Write a summary on attachment
2.2  Plan Risk Management   Exam Objectives 1. Domain 1: Risk Strategy and Planning 1.1. Task 1 Develop risk assessment processes and tools that quantify stakeholder risk tolerances in order to assess and determine risk thresholds for the project and set criteria for risk levels. 1.2. Task 2 Update risk policies and procedures using information such as lessons learned from projects and outputs of risk audits in order to improve risk management effectiveness. 1.3. Task 3 Develop and recommend project risk strategy based on project objectives in order to establish the outline for the risk management plan. 1.4. Task 4 Produce risk management plan for the project on the basis of inputs such as project information, external factors, stakeholder inputs, and industry policies and procedures in order to define, fund, and staff effective risk management processes for the project that align with other project plans. 1.5. Task 5 Establish evaluation criteria for risk management processes based on project baselines and objectives in order to measure effectiveness of the project risk process. Risks happen for many reasons. Some of the risks are internal to the project, and some are external. The project environment, the planning process, the project management process, insufficient resources, and so on can all responsible for risk. Some of the risks can be known earlier and can be planned during the process; other risk events will occur unexpectedly during the project. The Plan Risk Management process determines how you’ll prepare for and perform risk management activities on your project.Plan Risk Management is the process of defining the way to conduct the risk management activities. The PMBOK Guide contends that the Plan Risk Management process should begin as soon as the project begins, and it should be concluded early in the Planning processes. The primary benefit of the Plan Risk Management process is that it makes sure that the degree, type, and visibility of risk management are proportionate to both risks and the importance of the project to the organization and other stakeholders. This process is performed once or at predefined points in the project. It is essential to revisit this process later in the project life cycle, for example at a major phase change, or if the project scope changes significantly, or if a subsequent review of risk management effectiveness determines that the Project Risk Management process requires modification.The inputs, tools and techniques, and outputs of the process are shown in Figure 2-2. Figure 2-2: Plan Risk Management: Inputs, Tools and Techniques, and Outputs Figure 2-3 shows the data flow diagram for the process. Figure 2-3: Plan Risk Management: Data Flow Diagram Inputs of the Plan Risk Management Process   Here are the inputs of the Plan Risk Management process: Project charter: It provides information on high-level project description and boundaries, high-level requirements, and risks. Project management plan: In order to plan for Project Risk Management, all approved subsidiary management plans need to be considered to make the risk management plan consistent with them. In other project management plan components, the documented methodology might influence the Plan Risk Management process. Project documents: For this process, project documents that can be considered as inputs include stakeholder register. This document includes all details related to the project’s stakeholders and provides an overview of their project roles and their attitude toward risk on the project. It is also used for determining roles and responsibilities for managing risk on the project, as well as for setting risk thresholds for the project. Enterprise environmental factors: These can influence the Plan Risk Management process and include overall risk thresholds set by the organization or key stakeholders. Organizational process assets: These can influence the Plan Risk Management process and include organizational risk policy; risk categories, possibly organized into a risk breakdown structure; common definitions of risk concepts and terms; risk statement formats; templates for the risk management plan, risk register, and risk report; roles and responsibilities; authority levels for decision making; and lessons learned repository from previous similar projects. The risk attitude of the organization and the stakeholders is a key element of the enterprise environmental factors input. Risk attitude consists of two elements: Risk appetite: It is the level of uncertainty the stakeholders are willing to accept in exchange for the potential positive impacts of the risk. Risk threshold: It is the measure or level of uncertainty or impact the organization is willing to operate within. Risk threshold is different from risk appetite because risk appetite concerns the amount of uncertainty you are willing to take on to gain a benefit, whereas risk threshold concerns the amount of risk, and hence the potential consequences or benefits you might gain or lose if the risk event occurs. Knowledge Check   Tools and Techniques of the Plan Risk Management Process   Here are the tools and techniques of the Plan Risk Management process: Expert judgment: It is defined as judgment provided based upon a set of criteria that has been acquired in a specific knowledge area or product area, discipline, industry, etc., as appropriate for the activity being performed. Such expertise may be a person or a group of people with specialized education, knowledge, skill, experience, or training. For the Plan Risk Management process, expertise should have specialized knowledge of or training in the topics such as familiarity with the organization’s approach to managing risk; tailoring risk management to the specific needs of a project; and types of risks that are likely to be encountered on projects in the same area. Data analysis: It is a technique that can be used for this process and includes stakeholder analysis. This analysis helps in determining the risk appetite of project stakeholders. This analysis results in a list of stakeholders and crucial information about them such as their role in the organization, expectations, their level of involvement in the project, and their level of interest in the project. Meetings: The project kick-off meeting or a specific planning meeting may be held for developing the risk management plan. Participants involved in the meetings may include the project manager, selected project team members, key stakeholders, team members who are responsible to manage the risk management process on the project or others who might have involvement in the risk management process. The participants outside the organization may also be requested, when needed, which include customers, sellers, and regulators. A skilled facilitator can help participants: To remain focused on the task To agree on key aspects of the risk approach To identify and overcome sources of bias To resolve any disagreements that may arise Plans for conducting risk management activities are explained in these meetings and listed in the risk management plan.The key outcomes of performing these planning meetings are as follows: Risk cost elements are developed for inclusion in the project budget. Schedule activities associated with risk are developed for inclusion in the project schedule. Risk responsibilities are assigned. The risk contingency reserve process is established or reviewed. Templates for risk categories are defined or modified for this project. Definitions of terms (probability, impact, risk types, risk levels, and so on) are developed and documented. The probability and impact matrix is defined or modified for the project. Knowledge Check   Output of the Plan Risk Management Process   The output of the Plan Risk Management process is the risk management plan that describes how risk management activities will be structured and performed. This plan details how risk management processes (including Identify Risks, Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk Responses, Implement Risk Responses, and Monitor Risks) will be implemented, monitored, and controlled throughout the life of the project. It details how to manage risks but does not attempt to define responses to individual risks. According to the PMBOK Guide, the risk management plan includes the following elements, as shown in Figure 2-4. Figure 2-4: Elements of the Risk Management Plan Methodology: It defines the approaches, tools, and data sources that will be used to perform risk management on the project. Roles and responsibilities: These describe the people who are responsible for managing the identified risks and their responses for each type of activity identified in the risk management plan. These risk teams might not be the same as the project team. Risk strategy: It describes the general approach for managing risk on the project. Funding: It estimates funds needed to perform Project Risk Management activities and establishes protocols for application of contingency and management reserves. Timing: It documents the timing of the risk management processes and includes the activities associated with risk management in the project schedule. Risk categories: They provide a means for grouping individual project risks. Risk categories are a way to systematically identify risks and provide a foundation for understanding. When determining and identifying risks, the use of risk categories helps improve the process by giving everyone involved a common language or basis for describing risk.Risk categories should be identified during this process and documented in the risk management plan. These categories will assist you in making sure the next process, Identify Risks, is performed effectively and produces a quality output. The following list includes some examples of the categories you might consider during this process: Technical, quality, and performance risks: Technical, quality, and performance risks include risks associated with unproven technology, complex technology, or changes to technology anticipated during the course of the project. Performance risks might include unrealistic performance goals. Project management risks: The project management risk category includes improper schedule and resource planning, poor project planning, and improper or poor project management disciplines or methodologies. Organizational risks: The organizational risk category can include resource conflicts because of multiple projects occurring at the same time in the organization; scope, time, and cost objectives that are unrealistic given the organization’s resources or structure; and lack of funding for the project or diverting funds from this project to other projects. External risks: The external risk category includes those aspects that are external to the project, such as new laws or regulations, labor issues, weather, changes in ownership, and foreign policy for projects performed in other countries. Catastrophic risks—known as force majeure—are usually outside the scope of Plan Risk Management and instead require disaster recovery techniques. Force majeure includes events such as earthquakes, meteorites, volcanoes, floods, civil unrest, terrorism, and so on. A common way for structuring risk categories is with an RBS (risk breakdown structure). It is a hierarchical representation of potential sources of risk (see example in Table 2-2). An RBS helps the project team to examine the full range of sources from which individual project risks may arise that can be helpful while identifying or categorizing the identified risks. An organization can have a generic RBS to be used globally on all the projects, or several RBS frameworks can also be used for different categories of projects, or a single tailored RBS can also develop by the project. When an RBS is not used, an organization may use a custom risk categorization framework, which may take the form of a simple list of categories or a structure based on project objectives. Table 2-2: Extract from Sample Risk Breakdown Structure (RBS) RBS Level 0 RBS Level 1 RBS Level 2 0. All Sources of Project Risk 1. Technical Risk 1.1 Unproven Technology1.2 Quality of Technology1.3 Performance Risks1.4 Complex Technology1.5 Technical interfacesEtc. 2. Management Risk 2.1 Schedule Planning2.2 Project Disciplines2.3 Resource Planning2.4 Cost Estimates2.5 BudgetsEtc. 3. Organizational Risk 3.1 Project Schedules3.2 Unrealistic Objectives3.3 Lack of FundingEtc. 4. External Risk 4.1 Weather4.2 Labor Issues4.3 Catastrophic RiskEtc. Stakeholder risk appetite: The stakeholder risk appetites are recorded in the risk management plan, as they inform the details of the Plan Risk Management process. Specifically, the stakeholder risk appetite should be considered as measurable risk thresholds around each project objective. These thresholds will determine the acceptable level of overall project risk exposure and are also used to notify the definitions of probability and impacts to be used when evaluating and prioritizing individual project risks. Definitions of risk probability and impacts: These are specific to the project context and reflect the risk appetite and thresholds of the organization and key stakeholders. Probability describes the potential for the risk event occurring, whereas impact describes the effects or consequences the project will experience if the risk event occurs. The project may generate precise definitions of probability and impact levels or it may start with general definitions provided by the organization. Probability and impact matrix: In advance of the project, the organization may specify prioritization rules and include these in organizational process assets, or may tailor these to the specific project. A probability and impact matrix prioritizes the combination of probability and impact scores and helps you determine which risks need detailed risk response plans. In a common probability and impact matrix, opportunities and threats are represented using positive definitions of impact for opportunities and negative impact definitions for threats. Descriptive terms (such as very high, high, medium, low, and very low) or numeric values can be used for probability and impact. Where numeric values are used, these can be multiplied to give a probability-impact score for each risk, which allows the relative priority of individual risks to be evaluated within each priority level. Typically, high risks are considered a red condition, medium risks are considered a yellow condition, and low risks are considered a green condition. This type of ranking is known as an ordinal scale because the values are ordered by rank from high to low. Reporting formats: These formats describe the content of the risk register and the format of this document and the risk report, as well as any other required outputs from the Project Risk Management processes. These formats also define how the outcomes of the Project Risk Management process will be documented, analyzed, and communicated. Tracking: It includes a description of how to document the history of the risk activities for the current project and how the risk management processes will be audited. Critical Success Factors   Here are many factors that should be considered when creating the risk management plan, and that will influence whether the plan is successful: Acceptance by stakeholders Alignment with project constraints Balance between costs versus efforts Risk management efforts aligned with project needs