5th Edition PMBOK® Guide—Step 5: Memorizing Tools & Techniques (Risk Management Knowledge Area)

1. Introduction

This series of posts assumes that you have already memorized the names of the 47 project management processes, and you are ready to go on to the task of memorizing the tools & techniques.    This post covers chapter 11 of the 5th Edition PMBOK® Guide, the Risk Knowledge Area.

2.  Risk Management Processes

Here’s a description of the six processes that are included in the Risk Management Knowledge Area, together with a listing of the Tools & Techniques used in those processes.

Process Number & Name Process Description Tools & Techniques
11.1  Plan Risk Management Defines how to conduct risk management activities on the project. 1.  Analytical techniques

2.  Expert judgment

3.  Meetings

11.2  Identify Risks Determines what risks may impact the project and documents their characteristics. 1.  Documentation reviews

2.  Information gathering techniques

3.  Checklist analysis

4.  Assumptions analysis

5.  Diagramming techniques

6.  SWOT Analysis

7.  Expert judgment

11.3  Perform Qualitative Risk Analysis Prioritizes risks for further analysis or action by assessing their probability of occurrence and impact. 1.  Risk probability and impact assessment

2.  Probability and impact matrix

3.  Risk data quality assessment

4.  Risk categorization

5.  Risk urgency assessment

6.  Expert judgment

11.4  Perform Quantitative Risk Analysis Numerically analyzes the effect of risks on overall project objectives. 1.  Data gathering and representation techniques

2.  Quantitative risk analysis and modeling techniques

3.  Expert judgment

11.5  Plan Risk Responses Develops options and actions to enhance opportunities and reduce threats to project objectives. 1.  Strategies for negative risks or threats

2.  Strategies for positive risks or opportunities

3.  Contingent response strategies

4.  Expert judgment

11.6  Control Risks Implements risk response plans, tracks identified risks, monitors residual risks, identifies new risks, and evaluates risk process effectiveness throughout the project. 1.  Risk reassessment

2.  Risk audits

3.  Variance and trend analysis

4.  Technical performance measurement

5.  Reserve analysis

6.  Meetings

3.   Risk Management Tools & Techniques
Here’s a description of the various tools & techniques used in the risk management processes.   Since there are 6 processes, with several tools & techniques that are unique to each process, it is quite a long list.
a.   Analytical techniques, meetings (11.1 Plan Risk Management)
These are all tools & techniques used in the planning process, particularly when creating management plans.  Analytical techniques are used to define the overall risk management approach on the project.   Expert judgment is used to obtain specialized or in-depth knowledge from those who have experience either in a subject area or on some aspect of the current project due to having worked on similar ones in the past.  The meetings are used not only for brainstorming, but also for obtaining buy-in from the entire project team.
b.  Expert judgment (11.1 Plan Risk Management, 11.2 Identify Risks, 11.3 Perform Qualitative Risk Analysis, 11.4 Perform Quantitative Risk Analysis, 11.5 Plan Risk Responses)
Expert judgment is also used not just to develop the risk management approach, but in identifying risks. analyzing them both qualitatively and quantitatively, and coming up with risk responses.

c.  Documentation reviews, Information gathering techniques, checklist analysis (11.2  Identify Risks) “Documentation reviews” means a structured review of project documentation in order to identify possible risks on the project. Information gathering techniques include

  • Brainstorming–generated by a group under the leadership of a facilitator
  • Delphi techniques–reaches a consensus through the use of a questionnaire given anonymously to a group of experts
  • Interviewing–one-on-one interviews of subject matter experts, experienced project participants, or stakeholders

“Checklist analysis” are risk identification checklists developed based on historical information regarding the industry and application area involved in a project. c.  Assumptions analysis, diagramming techniques, SWOT analysis “Assumptions analysis” explores the validity of assumptions as they apply to the project. Diagramming techniques include

  • Cause and effect diagrams–also known as “fishbone” or “ishikawa” diagrams, used to identify causes of risks
  • System or process flow charts–shows how elements of a system or process interrelate; used to identify the mechanism of causation of a problem
  • Influence diagrams–graphical representations of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes

SWOT analysis stands for the analysis of “Strengths-Weaknesses-Opportunities-Threats”, and is used to identify risks that come from within an organization and those that come from without. All of these techniques are used in the identification of risks as they not only identify risks but characterize what parts of the project they would effect.

d.  Risk probability and impact assessment, probability and impact matrix (11.3 Perform Qualitative Risk Analysis)

These tools are used to identify the a) probability of each risk of occurring, and b) its potential impact on the project.   At this stage, qualitative labels such as low/medium/high, or ranking on a scale from 1-10 are used to give a ranking along each dimensions for a given risk.   These two dimensions are then combined in a probability and impact matrix, which is used to give a risk rating to risks in order to prioritize them, and to give a general strategic response to that risk depending on where they fall in that matrix.

