Project Management Certification Program

Project Risk Management

Section 1

Project Risk Management

What is Project Risk Management?

Project Risk Management includes the processes concerned with conducting risk management planning, identification, analysis, responses, and monitoring and control on a project
2

Risk Management Processes

Risk Management Planning Risk Identification Qualitative Risk Analysis Quantitative Risk Analysis Risk Response Planning Risk Monitoring and Control
3

Uncertainty Corporate management has the responsibility to make appropriate decisions that will lead the organization to a successful destiny.

Such decisions should be taken in an environment of total certainty wherein all the necessary information is available for the right decision. Under certainty, the outcome can be predicted with a high degree of confidence.
In reality, most decisions are taken without complete information, and therefore give rise to some degree of uncertainty in the outcome. Uncertainties do not necessary imply bad unknowns.
4

Known Risks

Known risks are those that have been identified and analyzed. It may be possible to plan for known risks..

Unknown Risks

Unknown risks cannot be managed Project managers may address them by applying a general contingency plan, based on past experience with similar projects.

Threats and Opportunities Organizations perceive risk as: Threats to project success Opportunities to enhance chances of project success Risks that are threats to the project may be accepted if the risk is in balance with the reward that may be gained by taking the risk.
7

Project Risk Management Overview Risk Management Planning Risk Identification Qualitative Risk Analysis Quantitative Risk Analysis Risk Response Planning Risk Monitoring and Control
8

11.1 RISK MANAGEMENT PLANNING

Inputs Tools & Techniques Outputs

Enterprise Environmental Factors Organizational Process Assets Planning Meetings and Analysis Risk Management Plan

Project Scope Statement

Project Management Plan
9

11.2 RISK IDENTIFICATION

Inputs
Enterprise Environmental Factors Organizational Process Assets Project Scope Statement Risk Management Plan Project Management Plan

Tools & Techniques

Documentation Reviews Information Gathering Techniques Checklist Analysis Assumptions Analysis Diagramming Techniques

Outputs

Risk Register

10

11.3 QUALITATIVE RISK ANALYSIS

Inputs

Tools & Techniques

Risk Probability and Impact Assessment Probability and Impact Matrix Risk Data Quality Assessment Risk Categorization Risk Urgency Assessment

Outputs

Organizational Process Assets Project Scope Statement Risk Management Plan Risk Register

Risk Register (Updates)

11

11.4 QUANTITATIVE RISK ANALYSIS

Inputs Tools & Techniques
Data Gathering and Representation Techniques Quantitative Risk Analysis and Modeling Techniques Risk Register (Updates)

Outputs

Organizational Process Assets Project Scope Statement Risk Management Plan Risk Register Project Management Plan

12

11.5 RISK RESPONSE PLANNING

Inputs

Tools & Techniques

Strategies for Negative Risks or Threats Strategies for Positive Risks or Opportunities Strategy for Both Threats and Opportunities Contingent Response Strategy

Outputs

Risk Management Plan Risk Register

Risk Register (Updates) Project Management Plan (Updates) Risk-Related Contractual Agreements

13

11.6 RISK MONITORING AND CONTROL

Inputs Tools & Techniques
Risk Reassessment Risk Audits Variance and Trend Analysis Technical Performance Measurement Reserve Analysis Status Meetings

Outputs
Risk Register (Updates) Requested Changes Recommended Corrective Actions Recommended Preventive Actions Organizational Process Assets (Updates) Project Management Plan (Updates)
14

Risk Management Plan Risk Register Approved Change Requests Work Performance Information Performance Reports

B. Mapping Risk Process to the Project Management Life Cycle

Initiate the Project

Plan the Project

Risk Management Planning Risk Identification Qualitative Risk Analysis Quantitative Risk Analysis Risk Response Planning

Control the Project

Execute the Project

Risk Monitoring and Control

Close the Project

15

Section 2 Risk Management Planning

Risk Management Planning is the process of deciding how to approach and conduct the risk management activities for a project.

