Risk Management

PMKI Index
Download
the PMKI
Taxonomy
Location:  PMKI > PMBoK Knowledge Areas > Risk Management. 
 The PMKI Library
This subject covers the processes involved in the identification and management of risk within a project or program to achieve and maintain a risk profile acceptable to the key stakeholders based around the requirements of the PMP exam. Additional risk resources are on our advanced risk management page.

Topics included in Risk Management:

- Risk overview
- Assessing risk (identification)
- Managing risk (treatment)
- Useful External Web-links & Resources.

Other related sections of the PMKI:

- Advanced Risk Management
- Schedule Risk Assessment


Risk overview

Risk

RiskWhat is a risk? A risk is: “an uncertain event or condition that, if it occurs, will have a positive or negative effect on a project objective”. Where:

  • Uncertainty: lack of knowledge about future events, it includes opportunities as well as threats
  • Risk: uncertainty that matters, the uncertainty will potentially affect a project objective
  • Hazard: it the cause of a negative risk.

PMI strongly supports the view of most risk management professionals that:

  • A risk is an uncertainty that matters
  • Uncertainty is defined as a lack of knowledge of future events
  • The consequences of a risk event occurring may be positive or negative.

This means each risk is something in the future which might or might not occur. This concept is vital to a proper understanding of risk, and planning for the management of its effects. Risks do not yet exist, indeed they may never exist at all. This makes them quite different from things which have happened in the past or which currently exist in the present such as issues (see WP1089), problems (see WP1013) or constraints. Past and present events can be analyzed and measured, future events can only be imagined or estimated by people and these estimates will be influenced by the people's perceptions and past experiences. To manage risk effectively you need to deal with both the positive and negative uncertainties that matters by following a structured process that takes into account the affected people's risk tolerance.


Risk Management

Risk Management is the controlling of the interaction of various project control processes and systems with the effect of risks and uncertainty.

WP: Risk Management. Managing risks is important because it focuses attention on the uncertainties that matter. This paper looks at the core elements of risk management.

Blg: Stakeholder Risk Tolerance. The skills that a mature organisation brings to the art of ‘risk management’ is to focus effort on managing risks that can be managed, providing adequate contingencies for those risks that cannot be controlled and deciding how much residual risk is sensible.

Prs: Portfolio governance and risk – it’s all about the stakeholder. There is no such thing as a ‘risk free’ project and the art of portfolio management is to balance the risks and rewards of investing in projects, whilst keeping the overall risk exposure at a level that is acceptable to the organisation, and still generate the expected rewards.

 

Top


Assessing risk

Identification, classification, quantification.

Risk Risk Identification covers many different types of risk, including strategic risk, financial risk, reputational risk, operational risk, environmental risk, legal risk, contract risk, and technical risk, as well as corporate governance, business continuity and disaster recovery...... to name a few. It is important to ensure that all of the risks that matter are identified and actioned.

WP: Types of Risk. Risks fall into four broad categories and are created by a variety of factors outlined in this paper.

Risk RegisterRisk Register. A practical Excel template for identifying and prioritizing the risks associated with a project or program (see more).

Risk Assessment. The PMBOK® Guide focuses on the probability of a risk occurring and its likely impact if it happens; effective risk assessment expands on these basic elements to define a more complete range of assessment criteria and the effect of cognitive bias on peoples ability to make rational assessments of any potential gain or loss. In addition to these known unknowns that can be assessed, there are also two types of unknown unknown; knowable unknowns and unknowable unknowns (or Black Swans). These these three 'types of risk' are discussed in WP1057. The unique nature of projects creates problems in assessing probability; WP1037 outlines some of the issues.

WP: Risk Assessment. Risks always involve uncertainty, and matter because they have the potential to affect objectives. This means that each risk must be linked to at least one objective and its potential impact assessed objectively.

WP: Probability. Modern risk management practices have developed analytical methodologies to determine the probability of events occurring (or not occurring) that allows contingencies to be calculated based on mathematical certainties.

Art: Standard Deviation for Project Managers. The concepts behind Standard Deviation and how it is used.

Blg: The flaw of averages. The flaw of averages defined in a book of the same name states that any plan based on average assumptions is wrong on average!

Art: Predicting Future Project Outcomes - The power of uncertainty. Understanding the way Monte Carlo, Latin hypercube and Sampling work to inform risk management decisions.

WP: Understanding PERT. PERT is the oldest and arguable the least effective / least accurate way to model the uncertainty associated with every estimate used in a schedule.See why!

Risk Treatment. A risk process which does not lead to the implementation of actions to deal with the identified risks is incomplete and useless. The ultimate aim is to manage the risk affecting your project, not to simply list and analyze them.


Top


Managing risk

Dealing with the consequences of uncertainty.

Risk ManagementTo manage risk effectively you need to deal with uncertainty that matters by following a structured process that takes into account the people aspects such as their risk tolerance. Each risk is something in the future which might or might not occur. This is vital to a proper understanding of risk and planning its management. Risks are quite different from things which have happened in the past or which currently exist in the present, they can only be imagined or estimated by people and these estimates will be influenced by the people's perceptions and past experiences. Once a risk eventuates, it is an issue (see more on issue management).

Art: Risks don't add up. Understanding that there difference between an individual project risks, the overall risk of a project and the risks associated with a portfolio of projects is complicated but essential for effective risk management.

Art: Distributed -v- Consolidated Contingencies - The power of Portfolios. The effect of combining uncertainties into a ‘portfolio’ of risks is to reduce the overall level of uncertainty in the portfolio.

Blg: Black Swan Risks. The key definition of a ‘black swan’ proposed by N.N. Taleb is that the ‘black swan’ was unpredicted and unpredictable, but in hindsight it appears that it should have been foreseeable.

Risk Management PlanRisk Management Plan. A practical Excel template for pro-actively managing the risk treatments outlined in the risk register (see more).

 

Top


Useful External Web-links & Resources

Risk StandardThe Standard for Risk Management in Portfolios, Programs, and Projects is available free of charge to PMI members, see: https://www.pmi.org/pmbok-guide-standards/framework 
- Australian sales only from our web shop

 
 

Training

Communication TrainingPractical Project Risk Management. This workshop is designed to introduce project leaders to the theory and practice of practical project-based risk management, using Mosaic's Risk Register and Risk Management Plan (Excel templates). Attendees will work through a case study applying practical risk management theory to develop a project risk register and a project risk management plan in sufficient detail to allow the effective management of risk during project delivery (view course details).
 

Risk RegisterRisk Register. A practical Excel template for identifying and prioritizing the risks associated with a project or program (see more).
 

Risk Management PlanRisk Management Plan. A practical Excel template for pro-actively managing the risk treatments outlined in the risk register (see more).

Top

 

Self-paced PMI-SP Training

Stakeholder management tools


Self-paced EVM Training

Self-paced PMI-SP Training


Self-paced PMI-SP Training

Risk management template