Risk management is a tough subject on the PMP Certification Exam. Planning for the unknown is challenging, to say the least, and probably one of the reasons why people don’t spend as much time on risk management as they should. However, just because it’s hard doesn’t mean that it isn’t worthwhile.
Plan Risk Management. Defining how to conduct risk management activities for a project.
Here are some basic tenets to keep in mind about planning for risk:
The amount of risk management planning should be commensurate with the amount of uncertainty and the degree of criticality of the project. Projects that are similar to prior projects and that are not complex need less risk management than complex projects with new and emerging technology and that have a high impact on the success of the organization.
Risk management should begin very early on in the project and continue until the project is closed.
To elevate the importance of risk management on a project, sufficient time, resources, and budget need to be allocated to the risk management process.
Plan Risk Management: Inputs
Risk management planning needs to be consistent with the project’s approach for scope, schedule, cost, and quality. Therefore, you should consider at least the following information from the project management plan: scope management plan, schedule management plan, cost management plan, and quality management plan as you determine how to address risk. Look at how these various plans affect your risk management planning.
If you have a project with a very tight delivery time frame, and yet you have no schedule management plan (or one that is simple or not well defined), you need to account for the lack of attention to schedule management in your risk planning.
However, if you have a robust schedule management plan that includes contingency reserves, a detailed approach to analyzing the progress on critical and near-critical paths, sufficient scheduling software, and people skilled in developing schedules, your risk management plan won’t need to focus as heavily on the schedule aspect as you plan for risk.
The scope statement contains information about the types of deliverables and the associated acceptance criteria. A well–thought-out scope statement means less uncertainty — and, therefore, less risk associated with the scope and quality of the product and the project.
In organizations that practice risk management, plenty of tools and documentation are available that can help you. For example, there might be templates for probability and impact matrices and risk registers. Or, definitions for high, medium, and low risks may already exist, so you won’t need to develop them on your own.
Always keep in mind your organization’s risk tolerance. Government or regulated agencies are bound to be risk averse and cannot take risks with the public’s welfare or interests. Conversely, remember the Dot-Com boom in the 1990s? Those companies were indeed risk-seekers. They could see only the upside, taking tremendous risks — and, for a while, reaping tremendous rewards. Many of those organizations paid the price for their risks.
Plan Risk Management: Tools and Techniques
Analyzing stakeholder risk tolerances and the high-level project risk exposure will help determine the appropriate approach for risk management. A project with high risk exposure, or with stakeholders who are risk averse, will require more risk management than a project with low risk exposure or stakeholders with a high risk tolerance.
You will meet with your team, risk experts, and technical experts to determine the best approach for risk management. If your organization doesn’t have risk management templates or definitions for probability and impact, you and your team will develop these as part of risk management planning. If your organization does have these key definitions and tools, you’ll spend this time customizing them for your project.