5th Edition PMBOK® Guide—Chapter 11: Process 11.2 Identify Risks

1.  Introduction

The five risk-related project management processes in the Planning Process Group deal with setting up the Risk Management Plan, identifying, analyzing and then developing responses for risks to the project.

This post is devoted to the Inputs, Tools & Techniques, and the Outputs of the second of these five processes, 11.2 Identify Risks.

2.  Inputs

You may notice the long list of inputs:  this process has probably the most extensive list of inputs of all the planning processes listed in the PMBOK® Guide.  This is because risk impacts all of the other knowledge areas, and these must therefore be taken into account as inputs of risk, and they in turn can be impacted by the risk management processes.

Subsidiary management plans that are part of the overall project management plan, from the knowledge areas of Scope, Cost, Schedule, Quality, HR, Procurement, and Stakeholder Management all contain potential inputs to this process.


1. Risk Management Plan
  • Assignment of roles and responsibilities for risk-management activities
  • Provision in schedule and budget for risk-management activities
  • Risk categories (may include risk breakdown structure)
2. Cost Management Plan Processes and controls that can be used to identify risks on the project.
3. Schedule Management Plan Project schedule objectives which may be impacted by risks.
4. Quality Management Plan Quality measures and metrics for use in identifying risks.
5. HR Management Plan
  • Roles and responsibilities
  • Project organization chart
  • Staffing management plan
6. Scope Baseline
  • Project scope statement (contains project assumptions)
  • WBS (facilitates understanding of potential risks at summary, control account, and work package levels)
7. Activity Cost Estimates Provides quantitative assessment of the range of costs of completing scheduled activities, with the width of the range indicating the degree of risk.
8. Activity Duration Estimates Used to identify risks related to time allowances for activities, with the range of the estimates indicating the degree of risk.
9. Stakeholder Register Useful for soliciting inputs from stakeholders to identify risks.
10. Project Documents
  • Project charter
  • Project schedule
  • Schedule network diagrams
  • Issue log
  • Quality checklist
11. Procurement Documents Details used to determine risks associated with planned procurements.
12. EEFs Information from industry and academia that give guidance in identification of risks.
13. OPAs
  • Project files
  • Organizational Process Controls
  • Templates for risk statement
  • Lessons learned
1. Documentation Reviews A structured review of previous project files, project plans and project assumptions.
2. Information Gathering Techniques
  • Brainstorming
  • Delphi Techniques
  • Interviewing
  • Root cause analysis
3. Checklist Analysis Checklists for risk identification may be compiled from previous projects and an analysis of the risk breakdown structure.
4. Assumptions Analysis Explores the validity of assumptions as they apply to the project.
5. Diagramming Techniques
  • Cause and effect analysis
  • System or process flow charts
  • Influence diagrams
6. SWOT Analysis Examines the project for each of the Strengths, Weaknesses, Opportunities, and Threats by examining the dimensions of positive and negative risks, and internal and external ones.
7. Expert Judgment Experts with experience on similar projects or business areas.
1. Risk Register
  • List of identified risks
  • List of potential responses

3.  Tools & Techniques

Risk identification is so crucial to a project that there are a total of 7 tools & techniques that can be used in the process.  I have listed only a bare bones description of these, because I will be expanding on many of them in the next few posts.

4.  Outputs

The output of this process, and the following planning processes in the Risk Management Knowledge Area, is the Risk Register, which will be amended at the end of each of them to include more and more detailed information about the risks identified in this process.  Future processes will give more analysis and detail on countermeasures to be taken in the event the risks do occur.

The next post will discuss the Information Gathering Techniques, the second broad category of tools & techniques used in this process of Identifying Risks.

PMI-Chicagoland Professional Development Day 11.1.2013

On November 1st, the Chicagoland chapter of the Project Management Institute is putting on its Professional Development Day entitled “Mastery Beyond the Triple Constraints.”

I have volunteered to help put on this year’s PD Day, and I am looking forward to working together with the other volunteers from PMI-Chicagoland in putting on this event.    Here’s some basic information about the event:

1.  Date and Time

Date:  Friday, November 1, 2013

Time: 8:00 a.m. – 6:00 p.m.

Check-In: 7:00 a.m. – 8:00 a.m.

2.  Location:

Meridian Banquets

1701 W. Algonquin Rd.

Rolling Meadows, IL 60008

3.  Educational Programs

There are four tracks of programming

  • Program and Portfolio Management
  • Agile, Collaboration and Emerging Trends
  • Stakeholder Management/Procurement/Risk Management
  • Leadership lessons from the C Suite

4.  Registration

There is a different price for the entire day’s programming depending on whether you are  a member of the PMI-Chicagoland chapter or not.    Also, to encourage early registration, there are three tiers of pricing depending on the date of registration.   The last day of registration is October 28th.





