5th Edition PMBOK® Guide–Step 6: Memorizing Inputs & Outputs (Risk Management Part 1)

In this next series of posts on memorizing the processes, we move on to the final step 6, which is memorizing the INPUTS & OUTPUTS associated with each of the 47 processes.   In order to breakdown the memorization into more bite-size chunks, I am breaking down the processes in the 10 knowledge areas into 2 or 3 posts each.

This post covers chapter 11 of the PMBOK® Guide, which covers the Risk Knowledge Area. This knowledge area contains 6 processes, the first five of which are in the Planning Process Group, and the last of which is in the Monitoring & Controlling Group.

I am splitting the discussion of the Inputs & Outputs into three different posts, each covering two processes.   This post will cover Process 11.1 Plan Risk Management and 11.2 Identify Risks.

2.  Review of processes 11.1 and 11.2 together with their ITTOs (Inputs, Tools & Techniques, Outputs)

Process Name Tools & Techniques Inputs Outputs
11.1 Plan Risk Management 1. Analytical techniques2. Expert judgment

3. Meetings

1. Project management plan2. Project charter

3. Stakeholder register

4. EEFs

5. OPAs

1. Risk Management Plan
11.2 Identify Risks 1. Documentation reviews2. Information gathering techniques

3. Checklist analysis

4. Assumptions analysis

5. Diagramming techniques

6. SWOT analysis

7. Expert judgment

1. Risk Management Plan2. Cost Management Plan

3. Schedule Management Plan

4. Quality Management Plan

5. Human Resources Management Plan

6. Scope baseline

7. Activity cost estimates

8. Activity duration estimates

9. Stakeholder register

10. Project documents

11. Procurement documents

12. EEFs

13. OPAs

1. Risk register

In general, the inputs are more numerous and more complicated to remember than the outputs.    This was never more true than in the case of Risk Management processes, especially with these first two processes.    Each process has only one output, but there are 13 inputs to 11.2 Identify Risks, which is an indication of how complex and wide-ranging the information is that goes into the process.

3.  Outputs of processes 11.1 Plan Risk Management and 11.2 Identify Risks

a. Risk Management Plan (11.1 Plan Risk Management)

The main, in fact the only, output of Plan Risk Management is the Risk Management Plan, which consists of the following elements, arranged by category:

Category Plan Element Definition of Element
1. OPAs Methodology Tools and data sources from the organization to be used in risk management.
2. Time Timing How and when risk management activities will be conducted; protocol for application of contingency and management reserves.
3. Cost Budgeting Funds needed for risk management activities
4. Quality Tracking How risk activities will be recorded in order to audit and improve risk management processes.
5. HR Roles and Responsibilities Defines, for each type of activity in the risk management plan, the following:

  • Lead (accountable)
  • Team members (responsible)
  • Support (consult)
6. Communication Reporting formats Defines how the outcomes of the risk management process will be documented, analyzed, and communicated.
7. Risk Risk categories Grouping potential sources of risk on the project, often in the form of a Risk Breakdown Structure (RBS).
8. Probability and impact definitions Different levels of risk probability and impact are defined (low, medium, high, etc.)
9. Probability and impact matrix Grid for mapping the probability of each risk and its potential impact on the project.
10. Stakeholders Stakeholder risk tolerances Stakeholder risk tolerances may be revised during the course of this process.

As you can see, there are many elements of the risk management plan that are related to other knowledge areas.   That is one of the reasons why the inputs come from many of those same knowledge areas.

b. Risk register (11.2 Identify Risks)

The risk register is an output of ALL the processes of risk management.    It starts out as an output of process 11.2 Identify Risks, but information regarding each risk is added in the course of each subsequent planning process.

