High Impact 64 Qualitative Risk Assessment High LH HH Low LL HL Probability Low High Impact 64

Question: Prioritizing Using Qualitative Assessments How would you prioritize risk events based on assessments Question: Prioritizing Using Qualitative Assessments How would you prioritize risk events based on assessments done using the chart on the previous slide? High impact Low probability HH HL LH LL or HH LH HL LL Low impact High probability 65

Example: BCBS Commercial PMO Probability Assignments: q q q Highly Probable (HP) n Evidence Example: BCBS Commercial PMO Probability Assignments: q q q Highly Probable (HP) n Evidence strong enough to establish presumption but not proof. Moderately Possible (MP) n Within the limits of ability, capacity, or realization Possible (P) n May or may not occur Unlikely (U) n Doubtful, dubious, or questionable. Highly Unlikely (HU) n Very low chance or occurring 66

Example: BCBS Commercial PMO (cont’d) Impact Assignments: q q q Catastrophic (C) n A Example: BCBS Commercial PMO (cont’d) Impact Assignments: q q q Catastrophic (C) n A momentous tragic event Severe (S) n Inflicting discomfort or hardship Medium (Med) n Midway between the extremes Moderate (Mod) n Limited in scope and effect; low to reasonable price. Insignificant (I) n Inconsequential; unimportant; lacking weight of influence. 67

Example: BCBS Commercial PMO (cont’d) Prioritization (using a hybrid qualitative/quantitative method): Adapted from Guide Example: BCBS Commercial PMO (cont’d) Prioritization (using a hybrid qualitative/quantitative method): Adapted from Guide to the Project Management Body of Knowledge (PMBOK® Guide), 5 th Edition. 68

Exercise #4 Consider again the case study for the book store that we have Exercise #4 Consider again the case study for the book store that we have worked on. 1) 2) 3) 4) 5) 6) Recall the risk factors that your team identified for this project in Exercise #1. Do a qualitative risk assessment on each of these. Prioritize these risk factors based on your assessment. Is there additional information that would make you more confident about your analysis? If so, identify it. Will this information become available during the project? If so, what do you conclude about the process of risk assessment? 69

3. Perform Quantitative Risk Analysis n n n Inputs Sometimes performed on risks as 3. Perform Quantitative Risk Analysis n n n Inputs Sometimes performed on risks as q Risk register prioritized by the Perform q Scope baseline Qualitative Risk Analysis process q Risk management plan Tools and Techniques q Data gathering n Interviewing n Probability distributions q Quantitative Risk Analysis and Modeling Techniques n Sensitivity analysis n Expected monetary value analysis n Modeling and simulation (e. g. Monte Carlo) n Decision trees (next slide) q Expert judgment Output -- updated risk register q Probabilistic analysis (exposure) of the project risks q Prioritized list of quantified risks 70

Using Tree Plan 71 Using Tree Plan 71

Quantifying Risk n n n For each risk event we’d like to estimate two Quantifying Risk n n n For each risk event we’d like to estimate two factors Probability (Likelihood) q What are the chances the event will occur? Impact q What is the cost to the project if it does occur? Together, these allow us to compute our exposure for the risk event Exposure allows us to compare risk events for prioritization 72

Risk Event Exposure = Probability x Cost § Note that the exposure is never Risk Event Exposure = Probability x Cost § Note that the exposure is never the actual cost incurred. If the risk event occurs, the total impact is absorbed; if it doesn’t occur, there is no impact. § The exposure is a measure of what to expect “on the average. ” It is useful primarily for assessing the potential cost of an aggregate of risk events. § Note that the exposure is sometimes referred to as the expected monetary value and analysis using this concept is called expected monetary value analysis (EMV) 73

Risk Exposure: An Example n n Suppose the risk event we’re considering is that Risk Exposure: An Example n n Suppose the risk event we’re considering is that we miss a delivery deadline We estimate the probability that this will occur to be 25% Suppose further that our assessment of what missing the delivery deadline will cost us is $50, 000 The exposure is then =. 25 X 50, 000 = $12, 500 74

