Risk management includes risk management planning, identification, analysis, response planning and monitoring and control. The purpose of risk management is to increase the probability and impact of positive events, and decrease the probability and impact of negative events on the project.
Knowing some definitions in risk can help you find answers to exam questions. The process of risk management is very logical. Expect questions that ask, “What part of the process are you in during this situation?” or “What do you do next?”
Therefore, you should understand the process of risk management and what happens when in the process. In this lesson, I have added specific references to outputs to aid you in understanding the risk process. However, expect a majority of the questions to be in the form of, “What should you do?” These are harder than the other types of questions.
This lesson will provide the overview necessary for the exam. However, you should realize that there are more tools and techniques to real-world risk management than are covered here.
Threats and Opportunities Risk is something that may or may not happen. If it does happen, it can have positive or negative impact on the project. Do not forget that there can be positive impacts; good risks, called opportunities! Opportunities can include such things as:
Up to 90 percent of threats that are identified and investigated in the risk management process can be eliminated. How much better off would you be if that happened?
How about the project? Your customer?
Definition of Uncertainty Uncertainty is a lack of knowledge about an event that reduces confidence in conclusions drawn from the data. The work that needs to be done, the cost, the time, the quality needs, communications needs, etc. can be uncertain. The investigation of uncertainties may help identify risks.
Risk Factors When looking at risk, one should determine:
Risk Averse Someone who does not want to take risks is said to be risk averse.
Risk Tolerances and Thresholds Tolerances are the areas of risk that are acceptable or unacceptable.
For example, “a risk that affects our reputation will not be tolerated.” Tolerance areas can include any component of the “triple constraint” as well as reputation and other intangibles that may affect the customer. A threshold is the amount of risk that is acceptable. For example, “A risk of a two week delay is okay, but nothing more.”
Have you realized yet that there are inputs to the process as a whole (“What are the inputs to risk management?”) and inputs to each part of the process of risk management (“What are the inputs to risk response planning?”)
Did you realize that the inputs to each part of the process are almost always the outputs of the parts that came before? As a result, these should not need memorization. However, since risk management is a very step-by-step, process-oriented part of project management, expect risk input and output questions on the exam.
Inputs are merely, “What do I need to do this well?” or “What do I need before I can begin…?” Outputs are merely, “What will I have when I am done with…?”