Tổng hợp các khái niệm cần nắm về Project risk management  (Chapter 11) trong kỳ thi PMP

Chapter 11: Project risk management

Có  6 quy trình trong Project risk management:

  1. Plan risk management (Output: Risk management plan)
  2. Identify risks (Output: Risk register)
  3. Perform qualitative risk analysis (Output: Risk register updates + Project docs updates)
  4. Perform quantitative risk analysis (Output: Risk register updates + Project docs updates)
  5. Plan risk responses (Output: Risk register updates + Project docs updates + Project management plan updates)
  6. Control risks (Output: change requests, OPA, Risk register updates)


>> Thi Thử PMP Chuyên đề Project Risk Management 


  1. What is risk? an uncertain event or condition that, if it occurs, has a positive or negative effect on a Project’s objectives.
  2. Project risk management? includes the processes concerned with conducting risk, management planning, identification, analysis, responses plan, and monitoring.
  3. Plan risk management (P): Defining how to conduct risk management activities for a project. Output: risk management plan.
  4. Analytical techniques (TT): are used to understand and define the overall risk management context of the Project.
  5. Risk management plan components:
    1. Methodology: describes the tools, methods, and source of information which will used to perform risk management.
    2. Roles and responsibilities: who performs which tasks during all risk management activities.
    3. Budgeting: the anticipated cost for the risk management activities and the associated risk response plans, including contingency reserves.
    4. Timing: how often risk management activities will be performed and when within the Project schedule they will take place.
    5. Risk categories (Sources of risks): ~300 potential categories of risk, many ways to categorize / classify risks for grouping potential causes of risk => RBS (Risk Breakdown Structure). Such as:
      • External, Internal, Technical, Unforeseeable (small portion of risks ~10%).
      • Customer, Project management, customer’s customers, suppliers, resistance to change, lack of knowledge of Project management, cultural differences.
      • Schedule, cost, quality, scope, resources, customer satisfaction, stakeholder satisfaction.
    6. Definitions of risk probability and impact
    7. Probability and Impact matrix
  6. Identify risks (P)Determining which risks may affect the project and documenting their characteristics. Output: Risk register.
  7. Document reviews (TT): Structure review of Project documentation. Look at plans, requirements, docs… form organizational process assets, and any other relevant docs that Project team can find to squeeze every possible risk out of them.
  8. Information Gathering Techniques (TT):
    1. Brainstorming
    2. Delphi technique
    3. Interviewing
    4. Root cause analysis
  9. Checklist analysis (TT): Creating lists of risks that previously occurred in similar projects provides a useful template for understanding risks in a current Project.
  10. Assumption analysis (TT): Analyze assumption to ensure they are valid. Identify risks to the Project caused by incompleteness or inaccuracy of assumptions.
  11. Diagraming techniques (TT): various types of diagrams are typically used, including:
    1. Cause and effect diagram: help Project team find the root cause of risk.
    2. System or process flowcharts: used to see how parts of your system interact – any place where they get complex or uncertain is a good source of risks.
    3. Influence diagrams:these are graphical representations of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes.
  12. Swot analysis (TT): helps examine the Project’s strengths, weaknesses, opportunities, and threats.
  13. Expert judgment (TT): bring people who have specialized knowledge or training to the identify risk process.
  14. Risk register (O):
    1. List of identified risks:
      • Detailed and structured
      • Include their root causes
    2. List of potential risk responses:
      • As potential responses arise, capture them and if applicable, use as inputs to the plan risk response.
    3. Additional information such as:
      • A list of root causes
      • A list of trigger – objective and early warning signs that a risk event will soon occur
      • Updated risk categories
  15. Perform qualitative risk analysis (P)Prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact. Output: Project doc updates.
  16. Risk probability & Impact assessment (TT):
    • Risk probability & impact assessment investigates the potential effect on a Project objective such as schedule, cost, quality or performance, including both negative effects for threats and positive for opportunities.
    • Probability and impact are assessed for each identified risk by in interviews, meetings with participants selected for their familiarity with the risk categories.
    • Risk probabilities & impact are rated according to the definitions given in the risk management plan.
    • Risk with low ratings of probability & impact will be included within the risk register as part of the Watch list (non-critical) for future monitoring.
  17. Probability and Impact matrix (TT):
    • Risk score (RS) = Probability (P) * Impact (I). The entire list of risks can be prioritized, or sorted, based on the risk score.
    • Select a set of terms for probability and assign values to terms indicating relative position:
      • Very unlikely: 0.1
      • Somewhat unlikely: 0.3
      • 50-50 possibility: 0.5
      • Somewhat likely: 0.7
      • Very likely: 0.7
    • Select a set of terms for impact (includes Threat & Opportunities) and assign values to terms indicating relative position.
      • Very low: 0.05
      • Somewhat low: 0.1
      • Moderate: 0.2
      • Somewhat high: 0.4
      • Very high: 0.8
  18. Risk data quality assessment (TT):
    • High precision::
      • Information about the risk’s behavior, including the probability and impact, is well established and reliable.
    • Media precision:
      • Information about the risk parameters is good enough to proceed in most cases.
    • Low precision:
      • Information available concerning the risk is essentially founded on guesswork and should not be trusted.
  19. Risk Categorization (TT):
    • Grouping risks by common causes helps create effective risk response plans.
    • Risks can be grouped by:
      • Source of risk – use RBS (Risk Breakdown Structure)
      • Area of Project affected – use WBS (Work Breakdown Structure)
      • Phase affected – WBS (Work Breakdown Structure)
  20. Risk urgency assessment (TT):
    • Risks requiring near term responses may be considered more urgent
      • Indicators of urgency include:
        • Time to effect a risk response plan
        • Symptoms
        • Warning signs
        • Risk rating
    • Use an urgency factor to determine more accurate risk scores:
      • Risk Score (RS) = Probability (P) * Impact (I) * Urgency (U)
  21. Perform quantitative risk analysis (P)Numerically analyzing the effect of identified risks on overall project objectives. Output: Project docs updates.
  22. Data Gathering and Representation techniques (TT):
    • Interviewing: draw on experience and historical data to quantify the probability and impact of risk on Project objectives. For instance, getting three-point estimate for each activity cost or duration.
  23. Quantitative risk analysis & Modeling techniques (TT):
    • Sensitivity analysis: helps to determine which risks have the most potential impact on the Project. Normally displayed by the “Tornado Diagram”
    • A Tornado diagram helps identify specific areas where effort should be spent to reduce uncertainty of each Project element that effects the Project objective or to improve performance.
    • EMV (Expected monetary value) analysis:
      • EMV = Probability * Outcome
      • EMV is a technique for assigning a specific dollar value to a set of alternative, uncertain outcomes. The EMV of all outcomes is the sum of their individual EMVs.
      • A common use of this type of analysis is in decision tree analysis.
    • Modeling and Simulation techniques:
      • Use model that translates the specified detailed uncertainties of the Project into their potential impact on the Project objective. Simulations are typically performed using the Monte Carlo technique.
  24. Qualitative vs Quantitative risk analysis:
    • Qualitative: Subjective evaluation; Always do; Low complexity, low dollar value.
    • Quantitative: Objective or numerical evaluation; Not required for all projects,may be skipped, move on to risk response planning; High complexity, high dollar value.
    • See more: Qualitative vs Quantitative
  25. Plan risk responses (P)Developing options to enhance opportunities and to reduce threats to project objectives. Output: Project Management Plan updates, Project doc updates.
  26. Risk management plan (I):
    • Roles and responsibilities
    • Risk analysis definition
    • Timing for reviews, and for eliminating risks from review
    • Risk thresholds for low, moderate, and high risks.
  27. Strategies for Negative risks or threats (TT):
    • Avoid (#Exploit)
      • Eliminate an adverse risk by changing the Project management plan.
      • Ways to avoid risk:
        • Change the Project Management Plan to eliminate the risk or condition to Project objectives from its impact.
        • Alter the Project scope.
        • Change the technical activity or underlying design.
        • Use familiar methods and resources.
    • Transfer (#Share)
      • Shift the consequences and responsibilities of risk to a third party; this does not eliminate risk and involves paying a fee.
      • Ways to transfer risk include:
        • Insurance
        • Performance bonds
        • Warranties
        • Guarantees
    • Mitigate (Enhance)
      • Reduce the probability and / or impact to acceptable levels, this may include a contingency plan.
      • Ways to mitigate risk:
        • Develop prototype
        • Consider an alternative path
        • Simplify processes
        • Conduct more engineering tests
        • Select a more reliable seller
    • Accept
      • Make a conscious decision to allow the impact of the risk to occur if the risk is realized
      • Ways to accept a negative risk as it occurs:
        • Passive acceptance: dealing with risk as it occurs
        • Active acceptance: establish contingency reserves (amounts of time, money, or resources to deal with known or even unknown threats and opportunities).
  28. Strategies for Positive risks or Opportunities (TT):
    • Exploit (#Avoid)
      • Taking measures to ensure the opportunity will occur
      • Ways to exploit risk:
        • Using more skilled resources on an activity for which the opportunity is expected to materialize
        • Partnering with another organization known to provide the opportunity.
    • Share (#Transfer)
      • Choosing a partner who can capitalize on the opportunity for the partnership’s join benefit
      • Involves giving away some of the benefit
      • Ways to share risk:
        • Franchising (nhượng quyền)
        • Charitable donations
        • Joint Ventures / Co-operatives (liên doanh)
    • Enhance (#Mitigate):
      • Increasing the probability that the opportunity will materialize
      • Ways to enhance risks:
        • Adding incentives
        • Reducing competition
        • Removing obstacles
        • Leveraging the investment
    • Accept:
      • Make a decision to allow the impact of the risk to occur if the risk is realized
      • Accepting an opportunity involves.
        • The team knows the opportunity exist and is aware of the positive impact to the Project, but is not actively pursuing it.
        • May create a contingency plan (active acceptance) to implement after the opportunity occurs (active acceptance).
  29. Contingency response strategies (TT):
    • Identifies actions to be taken to minimize impact when and only when a specific risk occurs
    • Define and track risk triggers. Trigger is a specific indicator what will give either advance warning that a risk is about to occur or warning that a risk has already occurred.
    • Develop a fallback plan if the risk has high impact or if the selected strategy is no fully effective.
  30. Risk register updates (O):
    • Residual risks: that remains after planned responses have been taken. As well as those that have been deliberately accepted.
    • Secondary risks: that arise as a direct outcome of implementing a risk response.
    • Contingency plans: planned actions will be taken if risk occurs (vs workarounds are not planned in advance).
    • Fallback plans: actions will be taken if a risk occurs & the contingency plan is not effective.
    • Contingency reserve: amount of time, money.. is established for active acceptance strategies.
  31. Control risks (P)Implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process, effectiveness throughout the project. Output: WPI (Work Performance Information), change requests, Project Management Plan updates, Project docs updates, OPA (Organizational Process Assets) updates.
  32. WPD (Work Performance Data) (I):
    • Status of Project activities – Deliverables status / Schedule progress / Costs incurred.
    • If Project deliverables are not being completed on time, at or below planned cost, and with no more than a tolerable level of defects, a risk trigger event may already occurred or not.
  33. Work performance report (I):
    • Organize, summarize, and analyze performance measurements
    • Provide specific data on Project work performance:
      • Variance analysis (AC)
      • EVM (Earned Value Management)
      • ETC and EAC: forecasting data.
  34. Risk Reassessment (TT): Risk re-assessments need to be regularly scheduled throughout the Project to:
    • Identify new risks
    • Reassess previously identified risks
    • Close outdated risks
  35. Risk audits (TT): Throughout the Project life cycle, risk audits should be performed to review the effectiveness of:
    • Risk response plan
    • Risk management plan process
  36. Variance and Trend analysis (TT):
    • Variance analysis is a technical for comparing the planned results to the actual results
    • Trends in metrics related to performance should be monitored regularly.
    • Eg: EVM (Earned Value Management) analysis produces the Project’s estimate at completion for cost and schedule.
  37. Technical performance measurements (TT):
    • Compares technical accomplishments during execution to Project plan schedule of technical achievements:
      • Performance goals
      • Milestones
      • Schedules
    • Deviations from a planned milestones schedule may imply a risk exists.
  38. Reserve analysis (TT): Compares the remaining contingency reserves with the remaining risk impacts to determine if reserves are adequate.
  39. Meetings (TT):
    • Project Manager, or risk owner, needs to report to the Project team and Stakeholders on the progress of each risk.
    • New risks need to be identified and analyzed and response plan need to be prepared.
  40. WPI (Work Performance Information) (O): as a Control output, provides a mechanism to communicate and report Project decision making.
  41. Change requests (O):
    • Request for changes may be necessary to implement contingency plans.
    • Workaround is a response to risk /threat that has occurred, unidentified & unplanned response, and to accepted risk that have potentially larger impacts than were considered acceptable.
  42. Terms:
    • 90% of threats that are identified & investigated in the risk management process can be eliminated.
    • Risk Averse: someone who does not want to take risks.
    • Risk tolerances: are the areas of risk that are acceptable or unacceptable. Eg: a risk affects our reputation will not be tolerated.
    • Risk thresholds: is the amount of risk that is acceptable. Eg: a risk of a 2 week delay is ok, but nothing more.


>> Thi Thử PMP Chuyên đề Project Risk Management 

Tổng hợp PMP Concepts: https://hocpmp.com/pmp-concepts



Leave a Reply

Tôi rất vui khi bạn đã quyết định để lại comment, tôi sẽ phản hồi tất cả các comment nhanh nhất khi có thể. Chú ý tất cả comment đều được kiểm duyệt cẩn thận, xin đừng cố gắng spam hoặc quảng cáo. Xin cảm ơn.