Risk Management 11.6 Monitor and Control Risks

Quick Link to Risk Management

Risk Management 11.6 Monitor and Control Risks

Risk Management 11.5 Plan Risk Responses

Risk Management 11.4 Perform Quantitative Risk Analysis

Risk Management 11.3 Perform Qualitative Risk Analysis

Risk Management 11.2 Identify Risks

Risk Management 11.1 Plan Risk Management

Risk monitoring is the process of keeping track of identified risks, ensuring that risk response plans are implemented, evaluating the effectiveness of risk responses, monitoring residual risks, and identifying new risks. The purpose of monitoring is to determine whether:

·         Risk responses have been implemented.

·         Risk responses were effective (or new responses are needed).

·         Project assumptions are still valid.

·         Any risk triggers have occurred.

·         Risk exposure has changed.

·         Policies and procedures are being followed-

·         Any new risks have emerged.

Monitor and Control Risks
Inputs	Tools	Outputs
1.       Risk register 2.       Project management plan 3.       Work performance information 4.       Performance reports	1.       Risk reassessment 2.       Risk audits 3.       Variance and trend analysis 4.       Technical performance measurement 5.       Reserve analysis 6.       Status meetings	1.       Risk register updates 2.       OPA updates 3.       Change requests 4.       Project management plan updates 5.       Project document updates

Four Key Inputs For Monitor and Control Risks:

1.       Risk Register: Provides the list of identified risks, risk owners, agreed responses, risk triggers (symptoms and warning signs), residual and secondary risks, watch list of low priority risks, and planned reserves-

2.       Project Management Plan: Contains the risk management plan which assigns people, risk owners, and the resources needed to carry out risk monitoring activities.

3.       Work Performance Information: The status of the work is a major input to risk monitoring and control. Performance reports give insights into whether risks are occurring and whether response plans need to be implemented. Specific status of interest includes:

·         Deliverable status

·         Schedule progress

·         Costs incurred

4.       Performance Reports: These reports analyze the work performance information just mentioned to create status reports and forecasts using various methods such as earned value.

Six Key Tools for Monitor and Control Risks:

1.       Risk Reassessment: The project team should regularly check for new risks as wellas "reassessing" previously identified risks. At least three possible scenarios should be considered: a) new risks may have emerged and a new response plan must be devised, b) if a previously identified risk actually occurs, the effectiveness of the response plan should be evaluated for lessons learned, and c) if a risk does not occur, it should be officially closed out in the risk register.

2.       Risk Audits: Evaluate and document the effectiveness of risk responses as well as the effectiveness of the processes being used. Risk audits may be incorporated into the agenda of regularly scheduled status meetings or may be scheduled as separate events.

3.       Variance and Trend Analysis: Used to monitor overall project performance. These analyses are used to forecast future project performance and to determine if deviations from the plan are being caused by risks or opportunities.

4.       Technical Performance Measurement: Using the results of testing, prototyping, and other techniques to determine whether planned technical achievements are being met. As with trend analysis, this information is also used to forecast the degree of technical success on the prolect.

5.       Reserve Analysis: Compares the remaining reserves to the remaining risk to determine whether the remaining reserve is adequate to complete the project.

6.       Status Meetings: Risk management should be a regular agenda item at the regular team meetings.

Five Key Outputs for Monitor and Control Risks:

1.       Risk Register Updates: Records the outcomes of risk monitoring activities such as risk reassessment and risk audits. Also records which risk events have actually occurred and whether the responses were effective.

2.       Organizational Process Assets Updates: Includes risk plan templates, the risk register, the risk breakdown structure, and lessons learned.

3.       Change Requests: When contingency plans are implemented, it is sometimes necessary to change the project management plan. A classic example is the addition of extra money, time, or resources for contingency purposes. These change requests may lead to recommended corrective actions or recommended preventive actions.

Corrective actions may include contingency plans (devised at the time a risk event is identified and used later if the risk actually occurs) and workarounds (passive acceptance of a risk where no action is taken until or unless the risk event actually occurs). The major distinction is that workaround responses are not planned in advance.

4.       Project Management Plan Updates: Again, if approved changes have an effect on risk information or processes, the project management plan should be revised accordingly.

5.       Project Document Updates: Documents that may be updated include:

·         Assumptions log updates

·         Technical documentation updates