16

11.1 RISK MANAGEMENT PLANNING

Inputs Tools & Techniques Outputs

Enterprise Environmental Factors Organizational Process Assets Planning Meetings and Analysis Risk Management Plan

Project Scope Statement

Project Management Plan
17

A.

Inputs to Risk Management Planning

Enterprise Environmental Factors Organizational Process Assets Project Scope Statement Project Management Plan

18

B. Tools and Techniques of Risk Management Planning

Planning Meetings and Analysis

19

B.1 Planning Meetings and Analysis

Project teams hold planning meetings to develop the risk management plan. Attendees at these meetings may include: Project manager Selected project team members Stakeholders Anyone in the organization with responsibility to manage the risk planning and execution activities Others, as needed.
20

B.1 Planning Meetings and Analysis (cont.) General organizational templates for risk categories and definitions of terms will be tailored to the specific project such as: Levels of risk Probability by type of risk Impact by type of objectives Probability and impact matrix The outputs of these activities will be summarized in the risk management plan.
21

C.

Output of Risk Management Planning

Risk Management Plan

22

C.1 Risk Management Plan The risk management plan describes how risk management will be structured and performed on the project. It becomes a subset of the project management plan.

23

Risk Management Plan Contents

Methodology Roles and responsibilities Budgeting Timing Risk categories Definitions of risk probability and impact Probability and impact matrix Revised stakeholders tolerances Reporting formats Tracking
24

Section 3 Risk Identification

Risk Identification determines which risks might affect the project and documents their characteristics.

25

Risk Identification Team

Participants in risk identification activities can include the following: Project manager Project team members Risk management team (if assigned) Subject matter experts from outside the project team Customers End users Other project managers Stakeholders Risk management experts
26

11.2 RISK IDENTIFICATION

Inputs Tools & Techniques Outputs

Enterprise Environmental Factors Organizational Process Assets Project Scope Statement Risk Management Plan Project Management Plan

Documentation Reviews Information Gathering Techniques Checklist Analysis Assumptions Analysis Diagramming Techniques

Risk Register

27

A.

Inputs to Risk Identification

Enterprise Environmental Factors Organizational Process Assets Project Scope Statement Risk Management Plan Project Management Plan

28

B.

Tools and Techniques of Risk Identification

Documentation Reviews Information Gathering Techniques Checklist Analysis Assumptions Analysis Diagramming Techniques

29

B.1 Documentation Reviews

A structured review may be performed of project documentation, including: Plans Assumptions Prior project files Other information The quality of the plans, as well as consistency between those plans and with the project requirements and assumptions, can be indicators of risk in the project.
30

B.2 Information Gathering Techniques

Brainstorming Delphi technique Interviewing Root cause identification Strengths, weaknesses

31

B.3 Checklist Analysis

Risk identification checklists can be developed based on historical information and knowledge that has been accumulated from previous similar projects and from other sources of information. The lowest level of the RBS can also be used as a risk checklist. While a checklist can be quick and simple, it is impossible to build an exhaustive one. Care should be taken to explore items that do not appear on the checklist. The checklist should be reviewed during project closure to improve it for use on future projects.
32

B.4 Assumptions Analysis

Every project is conceived and developed based on a set of hypotheses, scenarios, or assumptions. Assumptions analysis is a tool that explores the validity of assumptions as they apply to the project. It identifies risks to the project from inaccuracy, inconsistency, or incompleteness of assumptions.

33

B.5 Diagramming Techniques Cause-and-effect diagrams (Ishikawa or fishbone diagrams) System or process flow charts Influence diagrams

34

C.

Outputs of Risk Identification

Risk Register

35

C.1 Risk Register

The primary outputs from Risk Identification are the initial entries into the risk register, which becomes a component of the project management plan. The risk register ultimately contains the outcomes of the other risk management processes as they are conducted. The preparation of the risk register begins in the Risk Identification process with the following information, and then becomes available to other project management and Project Risk 36 Management processes.

C.1 Risk Register (cont.) At this stage , the risk register should contain the following information: List of identified risks List of potential responses Root causes of risk

37

Strengths, weaknesses, opportunities, and threats analysis

(SWOT)

When used in Risk Identification, SWOT analysis involves examining the project from each of the SWOT perspectives in order to increase the breadth of risks considered.

Depending upon the magnitude of impact to the organization, SWOT analysis for the project can parallel SWOT analysis as applied to strategic planning for the organization and will use many of the same elements.

38

External Assessment Opportunities and Threats

Identifying Opportunities and Threats

1.
a)
b) c) d) e)

The Competition
Who are your main competitors? Can you expect other competitors to enter the market in the next three years?
How are you different from your competition? What makes you unique? What does your competition do better than you? What is your competition doing now, or planning to do, that could affect your business? In what ways can you neutralize the competition? (think of product development, price, delivery, service, technological advances, geography, emerging markets, etc)

39

2. Markets

a) What market segments do you feel secure in? What do you need to do to retain them?

b) What are some market segments that are presently under-exploited?

c) What new markets are emerging? d) Visualize your customers. Who are they? What ARE they looking for? e) Is our organization ready to respond to market changes? In what ways?

40

Section 4 Qualitative Risk Analysis

Qualitative Risk Analysis includes methods for prioritizing the identified risks for further action, such as Quantitative Risk Analysis or Risk Response Planning

41

Qualitative Risk Analysis (cont.)

Usually a rapid and cost-effective means of establishing priorities for Risk Response Planning Should be revisited during the projects life cycle to stay current with changes in the project risks. Requires outputs of the Risk Management Planning and Risk Identification processes. This process can lead into Quantitative Risk Analysis or directly into Risk Response Planning
42

11.3 QUALITATIVE RISK ANALYSIS

Inputs Tools & Techniques Outputs

Organizational Process Assets Project Scope Statement Risk Management Plan Risk Register

Risk Probability and Impact Assessment Probability and Impact Matrix Risk Data Quality Assessment Risk Categorization Risk Urgency Assessment

Risk Register (Updates)

43

A.

Inputs to Qualitative Risk Analysis

Organizational Process Assets Project Scope Statement Risk Management Plan Risk Register

44

B. Tools and Techniques of Qualitative Risk Analysis

Risk Probability and Impact Assessment Probability and Impact Matrix Risk Data Quality Assessment Risk Categorization Risk Urgency Assessment

45

B.1 Risk Probability and Impact Assessment

Risk probability assessment investigates the likelihood that each specific risk will occur. Risk impact assessment investigates the potential effect on a project objective such as time, cost, scope, or quality, including both negative effects for threats and positive effects for opportunities.
46

Process Flow
Probability and impact are assessed for each identified risk. Risks can be assessed in interviews or meetings with participants selected for their familiarity with the risk categories on the agenda. Project team members and, perhaps, knowledgeable persons from outside the project, are included. Expert judgment is required, since there may be little information on risks from the organizations database of past projects. An experienced facilitator may lead the discussion, since the participants may have little experience with risk assessment.
47

B.2 Probability and Impact Matrix

Risks can be prioritized for further quantitative analysis and response, based on their risk rating. Ratings are assigned to risks based on their assessed probability and impact. Evaluation of each risks importance and, hence, priority for attention is typically conducted using a look-up table or a probability and impact matrix. Such a matrix specifies combinations of probability and impact that lead to rating the risks as low, moderate, or high priority. The organization should determine which combinations of probability and impact result in a classification of high risk red condition, moderate risk yellow condition, and low risk green condition. Impact can be ordinal (low, moderate, high, and very high 48 or cardinal (.1/ .3/ .5/ .7/ .9)

B.3 Risk Data Quality Assessment

A qualitative risk analysis requires accurate and unbiased data if it is to be credible. Analysis of the quality of risk data is a technique to evaluate the degree to which the data about risks is useful for risk management. It involves examining the degree to which the risk is understood and the accuracy, quality, reliability, and integrity of the data about the risk. The use of low-quality risk data may lead to a qualitative risk analysis of little use to the project. If data quality is unacceptable, it may be necessary to gather better data. Often, collection of information about risks is difficult, and consumes time and resources beyond that originally 49 planned.

B.4 Risk Categorization

Risks to the project can be categorized by: Sources of risk The area of the project affected Other useful category to determine areas of the project most exposed to the effects of uncertainty. Grouping risks by common root causes can lead to developing effective risk responses.
50

B.5 Risk Urgency Assessment Risks requiring near-term responses may be considered more urgent to address. Indicators of priority can include time to affect a risk response, symptoms and warning signs, and the risk rating.

51

C.

Outputs of Qualitative Risk Analysis

Risk Register (Updates)

52

C.1 Risk Register (Updates) The risk register is initiated during the Risk Identification process. The risk register is updated with information from Qualitative Risk Analysis and the updated risk register is included in the project management plan.

53

C.1 Risk Register (Updates) (cont.)

The risk register updates from Qualitative Risk Analysis include: Relative ranking or priority list of project risks Risks grouped by categories List of risks requiring response in the near-term Watchlists of low priority risks Trends in qualitative risk analysis results

54

Section 5 Quantitative Risk Analysis Quantitative Risk Analysis is performed on risks that have been prioritized by the Qualitative Risk Analysis process as potentially and substantially impacting the projects competing demands. The Quantitative Risk Analysis process analyzes the effect of those risk events and assigns a numerical rating to those risks. It also presents a quantitative approach to making decisions in the presence of uncertainty.
55

Monte Carlo & Decision Tree

This process uses techniques such as Monte Carlo simulation and decision tree analysis to: Quantify the possible outcomes for the project and their probabilities Assess the probability of achieving specific project objectives Identify risks requiring the most attention by quantifying their relative contribution to overall project risk Identify realistic and achievable cost, schedule, or scope targets, given the project risks Determine the best project management decision when 56 some conditions or outcomes are uncertain.

11.4 QUANTITATIVE RISK ANALYSIS

Inputs Tools & Techniques Outputs

Organizational Process Assets Project Scope Statement Risk Management Plan Risk Register Project Management Plan

Data Gathering and Representation Techniques Quantitative Risk Analysis and Modeling Techniques Risk Register (Updates)

57

A.

Inputs to Quantitative Risk Analysis

Organizational Process Assets Project Scope Statement Risk Management Plan Risk Register Project Management Plan

58

B. Tools and Techniques of Quantitative Risk Analysis

Data Gathering and Representation Techniques Quantitative Risk Analysis and Modeling Techniques

59

B.1 Data Gathering and Representation Techniques

Interviewing Probability distributions Expert judgment

60

Interviewing Interviewing techniques are used to quantify the probability and impact of risks on project objectives. The information needed depends upon the type of probability distributions that will be used.

61

Probability distributions
Continuous probability distributions represent the uncertainty in values, such as durations of schedule activities and costs of project components. Discrete distributions can be used to represent uncertain events, such as the outcome of a test or a possible scenario in a decision tree. Continuous Distribution Examples: Asymmetrical distributions Uniform distributions
62

Expert judgment Subject matter experts internal or external to the organization, such as engineering or statistical experts, validate data and techniques.

63

B.2 Quantitative Risk Analysis and Modeling Techniques

Sensitivity analysis Expected monetary value analysis Decision tree analysis Modeling and simulation

64

Sensitivity analysis Sensitivity analysis helps to determine which risks have the most potential impact on the project. It examines the extent to which the uncertainty of each project element affects the objective being examined when all other uncertain elements are held at their baseline values.
65

Expected monetary value analysis

Expected monetary value (EMV) analysis is a statistical concept that calculates the average outcome when the future includes scenarios that may or may not happen The EMV of opportunities will generally be expressed as positive values, while those of risks will be negative. EMV is calculated by multiplying the value of each possible outcome by its probability of occurrence, and adding them together.

66

Decision tree analysis

Decision tree analysis is usually structured using a decision tree diagram that describes a situation under consideration, and the implications of each of the available choices and possible scenarios. It incorporates the cost of each available choice, the probabilities of each possible scenario, and the rewards of each alternative logical path. Solving the decision tree provides the EMV for each alternative, when all the rewards and subsequent decisions are quantified.
67

Modeling and simulation A project simulation uses a model that translates the uncertainties specified at a detailed level of the project into their potential impact on project objectives. Simulations are typically performed using the Monte Carlo technique.
68

C.

Outputs of Quantitative Risk Analysis

Risk Register (Updates)

69

Risk Register (Updates) The risk register is initiated in the Risk Identification process and updated in Qualitative Risk Analysis. It is further updated in Quantitative Risk Analysis. The risk register is a component of the project management plan.
70

Risk Register (Updates) (cont.) Updates include the following main components: Probabilistic analysis of the project Probability of achieving cost and time objectives Prioritized list of quantified risks Trends in quantitative risk analysis results
71

Section 6 Risk Response Planning

Risk Response Planning is the process of developing options, and determining actions to enhance opportunities and reduce threats to the projects objectives.

72

11.5 RISK RESPONSE PLANNING

Inputs Tools & Techniques
Strategies for Negative Risks or Threats Strategies for Positive Risks or Opportunities Strategy for Both Threats and Opportunities Contingent Response Strategy

Outputs

Risk Management Plan Risk Register

Risk Register (Updates) Project Management Plan (Updates) Risk-Related Contractual Agreements

73

A.

Inputs to Quantitative Risk Analysis

Risk Management Plan Risk Register

74

B. Tools and Techniques of Risk Response Planning

Strategies for Negative Risks or Threats Strategies for Positive Risks or Opportunities Strategy for Both Threats and Opportunities Contingent Response Strategy

75

B.1 Strategies for Negative Risks or Threats

Avoid Transfer Mitigate

76

Risk Avoidance
Risk avoidance involves changing the project management plan to: Eliminate the threat posed by an adverse risk Isolate the project objectives from the risks impact Relax the objective that is in jeopardy, such as extending the schedule or reducing scope.

77

Risk Transference
Risk transference requires shifting the negative impact of a threat, along with ownership of the response, to a third party. Transferring the risk simply gives another party responsibility for its management; it does not eliminate it. Transferring liability for risk is most effective in dealing with financial risk exposure. Risk transference nearly always involves payment of a risk premium to the party taking on the risk.
78

Risk Mitigation Risk mitigation implies a reduction in the probability and/or impact of an adverse risk event to an acceptable threshold. Taking early action to reduce the probability and/or impact of a risk occurring on the project is often more effective than trying to repair the damage after the risk has occurred.
79

B.2 Strategies for Positive Risks or Opportunities

Exploit Share Enhance

80

Risk Exploiting
This strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. This strategy seeks to eliminate the uncertainty associated with a particular upside risk by making the opportunity definitely happen. Directly exploiting responses include assigning more talented resources to the project to reduce the time to completion, or to provide better quality than originally planned.
81

Risk Sharing Sharing a positive risk involves allocating ownership to a third party who is best able to capture the opportunity for the benefit of the project.

82

Risk Enhancing This strategy modifies the size of an opportunity by increasing probability and/or positive impacts, and by identifying and maximizing key drivers of these positiveimpact risks.

83

B.3 Strategy for Both Threats and Opportunities Acceptance. A strategy that is adopted because it is seldom possible to eliminate all risk from a project. This strategy indicates that the project team has decided not to change the project management plan to deal with a risk, or is unable to identify any other suitable response strategy.

84

B.4 Contingent Response Strategy

Some responses are designed for use only if certain events occur. For some risks, it is appropriate for the project team to make a response plan that will only be executed under certain predefined conditions Events that trigger the contingency response (triggers), such as missing intermediate milestones or gaining higher priority with a supplier, should be defined and tracked.
85

C.

Outputs of Risk Response Planning

Risk Register (Updates) Project Management Plan (Updates) Risk-Related Contractual Agreements

86

C.1 Risk Register (Updates)

Identified risks, their descriptions, area(s) of the project (e.g., WBS element) affected, their causes (e.g., RBS element), and how they may affect project objectives Risk owners and assigned responsibilities Outputs from the Qualitative and Quantitative Risk Analysis processes, including prioritized lists of project risks and probabilistic analysis of the project Agreed-upon response strategies Specific actions to implement the chosen response strategy Symptoms and warning signs of risks occurrence
87

C.1 Risk Register (Updates)

Budget and schedule activities required to implement the chosen responses Contingency reserves of time and cost designed to provide for stakeholders risk tolerances Contingency plans and triggers that call for their execution Fallback plans for use as a reaction to a risk that has occurred, and the primary response proves to be inadequate Residual risks that are expected to remain after planned responses have been taken, as well as those that have been deliberately accepted Secondary risks that arise as a direct outcome of implementing a risk response Contingency reserves that are calculated based on the quantitative analysis of the project and the organizations 88 risk thresholds.

C.2 Project Management Plan (Updates)

The project management plan is updated as response activities are added. Integrated change control is applied in the Direct and Manage Project Execution process to ensure that agreed-upon actions are implemented. Risk response strategies, once agreed to, must be fed back into the appropriate processes in other Knowledge Areas, including the projects budget and schedule. 89

C.3 Risk-Related Contractual Agreements

Contractual agreements, such as agreements for insurance, services, and other items as appropriate, can be prepared to specify each partys responsibility for specific risks, should they occur.

90

Section 7: Risk Monitoring and Control Risk Monitoring and Control is the process of: Identifying, analyzing, and planning for newly arising risks Keeping track of the identified risks and those on the watchlist Reanalyzing existing risks, monitoring trigger conditions for contingency plans Monitoring residual risks Reviewing the execution of risk responses while evaluating their effectiveness.
91

Other purposes of Risk Monitoring and Control Determining if: Project assumptions are still valid Risk, as assessed, has changed from its prior state, with analysis of trends Proper risk management policies and procedures are being followed Contingency reserves of cost or schedule should be modified in line with the risks of the project.
92

11.6 RISK MONITORING AND CONTROL

Inputs Tools & Techniques

Outputs
Risk Register (Updates) Requested Changes Recommended Corrective Actions Recommended Preventive Actions Organizational Process Assets (Updates) Project Management Plan (Updates)

Risk Management Plan Risk Register Approved Change Requests Work Performance Information Performance Reports Risk Reassessment Risk Audits Variance and Trend Analysis Technical Performance Measurement Reserve Analysis Status Meetings

93

A.

Inputs to Risk Monitoring and Control

Risk Management Plan Risk Register Approved Change Requests Work Performance Information Performance Reports

94

A.1 Project Management Plan (Updates)

This plan has key inputs that include the assignment of people, including the risk owners, time, and other resources to project risk management.

95

A.2Risk Register
The risk register has key inputs that include: Identified risks and risk owners Agreed-upon risk responses Specific implementation actions Symptoms and warning signs of risk Residual Secondary risks Watchlist of low priority risks Time and cost contingency reserves.
96

A.3 Approved Change Requests

Approved change requests can include modifications such as work methods, contract terms, scope, and schedule. Approved changes can generate risks or changes in identified risks. Those changes need to be analyzed for any effects upon the risk register, risk response plan, or risk management plan. All changes should be formally documented. Any verbally discussed, but undocumented, changes should not be processed or implemented.97

A.4 Work Performance Information Work performance information, including project deliverables status, corrective actions, and performance reports, are important inputs to Risk Monitoring and Control.

