Project Risk

Management
PMP Study Workbook

Dan Ryan, MBA, PMP, PMI-ACP

www.pmexamcoach.com
TABLE OF CONTENTS
Project Risk Management ...........................................................................................................1
Risk Management Overview .............................................................................................................. 1
Risk Management Key Concepts ........................................................................................................ 2
Risk Management Trends & Emerging Practices ................................................................................. 2
Risk Management Tailoring Considerations ....................................................................................... 3
Risk Management Considerations for Agile Environments................................................................. 4
Plan Risk Management ....................................................................................................................... 4
Plan Risk Management: Inputs ................................................................................................................................ 5
Plan Risk Management: Tools & Techniques ........................................................................................................ 5
Plan Risk Management: Outputs ............................................................................................................................ 6
Identify Risks ...................................................................................................................................... 7
Identify Risks: Inputs ................................................................................................................................................. 8
Identify Risks: Tools & Techniques....................................................................................................................... 10
Identify Risks: Outputs........................................................................................................................................... 11
Perform Qualitative Risk Analysis ................................................................................................... 12
Perform Qualitative Risk Analysis: Inputs .......................................................................................................... 12
Perform Qualitative Risk Analysis: Tools & Techniques .................................................................................. 13
Perform Qualitative Risk Analysis: Outputs ...................................................................................................... 15
Perform Quantitative Risk Analysis ................................................................................................. 15
Perform Quantitative Risk Analysis: Inputs ....................................................................................................... 16
Perform Quantitative Risk Analysis: Tools & Techniques ................................................................................ 17
Perform Quantitative Risk Analysis: Outputs .................................................................................................... 19
Plan Risk Responses ......................................................................................................................... 20
Plan Risk Responses: Inputs .................................................................................................................................. 20
Plan Risk Responses: Tools & Techniques........................................................................................................... 21
Plan Risk Responses: Outputs ............................................................................................................................... 25
Implement Risk Responses ............................................................................................................... 26
Implement Risk Responses: Inputs ........................................................................................................................ 27
Implement Risk Responses: Tools & Techniques ................................................................................................ 27
Implement Risk Responses: Outputs .................................................................................................................... 28
Monitor Risks .................................................................................................................................... 29
Monitor Risks: Inputs .............................................................................................................................................. 29
Monitor Risks: Tools & Techniques....................................................................................................................... 30
Monitor Risks: Outputs........................................................................................................................................... 31
 Project Risk Management

Project Risk Management

P M P S T U DY W O R K B O O K

PROJECT RISK MANAGEMENT

Risk Management Overview

According to the PMBOK® Guide, “Project Risk

Management includes the processes of conducting risk
management planning, identification, analysis,
response planning, response implementation, and monitoring risk on a project.” The objectives of
project risk management are to increase the probability and/or impact of positive risks, and
decrease the probability and/or impact of negative risks.

The following processes are contained in the Project Risk Management Knowledge Area:

Plan Risk Perform

Management Identify RIsks Qualitative
Risk Analysis

Perform Plan Risk Implement

Quantitative Responses Risk
Risk Analysis Responses

Monitor Risks

Visit www.pmexamcoach.com for exam resources Page 1

Project Risk Management

Risk Management Key Concepts

All projects are risky since they are unique undertakings with varying degrees of complexity
that aim to deliver benefits. They do this in a context of constraints and assumptions, while
responding to stakeholder expectations that may be conflicting and changing.

Risks exists at two levels within every project: 1) individual project risk that can affect the
achievement of the project objectives, and 2) overall project risk that arises from the
combination of individual project risks and other sources of uncertainty.

Individual Project Risk – An uncertain event or condition that, if it occurs, has a positive or
negative effect on one or more project objectives. Individual project risks can have a
positive or negative effect on project objectives if they occur. Project risk management
aims to exploit or enhance positive risks (opportunities) while avoiding or mitigating
negative risks (threats).

 Overall Project Risk – The effect of uncertainty on the project as a whole, arising from all
sources of uncertainty including individual risks. Overall project risk represents the
exposure of stakeholders to the implications of variations in project outcome, both positive
and negative. Overall project risk can also be positive or negative. Management of
overall project risk aims to keep project risk exposure within an acceptable range to help
maximize the probability of achieving overall project objectives.

Risks will continue to emerge during the lifetime of the project. This means that the initial risk
management processes are performed at the beginning of the project by shaping the project
strategy, but also iteratively throughout the project life cycle.

Risk Management Trends & Emerging Practices

The focus of project risk management is broadening to ensure that all types of risks are
considered, and that project risks are understood in a wider context. Following are some major
trends and emerging practices for Project Risk Management:

Non-Event Risks – There is an increasing recognition that non-event risks need to be

identified and managed, in addition to risks that are uncertain future events that may or may
not occur. The two main types of non-event risks are variability risk and ambiguity risk.

Page 2 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

 Variability Risks – These are risks where uncertainty exists about some key characteristics
of a planned event, activity, or decision (e.g., unseasonal weather conditions may occur
during the construction phase).

 Ambiguity Risks – These are risks where uncertainty exists about what may happen in the
future and normally occur where areas of the project experience imperfect knowledge
that might affect the project’s ability to achieve its objectives (e.g., future developments in
regulatory frameworks).

Project Resilience – The existence of emerging risk is becoming clear with a growing
awareness of “unknowable-unknowns”. These are risks that can only be recognized after they
occur. Emergent risks can be handled by project resilience.

PMP Exam Study Tip

"Unknowable-unknowns" is a new concept in project risk

management. We can be certain that such risks exist even though
we cannot describe them, so their probability is 100%. The
uncertainty lies in the fact that these risks might have an effect on
the project if they occur.

Integrated Risk Management – Projects exist in an organizational context, and they may
form part of a program or portfolio. Risks exist at each of these levels, and risks should be
owned and managed at the appropriate level.

Risk Tailoring Considerations

Because each project is unique, the project manager may need to tailor the way that Project Risk
Management processes are applied. Following are key considerations that the project manager
should keep in mind when applying the Project Risk Management processes:

Visit www.pmexamcoach.com for exam resources Page 3

Project Risk Management

Project Size Project Project Development

Complexity Importance Approach

Risk Management Considerations for Agile Environments

High-variability environments by their very nature incur more uncertainty and risk. Following are
key considerations that the project team should keep in mind when working in an agile project
environment:

Agile projects should make use of frequent reviews of incremental work products.

Agile projects should make use of frequent reviews of cross-functional project teams to
accelerate knowledge sharing and ensure that risks are understood and managed.

Agile projects should consider risk when selecting the content of each iteration, and the
identification, analysis, and management of risks during each iteration.

Agile projects should ensure that requirements are kept as a dynamic living document that is
updated regularly.

Agile projects should understand that work may be reprioritized as the project progresses,
based on an improved understanding of current risk exposure.

Plan Risk Management

According to the PMBOK® Guide, “Plan Risk Management is the process of

defining how to conduct project risk management activities for a project.”
This process benefits the project by ensuring that the degree, type and
visibility of risk management are proportionate to both risks and the
importance of the project to the organization and other stakeholders.

Page 4 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

The Plan Risk Management process should begin when the project is conceived and the initial risk
management activities should be completed early in the project. It is commonly necessary to revisit
this process later in the project life cycle.

Plan Risk Management: Inputs

Project Project Project

Charter Management Documents
Plan

EEFs OPAs

Project Charter – Components for this process include high-level project description and
boundaries, high-level requirements, and high-level risks.

Project Management Plan – All approved subsidiary management plans should be taken into
consideration in order to make the risk management plan consistent with them.

Project Documents (e.g., the stakeholder register)

Enterprise Environmental Factors (EEFs) (e.g., overall risk thresholds set by the organization
or key stakeholders.

Organizational Process Assets (OPAs) – Examples include organizational risk policy and risk
categories.

Plan Risk Management: Tools & Techniques

Expert Data Analysis Meetings

Judgment Techniques

Visit www.pmexamcoach.com for exam resources Page 5

Project Risk Management

Expert Judgment – Those individuals or groups that possess specific expertise in areas such as
familiarity with the organization’s risk management approach, and how to tailor risk
management activities to the specific needs of the project should be consulted while
performing this process.

Data Analysis Techniques (e.g., stakeholder analysis)

Meetings – The risk management plan may be developed as part of a project kickoff
meeting, or a specific risk management planning meeting may be held.

Plan Risk Management: Outputs

Risk
Management
Plan
Risk Management Plan – The risk management plan is the sole output of the Plan Risk
Management process. It is a component of the project management plan that describes how
risk management activities will be structured and performed. Elements that are commonly
included in the risk management plan include risk strategy, risk methodology, risk roles and
responsibilities, risk funding, and risk activity timing, which have already been discussed.
Following are some additional risk management plan elements that are commonly included:

 Stakeholder Risk Appetite – This refers to the degree of uncertainty an organization or

an individual is willing to accept in anticipation of a reward.

 Risk Probability and Impact Definitions – These refer to the risk probability and impact
levels that are specific to the project context, and that reflect the risk appetite and
thresholds of the organization and the key stakeholders.

 Risk Probability and Impact Matrix – This is a grid used for mapping the probability of
occurrence for each risk, and its impact on project objectives if the risk occurs.

 Risk Reporting Formats – Reporting formats define how the outcomes of the Project Risk
Management process will be documented, analyzed, and communicated (e.g., risk register
format, risk report format).
Page 6 Visit www.pmexamcoach.com for exam resources
 Project Risk Management

 Risk Tracking Documents – These documents track how risk activities will be recorded
and how risk management processes will be audited.

 Risk Categories – These provide a means for grouping individual project risks. A risk
breakdown structure (RBS) is commonly used to categorize project risks. The RBS is a
hierarchical representation of potential sources of risks that helps the project team
consider the full range of sources from which individual risks arise.

Project

Technical External Client Management

Requirement Contract Targets Resources

Design Funding Tactics Corporate

Quality Funding Stakeholder

Performance

Figure 9-1 Risk Breakdown Structure

Identify Risks

According to the PMBOK® Guide, “Identify Risks is the process of

identifying individual project risks and sources of overall project risk, and
documenting their characteristics.” This process benefits the project by
documenting individual project risks and the sources of overall project risk.

Visit www.pmexamcoach.com for exam resources Page 7

Project Risk Management

All project stakeholders should be encouraged to identify individual project risks. This is especially
true of the project team members to maintain a sense of risk ownership, responsibility for
identified project risks, the level of overall project risks, and associated risk response activities.

PMP Exam Study Tip

Identify Risks is an iterative process, since new individual project

risks may emerge, and overall project risk will change as the
project progresses through its life cycle.

Identify Risks: Inputs

Project Project
Management Documents Agreements
Plan

Procurement EEFs OPAs

Documentation

Project Management Plan – Following are common components used in this process from the
project management plan:

 Requirements Management Plan

 Schedule Management Plan

 Cost Management Plan

 Quality Management Plan

 Resource Management Plan

Page 8 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

 Risk Management Plan

 Scope Baseline

 Schedule Baseline

 Cost Baseline

Project Documents:

 Assumption Log

 Cost Estimates

 Duration Estimates

 Issue Log

 Lessons Learned Register

 Resource Requirements

 Stakeholder Register

Agreements – If external procurement is necessary for the project, agreements contain

information that can present project threats or project opportunities.

Procurement Documentation – As procurement documentation is updated throughout the

project, the most up to date documentation can be reviewed for risks.

Enterprise Environmental Factors (EEFs) – These can be internal to the organization (e.g.,
benchmarking results), or external to the organization (e.g., commercial risk database or
checklists.).

Organizational Process Assets (OPAs) – Examples include organizational and project

process controls, and risk statement formats.

Visit www.pmexamcoach.com for exam resources Page 9

Project Risk Management

Identify Risks: Tools & Techniques

Expert Data- Data

Judgment Gathering Analysis
Techniques Techniques

Interpersonal Prompt Lists Meetings

& Team Skills

Expert Judgment – Those individuals or groups that possess specialized knowledge of similar
projects or similar business areas should be consulted while performing this process.

