PMI CAPM – Administer Project Risk Management Part 5

6. Control Project Risk

Welcome back to our risk management conversation. We’re now moving from planning over into monitoring and Controlling, where we’re talking about controlling project risk. Now, Controlling Project Risk is all about minimizing threats and maximizing opportunities to control risk. Here let’s take a look at controlling Risk and what we’re going to talk about in this lecture. Well, we need to implement those risk response plans that we’ve created. As part of risk response planning, we will track identified risks. So throughout our project, we’re going to monitor those residual risks, those tiny risks, the residue that a risk response can create.

And then we’re going to evaluate how effective is our risk response, or our entire risk process, I should say not just the responses, but our whole risk process effectiveness, our edo for controlling risk. We have the project management plan, the risk register, work performance data, and work performance reports, tools and techniques. You may have to do some risk reassessment. The probability and impact of a risk event could fluctuate depending on what is happening in your project risk audit. So how well are your risk responses working, that you test those out periodically to make sure that are valid and that they are effective should a risk event happen? We want to look at variance and trend analysis. If we start having a growing cost variance or schedule variance, that’s introducing a risk.

So there’s some trends here. That’s an opportunity for some corrective action or preventive action and to do some risk management on a trend specifically related to time and cost. Also technical performance measurements. So we think about in software development, how many escape bugs are we having? Or are the number of user stories that we’re able to create per iteration? Is that considerably less than what was anticipated? Or are we getting a lot of fails in UAT testing? So there’s a lot of things that we can track with technical performance. Same thing in construction. Are we not passing inspections? Are we having quality control issues in manufacturing? Are we having poor scope validation from our customers? So there’s a lot of things that are all related to the technical performance measurements, a lot of things related to the product that our project is creating.

And if we’re having problems with the product and acceptability or not passing QC, that’s probably a risk here related to our technical performance reserve analysis. So as risk events happen and we take monies out of the reserve, out of our contingency reserve, how much is left to cover, so to speak, the remaining distribution of risk in our project and of course, your favorite tool and technique meetings. Our outputs will be work performance information.

You may have change request, project management plan updates and project document updates and of course OPA updates here in risk monitoring and control. What are our main activities? Risk reassessment. Periodically we have to come in and look at our identified risk and say, is this probability is this impact? Are these still valid? Have they changed? And if they have, do we need to go back through quantitative risk analysis?

We want to do a risk audit periodically, especially on our high probability, high impact events or maybe even just our high impact events to see if our risk responses are valid. So we’re going to audit those and we don’t want the event to happen and then have a poor risk response. As I mentioned, we’re looking for variance and trend analysis, primarily in time and cost and then technical performance information. How well are we performing on scope and the product that we’re creating, looking for any trends with defects or not passing QC inspections, things like that.

And then reserve analysis. As I just mentioned that if a risk event happens and we take monies from the contingency reserve, what’s the balance of the reserve in relation to the exposure of the other risks still in the project and in status meetings? Status meetings are a great opportunity to talk about what risks are pending, remind risk owners of their responsibilities, go over thresholds and contingency plans and risk responses, things of that nature. So status meetings are a great opportunity to do a little bit of monitoring and controlling of risk events.

Some of the things to talk about here are monitoring and controlling. Remember work performance information. Well, we have data, work performance data is the raw data and observation information is usable information. So we’ve analyzed it, we’ve studied it, we’ve put it into a usable format. So that’s important because that’s where we’re going to be able to do some analysis of that data to look to see if there are risk lurking in our project change requests. As I mentioned, we might have corrective action or preventive action if we are seeing some trends in our cost and time variances and to some extent, even with our performance on technical aspects of the project, with our scope. That our project aims to create. You may have to update the project management plan because you may have to change your plan to accommodate risk or risk responses.

Same thing with project document updates. If you change your scope, that’s going to cause the product scope to be updated. That’s going to cause the work breakdown. Structure the WBS dictionary and the project plan eventually, then OPA organizational process assets may have to be updated because if you are creating responses, you’re creating lessons learned and the outcome of that information, that business becomes future historical information, just what we’ve seen throughout the project. All right, good job. That brings us to the end of this section on risk monitoring and controlling.