98

A.5 Performance Reports Performance reports provide information on project work performance, such as an analysis that may influence the risk management processes.

99

B. Tools and Techniques of Risk Monitoring and Control

Risk Reassessment Risk Audits Variance and Trend Analysis Technical Performance Measurement Reserve Analysis Status Meetings
100

B.1 Risk Reassessment Risk Monitoring and Control often requires identification of new risks and reassessment of risks. Project risk reassessments should be regularly scheduled. Project Risk Management should be an agenda item at project team status meetings.
101

B.2 Risk Audits Risk audits examine and document the effectiveness of risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.

102

B.3 Variance and Trend Analysis Trends in the projects execution should be reviewed using performance data. Earned value analysis and other methods of project variance and trend analysis may be used for monitoring overall project performance.

103

B.4 Technical Performance Measurement

Technical performance measurement compares technical accomplishments during project execution to the project management plans schedule of technical achievement. Deviation, such as demonstrating more or less functionality than planned at a milestone, can help to forecast the degree of success in achieving the projects scope.
104

B.5 Reserve Analysis

Throughout execution of the project, some risks may occur, with positive or negative impacts on budget or schedule contingency reserves. Reserve analysis compares the amount of the contingency reserves remaining to the amount of risk remaining at any time in the project, in order to determine if the remaining reserve is adequate.

105

B.6 Status Meetings

Project risk management can be an agenda item at periodic status meetings. That item may take no time or a long time, depending on the risks that have been identified, their priority, and difficulty of response. Risk management becomes easier the more often it is practiced, and frequent discussions about risk make talking about risks, particularly threats, easier and more accurate.
106

C.

Outputs of Risk Monitoring and Control

Risk Register (Updates) Requested Changes Recommended Corrective Actions Recommended Preventive Actions Organizational Process Assets (Updates) Project Management Plan (Updates)
107

C.1 Risk Register (Updates)

Outcomes of risk reassessments, risk audits, and periodic risk reviews. These outcomes may include updates to: Probability Impact Priority Response plans Ownership Other elements of the risk register. Outcomes can also include closing risks that are no longer applicable.
108

C.2 Requested Changes

Implementing contingency plans or workarounds frequently results in a requirement to change the project management plan to respond to risks. Requested changes are prepared and submitted to the Integrated Change Control process as an output of the Risk Monitoring and Control process. Approved change requests are issued and become inputs to the Direct and Manage Project Execution process and to the Risk Monitoring and Control process.
109

C.3 Recommended Corrective Actions This includes contingency plans and workaround plans. The latter are responses that were not initially planned, but are required to deal with emerging risks that were previously unidentified or accepted passively. Workarounds should be properly documented. Recommended corrective actions are inputs to the Integrated Change Control process
110

C.4 Recommended Preventive Actions

Recommended preventive actions are used to bring the project into compliance with the project management plan.

111

C.5 Organizational Process Assets (Updates)

The six Project Risk Management processes produce information that can be used for future projects, and should be captured in the organizational process assets. The templates for the risk management plan, including the probability and impact matrix, and risk register, can be updated at project closure. Risks can be documented and the RBS updated. Lessons learned from the project risk management activities can contribute to the lessons learned knowledge database of the organization. Data on the actual costs and durations of project activities can be added to the organizations databases. The final versions of the risk register and the risk management plan templates, checklists, and RBSs are 112 included.

C.6 Project Management Plan (Updates)

If the approved change requests have an effect on the risk management processes, then the corresponding component documents of the project management plan are revised and reissued to reflect the approved changes.

113

End

114