6th Edition PMBOK® Guide: Process 11.7 Monitor Risks: Tools and Techniques

In monitoring risks, you are not only monitoring the existing risks in the risk register, but you are seeing if there are new risks out there to be added to that register.   The tools and techniques listed under “Data Analysis” below are part of that process.   This is what might be considered the analogy of “quality control” when it comes to risk management.  The analogy of “quality assurance” comes with “Risk Audits”, another tool and technique listed below.

And since risk is such a multi-faceted phenomenon, it requires a large set of eyes and differing perspectives that come with them in order to get a handle on it.   This is where the final tool and technique comes in, that of “Meetings”, which should be a familiar tool and technique because it happens with a lot of processes that cover a lot of complex territory.

11.7.2  Monitor Risks:  Tools and Techniques  Data Analysis

  • Technical performance analysis–technical performance measures such as weight of the item being produced, transaction times, number of delivered defects, storage capacity, etc. (depending on the type of project) can be analyzed to see if there is deviation, which can indicate the possible existence of underlying risk.
  • Reserve analysis–reserve analysis compares the amount of contingency reserves remaining to the amount of risk remaining at any time in the project in order to determine if the remaining reserve is adequate.   So this is monitoring risk not directly, but indirectly through the contingency reserves which are used to pay for risk responses.   If risks do not occur, then the contingency reserves which were meant to pay for those risks can go back into the “pool” of reserves and strengthen this ratio.  Risk Audits

Risk audits consider the effectiveness of the risk management process.    Although the project manager is responsible for ensuring that risk audits are performed, PMI suggests that risk audit meetings be held separately from the risk review meetings in order to separate the “quality control” (focusing on the results) vs. the “quality assurance” (focusing on the process) aspects of risk management.   The format for the risk audit needs to be defined in the risk management plan before the audit is conducted.    The “quality control” part of the risk review is reviewing the effectiveness of the risk responses themselves, and this is done as part of the risk review meetings (see paragraph below).  Meetings

Risk reviews are scheduled meetings and, although PMI prefers to have risk review meetings separate from the periodic status meetings, they can be combined if this is specified in the risk management plan.   However, PMI does consider it imperative that risks be reviewed periodically in such meetings whether they are separate or combined with other meetings, and these meetings should discuss the following topics:

  • Documenting the effectiveness of risk responses in dealing with overall project risk and identified individual project risks
  • Identification of new individual project risks (including secondary risks that arise from agreed-upon risk responses)
  • Reassessment of current risks (are they are any risks on the watch list, for example, that have increased in either probability and/or impact such that they now merit a risk response)
  • Closing of risks that are outdated (and return of the contingency funds for the associated risk responses to the overall contingency reserve)
  • Issues that have arisen as the result of risks that have occurred
  • Identification of lessons to be learned for implementation in ongoing phases of hte current project

In the next post, I will cover the outputs for this process.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: