Uncertainty that may have positive or negative outcomes on the Proj future

Positive Risk = Opportunity

Negative Risk = Threat

Individual - risk identified in the Proj

- The R that PM during Proj Lifecycle

- The R of estimate being inaccurate

- The R of stakeholders becoming disengaged

- The R of Req's being low quality

Overall - risk of the Proj as a whole

- High lvl risk from external factors

- Proj Sponsor interest high

Pure - Always negative (fire, earthquake, accident)

Business - Negative or positive

- R that may affect budget, scope, schedule, etc.

Subjective amount of willingness for Risk

Ex: this year our Org will accept large amount of Rsk, to be able to grow faster

Numerical value of tolerable risks

Ex: this year our Org will risk $1,000,000 for  niche projects

Numerical value of Risk which is NOT accepted at that point.

Ex: Our Org will terminate the niche projects having a risk of $2,000,000 

Individual or Org that is not willing to accept any risks

Ex: Our Org will not accept any risk this year

An event that causes a risk to occur; early warning system that R is about to occur

Identified in the Identify Risks process and then monitored in he Monitor Risks process

Event-B R - risks that are related to events

- team member getting sick

- material prices jump

Non-event-B R - risks that are no related to a particular event

* Variability Risk - a gamut of possible results, but we can't predict which will actually occur. Monte Carlo. ex: efficiency above/below target, actual number of defects found during testing is higher/lower than expected

*Ambiguity Risk - due to the lack of knowledge we have; ex: new tech improvements, new regulations, etc. 

Event-B R - risks that are related to events

- team member getting sick

- material prices jump

Non-event-B R - risks that are no related to a particular event

* Variability Risk - a gamut of possible results, but we can't predict which will actually occur. Monte Carlo. ex: efficiency above/below target, actual number of defects found during testing is higher/lower than expected

*Ambiguity Risk - due to the lack of knowledge we have; ex: new tech improvements, new regulations, etc. 

Plan Risk Mgmt (P)- Risk Mgmt Plan

Identify Risks (P) - Risk Register, Risk Report

Perform Qual Risk Analysis (P)

Perform Quan Risk Analysis (P)

Plan Risk Responses (P) - Change Requests

Implement Risk Responses (E) - Change Req's

Monitor Risks (M&C) - Work Perf Info

Does NOT contain LIST of risks

[image]

As a result of Risk Cat we can manage risk better

[image]

Risk Mgmt Plan created:

* Success of RMP is examined

* May need to create change requests

Risks are identified:

* New risks may be defined

Existing risks might be re-evaluated (re-assess)

Qualitative risk analysis (short-list):

* Possibilities & Impacts are checked

* Risks in the watch list are monitored

* Contingency may be adjusted

Quantitative Risk Analysis:

* Results of the Quan are monitored

Existing risk responses are implemented:

* Existing risk responses may need to be adjusted

* New responses may be assigned to the risks

* Residual risks are reviewed

* Contingency reserves can be used if needed

* Unexpected results of the expected risk are determined

* Risk triggers are monitored

General:

* It is provided that everything is done according to the RMP

* Change requests created

* Be careful about newly raised risks as a result of change requests

* Any change or rev should be communicated

* Reserve & technical performance analysis done

* Risk audits are done

* If a risk is no more a threat then close it

Only and only if a risk included in the risk response plan occurs

Cost & Schedule baselines remain the same after using the contingency reserves

* Done if a risk without contingency plan occurs

* Immediate response without any prior plan

* Needed for passively accepted & unidentified R's

* High # of workarounds is an indicator of improper R_M