whatsapp
Home Blog PMI-RMP

What is Project Risk Management: Types and Steps?

15 August 2024

Project Risk Management as per the PMI: “Project Risk Management includes the processes concerned with conducting risk management planning, identification, analysis, responses, and monitoring and control on a project.”

What is Project Risk Management?

Project risk management includes the processes concerned with conducting risk management planning, identification, analysis, responses, and monitoring on a project.  The objectives of Risk Management are to increase the probability and impact of positive events, and decrease the probability and impact of negative events in the project.  If you would like to watch a video that describes the project risk management process in a nutshell, feel free to watch this video.

Project risk management addresses the uncertainty in project estimates and assumptions, quantitative risk analysis explores the uncertainty in the estimated durations and may provide alternative dates and critical paths that are more realistic given the risks to the project. The objectives are to increase the probability and impact of positive events and decrease the probability and impact of negative events in the project.

Project risk management aims to identify and prioritize risks in advance of their occurrence and provide action-oriented information to project managers.  Project risk can be defined as an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objective, project objectives include scope, schedule, cost and quality.

Below are some of the project risk examples:

Example 1: Scarce resources might not be available when needed, the activity they are responsible for will not finish on time, this will make the project completion date not achievable.

Example 2: The construction design material might not be available in the local market, which will make the procurement team contact international vendors, and this will increase the material budget.

Project risk management isn't an optional activity, it’s essential to successful project management, and it should be applied to all projects and be included in project plans, so it becomes an integral part of every aspect of managing the project.

The degree, level of detail, sophistication of tools, and amount of time and resources applied to project risk management should be in proportion to the characteristics of the project under management and the value that they can add to the outcome.

At the early stages of a project, the level of risk exposure is at its maximum because of less information and high uncertainty. The earlier in the project life cycle that the risks are recognized, the more realistic the project plans and expectations of results will be.

During project execution, project risk management processes monitor the changes the project undergoes for new risks that might emerge so that appropriate responses to them can be developed.   Throughout the project and during project closure, risk related lessons are reviewed in order to contribute to organizational learning and support continuous improvement of project risk management practice.

Risks will continue to emerge during the lifetime of the project, so project risk management processes should be conducted iteratively. Risk is initially addressed during project planning by shaping the project strategy. Project risk should also be monitored and managed as the project progresses to ensure that the project stays on track and emergent risks are addressed.

In order to manage project risk effectively on a particular project, the project team needs to know what level of risk exposure is acceptable in pursuit of the project objectives. This is defined by measurable risk thresholds that reflect the risk appetite of the organization and project stakeholders.

Risk thresholds express the degree of acceptable variation around a project objective. They are explicitly stated and communicated to the project team and reflected in the definitions of risk impact levels for the project.

Good project risk management directly affects the project manager's ability to realize the anticipated objectives and benefits from the project. The concept of a risk is closely linked to value, you can think about negative risks on the project as anti-value – factors that have the ability to remove or reduce value on the project if they occur.

Risk management is everyone’s responsibility as previously stated. However, it is important that management of project risk is not left to a few risk specialists. Project Risk Management should be included as an integral part of all other project processes.

Since project risks can affect project objectives, anyone with an interest in achieving those objectives should play a role in project risk management. The specific roles depend on the project team members’ and other stakeholders’ place within the project and their relation to project objectives.  Roles and responsibilities for risk management should be clearly defined and communicated, and individuals should be held responsible and accountable for results.

This includes allocating responsibility for specific activities within the risk process, as well as for resulting actions required to implement agreed-upon responses. Responsibility should also be allocated for ensuring that risk-related lessons are captured for future use.

Project Risk Management and Project Management

For a successful project management implementation, it is important that project risk management is not viewed as an optional process. Since many elements of project management address inherent uncertainty, the interface between structured PRM and the other processes of project management needs to be clear.

The outputs of project risk management should be taken into account within many of the project management processes. In addition, effective project risk management requires input from other project management processes. Outputs such as the work breakdown structure (WBS), duration and cost estimates, the project schedule, assumptions list, etc. are all important prerequisites for effective project risk management

Risk Management Planning

The project management team, project manager, sponsor, customer, experts, and other stakeholders in the project may be involved in planning for risk management. Determining the risk management strategy and risk management methodology of the project required buy in from all involved stakeholders.

Risks Management Methodology

Developing the risk management plan is the process to develop the overall risk management strategy for the project, to decide how the risk management processes will be executed, and to integrate project risk management with all other project management activities.

Developing the risk management plan is the process to develop the overall risk management strategy for the project, to decide how the risk management processes will be executed, and to integrate project risk management with all other project management activities.

The plan risk management process should begin when a project is conceived and should be completed early in the project. It may be necessary to revisit this process later in the project life cycle, for example at a major phase change, or if the project scope changes significantly, or if a subsequent review of risk management effectiveness determines that the project risk management process requires modification.

The risk management plan is a component of the project management plan that describes how risk management activities will be structured and performed. The risk management plan may include some or all of the following elements: Risk strategy, risk methodology, roles and responsibilities, funding, timing, risk categories, stakeholders risk appetite, definitions of risk probability and impact, probability and impact matrix, reporting formats, and tracking.

Watch this video to know more about a well-designed risk management methodology.

