PROJECT RISK MANAGEMENT

Names of Sub-Units

Introduction to project risk management: Describe its effect on project, and project management
process groups. Inputs, Tools & Techniques, and Outputs of plan risk management. Inputs, Tools &
Techniques, and Outputs of Identify Risks. Inputs, Tools & Techniques, and Outputs of Perform
Qualitative Risk Analysis. Inputs, Tools & Techniques, and Outputs of Perform Quantitative Risk
Analysis. Inputs, Tools & Techniques, and Outputs of Plan Risk Responses. Inputs, Tools &
Techniques, and Outputs of Implement Risk Responses. Inputs, Tools & Techniques, and Outputs of
Monitor Risks and Control.

Overview

This unit begins with the meaning of project risk management, and project management process
groups. Further, plan risk management, identify risks, perform qualitative risk analysis, perform
quantitative risk analysis, plan risk responses, implement risk responses, and monitor risks and
control.

Learning Objectives

After studying this unit, you will be able to:

 State the project risk management
 Explain about the project management process groups.
 Discuss the plan risk management
 Discuss the identify risks
 Describe the perform qualitative risk analysis
 State the perform quantitative risk analysis
 Discuss about the plan risk responses
 Explain the implement risk responses
 State about the monitor risks and control

Learning Outcomes

The content and assessment of this chapter have been developed to achieve the following learning
outcomes:
 Assess the project risk management
 Appraise the project management process groups
 Evaluate the plan risk management
 Analyse the identify risks
 Explain the perform qualitative risk analysis
 State the perform quantitative risk analysis
 Explain the plan risk responses
 Analyse the implement risk responses
 Appraise the monitor risks and control

Pre-Unit Preparatory Material

Introduction
The procedures of undertaking risk management planning, identification, analysis, response
planning, and risk control on a project are all included in project risk management. The goals of
project risk management are to maximise the likelihood and impact of good events in the project
while reducing the possibility and impact of bad events. The process of outlining how to execute risk
management activities for a project is known as plan risk management. The process of assessing
which hazards may harm the project and documenting their characteristics is known as identifying
risks. Project risk management include the procedures for risk management planning, identification,
analysis, reaction planning, and risk control for a project. The objectives of project risk management
are to increase the likelihood and impact of positive events while lowering the likelihood and impact
of negative events. Plan risk management is the process of laying out how to carry out risk
management operations for a project. Identifying risks is the process of determining which dangers
may endanger the project and documenting their characteristics.

A project risk is an unforeseeable event or circumstance that, if it occurs, has a positive or negative
impact on one or more project objectives, such as scope, schedule, cost, or quality. A risk can have
one or more causes, and it can have one or more consequences if it occurs. A cause might be a pre-
existing or potential demand, assumption, constraint, or circumstance that allows for negative or
positive results. For example, the need for an environmental permission to undertake work or
having a small team of designers allocated to the project could be factors. The risk is that the
permitting agency will take longer to grant a permit than expected; or, in the case of an opportunity,
additional development personnel may become available who can participate in design, and they
can be assigned to the project. There may be an influence on the project's scope, cost, schedule,
quality, or performance if each of these unpredictable occurrences occurs. Risk conditions can
include aspects of the project's or organization's environment that contribute to project risk, such as
inexperienced project management practises, a lack of integrated management systems, multiple
projects running at the same time, or reliance on external participants who are beyond the project's
direct control.

Project risk stems from the inherent uncertainty in all initiatives. Known risks are those that have
been discovered and analysed, allowing for the development of risk management strategies. Known
hazards should be assigned a contingency reserve if they cannot be controlled proactively. Unknown
hazards cannot be managed ahead of time, thus they will be assigned to a management reserve. A
project risk that has resulted in a poor outcome is referred to as an issue.

Project Risk Management

Project risk management is the process of identifying, analysing, and responding to any risk that
develops during the course of a project's life cycle in order to keep the project on track and
accomplish its objectives. Risk management is not solely reactive. It should be part of the planning
process to identify potential risks in the project and how to manage such risks if they arise.

A risk is anything that has the potential to disrupt the timeline, performance, or budget of your

project. Risks are possibilities, and if they become realities in the framework of project management,

they are labelled as "problems" that must be addressed. As a result, risk management is the act of

recognising, categorising, prioritising, and planning for risks before they turn into problems. On
different sorts of projects, risk management might mean different things. Risk management

solutions for large-scale projects may require considerable thorough planning for each risk to ensure

mitigation strategies are in place if problems develop. Risk management may be as basic as a

prioritised list of high, medium, and low priority hazards for smaller projects.

Individual project risks differ from project risk as a whole. The effect of uncertainty on the project as
a whole is represented by overall project risk. It encompasses all causes of project uncertainty,
making it more than the sum of individual hazards within a project. It refers to how stakeholders are
exposed to the consequences of both positive and poor project outcomes. The terms
"opportunities" and "threats" are widely used to describe positive and negative risks. The project
may be approved if the risks are within acceptable limits and are balanced against the potential
advantages of incurring the risks. Positive risks that provide opportunities within risk tolerances may
be pursued in order to generate increased value. Adopting an aggressive resource optimization
approach, for example, is a risk made in the hopes of receiving a return for utilising fewer resources.

To be successful, a company must be dedicated to risk management that is proactive and consistent
throughout the project. Throughout the project's life cycle, all levels of the company should make a
conscious decision to aggressively identify and seek effective risk management. At the time a project
is started, there is a possibility of project risk. Moving on with a project without a proactive risk
management strategy is likely to result in more issues due to unmanaged dangers.

Project Management Process Groups

The five PMBOK process groups are:

1. Initiating Process Group: Processes required launching a new project or a new project

phase. 

2. Planning Process Group: Processes related to defining and planning the extent of the
project, as well as planning how it will be executed. 

3. Executing Process Group: Processes related to the actual completion of project activities

and tasks. 

4. Monitoring & Controlling Process Group: Processes covering everything related to tracking,

monitoring, reporting on, and controlling project performance and progress. 

5. Closing Process Group: Processes required finalizing and completing a project or project

phase. 

Plan Risk Management

The process of outlining how to execute risk management activities for a project is known as plan
risk management. The main advantage of this method is that it assures that the level, kind, and
visibility of risk management are proportional to the risks and the project's relevance to the
business. To guarantee that the risk management process is supported and conducted effectively
throughout the project life cycle, the risk management strategy must be communicated with and
acquire consent and support from all stakeholders. Other risk management techniques have a better
chance of succeeding if they are planned carefully and explicitly. It is also crucial to plan ahead of
time to ensure that risk management initiatives have enough resources and time, as well as to build
a shared framework for assessing risks. Plan Risk Management should start as soon as a project is
envisioned and should be completed early in the project planning process.

Plan Risk Management: Inputs

All approved subsidiary management plans and baselines should be taken into account when
planning risk management in order to make the risk management plan consistent with them. The
project management plan includes a risk management plan as well. The project management plan
establishes a baseline or current status for risky areas such as scope, time, and cost.

Project Charter

The project charter can provide various inputs such as high-level risks, high-level project
descriptions, and high-level requirements.

Enterprise Environmental Factors

Risk attitudes, thresholds, and tolerances that characterise the degree of risk that a business can
withstand are examples of enterprise environmental elements that might influence the Plan Risk
Management process.

Plan Risk Management: Tools and Techniques

Analytical Techniques

Analytical techniques are employed to comprehend and characterise the project's overall risk
management environment. The risk management context is a mix of stakeholder risk attitudes and a
project's strategic risk exposure based on the overall project context. A stakeholder risk profile
analysis, for example, could be used to rank and classify project stakeholders' risk appetite and
tolerance. Other methods, such as strategic risk scoring sheets, are utilised to provide a high-level
assessment of the project's risk exposure based on the project's entire context. The project team can
allocate appropriate resources and focus on risk management initiatives based on these
assessments.

Meetings

To establish the risk management plan, project teams undertake planning sessions. The project
manager, chosen project team members and stakeholders, anyone in the company with
responsibility for risk planning and execution activities, and others, as needed, may attend these
sessions.

Plan Risk Management: Outputs

Risk Management Plan

The risk management plan is a component of the project management plan and describes how risk
management activities will be structured and performed.

Reporting formats
Reporting formats specify how the risk management process's results will be recorded, analysed,
and disseminated. It explains the risk register's content and format, as well as any other risk reports
that may be necessary.

Tracking

Risk actions will be recorded for the benefit of the current project, and risk management processes
will be audited, according to the tracking document.

Identify Risks
Identifying risks and documenting their characteristics is the process of determining which risks may
harm the project. The documenting of current hazards, as well as the knowledge and ability it
enables the project team to predict events, are the primary benefits of this procedure. The process's
inputs, tools and procedures, and outcomes. Because new risks may emerge or become known as
the project proceeds through its life cycle, identifying risks is an iterative process. The number of
iterations and participants in each cycle will change depending on the situation. Identifying risks and
documenting their characteristics is the process of determining which risks may harm the project.
The documenting of current hazards, as well as the knowledge and ability it enables the project team
to predict events, are the primary benefits of this procedure. The process's inputs, tools and
procedures, and outcomes. Because new risks may emerge or become known as the project
proceeds through its life cycle, identifying risks is an iterative process. The number of iterations and
participants in each cycle will change depending on the situation.

Identify Risks: Inputs

Risk Management Plan

The assignments of roles and duties, provision for risk management activities in the budget and
schedule, and risk categories, which are sometimes stated as a risk breakdown structure, are all
important parts of the risk management plan that contribute to the Identify Risks process.

Quality Management Plan

The quality management plan provides a baseline of quality measures and metrics for use in
identifying risks.

Human Resource Management Plan

The human resource management strategy outlines how human resources for the project should be
specified, staffed, managed, and eventually released. It may also include roles and duties, project
organisation charts, and a staffing management plan, all of which are important components of the
risk identification process.

Stakeholder Register

Stakeholder information is useful for eliciting inputs for identifying risks because it ensures that key
stakeholders, including the stakeholder, sponsor, and customer, are interviewed or otherwise
engage in the Identify Risks process.

Organizational process assets that can influence the Identify Risks process include, but are not
limited to

• Project files, including actual data,

• Organizational and project process controls,
• Risk statement formats or templates, and
• Lessons learned.

Identify Risks: Tools and Techniques

Documentation Reviews

An organised evaluation of project material, including plans, assumptions, previous project files,
agreements, and other information, may be conducted. The quality of the plans, as well as their
conformity with the project's requirements and assumptions, could be indicators of project risk.

Checklist Analysis

Risk identification checklists are created using historical data and knowledge gathered from similar
initiatives in the past as well as other sources of information. The RBS's lowest level can also be
utilised as a risk assessment tool. While a checklist can be quick and easy to create, it is difficult to
create an extensive one, and caution should be exercised to prevent using the checklist to avoid the
effort of accurate risk identification. The group should additionally look into items that aren't on the
checklist. In addition, the checklist should be pruned from time to time to eliminate or archive
entries that are no longer relevant. The checklist should be reviewed during project closure to
incorporate new lessons learned and improve it for use on future projects.

Assumptions Analysis

A set of hypotheses, scenarios, or assumptions underpins the conception and development of every
project and its strategy. The validity of assumptions as they apply to the project is investigated
through assumptions analysis. It identifies project risks due to assumptions' inaccuracy, volatility,
inconsistency, or incompleteness.

Identify Risks: Outputs

Risk Register

The primary output from Identify Risks is the initial entry into the risk register. The risk register is a
document in which the results of risk analysis and risk response planning are recorded. It contains
the outcomes of the other risk management processes as they are conducted, resulting in an
increase in the level and type of information contained in the risk register over time.

Perform Qualitative Risk Analysis

The process of prioritising risks for further analysis or action by measuring and combining their
probability of occurrence and impact is known as qualitative risk analysis. The main advantage of this
method is that it allows project managers to reduce uncertainty and concentrate on high-priority
risks. The process's inputs, tools and procedures, and outputs.

Perform Qualitative Risk Analysis evaluates the importance of identified risks based on their relative
probability or likelihood of occurrence, the resulting impact on project objectives if the risks occur,
and other factors such as the time frame for response and the organization's risk tolerance in
relation to project constraints such as cost, schedule, scope, and quality. Such assessments reflect
the project team's and other stakeholders' risk aversion. As a result, effective assessment
necessitates the specific identification and management of key participants' risk approaches during
the Perform Qualitative Risk Analysis process. Where these risk techniques induce bias into the
evaluation of identified risks, special emphasis should be devoted to detecting and correcting
prejudice. Perform Qualitative Risk Analysis is a quick and low-cost way to define priorities for Plan
Risk Responses and, if necessary, establishes the groundwork for Perform Quantitative Risk Analysis.
As specified in the project's risk management plan, the Perform Qualitative Risk Analysis process is
carried out on a regular basis throughout the project life cycle.

