Passing the #PMP Exam: Tools & Techniques—Risk Knowledge Area (Part 1)

 1. Introduction

In this next series of posts, we move onto step 5, which is memorizing the TOOLS & TECHNIQUES associated with each process. In order to breakdown the memorizing into more bite-size chunks, I am going to break down this topic into at least 9 posts, one for each knowledge area. (There may be some knowledge areas that require more than one post.)

This post covers chapter 11 of the PMBOK® Guide, which covers the Risk Knowledge Area. This knowledge area contains 6 processes, 5 of which are in the Planning Process Group and the last of which is in the Monitoring & Controlling Process Group.


Here’s a description of the four processes that are included in the Human Resources Knowledge Area, together with a listing of the Tools & Techniques used in those processes. Since there are 6 processes, most of which contain multiple Tools & Techniques, I am splitting the discussion of the Tools & Techniques into two different posts. This post will cover processes 11.1 through 11.3.

Number & Name
Process Description Tools & Techniques
11.1 Plan Risk Management Defining how to conduct risk management activities for a project.


1. Planning meetings and analysis
11.2 Identify Risks Determining which risks may affect the project objectives and documenting their characteristics. 1. Documentation reviews

2. Information gathering interviews.

3. Checklist analysis

4. Assumptions analysis

5. Diagramming techniques

6. SWOT analysis

7. Expert judgment


11.3 Perform Qualitative Risk Analysis Prioritizing risks for further analysis by assessing likelihood & impact. 1. Risk probability and impact assessment

2. Probability and impact matrix

3. Risk data quality assessment

4. Risk categorization

5. Risk urgency assessment

6. Expert judgment


11.4 Perform Quantitative Risk Analysis Numerically analyzing the effect of risks on project objectives. 1. Data gathering and representation techniques

2. Quantitative risk analysis and modeling techniques

3. Expert judgment


11.5 Plan Risk Responses Developing options and actions to enhance opportunities and reduce risk. 1. Strategies for negative risks or threats

2. Strategies for positive risks or opportunities

3. Contingent response strategies

4. Expert judgment


11.6 Monitor and Control Risks Tracking identified risks, implementing risk response plans if risks occur, and evaluating risk process effectiveness. 1. Risk reassessment

2. Risk audits

3. Variance and trend analysis

4. Technical performance measurement

5. Reserve analysis

6. Status meetings

Let’s take a look at the tools & techniques for the processes 11.1 through 11.6 in the Risk Knowledge Area.


11.1. Planning meetings and analysis

The project manager meets with selected project team members and stakeholders in order to do high-level planning regarding the following

  • Risk management activities are developed to be included in the project schedule
  • The cost of these risk management activities are estimated to be included in the project budget
  • Risk management responsibilities are assigned
  • General organizational templates for categorizing risk are tailored for the specific project.

The results of these discussions are included in the risk management plan.


11.2.1. Documentation reviews

Risks are identified by reviewing documents which contain the project requirements and assumptions.

11.2.2. Information gathering interviews

A risk breakdown structure is a mapping of risks associated with the activities in the work breakdown structure. To generate this there are many techniques, some of which are:



1. Brainstorming Risk breakdown structure is generated by a facilitator of a group.
2. Delphi technique This is technique where experts are sent surveys and their responses are combined and analyzed to create a consensus.
3. Interviewing Team members, stakeholders, and subject matter experts are interviews.
4. Root cause analysis This identifies a problem, and discovers the underlying causes that lead to it. This allows one to

11.2.3. Checklist analysis

One way to create a risk breakdown structure is to use a checklist based on historical information about similar projects that have been done in the past.

11.2.4. Assumptions analysis

The assumptions about the project are analyzed to identify risks to the project from the incompleteness or inaccurate about the assumptions. This contrasts with the first tool & technique 11.2.1 where the risks are analyzed on the assumptions ARE correct. This tool & technique therefore is a deeper level of analysis of risk.

11.2.5. Diagramming techniques

These techniques are used for determining the causes of risks.



1. Cause and effect


This is a fishbone or Ishikawa diagram, which identifies causes of risks.
2. Flowchart


This takes processes and breaks them down in a flowchart format, so that the cause of a problem can be isolated.
3. Influence diagrams These diagrams show the causal relationships between situations, thus making it easier to trace the causes of risks.

11.2.6. SWOT analysis

The Strengths and Weaknesses (internal to the organization) and the Opportunities and Threats (external to the organization) are identified. These represent events to be avoided and/or encouraged in the course of the project.

11.2.7. Expert judgment

One way to identify risks is to discuss those with experience on similar projects, either within the organization or subject matter experts (consultants).


11.3.1. Risk probability and impact assessment

Each risk is investigated as to its a) likelihood of occurring and b) impact on the project if it occurs.

11.3.2. Probability and impact matrix

Based on the risk probability and impact assessment done in the last tool & technique, the

risks can be ranked into levels of overall risk such as low, moderate, or high.

11.3.3. Risk data quality assessment

This is an analysis not of the risks themselves, but of the risk data’s reliability. This is a second-order analysis which helps the project manager decide whether it is necessary to gather higher-quality data on the risks.

11.3.4. Risk categorization

Risks are categorized based on the area of the project most exposed to the effects of uncertainty. Grouping risks together in categories related to common root causes can help lead to a more effective risk response than dealing with them on a case-by-case basis.

11.3.5. Risk urgency assessment

The urgency of a risk is based on those that need to be addressed in the near-term, that is, closer to the beginning of a project. Another factor that can be included in the priority of a risk is the time and cost it would take to respond to such a risk. The results of this risk urgency assessment can be combined with the risk ranking (based on tool & technique 11.3.2 Probability and impact matrix) to get the final risk severity rating.

11.3.6. Expert judgment

One way to categorize and/or rank risks is to discuss them with those that have experience on similar projects, either within the organization or subject matter experts (consultants).

The next post will be on the Tools & Techniques associated with the last three processes of the Risk Knowledge Area.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: