CAPM Exam & PMP Exam Study Notes:
Project Risk Management
Written By: Alvin the PM | Last Updated: June 12, 2021
Topic: CAPM Exam & PMP Exam Certification Study Notes
Listed below are my CAPM Exam & PMP Exam Study Notes for Project Risk Management that I’ve used to pass my own CAPM Exam, and which I also intend to use for my 2021 PMP Exam Preparation.
If you find any of my website notes and Youtube Videos helpful to pass your CAPM Exam or PMP Exam, considering supporting me by buying me a cup of “virtual” coffee by clicking the below link.
❤️ SUPPORT Alvin the PM by buying me “virtual” coffee ❤️
Please Note: These notes are meant to be a supplementary aid, and not as your primary study material for your CAPM Exam and/or PMP Exam. This is meant to help clarify any confusing topics and explain the most challenging concepts which are difficult to understand & remember. Please reference your own Exam Prep Book or your PMBOK Guide for further detail.
I’ve listed the Knowledge Area below, with an explanation of the following:
1) Overview of each Process Group
2) Reference Section & Page in PMBOK 6th Edition
3) ITTO Summary & Analysis (Input, Tool, Technique, Output)
>> Any items marked with an * asterisk are the unique ones & critical topics to master
4) Key Concepts & Helpful Exam Prep Information
Overview of Risk Management
Risk Management is split up into the following seven (7) Process Groups:
1) Plan Risk Management (PL)
2) Identify Risks (PL)
3) Perform Qualitative Risk Analysis (PL)
4) Perform Quantitative Risk Analysis (PL)
5) Plan Risk Response (PL)
6) Implement Risk Response (EX)
7) Monitor Risks (M&C)
Purpose: Planning how you will perform Risk Management, determine and analyze all Project Risks, their Responses, and the technique for Monitoring & Controlling Risks throughout the entire project’s lifecycle
>>Alvin’s Exam Tip:
Alvin the PM
Risks emerge throughout the entire project, and by performing Risk Management on an iterative basis, we can ensure the project’s goals and objectives are successfully met.
Key Concepts:
1. Risk – An uncertain event that if it occurs, has either a positive or a negative impact on the goals of the project
2. Types of Risks:
(1) Individual Project Risk – Impacts (positively or negatively) the outcome of a specific sub-goal of a project, and not the entire outcome of the project
(2) Overall Project Risk – Impacts (positively or negatively) the entire project
Process #1: Plan Risk Management
1.1 Risk Management: Plan Risk Management (PL)
– Pg. 401, PMBOK 6th Edition
Purpose: Planning how your Team will actively manage risks for the project
– How will we carry out all activities for Risk Management?
– How do we carry out the risk identification & planning activities?
REMEMBER – You do NOT identify risks or the risk response strategies during this time!!
>> Alvin’s Exam Prep Tip: Not addressing risks early on, can result in costly issues later on in the project
Alvin the PM
ITTO Analysis: Plan Risk Management
1) What do You Need? (Input)
– Project Charter, Project Management Plan, Project Documents, EEF/OPA
>> Project Documents: Stakeholder Register
2) What is the Result? (Output)
– *Risk Management Plan
3) How Do You Accomplish It? (Tool/Technique)
– Expert Judgment, Data Analysis, Meetings
>> Data Analysis: *Stakeholder Analysis
Key Concepts:
1. You need the Stakeholder Register for Planning Risk Management, so that you’ll have an understanding of what each stakeholder’s risk appetite/threshold is
Key Terms to Remember:
1. Risk Management Plan – Outlines how the team will conduct Risk Management Activities. It covers the following:
(1) What will our approach be?
(2) Frequency of Risk Management Activities? During which phases of the project will Risk Mgmt be conducted?
(3) Which stakeholders will be involved & what are their risk appetites?
(4) Budgeting for contingency & management reserves
(5) Decomposition of risks into a hierarchy of categories (Risk Breakdown Structure)
(6) Definition of levels for Risk Probability & Impact
(7) What will our process be for reporting and formally tracking risks?
