PMP® Risk Management

Project risk management is a crucial aspect of project management that involves identifying, analyzing, and responding to potential risks that could impact the success of a project. The Project Management Professional (PMP®) certification recognizes the importance of risk management and includes it as one of the ten knowledge areas in the PMBOK® Guide.

The risk management process consists of six main steps:

Risk management planning: This involves defining the approach to risk management, including the roles and responsibilities of the project team, the risk management methodology to be used, and the tools and techniques that will be employed.

Risk identification: This step involves identifying all potential risks that could affect the project. Risks can be identified through brainstorming sessions, historical data analysis, expert judgment, and other methods.

Risk analysis: This step involves analyzing the identified risks to determine their probability and potential impact on the project. The risks can be analyzed using qualitative, quantitative, or a combination of both methods.

Risk response planning: Once the risks have been identified and analyzed, the project team develops a plan to respond to each risk. The response plan can include strategies to avoid, mitigate, transfer, or accept the risk.

Risk monitoring and control: This step involves tracking the identified risks, monitoring their status, and implementing the risk response plan. The project team also evaluates the effectiveness of the risk response plan and makes adjustments as necessary.

Risk closure: This step involves finalizing all risk-related activities, documenting lessons learned, and archiving all risk management documents.

Effective risk management is essential for project success, and the PMP® certification requires candidates to demonstrate their understanding of risk management principles and techniques. PMP® exam questions related to risk management may cover topics such as risk identification, risk analysis, risk response planning, risk monitoring and control, and risk communication.

What are the seven elements of Risk Management Process?

Project Managers across industries follow these steps of the Risk Management Process to turn disadvantages into advantages.

1. Planning risk management

2. Identifying potential risk

3. Analysing risk

4. Prioritizing Risk

5. Assigning owner to the risk

6. Responding to the risk

7. Monitoring and controlling risk

Planning risk management

This process deals with developing a document that describes the details of how risk management will be done. This document will define the responsibilities of the project team to deal with positive and negative risks. It will also include a budget and resources for managing risks, risk tolerance level, identifying and categorising risks, and implementing risk responses. In addition, this plan will also include the formula to determine the ranking of the risks as high, medium or low. The more complex the project, the broader the risk management plan.

Identifying potential risk

Risk identification is crucial, especially when managing large or complicated projects, since it forms the basis for tools like the risk matrix and risk assessment methods. You can gather risks during this phase using the techniques outlined in the risk management plan. Several methods for identifying risks include:

1. Reviewing documents – careful review of the documents from previous project records like learned lessons, risk register, issue log and project files. This will help you detect any potential risk in the current project.

2. Information gathering – As mentioned earlier take the inputs from the project team and various stakeholders involved in the project. You ask specialists to identify potential risks. This method combines the Delphi method, anonymous questionnaire and brainstorming. Compile all the inputs and review them thoroughly.

3. Interview – You can take the help of pre-developed questions to get inputs from busy stakeholders by conducting a single interview with them.

Additionally, conduct a careful review of project objectives. Each identified risk is classified on the risk register by several elements (such as internal or external triggers) or by categories (such as environmental, regulatory, technological, or resources).

Analyzing risk

After identifying the potential risks, you need to analyse these risks using quantitative and qualitative methods. Qualitative and quantitative risk analysis can ascertain how the risk will affect the project schedule and budget.

Quantitative risk analysis – Quantitative analysis of risks is mainly performed on large and complex projects to assign numerical values to the level of risk on the project objective. Quantitative risk analysis gives numerical values to each identified risk using "hard" data, such as costs, operations, and the number of resources involved. The Expected Monetary Value (EMV) Method is used to determine the contingency reserve, to manage each identified risk.

Qualitative risk analysis - Using a relative scale, you can perform qualitative risk analysis by calculating each risk's likelihood and potential impact. This helps determine the priority of resolving the risks. Qualitative analysis is performed for each risk and not the overall project risk. The accuracy of this analysis depends on the knowledge of the individual doing the qualitative risk analysis.

For accuracy, Project Managers should conduct both qualitative and quantitative risk analysis. In addition, the management sets a reserve for managing unidentified risks, usually between 5 to 10 per cent. The Project Manager needs to get the approval of the management to use this reserve.

Prioritizing Risk

It is essential to assess the priorities of the risks identified to determine what resources you will require to resolve the risk, as the complexity of all risks is not the same. You can make a long list of risks to a project by classifying them as high, medium and low. Based on this, you decide when and how to address each risk during the project life cycle.

High-level risks need immediate action, as they may make or break your project. Medium-level risks might be essential but will next fail the project. You can set these risks as the next priority after high-level risks. At last, some risks might be crucial but do not need more time to resolve. These are low-level or low-priority risks.

Assigning owner to the risk

The Project Manager must assign risks to individual team members to oversee particular risks when listing the risks. This individual has to be more skilled and experienced in risk management than others in the project team.

Responding to the risk

Along with the risk owner, you need to put together the mitigation strategy for minimizing the impacts of the risk. You will respond to the risks based on the priorities you have set for the risks identified. This mitigation plan should describe your actions when these risks occur in the project life cycle.

First, you must determine if the risks are positive or negative, as they will require separate strategies. Positive risk can help the project, whereas adverse risk might hinder it.

Negative risk response – the strategies to manage negative risks include:

1. Mitigate – try to decrease the chances of this risk occurring or if it does try to reduce its impact.

2. Avoid - Eliminate the risk or its consequences, by modifying the project’s strategic plan.

3. Transfer – You can transfer this risk to a third party like to an insurance company.

4. Escalate – handover the responsibility of managing this risk to the higher management, as it is beyond the Project Manager’s capabilities.

5. Accept – You document the risk

Positive risk response - the strategies to manage positive risks include:

1. Enhance – try to increase the chances of this risk occurring or its impact.

2. Exploit – working to ensure this opportunity is realised

3. Share – if one person cannot realise this opportunity share it with someone else

4. Escalate - handover the responsibility of managing this risk to the higher management, as it is beyond the Project Manager’s capabilities.

5. Accept - You document the risk

Monitoring and controlling risk

You have to track the initiative taken against improving or mitigating risks. The project manager must monitor risk to ensure the proper steps are carried out as quickly as possible for the most significant impact. Whoever is the risk owner will be in charge of monitoring risk and how it is being resolved. A strategy for monitoring and reporting risk events is part of the risk management plan. This aids the project manager in recording lessons learned for potential future risk incidents and evaluating the effectiveness of the risk management plan.