19 March 2024

Risk Management processes : Monitor Risks

Objectives

  • Implement
    • Are implement risk responses effective ?
    • Are plans ensure compliance, and manage progress ?
  • Manage progress
    • Control the project risk
    • Status of identified individual project risks may have changed
    • New individual project risks have arisen
    • Is risk management approach still appropriate ?
    • Is project assumptions still valid ?
    • Is risk management policies and procedures being followed ?
    • Is contingency reserves for cost and schedule require modification ?
    • Is project strategy still valid ?
  • Communicate
    • Keep stakeholders informed about the status of risks on the project
    • Communicate about risks
    • Create lessons learned
  • Ensure compliance
  • Reassess
    • Perform additional risk identification, qualitative and quantitative risk analysis, and risk response planning
  • Refine
    • Refine and update the risk register
  • Add new risks
  • Reestimate the project
    • Evaluate the risk impact of scope, schedule, cost, and other change requests
  • Measure
    • Manage the contingency and management reserves
  • Take corrective action
  • Evaluate the effectiveness of corrective action

Purpose

  • Determines if the project assumptions are still valid
  • Determines if the risk management policies and procedures are being followed
  • Determines if the risk contingency reserves should be modified to be in alignment with the current risk assessment
  • Respond to risk triggers
  • Monitor residual risks
  • Create workarounds
  • Evaluate effectiveness of plans
  • Look for aditional risks, then qualify, quantify and plan responses for them as necessary
  • Revisit the watch list
  • Analyze work performance data and look for trends
  • Communicate risk status
    • Keep stakeholders informed about the status of risks on the project
    • Communicate about risks
  • Close risks
  • Recommend changes, including corrective and preventive actions
  • Perform risk audits and risk reviews
  • Perform reserve analysis

Approach

  • This is the last process in project risk management as per the PMI’s PMBOK.
  • The amount of detail of repetition that is appropriate depends on how the project progresses relative to its objectives.
  • In this process, you might add newly identified risks and delete ones that did not happen.
  • Also, as the project unfolds, risks might require reassessment.
  • You should establish close communication with the risk owners who look after the implementation of the response strategies.
  • A thing to remember is that this process, unlike the others, is done during project execution, and thus, has special characteristics.
  • For example, changes and modifications on how to respond to new risks must be done through change requests.
  • Do not forget your watch list, residual risks and triggers.
  • You need to monitor all of them actively.
  • A key element in this process is performance reporting, which is the means to know how efficiently (or inefficiently) you are doing.
  • You need to be open-minded here.
  • Expect that not all identified risks will happen.
  • Also, be prepared for new risks.
  • Be prepared to implement a fallback plan if the original response fails, and utilize your contingency reserve as needed.

Inputs

  • Project management plan
    • Risk management plan
      • Purpose
        • Actually, you will be using the risk management plan, but since you started project execution, it has been incorporated in the overall project plan.
        • You will find information on risk tolerance and risk management methods used.
        • You need to refer to the risk methods as you might discover new risks and thus want to repeat risk management.
      • Guidance for reviews (how and when)
      • Policies and procedures
      • Roles and responsabilities
      • Reporting formats
  • Project documents
    • Issue log
    • Lessons learned register
    • Risk register
      • Purpose
        The register will include the risks, their owners and response actions.
        Also, it will contain the watch list, fallback plans, triggers, contingency reserve, secondary risks, etc.
      • Identified individual project risks
      • Risk owners
      • Specific implementation actions
      • Symptoms and warning signs of risk
      • Residual and secondary risks
      • Watchlist of low-priority risks
        • Risk response plans
        • Triggers
        • Contracts
        • Time and cost reserves
    • Risk Report
      • Assessment of the current overal project risk exposure
      • Agreed-upon risk response strategy
      • Major individual project risks with their planned responses
      • Risk owners
  • Work performance data
    • Risk responses that have been implemented
    • Risks that have occured
    • Risks that are active
    • Risks that have bee closed out
      • Work results
      • Project communications
  • Work performance reports
    • Purpose
      • As you are in the project execution phase, you need to know how well you are performing.
      • One of your objectives in this process is to validate how effective your risk management has been.
      • Good performance implies good risk management.
      • As for the performance reports, they provide you with analyses on performance information, such as trend analysis and earned value calculations (in essence, performance reports explain performance information).
    • Work performance informations
      • Variance analysis
      • EVM data
      • Forecating data
    • Risk events
      • Top priority risks at present, risks closed in the last period, milestone changes
    • Project changes
    • Additional risks that have been identified as the project progresses

Tools and Technics

  • Expert judgment
  • Data analysis
    • Data gathering and representation techniques
    • Quantitative risk analysis and modeling techniques
    • Variance and trend analysis
      • Trends about past performance can indicate how effective your risk management is.
      • EVM
        • You can forecast deviation of the project cost and schedule for completion targets.
        • For example, you can compute the expected budget at project completion using the earned value method.
        • If the expected budget is very close to your planned one, it indicates good risk management (meaning your work of risk planning, identification, analysis and response was excellent).
        • On the other hand, if you find much variance between the planned performance and actual performance, it might trigger you to revisit your risk register and validate it (i.e. validate the list of risks and the effectiveness of response actions).
    • Risk reassessments
      • Sometimes, you need to reassess risks as follows
        • You might discover new risks
        • Conditions change in the project so that risks might lose or gain magnitude (in terms of probability and impact).
        • Risks might not happen and, hence, need to be closed
      • Reassessment should be done regularly as changes in risk continue.
      • Be careful in the exam, do not confuse assessment with reassessment!
    • Workarounds
    • Reserve analysis
      • This analysis compares how many risks are remaining to the amount of the remaining reserve.
      • Based on the analysis, you may want to increase or decrease the reserve.
      • If you fail to balance the reserve with risks, you might not have sufficient funds to control some of the accepted risks.
    • Technical performance measurement
      • Good technical performance in your project also implies sound risk management and control.
      • Consider a project of constructing an undersea oil pipeline.
        • Your technical specifications here might be for the quality of welding on the pipe joints and the number of areas where welding failed.
        • You should have identified failed welding as a risk and put response actions to control it, and if the number of defects is accepted, it implies good risk management.
      • Metrics
        • Number of defects identified
        • Monitor project metrics and performance information.
    • Technical performance analysis
  • Audits
    • Risk auditing aids in determining the effectiveness of risk response and overall risk management.
    • Audits of compliance with established systems and procedures
    • Purpose
      • Risk audits check the effectiveness of your risk management.
      • You may use templates and involve some stakeholders with you.
      • For example, you may check the risk response on a randomly selected risk from the risk register by contacting the risk owner and asking for feedback.
    • Approach
      • PM is accountable for ensuring that risk audits are performed at an appropriate frequency as defined in the risk management plan
    • Risk audits
      • You evaluate the risk responses to determine their effectiveness in the project by interviewing members of a project team to test their understanding of the assigned risk responses as risk owners.
    • Risk reviews
  • Other techniques
    • Inspections
      • Physical inspections of premises (bâtiments) and activities.
  • Meetings
    • You use meetings to interactively discuss risk responses with your project team and stakeholders.
    • Part of periodic project status meeting or part of a dedicated risk review meeting as specified in the risk management plan