Risk Exposure: An Example (cont’d) n Will this risk event ever cost us the Risk Exposure: An Example (cont’d) n Will this risk event ever cost us the exposure of $12, 500? No. q The cost will be $0 if we deliver on time q The cost will be $50, 000 if we miss the deadline Doesn’t Occur: Cost = $0 Risk Event Single Project Does Occur: Cost = $50, 000 One or the Other Will Happen 75

Risk Exposure: An Example (cont’d) Exposure represents “average” behavior “Average” Behavior: Event Will Occur Risk Exposure: An Example (cont’d) Exposure represents “average” behavior “Average” Behavior: Event Will Occur 1 in 4 Times Risk Event Doesn’t Occur: Cost = $0 First Project Risk Event Doesn’t Occur: Cost = $0 Second Project Risk Event Doesn’t Occur: Cost = $0 Third Project Risk Event Fourth Project Total Cost = $50, 000 Averaged Over 4 Projects = $50, 000/4 = $12, 500 = Exposure Does Occur: Cost = $50, 000 76

Aggregate Risk Exposure: An Example n n Suppose now that we have identified 2 Aggregate Risk Exposure: An Example n n Suppose now that we have identified 2 main risk events for our project. Suppose further that we estimate that these events have the following characteristics: q Event A has 20% probability and $50, 000 cost if the event occurs q Event B has 40% probability and $100, 000 cost if the event occurs So our exposure on risk A is $10, 000 Our exposure on event B is $40, 000 We add these to get our total (or aggregate) exposure on the project which is $50, 000 77

Monte Carlo Simulations n n n Computer simulations can be used to estimate the Monte Carlo Simulations n n n Computer simulations can be used to estimate the inherent uncertainty of probabilistic events Such simulations are referred to as Monte Carlo simulations (after the famous Monte Carlo casinos) Monte Carlo simulations can be very useful to estimate and analyze aggregate risk exposure In many cases, the occurrence (or absence) of a risk event can impact the probability (and possibly the associated cost) of other risk events Monte Carlo simulations can be used to analyze these more complex situations 78

MODULE 5 Planning Risk Responses 79 MODULE 5 Planning Risk Responses 79

Four General Risk Response Options First, investigate to see if we can: 1. Avoid Four General Risk Response Options First, investigate to see if we can: 1. Avoid the risk 2. Transfer the risk – a related strategy is to Share the risk If neither of the above options apply, then we can: 3. Mitigate the risk (employ strategies to reduce the probability or the impact – or both) Or, we could just: 4. Accept the risk q However there are two approaches to acceptance: active and passive n Active approach will mean creating a contingency plan n Passive approach means do nothing and take the hit if comes 80

Avoiding Risk n n Risks should be discussed with our customers and other stakeholders Avoiding Risk n n Risks should be discussed with our customers and other stakeholders If risks can be traced to particular requirements or system features, this helps customers do better cost/benefits analysis Sometimes the decision may be made that the risk doesn’t justify the perceived benefit In these cases, we may be able to avoid the risk altogether by modifying the scope of the project 81

Transferring Risk n n Some risks may be more properly the responsibility of our Transferring Risk n n Some risks may be more properly the responsibility of our customer (or other stakeholder) q For example, if we are depending on the customer to supply access to data, people, documents, etc. , this poses a risk to the project q A clear statement at the project’s beginning can properly assign ownership of this risk to the customer Insurance is another way of transferring risk Any transferred risks should be carefully documented Transferring a risk does not eliminate its potential impact on our project, so we may need to monitor for the risk and advise the risk owner appropriately 82

Sharing Risk n n n Risks that have several owners may need to be Sharing Risk n n n Risks that have several owners may need to be shared Shared risks can be difficult to manage satisfactorily Shared risks should be agreed on and documented at the project’s beginning A clear understanding of each party’s responsibilities and liabilities is crucial for a satisfactory outcome Sharing risk is similar to transferring risk, in that we may still need to monitor and advise on the part of the risk we have assigned to someone else 83

Approaches to Managing Risk n n If risks cannot be avoided or transferred, we Approaches to Managing Risk n n If risks cannot be avoided or transferred, we must decide how we will manage them This includes both shared risks and risks that we assume total responsibility for There are two basic approaches to actively managing risks: q Mitigation q Contingency planning (active acceptance of a risk) These are not mutually exclusive, and we may opt to do both for some risks 84

Managing Risk management is not the same as worrying about your project. De. Marco Managing Risk management is not the same as worrying about your project. De. Marco and Lister, Waltzing with Bears 85

Mitigation Strategies n n Mitigation might mean: q Adding activities/deliverables to a project to Mitigation Strategies n n Mitigation might mean: q Adding activities/deliverables to a project to reduce the chances of a potential risk event occurring q Adding activities/deliverables to a project to offset the impact of a potential risk event if it does occur q Actively tracking and monitoring risk indicators (see next slide) to guide the mitigation activities Mitigation costs are incurred whether the risk event occurs or not 86

Active Acceptance: Contingency Planning n n n Contingency planning means devising a plan that Active Acceptance: Contingency Planning n n n Contingency planning means devising a plan that will be called into action only when a risk event actually occurs Contingency planning might include: q Putting aside a contingency fund in our budget q Including scheduling alternatives to include some built-in float q Designing emergency responses to deal with major areas of risk q Developing plans for workarounds to deal with selected risks Contingency planning requires minimal resource commitment (beyond the planning itself) until the risk event has occurred Note: In some companies, a management/contingency reserve is set aside at the project’s beginning for the purpose of dealing with accepted risks if they occur. In this case, reserve analysis might be used to compare the amount of contingency reserves remaining to the risks remaining at a given time. 87

Exercise#5 Consider the online book store project we worked on. Recall the prioritization that Exercise#5 Consider the online book store project we worked on. Recall the prioritization that you did based on your qualitative risk assessment for this project in Exercise #4. 1) Beginning with the highest priority risk factor, decide which of the following risk responses will apply best to each risk: q q 2) 3) Avoid the risk Transfer the risk/Share the risk Mitigate the risk Accept the risk (actively or passively) For the top two risks for which you decide the response should be to mitigate the risk, give a high-level description of suggestion mitigation strategies For the top two risks for which you decide the response should be to actively accept the risk, give a high-level description of contingency plans 88

MODULE 6 Monitoring and Controlling Risks 89 MODULE 6 Monitoring and Controlling Risks 89

5. Control Risks n n n Inputs q Risk register q Risk management plan 5. Control Risks n n n Inputs q Risk register q Risk management plan q Work performance information Tools and Techniques q Risk reassessment q Risk audits q Variance and trend analysis q Technical performance measurement q Reserve analysis q Status meetings Output q Risk register updates n Outcomes of risk reassessment n Actual outcomes of project risks and the risk responses employed q Change requests n Recommended corrective actions n Recommended preventive actions 90

Trend Analysis: Risk Transition Events Recall the statement from De. Marco and Lister: A Trend Analysis: Risk Transition Events Recall the statement from De. Marco and Lister: A risk is a problem that has yet to occur. A problem is a risk that has already materialized. Risk Transition Event Occurs Problem 91

Importance of Risk Transitions Risk Management Here Crisis Management Here (if we haven’t done Importance of Risk Transitions Risk Management Here Crisis Management Here (if we haven’t done Risk Mgmt) Risk Transition Event Occurs Problem 92

Transitions Indicators n n Most risk events will have associated risk transition indicators These Transitions Indicators n n Most risk events will have associated risk transition indicators These transition indicators can be used to: q Modify our estimates about the probability of the transition event occurring q Trigger mitigating strategies q Provide impetus for contingency planning Risk Transition Event Occurs Transition Indicators (Early Warning System) Problem 93

Transitions Indicator Monitoring To capitalize on this though, we must become aware of the Transitions Indicator Monitoring To capitalize on this though, we must become aware of the transition indicators through careful monitoring and reporting. Risk Transition Indicators Problem Monitor for these and modify plan based on observations 94

Exercise #6 Consider again the case study for the book store that we have Exercise #6 Consider again the case study for the book store that we have worked on. 1) 2) 3) 4) 5) 6) 7) Recall the risk factors that your team identified for this project in Exercise #1. Choose several of these and identify one or more risk transition indicators for each of them. How would you suggest monitoring for these risk transition indicators? Who should be responsible for the monitoring and tracking of the indicators you’ve identified? Who should be notified of the occurrence of each of these indicators? Can you define mitigation strategies that would be advantageous to implement when each of these indicators are observed? Would implementing these mitigation strategies change how you continue your monitoring for indicators of the risk events in question? Are there new risks that these mitigation strategies might introduce? 95

Summary: Steps for Risk Management 1. 2. 3. 4. Use a risk identification process Summary: Steps for Risk Management 1. 2. 3. 4. Use a risk identification process to compile a risk census Do the following for each risk identified (this can be a quantitative or a qualitative process): • Estimate the cost/impact of the risk event • Estimate the probability of the risk materializing • Calculate your exposure for the risk • Prioritize the risks Analyze each risk to decide a risk response option: avoid, transfer/share, mitigate, or accept For those risks you decide to manage: • Add mitigation actions (if applicable) to the overall project plan • Plan in advance what contingency actions will be needed if an accepted risk occurs • Identify one or more risk transition indicators where applicable 96

Steps for Risk Management (cont’d) 5. 6. 7. 8. Monitor all risks for materialization Steps for Risk Management (cont’d) 5. 6. 7. 8. Monitor all risks for materialization or expiration Execute contingency plans whenever a risk event occurs Update plans when a risk event expires Document the entire process to provide input for future projects: • What risks were tracked? • Which occurred? • How were these dealt with? • Could they have been prevented? • Could they have been better mitigated? 97

Final Check -- Overall Key Learning Outcomes When you complete this course you will Final Check -- Overall Key Learning Outcomes When you complete this course you will be able to: 1) Define risk and its role in a software project 2) Explain the goals of risk management 3) Contrast crisis management and risk management 4) Describe some of the major benefits of employing risk management 5) Describe the overall risk management process and explain its essential elements 6) Identify some of the major sources of risk in IT projects 7) Explain how risk is driven by the characteristics of a project 8) Describe what the analysis of a risk event involves 9) Define what is meant by the exposure of a risk event 10) Compare quantitative and qualitative risk analysis 11) Identify four different possible risk responses 12) Explain the two terms: contingency planning and mitigation 13) Describe what is meant by a risk transition indicator and how these are used 98

Appendix Some PMP-Style Exercises 99 Appendix Some PMP-Style Exercises 99

Exercise #1 (PMP Style) Risk Management Which of the following is not a factor Exercise #1 (PMP Style) Risk Management Which of the following is not a factor in the assessment of project risk? A. B. C. D. The The nature of the risk event estimated risk event probability impact of the risk event size of the project contingency fund 100

Exercise #1 (PMP Style) Risk Management Which of the following is not a factor Exercise #1 (PMP Style) Risk Management Which of the following is not a factor in the assessment of project risk? A. The nature of the risk event B. The estimated risk event probability C. The impact of the risk event D. The size of the project contingency fund D may be factor in planning a risk response, but shouldn’t impact the risk assessment. 101

Exercise #2 (PMP Style) Risk Management If a project risk has a 40% chance Exercise #2 (PMP Style) Risk Management If a project risk has a 40% chance of occurring and would produce a US $100, 000 loss, the project exposure for this event is: A. B. C. D. US US $100, 000 profit $60, 000 loss $20, 000 profit $40, 000 loss 102

Exercise #2 (PMP Style) Risk Management If a project risk has a 40% chance Exercise #2 (PMP Style) Risk Management If a project risk has a 40% chance of occurring and would produce a $100, 000 loss for the project, the exposure for this event is: A. US $100, 000 profit B. US $60, 000 loss C. US $20, 000 profit D. US $40, 000 loss Exposure (sometimes called expected value) = probability X impact 103

Exercise #3 (PMP Style) Risk Management Which of the following risk events is most Exercise #3 (PMP Style) Risk Management Which of the following risk events is most likely to interfere with attainment of the project’s schedule objective? A. Delays in obtaining required approvals B. Substantial increases in the cost of contract labor C. Contract disputes over frequency of payments D. Slippage of the lessons learned meeting 104

Exercise #3 (PMP Style) Risk Management Which of the following risk events is most Exercise #3 (PMP Style) Risk Management Which of the following risk events is most likely to interfere with attainment of the project’s schedule objective? A. Delays in obtaining required approvals B. Substantial increases in the cost of contract labor C. Contract disputes over frequency of payments D. Slippage of the lessons learned meeting 105

Exercise #4 (PMP Style) Risk Management If a risk has a 80% chance of Exercise #4 (PMP Style) Risk Management If a risk has a 80% chance of occurring, and the consequences will be US $50, 000, what does US $40, 000 represent? A. B. C. D. The risk value Net present value of the risk The expected value, or exposure, of the risk The amount that must be committed to managing the risk 106

Exercise #4 (PMP Style) Risk Management If a risk has a 80% chance of Exercise #4 (PMP Style) Risk Management If a risk has a 80% chance of occurring, and the consequences will be US $50, 000, what does US $40, 000 represent? A. B. C. D. The risk value Net present value of the risk The expected value, or exposure, of the risk The amount that must be committed to managing the risk 107

Exercise #5 (PMP Style) Risk Management Risks should be identified during which phase of Exercise #5 (PMP Style) Risk Management Risks should be identified during which phase of project management life cycle? A. B. C. D. Initiation Planning Execution All phases 108

Exercise #5 (PMP Style) Risk Management Risks should be identified during which phase of Exercise #5 (PMP Style) Risk Management Risks should be identified during which phase of project management life cycle? A. Initiation B. Planning C. Execution D. All phases 109

Exercise #6 (PMP Style) Risk Management What should be done with non-critical risks? A. Exercise #6 (PMP Style) Risk Management What should be done with non-critical risks? A. Ignore them, they are not critical enough to be included in risk response planning B. Document them and revisit them periodically during the project C. Ignore them, they are already taken care of in your contingency plans D. Document them and pass them to the customer and management 110

Exercise #6 (PMP Style) Risk Management What should be done with non-critical risks? A. Exercise #6 (PMP Style) Risk Management What should be done with non-critical risks? A. Ignore them, they are not critical enough to be included in risk response planning B. Document them and revisit them periodically during the project C. Ignore them, they are already taken care of in your contingency plans D. Document them and pass them to the customer and management Remember: Situations can change during the project. 111

Exercise #7 (PMP Style) Risk Management Which of the following is an input to Exercise #7 (PMP Style) Risk Management Which of the following is an input to the risk management process? A. B. C. D. Historical information Approved project change sheets The project WBS A, B, and C 112

Exercise #7 (PMP Style) Risk Management Which of the following is an input to Exercise #7 (PMP Style) Risk Management Which of the following is an input to the risk management process? A. Historical information B. Approved project change sheets C. The project WBS D. A, B, and C 113

Exercise #8 (PMP Style) Risk Management During project execution a team member identifies a Exercise #8 (PMP Style) Risk Management During project execution a team member identifies a risk that is not included in the current the risk response plan. As project manager, you should: A. Have your team analyze the impact and probability of the risk B. Communicate this to the customer. C. Ignore the risk until it becomes more apparent that it is important. D. Tell the customer about the risk. 114

Exercise #8 (PMP Style) Risk Management During project execution a team member identifies a Exercise #8 (PMP Style) Risk Management During project execution a team member identifies a risk that is not included in the current the risk response plan. As project manager, you should: A. Have your team analyze the impact and probability of the risk B. Communicate this to the customer. C. Ignore the risk until it becomes more apparent that it is important. D. Tell the customer about the risk. Remember, when given several reasonable choices, choose the FIRST thing you would do. 115

Exercise #9 (PMP Style) Risk Management During the project execution a problem occurs that Exercise #9 (PMP Style) Risk Management During the project execution a problem occurs that you had not included in your risk response plan. You should: A. B. C. D. Create a workaround Have a meeting with all the stakeholders Communicate this to the customer Inform management 116

Exercise #9 (PMP Style) Risk Management During the project execution a problem occurs that Exercise #9 (PMP Style) Risk Management During the project execution a problem occurs that you had not included in your risk response plan. You should: A. B. C. D. Create a workaround Have a meeting with all the stakeholders Communicate this to the customer Inform management Risk management plans never include everything that could happen. This is just business as usual – create the workaround with your team FIRST, then communicate with others. That way you can present them with an option. 117

Exercise #10 (PMP Style) Risk Management Risk tolerances are determined to: A. B. C. Exercise #10 (PMP Style) Risk Management Risk tolerances are determined to: A. B. C. D. Help the team prioritize the project risks. Help estimate the project schedule. Reduce the team’s liabilities on the project. Inform management about the company’s exposure on the project. 118

Exercise #10 (PMP Style) Risk Management Risk tolerances are determined to: A. B. C. Exercise #10 (PMP Style) Risk Management Risk tolerances are determined to: A. B. C. D. Help the team prioritize the project risks. Help estimate the project schedule. Reduce the team’s liabilities on the project. Inform management about the company’s exposure on the project. 119

Exercise #11 (PMP Style) Risk Management Purchasing insurance is an example of: A. B. Exercise #11 (PMP Style) Risk Management Purchasing insurance is an example of: A. B. C. D. Risk initiation transfer acceptance avoidance 120

Exercise #11 (PMP Style) Risk Management Purchasing insurance is an example of: A. B. Exercise #11 (PMP Style) Risk Management Purchasing insurance is an example of: A. B. C. D. Risk initiation Risk transfer (sometimes called risk deflection) Risk acceptance Risk avoidance 121

Exercise #12 (PMP Style) Risk Management You are finding it difficult to evaluate the Exercise #12 (PMP Style) Risk Management You are finding it difficult to evaluate the exact cost of consequences of risks. You should: A. B. C. D. Evaluate them on a quantitative basis Evaluate them on the Kanzai scale Evaluate them on a qualitative basis Utilize the Delphi technique 122

Exercise #12 (PMP Style) Risk Management You are finding it difficult to evaluate the Exercise #12 (PMP Style) Risk Management You are finding it difficult to evaluate the exact cost of consequences of risks. You should: A. B. C. D. Evaluate them on a quantitative basis Evaluate them on the Kanzai scale Evaluate them on a qualitative basis Utilize the Delphi technique 123

Exercise #13 (PMP Style) Risk Management The customer requests a change to the project Exercise #13 (PMP Style) Risk Management The customer requests a change to the project that you believe would increase the project risk. What would you do? A. Include the expected value of the risk in the cost estimate for the change. B. Talk to the customer about the impact of the change. C. Analyze the impacts of the change with the team. D. Change the risk response plan to include the new risk. 124

Exercise #13 (PMP Style) Risk Management The customer requests a change to the project Exercise #13 (PMP Style) Risk Management The customer requests a change to the project that you believe would increase the project risk. What would you do? A. Include the expected value of the risk in the cost estimate for the change. B. Talk to the customer about the impact of the change. C. Analyze the impacts of the change with the team. D. Change the risk response plan to include the new risk. First things first … When in doubt on these kind of answers, involving the team is often the best choice; consulting with or informing management or the customer is almost never the first thing to do. 125

Exercise #14 (PMP Style) Risk Management An output of risk response planning is: A. Exercise #14 (PMP Style) Risk Management An output of risk response planning is: A. B. C. D. A risk response plan Risks identified Risk probabilities identified Risk impacts identified 126

Exercise #14 (PMP Style) Risk Management An output of risk response planning is: A. Exercise #14 (PMP Style) Risk Management An output of risk response planning is: A. B. C. D. A risk response plan Risks identified Risk probabilities identified Risk impacts identified Sometimes they are obvious – don’t look a gift horse in the mouth with too much analysis. 127

Exercise #15 (PMP Style) Risk Management Workarounds are determined during which step of risk Exercise #15 (PMP Style) Risk Management Workarounds are determined during which step of risk management? A. B. C. D. Risk identification Quantitative risk analysis Risk response planning Risk monitoring and control 128

Exercise #15 (PMP Style) Risk Management Workarounds are determined during which step of risk Exercise #15 (PMP Style) Risk Management Workarounds are determined during which step of risk management? A. Risk identification B. Quantitative risk analysis C. Risk response planning D. Risk monitoring and control Workarounds are determined only after the risk event occurs. Although some planning can take place if you choose to make a contingency plan. 129

Exercise #16 (PMP Style) Risk Management A determination to transfer a risk may be Exercise #16 (PMP Style) Risk Management A determination to transfer a risk may be made during which step of risk management? A. B. C. D. Risk identification Quantitative risk analysis Risk response planning Risk monitoring and control 130

Exercise #16 (PMP Style) Risk Management A determination to transfer a risk may be Exercise #16 (PMP Style) Risk Management A determination to transfer a risk may be made during which step of risk management? A. B. C. D. Risk identification Quantitative risk analysis Risk response planning Risk monitoring and control 131