  Jul 15 – Aug 15

  Aug 16 – Sept 19

  Sept 20 – Oct 28

Chapter Members




Non members




For those interested in registering, here’s the link to the PMI-Chicagoland website.


The program is being put together by the PMI-Chicagoland volunteer committee putting on the event, and I’ll have more details about it later.    I’m looking forward to the event because I have just recently moved to Chicago and am looking at the event as a way to make new networking contacts in the area.    I hope the event is a success!

5th Edition PMBOK® Guide—Chapter 11: Elements of the Risk Management Plan

1.  Introduction

The main output of the first risk-related project management process, process 11.1 Plan Risk Management, is the Risk Management Plan (no surprise there).   The purpose of this post is to list and discuss the elements of that plan.

2.  Elements of the Risk Management Plan

  Category Plan Element Definition of Element
1. OPAs Methodology Tools and data sources from the organization to be used in risk management.
2. Time Timing How and when risk management activities will be conducted; protocol for application of contingency and management reserves.
3. Cost Budgeting Funds needed for risk management activities
4. Quality Tracking How risk activities will be recorded in order to audit and improve risk management processes.
5. HR Roles and Responsibilities Defines, for each type of activity in the risk management plan, the following:

  • Lead (accountable)
  • Team members (responsible)
  • Support (consult)
6. Communication Reporting formats Defines how the outcomes of the risk management process will be documented, analyzed, and communicated.
7. Risk Risk categories Grouping potential sources of risk on the project, often in the form of a Risk Breakdown Structure (RBS).
8. Probability and impact definitions Different levels of risk probability and impact are defined (low, medium, high, etc.)
9. Probability and impact matrix Grid for mapping the probability of each risk and its potential impact on the project.
10. Stakeholders Stakeholder risk tolerances Stakeholder risk tolerances may be revised during the course of this process.

As you can see, many of the various elements of the risk management plan deal with the risk management knowledge area directly, but some of the them deal with aspects which intersect with many of the other knowledge areas.    Not just defining the substance of the risk management activities, but figuring out how much they will cost, when they will be done, who will do them, and who will be told about them.   All of these aspects are also included in the plan.

3.  Conclusion

The Risk Management Plan is the framework for doing the other four risk management planning activities, where risks are identified, analyzed, and managed.

The next post will discuss the second risk management planning process, 11.2 Identify Risks.

The Epigraphic Survey based at Chicago House in Luxor, Egypt

Prof. Raymond Johnson of the Oriental Institute in Chicago gave a talk at the South Suburban Archaeological Society on Thursday, July 18th.    This is a short description of his talk.    For further information, visit the Oriental Institute website at http://oi.uchicago.edu/.

1.   Oriental Institute and the Chicago House

The Oriental Institute was founded at the University of Chicago in 1919 by James Henry Breasted.   It is considered one of the world’s premier institutes for the study of the history of ancient Near East.    The Chicago House is a research institution founded as an extension of the University of Chicago in Luxor, Egypt in order to study the temple complexes in that city, which used to be the ancient capital Thebes of New Egypt.

2.  The Epigraphic Survey

The Epigraphic Survey in the Chicago House was founded in 1924 with the aim of preserving through photographs and line drawings the hieroglyphic inscriptions on the major temples and tombs.   Prof. Raymond Johnson of the Oriental Institute has worked there for over 30 years, and has seen the technology used to preserve the inscriptions change, but the professionalism has not.    One aspect of the research that has grown over the years is the cooperation between the researchers here in the U.S. and those in Egypt.

3.   Digital Technology

The old method of preserving inscriptions was for epigraphers to copy them meticulously on paper.   With the advent of digital technology, it is possible for the same epigraphers to copy them using a sort-of digital artist’s pad.   One thing that Prof. Johnson said that amazed him was that it was not just the newer, younger researchers that enjoyed using the digital technology, but even the seasoned veterans of the pre-digital age seem to take to it as well.    What matters is the method, or materials, but the accuracy with which whatever medium is used can depict the actual hieroglyphic inscriptions.    In many cases, the accuracy is crucial because the inscriptions are taken from surfaces which may inaccessible in the future, as the blocks on which they are found are assembled together, effectively hiding those surfaces from view.

4.   The Effect of the Revolution on Research

This topic was actually the main reason for his talk, because many people have been aware of the political turmoil in Egypt since the revolution which ousted Hosni Mubarak.    But there has been no ill effect on the Chicago House itself; in fact, the situation there has even somewhat improved, although certainly not by design of the Egyptian government.   The original plans put forward after the Revolution were for the Chicago House and a lot of the other buildings along the Nile to be destroyed in order to put in amenities for tourists.    Although some of the buildings were torn down, the Chicago House itself was spared because the major of Luxor knew well of the reputation of the facility, and more importantly, understood how important it was for the Egyptian researchers who either worked there, or used the extensively library there for their research.