At this point, after 11.2 Identify Risks, the main elements of the Risk Register are:

  • List of identified risks–sometimes put in a format of “cause-event-effect”, where if a certain cause exists, an event may occur leading to an effect.
  • List of potential responses–although process 11.5 Plan Risk Responses comes later, IF any potential responses to the identified risks are identified even this early i the planning process, they are put in the risk register

4.  Inputs of processes 11.1 Plan Risk Management and 11.2 Identify Risks

a. Project management plan (11.1 Plan Risk Management)

The most important components of the project management plan to be considered an input to this process are the performance baselines of scope, time, and cost.

b. Project charter (11.1 Plan Risk Management)

The project charter may include high-level risks, high-level project descriptions, and high-level requirements.

c. Stakeholder register (11.1 Plan Risk Management)

Provides an overview of the roles of the various stakeholders, which may provides information on how they could be affected by various risks to the project.

d. Risk Management Plan (11.2 Identify Risks)

The elements of the risk management plan that are inputs to the 11.2 Identify Risks process are:

  • Assignments of roles and responsibilities (with regard to risk-related activities)
  • Provision for risk management activities in the budget and schedule
  • Categories of risk (sometimes expressed as a risk breakdown structure)

e. Cost Management Plan (11.2 Identify Risks)

This contains processes and controls that can be used to identify risks across the project.

f. Schedule Management Plan (11.2 Identify Risks)

Provides insight project time/schedule objectives and expectations which may be impacted by risks.

g. Quality Management Plan (11.2 Identify Risks)

Provide a baseline of quality measures and metrics for use in identifying risks.

h. Human Resources Management Plan (11.2 Identify Risks)

Provides guidance on how project human resources should be defined, staffed, managed, and eventually released from the project.   These, together with roles and responsibilities, project organization charts, and the staffing management plan, form a key input in identifying risk processes.

i. Scope baseline (11.2 Identify Risks)

The project scope statement, one of the three components of the scope baseline, contains a list of project assumptions.  Uncertainty in these project assumptions should be evaluated as potential causes of project risk.

The WBS, another component of the scope baseline, is a critical input to identifying risks as it helps one understand the potential risks at a micro and macro and micro level, with risks identified at the level of work package, control account, or summary level.

j. Activity cost estimates (11.2 Identify Risks)

They provide a quantitative assessment of the likely cost to complete scheduled activities and are ideally expressed as a range, with the width of the range indicating the degree of risk.

k. Activity duration estimates (11.2 Identify Risks)

They provide time allowances for the activities or the project as a whole, and like the activity cost estimates mentioned in paragraph j above, expressed as a range, with the width of the range indicating the degree of risk.

l. Stakeholder register (11.2 Identify Risks)

Useful for identifying those stakeholders whom one should approach to solicit inputs to identify risks.

m. Project documents (11.2 Identify Risks)

The following project documents may provide the project team with information on decisions related to risk:

  • Project charter
  • Project schedule and schedule network diagrams
  • Issue log
  • Quality checklist

n. Procurement documents (11.2 Identify Risks)

Procurement documents become a key input to identifying risks associated with the procurements.

o. EEFs (11.1 Plan Risk Management and 11.2 Identify Risks)

The EEFs that are inputs to 11.1 Plan Risk Management include

  • Risk attitudes
  • Risk thresholds
  • Risk tolerances

These provide information that describes the degree of risk that an organization will be able to withstand.

The EEFs that are inputs to 11.2 Identify Risks include

  • Published information, including commercial database and academic studies of risk
  • Published checklists
  • Benchmarking and industry studies
  • Risk attitudes

p. OPAs (11.1 Plan Risk Management and 11.2 Identify Risks)

The OPAs that are inputs to 11.1 Plan Risk Management include

  • Risk categories
  • Risk statement formats
  • Risk templates
  • Roles and responsibilities
  • Authority levels of decision making
  • Lessons learned from previous projects

The OPAs that are inputs to 11.2 Identify Risks include

  • Project files, including actual data on risks from previous projects
  • Organizational and project process controls
  • Risk statement formats or templates
  • Lessons learned from previous projects

You can see by the very long list of inputs that risk management is intimately related to all other knowledge areas.   The uncertainty regarding cost and schedule estimates, for example, is directly related to the degree of risk, which can be examined in terms of its cause by looking at the underlying assumptions behind those estimates.

The process 11.2 Identify Risks is one of the most complicated processes of all the 47 project management processes, and one way to understand this complexity to realize how many different knowledge areas provide inputs to it.   Once you understand this complexity, however, it will give you a new appreciation as to why anticipating problems on a project and preventing them should have a higher priority than simply dealing with problems as they occur.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: