PM Certification and Risk Management

The diagram shows a comparison of versions 3 and 4 of the PMBOK. (Click the image for a larger view.) As you can see, not a lot has changed in terms of processes. The processes have simply been renamed to start with a verb. For the CAPM and PMP exams, it is important for you to recall the names of the processes as specified in the PMBOK. In other words, Risk Management Planning is not the same as Plan Risk Management.

The Project Risk Management knowledge area consists of the following processes:

• Plan Risk Management
• Identify Risks
• Perform Qualitative Risk Analysis
• Perform Quantitative Risk Analysis
• Plan Risk Responses
• Monitor and Control Risks

This process entails how you intend to manage risks. Key inputs to this process are: Project Scope Statement, Cost Management Plan, Schedule Management Plan, and Communications Management Plan. Your organization may also have a certain attitude towards risk and risk tolerance. Therefore, Enterprise Environment Factors is also a key input. The output of this process is the Risk Management Plan, which can include:

• Roles and Responsibilities
• Risk categories
• Definitions of risk probability and impact, which is useful in computing the Expected Monetary Value (EMV)
• Reporting formats
• Tracking

This process entails identifying risks and documenting their characteristics. Identify Risks is a process that you’ll revisit several times during the project. For example, you may identify risks during the daily team meeting. Key inputs to this process are: Risk Management Plan, Activity Cost and Duration Estimates, Scope Baseline, and Stakeholder Register. There may be other project documents, such as Assumptions Log and Work Performance Reports, which can help in this process.

Some Tools and Techniques used in this process are: Brainstorming, SWOT Analysis, and Expert Judgment.

The output of this process is the Risk Register, which contains the list of potential risks and the potential responses.

This process entails assessing the impact and likelihood of identified risks. The purpose (ouput) of this process is to prioritize risks and update the Risk Register, which was created in the Identify Risk process. Therefore, the Risk Register is a key input to this process. Other inputs are the Risk Management Plan and the Scope Statement.

Some Tools and Techniques used in this process are: Risk Categorization, Probability/Impact Rating Matrix, and Expert Judgment.

The output of this process is an updated Risk Register, which will contain relative ranking of risks and watch-lists of low priority risks.

This process involves the quantification of each risk with numerical values. Key inputs include: Risk Register, Risk Management Plan, Cost Management Plan, and Schedule Management Plan.

Some Tools and Techniques used in this process are: Expected Monetary Value Analysis Using Decision Trees and Expert Judgment.

The output of this process is an updated Risk Register, which will contain a prioritized list of quantified risks and probabilistic analysis of the project.

Risk Response planning involves the process of reducing negative risks (threats) and enhancing positive risks (opportunities). Key inputs include: Risk Register and Risk Management Plan.

Some Tools and Techniques used in this process are: Strategies for Negative Risks, Strategies for Positive Risks, and Expert Judgment.

Some outputs of this process are:

• An updated Risk Register, which will contain residual risks, secondary risks, and contingency amount.
• Project Management Plan Updates and Risk-related Contractual Agreements

This is the process of keeping track of risks during the project. It requires the Risks Register and Risk Management Plan as the key inputs. Some tools and techniques include Risk Audits and Status Meetings. Key outputs are: Risk Register Updates and Requested Changes.

For a complete list of Inputs, Tools and Techniques, and Outputs (ITTO), refer to the PMBOK.