2. Risk Breakdown Structure (RBS) – Similar to a WBS, but breaks down Risks into different categories
3. Probability & Impact Matrix (P&I): A matrix which assigns numerical or descriptive scoring, based upon…
–> Probability of the Risk coming to fruition
–> Impact of the Risk
This results in a Risk Probability-Impact Score (either numerically such as 3; or, descriptive such as High-High, Medium-Medium, etc)
Process #2: Identify Risks
1.2 Risk Management: Identify Risks (PL)
– Pg. 409, PMBOK 6th Edition
Purpose: Determining the risks which may impact your project
ITTO Analysis: Identify Risks
1) What do You Need? (Input)
– *Agreements, *Procurement Documentation, Project Management Plan, Project Documents, OPA/EEF
>> Project Management Plan: Baselines (Scope, Schedule, and Cost); Different Management Plans (Requirements, Schedule, Cost, Quality, Resource, and Risk Management Plan)
>> Project Documents:
Logs (Assumptions, Issues, Lessons Learned, Stakeholder Register),
Estimates (Cost and Duration), Requirements (Requirements Documentation, Resource Requirements)
2) What is the Result? (Output)
– *Risk Register, *Risk Report, Updates to Project Documents
3) How Do You Accomplish It? (Tool/Technique)
Interpersonal & Team Skills; Meetings, Prompt Lists, Expert Judgment; Data Gathering & Analysis
>> Data Gathering: Brainstorming, Checklists, Interviews
>> Data Analysis: Root Cause Analysis, Assumption & Constraints, SWOT, and Document Analysis
Key Concepts:
1. Assumption & Constraint Analysis – Which Assumptions or Constraints pose a risk to the project? Are any assumptions incorrect? Can any constraints be made more flexible to help provide opportunities to minimize/mitigate risks?
2. Facilitation – Helps remove bias from a conversation and focuses on collaboration
Key Terms to Remember:
1. Risk Register: A list of potential project risks, owners of each risk, and a potential risk response
2. Risk Report: Report summarizing the project risks
3. Prompt List – An already established list of Risk Categories to facilitate with Risk Brainstorming Identification Sessions. Examples include
–> PESTLE (political, economic, social, technological, legal, environmental)
–> TECOP (technical, environmental, commercial, operational, political)
–> VUCA (volatility, uncertainty, complexity, ambiguity)
Process #3: Perform Qualitative Risk Analysis
1.3 Risk Management: Perform Qualitative Risk Analysis (PL)
– Pg. 419, PMBOK 6th Edition
Purpose: From the risks which were identified by the Team, you’ll work with your Team members to determine the High-impact and High-Priority risks which should be analyzed further (i.e. based upon their Impact & Likelihood of Occurrence)
ITTO Analysis: Perform Qualitative Risk Analysis
1) What do You Need? (Input)
-Project Management Plan, Project Documents, OPA/EEF
>> Project Management Plan: Risk Management Plan
>> Project Documents: Logs (Assumption, Risk and Stakeholder Register)
2) What is the Result? (Output)
Updates to Project Documents
3) How Do You Accomplish It? (Tool/Technique)
– Expert Judgment; Meetings; Data Gathering, Analysis, & Representation; Interpersonal & Team Skills; *Risk Categorization;
>> Data Gathering: Interviews
>> Data Analysis: *Data Quality Assessment, *Probability & Impact Assessment, *Assessment of other Parameters
>> Data Representation: Probability & Impact Matrix, Hierarchical Charts
>> Interpersonal and Team Skills: Facilitation
Key Concepts:
1. The Key Deliverable from this Process is to update the Risk Register -> Creating a sorted list of risks which have the highest priority & impact, as well as a Watch List for low risks to be on the lookout for
1. Hierarchical Chart – A bubble graph showing the relationship between three-dimensions of data, for >2 Risk Parameters (e.g. impact, detectability, proximity)
Key Terms to Remember:
1. Risk Data Quality Assessment – How accurate and reliable is the data that was generated for the risks?
2. Risk Probability & Impact Assessment – Evaluate the Likelihood of Occurrence and Impact of each Risk;
>> What is the Impact on the goals of project? Cost, Schedule, Quality, Performance
3. Risk Categorization – Categorize risks based upon Root Causes, project phase, team owners, budget, areas of the project
Process #4: Perform Quantitative Risk Analysis
1.4 Risk Management: Perform Quantitative Risk Analysis (PL)
– Pg. 428, PMBOK 6th Edition
Purpose: In this process, you’ll numerically analyze and ‘quantify’ the effect of the narrowed down risks from the previous process, Qualitative Risk Analysis.
The output of this process is then used as supplementary information for Planning Risk Responses.
ITTO Analysis: Perform Quantitative Risk Analysis
1) What do You Need? (Input)
-Project Management Plan, Project Documents, OPA/EEF
>> Project Management Plan: Risk Management Plan and Baselines (Scope, Schedule, Cost)
>> Project Documents: Assumption Log, Estimates (Basis of Estimates, Cost, Duration), Forecasts (Schedule & Cost), Milestone List, Resource Requirements, Risk Register & Report
2) What is the Result? (Output)
Updates to Project Documents (Risk Report)
3) How Do You Accomplish It? (Tool/Technique)
– *Representations of Uncertainty; Expert Judgment; Data Gathering & Analysis; Interpersonal & Team Skills;
>> Interpersonal & Team Skills: Facilitation
>> Data Gathering: Interviews
>> Data Analysis: Simulation, Sensitivity Analysis, Decision Tree Analysis, Influence Diagrams
Key Concepts:
REMEMBER – Performing Quantitative Risk Analysis is NOT required for every project!!
To perform quantitative risk analysis, you may want to analyze the data using Simulation software (e.g. Monte Carlo).
If you’re analyzing your Cost Risks, you’ll need your Cost Estimates. If you’re analyzing your Schedule Risks, you’ll need your Duration Estimates.
Performing Quantitative Risk Analysis can produce histograms (e.g. S-Curve) illustrating what is the Probability of achieving a Project Cost or Schedule. For example, there’s a 75% probability of meeting a Cost of <$1M. The main project deliverable after performing Quantitative Risk Analysis, you’ll be updating your Risk Report.
Key Terms to Remember:
1. Representations of Uncertainty – This is a technique which uses a Probability Distribution Curve to analyze the likely values for duration, cost, and/or resources required. >> Examples of probability distributions used are beta, discrete, triangular, lognormal, normal, uniform, and triangular.
2. Decision Tree Analysis – Technique which calculates the Expected Monetary Value to help you and your Team determine the best path to follow, when taking into consideration activity costs
3. Influence Diagram – Visual tool that helps understand the relationship, sequencing of events, and their effects between these project outcomes
4. Sensitivity Analysis – This technique is used to determine which risks have the BIGGEST impact on your project’s goals.
>> A commonly used example is the Tornado diagram, which shows activities or risks in descending order based upon the strength of correlation
5. Monte Carlo Analysis – This is a technique which runs simulations many times over and over in order to calculate the probability and impact if a risk occurred, and displays this information in an S-Curve graph (i.e. cumulative probability distribution)
>> For risks associated with Costs and Schedule, this quantifies the probability and confidence of achieving a project goal, using initial estimates for your project’s planned Cost and Schedule Durations.
EXAMPLE OF MONTE CARLO ANALYSIS
Let’s say you’re working on a project and one of the biggest risks is associated with scheduling – specifically, how long will the Prototyping Development Stage of your project take? This is due to the complexity and inherent risks with using a new technology that your Team doesn’t have experience working with.
From working with your team, you have a very rough estimate, along with best-case and worst-case estimates.
Given this information, the Monte Carlo Analysis Simulation Technique evaluates these different combinations and outputs the different probabilities for when you can expect to complete the Prototyping Development Phase of your project.
It will produce an S-probabilistic distribution curve and give you a range of potential outcomes for the end date of your project’s prototyping work. For example, it might tell you that…
>> (1) You have a 60% chance of completing all Development work within 48 weeks
>> (2) You have a 95% chance of completing the activity in 60 weeks.
Process #5: Plan Risk Response
1.5 Risk Management: Plan Risk Response (PL)
– Pg. 437, PMBOK 6th Edition
Purpose: In this process, you’ll be developing & choosing which strategies will be used to minimize negative risks, or enhance the opportunity of positive risks.
ITTO Analysis: Plan Risk Response
1) What do You Need? (Input)
-Project Management Plan, Project Documents, OPA/EEF
>> Project Management Plan: Risk & Resource Management Plan and Cost Baselines
>> Project Documents: Logs (Lessons Learned, Risk, and Stakeholder Register), Project Schedule, Team Assignments, Resource Calendar, Risk Report
2) What is the Result? (Output)
*Change Requests, Updates to Project Management Plan & Project Documents
3) How Do You Accomplish It? (Tool/Technique)
Unique Tools: Strategies for Threats, Opportunities, and Overall Project Risk; Contingent Response Strategies
Other Tools: Expert Judgment, Data Gathering & Analysis, Interpersonal & Team Skills, Decision Making
>> Interpersonal & Team Skills: Facilitation
>> Data Gathering: Interviews
>> Data Analysis: Cost-Benefit and Alternatives Analysis
>> Decision Making: Multicriteria Decision Analysis
Key Concepts:
STRATEGIES FOR NEGATIVE RISKS (“Threats”)
1. Accept – Accept that there is a risk, however you don’t take any action in response to the risk.
>> When to use? For low-priority and low-impact risks
2. Avoid – Removing the threat, preventing it from happening, or shielding the project from its consequence
>> This is the best strategy to use since it completely prevents the risk from happening, but may not be possible in most scenarios, due to resource constraints
>> When to use? Use for Severe & Critical Risks which have a HIGH Likelihood of Occurring, and a HIGH Impact
3. Escalate – If the risk is NOT under your control, you will “ESCALATE” this risk concern to Management and your PMO
>> When to use? For risks which are OUTSIDE the project’s scope. Or, if you don’t have the authority or influence to manage the risk, you ESCALATE it up the Vertical ladder in your organization
4. Mitigate – This is about decreasing the risk’s LIKELIHOOD and/or IMPACT that it will have on the project
5. Transfer – You’re giving a third party the full ownership for managing the risk, as well as the consequence if the risk occurs
>> When to use: If you don’t have sufficient resources, staff, equipment, or technical knowledge in the area
STRATEGIES FOR POSITIVE RISKS (“Opportunities”)
– How can you put all of your attention to make your “opportunities” (or, what’s known as Positive Risks) happen, if there will be a HUGE benefit and opportunity to your project?
1. Accept – We do nothing. It will happen or it won’t happen.
2. Enhance – Increasing the likelihood that an Opportunity will occur, as well as its impact.
3. Escalate – “Escalating” the risk to management
4. Exploit – Doing EVERYTHING you possibly can so that the opportunity happens
5. Share – Transferring ownership to a third-party so they also share in some of the benefits.
>> So for example – I can’t do it by myself, and I need someone else’s help. Is there anyone I can partner with to accomplish the goal and reap the benefits of this “opportunity”?
Key Terms to Remember:
1. Contingency Plan (Fallback Plan) – A Back-up Risk Strategy if the implemented original risk mitigation strategy does not prove to be effective
2. Secondary Risks – Risks which occur after implementing a Risk Response
3. Contingency Reserve – Allocate contingencies, for time or cost
4. Residual Risk – The leftover risk after you’ve implemented your Risk Response Strategy. For example, you’ve mitigated the Risk, but there’s still some risk remaining which you still have to manage.