Data-Gathering Techniques – Important data gathering techniques used in this process are
brainstorming, checklists, and interviews.

Data Analysis Techniques – These commonly include root cause analysis, SWOT analysis,
and document analysis, which have already been discussed. Another important data analysis
technique used in this process is assumption and constraint analysis.

Every project and its project management plan are conceived and developed based on a set
of assumptions and within a series of constraints. Assumption and constraint analysis explores
the validity of assumptions and constraints to determine which pose a risk to the project.

Interpersonal & Team Skills – An important interpersonal and team skill used in this process is
facilitation.

Prompt Lists – This is a predetermined list of risk categories that may help identify individual
project risks, and that could also act as sources of project risks.

Meetings – A common meeting held during the Identify Risks process is a risk workshop. This is
a specialized meeting that uses brainstorming techniques to identify project risks.

Page 10 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

Identify Risks: Outputs

Project
Risk Report Documents Risk Register
Updates

Risk Report – This is a project document that summarizes information on individual project risks
and the level of overall project risk.

Project Documents Updates – Commonly used project documents that are updated as part of
this process include the assumption log, the issue log, and the lessons learned register.

Risk Register – This is a component of the project management plan and acts as a repository
for recorded outputs of risk management processes. At a minimum, it should include a list of
identified risks, a list of potential risk owners, and a list of potential risk responses.

Figure 9-2: Risk Register

Visit www.pmexamcoach.com for exam resources Page 11

Project Risk Management

Perform Qualitative Risk Analysis

According to the PMBOK® Guide, “Perform Qualitative Risk

Analysis is the process of prioritizing individual project risks
for further analysis or action by assessing their probability of
occurrence and impact, and other characteristics.” This process
benefits the project by helping the project team focus their
efforts on high-priority risks.

Perform Qualitative Risk Analysis establishes the relative priorities of individual project risks for
the Plan Risk Responses process. It identifies a risk owner for each risk who will take responsibility
for planning an appropriate risk response and ensuring that it is implemented.

PMP Exam Study Tip

The Perform Qualitative Risk Analysis process is an iterative

process performed regularly throughout the project life cycle. In
agile environments it is commonly performed before the start of
each iteration.

Perform Qualitative Risk Analysis: Inputs

Project Project
Management Documents EEFs OPAs
Plan

Project Management Plan – The main component for this process includes the risk
management plan.

Project Documents: These commonly include the assumption Log, the risk register, and the
stakeholder register.

Page 12 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

Enterprise Environmental Factors (EEFs) – Examples include industry studies of similar

projects and commercial risk databases or checklists.

Organizational Process Assets (OPAs) – Examples include information from similar

completed projects.

Perform Qualitative Risk Analysis: Tools & Techniques

Expert Data Analysis Risk

Judgment Techniques Categorization

Data
Representation Meetings
Techniques

Expert Judgment – Those individuals or groups that possess specific expertise in areas such as
knowledge of previous similar projects and qualitative risk analysis should be consulted while
performing this process.

Risk Categorization – Project risks can be categorized by sources of risks and commonly uses
the risk breakdown structure (RBS) to accomplish this. The risk categories that may be used for
the project are defined in the risk management plan.

Hierarchical Charts – If project risks have been categorized using more than two parameters,
the probability and impact matrix cannot be used. In this case other graphical representations
should be used (e.g., a bubble chart).

Data Analysis Techniques:

 Risk Data Quality Assessment – This technique is used to evaluate the degree to which
the data about risks is useful for risk management.

 Risk Probability and Impact Assessment – This technique is used to determine the
likelihood that a specific risk will occur, and its potential effect on one or more project

Visit www.pmexamcoach.com for exam resources Page 13

Project Risk Management

objectives (e.g., schedule, cost, quality, performance).

 Other Risk Parameter Assessments – This technique is used to identify risk characteristics
other than probability and impact when prioritizing individual project risks for further
analysis and action.

