CISSP For Dummies
Book image
Explore Book Buy On Amazon

To effectively manage risks on your project for the PMP Certification Exam, you should reassess existing risks on a regular basis as well as identify new risks. You should also analyze project performance, forecasts, trends, and reserve utilization. A risk audit will help ensure that the risk management process is working effectively.

Risk reassessment

Much of the work in Monitor and Control Risks takes place in reassessing the risks that you already identified and documented in the risk register. You should take some time at every team meeting to identify new risks and discuss active risks.

At the points in time documented in the risk management plan, you should do a really thorough review of the entire register. This is often done at the close of one phase and the start of another. Common actions in risk reassessment include

  • Identifying new risks, analyzing the probability and impact, and developing a risk response plan

  • Identifying any risk triggers that have occurred to tell you whether you need to implement a response plan or a contingency plan

  • Determining whether any risk events have become active, indicating that you need to implement the response strategy

  • Determining whether any events occurred that you didn’t plan for — and need a workaround for

  • Assessing whether the probability or impact for any risks has changed

  • Assessing whether the risk response strategy is still appropriate, or whether you need to take a different approach

  • Determining whether residual risks have grown and whether you need to develop more robust responses

  • Identifying any secondary risks that have emerged and putting them through the risk planning cycle

  • Determining whether events have evolved to the point where you should take preventive or corrective actions for any new or existing risks

  • Reviewing your watch list to see whether any risk events should be escalated up to the active risk list

  • Reassessing the risk tolerance levels of the sponsor, performing organization, and other stakeholders to determine if they have shifted

  • Identifying any risk events that have passed so that you can close them

Keeping the risk register up to date can take some time, but you can see that if you ask these questions, perform the assessments, and continue to identify new events, your project will perform much better than if you just did risk management at the beginning of the project or once every few months.


Comparing the planned work against the actual work and also the planned costs against the actual costs generates good performance information. To really understand what’s happening on your project, though, you need to compare information across documents. This type of risk analysis helps you stay on top of your project.

Variance and trend analysis

After you begin generating performance reports, reviewing the reports and monitoring and controlling risks will go hand in hand. Whenever you see a variance outside the threshold, you should investigate the cause of the variance and determine whether it poses a risk to the project. If it does, you will move immediately to identifying that as a risk and developing a response to it.

A trend analysis is a method you can use to determine whether project performance is at risk. If your CPI is trending from .95 to .93 to .91, you know to take action soon, or you will be outside the threshold established in the project management plan.

Technical performance measurement

Technical performance measurement is another way to determine whether your progress is on track. You might have a plan in place promising certain functionality by a point in time, but you haven’t achieved that functionality. This should be considered a risk.

Reviewing the risk log is a good idea, but go over the Assumption Log as well. You should be looking for new assumptions, if the existing assumptions are valid, whether they changed, or finding any can be closed out.

Reserve analysis

When developing risk responses, you set aside time and money for contingency reserve to reduce the risk of time and cost overruns. As the project progresses, you will allocate some of the schedule reserve as needed, and you will need to use some of the budget reserve for unexpected circumstances. At the same time, as you progress through the project, the amount of risk is reduced.

Reserve analysis looks at the amount of risk on the project and the amount of schedule and budget reserve to determine whether the reserve is sufficient for the remaining risk. You can expect to spend a certain percentage in each phase of the life cycle, or you might allocate it by milestone.

If appropriate, you might be able to release some project reserve from the project, or you might need to ask for more, depending on how the project is going.

Risk audit

A risk audit looks at the risk management process overall as well as the responses to individual risks. The purpose of a risk audit is to evaluate the effectiveness of the risk management process. Some of the items that a risk audit addresses are

  • Was the risk management planning sufficient?

  • Did the team do a good job in identifying risks?

  • Were the probability and impact (PxI) tables appropriate for the project?

  • Were the correct quantitative analysis techniques used?

  • How effective were the risk responses?

  • Are the risks being monitored and managed appropriately?

A risk audit also considers the effectiveness of risk responses by answering questions, such as

  • Was the selected strategy effective?

  • Did the risk event occur as expected?

  • Did the response affect the risk event as expected?

  • Were other options available that would have been more effective?

  • What actions can be taken to increase the effectiveness of the response?

The risk audit can be used for lessons learned.


About This Article

This article can be found in the category: