One exam area that cannot be looked over is risk management, specifically, risk management options. This post aims to provide an in-depth understanding of risk management options and how they are applied within the PMP framework.
Section I: Understanding Risk Management
Risk Management involves identifying, analyzing, and responding to uncertainties that could impact a project’s objectives. It’s a continuous process that needs to occur throughout the entire project lifespan.
The PMI recognizes six processes in risk management, namely:
- Plan Risk Management: Establishing an approach for a robust risk management process.
- Identify Risks: Determining which risks could potentially affect the project.
- Perform Qualitative Risk Analysis: Prioritizing risks based on their potential effect on project outcomes.
- Perform Quantitative Risk Analysis: Numerically analyzing the effect of risks on project objectives.
- Plan Risk Responses: Developing options and actions to enhance opportunities or reduce threats.
- Monitor and Control Risks: Tracking risks, monitoring risk activities, and identifying new risks.
Section II: Four Categories of Risk Management Options
Risk management options fall into four categories:
- Avoid: Change the project plan to eliminate the risk or protect project objectives from its impact.
- Transfer: Shifting the impact of a risk to a third party together with the ownership of the response.
- Mitigate: Reducing the likelihood or impact of a risk.
- Accept: Accepting the possibility of the risk and developing a contingency plan in case it occurs.
Section III: Deciding Which Risk Management Option to Use
Choosing among these risk management options requires a deep understanding of the project situation, risk potential, and likely impact. Here are three fundamental points to consider:
- Project Context: Is our project very innovative, or are we working with tried and tested procedures? More innovation typically means higher risks.
- Risk Appetite: What is our or our organization’s appetite for risk? If we’re risk-averse, mitigation and avoidance strategies might be more attractive. If we can tolerate higher risk for higher potential rewards, we might consider acceptance.
- Risk Potential and Impact: What is the potential impact of each risk? High-impact risks might need more severe strategies such as transference or avoidance.
These risk management options should not be viewed in isolation. It is possible to weave a combination of strategies for different risks within the same project.
Section IV: Risk Monitoring and Review
No project stays exactly on the planned path from the start to finish. Therefore, continuous monitoring and review are important to ensure that the risk management strategies are still applicable and effective. Regularly reviewing risks allows for timely adjustments, hence better risk management.
To Summarize
Risk Management, especially in relation to the PMP framework, is a craft that requires mindful navigation. By identifying your project’s context, the potential risks, and your risk appetite, you can make the right decision on adoption of risk management strategies. Continual monitoring ensures all strategies remain relevant and effective. Understanding this facet of project management will not only prepare you for the PMP exam, but will also enhance your proficiency as a project manager.
Practice Test
True or False: Risk management options only include the processes of identifying and assessing risks.
- True
- False
Answer: False
Explanation: Risk management not only includes the processes of identifying and assessing risks but also involves the process of prioritizing risks, implementing risk response, tracking risks and continuous risk management planning.
In the context of risk management, mitigation refers to:
- A. Ignoring the risk
- B. Transferring the risk
- C. Reducing the probability or impact of a risk
- D. Accepting the risk
Answer: C. Reducing the probability or impact of a risk
Explanation: Mitigation is a risk response strategy that seeks to reduce the likelihood or impact of a risk.
True or False: Risk transference means eliminating the risk.
- True
- False
Answer: False
Explanation: Risk transference does not eliminate the risk, it just moves the risk to another party.
Which of these is NOT a risk response strategy?
- A. Transfer
- B. Ignore
- C. Mitigation
- D. Acceptance
Answer: B. Ignore
Explanation: The four major risk response strategies are: acceptance, avoidance, transference, and mitigation. Ignore is not a recognized risk response strategy in PMP.
Risk avoidance is a strategy that:
- A. Ignores the risk.
- B. Transfers the risk to another party.
- C. Involves changing the project plan to eliminate the risk.
- D. Ensures that the risk is understood and accepted.
Answer: C. Involves changing the project plan to eliminate the risk.
Explanation: Avoidance refers to a deliberate change in the project plans to eliminate the risk.
Multiple select: The four key steps in the risk management process are:
- A. Risk identification
- B. Risk mitigation
- C. Viticulture
- D. Risk prioritization
- E. Risk response
- F. Risk improvement
Answer: A. Risk identification, B. Risk mitigation, D. Risk prioritization, E. Risk response
Explanation: The four key steps in the risk management process are Risk Identification, Risk Mitigation, Risk Prioritization and Risk response. Viticulture and Risk improvement are not part of the risk management process.
True or False: In the risk management plan, all risks are treated the same.
- True
- False
Answer: False
Explanation: In the risk management plan, risks are assessed based on their potential impact and likelihood, they are not treated the same.
The process of minimizing or eliminating the negative impact of identified risks is known as:
- A. Risk Assessment
- B. Risk Response
- C. Risk Identification
- D. Risk Analysis
Answer: B. Risk Response
Explanation: Risk Response is selecting and implementing measures to address risk.
True or False: The risk register is a document where all identified risks, responses, and status are recorded.
- True
- False
Answer: True
Explanation: The risk register is a risk management tool where all identified risks, responses, and the status of those risks are recorded.
A contingency plan is:
- A. A plan for responding to high priority risks.
- B. A plan for ignoring all risks.
- C. A plan for transferring all risks.
- D. A plan for accepting low-priority risks.
Answer: A. A plan for responding to high priority risks.
Explanation: A contingency plan is designed to take action in the response to a risk that has occurred and has impacted the project negatively. These are usually designed for high-priority risks.
The act of passing the responsibility for a risk to another party, typically through contract or insurance, is known as:
- A. Risk Acceptance
- B. Risk Avoidance
- C. Risk Transfer
- D. Risk Mitigation
Answer: C. Risk Transfer
Explanation: Risk transfer is a strategy that involves handing off the risk to a willing third party, that will take on the responsibility for the impact of the risk.
True or False: Risks are always negative.
- True
- False
Answer: False
Explanation: Risks could be both negative (threats) and positive (opportunities).
A risk that could have a positive impact on a project is called:
- A. Opportunity
- B. Threat
- C. Uncertainty
- D. Loss
Answer: A. Opportunity
Explanation: In project management, opportunities refer to the uncertain project events that could have a positive impact on project objectives.
True or False: Active acceptance of risk involves developing a contingency reserve, including amounts of time, money, or resources to handle the risks.
- True
- False
Answer: True
Explanation: Active acceptance involves devising a plan that will come into effect if the risk occurs. This could involve setting up contingency reserves of time, money or resources.
Risk Appetite can be defined as:
- A. Ignoring the risk completely.
- B. The level of uncertainty an entity is willing to embrace.
- C. The act of transferring risk to another party.
- D. The process of minimizing or eliminating the negative impact of risks.
Answer: B. The level of uncertainty an entity is willing to embrace.
Explanation: Risk Appetite is the amount and type of risk that an organization is willing to take to meet their strategic objectives.
Interview Questions
What is risk management in project management?
Risk management in project management is the process of identifying, analyzing and responding to risk factors throughout the life of a project in order to neutralize potential adverse effects on project objectives.
What are the main steps in the risk management process?
The main steps in the risk management process are: Risk identification, Risk analysis, Response planning, and Monitoring and controlling risk.
What is risk identification in project management?
Risk identification is the first step in the process of risk management. It involves recognizing potential risks that could negatively impact the project’s objectives.
What is risk analysis in project management?
Risk analysis, in project management, is the process of identifying potential risks, determining their potential effects on a project, and recognizing the best strategies to mitigate or exploit them.
What is risk response planning in project management?
Risk response planning entails determining what actions can be taken to reduce or eliminate the potential impact of identified risks.
What are the four main risk response strategies?
The four main risk response strategies are: Avoidance, Transference, Mitigation, and Acceptance.
What is risk monitoring and controlling in project management?
Risk monitoring and controlling involves tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project.
What does risk avoidance entail in project management?
Risk avoidance entails changing the project plan to eliminate the risk or to protect the project objectives from its impact. It typically involves extending the schedule or changing the project’s scope.
What is risk transference in project management?
Risk transference is moving the negative impact of a risk and the ownership of the response to a third party. This can include insurance or warranties.
What is risk mitigation in project management?
Risk mitigation reduces the likelihood and/or impact of a risk to within an acceptable threshold.
What is risk acceptance in project management?
Risk acceptance is the willingness to tolerate a risk by making a conscious decision to deal with the risk if it occurs.
What is a risk register in project management?
A risk register is a document which contains details about identified risks including their descriptions, causes, potential responses, and other relevant information.
Why is risk management important in project management?
Risk management is essential in project management as it proactively addresses uncertainties, reduces threats, and leverages opportunities, which results in improved ability to achieve project objectives.
What is a risk breakdown structure in project management?
A risk breakdown structure is a tool used to categorize the risks by source or other useful categories to aid in understanding and management.
What is a risk contingency plan in project management?
A risk contingency plan is a predefined plan that should be implemented if an identified risk event occurs. It’s designed to reduce or eliminate the impact of the risk.