Outputs

  • Work performance information
    • After applying the risk control tools, you should know how performance was affected.
    • These informations indicates the effectiveness of the response planning and response implementation processes
    • This should be communicated and assessed for taking future decisions.
  • Change requests
    • Approach
      • During project planning, you identified risk responses and updated the project management plan to reflect any changes.
      • However, during project execution, changes need to be controlled via change requests.
      • Change requests dealing with risk management can be either ‘preventive’ or ‘corrective’ actions.
        • Including Recommended Corrective and Preventive Actions
          • Corrective action
            • You use corrective actions for risks that already happened and you want to reduce their impact on the project.
            • Example
              • Resource smoothing:
                • In resource smoothing, activities are allowed to be delayed within their free and total float; therefore the critical path does not change here.
          • Preventive action
            • You use preventive actions to prevent risks from happening (i.e. new risks identified through risk reassessment).
            • Example
              • Beth is a project team member on the JHG Project. Beth has added extra features to the project and this has introduced new risks to the project work. The project manager of the JHG project elects to remove the features Beth has added. The process of removing the extra features to remove the risks is called what?
                • Answer : preventive action
                  • Its a preventive action as extra features are being removed before risk occurrence.
              • For example, if an unplanned risk happens, you should work around it, and this involves actions that are not specified in the project plan, and thus, must go through a change request/ approval process.
              • Another example is implementing a contingency plan, where, although the risks are identified, response actions are simply documented in a contingency plan but are not incorporated in the project plan.
                • They still need to go through a change request process.
                • Expect a few questions on this topic, so read the statements above as you need to have good grasp on this topic.
      • Of course you will analyze the suggestion before reaching any conclusion.
      • You cannot take action on any advice unless you review the request and analyze its impact on any other project objective or parameters.
    • Configuration management system would review the proposed changes’ impact on the features and functions of the project’s product.
    • Integrated change control ensures that risks are examined for all new proposed change requests in the change control system.
    • When you decide, with your stakeholders’ approval, to fast track the project, the project work is done faster but risks are likely to increase.
  • Project Management Plan Updates
    • Any components
    • Implementing change requests will most likely affect some elements of the project plan such as the schedule, cost, quality or HR plans.
    • These changes need to be documented.
    • The Monitor Risks process can result in updates to the schedule, cost, quality, and procurement management plans, as well as the human resource plan, the WBS, and the time and cost baselines for the project.
      • Human Resource Plan must be updated if you crash the project.
  • Project Documents Updates
    • Issue Log
      An issue log is used to monitor the resolution of issues.
    • Assumption log
    • Lessons Learned register
    • Risk register updates
      • The risk register will contain new information like
        • The actual outcome of risks and the effectiveness of the risk response
        • New risks and their analysis
        • Updates to previously identified risks, based on risk reassessment
      • Outcomes of the risk reassessments and risk audits
      • Results of implemented risk responses
        • Updates to previous parts of risk management, including the identification of new risks
        • Closing of risks that are no longer applicable
        • Details of what happened when risks occurred
        • Lessons learned
    • Risk Report
      • Current status of major individual project risks and the current level of overall project risk
      • Agreed responses to the current overall project risk exposure and high-priority risks, together with the expected changes that may be expected as a result of implementing these responses
      • Details of the top individual project risks, aggreed-upon responses and owners, conclusions and recommendations
        Conclusions from risk audits on the effectiveness of the risk management process
    • The Monitor and Control Risks process might also affect the roles and responsibilities on a project, the stakeholder management strategy, and the quality metrics.
  • OPA updates
    • Purpose
      • Remember, we used organizational process assets to find information about the risk matrix, risk categories and lessons learnt.
      • Now, as the project has been closed, you have learned new information and it is time to practice knowledge management and feed this into the organizational assets.
    • Updates
      • The Lessons Learnt Database
      • RBS
        • The Risk Breakdown Structure (with new risks)
      • Templates
        • Company templates
        • Risk management plan
        • Risk register
        • Risk report
    • The Monitor and Control Risks process will lead to the creation of risk templates, such as a risk register including project risks and risk responses, checklists, and other data to be used as historical records for future projects.
    • Caution
      • Having a full set of risk management documentation will not control risks in itself.
      • You need to implement what is inside those documents.

Tricks

  • Manage the Highest Risk Path, Not Just the Critical Path
  • Manage the Contingency and Management Reserves
  • Be Sure the Stakeholders Understand Reserves
  • Create Workarounds
  • Share the understanding of the Difference Between a Risk and an Issue?
  • Control the Project Risk
  • Be Alert for Indications of Unidentified Risks
  • Use a Risk Review Board to Perform a Risk Review
  • Measuring Performance through Risk Audits
    • Reviewing if the right risk owners have been assigned to each risk
    • Determining if the risk owners are effective
    • Examining and documenting the effectiveness of contingency plans and fallback plans
  • Use Earned Value Analysis
  • Refine and Update Risk Responses
  • Technical Performance Measurement
  • Look for Risks During the Verify Scope Process
  • Reassess Risk
    • Additional Risk Identification, Qualitative Risk Analysis, Quantitative Risk Analysis, and Risk Response Planning
  • Reestimate the Project
  • Communicate About Risk
    • Project management plan
    • Project monthly reports
    • Activity status reports
    • Bar charts
    • Communication with other projects
    • Risk register
    • Activity estimating form
  • Decrease Risks by Communicating Them
  • Use the Bar Chart
  • Communicate with Other Project Managers
  • Create A Risk Reserve Report
  • Create Lessons Learned
  • Project management
  • Management
  • Technical
  • Promote Lessons Learned

PMI-RMP Certification exam flashcards

Created : 21/05/2022

Leave a Reply

Your email address will not be published. Required fields are marked *