Urgency Manageability Connectivity

Proximity Controllability Strategic Impact

Dormancy Detectability Propinquity

Table 9-1: Additional Characteristics of Risk

Data Representation Techniques – Typical data representation techniques used in this

process include:

 Risk Probability and Impact Matrix – This is a grid used for mapping the probability of
occurrence for each risk, and its impact on project objectives if the risk occurs. It specifies
combinations of probability and impact that allow individual projects risks to be divided
into priority groups.

Risk Short Description Impact Probability Score

Team not staffed in time 4 5 20

Language misunderstandings 3 5 15

Team not experienced 3 5 15

Too many conflicting interests 4 2 8

Project manager overwhelmed 4 2 8

Available resources 2 2 4

Testers not available 2 2 4

Figure 9-3: Risk Probability and Impact Matrix

Page 14 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

Meetings – A common meeting held during the Identify Risks process is a risk workshop. This is
a specialized meeting that uses brainstorming techniques to identify project risks.

Perform Qualitative Risk Analysis: Outputs

Project
Documents
Updates

Project Documents Updates – Although many different project documents are updated as a
result of performing this process, following are the major ones:

 Assumption Log

 Issue Log

 Risk Register

 Risk Report

Perform Quantitative Risk Analysis

According to the PMBOK® Guide, “Perform Quantitative
Risk Analysis is the process of numerically analyzing the
combined effect of identified individual project risks and
other sources of uncertainty on overall project objectives.”
This process benefits the project by quantifying overall project risk exposure, and providing
additional quantitative risk information to support risk response planning.

The Perform Quantitative Risk Analysis process uses information on individual project risks that
have been assessed by the Perform Qualitative Risk Analysis process as having a significant
potential to affect the project’s objectives. The outputs from Perform Quantitative Risk Analysis are

Visit www.pmexamcoach.com for exam resources Page 15

Project Risk Management

used as inputs to the Plan Risk Responses process, and normally include recommended responses
to the level of overall project risk and key individual risks.

PMP Exam Study Tip

Perform Qualitative Risk Analysis should be performed on every

project so that an initial risk score (probability X impact) can be
determined for identified project risks.

Example: Qualitative risk score scale = 1 to 3

Perform Quantitative Risk Analysis should only be performed if

the initial qualitative risk scores assigned to project risks do not
provide enough detail to properly prioritize them.

Example: Quantitative risk score scale = 1 to 10

Perform Quantitative Risk Analysis: Inputs

Project Project
Management Documents EEFs OPAs
Plan

Project Management Plan – Following are common components used in this process from the
project management plan:

 Risk Management Plan

 Scope Baseline

 Schedule Baseline

Page 16 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

 Cost Baseline

Project Documents:

 Assumption Log

 Cost Estimates

 Cost Forecasts

 Duration Estimates

 Milestone List

 Resource Requirements

 Risk Register

 Risk Report

 Schedule Forecasts

Enterprise Environmental Factors (EEFs) – Examples include industry studies of similar

projects and commercial risk databases or checklists.

Organizational Process Assets (OPAs) – Examples include information from similar

completed projects.

Perform Quantitative Risk Analysis: Tools & Techniques

Expert Data- Interpersonal &

Judgment Gathering Team Skills
Techniques

Representations Data Analysis

of Uncertainy Techniques

Visit www.pmexamcoach.com for exam resources Page 17

Project Risk Management

Expert Judgment – Those individuals or groups that possess specific expertise in areas such as
selecting the most suitable tools for risk modeling techniques and interpreting the outputs of
quantitative risk analysis should be consulted during this process.

Data-Gathering Techniques – An important data gathering technique used in this process is

interviews.

Interpersonal & Team Skills – An important interpersonal and team skill used in this process is
facilitation.

Representations of Uncertainty – Quantitative risk analysis requires inputs to a quantitative

risk analysis model that reflects individual project risks and other sources of uncertainty.
Individual project risks can be effectively analyzed using probability distributions. Other
sources of uncertainty can be effectively analyzed using branches to describe alternative
paths through the project.

