Công cụ quản lý dự án Probability & Impact Matrix trong PMP là gì?
Công cụ này sử dụng trong quy trình: 11.3
Risks can be prioritized for further quantitative analysis and planning risk responses based on their risk rating. Ratings are assigned to risks based on their assessed probability and impact. Evaluation of each risk’s importance and priority for attention is typically conducted using a look-up table or a probability and impact matrix. Such a matrix specifies combinations of probability and impact that lead to rating the risks as low, moderate, or high priority. Descriptive terms or numeric values can be used depending on organizational preference.
Each risk is rated on its probability of occurrence and impact on an objective if it does occur. The organization should determine which combinations of probability and impact result in a classification of high risk, moderate risk, and low risk. In a black-and-white matrix, these conditions are denoted using different shades of gray. Specifically in Figure, the dark gray area (with the largest numbers) represents high risk: the medium gray area (with the smallest numbers) represents low risk, and the light gray area (with in-between numbers) represents moderate risk. Usually, these risk-rating rules are specified by the organization in advance of the project and included in organizational process assets. Risk rating rules can be tailored in the Plan Risk Management process to the specific project.
As illustrated in Figure, an organization can rate a risk separately for each objective (e.g., cost, time, and scope). In addition, it may develop ways to determine one overall rating for each risk. Finally, opportunities and threats are handled in the same matrix using definitions of the different levels of impact that are appropriate for each.
The risk score helps guide risk responses. For example, risks that have a negative impact on objectives, otherwise known as threats if they occur, and that are in the high-risk (dark gray) zone of the matrix, may require priority action and aggressive response strategies. Threats found in the low-risk (medium gray) zone may not require proactive management action beyond being placed in the risk register as part of the watch list or adding a contingency reserve. Similarly for opportunities, those in the high-risk (dark gray) zone, which may be obtained most easily and offer the greatest benefit, should be targeted first. Opportunities in the low-risk (medium gray) zone should be monitored.