Although many buildings were torn down, the Revolution interrupted many of the development  plans, and so Prof. Johnson says the area is a lot quieter than it was before.    Rather than the banks of the Nile river being thronged with boats for tourists or the corniche, the avenue along the Nile, being crammed with buses for tourists, the area is used by the native Egyptians for picnics on weekends and it gives a great sense of pride to once again “own” their city, with all of its monumental treasures.

It is the collaboration between the American researchers and the Egyptian researchers which has generated enough good will in the local community to protect it from the predations of the central government for the time being.

5.  Conclusion

I sincerely hope that the Chicago House remains standing and continues to do the premier work that it has been producing for close to century.    On a personal note, this talk rekindled one of my lifelong passions, that of archaeology, and it encouraged me to go back and continue my study of Arabic using Rosetta Stone, so that someday I too will be able to visit the historical sites of Egypt and see those amazing inscriptions firsthand.

“The Eagle has Landed”

44 years ago today, I was sitting in the living room with my family watching on television as Neil Armstrong stepped out of the Lunar Excursion Module and became the first person to step on the surface of the Moon.    I was certainly awestruck at the time.   I remember going outside and looking up at the Moon and thinking that there were “people up there.”   It would never be the same Moon again for me.


No matter what mankind will accomplish in the future here on Earth, or even if man decides to create the seeds of his own eventual extinction by not mitigating the effects of climate change, the accomplishment of walking on the surface of the Moon will last as long as the Moon continues to exist in the form of footprints and artifacts left by the 12 men of the Apollo program who lived and worked there.


My source of wonder at the event has not diminished after all of this time, but has rather grown.   How did we accomplish such a technological feat given the relatively primitive computer technology of the time?   There is more computing power in your smartphone than was on the on-board computer of the Command Module of the Apollo 11.   However, it was the confluence of historical forces which caused this country at that moment in time, at the height of its political and economic power of this country vis-a-vis the other countries of the world, to have the confidence and can-do spirit to embark upon something so audacious as to fly to another world.   Now I look back at the astronauts, engineers, and administrators in NASA as giants who were pioneering not just technology, but project management practices that are still improving the fields of manufacturing (among others).


But the political will behind the space program has been replaced in Washington by a can’t-do spirit that makes me long for the days when politicians cast aspirations onto the imagination of the American public, rather than aspersions on the very idea of “good government.”    This is why my personal mission in life is to take those project management practices that were born in that era and use them to create a “can-do” spirit which again echoes those heady days of the space program, for those manufacturing companies that have a vision to utilize them.   But will it be America that recreates that spirit or some other country?


Who knows?   All I know is that, given the present political and economic situation here in the United States, although the last person to walk on the surface of the Moon was an American, the next person will most likely be Chinese.   I don’t begrudge the Chinese for their continued strides in their space program.  Maybe our economic rivalry with China will wake this “sleeping giant” from its slumber; but if it doesn’t, I won’t begrudge the Chinese their success.   I’ll just be grateful that someone, somewhere in the world is still capable of dreaming the big dreams we used to dream of, and occasionally accomplish, here in the United States.    You want proof that we were capable of accomplishing big dreams?   It will exist for eternity, in those footprints on the surface of the Moon.


5th Edition PMBOK® Guide—Process 11.1 Plan Risk Management

1.  Introduction

The first five out of six risk-related project management processes are in the Planning Process group.  The first of these planning processes is the one used to define all of the risk management activities on the project, i.e., the contents of all of the other processes in the Risk Management knowledge area.

2.  Inputs

Inputs include the project management plan, in particular the performance baselines from the triple constraints of scope, schedule and cost, which may be impacted by any risks that may occur during the course of the project.  The project charter will contain high-level risks, as well as the high-level project descriptions and requirements that may help in identifying and analyzing risks.  The levels of risk that the organization can tolerate are important Enterprise Environmental Factors.  The lessons learned on other projects, as well as the basic definitions that will affect decisions regarding risks, are important Operational Process Assets.

1. Project Management Plan The performance baseline in the areas of scope, time, and cost may all be affected by risk-related activities.
2. Project Charter High-level risks, high-level project descriptions, and high-level requirements are all inputs from the project charter that may be used in planning risk management.
3. Stakeholder Register Provides an overview of the roles of the various stakeholders on the project.
4. EEFs Risk attitudes, thresholds, and tolerances of the organization.
5. OPAs
  • Risk categories, definitions
  • Risk statement formulas, templates
  • Risk-related roles and responsibilities
  • Authority levels for risk-related decision making
  • Lessons learned
1. Analytical Techniques Used to understand and define the overall risk management context of the project, which is based on a combination of

  • stakeholder risk attitudes and
  • strategic risk exposure of a given project
2. Expert judgment Expertise should be considered from subject matter experts, project stakeholders, and senior management, and lessons learned from previous projects.
3. Meetings Used to develop the risk management plan.
1. Risk Management Plan Describes how risk management activities will be planned and executed.