Perform Qualitative Risk Analysis: Inputs

Risk Management Plan

Roles and responsibilities for risk management, budgets, risk management schedule activities, risk
categories, definitions of probability and impact, the probability and impact matrix, and revised
stakeholders' risk tolerances are all key elements of the risk management plan used in the Perform
Qualitative Risk Analysis process. During the Plan Risk Management process, these inputs are
frequently adjusted to the project. They may be produced during the Perform Qualitative Risk
Analysis phase if they are not already available.

Scope Baseline

Risks are more well-understood in projects of a common or recurring nature. Projects that use
cutting-edge or first-of-its-kind technology, as well as those that are extremely complex, are more
likely to be unclear. The scope baseline can be used to assess this.

Enterprise Environmental Factors

Enterprise environmental factors may provide insight and context to the risk assessment, such as:

• Industry studies of similar projects by risk specialists

• Risk databases that may be available from industry or proprietary sources

The organizational process assets that can influence the Perform Qualitative Risk Analysis process
include information on prior, similar completed projects.

Perform Qualitative Risk Analysis: Tools and Techniques

Risk Probability and Impact Assessment

The possibility of any specific risk occurring is investigated in a risk probability assessment. Risk
impact analysis looks into the potential influence on a project's time, cost, quality, or performance,
considering both negative and positive consequences for threats and opportunities. For each
detected risk, the probability and impact are evaluated. Interviews or meetings with participants
chosen for their familiarity with the risk categories on the agenda can be used to assess risks.
Members of the project team as well as experts from outside the project are featured. During the
interview or meeting, the level of probability for each risk and its influence on each aim are
assessed. Explanatory material is also given, including assumptions that support the levels assigned.
The risk probability and impacts are graded using the risk management plan's definitions. Risks with
low probability and impact ratings will be added to the risk register as part of a watch list to be
monitored in the future.

Probability and Impact Matrix

Risks can be ranked and prioritised for further quantitative analysis and risk response planning. Risks
are assigned ratings based on their estimated likelihood and impact. A look-up table or a probability
and impact matrix are commonly used to assess the importance and priority of each risk for
attention. A matrix like this specifies probability and effect combinations that lead to risk ratings of
low, moderate, or high priority. Depending on the needs of the business, descriptive language or
numerical numbers can be employed.

Risk Data Quality Assessment

Risk data quality assessment is a strategy for determining the usefulness of risk data for risk
management. It entails assessing the degree to which the risk is comprehended, as well as the
correctness, quality, dependability, and integrity of the risk data. Using low-quality risk data could
result in a qualitative risk analysis that is useless for the project. If the data quality is poor, it may be
required to collect more data. Obtaining knowledge on hazards is frequently challenging and takes
more time and resources than anticipated. Figure 11-10 shows an example with representative
values. The number of steps in the scale is normally determined when the organization's risk attitude
is defined.

Risk Categorization

Risks to the project can be categorized by sources of risk (e.g., using the RBS), the area of the project
affected (e.g., using the WBS), or other useful categories (e.g., project phase) to determine the areas
of the project most exposed to the effects of uncertainty. Risks can also be categorized by common
root causes. This technique helps determine work packages, activities, project phases or even roles
in the project, which can lead to the development of effective risk responses.

Risk Urgency Assessment

Risks that require immediate action may be regarded more urgent. Probability of detecting the risk,
time to affect a risk response, symptoms and warning signals, and the risk rating are all examples of
priority indicators. The assessment of risk urgency is coupled with the risk ranking generated from
the likelihood and effect matrix in some qualitative analyses to produce a final risk severity rating.

Perform Qualitative Risk Analysis: Outputs

Project Documents Updates Project documents that may be updated include, but are not limited to:

• Risk register updates

As new information becomes available through the qualitative risk assessment, the risk register is
updated. Updates to the risk register may include assessments of probability and impacts for each
risk, risk ranking or scores, risk urgency information or risk categorization, and a watch list for low
probability risks or risks requiring further analysis.

• Assumptions log updates

As fresh information from the qualitative risk assessment becomes available, assumptions may
change. This new knowledge necessitates a re-evaluation of the assumptions log. Assumptions can
either be included in the project scope statement or kept separate in an assumptions log.

Perform Quantitative Risk Analysis

Quantitative risk analysis is the process of calculating the impact of recognised risks on the project's
overall goals. The main advantage of this method is that it generates quantifiable risk data to aid
decision-making and reduce project uncertainty. The process's inputs, tools and procedures, and
outputs.
Risks that have been prioritised by the Perform Qualitative Risk Analysis method as potentially and
significantly damaging the project's competing demands are subjected to Perform Quantitative Risk
Analysis. The technique of Quantitative Risk Analysis examines the impact of various risks on project
goals. It is primarily used to assess the cumulative impact of all project hazards. When the
quantitative analysis is driven by the risks, the procedure can be utilised to provide a numerical
priority ranking to each risk.

The method of Perform Quantitative Risk Analysis is usually followed by the procedure of Perform
Qualitative Risk Analysis. Due to a lack of sufficient data to create acceptable models, the Perform
Quantitative Risk Analysis method may not be viable in some circumstances. To establish the need
for the practicality of quantitative risk analysis, the project manager should use professional
judgement. Which method(s) to utilise on any given project will be determined by time and financial
constraints, as well as the necessity for qualitative or quantitative risk and impact statements.
Perform Quantitative Risk Analysis, as part of the Control Risks procedure should be done as needed
to determine if the overall project risk has been satisfactorily reduced. Trends may indicate that a
greater or lesser emphasis on suitable risk management activities is required.

Perform Quantitative Risk Analysis: Inputs

The risk management strategy includes quantitative risk analysis principles, methodologies, and
tools. The cost management strategy specifies how risk reserves should be established and
managed. Information from previous, similar completed projects is one of the organisational process
assets that might influence the Perform Quantitative Risk Analysis process.

Perform Quantitative Risk Analysis: Tools and Techniques

Data Gathering and Representation Techniques

Interviewing

To evaluate the probability and impact of risks on project objectives, interviewing techniques rely on
experience and historical data. The amount of data required is determined by the type of probability
distributions to be employed.

Probability distributions

Continuous probability distributions, which are used extensively in modelling and simulation,
represent the uncertainty in values such as durations of schedule activities and costs of project
components. Discrete distributions can be used to represent uncertain events, such as the outcome
of a test or a possible scenario in a decision tree.

Expert judgement is necessary to identify potential cost and schedule consequences, evaluate
probability, and define inputs such as probability distributions into the tools (preferably utilising
experts with relevant, recent experience). In the interpretation of the data, expert judgement is also
used. Experts should be able to recognise both the tools' strengths and weaknesses. Experts can
assess whether or not a particular tool is more suited in light of the organization's capabilities and
culture.

Perform Quantitative Risk Analysis: Outputs

Project documents are updated with information resulting from quantitative risk analysis. For
example, risk register updates could include:

Probabilistic analysis of the project

Potential project schedule and cost outcomes are estimated, with possible completion dates and
costs listed along with their corresponding confidence levels. This data, which is frequently stated as
a cumulative frequency distribution, is combined with stakeholder risk tolerances to calculate cost
and time contingency reserves.

Trends in quantitative risk analysis results

As the study is repeated, a pattern may emerge, leading to conclusions that influence risk responses.
Historical project schedule, cost, quality, and performance information should be updated to reflect
new insights received through the Perform Quantitative Risk Analysis procedure. A quantitative risk
analysis report could be used to document such a history. This report could stand alone or be linked
to the risk registry.

Probabilistic analysis of the project

Potential project schedule and cost outcomes are estimated, with possible completion dates and
costs listed along with their corresponding confidence levels. This data, which is frequently stated as
a cumulative frequency distribution, is combined with stakeholder risk tolerances to calculate cost
and time contingency reserves. Such contingency reserves are required to reduce the risk of project
objectives being exceeded to a level acceptable to the organisation.

Probability of achieving cost and time objectives

With the risks facing the project, the probability of achieving project objectives under the current
plan can be estimated using quantitative risk analysis results. For instance, the likelihood of
achieving the cost estimate of US$41 million is about 12%.

Prioritized list of quantified risks

This list comprises the risks that provide the biggest threat to the project, as well as those that
present the greatest opportunity. These are the risks that are most likely to influence the critical
route and have the largest impact on cost contingency. In some circumstances, these risks can be
assessed using a tornado diagram developed as a result of the simulation analysis.

Plan Risk Responses

Plan Risk Responses is the process of coming up with ideas and activities to improve opportunities
and mitigate threats to project goals. The main advantage of this method is that it prioritises the
risks and adds resources and activities to the budget, timetable, and project management plan as
needed. The process's inputs, tools and procedures, and outputs.

The Perform Quantitative Risk Analysis phase is followed by the Plan Risk Responses step (if used).
Each risk response necessitates knowledge of the process through which it will mitigate the risk. This
is the method for determining whether the risk response plan is working as intended. It entails
identifying and assigning one person (a risk response owner) to be in charge of each agreed-upon
and funded risk response. Risk solutions should be appropriate for the risk's importance, cost-
effective in meeting the challenge, feasible in the context of the project, agreed upon by all parties
involved, and owned by a responsible person. It is frequently necessary to choose the best risk
response from a variety of possibilities. The Plan Risk Responses method outlines some of the most
prevalent techniques to risk response planning. Threats and opportunities that can affect project
success are classified as risks, and remedies are outlined for each.
Plan Risk Responses: Inputs

Roles and duties, risk analysis definitions, time for reviews (and for eliminating risks from review),
and risk thresholds for low, moderate, and high risks are all important components of the risk
management plan. Risk thresholds aid in identifying which threats necessitate certain responses.

The risk register refers to identified risks, root causes of risks, lists of potential responses, risk
owners, symptoms and warning signs, the relative rating or priority list of project risks, risks that
require immediate responses, risks that require additional analysis and response, trends in
qualitative analysis results, and a watch list, which is a list of low priority risks within the project.

Plan Risk Responses: Tools and Techniques

There are several risk response strategies to choose from. For each risk, the most effective strategy
or combination of solutions should be chosen. To select the most appropriate responses, risk
analysis approaches such as decision tree analysis can be employed. Specific activities, including
primary and backup strategies, are designed to achieve the approach. If the chosen approach does
not prove to be totally effective or if an approved risk arises, a fall back plan might be established for
implementation. Secondary dangers should be examined as well. Secondary risks are risks that arise
as a direct result of implementing a risk response. A contingency reserve is often allocated for time
or cost. If developed, it may include identification of the conditions that trigger its use.

Strategies for Positive Risks or Opportunities

Three of the four replies are recommended for dealing with risks that could have a positive impact
on project goals. Accept is the fourth technique, and it can be utilised for both negative and positive
risks or possibilities. These techniques are to exploit, share, improve, and accept, as stated below.

Contingent Response Strategies

Some responses are only activated if particular circumstances arise. For some risks, it is appropriate
for the project team to develop a reaction plan that will only be implemented under specific
predetermined conditions if it is deemed that sufficient warning will be provided. Missing
intermediate milestones or acquiring greater priority with a supplier are examples of events that
should be identified and tracked in order to trigger the contingency response. Contingency plans or
fall back plans are risk responses identified using this technique, and they include recognised
triggering events that put the plans into action.

Project Documents Updates

In the Plan Risk Responses process, several project documents are updated as needed. For example,
when appropriate risk responses are chosen and agreed upon, they are included in the risk register.
The risk register should be written to a level of detail that corresponds with the priority ranking and
the planned response. Often, the high and moderate risks are addressed in detail. Risks judged to be
of low priority are included in a watch list for periodic monitoring.

Monitor Risks and Control

The process of implementing risk response plans, recording recognised risks, monitoring residual
risks, detecting new risks, and evaluating risk process efficacy throughout the project is known as risk
control. The main benefit of this procedure is that it increases the efficiency of the risk strategy
throughout the project life cycle, allowing risk responses to be constantly optimised. The process's
inputs, tools and procedures, and outcomes. The risk register's planned risk responses are
implemented throughout the project's life cycle, but the project's activity should be regularly
assessed for new, changing, and outdated risks. The Control Risks process applies techniques, such
as variance and trend analysis, which require the use of performance information generated during
project execution.