e.   Risk data quality assessment (11.3 Perform Qualitative Risk Analysis)

This assesses the accuracy of the data on the risks because low-quality risk data may be of little use to the project, and even worse, may harm the project due to inaccuracy of the data on which the risks were categorized.

f,   Risk categorization (11.3 Perform Qualitative Risk Analysis)

In preparing a risk to be put on the risk register, many features of the risk need to be understood, such as:

  • sources of risk (using Risk Breakdown Structure)
  • area of the project affected (using Work Breakdown Structure)

g.  Risk urgency assessment (11.3 Perform Qualitative Risk Analysis)

This assesses at which stage of the project the risk may be triggered.    Those risks that may be triggered at an earlier stage of the project have more urgency, as these near-term risks will need to have risk responses in place sooner than those risks which may occur later on in the project.   Some organizations combine not just the two factors of probability and impact, but they add a third factor of urgency to get an overall risk rating in order to prioritize risks.

h.  Data gathering and representation techniques (11.4 Perform Quantitative Risk Analysis)

When you have tools that have the word “Data” or “Quantitative” in them, you know you are dealing with 11.4 Perform Quantitative Risks Analysis).   Data gathering techniques regarding quantitative risk analysis include

  • Interviewing–draws on historical experience with similar projects in the past to quantity the probability and impact of risks on project objectives
  • Probability distributions–used in modeling and simulation techniques

i.  Quantitative Risk Analysis and Modeling Techniques (11.4 Perform Quantitative Risk Analysis)

These includes such techniques as

  • Sensitivity analysis–determines which risks have the most potential impact on a project
  • Expected monetary value (EMV) analysis–quantifies the potential impact on a project by taking the dollar value of the impact of a risk if it occurs and weighting it (multiplying it) by the probability of that risk occurring
  • Modeling and simulation–Monte Carlo technique is when a project model (showing assumptions which affect the risk) is simulated many times to get the average impact of the risks over the course of the entire project

j.  Strategies for negative risks (11.5 Plan Risk Responses)

Based on the results of the probability and impact matrix done in the Perform Quantitative Risk Analysis process, these are the general risk response strategies for dealing with negative risks.

k.  Strategies for positive risks or opportunities (11.5 Plan Risk Responses)

Based on the results of the probability and impact matrix done in the Perform Quantitative Risk Analysis process, these are the general risk response strategies for dealing with positive risks.

k.  Contingent response strategies (11.5 Plan Risk Responses)

Some responses may be triggered only if certain events occur, and under certain predefined conditions.  Risk responses that are identified in this way are called contingency plans.

l.  Risk reasessment (11.6 Control Risks)

At various points on the project, it is a good idea to do a risk reassessment, which includes doing the following:

  • identification of new risks
  • reassessment of current risks (i.e., have the probability and/or potential impact changed)
  • closing of risks that are outdated (because the events that would have triggered them did not occur)

m.  Risk Audits (11.6 Control Risks)

Rather than a reassessment of the risks, which is done in the the “risk reassessment” technique described in paragraph l above, risk audits examine the effectiveness of risk responses, as well as the effectiveness of the risk management process as a whole.

n.  Variance and Trend Analysis (11.6 Control Risks)

These types of analysis compare the planned results to the actual results.    If the risk management plan may include predefined levels of variance at which various actions must be taken, either corrective action or preventive action.

o.  Technical Performance Measurement (11.6 Control Risks)

As opposed to measurement of the scope, time or cost baseline, which is done in Variance and Trend Analysis (see paragraph n above), Technical Performance Measurement compares technical performance measures such as number of defects, transaction times, delivery times, etc.

p.   Reserve analysis (11.6 Control Risks)

If risks do occur, then the funds for risk responses come from contingency reserves if the risks are on the risk register.   If they are not planned risks (i.e., risks that are on the risk register), then ad hoc risk responses called “workarounds” must be developed and these come not from contingency reserves, which are under control of the project manager, but from management reserves, which as the name implies are under control of management that sponsored the project, and not under the direct control of the project manager. Once the risk responses are completed, the remaining contingency reserves are analyzed to see if they are adequate for the remainder of the project of if they need to be increased, in which case it should be reported to management.    If risk responses are not utilized because certain risks do not occur, then the excess in contingency reserves should also be reported to management, because this excess no longer being needed on the project, might be utilized for other projects in the organization.

4.  Conclusion

Risk management contains a wide variety of tools, but because the processes are relatively distinct in character, there are very few tools & techniques which are used on multiple processes (expert judgment, meetings for example are the only ones that come to mind).    In addition, for any given tool & technique, it should be fairly obvious which process it is associated with.   The real test of your knowledge will be for your to be able to think of at least 3 tools and/or techniques for each of the six processes.

The next post will be on the Tools & Techniques associated with the processes of chapter 12 of 5th Edition PMBOK® Guide, that covering the Procurement Management knowledge area.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: