Item Description Plan Risk Management Identify Risks Perform Qualitative Risk Perform Quantitative Risk Plan Risk

Risk Perform Quantitative Risk Plan Risk Responses Monitor & Control Risks
Analysis Analysis

General CSF For 1. Recognize the value of risk management

2. Individual commitment / responsibility: Project participants & stakeholders should all accept responsibility for under taking risk related activities
Project Risk 3. Open & honest communication: Any action hinder communication will result in reducing effectiveness of risk management
Management 4. Organizational Commitment: Can be established if only risk is aligned with organizational goals & values. Risk may require higher level of managerial support at levels higher than PM
(6) 5. Risk Effort Scaled to project
6. Integration with Project Management
Specific Critical (3) (10) (4) (6) (8) (3)
1. Identify and address barriers 1. Early Identification 1. Use Agreed Upon Approach 1. Prior Risk Identification & People:
Success Factors to successful risk management Qualitative Risk Analysis 1. Integrate Risk Monitoring &
- Key decision shall take risk into Risks can be assessed according to 1. Communicate Control with Project Monitor
- Org. and STH didn’t recognize account. probability, impact, urgency, 2. Appropriate Project Model and Control
the value / benefits of risk - Give maximum time for manageability, impacts external to The resulting plan are distributed and
management. response planning and project 3. Commitment to collecting High approval obtained from STH to Project management plan should
- No clear definition for project implementation as earlier Quality Risk Data ensure their acceptance include the actions required for
objectives. response are always less costly 2. Use Agreed Upon Definition monitoring & control risk.
- Unavailability of OPA which than later one (efficiency) 4. Unbiased Data 2. Clearly Define Risk Related Project Schedule should include all
will consume more time to be Levels for probability & impact has roles & responsibilities agreed upon responses so that they
developed. 2. Iterative Identification to be identified. 5. Overall Project Risk Derived can be carried out as normal part of
- Risk Plan isn’t integrated in from Individual Risk Assign risk owner & risk action project and tracked accordingly.
overall project plan. Frequency as per risk plan or at 3. Collect High Quality Data owner.
specific milestone or in case of Risks are defined at the level of Management may take ownership of 2. Continuously monitor Risk
2. Involve Project STH in significant change Even if data not available in detail tasks or line item costs and risks with political or organizational Trigger Conditions
Project Risk Management historical data, it shall be collected incorporate into project model to sources
3. Emergent Identification by interview, expert judgement..etc calculate effects on schedule or cost Monitoring trigger conditions is the
To build on their skills and taking care about bias Planning: responsibility of risk action owner
experience and to ensure Identification may occur at any 6. Interrelation ships between Risk
understanding / commitment to time not necessary in formal 4. Perform Iterative Qualitative in Quantitative Risk Analysis 1. Specify Timing of risk responses 3. Maintain Risk Awareness
project risk management events or regular review Risk Analysis
Individual risks in project model may Risk responses shall be integrated Risk management reports should be
3. Comply With Organization’s 4. Comprehensive Identification Frequency is given in risk plan or it be related to each others e.g. having into project plan and will be a regular item on every status
Objectives, Policies & Practices can be done according to entire the same root cause therefore are scheduled and assigned for execution meeting agenda to ensure that all
Shall include all sources of risk as project events likely to occur together team members remain aware of the
many as possible 2. Provide Resource Budget & importance of risk management.
Schedule for the Responses
5. Explicit Identification of Sponsor should require regular
Opportunities Management role is vital to support reports on the risks and planned
PM and authorize corresponding responses to ensure that
6.Multiple Perspectives resources stakeholders are aware of the
Input will be taken from broad importance of risk. Sponsor feed
range of STH not only project Analysis: back motivates project team by
team indicating senior level interest in
1. Address Interaction of Risks and project risk management.
7. Risk Linked to Project Responses
Objectives
Response may be developed to
By definition, risk has to be address risks related either by cause /
linked with at least one objective effect or by common root causes

8. Complete Risk Statement Compromise in deciding risk

response strategy as some proposed
response may negatively affect other
objectives

Page 1 of 6
Prepared By Ehab H. Sousa
Please pray for my Died Father Hamed Hossam
‫أرﺟو اﻟدﻋﺎء ﻟواﻟدي اﻟﻣﺗوﻓﻲ ﺣﺎﻣد ﺣﺳﺎم‬
Item Description Plan Risk Management
Domains Domain 1:
Risk Strategy & Planning:
& Tasks
Activities related to developing
policies, processes & procedures
for risk
Task 1:(Revised STH tolerance)
Develop Risk assessment tools
that quantify STH tolerance in
order to assess thresholds and set
criteria for risk level.
Task 2:
Update risk policies and
procedures using information
such as lesson learned from
projects and output of risk audits
in order to improve risk
management effectiveness.
Task 3:
Develop Project Risk Strategy
based on project objectives in
order to establish outline for risk
plan.
Identify Risks
9. Ownership and level of
Details
Risk has to be described in a lot
of details so that it can be
assigned to a single risk owner
with clear responsibilities &
accountabilities
10.Objectivety
Bias shall be recognized and
addressed to minimize
subjectivity and allow open /
honest identification
Domain 3:
Risk Process Facilitation:
Activities related to facilitation risk identification, evaluation, prioritization & response
Task 1:
Apply risk assessment tools in order to quantify STH risk tolerance.
Task 2:
Facilitate risk identification using variety of techniques in order to enable project team & STH to understand risk exposure of the project.
Task 3:
Facilitate the project team evaluation of identified risk attributes using qualitative & quantitative risk tools in order to prioritize the risks for response
planning
Perform Qualitative Risk Perform Quantitative Risk Plan Risk Responses Monitor & Control Risks
Analysis Analysis
2. Ensure Appropriate, Timely,
Effective and Agreed upon
Responses
Any proposed response needs to be
assessed against the following
criteria:
-consistency with org., objectives &
STH expectations
- Technical Feasibility
- Ability of project team or risk
action owner outside the project to
carry out the corresponding actions
- Balance between overall impact of
the response on the project &
improvement of risk profile
3. Address Threats &
Opportunities
4. Develop Strategies before
Tactical Responses
You shouldn’t adopt the first
response that seems to be feasible.
Responses should be plan at a
general strategic level prior to
developing the detailed tactical
approach
Domain 4:
Risk Monitoring & reporting:
Activities related to monitor risks,
evaluating risk response against
established metrics and
communicating risk performance to
STH & project team.
Task 1:
Periodically update project risk
information using standard tools
(e.g.: risk register, risk data base)
in order to maintain a single
repository of all project risk
information.
Task 2:
Coordinate with project manager
using comm. techniques in order
to integrate risk management into
the project.
Page 2 of 6
Prepared By Ehab H. Sousa
Please pray for my Died Father Hamed Hossam
‫أرﺟو اﻟدﻋﺎء ﻟواﻟدي اﻟﻣﺗوﻓﻲ ﺣﺎﻣد ﺣﺳﺎم‬
Item Description Plan Risk Management
Task 4:
Produce risk plan based on inputs
such as OPA, EEF & STH
register in order to define, fund
& staff effective risk processes
aligned with other plans.
Task 5: (Tracking & Auditing)
Establish evaluation criteria for
risk processes based on project
baseline & objectives in order to
measure the effectiveness of
project risk management.
Identify Risks Perform Qualitative Risk Perform Quantitative Risk Plan Risk Responses Monitor & Control Risks
Analysis Analysis
Task 4: Task 3:
Facilitate the development of an aligned risk response strategy and related risk actions by risk owners in order to ensure timely and defined action when Create periodic custom reports
required. using risk related metrics as
specified in risk plan in order to
communicate risk management
status.
Task 5:
Task 4:
Facilitate the formulation of project contingency reserve Monitor risk response metrics and
based on the risk exposure for the projects in order to have the capability and resources to respond to realized risks. present to key STH in order to
ensure resolution of risk and
Task 6: develop additional response
Provide risk data to cost and schedule estimator in order to ensure that risk is properly reflected in cost and schedule estimates. strategy to address residual and
secondary risks.
Task 7: (Scenario analysis)
Use scenarios to validate potential risk responses in order to enhance the likelihood of project success. Task 5:
Analyse risk process performance
against established metrics
in order to drive risk process
improvements.
Task 6:
Update the project risk
management plan using relevant
internal & external inputs
in order to keep plan current.
Task 7:
Capture risk lesson learned through
comprehensive review in order to
incorporate into future risk
planning.
Domain 5:
Perform Specialized Risk Analysis:
Activities related to specialized Quantitative and Qualitative risk analysis.
Task 1:
Evaluate the attributes of identified risks using advanced quantitative &
quantitative in order to estimate overall risk exposure for the project.
Task 2:
Analyse risk data produced during project using statistical analyses and
expert judgement in order to determine strengths & weaknesses of risk
strategy and recommend improvement.
Task 3:
Perform Specialized risk analysis using advanced tools & techniques
in order to support STH decision making for the project.
Page 3 of 6
Prepared By Ehab H. Sousa
Please pray for my Died Father Hamed Hossam
‫أرﺟو اﻟدﻋﺎء ﻟواﻟدي اﻟﻣﺗوﻓﻲ ﺣﺎﻣد ﺣﺳﺎم‬
Item Description Plan Risk Management Identify Risks Perform Qualitative Risk Perform Quantitative Risk Plan Risk Responses Monitor & Control Risks
Analysis Analysis

Domain 2:
STH Engagement:

Activities related to promoting the understanding of project risk management for STH & project team member, assessing STH risk tolerance, prioritizing project risk and promoting risk ownership.

