Amount at Stake

The extent of adverse consequences which could occur to the project. (Also referred to as
risk impact).
Business Risk
The inherent chances for both profit or loss associated with a particular endeavor.
Contingency Planning
The development of a management plan that identifies alternative strategies to be used to
ensure project success if specified risk events occur.
Contingency Reserve
A separately planned quantity used to allow for future situations which may be planned
for only in part ("known unknowns"). Contingency reserves are intended to reduce the
impact of missing cost or schedule objectives. Contingency reserves are normally
included in the project's cost and schedule baselines.
Deflection
The act of transferring all or part of a risk to another party, usually by some form of
contract.
Expected Monetary Value
The product of an event's probability of occurrence and the gain or loss that will result.
For example, if there is a 50% probability it will rain, and rain will result in a $100 loss,
the expected monetary value of the rain event is $50 (.5 * $100).
Impact Analysis
The mathematical examination of the nature of individual risks on the project, as well as
potential arrangements of interdependent risks. It includes the quantification of their
respective impact severity, probability, and sensitivity to changes in related project
variables, including the project life cycle.
Insurable Risk
A particular type of risk which can be covered by an insurance policy. Also referred to as
a pure risk.
Management Reserve
A separately planned quantity used to allow for future situations which are impossible to
predict. ("unknown unknowns") Management reserves are intended to reduce the risk of
missing cost or schedule objectives. Use of management reserves requires a change to the
project's cost baseline.
Mitigation
Taking steps to lessen risk by lowering the probability of a risk event's occurrence or
reducing its effect should it occur.
Monte Carlo Analysis
A schedule risk assessment technique that performs a project simulation many times in
order to calculate a distribution of likely results.
Opportunities
As related to risk, positive outcomes of risk.
Project Risk Management
Includes the processes concerned with identifying, analyzing, and responding to project
risk.
Risk Event
A discrete occurrence that may affect the project for better or worse.

Risk Identification
Determining which risk events are likely to affect the project.
Risk Management Plan
A subsidiary element of the overall project plan which documents the procedures that will
be used to manage risk throughout the project. Also covers who is responsible for
managing various risk areas; how contingency plans will be implemented, and how
reserves will be allocated.
Risk Quantification
Evaluating the probability of risk event occurrence and effect.
Risk Response Control
Responding to changes in risk over the course of the project.
Risk Response Development
Defining enhancement steps for opportunities and mitigation steps for threats.
Threats
As related to risk, negative outcomes of risk.
Total Certainty
All information is known.
Total Uncertainty
No information is available and nothing is known. By definition, total uncertainty cannot
be envisaged.
Uncertainty
The possibility that events may occur which will impact the project either favorably or
unfavorably. Uncertainty gives rise to both opportunity and risk.
Workaround
A response to a negative risk event. Distinguished from contingency plan in that a
workaround is not planned in advance of the occurrence of the risk event.

Risk Management Planning

Used to decide how to approach and plan the risk management activities for a project.

Input includes: The project charter, risk management policies, and WBS all serve as
input to this process

Methods used: Many planning meeting will be held in order to generate the risk
management plan

Output includes: The major output is the risk management plan, which does not include
the response to specific risks. However, it does include methodology to be used,
budgeting, timing, and other information

Risk Identification

Determining which risks might affect the project and documenting their characteristics

Input includes: The risk management plan is used as input to this process

Methods used: Documentation reviews should be performed in this process.

Diagramming techniques can also be used

Output includes: Risk and risk symptoms are identified as part of this process. There are
generally two types of risks. They are business risks that are risks of gain or loss. Then t
here are pure risks that represent only a risk of loss. Pure risks are also known as
insurable risks

Qualitative Risk Analysis

A qualitative analysis of risks and conditions is done to prioritize their affects on project
objectives.

Input includes: There are many items used as input into this process. They include things
such as the risk management plan. The risks should already be identified as well. Use of
low precision data may lead to an analysis that is not useable. Risks are rated against how
they impact the projects objectives for cost, schedule, scope, and quality

Methods used: Several tools and techniques can be used for this process. Probability and
Impact will have to be evaluated

Output includes: An overall project risk ranking is produced as a result of this process.
The risks are also prioritized. Trends should be observed. Risks calculated as high or
moderate are prime candidates for further analysis

Quantitative Risk Analysis

Used to measure the probability and consequences of risks and estimate their implications
for project objectives.

Input includes: The risk management plan is used as input to this process. The list of
prioritized risks is also used

Methods used: Interviewing is a key technique used in this process. Other forms of
analysis are used too. Objectives of this process include the determination of the
probability of reaching the projects objectives

Output includes: A prioritized list of quantified risks is produced as a result of this

process. A probability analysis of the project is produced as well

Risk Response Planning

Used to develop procedures and techniques to enhance opportunities and reduce threats
from risk to the project's objectives.

Input includes: Opportunities to pursue or ignore risks are the input for this process

Methods used: There are four different techniques used for responding to risk. We will
cover each technique in this course

Output includes: The output includes a risk response plan and contingency plans. A
contingency plan is applied to identified risks that arise during the project. A fall-back
plan is developed if the risk has high impact, or if the strategy might not be fully
effective. Contingency allowance accounts for known risks. Risks that arise as a result of
implementing the contingency plan are called secondary risks. Contractual agreements
may also be created as a result of this process

Risk Monitoring and Control

Used to monitor risks, identify new risks, execute risk reduction plans, and evaluate their
effectiveness throughout the project life cycle.

Input includes: Input to this process includes the risk management plan, risk
identification and analysis, and scope changes

Methods used: Audits should be used in this process to ensure that risks are still risks as
well as discover other conditions that may arise. Reviews should also be used

Output includes: Output includes work-around plans, corrective action, project change
requests, as well as other items

Risk Management Concepts

Expected Monetary Value

A Risk Quantification Tool

EMV is the product of the risk event probability and the risk event value

Risk Event Probability: An estimate of the probability that a given risk event will occur

Risk Event Value:

An estimate of the gain or loss that will be incurred if the risk event does occur

Risk event values must reflect both tangibles and intangibles in order to compare
risks. (Otherwise, the risks are not equivalent)

EMV is generally used in further analysis such as decision trees

Decision Trees

A diagram that depicts key interactions among decisions and associated chance events as
understood by the decision maker.

Can be used in conjunction with EMV since risk events can occur individually or in
groups and in parallel or in sequence.

Scope of Project Risk Management: (reference I-2)

in Risk Management Book from PMI

Scope of project risk management lies somewhere between the two extremes of total
certainty and total uncertainty

Spectrum: Total Uncertainty, General Uncertainty, Specific Uncertainty, and Total

Certainty

Spectrum: Unknown Unknowns (no information), Known Unknowns (partial

information), and Knowns (complete information)

Management Reserves handle unknown unknowns while contingency reserves handle

known unknowns

Categories of Risk Response

Avoidance
Eliminate a specific threat, usually by eliminating the cause.

Examples: Don't do the project; or do the project in a different way such that the
risk is no longer a risk

Mitigation

Reduce the expected monetary value of a risk event by reducing the probability of
occurrence or reducing the risk event value (impact of the risk)
o
Example: Using proven technology to lessen the probability that the product will
not work
o
Mitigation includes transferring the risk by buying insurance.
o

Acceptance

Accepting the consequences of the risk.

Acceptance can be active: Developing a contingency plan should the risk occur

Acceptance can be passive: Accepting a lower profit is some activities overrun