PMP PREPARATION : RISK

I cleared my PMP on 26th may 2014. I have gone through all the three books PMBOK, RITA MULCAHY'S and HEAD FIRST. During preparation I made few notes. so the material has been picked up from all the three books and these are just the key points. 
 NOTE : IT IS RECOMMENDED THAT ONE SHOULD READ THESE POINTS IN DETAIL FROM THE BOOKS (which ever interests you more) AND ONLY AFTER YOU HAVE FINISHED A THOROUGH READING, YOU CAN GO THROUGH THESE POINTS FOR CONSOLIDATION.

RISK

EVERYONE should be involved in Risk Identification

• RISK MANAGEMENT : Increase the probability and impact of opportunities and decrease the probability and impact of threats.

We will talk more about the opportunities and threats later in this post

• RISK REGISTER : 

1. List of risks
2. List of potential responses 
3. Root cause of risks

• RISK APPETITE :  High level description of the acceptable level of risk.
• RISK TOLERANCE :  More specific, measurable amount of acceptable risk.
• RISK THRESHOLD :  One specific point where risk becomes unacceptable.

Risk appetite, Risk tolerance and Risk Threshold are part of EEF.

• RISK AVERSE :  Someone who does not want to take risk.

• RISK FACTORS :  

1. Probability (how likely)
2. Impact (range, amount at stake)
3. When (expected time)
4. How often (frequency)

• RISK CATEGORIES (Sources Of Risk) : External, Internal, Technical, Unforeseeable etc.

• BUSINESS RISKS : Risk of a gain or loss. you take a risk. If it worked you get profit if it fails you are in loss

• PURE (INSURABLE) RISKS :  Only a risk of loss. e.g. theft fire.

• UNCERTAINTY : Lack of knowledge about an event reduces confidence in conclusions.

• WORK AROUND : Unknown risk event occurs. Something you did not know and you have not planned, then you do work around. 

Unplanned responses to deal with unanticipated events or problems

• QUALITATIVE RISK ANALYSIS :  Subjective evaluation. no numbers included. you can use this for 

1. Comparing the risk of the project to the overall risk of the other projects.
2. To decide if the project should be terminated or continued.

• RISK DATA QUALIY ASSESSMENT :  The data/ information you have collected about the risk, how accurate/ well understood is that.

• WATCH LIST :  Risks with low probability and low impact. Non critical risks. Document them and revisit and analyze them time and again as the project progresses.

• DECISION TREE : When to use 

1. If you have to use between many alternatives e.g. which option should i choose or how will i solve this problem.
2. In more complex situations.
3. It takes future evens in making the decision today.
4. It can evaluate the cost and benefit of several risk response at once to determine which would be the best options

• STRATEGIES FOR NEGATIVE RISKS (THREATS) : ATMA 

Avoid : Act to eliminate

Transfer : Do not eliminate, shift the impact

Mitigate : Reduce

Accept : Ack and not take any action

Which one to use  : Criticality level  : 

High : Avoid, Mitigate

Low : Transfer, Accept

• STRATEGIES FOR POSITIVE RISKS (OPPORTUNITIES) : ESEA

Exploit : Opportunity is realized, take advantage, assign best resources to it, allocate more funds.

Share : Third party who is best able to capture the benefits

Enhance : increase the probability by influencing trigger.

Accept : Acknowledge and not take any action

Note that accept is in both the strategies.

• CONTINGENCY PLAN : Do something if the risk happens. Should be measurable so that you can evaluate the effectiveness.

• FALLBACK PLAN : Do something if the contingency plan does not work or is only partially effective. 

• RESIDUAL RISKS : These are the risks that remain after the risk response planning.

As the name suggests. A risk occurs, you implement the risk response Planning, still some risks remain. That is residual risk.

• SECONDARY RISKS : Any risk created by the implementation of selected risk response.

A risk occurs, you implement the risk response, because of which some new risk comes up, that is secondary risk.

Be clear. You implemented a risk response. Still some risk left that is residual and some new risk came up that is secondary.

• RISK TRIGGERS : Conditions that cause a risk.

• RISK AUDIT : Outside party. They also audit how effective your overall processes for risk planning are.

• TECHNICAL PERFORMANCE MEASUREMENT : Compare the performance of your project with the planned performance. Check milestones.

• MANAGEMENT RESERVE : 

1. Money set aside to handle any unknown costs that come up on the project
2. Unknown - unknown (you don't know the risk you don't know the impact)
3. Things that you have not planned for but could impact your project.

• CONTINGENCY RESERVE : 

1. Money set aside for controlling risks
2. Known - unknowns (you know the risk but you don't know the impact)
3. Risks that you know about and planned and put in your risk register

Please feel free to ask questions or a detailed explanation of any topic. Let me know if you want me to add any topic and if anything you find wrong. Please leave a comment if you find it useful.