Risk Management Process for PMP®

Project Management Institute (PMI)® defines risk as “An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.”  To better ensure your project meets all objectives, use Risk Management Process PMP with the steps of Identify, Analyze, Prioritize, Assign, Plan, Monitor, Treat, and Report. For each Risk Management Process, there are Risk Management Tools and Techniques. Within your Risk Management work, determine your company or client’s Risk Threshold as it impacts the level of effort to apply to each Risk Management process.

PMI’s Project Management Professional (PMP)® exam tests your Risk Management knowledge.  Project Risk Management PMP questions address the Risk Management Plan, Risk Management Techniques, Risk Management Processes, and Risk Management Tools.

7 Secrets to Passing the PMP® Exam

Learn the secrets to passing the PMP® exam on your first try.

What is Risk Management?

Risk is the uncertainty that is inherent in any project. Risk can be measured in terms of the possibility that the uncertainty will occur, and the impact if it does. Risk management is a discipline of identifying, planning, monitoring, and managing the uncertainty that could impact project outcomes. As risk can be positive or negative, Risk Management is how to plan and act upon the need to increase a positive risk or decrease a negative risk to ensure a project meets its goals.

Risk Management is the shift from a constant stance of reactive mode, with the vulnerability and cost of that status, to a continuous proactive mode in which risk can be predicted and acted upon for the project’s benefit. Risk Management process PMP questions will assess your knowledge of the tools, techniques, and benefits of Risk Management. Read Project Management Academy’s Risk Management article to learn more about this critical skill set.

Risk in Project Management

There is a level of risk in all projects, so Risk Management is always beneficial. The scope and complexity of a project directly correlate to the depth and width of risk to it. Project managers need to understand Risk Management processes and tools to effectively tailor the Risk Management approach to the needs of a specific project.

Project managers who correctly and consistently use proven Risk Management processes have greater chances of project success than those that just hope for the best.

Risk Management Questions

You may see several Risk Management questions on the PMP® exam. It’s important to understand the basics of Risk Management to correctly answer these questions. To better prepare, Project Management Academy has 10 questions for you to test your knowledge.

You can also take our free PMP® Exam Practice Questions, which includes questions on Risk Management.

Take Our Risk Management Practice Questions!

Risk Management Process

As each project is unique, there must be inherent adaptability within the Risk Management process to be tailored to the needs of a specific project. As risk can occur throughout the project lifecycle, the Risk Management processes must include continuous improvement cycles by which plans, analysis, and mitigation can be updated to remain both current and effective.

Risk Management Process Flow Chart for PMP
Risk Management Process Flow Chart
PMP Creating a Risk Management Plan

Risk Management Plan

The Risk Management Plan is the project document capturing team responsibilities for managing both positive and negative risks. For taking the PMP exam you should know the Project Management Institute’s (PMI)® risk management plan definition: A component of the project, program, or portfolio management plan that describes how Risk Management activities will be structured and performed.

The Risk Management Plan is a plan only describing how things will be done. You don’t actually complete the work as part of defining the plan. The Risk Management Plan includes a risk budget, risk resources, risk tolerance level, and how to implement Risk Responses. The more complex, higher budget, and longer duration projects likely have more comprehensive Risk Management plans.

Risk Identification

Risk Identification

The Project Manager and team conduct a careful review of project objectives (scope, budget, timeline, goals, and resources) to identify risks for documenting on the risk register. Each identified risk is organized by different factors (internal or external triggers for example) or by categories (environmental, regulatory, technology, or staffing for example) on the risk register. Risk identification plays a critical role in Risk Management as it is the basis for the risk matrix and risk assessment tools among others when managing large or complex projects.

Qualitative Risk Analysis

Qualitative Risk Analysis

Project Managers conduct Qualitative Risk Analysis by determining the probability and the potential impact of each risk using a relative scale. The analysis is for individual risks, not the overall project risk. The accuracy of the qualitative risk measurement is heavily influenced by the objectivity and knowledge of the subject matter experts providing the assessment. For greater accuracy, the Project Manager should use both qualitative and quantitative analysis.

Quantitative Risk Analysis

Quantitative Risk Analysis

Quantitative risk analysis uses “hard” data, such as costs, logistics, and the number of employees, to assign numerical values to each identified risk. Project managers use quantitative risk analysis for projects needing a greater level of insight into the likelihood of completing a project within a timeframe or budget, for complex projects with multiple go/no-go decision points, and to generate a numerical value to assign to each risk for use in determining the project’s overall level of risk.

Team Prepping for Risk Response Planning

Risk Response Planning

Risk management work is almost pointless if there is not a Risk Response Plan for the identified risks. As each Risk Management plan should be tailored to fit the project scope and objectives, there must also be appropriately aligned risk response planning. The risk response strategies differ for negative and positive risk; positive risk can benefit the project while negative risk can hurt it.

Therefore, the risk response planning should focus on the project risks of the highest level of probability and the deepest level of impact, reflect the budget included in the Risk Management plan, and detail when to implement it. Risk response planning should include and be available to the project team.

Project Manager Performing Risk Monitoring and Control

Risk Monitoring and Control

With risks identified and analyzed, and a Risk Response for each, the Project Manager must continuously monitor risk to ensure appropriate action is taken in a timely manner for maximum impact. Risk monitoring and control is the continuous process of tracking identified risks and monitoring the results of executed Risk Responses. Risk monitoring and control fit into Risk Management as part of the Project Manager and team’s ongoing work to understand risk at any time within the project’s lifecycle.