A lot of information. I know in this lecture and in this section for your exam, I want you to really think about looking back at those earlier processes we talked about in this chapter, about risk identification and planning in particular, and well, qualitative and quantitative analysis. All of those earlier processes are all part of planning. So it’s a really heavy piece of planning. Is risk monitoring controlling is one of our obviously monitoring and controlling risk part of our monitoring and controlling processes.

But out of all of the knowledge areas, look how many processes are just for risk management. So what I’m telling you is to spend a little bit more time for your exam in planning. When you study your planning, I would really look at the risk management planning processes in particular. A little hint there for you. A little heads up. All right, next up for you in the next lecture, I have a little game. I know you want to go out and do that and take a little bit of a break, and then we’ll continue moving forward in the course. Great job. You’re making fantastic progress. We’re almost done with the course, so keep going.

7. Section Wrap

Great job finishing this section on risk management. Now that you’ve finished the section on risk, are you ready to go to Vegas, play some blackjack? Did a little analogy get you going there? Did it test your stakeholder tolerance for risk, your utility function? I sure hope so. You are taking some risk. Well, that make your heart jump a little bit, right? Certainly there is risk that you could fail the exam, but there’s a reward if you do pass the exam.

You, however, are doing risk mitigation, that you are taking steps. Obviously you’ve reached this point in the course. You’re serious about passing the exam. You’re developing that mindset that you aren’t taking the test, you’re passing the test. And so you’re doing some risk mitigation that you’re reducing the probability and the impact of that negative risk from happening of that threat. So I don’t mean to scare you there. I just want to keep you motivated, keep you working towards passing the exam. You can do this. All right. In this section, we talked all about risk. Risk and reward, the idea of a business risk versus a pure risk. And we looked at planning, risk management.

How will we identify, analyze, respond to and control risk events? We also talked about creating the risk management plan with the probability and impact, creating that matrix, considering your stakeholder tolerance for risk or your risk appetite. In some cases, the reporting format and tracking of risk will be identified in the risk management plan. Then we looked at the process to identify risk. I’m always out there identifying risk and adding them to the risk register as I discover the risk. It’s an ongoing activity. I don’t just do this once and forget it. It happens all the time throughout the project. When I identify a risk, we put them in the risk register.

So the risk register also includes potential responses, what may be a root cause categories, and then we track it. And so we have risk status. We talked about qualitative analysis. Qualitative analysis qualifies the risk for more analysis. So this is typically done on an Ordinal scale, very low to very high or rag rating, where we have red, amber, green to rate our risk. So it’s kind of subjective. When a risk does qualify for more analysis, it goes into quantitative eleven four in the Pinbox quantitative risk analysis that we quantify the risk events. And this is usually for more serious risk, where we’re trying to quantify how much is this going to cost us.

So probability and impact, we talked about all the different activities we could do in quantitative analysis, with the end result being the expected monetary value. And that leads to our contingency reserve and risk exposure. So it gives us a probabilistic analysis of the project. Then we had our seven risk responses. So you remember these, right? We have three for negative and they are I know you said avoidance, mitigation, transference then we have three positive exploiting, sharing, and enhancing. And then we had one for negative or positive, and that was acceptance. Like the weather could be a risk. Sometimes you just have to accept it. Two terms that came out of this section as well. We had residual risk and secondary risk. Residual, usually smaller, tiny risk, like the residue it’s left after a risk response. Secondary risk is like the domino effect.

So one risk response causes a new risk, causes a new risk. So you’re creating a new risk, not necessarily a little one. Like the residual, like the residue of a response, secondary risk could be considerable. Our last process was to control the risk, implementing our responses, tracking the risk, monitoring those residual risk. When we have a risk, just to be clear, when we have a risk that has a low probability, low impact, we put those in the risk register on a low level watch list.

So we just don’t ignore them. We periodically come back to see, has their probability or impact changed. So that helps us to create work performance information. You might have some corrective action, like a corrective action or more likely a preventive action. And then you may have to update your project management plan, your project documents, or OPA a lot of information here. I know you did a great job. You’re taking some good action in your life to reach your goal. And I know if other people can do it, if I can do it, you can do it as well. Of confidence in you. So good job, keep moving forward. We’re almost done with this course. We got a few more sections to do. Don’t give up now. You’re so close. Keep going.