Choosing alternate tactics, implementing a contingency or fall back plan, taking corrective action,
and altering the project management plan are all examples of how to manage risks. The risk
response owner updates the project manager on the plan's effectiveness, any unintended
consequences, and any necessary adjustments to handle the risk effectively on a regular basis. For
the benefit of future projects, Control Risks also entails updating organisational process assets, such
as project lessons learned databases and risk management templates.

Control Risks: Inputs

Project Management Plan

The project management plan, which includes the risk management plan, provides guidance for risk
monitoring and controlling.

Risk Register

Risk Register Identified risks and risk owners, agreed-upon risk responses, control actions for
assessing the effectiveness of response plans, risk responses, specific implementation actions, risk
symptoms and warning signs, residual and secondary risks, a watch list of low-priority risks, and time
and cost contingency reserves are all key inputs to the risk register. The risk registry includes a watch
list that contains a list of low-priority risks.

Work Performance Reports

Work performance reports analyse data from performance measurements to provide information on
project work performance, such as variance analysis, earned value data, and forecasting data. These
data points could be useful in reducing risk associated with poor performance.

Control Risks: Tools and Techniques

Risk Reassessment

Control Risks frequently leads to the discovery of new risks, the review of current risks, and the
closure of outdated risks. Risk reassessments for projects should be done on a regular basis. The
number and level of repetition that is appropriate depends on how well the project is progressing
toward its goals.

Risk Audits

Risk audits look into and document the effectiveness of risk responses in dealing with recognised
hazards and their core causes, as well as the risk management process as a whole. The project
manager is in charge of ensuring that risk audits are conducted on a regular basis, as specified in the
risk management plan for the project. Risk audits can be part of regular project review meetings, or
the team might hold separate risk audit sessions. Before the audit is carried out, the format and
objectives should be clearly specified.

Control Risks: Outputs

Work Performance Information As a Control Risks output, work performance information provides a
vehicle for communicating and supporting project decision making.

Change Requests Occasionally, putting in place contingency plans or workarounds results in a change
request. The Perform Integrated Change Control method is used to prepare and submit change
requests. Change requests may also contain suggested corrective and preventative actions.

• Recommended corrective actions: These tasks re-align project work performance with the project
management plan. Contingency preparations and workarounds are among them. The latter are
unplanned responses that are required to deal with rising dangers that were previously undetected
or passively tolerated.

• Recommended preventive actions: These tasks ensure that the project work is performed in
accordance with the project management plan in the future.

Project Management Plan Updates

If accepted change requests have an impact on risk management processes, the project
management plan's associated component documents are changed and reissued to reflect the
approved changes. The parts of the project management plan that can be amended are the same as
those that can be updated in the Plan Risk Responses procedure.

Project Documents Updates Project documents that might be updated because of the Control Risk
process include, but are not limited to the risk register. Risk register updates may include:

• Risk reassessments, risk audits, and periodic risk reviews yielded the following results. New risks
may be identified, as well as revisions to probability, impact, priority, action plans, ownership, and
other risk register features. Closing risks that are no longer relevant and releasing their related
reserves are examples of outcomes.

• Actual results of the project's hazards and actions to those risks. This data can assist project
managers in preparing for risk in their businesses and on future projects.

Implement Risk Responses

The Implement Risk Responses procedure is where you take your preparedness strategies and put
them into action. The implementation of risk response plans is critical since talking about a potential
problem is not always enough to get it fixed.

There is no single time to do this; you will be identifying risks throughout your project, and you will
design and implement a risk response plan as and when you come up with a new one. Make time
during the project to consider how to carry out the risk response strategy's implementation –
include it in your regular risk meetings.

Inputs

The inputs to this process are:

 The project management plan, and in particular, the risk management plan section
  Project documents including the lessons learned register, the risk register (because this is
where you will have written down what you are supposed to be doing) and risk reports if
you have them
 Organisational process assets.

The names of those responsible for the risk management process will be listed in the risk
management strategy, which will aid in assigning ownership of management actions. You might also
have information in there about the degree of acceptable risk, which is what you are aiming for with
your risk management operations. It is not always required to eliminate all risk; sometimes simply
lowering it to a level that is acceptable to the project or organisation is sufficient.

Tools and Techniques

The type of implementation you are undertaking will heavily influence the tools and techniques you
use. The implementation of the ‘acceptance' technique is obviously very different from going all-out
to neutralise it with a massive action plan.

Outputs

The outputs of this process are:

• Project document updates, particularly to the issue log, lessons learned register, team
assignments (as people's work assignments need to be updated to reflect their new tasks), the risk
register, and risk reports (because your plans might involve adding or removing tasks from your
project schedule, for example).

The procedure is in place to remind you that risk responses are not just something you talk about.
You do not want to be in the situation where you have written down your risks and have a great risk
log, but nothing happens to actually take action on them.

Conclusion

Glossary

Case Study

Corporate Social Responsibility (CSR) and Project Management

Corporate Social Responsibility (CSR) has gained significant momentum in recent years. The push is
on to identify projects that reflect the corporation’s sense of social responsibility and to tailor
projects to reflect that sense. This is perhaps a step in the right direction when it comes to the
corporation’s position in the host community, but is extremely difficult and complex in its
implementation. Two key factors contribute to its difficulty.

These issues are compounded when a corporate citizen of one country engages in work in another
with different social values. The chances of a conflict between two social groups who are
stakeholders in the venture increase because of the cultural differences between the stakeholders in
the home community and those in the foreign country. Companies have invested millions of dollars
developing their CSR persona only to see it destroyed by one ugly conflict that gets media exposure.
The results achieved by the CSR investment are not newsworthy while the single incident that
tarnishes that image is.
Take the recent debate over the behaviour of Canadian mining companies overseas and in South
America for example. The media exposure was triggered by a private members bill (C-300) proposed
by a member of the Canadian parliament. The bill asks that the federal government assume the
power to investigate complaints that any Canadian mining company failed to comply with
international human rights and environmental standards. On the face of it, there does not seem to
be anything a socially responsible mining company could object to. The problem is that the bill
cannot guarantee that the accused mining company would have the ability to confront their accuser
to answer the charges and that is what the association representing Canadian mining companies is
objecting to. The debate on the bill has spawned two stories in the Toronto Star about potential
problems with mining operations in Ecuador, Argentina, and Papua New Guinea.

According to the article by staff reporter Brett Popplewell in the Monday, November 23, 2009
edition of the Toronto Star, the company is engaged in a project to build an open pit copper mine in
Ecuador. The mine has provided jobs for one Ecuadorian community and is popular with it as a
result. Another community is fiercely opposed to the project because they fear the mine will
negatively affect their small farms and this has led to conflict between the two communities. The
companies claim to have followed all the mining laws, rules, regulations, and standards of the
countries they are operating in. They further claim to have followed their own code of ethics. The
initiation of the mining project, in the case of the Ecuadorian mine, was enough to initiate a conflict
between the two communities in the area of the mine. There may or may not have been something
the mining company could have done to avoid the conflict but they should at least have anticipated
the risk of this happening and if no mitigation strategy was feasible they could then have decided
whether they wanted to assume the risk. The object lesson for project managers here is that the
exercise of risk identification must be expanded to include not only the risks of a culture clash
between the foreign country hosting the project and the corporation’s country, but those of
different stakeholder groups within the host country.

Self-Assessment Questions

Multiple Choice Questions

Essay Type Questions         

Answers to Self-Assessment Questions

Post-Unit Reading Material

Manifesto for Agile Software Development. (2001). Retrieved from http://agilemanifesto.org/

Project Management Institute. 2013. Managing Change in Organizations: A Practice Guide.

Newtown Square,PA: Author.

Project Management Institute. 2017. A Guide to the Project Management Body of

Knowledge (PMBOK®Guide) – Sixth Edition. Newtown Square, PA: Author.

Project Management Institute. 2013. Software Extension to the PMBOK® Guide Fifth
Edition. Newtown Square,PA: Author.
Topics for Discussion Forums

Clements/Gido, Effective Project Management, Thomson

Clifford F. Gray and Erik W. Larson, Project Management, Tata McGraw Hill

Dennis Lock, Project Management, Ninth Edition, Gower

K. Nagarajan, Project Management, Third Edition, New Age International

P.C.K. Rao, Project Management and Control, Sultan Chand & Sons Prasanna Chandra,
Projects –

Planning, Selection, Financing, Implementation, and Review, Sixth Edition, Tata McGraw
Hill

Vasant Desai, Project Management, Second Revised Edition, Himalaya Publishing House