3.  Tools & Techniques

The main tools & techniques for planning risk management are analytical techniques, which are used with input from expert judgment, at meetings where the risk management plan is developed.

4.  Outputs

The Risk Management Plan is the output of the process 11.1 Plan Risk Management.

After the weekend, I will start next week to discuss in more detail the tools & techniques used in this process.

5th Edition PMBOK® Guide—Chapter 11: Risk Management Concepts

1.  Introduction

Chapter 11 of the 5th Edition of the PMBOK® Guide deals with the knowledge area of Risk Management, a subject of increasing importance for project managers.    Before I discuss in detail the six project management processes involved in this knowledge area, I wanted to take some time out to discuss some of the basic concepts of risk management that are discussed at the beginning of this chapter.

2.  The Concept of Risk

One of the first concepts of risk management to understand is the definition of risk.   According to the 5th Edition of the PMBOK® Guide, project risk is “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, or quality.”

Okay, let’s discuss this concept with regards to the following question:  “are you at risk of dying?”   If there is no time frame specified, the answer is “no”, in the sense that death is not an uncertain event; it will happen to us all.   As John Maynard Keynes, the famous economist, once said, “in the long run we are all dead.”    Now if you ask the question “are you at risk of dying in the next 10 years,” and put a time frame on the question, then the question can be asked in a meaningful way.   If you tell me how old you are, what your sex is, what country you are living in, and whether you smoke cigarettes or not, I might be able to able to give you a figure based on the actuarial tables compiled by insurance companies in your country.

So, the words uncertain event are key to the definition.   Another set of key words is “positive or negative.”   Technically speaking, the uncertain event can have a positive or negative impact on the project objectives.   This technical use of the word “risk” differs from the ordinary, everyday definition of risk which tends to mean only those events which have a negative impact.    If someone says to me, “Johnny is giving a party tonight,” and I respond, “oh, there might be a risk that I will have a good time,” the person I’m talking to will probably detect that I’m being sarcastic as opposed to just giving a neutral prediction.    That’s using the everyday usage of the word “risk”.    I think PMI recognizes that there is some difference between the technical definition and the ordinary definition of the word “risk”, because in the 5th Edition of the PMBOK® Guide there are a lot of instances where they will use “reduce risks and enhance opportunities”, the opportunities, of course, being the events which impact the project positively and the risks being those which impact it negatively.    They are conceding the everyday usage of the word “risk” in order to emphasize the point being made, that you have to reduce the impact or likelihood or negative events and enhance those of positive events if you are truly doing risk management.

The third key part of the definition is the phrase “if it occurs”.    If a risk that has been forecast actually occurs, it is no longer a risk, it is an issue.

2.  Causes of Risk

The causes of risk can come from various sources, such as:

  • a requirement, such as legal requirement imp0sed by laws or regulations
  • an assumption, such as the conditions in the market (which may change)
  • a constraint, such as number of personnel available to work on any given phase of the project, or
  • a condition, such as the maturity of the organization’s project management practices

3.  Known vs unknown risks

Known risks are those which can be identified and analyzed beforehand in such a way as to be able to a) reduce the likelihood of their occurrence, or b) plan a risk response to reduce their impact in the event that they occur.   These risk responses, as we will shall say, are paid for out of a contingency reserve which is normally under control of the project manager.    An unknown risk, on the other hand, are those that are not identified beforehand.    If they are not identified, they cannot be analyzed, and of course cannot be managed proactively.    If these kind of risks occur, the response is called a workaround and is paid for out of a management reserve which is normally not under control of the project manager, but rather of management (hence the name “management reserve”).

4.  Risk attitude

Remember that risk has two components, the uncertainty of an event, which is measured by its probability, and its potential impact on the project.    The amount of uncertainty that an organization can accept is measured by its risk appetite; the amount of impact the organization can accept is measured by its risk tolerance.

The combination of the uncertainty and the probability can give you the amount that needs to be put aside to handle that risk, sometimes referred to as the reserve, and the amount of reserve that the organization can accept is measured by its risk threshold.    It is this latter concept which will determinate what kind of risk response the organization may take.

5.  Risk response

There are four possible responses to a risk, depending on whether there is low or high probability of its occurring, and whether the financial impact if it does occurs is either high or low.

  • Avoid–for high probability, high impact events
  • Transfer (such as purchasing insurance)–for low probability, high impact events
  • Mitigate–for high probability, low impact events
  • Accept–for low probability, low impact events

These are some of the concepts that are used when planning risk management on a project.   Now that I have given an explanation, I will start with the next post to cover the first project management process involving risk management, process 11.1 Plan Risk Management.