The Importance of Tracking Risk in Projects

Project managers and teams must track risk to effectively implement the corresponding response in a timely manner. To identify a risk but not know that it has happened negates the proactive benefit of Risk Management processes. Also, to implement the response too late means that it could do little if anything to protect the project. The effectiveness of the response is included in tracking so that the Project Manager and team can make needed adjustments and ensure any lessons learned are available to future teams. Enhance your knowledge of Risk Management with Project Management Academy’s The Biggest Risk is Ignoring Project Risk Management” article.

Project Documents

For Risk Management, the Project Manager uses Project Documents as inputs to the process. In addition to the Project Management Plan (including but not limited to organizational process assets, cost estimates, duration estimates, requirements documentation, and stakeholder management plan), other applicable Project Documents include relevant Lessons Learned documentation and the project’s Risk Register, Risk Report, and any Risk Matrix.  Throughout Risk Management processes, risk documentation will be generated and included in the overall project documentation.

Risk Management

PMP credential holders know that effective risk management can make the difference for project success or failure. For the PMP certification exam, students should know what a Risk Management Plan is, when the Risk Management plan is created, what are types of Risks and Risk categories, how often the Risk Management plan is updated, how the Risk Response plan is created, how to conduct Risk Monitoring and Control, and how Risk Management benefits the project.

Find a PMI-RMP Certification Training Course!

Tools and Techniques for Risk Management

For the PMP exam, students should know the standard Risk Tools and Techniques. Risk Management plans should be tailored to the project, including the selection of Risk Tools and Techniques to ensure the use of qualitative and quantitative data for increased objectivity and accuracy. The more complex and larger a project, the more tools that are needed to manage the risk.  At the same time, a smaller project could need a few risk tools and techniques for effective risk management.

Tools and Techniques for Risk Management
Team Brainstorming Ideas

Brainstorming, Surveys, and Focus Groups

The power of brainstorming, surveys, and focus groups as a data collection tool for risk identification and risk response planning is tapping into those insights that are not captured by mere numbers.  Asking targeted questions of informed experts, including project team members, stakeholders, customers, and subject matter experts, in a format that sparks reflection and discussion can generate insight into the reasons why a risk did or did not occur in addition to powerful new approaches to future risk response tactics.

Creating the Risk Report

Risk Report

PMI defines a Risk Report as: “A summary of risk reflecting risks that have occurred, actions taken for risks, and the potential impacts to budget, timeline, and deliverables.” As a Risk Management communication tool, the Risk Report should be clear, concise, and indicate actions taken, preparation for other risk-related actions, and any inputs needed by stakeholders. Project managers use the Risk Report to convey Risk status to the team and to inform Stakeholders of needed Risk Management decisions or results of Risk Response action.

Examining the Risk Register

Risk Register

The Risk Register documents each risk and any related activities, including descriptions, probability of occurrence ratings, impact rankings, mitigation activities, and status. The Risk Register is part of Risk Management documents and is used in Risk Assessment, Risk Response Planning, and Risk Monitoring and Control processes. Unlike the Risk Report which captures risk at a single moment in time, the Risk Register is updated throughout the project life cycle to ensure informed Risk Management decisions.

Risk Breakdown Structure

Risk Breakdown Structure

Project Managers create a Risk Breakdown Structure (RBS) diagram to convey the hierarchical relationship among identified project risks as organized by risk category.  The level of detail, including how many hierarchal levels are documented, is determined in part by the complexity of the project and the Risk Management. The RBS is included in Risk Management documentation.

Creating a Probability and Impact Risk Matrix

Probability and Impact Risk Matrix

Risk probability refers to the chances that a specific risk will happen within the project’s lifecycle. Risk impact is the level of disturbance to the project if a risk happens. Probability and impact are used collectively because you can have a risk that is going to happen (high probability) but with little measurable change for the project (low impact), or vice versa, a risk unlikely to occur (low probability) but if it does the project will suffer greatly (high impact). Probability and impact definitions and the corresponding values for each should be determined early in the project and should be consistent throughout the project.

  • Introduction to Probability and Impact Risk Matrix (TBD)
Project Manager Performing a Risk Data Quality Assessment

Risk Data Quality Assessment

Project teams use risk assessment, a qualitative measure using risk data and the parameters of probability and impact, to identify, categorize, prioritize, and manage risks before they happen. When done with verified tools and with quality inputs, risk assessment may take time but can prevent problems from negative risks and enable opportunities from positive risks. For all risk assessments, the quality of data used to determine the impact directly correlates to the accuracy of the risk assessment and the decisions based upon it.

  • Introduction to Risk Assessment (TBD)
SWOT Analysis

Strength, Weakness, Opportunity and Threat SWOT Analysis

The Strength, Weakness, Opportunity, and Threat (SWOT) analysis tool fosters critical thinking and a deeper understanding of a Risk. As the name implies, the Risk is analyzed from the four categories to get to the root of it from multiple angles and provide more accurate information for later Risk Response and other Risk processes. In most cases, negative risks emerge around weakness and threats, and positive risks are identified through strengths and opportunities.

Project Manager Performing Root Cause Analysis

Root Cause Analysis

The PMP exam may include questions about how to perform root cause analysis and what the tool can provide. Within Risk Management, Root Cause analysis is a systematic process to gain insight into the source of a risk. Rather than trying to combat the result of the risk (in a reactive and often less effective way), knowing the root of the risk enables the Project Manager and team to adjust the source (in a proactive and typically more effective way).

  • Introduction to Risk Assessment (TBD)