Process #6: Implement Risk Responses
1.6 Risk Management: Implement Risk Responses (EX)
– Pg. 449, PMBOK 6th Edition
Purpose: In this process, you’ll be executing the Risk Responses which were agreed upon by the Team and captured in the Risk Register & Report.
ITTO Analysis: Implement Risk Responses
1) What do You Need? (Input)
-Project Management Plan, Project Documents, OPA/EEF
>> Project Management Plan: *Risk Management Plan
>> Project Documents: Logs (Lessons Learned, *Risk Register), and *Risk Report
2) What is the Result? (Output)
*Change Requests, Updates to Project Documents
3) How Do You Accomplish It? (Tool/Technique)
Expert Judgment, Interpersonal & Team Skills, PMIS
>> Interpersonal & Team Skills: *Influencing
Key Concepts:
1. If a Risk Response is implemented, that means the Risk came to fruition, and you’ll want to document any new issues & constraints which arise inside your Logs
>> Issue Log, Lessons Learned Register, Risk Register, and Risk Report
2. Project Team Assignments – If responses have to be executed, the team members will need to be assigned to execute those strategies
Key Terms to Remember:
1. Influencing – Encouraging your team members to take action
Process #7: Monitor Risks
1.7 Risk Management: Monitor Risks (M&C)
– Pg. 453, PMBOK 6th Edition
Purpose: Tracks and monitors the implementation of the Risk Responses, as well as the effectiveness of the Risk Management Process.
Also included, is identifying if there are any new risks which need to be addressed throughout the stages of the project.
ITTO Analysis: Implement Risk Responses
1) What do You Need? (Input)
–*Work Performance Data, Work Performance Reports, Project Management Plan, Project Documents, OPA/EEF
>> Project Management Plan: *Risk Management Plan
>> Project Documents: Issue Log, Lessons Learned Register, Risk Register, Risk Report
2) What is the Result? (Output)
*Work Performance Information, *Change Requests, Updates to Project Documents & Project Management Plan, Updates to OPAs
3) How Do You Accomplish It? (Tool/Technique)
*Audits, Data Analysis, Meetings
>> Data Analysis: *Technical Performance Analysis, *Reserve Analysis
Key Concepts:
In order to Monitor your Risks, you’ll need to have your Work Performance Data and Reports
>> (1) Work Performance Data – Raw data on the project’s status, # of risks, # of implemented risk responses, effectiveness of implementation, etc
>> (2) Work Performance Reports – Analysis of the Data, which reveals the project’s performance
Key Terms to Remember:
1. Risk Management Plan – Outlines HOW risks will be monitored, the frequency, and the key stakeholders involved with reviewing the risks
2. Technical Performance Analysis – Compare technical accomplishments/actual project results against the targeted baseline
3. Reserve Analysis – Compares amount of Contingency Reserve to the amount of risk remaining to identify if the remaining reserve is still acceptable
4. Audits – Evaluates how effective the Risk Management Process is, and helps us answer the following questions:
>> Is what we’re doing working?
>> Are we missing any risks?
>> Are we spending too little time on Risk Management?
>> How can we do things differently and make it better?
5. Work Performance Information reveals – How effective was our Risk Planning and Implementation Processes?
Conclusion
I hope you found the above information helpful with your Project Management Exam Prep Journey! If you found this useful and valuable, please feel free to SHARE and RECOMMEND this website with a friend. My goal is to help other Project Managers pass their own CAPM Exam and PMP Exam, and become Certified in Project Management. And, I can only do this with your help!
If my website or any of my videos on my Alvin the PM Youtube Channel have helped you out, I would be so thankful if you could spread the word and leave me a review! Drop me a comment on any of my Youtube videos or click this link to leave me a review.
Thanks again for stopping by, and I’m glad to have helped you on your Exam Prep journey!
Cheers, Alvin