Data Analysis Techniques:

 Sensitivity Analysis – This is data analysis technique used to determine which individual
project risks or other sources of uncertainty have the most potential impact on project
outcomes. This is achieved by correlating variations in project outcomes with variations in
elements of a quantitative risk analysis model.

Figure 9-4: Tornado Diagram

Page 18 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

 Decision Tree Analysis – A diagramming and calculation technique for evaluating the
implications of a chain of multiple options in the presence of uncertainty.

Figure 9-5: Decision Tree Analysis

 Influence Diagrams – These are graphical representations of situations showing

causal influences, time ordering of events, and other relationships among variables
and outcomes.

Figure 9-6: Influence Diagram

 Simulation – This is an analytical technique that models the combined effect of

uncertainties to evaluate their potential impact on project objectives. These are commonly
performed using Monte Carlo analysis.

Visit www.pmexamcoach.com for exam resources Page 19

Project Risk Management

Perform Quantitative Risk Analysis: Outputs

Project
Documents
Updates
Project Documents Updates – Although many different project documents as a result of
performing this process, following are the major ones:

 Overall Project Risk Exposure Assessment

 Detailed Probabilistic Project Analysis

 Quantitative Risk Analysis Trends

 Recommended Risk Responses

Plan Risk Responses

According to the PMBOK® Guide, “Plan Risk Responses is the process of developing options,
selecting strategies, and agreeing on actions to address overall project risk exposure and
agreeing on how to handle individual project risks.” This process benefits the project by identifying
appropriate ways to address overall project risk and individual project risks. Effective and
appropriate risk responses can minimize individual threats, maximize individual opportunities, and
reduce overall project risk exposure. Unsuitable risk responses can have the opposite effect.

Plan Risk Responses: Inputs

Project Project
Management Documents EEFs OPAs
Plan

Page 20 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

Project Management Plan – A common component of the project management plan used in
this process is the risk management plan.

Project Documents – Although many different project documents are updated as a result of
performing this process, following are the major ones:

 Lessons Learned Register

 Project Schedule

 Project Team Assignments

 Resource Calendars

 Risk Register

 Risk Report

 Stakeholder Register

Enterprise Environmental Factors (EEFs) – Examples include the risk appetites and thresholds
of key stakeholders.

Organizational Process Assets (OPAs) – Examples include templates for the risk
management plan, risk register and risk report.

Plan Risk Responses: Tools & Techniques

Expert Data- Interpersonal Negative Risk

Judgment Gathering & Team Skills Response
Techniques Strategies

Positive Risk Overall Project Data Analysis Decision

Response Risk Response Techniques Making
Strategies Strategies

Expert Judgment – Those individuals or groups that possess specific expertise in areas such as
threat response strategies and opportunity response strategies should be consulted.

Visit www.pmexamcoach.com for exam resources Page 21

Project Risk Management

Data-Gathering Techniques – An important data gathering technique used in this process is

interviews.

Interpersonal & Team Skills – An important interpersonal and team skill used in this process is
facilitation.

Negative Risk Response Strategies:

Escalate Avoid Transfer Mitigate Accept

 Escalate – Escalation is appropriate when the project team or the project sponsor agrees
that the threat is outside the scope of the project or that the proposed response would
exceed the project manager’s authority.

 Avoid – Risk avoidance is when the project team acts to eliminate the threat or protect the
project from its impact. It may be appropriate for high-priority threats with a high
probability of occurrence and a large negative impact.

 Transfer – Transfer involves shifting ownership of a threat to a third party to manage the
risk and bear the impact if the threat occurs (e.g., insurance).

 Mitigate – In risk mitigation, action is taken to reduce the probability of occurrence and/or
impact of a threat. Early mitigation action is often more effective that trying to repair the
damage after the threat has occurred.

 Accept – Risk acceptance acknowledges the existence of a threat, but no proactive action
is taken. This strategy may be appropriate for low-priority threats, and it may also be
adopted where it is not possible or cost effective to address a threat in any other way.

Page 22 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

Positive Risk Response Strategies:

Escalate Exploit Share Enhance Accept

 Escalate – Escalation is appropriate when the project team or the project sponsor agrees
that the opportunity is outside the scope of the project or that the proposed response
would exceed the project manager’s authority.

 Exploit – This strategy may be selected for high-priority opportunities where the
organization wants to ensure that the opportunity is realized.

 Share – Sharing involves transferring ownership of an opportunity to a third party so that

it shares some of the benefit if the opportunity occurs.

 Enhance – Accepting an opportunity acknowledges its existence but no proactive action is

taken.

 Accept - Risk acceptance acknowledges the existence of an opportunity, but no proactive

action is taken. This strategy may be appropriate for low-priority opportunities, and it
may also be adopted where it is not possible or cost effective to address an opportunity.

PMP Exam Study Tip

Contingent risk response strategies are used only if certain events

occur. Risk responses identified are called contingency plans or
fallback plans, both of which include identified trigger conditions.

Visit www.pmexamcoach.com for exam resources Page 23

Project Risk Management

Overall Project Risk Response Strategies

Avoid Exploit Transfer/ Mitigate/ Accept

Share Enhance

 Avoid – Where the level of overall project risk is significantly negative and outside the
agreed-upon thresholds of the project, an avoid strategy may be adopted.

 Exploit – Where the level of overall project risk is significantly positive and outside the
agreed-upon thresholds of the project, an exploit strategy may be adopted.

 Transfer/Share – If the level of overall project risk is high but the organization is unable to
address it effectively, a third party may be involved to manage the risk on behalf of the
organization.

 Mitigate/Enhance – These strategies involve changing the level of overall project risk to
optimize the chances of achieving the project’s objectives. Mitigate is used where overall
project risk is negative. Enhance is used where overall project risk is positive.

 Accept – Where no proactive risk response strategy is possible to address overall project
risk, the organization may choose to continue with the project as currently defined, even if
overall project risk is outside the agreed-upon thresholds.

PMP Exam Study Tip

The active acceptance strategy is where proactive actions are

performed if the risk occurs (e.g., contingency plan creation. The
active acceptance strategy is where the only action taken is a
periodic review of the overall project risk.

Page 24 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

Data Analysis Techniques (e.g., alternatives analysis, cost-benefit analysis)

Decision Making – This technique can be used to select a risk response strategy (e.g.,
multicriteria decision analysis).

Plan Risk Responses: Outputs

Change Project Project

Requests Management Documents
Plan Updates Updates

Change Requests – Planned risk responses may result in a change request to the cost and
schedule baselines or other components of the project management plan.

Project Management Plan Updates – Any recommended change to the project management
plan must have a change request submitted. Although any component of the project
management plan may be updated by performing this process, following are the major ones:

 Schedule Management Plan

 Cost Management Plan

 Quality Management Plan

 Resource Management Plan

 Procurement Management Plan

 Scope Baseline

 Schedule Baseline

 Cost Baseline

Project Documents Updates – Although many different project documents are updated as a
result of performing this process, following are the major ones:

 Assumption Log
Visit www.pmexamcoach.com for exam resources Page 25
Project Risk Management

 Cost Forecasts

 Lessons Learned Register

 Project Schedule

 Project Team Assignments

 Risk Register

 Risk Report

Implement Risk Responses

The risk response strategy should include primary
and backup strategies as needed on the project.
A contingency plan can be developed for
implementation if the primary strategy turns out
not to be fully effective or if an accepted risk
occurs. Secondary risks (risks that arise as a
direct result of implementing a response) should
also be identified. A contingency reserve is
commonly allocated for time and cost.

PMP Exam Study Tip

A “contingency plan” is a primary plan to handle identified risks

that are about to happen or have already happened, and outlines
the actions to take concerning these risks.
A “fallback plan” is a secondary plan that is implemented when
the contingency plan fails or is not fully effective, and is used for
residual risks. It is a backup plan for the contingency plan.

Page 26 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

Implement Risk Responses: Inputs

Project Project
Management Documents OPAs
Plan

Project Management Plan – Common components of the project management plan used in
this process are the resource management plan, the risk management plan, and the cost
baseline.

Project Documents:

 Lessons Learned Register

 Project Schedule

 Resource Calendars

 Project Team Assignments

 Risk Register

 Risk Report

 Stakeholder Register

Organizational Process Assets (OPAs) – Examples include the lessons learned repository
and information from similar completed projects.

Implement Risk Responses: Tools & Techniques

Project
Expert Judgment Interpersonal & Management
Team Skills Information
System (PMIS)

Visit www.pmexamcoach.com for exam resources Page 27

Project Risk Management

Expert Judgment – Those individuals or groups that possess specific expertise in areas such as
validating risk responses, modifying risk responses, and implementing risk responses should be
consulted during this process.

Interpersonal & Team Skills – An important interpersonal and team skill used in this process is
influencing.

Project Management Information System (PMIS) – Schedule, resource, and cost software
contained within the PMIS can help ensure that agreed-upon risk response plans are
integrated into the project.

Implement Risk Responses: Outputs

Change Project
Requests Documents
Updates

Change Requests – Implementation of risk responses may result in a change request to the
cost and schedule baselines or other components of the project management plan.

Project Documents Updates – Although many different project documents are updated as a
result of performing this process, following are the major ones:

 Issue Log

 Lessons Learned Register

 Project Team Assignments

 Risk Register

 Risk Report

Page 28 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

Monitor Risks

According to the PMBOK® Guide, “Monitor Risks is the process of

monitoring the implementation of agreed-upon risk response plans,
tracking identified risks, identifying and analyzing new risks, and
evaluating risk process effectiveness throughout the project. This
process benefits the project by enabling project decisions to be
based on current information about overall project risk exposure
and individual project risks.

In order to ensure that the project team and key stakeholders are aware of the current level of
risk exposure, project work should be continuously monitored for new, changing, and outdated
individual project risks, and changes in the level of overall project risks.

Monitor Risks: Inputs

Project Project Work Work

Management Documents Performance Performance
Plan Data Reports

Project Management Plan – The following project management plan components are common
inputs to this process:

 Scope Management Plan

 Requirements Management Plan

 Change Management Plan

 Configuration Management Plan

 Change Management Plan

 Scope Baseline

 Performance Measurement Baseline

Visit www.pmexamcoach.com for exam resources Page 29

Project Risk Management

Project Documents:

 Issue Log

 Lessons Learned Register

 Risk Register

 Risk Report

Monitor Risks: Tools & Techniques

Data
Analysis Risk Audits Meetings
Techniques
Data Analysis Techniques:

 Technical Performance Analysis – This technique compares technical accomplishments

during project execution to the schedule of technical achievement.

 Reserve Analysis – This technique compares the amount of the contingency reserves
remaining at any time during the project to determine if the remaining reserve is
adequate.

Risk Audits – These are used to evaluate the effectiveness of the risk management process.

Meetings – A common meeting held during the Identify Risks process is a risk review. These
meetings are scheduled regularly to examine the effectiveness of risk responses to deal with
overall project risk and individual project risks.

Page 30 Visit www.pmexamcoach.com for exam resources

 Project Risk Management

Monitor Risks: Outputs

Work Change Project

Performance Requests Management
Information Plan Updates

Project
Documents OPAs
Updates

Work Performance Information – This includes information on how project risk management is
performing by comparing the individual risks that have occurred to the expectation of how
they would occur.

Change Requests – Analysis of project performance may result in a change to the schedule
and cost baselines, or other project management plan components.

Project Management Plan Updates – Any recommended change to the project management
plan must have a change request submitted. Any component of the project management plan
may be updated by performing this process.

Project Documents Updates – Although many different project documents are updated as a
result of performing this process, following are the most common ones:

 Assumption Log

 Issue Log

 Lessons Learned Register

 Risk Register

 Risk Report

Organizational Process Assets (OPAs) – Examples include the creation of templates for the
risk management plan, risk register, and risk report, and risk breakdown structure updates.

Visit www.pmexamcoach.com for exam resources Page 31