Flashcards: PMP Exam Prep - Risk
All 77 terms
Terms | Definitions |
|---|---|
 Contingency Plan | A response to a risk event that will be implemented only if the risk occurs. |
| Contingency Reserve | A dollar or time value that is added to the project schedule or budget that reflects and accounts for risk that is anticipated for the project. |
| Decision Theory | A technique for assisting in reaching decisions under uncertainty and risk. It points to the best possible course whether or not the forecasts are accurate. |
| Fallback Plan | A response plan that will be implemented if the primary response plan is ineffective. |
| Heuristics | Rules of thumb for accomplishing tasks. Easy and intuitive ways to deal with uncertain situations; however, they tend to result in probability assessments that are biased. |
| Issue (Risk definition) | A risk event that has occurred. |
| Opportunities (Risk definition) | Risk events or conditions that are favorable to the project. |
| Residual Risk | In implementing a risk response plan, the risk that cannot be eliminated. |
| Risk | An uncertain event or condition that could have a positive or negative impact on the project objectives. |
| 1. Probability of the risk event or condition occurring 2. Impact of the occurrence, if it does occur 3. Expected time the risk event may occur 4. Anticipated frequency of the risk event occurring | What are the primary elements of risk that must be determined? |
| Secondary Risk | In implementing a risk response, a new risk that is introduced as a result of the response. |
| Stakeholder Risk Tolerance | The stakeholders' attitude toward risk. An enterprise environmental factor that must be considered in the risk management plan. |
| Threat | Risk events or conditions that are unfavorable to the project. |
| Workarounds | Unplanned responses to risks that were previously unidentified or accepted. |
| Plan Risk Management | (Process) The process of defining how to conduct risk management activities for a project. |
| 1. Risk approach and methodology 2. Roles and responsibilities of the risk management team 3. Risk management budget 4. Timing of the risk management process 5. Risk categories 6. Definitions of probability and impact 7. Probability and impact matrix 8. Revised stakeholder risk tolerances 9. Risk planning report formulas 10. Methods of tracking risks | What are the ten items the risk management plan contains? |
| 1, Project Scope Statement 2. Schedule Management Plan 3. Cost Management Plan 4. Communications Management Plan 5. Enterprise Environmental Factors (organizational culture and attitudes towards risk) 6. Organizational Process Assets | What are the key inputs into the Plan Risk Management Process? |
| Utility Theory | An appropriate method for describing risk tolerance based on the various stakeholders' tolerances for risk. This method is depicted using three structures where the x-axis denotes the money at stake and the y-axis denotes utility, or the amount of satisfaction the person obtains from the payoff. |
| Risk Averse | When there is more money at stake, the risk averter's satisfaction diminishes; he or she prefers a more certain outcome and demands a premium to accept projects of high risk. |
| Risk Neutral | Tolerance for risk remains the same as the money at stake increases. |
| Risk Seeker | The higher the stakes, the better. He or she is even willing to pay a penalty to take on projects of high risk. |
| Risk Breakdown Structure (RBS) | Provides a structure that can ensure a systematic evaluation and identification of all project risk. |
| 1. External Risks, such as from vendors, regulations, customers, and market conditions. 2. Project Management Risks, such as poor estimates of time and resources or the lack of skills and knowledge in project management concepts and discipline by the project manager and/or team members. 3. Organizational Risks, such as resource conflict, a delay in the availability of resources or a lack of funds. 4. Technical Risks, such as complex or new software technology, quality or performance issues or unrealistic project goals. | What are four of the risk categories that may be defined in the Risk Breakdown Structure? |
| Identify Risks Process | (Process) The process of determining which risks may affect the project and documenting their characteristics. It is important to think of each risk event as having a three-part anatomy: -The uncertain event or condition that poses the risk -The impact of that event or situation -The source of the risk |
| 1. Documentation Reviews 2. Information Gathering Techniques 3. Checklist Analysis 4. Assumptions Analysis 5. Diagramming Techniques 6. SWOT Analysis 7. Expert Judgement | What are the tools and techniques of the Identifying Risk Process? |
| Brainstorming | (Technique) A general data gathering and creativity technique that can be used to identify risks, ideas, or solutions to issues by using a group of team members or subject-matter experts. |
| Delphi Technique | (Technique) Form of expert judgment in which opinions are obtained from a panel of experts who work independently and anonymously. It is often used in risk management but can also be used to gain consensus on project selection, scope of work, estimates and technical issues. |
| Strengths, Weaknesses, Opportunities, and Threats (SWOT) Analysis | This information gathering technique examines the project from the perspective of each project's strengths, weaknesses, opportunities, and threats to increase the breadth of the risks considered by risk management. |
| Risk Register | (Output/Input) The document containing the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning. It details all identified risks, including descriptions, category, cause, probability of occurring, impact(s) on objectives, proposed responses, owners and current status. |
