This document discusses project risk management. It defines risk management and outlines the key processes: planning, identification, analysis, response planning, and monitoring. It describes performing qualitative risk analysis to assess the likelihood and impact of identified risks. This involves using tools like probability and impact matrices to prioritize risks. The output is an updated risk register containing the qualitative analysis results.
1. 11 PROJECT RISK MANAGEMENT
Objective of This Chapter:
Project risk management includes the processes of conducting risk management planning,
identification, analysis, response planning, and monitoring and control on a project
Risk is an uncertain event or condition that, if it occurs, has an effect on at least one project
objective. Objectives can include scope, schedule, cost, and quality
No construction project is risk free. Risk should be managed, minimised, shared, transferred,
or accepted. But should not be ignored. Most of the small real estate projects the focus of risk
management is mainly limited to cost escalation and material consumption (cement and
steel). Rest of the risks are managed on ad-hoc basis. It is worth mentioning that enlarging the
scope of risk management will surely help small as well as big projects
The objective of risk management is to increase the probability and impact of positive events,
and decrease the probability and impact of negative events in the project. Risk and
uncertainty can potentially have damaging consequences for the construction projects.
Therefore, the risk analysis and management should be a major feature of the
construction projects in an attempt to deal effectively with uncertainty and unexpected events
and to achieve project success.
Many problems which are faced in later phases of construction project are result from
unmanaged risks from the earlier stage. Hence poor risk management can result into
Increased costs due to ad-hoc management
Loss or reduction in profit
Damage to brand / reputation
And in worst case disposal of the business or insolvency
Project risk management is an iterative process: the process is beneficial when is
implemented in a systematic manner throughout the lifecycle of a construction project, from
feasibility to the planning stage and to completion. Though it is highlighted that most case
should be taken during planning and execution phases.
Characteristics of project risks:
Project risk is always in the future.
A risk may have one or more causes and, if it occurs, it may have one or more
impacts. A cause may be a requirement, assumption, constraint, or condition that
creates the possibility of negative or positive outcomes.
Project risk has its origins in the uncertainty present in all projects
Risk has positive or negative impact on project objectives i.e. scope, schedule, cost
and quality
Individuals and groups adopt attitudes toward risk that influence the way they
respond. These risk attitudes are driven by perception, tolerances, and other biases,
which should be made explicit wherever possible Risk attitude depends on
Risk exists the moment a project is conceived.
Moving forward on a project without a proactive focus on risk management increases
the impact that a realized risk can have on the project and can potentially lead to
project failure
2. Important terms in risk management:
Known risks : those that have been identified and analyzed, making it possible to plan
responses for those risks
Specific unknown risks : cannot be managed proactively, which suggests that the
project team should create a contingency plan
Issues : A project risk that has occurred
Risk attitude : depends on
o Risk appetite : degree of uncertainty willing to take in anticipation of rewards
o Risk tolerance : degree of risk that individual or organization can withstand
o Risk threshold : Risk is acceptable below the threshold but not above
Risk response : reflect an organization's perceived balance between risk taking and
risk avoidance. Based on the risk assessment, an appropriate decision is made
regarding further actions or proceeding to the next phase. For each risk use flag 'go',
'maybe' and 'no go' options in a decision making process. A 'go' status will constitute a
green light for proceeding on to the next phase while 'no go' will stop the progress
until effective risk response is put in place. Evaluation resulting in a 'maybe' decision
will lead to return to a previous step or even phases for further improvements and
minimizing risk.
Risk management approach: The level of risk is always related to the project
complexity The fact that there are so many risks which can be identified in the
construction industry, can be explained by the project size and their complexity. The
bigger the project is, the larger the number of potential risks that may be faced.
Several factors can stimulate risk occurrence. Moreover, when all potential risks have
been identified, the project team must remember that there might be more threats.
Therefore, the project team should not solely focus on management of those identified
risks but also be alert for any new potential risks which might arise. The easiest way
to identify risk is to analyze and draw a conclusion from projects which failed in the
past.
3. 11.1 Plan Risk Management
Risk management planning is the process of deciding how to conduct risk management
activities for a project. Careful planning will almost always improve the results from the
other five processes of risk management and is, therefore, time well spent. Risk planning
should begin during the earliest stages of project initiation and should be completed early in
the project planning process
Following points must be clearly defined in risk management plan:
Determine the project’s risk register requirements based on project estimate and
complexity, and the need for a written project Following guide lines can be used for
risk management of projects of various sizes and complexities:
Risk Management Small or low Mid size or medium Big size or high
4. Process complexity project complexity project complexity project
Risk Identification Yes Yes Yes
Qualitative Analysis Risk Rating Probability &
Impact Analysis
Probability &
Impact Analysis
Quantitative Analysis Not Necessary Not Necessary Yes
Risk Response Yes Yes Yes
Risk Monitoring Yes Yes Yes
Populate and maintain the project risk register with risks developed by functional
units and the phases
Ensure proactive response to all risks and opportunities that will impact the successful
delivery of the project.
Decide how risk management will be communicated and discussed with directors
Decide how risk management will be discussed with internal department management
about and external stake holders
Schedule of risk management meetings.
How to monitor and update risks.
Ensure quality of the risk data in the risk register.
Track and monitor the effectiveness of risk response actions
5. 11.1.1 Inputs
11.1.1.1 Project Management Plan : The performance baseline in the areas of scope, time,
and cost may all be affected by risk-related activities.
11.1.1.2 Project Charter : High-level risks, high-level project descriptions, and high- level
requirements are all inputs from the project charter that may be used in planning risk
management.
11.1.1.3 Stakeholder Register : Provides an overview of the roles of the various stakeholders
on the project.
11.1.1.4 EEFs : Risk attitudes, thresholds, and tolerances of the organization.
11.1.1.5 OPAs : Which includes
Risk categories, definitions
Risk statement formulas, templates
Risk-related roles and responsibilities
Authority levels for risk-related decision making
Lessons learned
11.1.2 Tools & Techniques
11.1.2.1 Analytical Techniques : Used to understand and define the overall risk management
context of the project, which is based on a combination of stakeholder risk attitudes and
strategic risk exposure of a given project
6. 11.1.2.2 Expert Judgment : Expertise should be considered from subject matter experts,
project stakeholders, and senior management, and lessons learned from previous projects.
11.1.2.3 Meetings : Used to develop the risk management plan. High level plan for
conducting risk management activities are defined in these meetings
11.1.3 Outputs
11.1.3.1 Risk Management Plan : Describes how risk management activities will be planned
and executed.
The plan may include the following:
Methodology
Roles and responsibility
Budgeting
Timing
Risk categories: may employ information from the RBS (Risk Breakdown Structure)
Definition of probability and impact: how to describe or measure the likelihood that
an event will occur and the effect on project objectives if it does occur.
Probability and impact matrix (more detail under qualitative analysis)
Revised stakeholder tolerances: Risk planning may cause shifts in how much risk is
considered acceptable for a specific project.
Reporting formats
Tracking : How the risk activities will be recorded and audited
11.2 Identify Risks
Risk identification involves determining which risk events are likely to affect the project and
documenting their characteristics. Risk identification is not a one-time event; it is an iterative
process and normally leads to qualitative analysis. New risks may emerge at any time and
continued risk identification should be performed on a regular basis throughout the project.
During the identification of a risk, it may also become apparent what the appropriate response
should be. This information should be recorded for subsequent use in the response planning
process.
Different stakeholders will have different expectations and interests in the project. This
naturally creates problems and confusion for even the most experienced project managers and
contractors on how to manage risk. Still they should jointly look into risk management which
might arise due to following factors
Immature project management practices
Lack of integrated approach to project management
Unmanaged dependency on external participants whose behaviour cannot be
controlled
Failure to recognise and develop responses to risk and opportunity
Lack of timely resolution of issues as raised by various stakeholders
Poor contract and claim administration
Lack of compliance with project and regulatory requirements
Unclear or unattainable project objectives
Tight project schedule
Too many design variations
Unsuitable construction program planning
Occurrence of dispute
7. Price inflation of construction materials
Excessive approval procedures in administrative government departments
Incomplete approval and other documents
Inadequate or insufficient site information (soil test and survey report)
Poor estimation
Budget based on incomplete data
Issues due to contractual problems
Delays due to reasons beyond control of project team or contractors
Quality issues
Insufficient time for testing
Act of god
Inflation and interest rate
Political and regulatory issues
8. Inputs
11.2.1.2 Risk Management Plan : Assigns roles and responsibilities for risk identification,
builds money and time into the plan to accommodate risk identification and provides
information about risk identification and provides information about risk categories that may
be relevant for the current project
11.2.1.2 Cost Management Plan : Processes and controls that can be used to identify risks on
the project.
11.2.1.3 Schedule Management Plan : Project schedule objectives which may be impacted by
risks.
11.2.1.4 Quality Management Plan : Quality measures and metrics for use in identifying
risks.
9. 11.2.1.5 Human Resource Management Plan : Which includes roles and responsibilities,
project organization chart and staffing management plan
11.2.1.6 Scope Baseline : Which includes project scope statement (contains project
assumptions) and WBS (facilitates understanding of potential risks at summary, control
account, and work package levels)
11.2.1.7 Activity Cost Estimates : Provides quantitative assessment of the range of costs of
completing scheduled activities, with the width of the range indicating the degree of risk.
11.2.1.8 Activity Duration Estimates : Used to identify risks related to time allowances for
activities, with the range of the estimates indicating the degree of risk.
11.2.1.9 Stakeholder Register : Useful for soliciting inputs from stakeholders to identify risks.
11.2.1.10 Project Documents : Which includes project charter, project schedule, schedule
network diagrams, issue log and quality checklist
11.2.1.11 Procurement Documents : Details used to determine risks associated with planned
procurements.
11.2.1.12 EEFs : Information from industry and academia that give guidance in identification
of risks.
11.2.1.13 OPAs : Which includes project files, organizational process controls, templates for
risk statement and lessons learned
11.2.2 Tools & Techniques
11.2.2.1 Documentation Reviews : A structured review of previous project files, project plans
and project assumptions.
11.2.2.2 Information Gathering Techniques : Which includes
Brainstorming: Under the leadership of a facilitator, the project team or a multi-disciplinary
group of experts generates ideas about project risks. The information is
then refined and categorized.
Delphi technique: A way of reaching consensus among a group of experts who
participate anonymously. The experts give responses to specific questions. The
responses are then summarized and provided to the entire group. The anonymity
prevents any participant from dominating the results. Several iterations are usually
performed to determine whether a consensus exists among the experts. While this
technique can be used for numerous reasons, the purpose here is to identify major
project risks.
Interviewing: Conducted with experienced project managers, subject matter experts
and other stakeholders.
Root cause analysis: Sharpens the definition of a particular risk and facilitates
grouping of risks by cause or category
11.2.2.3 Checklist Analysis : Checklists for risk identification may be compiled from
previous projects and an analysis of the risk breakdown structure.
10. 11.2.2.4 Assumptions Analysis : Explores the validity of assumptions as they apply to the
project.
11.2.2.5 Diagramming Techniques : Which includes cause and effect analysis, system or
process flow charts, and influence diagrams
11.2.2.6 SWOT Analysis : Examines the project for each of the Strengths, Weaknesses,
Opportunities, and Threats by examining the dimensions of positive and negative risks, and
internal and external ones.
11.2.2.7 Expert Judgment : Experts with experience on similar projects or business areas.
11.2.3 Outputs
11.2.3.1 Risk Register : Which contains identified risks and of potential responses. The risk
register is built in stages as each risk management process is performed. A plan is provided,
risks are identified, risks are then analyzed, response plans are developed and on-going
monitoring and control follows next. New information is developed at each step
11. 11.3 Perform Qualitative Risk Analysis
Qualitative risk analysis is the process of assessing the likelihood and impact of identified
risks and prioritizing them according to their potential effect on project objectives. This
process id accomplished using established qualitative methods and tools. The purpose is to
help the project team focus on high priority risk and also to lay the foundation for quantitative
analysis should it be needed. Qualitative analysis takes relatively less time and is less
expensive to perform when compared to quantitative analysis
12. 11.3.1 Inputs
11.3.1.1 Risk Management Plan : The key elements of the Risk Management Plan used in this
process are
roles and responsibilities for conducting risk management
budget, schedule for risk management activities
definition of risk categories
definition of risk probability and impact
probability and impact matrix
stakeholder’s risk tolerances
11.3.1.2 Scope Baseline : An analysis of the scope baseline will indicate if the project has
higher risk, which will occur if the project involves state-of-the-art technology and high
complexity
11.3.1.3 Risk Register : This contains the risks and potential risk responses identified in
process Identify Risks.
11.3.1.4 EEFs : Which includes industry studies of similar projects by risk specialists and
risk databases from industry or proprietary sources
11.3.1.5 OPAs : Which includes historical information from similar projects
11.3.2 Tools & Techniques
11.3.2.1 Risk Probability And Impact Assessment: Which comprises of risk probability
assessment investigates likelihood of each risk and risk impact assessment investigates
potential effect on project constraints (schedule, cost, quality, scope)
13. 11.3.2.2 Probability and impact matrix : Based on the risk probability and impact assessment,
a matrix is created showing both the probability and the impact for each risk. A risk rating is
assigned of high, moderate, or low depending on the pre-determined preference of the
organization.
Sometimes, the low risks are put in a watch list for further monitoring during the course of
the project.
Risk Categorization :
14.
15. 11.3.2.3 Risk Data Quality Assessment : The degree to which data about risks on the project
has Accuracy, Quality, Reliability and Integrity
11.3.2.4 Risk Categorization : Risks to the project can be categorized according to their
source (using the Risk Breakdown Structure), the area of the project effected (using the
Work Breakdown Structure), or the phase of the project effected.
11.3.2.5 Risk Urgency Assessment : Based on whether the risk is likely to occur in the near-term.
Some risk rankings combine the risk probability, risk impact and the risk urgency.
11.3.2.6 Expert Judgment : Expert judgment is often used to determine the risk probability
and impact.
11.3.3 Outputs
11.3.3.1 Project Documents Updates : Risk register for each risk identified in process
Assessments of probability and impact
Risk urgency
Risk ranking
Risk categorization
Watch list for low probability risks
Assumptions Log–the project scope statement may contain assumptions about the project
which may be updated as a result of the qualitative risk analysis done in this process.
11.4 Perform Quantitative Risk Analysis
Quantitative analysis numerically analyzes the probability of each risk and its consequence
on project objectives. Sophisticated techniques such as Monte Carlo simulation and decision
tree analysis are used to do the following.
Determine the probability that specific project objective can be met.
Quantify risk exposure so that cost and schedule reserves can be determined.
Identify which risks require the most attention.
Identify realistic cost, schedule and performance targets.
There may be instances in which quantitative analysis is not needed or is not worth the cost.
16. 11.4.1 Inputs
11.4.1.1 Risk Register : provides a list of risks, risk priorities and risk categories (information
from all the previous processes).
11.4.1.2 Risk Management Plan: establishes roles and responsibilities, the budget and time to
do the analysis, risk categories and stakeholder risk tolerance.
11.4.1.3 Cost Management Plan: provides the format and structure for handling cost-related
information and issues.
11.4.1.4 Schedule Management Plan: provides the format and structure for handling
schedule-related information and issues.
11.4.1.5 EEFs
11.4.1.6 OPAs : Organizational Process Assets that can influence quantitative analysis
include information on previous, similar projects, studies of similar projects by risk
17. specialists , risk database available from professional associations, industry groups or other
proprietary sources
11.4.2 Tools & Techniques
11.4.2.1 Data Gathering And Representation Techniques: These techniques include:
Interviewing: Interviews with appropriate subject matter experts yield data requited to
build provability distributions. A common approach is shown in this site, in which
experts provide three estimates (low, most likely and high). This approach is very
much like the PERT technique discussed in the time management area.
Probability Distributions: The outcome of interviewing in a probability distribution.
11.4.2.2 Quantitative risk analysis and modelling techniques: Common techniques include:
Sensitivity Analysis: Also known as “what if” analysis, sensitivity analysis uses the
power of the computer to examine the effects of variations in different project
variables. For, example, if you vary the duration of a given task, what is the effect on
project costs, quality and resource usage. Tornado diagrams may be used to assess the
potential impact of highly uncertain variables on the rest of the project.
Expected Monetary Value Analysis: A statistical concept that calculates a long-term
average outcome. EMV is quite simply multiplying the probability of an event by the
monitory amount at stake. EMV analysis is often used in conjunction with decision
trees. A decision tree is a diagram that depicts the interactions of possible events. The
process yields the probabilities and/or expected monetary value of various possible
outcomes.
Modelling and Simulation: Using data from subject matter experts, computer software
program uses random number generators and input values from a probability
distribution to simulate possible project outcomes.
Most common form is Monte Carlo. It quantifies a variety of potential risks, including
schedule and cost. Produces a distribution of possible outcomes with associated
probabilities. By comparison, PEPT and CPM analysis understate project duration
because they cannot account for path convergence. The results of a Monte Carlo
simulation are significantly affected by the choice of statistical distribut ion.
18. 11.4.2.3 Expert Judgment: Subject matter experts are needed to provide data and validate the
results.
11.4.3 Outputs
11.4.3.1 Risk Register Updates: The register is now updated with the following new
information from quantitative analysis:
Probabilistic analysis of the project: A forecast of possible cost and schedule
outcomes along with associated confidence levels. In order words, a probability
distribution showing possible cost and schedule results.
Probability of achieving cost and time objectives: A quantitative analysis showing the
probability of achieving the current project objectives (given the current knowledge of
project risks).
Prioritized list of quantified risks: A list of risks that pose the greatest threat (or
opportunity) for the project.
Trends in quantitative risk analysis results: If there are any trends in project
performance, repetitive analysis will usually show them.
For a project in the Planning and Design phase:
Set project cost and schedule targets
Evaluate if cost estimates and schedules are realistic
Evaluate the adequacy of contingency reserves
Request a contingency exceeding the standard Caltrans allowance
Evaluate the probability (risk) of exceeding specific cost and time targets
Determine the sensitivity of the output probability distribution to input risks (Risk
Sensitivity Diagram), highlighting the main risk drivers.
For a project in the Construction phase:
Perform risk‐based budget analyses and forecasting cost at completion
Assess the adequacy of remaining contingency
19. Request supplemental funds
Evaluate the probability of meeting completion targets.
11.5 Plan Risk Response
Risk response planning is the process of determining how to enhance opportunities or reduce
threats. Response planning assigns one or more people as “response owners” and addresses
risks according to their priority. Response planning should consider the following factor:
The response is appropriate for the severity of the risk.
The response is cost effective and timely.
The response is agrees upon and realistic.
The response is owned by a specific person (assigned action item).
11.5.1 Inputs
11.5.1.1 Risk Management plan: As before, the risk plan assigns people who own specific
risks, defines the thresholds for whether a risk is low, moderate, or high, and provides the
time and budget to conduct response activities.
20. 11.5.1.2 Risk Register: Based on the analysis from the previous processes of identification
and analysis, the risk register provides the following information:
Identified risks and priority
Root causes and risks grouped by categories
List of potential responses
Risk owners and risk triggers (symptoms and warning signs)
Risks requiring near term response
Watch list of row risks that should be periodically monitored
11.5.2 Tools And Techniques
11.5.2.1Strategies For Negative Risks Or Threats: May be addressed with one or more of the
following:
Avoid: This strategy attempts to eliminate a threat, if possible. One possible approach
is to adopt an alternative strategy in one of the following ways: 1) reduce scope or
change project objectives, 2) allow the schedule to slip, 3) adopt a proven technical
approach instead of a more innovative, risky one, or 4) use a substitute component
that does not have the same risk. Risk can be avoided by removing the cause of the
risk or executing the project in a different way while still aiming to achieve project
objectives. Not all risks can be avoided or eliminated, and for others, this approach
may be too expensive or time‐consuming. However, this should be the first strategy
considered.
Transfer: You may consider transferring (deflecting) a risk to another party through
numerous practices. Transferring risk involves finding another party who is willing to
take responsibility for its management, and who will bear the liability of the risk
should it occur. The aim is to ensure that the risk is owned and managed by the party
best able to deal with it effectively. Risk transfer usually involves payment of a
premium, and the cost‐effectiveness of this must be considered when deciding
whether to adopt a transfer strategy. Example : Handing over sight security to an
agency who has good track record for handling site security in that area.
Mitigate: Actions taken to reduce the probability or the impact of a risk, earlier
preventive approaches are usually more productive than repairing the damage after it
occurs. Conducting more tests or designing back-up systems into critical subsystems
are examples of mitigation. Insurance and performance bonds, Warranties and
guarantees, Outsourcing (also called procurement or subcontracting), Contract type
(a fixed price contract transfers cost risk to the seller and a cost reimbursement
contract transfers cost risk to the buyer)
Note: Transferring a risk does not eliminate the risk. It merely gives someone else the
responsibility to manage that risk.
Accept: This approach may be used for negative risks or threats and for positive
opportunities. Passive acceptance is taking no action and dealing with the problems
(or opportunities) if and when they occur. Active acceptance is almost always handled
using extra money, time, or resources (known as contingency reserve).
11.5.2.2 Strategies For Positive Risks Or Opportunities:
Exploit: This strategy attempts to maximize the chance of reaching an opportunity. lt
uses approaches such as: assigning the most talented resources available, reducing the
time to completion, providing better quality than planned, and eliminating
21. uncertainty. The sponsor should exert influence where needed. This strategy seeks to
eliminate the uncertainty associated with a particular upside risk by making the
opportunity definitely happen. Exploit is an aggressive response strategy, best
reserved for those “golden opportunities” having high probability and impacts. Ex:
Launching Phase 2 of the project immediately if there is above expectation response
for phase 1 of the project
Share: This strategy involves joint ventures, strategic alliances, and other
collaborative arrangements to share risks, share costs, and take advantage of technical
synergies (each party performs the portion of the project that they do best). Allocate
risk ownership of an opportunity to another party who is best able to maximize its
probability of occurrence and increase the potential benefits if it does occur.
Transferring threats and sharing opportunities are similar in that a third party is used.
Those to whom threats are transferred take on the liability and those to whom
opportunities are allocated should be allowed to share in the potential benefits.
Example : Sharing profits with investment partner
Enhance: This strategy attempts to increase the "size of an opportunity" by 1)
increasing probability and positive impact (the opposite of mitigating negative risks)
and 2)by identifying and maximizing key drivers of positive opportunities. For
instance, one might decide to leverage the advantages of a superior technology.
Accept: Used when the organization prefers not to actively pursue an opportunity, but
will take advantage of it if it occurs. For example, the organization might not wish to
divert resources from a more promising opportunity.
11.5.2.3 Contingent Response Strategy: A response plan that is used only under
predetermined circumstances. This approach is appropriate when planners feel that future
warning symptoms will provide adequate time to implement the response activity if the
conditions begin to occur. For example, a particular risk response strategy may be triggered
only if a specific milestone is missed.
11.5.2.4 Expert Judgment: As always, people with the right experience, training, and
knowledge should be used for the task at hand (in this case, for response planning).
11.5.3 Outputs
11.5.3.1 Project Management Plan Updates: Elements of the plan that may be updated as a
result of response planning include:
Schedule management plan
Cost management plan
Quality management plan
Procurement management plan
Human resource management plan
Work breakdown structure
Schedule baseline
Cost performance baseline
Risk register update
11.5.3.2 Project Document Updates: Documents that are updated include risk register update
,assumptions log updates, technical documentation and change requests
22. 11.6 Control Risks
Risk monitoring is the process of keeping track of identified risks, ensuring that risk response
plans are implemented, evaluating the effectiveness of risk responses, monitoring residual
risks, and identifying new risks. The purpose of monitoring is to determine whether:
Risk responses have been implemented.
Risk responses were effective (or new responses are needed).
Project assumptions are still valid.
Any risk triggers have occurred.
Risk exposure has changed.
Policies and procedures are being followed-
Any new risks have emerged.
11.6.1 Inputs
11.6.1.1 Risk Register
11.6.1.2 Project Management Plan: Contains the risk management plan which assigns people,
risk owners, and the resources needed to carry out risk monitoring activities.
23. 11.6.1.3 Work Performance Data : Includes performance data related to various performance
results possibly impacted by risk which includes deliverable status, schedule progress and
cost incurred.
11.6.1. 4 Work Performance Reports: These reports analyze the work performance
information just mentioned to create status reports and forecasts using various methods such
as earned value.
11.6.2 Tools And Techniques
11.6.2.1 Risk Reassessment: The project team should regularly check for new risks and
reassess previously identified risks. At least three possible scenarios should be considered: a)
new risks may have emerged and a new response plan must be devised, b) if a previously
identified risk actually occurs, the effectiveness of the response plan should be evaluated for
lessons learned, and c) if a risk does not occur, it should be officially closed out in the risk
register.
11.6.2.2 Risk Audits: Evaluate and document the effectiveness of risk responses as well as
the effectiveness of the processes being used. Risk audits may be incorporated into the
agenda of regularly scheduled status meetings or may be scheduled as separate events.
11.6.2.3 Variance and Trend Analysis: Used to monitor overall project performance. These
analyses are used to forecast future project performance and to determine if deviations from
the plan are being caused by risks or opportunities.
11.6.2.4 Technical Performance Measurement: Using the results of testing, prototyping, and
other techniques to determine whether planned technical achievements are being met. As
with trend analysis, this information is also used to forecast the degree of technical success on
the project.
11.6.2.5 Reserve Analysis: Compares the remaining reserves to the remaining risk to
determine whether the remaining reserve is adequate to complete the project.
11.6.2.6 Meetings: Risk management should be a regular agenda item at the regular team
meetings.
11.6.3 Output
11.6.3.1 Work Performance Information : To communicate and support project decision
making
11.6.3.2 Change Requests: When contingency plans are implemented, it is sometimes
necessary to change the project management plan. A classic example is the addition of extra
money, time, or resources for contingency purposes. These change requests may lead to
recommended corrective actions or recommended preventive actions. Corrective actions may
include contingency plans (devised at the time a risk event is identified and used later if the
risk actually occurs) and workarounds (passive acceptance of a risk where no action is taken
until or unless the risk event actually occurs). The major distinction is that workaround
responses are not planned in advance.
11.6.3.3 Project Management Plan Updates: Again, if approved changes have an effect on
risk information or processes, the project management plan should be revised accordingly.
24. 11.6.3.4 Project Document Updates: Documents that may be updated include assumptions
log updates and technical documentation updates.
11.6.3.5 OPAs Updates: Includes risk plan templates, the risk register, the risk breakdown
structure, and lessons learned.