If you enjoyed reading this post, check out all of our post on PMP Concepts Learning Series.
I'm Belinda Goodrich, and today's learning point is on the risk knowledge area. Okay, this is going to sound really weird, I know, but the risk knowledge area is my favorite knowledge area in the PMBOK Guide. That's when you know you're a total project
management geek - when you pick a favorite knowledge area, but it is my favorite for a couple of reasons. Number one, regardless of the project you're on, no matter how small, how big, how experienced you are, there is risk on every project. Being able to manage uncertainty is huge. Number two, as a project manager, that is one of the best ways you demonstrate you can add value is you're able to manage that risk, identify it, have plans in place and be a confident leader. So that's why
it's my favorite knowledge area.
Now there are seven processes within the risk knowledge area starting with five that are in planning, right, because that's what we do. We plan for it. So, first step, we plan risk management, creating the risk management subsidiary plan. I mentioned when
I talked about communication, I always have a communication plan. Well, I also always have a risk plan. It doesn't matter, again, how simple, easy, straightforward or brief my project is, there is going to be a risk management plan. My approach to managing risk, my definitions around probability and impact, looking at stakeholder risk tolerances, those would all be documented in there. Once we have our plan in place, we identify our risks. Three things to remember about that risk identification process. Number one, it has to happen early in your project. Number two,
you have to have more than just you and your team involved, anybody and everybody who may have insight into risk. And number three, it's ongoing. You are never not identifying risk. You are identifying risk from the minute you get your project until that sector is delivered. So, we have risk identification that creates our risk register.
Qualitative and Quantitative
Once we have those risks documented, it's the next thing we have to do is prioritize them. So that is where the perform qualitative risk analysis comes into play. That's where we do a
subjective evaluation of probability and impact, right? One to five scale, one to three scale, one to 10 scale, whatever it may be, maybe it's zero to one for probability. That way, we can put a risk score to every risk and prioritize those we're going to take action on. Now a subset of risks may be evaluated through quantitative risk analysis. Big difference between qualitative and quantitative. Qualitative is subjective. It might be a three, an impact of three. In quantitative, we're going to actually put an evaluation of time and/or money on that risk. So instead of it being a three, it's a
$3,000 risk or a 30-day delay risk. Not all risks will go through
quantitative. You've got to have good tools, good robust data, garbage in, garbage out kind of thing, but again, helps us evaluate those highest priority risks.
Once we've gone through the quantitative, that's when we can plan our risk responses. For threats, we might escalate, avoid, transfer, mitigate or acceptance, which could be passive or active, and for our opportunities, we can escalate, enhance,
share, exploit or accept. No such thing as active risk acceptance for opportunities, no such thing as a contingency plan for an opportunity. Then during executing, that's where we implement those risk responses and then obviously, we monitor our risks ongoing throughout our project making sure that we're able to manage that risk appropriately.
One of the most effective ways for monitoring risk on your project, have it as a standing agenda item. So, seven risk processes, five of those in planning, then we move in to executing where we implemented those risk responses and then of course, ongoing throughout the project is monitoring risks. Again, my favorite knowledge area, it's one that as a project manager, you should be very skilled at.