| Perform Qualitative Risk Analysis | (Process) The process of prioritizing risks for further analysis or action by assessing and combining their probability (risk probability) of occurrence and impact (risk impact) if and when it occurs. This process has an advantage of being a rapid and cost effective way to assess risk. This process involves the activities of: -Assessing the probability and impact of identified risks -Determining timing and urgency -Prioritizing risks -Ranking risk events in order of importance -Evaluating the quality of data related to risk -Determining which risks require additional analysis |
| Probability and Impact Matrix | (Tool) A common way to determine whether a risk is considered low, moderate, or high by combining the two dimensions of a risk; its probability of occurrence and its impact on objectives if it occurs. By calculating the risk score, which is the product of the probability times the impact, the project team will determine if the risk is low, moderate, or high priority. |
| Perform Quantitative Risk Analysis | (Process) The process of numerically analyzing the effect of identified risks on overall project objectives. This analysis may include: -Numerically analyzing the effects, often stating the effects in monetary terms -Evaluating the range of impacts of risks on project objectives of cost, schedule, scope and quality -Determining the extent of overall project risk -Using probabilistic models to determine trends, ranges of acceptable risk and probability of success for a given value |
| 1. Data Gathering and Representation Techniques (Interviewing, Probability Distribution, Expert Judgement) 2. Quantitative Risk Analysis and Modeling Techniques (Sensitivity Analysis, Expected Monetary Value Analysis, Modeling and Distribution, Decision Tree, Monte Carlo Simulation) | What are the tools and techniques used during quantitative analysis? |
| Interviewing | An important technique in quantifying risks and defining ranges of values. These values typically take the form of three-point estimates for cost or duration, which are used in revising budget or time estimates. |
| Probability Distributions | Used to represent the uncertainty that risks represent. Discrete distributions may be used in developing Decision Tree values. Continuous distributions, such as the beta or triangular distributions are used in modeling and simulations. |
| Sensitivity Analysis | A quantitative risk analysis and modeling technique used to help determine which risks have the most potential impact on the project. It examines the extent to which the uncertainty of each project element affects the objective being examined when all other uncertain elements are held at their baseline values. The typical display of results is in the form of a tornado diagram. |
| Expected Monetary Value Analysis (EMV) | A statistical technique that calculates the average outcome when the future includes scenarios that may or may not happen. A common use of this technique is within decision tree analysis. |
| Decision Tree Analysis | (Technique) Analysis used when some future scenarios or outcomes of actions are uncertain. It incorporates probabilities and the costs or rewards of each logical path of events and future decisions, and uses expected monetary value analysis to help the organization identify the relative values of alternate actions. |
| Monte Carlo Simulation | A process which generates hundreds or thousands of probable performance outcomes based on probability distributions for cost and schedule on individual tasks. The outcomes are then used to generate a probability distribution for the project as a whole. It helps the project team determine the amount of contingency that would be appropriate for the project. |
| Plan Risk Response | (Process) The process of developing options and actions to enhance opportunities and to reduce threats to project objectives. How risks should be handled are also determined. This process includes the activities of: -Developing options -Determining actions -Enhancing opportunities -Reducing threats -Assigning responsibility for risks -Adding resources or activites in the project management plan -Determining appropriate responses based on the priority of risks |
| 1. Updates to the risk register 2. Updates to the project management plan 3. Project document updates 4. Risk-Related contractual agreements | What are the primary outputs of the Plan Risk Response Process? |
| 1. Strategies for Negative Risks or Threats (Accept, Avoid, Transfer, Mitigate) 2. Strategies for Positive Risks or Opportunities (Accept, Exploit, Share, Enhance) 3. Strategies used for Contigent Response (Contingency Plans, Financial Reserves, Staffing Reallocation Reserve) | What are the tools and techniques used in the Plan Response Process? |
| "Accept" Strategy | Risk response strategy where individual accepts the consequences of the risk; it can be active such as developing a contingency plan should the risk occur, or it can be passive, such as accepting a lower profit it some activities overrun. |
| "Avoid" Strategy | Risk response strategy that eliminates a specific threat, usually by eliminating the cause; examples of avoidance include not doing the project or doing the project in a different way so that the risk no longer exists. |
| "Transfer" Strategy | Risk response strategy that reduces the direct risk by shifting it to a third party, such as insurance companies, clients or vendors; transferring does not eliminate the overall risk. |
| "Mitigate" Strategy | Risk response strategy that reduces the EMV of a risk event by reducing the probability of its occurrence or reducing the impact of the risk; an example of mitigation would be using proven technology to lessen the probability that a product will not. |
| "Exploit" Strategy | Risk response strategy that Increases chances of making the opportunity happen and it helps eliminate the uncertainty. *This is when you do everything you can to make sure that you take advantage of an opportunity. You could assign your best resources to it or you could allocate more than enough funds to be sure that you get the most out of it. |
| "Share" Strategy | Risk response strategy where sharing an opportunity is done with a third party, and so leverages that party's ability to capitalize on the opportunity. |
| "Enhance" Strategy | Risk response strategy that increases the probability of an opportunity's occurrence or its positive impact. *This is when you try to make the opportunity more probable by influencing it's triggers. |
| Contingency Plans | Action plans for specific risk events whose expected value has not been reduced to an acceptable level. |
| Financial Reserves | Allocations of funds or signature authority to the project manager's contingency reserve. |
| Staffing Reallocation Reserve | Reassigning, in an emergency, previously identified individuals with critical knowledge, skill and location availability, |
| Monitor and Control Risk | (Process) The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process through the project. The steps of this process are to determine if: -Risk responses have been implemented as planned -Risk responses are effective -Project assumptions are still valid -Risk exposure has changed -Risk triggers have occurred -Policies and procedures have been followed -New risks are identified -Risk events have occurred that were previously not defined. |
| 1. Risk Reassessment 2. Risk Audits 3. Variance & Trend Analysis 4. Technical Performance Measurement 5. Reserve Analysis 6. Status Meetings | What are the tools and techniques used in the Monitor and Control Risk Process? |
| Risk Management Plan | What is the primary output of the Plan Risk Management Process? |
| 1. Brainstorming 2. The Delphi Technique 3. Interviewing 4. SWOT Analysis 5. Root Cause Identification | What are the different information gathering techniques that can be used during the Identify Risks Process? |
| Risk Register | What is the primary output of the Identify Risks Process? |
| Risk Register Updates | What is the primary output of the Perform Qualitative Risk Analysis Process? |
| Risk Register Updates | What is the primary output of the Perform Quantitative Risk Analysis Process? |
| 1. Risk Register Updates 2. Risk-Related Contract Decisions 3. Project Management Plan Updates 4. Project Document Updates | What are the primary outputs of the Plan Risk Response Process? |
| Assumptions Analysis | (Technique) A technique that explores the accuracy of assumptions and identifies risks to the project from inaccuracy, inconsistency, or incompleteness of assumptions. |
| Preventative Action | A documented direction to perform an activity that can reduce the probability of negative consequences associated with project risks. |
| Project Risk Management | (Knowledge Area) Includes the processes concerned with conducting risk management planning, identification, analysis, responses, and monitoring and control on a project. |
| 1. Risk Management Plan 2. Activity Cost Estimates 3. Activity Duration Estimates 4. Scope Baseline 5. Stakeholder Register 6. Cost Management Plan 7. Schedule Management Plan 8. Quality Management Plan 9. Project Documents 10. Enterprise Environmental Factors 11. Organizational Process Assets | What are the inputs into the Identify Risks Process? |
| 1. Risk Register 2. Risk Management Plan 3. Project Scope Statement 4. Organizational Process Assets | What are the inputs into the Perform Qualitative Risk Analysis Process? |
| 1. Risk Register 2. Risk Management Plan 3. Cost Management Plan 4. Schedule Management Plan 5. Organizational Process Assets | What are the inputs into the Perform Quantitative Risk Analysis Process? |
| 1. Risk Register 2. Risk Management Plan | What are the inputs into the Plan Risk Response Process? |
| 1. Risk Register 2. Project Management Plan 3. Work Performance Information 4. Performance Reports | What are the inputs into the Monitor & Control Risk Process? |
| Documentation Review | When you look at plans, requirements, documents from your organizational process assets, and any other relevant documents that you can find to squeeze every possible risk out of them. |
| Checklist Analysis | Means using checklists that you developed specifically to help you find risks. This might remind you to check certain assumptions, talk to certain people, or reviews documents you might have overlooked. |
| Risk Data Quality Assessment | (Tool/Technique) Making sure that the information you're using in your risk assessment is accurate. Sometimes it makes sense to bring in outside experts to check out the validity of your risk assessment data. |
| Risk Urgency Assessment | (Tool/Technique) Checking out how soon you're doing to need to take care of a particular risk. If a risk is going to happen soon, you'd better have a plan for how to deal with it soon, too. |
| Expert Judgement | (Technique) Judgement based upon expertise appropriate to the activity. It may be provided by any group or person, either within the organization or external to it. |
| Risk and Probability Impact Assessment | (Tool/Technique) Process that helps you assign a probability to the likelihood of a risk occurring, and then figure out the actual cost (or impact) if it does happen. You can use these values to figure out which of your risks need a pretty solid mitigation plan, and which can be monitored as the project goes on. |
| Risk Categorization | (Tool/Technique) Grouping your risks so that you can come up with a better strategy for dealing with them. You might group them by the phase of the project where you'll see them, or by the source of the risk. Or you could come up with a bunch of additional categories that would help you to organize your response better and be ready for the risk if it should happen. |
| Watchlist | List of all the low probability and impact risks that you want to monitor as the project goes on. It includes risks you don't want to forget about, but which you don't need to track closely. |
| Triggers | Indications that a risk has occurred or is about to occur. These may be discovered in the risk identification process and watched in the risk monitoring and control process. Sometimes called risk symptoms or warning signs. *Conditions that cause a risk. |