Task 1: Promote common understanding of the value of risk management by using interpersonal skills in order to foster an appropriate level of shared accountability, responsibility & risk ownership.
Task 2: Train, coach & educate STH in risk principles in order to create shared understanding of principles and foster engagement in risk management.
Task 3: Coach Project Team members in implementing risk processes in order to ensure the consistent application of risk processes.
Task 4: Asses STH risk tolerance using tools such as interviewing & reviewing historical STH behaviours in order to identify project risk thresholds.
Task 5: Identify STH risk attitudes and cognitive biases using STH analysis techniques in order to manage STH expectations & responses throughout the life cycle of the project.
Task 6: Engage STH on risk prioritization process based on STH risk tolerance in order to optimize consensus regarding priorities.
Task 7: Provide risk related recommendations to STH by using effective communication in order to support effective risk-based decision making.
Task 8: Promote risk ownership by proactively communicating roles and responsibilities and engaging project team members in the development of risk responses in order to improve risk response execution.
Task 9: Liaise with STH of other projects by using effective communication techniques and sharing information on project risk performance in order to inform them of implications for their projects.
Input 1. Project management plan 1. Risk management plan 1. Risk management plan 1.Risk management plan 1. Risk management plan 1. Project management plan
2. Project charter 2. Cost management plan 2. Scope baseline 2. Cost management plan 2. Risk register 2. Risk register
3. Stakeholder register 3. Schedule management plan 3. Risk register 3. Schedule management plan 3. Work performance data
4. Enterprise environmental 4. Quality management plan 4. Enterprise environmental 4. Risk register 4. Work performance reports
factors 5. Human resource factors 5. Enterprise environmental
5. Organizational process assets management plan 5. Organizational process assets factors
6. Scope baseline 6. Organizational process assets
7. Activity cost estimates
8. Activity duration estimates
9. Stakeholder register
10. Project documents
11. Procurement documents
12. Enterprise environmental
factors
13. Organizational process assets
Output 1. Risk management plan 1. Risk register 1. Project documents updates 1. Project documents updates 1. Project management plan 1. Work performance information
updates 2. Change requests
2. Project documents updates 3. Project management plan
updates
4. Project documents updates
5. Organizational process assets
Updates
Tools & 1. Analytical techniques 1. Documentation reviews 1. Risk probability and impact 1. Data gathering and 1. Strategies for negative risks or 1. Risk reassessment
2. Expert judgment 2. Information gathering assessment representation techniques threats 2. Risk audits:
Techniques 3. Meetings techniques 2. Probability and impact matrix 2. Quantitative risk analysis and 2. Strategies for positive risks or 3. Trend & Variance analysis
3. Checklist analysis 3. Risk data quality assessment modeling techniques opportunities 4. Technical performance
4. Assumptions analysis 4. Risk categorization 3. Expert judgment 3. Contingent response Strategies: Measurement
5. Diagramming techniques 5. Risk urgency assessment Response plan will be executed only 5. Reserve analysis
6. SWOT analysis 6. Expert judgment under certain predefined condition 6. Meetings (status meetings)
7. Expert judgment
4. Expert judgment

Page 4 of 6
Prepared By Ehab H. Sousa
Please pray for my Died Father Hamed Hossam
‫أرﺟو اﻟدﻋﺎء ﻟواﻟدي اﻟﻣﺗوﻓﻲ ﺣﺎﻣد ﺣﺳﺎم‬
Item Description Plan Risk Management Identify Risks
New Tools & 1. FMEA / Fault Tree Analysis:
Failure mode or effect analysis is
Techniques the analysis of a model structured
to identify the various elements
that can cause system failures by
themselves or in combination
with others.
Give the probability of Failure for
overall system
2.Force Field Analysis:
Typically used in Change
Management context.
Identifying Driving Forces (forces
for change) and restraining forces
(forces against change)which
currently affect achievement of a
project objective
3. Industry Knowledge Base:
Special Case of Check list and is
used similarly
4. Prompt List:
A set of Risk Categories which
can be used to simulate risk
identification.
May be presented as risk
breakdown structure or as set of
headings.
A number of ready standard
prompt lists have been developed.
Framework for other risk
identification Taniques such as
brainstorming or interviewing.
5. System Dynamics:
Particular application of influence
Diagram.
Represent entities and information
flow within a project and analysis
of model can reveal feed back and
feed forward loop which lead to
uncertainty or instability.
Analyses of changes in the model
or assumptions can indicate the
system sensitivity to specific
events (risks).
Perform Qualitative Risk
Analysis
1. Analytic Hierarch Process
(AHP):
Method to calibrate preferences for
achieving the different objectives of
the project.
What’s the relevant weighting of
project objectives in terms of their
priority to stakeholders or
management?
Page 5 of 6
Perform Quantitative Risk
Analysis
1.Force Field Analysis:
Typically used in Change
Management context.
Identifying Driving Forces (forces
for change) and restraining forces
(forces against change)which
currently affect achievement of a
project objective
2. System Dynamics:
Particular application of influence
Diagram.
Represent entities and information
flow within a project and analysis of
model can reveal feed back and feed
forward loop which lead to
uncertainty or instability.
Analyses of changes in the model or
assumptions can indicate the system
sensitivity to specific events (risks).
Plan Risk Responses
1. Brainstorming
2. Check list
3. Contingency planning:
For specific high impact risks, the
risk owner may choose to assemble a
team to develop a response, as if the
risk had genuinely happened.
The supported plan should be
documented at management level or
sponsor level.
4. Contingency reserve estimation:
An amount (time or cost) needs to set
aside for:
a) Cover specific approved
conditional response (contingency
reserve).
b) Address unspecified or passively
accepted risk (management reserve).
Quantitative methods can be used to
determine the amount which can be
set aside.
5. Critical Chain Project
Management:
Addresses schedule risk by addition
of feeding buffer to absorb variation
on durations of non-critical path
activities to reduce their contribution
to project risk
6. Decision Tree Analysis
7. Delphi
8. EMV
9. Force Field Analysis
10. Industry knowledge base
11. Interviews
12. Nominal Group
13. Multi Criterion Selection
Techniques
14. Prompt List
15. Quantitative Risk Analysis
16. Root Cause Analysis
17. Scenario Analysis:
Defining Several possible alternative status meeting (effectiveness of
scenarios (e.g. no change and all goes responses & lesson learned)
to plan, disaster occurs, utopia etc.)
The different scenarios may require
different risk responses that can be
Please pray for my Died Father Hamed Hossam
Monitor & Control Risks
1. Critical Chain Project
Management
Description of old tools and
adding some explanation from
risk standard book:
1. Risk reassessment:
Identification of new risks,
reassessment of current risks &
closing of outdated risk.
Plan do check act:
Plan: plan risk response.
Do: Implement the response.
Check: If no problem, carry on with
approved plan.
Act: Otherwise reassess project risk
by identifying risks
Typical reasons for risk
reassessment are:
- Occurrence of significant or
unidentified risk.
- Re-planning of project.
- Phase end review.
- Need to analyse complex change
request.
- Periodic review.
Frequency:
The amount and detail of repetition
depends on how project progresses
relevant to its objectives.
2. Risk audits:
Examine the following:
1. Effectiveness of risk responses &
risk management process.
2. Compliance with the plan.
3. Barriers for effectiveness and
keys for success to improve current
project and to be used for future
projects
Frequency: as given in risk
management plan and can be
included during routine project
3. Trend & Variance analysis:
Prepared By Ehab H. Sousa
‫أرﺟو اﻟدﻋﺎء ﻟواﻟدي اﻟﻣﺗوﻓﻲ ﺣﺎﻣد ﺣﺳﺎم‬
Item Description Plan Risk Management Identify Risks
6. WBS Review:
Form a framework for a number
of other risk identification
techniques such as brainstorming,
risk interviews, checklist or
prompt list
Perform Qualitative Risk Perform Quantitative Risk Plan Risk Responses
Analysis Analysis
described and evaluated for their cost
and effectiveness.
If scenarios are out of the control of
the organization, the scenario
analysis can lead to effective
contingency planning
Page 6 of 6
Please pray for my Died Father Hamed Hossam
Monitor & Control Risks
Deviation from plan may indicate
the potential impact of threats or
opportunities.
Trend: The evolution of variance
values over time should be analysed
in order to evaluate how risk profile
is changing.
Weather previous actions are
having the expected effect and
weather additional actions are
required.
(TCPI) Provide an indication of the
effectiveness of earlier responses.
Can provide trigger conditions for
responses.
Variance: CV, SV, CPI, SPI can be
used to set thresholds for action and
to indicate when risk process may
be ineffective.
Allow comparison between forecast
and actual risk impacts.
Can provide trigger condition for
responses
4. Technical performance
Measurement
5. Reserve analysis:
Give early warning if need to
communicate with sponsor
6. Meetings (status meetings):
Risks should be on the agenda at all
project reviews covering the
following:
- Top priority risk at present
- Risks or trigger conditions
that have occurred.
- Risks responded to in the last
period.
- Risk closed in last period.
- Lessons to be added to OPA.
Prepared By Ehab H. Sousa
‫أرﺟو اﻟدﻋﺎء ﻟواﻟدي اﻟﻣﺗوﻓﻲ ﺣﺎﻣد ﺣﺳﺎم‬