Quick Link to Risk Management
Risk Management 11.6 Monitor and Control Risks
Risk Management 11.5 Plan Risk Responses
Risk Management 11.4 Perform Quantitative Risk Analysis
Risk Management 11.3 Perform Qualitative Risk Analysis
Risk Management 11.2 Identify Risks
Risk Management 11.1 Plan Risk Management
Risk identification involves determining which risk events are likely to affect the project and documenting their characteristics. Risk identification is not a one-time event; it is an iterative process and normally leads to qualitative analysis. New risks may emerge at any time and continued risk identification should be performed on a regular basis throughout the project. During the identification of a risk, it may also become apparent what the appropriate response should be. This information should be recorded for subsequent use in the response planning process.
Identify Risks
|
||
Inputs
|
Tools
|
Outputs
|
1. Risk
management plan
2. Activity
cost estimates
3. Activity
duration estimates
4. Scope
baseline
5. Stakeholder
register
6. Cost
management plan
7. Schedule
management plan
8. Quality
management plan
9. Project
documents
10. Enterprise
environmental factors
11. Organizational
process assets
|
1. Documentation
reviews
2. Information
gathering techniques
3. Checklist
analysis
4. Assumptions
analysis
5. Diagramming
techniques
6. SWOT
analysis
7. Expert
judgment
|
1. iRsk
register
|
Eleven Key Inputs for Identify Risks:
1. Risk
management plan: Assigns roles and responsibilities for risk identification,
builds money and time into the plan to accommodate risk identification and
provides information about risk identification and provides information about
risk categories that may be relevant for the current project (output of
previous section, 11.1).
2. Activity
cost estimates: If the estimates are expressed as a range (as recommended by
PMI), activities with wider cost ranges are considered more risky.
3. Activity
duration estimates: Similarly, if the schedule estimates are expressed as a
range (as recommended by PMI), activities with wider schedule ranges are
considered more risky. Recall the use of PERT as one method for evaluating
schedule by estimating the inherent range in possible outcomes.
4. Scope
baseline: The scope statement should include any assumptions that have been
made. Assumptions are inherently risky because of the uncertainty embedded in
them. This site treats assumptions as especially documented and periodically
validated as to their accuracy.
Also, recall that
one of the uses of the WBS is risk identification. It is usually easier to
assess the potential risk of a specific work package than to identify risks for
the entire project. The WBS also provides a method for tracking risks at various
levels (summary, control account and work package levels).
5. Stakeholder
register: Stakeholders are a major source of risk identification information.
6. Cost
management plan: Cost management planning considers the risk register as well
as reserve analysis for both cost estimating and budget development.
7. Schedule
management plan: The schedule management plan considers reserve analysis and
also produces estimates with ranges so that an understanding of schedule risk
is already considered.
8. Quality
management plan: Quality planning (section 8.1.3.1) may generate information
about potential risks.
9. Project
documents: Risk- related project documents include:
·
Assumptions log
·
Performance reports
·
Earned value reports
·
Network diagrams
·
Baselines
·
Other information (historical information and
lessons learned)
10. Enterprise
environmental factors: Published information, academic studies, benchmarking
and risk tolerances are potential sources of risk information.
11. Organizational
process assets: Organizational process assets that may influence risk
identification include:
·
Project files (actual historical data)
·
Organizational and process controls
·
Risk statement templates
·
Lessons learned
Seven Key Tools for Identify Risks:
1. Documentation reviews: A structure
review of all subsidiary management plans (scope, cost. Schedule, quality and
so on) as well as a review of all assumptions have been made.
2. Information
gathering techniques: Examples include the following:
·
Brainstorming:
Under the leadership of a facilitator, the project team or a multi-disciplinary
group of experts generates ideas about project risks. The information is then
refined and categorized.
·
Delphi
technique: A way of reaching consensus among a group of experts who
participate anonymously. The experts give responses to specific questions. The
responses are then summarized and provided to the entire group. The anonymity
prevents any participant from dominating the results. Several iterations are
usually performed to determine whether a consensus exists among the experts.
While this technique can be used for numerous reasons, the purpose here is to
identify major project risks.
·
Interviewing:
Conducted with experienced project managers, subject matter experts and other
stakeholders.
·
Root
cause analysis: Sharpens the definition of a particular risk and
facilitates grouping of risks by cause or category.
3. Checklist analysis: Organized by source
of risk. Checklists use information learned from previous projects and can help
make risk identification quicker and simple. A possible disadvantage is that
analysis may limit their search to a pre-existing list. Examples of such
sources of risk include:
·
Technology
·
Cost
·
Schedule
·
Internal
·
External
·
Procurement
·
legal
·
poor planning
·
changes in requirements
4. Assumptions analysis: Exploring and
challenging the validity of any assumptions that have been made about the
project.
5. Diagramming techniques: May include the
following:
·
cause and effect diagrams
·
flowcharts (system or process)
·
influence diagrams
6. SWOT analysis: (Strengths, Weaknesses,
Opportunities, Threats) A technique to ensure risks are approached from a
sufficient mix of perspectives. SWOT looks at both the upside opportunities as
well as the downside concerns. The technique also considers whether the
strengths, weaknesses, opportunities or threats come from internal
organizational sources or external environmental sources.
7. Expert judgment: Experts with relevant
experience on similar project may be an invaluable source of information.
One Key Outputs for Identify Risks:
1. Risk Register: The risk register is
built in stages as each risk management process is performed. A plan is
provided, risks are identified, risks are then analyzed, response plans are
developed and on-going monitoring and control follows next. New information is
developed at each step.
At this point, the risk register contains:
·
A list of potential risk events
·
A list of potential responses (if known)
For the exam, also know that a risk
trigger is a symptom or warning sign that a risk is about to occur. An example
might be that the cost performance index is moving out of acceptable
thresholds.
No comments:
Post a Comment