Risks Categories in Project Risk Management

Risk categories provide a means for grouping individual project risks. A common way to structure risk categories is with a risk breakdown structure (RBS), which is a hierarchical representation of potential sources of risk. Where an RBS is not used, an organization may use a custom risk categorization framework, which may take the form of a simple list of categories or a structure based on project objectives. Project risk examples include:

  1. Technical Risk. Technical risks examples include but not limited to: Scope definition, requirements definition, technology, technical interfaces, estimates, assumptions, and constraints.
  2. Management Risk. Management risks examples include but not limited to: Project management, operations management, organization, resources, and communication.
  3. Commercial Risk. Commercial risks examples include but not limited to: Internal procurement, subcontractors, suppliers and vendors, contractual terms and conditions.
  4. External Risk. External risks examples include but not limited to: Exchange rates, weather, environment, competition, and regulatory.

Risk Management Plan

Developing the project risk management plan is the process to develop the overall risk management methodology and strategy for the project, to decide how the risk management processes will be executed, and to integrate project risk management with all other project management activities.

Risk management planning should begin when a project is conceived and should be completed early in the project. It may be necessary to revisit this process later in the project life cycle, for example at a major phase change, or if the project scope changes significantly, or if a subsequent review of risk management effectiveness determines that the project risk management process requires modification.

Effective risk management requires creation of a risk management plan. This plan describes how the risk management processes should be carried out and how they fit in with the other project management processes. 

Risk Identification

Risk identification is the process of identifying individual project risks as well as sources of overall project risk, and documenting their characteristics.  The aim is to expose and document all knowable risks, recognizing that some risks will be inherently unknowable and others will emerge later in the project. The emergent nature of risk requires the risk identification process to be iterative, in order to find risks which were not evident earlier in the project.

When describing and recording individual project risks, a consistent format should be used for risk statements to ensure that each risk is understood clearly and unambiguously in order to support effective analysis and risk response development.

After completion of the identify risks process, you will have the risk register and risk report as the key outputs, these artifacts will be used heavily in other project management processes.

Risk Identification Example

To avoid any confusion, you need to use the cause – risk – effect format. As a result of (Definitive cause), (Uncertain event) may occur, which would lead to (effect).

Example: The system backup recovery mechanism may not work (Cause), which could lead to loss of programming codes and test data developed to date (Uncertain event), this will create a system failure (effect).

Risk Analysis

Risk analysis activities involves analyzing and assessing how project outcomes and objectives might change due to the impact of the identified risk events.  Following the risk identification process, it is necessary to evaluate the importance of each identified risk in the project, in order to prioritize individual risks for further attention, evaluate the level of overall project risk exposure, and determine appropriate responses.

Risk evaluation can be performed using qualitative analysis to address individual risks, using quantitative analysis to consider the overall effect of risk on the project outcome, or using both in combination. Qualitative (Subjective) risk analysis is the process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics.

Quantitative risk analysis (Objective) is the process of numerically analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives. These two approaches require different types of information and techniques, but where both qualitative and quantitative analysis are used, an integrated approach should be adopted.

Risk analysis should be conducted properly to ensure successful risk management planning in the project. After completing risk analysis activities in the project, you should expect an updated risk register and an updated risk report.

The outcomes of performing qualitative risk analysis, performing quantitative risk analysis, plan risk responses, implement risk responses, and monitor risks should be documented in the risk report and risk register as those processes are completed.

Risk Response Planning

Risk response planning is the process of developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as to treat individual project risks. The key benefit of the risk response planning process is that it identifies appropriate ways to address overall project risk and individual project risks.  Risk response planning also allocates resources and inserts activities into project documents and the project management plan as needed.

Effective and appropriate risk response plans can minimize individual threats, maximize individual opportunities, and reduce overall project risk exposure. Unsuitable risk responses can have the converse effect.

Once risks have been identified, analyzed, and prioritized, risk response plans should be developed by the nominated risk owner for addressing every individual project risk the project team considers to be sufficiently important, either because of the threat it poses to the project objectives or the opportunity it offers.

The affected stakeholders should be involved in determining the risk response strategies. Once the strategies have been selected, they need to be agreed upon by the entity that approves those strategies.

Five alternative risk response strategies may be considered for dealing with threats, as avoid, mitigate, transfer, accept, and escalate. Five alternative risk response strategies may be considered for dealing with opportunities, as exploit, enhance, share, accept, and escalate.

After developing the risk response plans, Implement Risk Responses come into place, which is the process of implementing agreed-upon risk response plans. The key benefit of this process is that it ensures that agreed-upon risk responses are executed as planned in order to address overall project risk exposure, minimize individual project threats, and maximize individual project opportunities.

Monitoring Risks

In order to ensure that the project team and key stakeholders are aware of the current level of risk exposure, project work should be continuously monitored for new, changing, and outdated individual project risks and for changes in the level of overall project risk by applying the monitor risks process.  The effectiveness of all of the project risk management processes should be reviewed during monitor risks process to provide improvements to the management of the current project.

Risk reassessment should be conducted as part of the monitor risks process. Typical reasons for risk reassessment are: occurrence of a major or unexpected risk, need to analyze a complex change request, phase end review, project re-planning or major plan elaboration, periodic review to ensure that the information remains current.

In addition to the regular status reviews, periodic audits should be performed to determine strengths and weaknesses in handling risks within the project. This should entail identifying any barriers to effectiveness or keys to success in risk management, recognition of which could lead to improvements in risk management of the current or future projects.

At the end of the project, an integrated analysis of the risk management process should be carried out with a focus on long-term process improvements.  This analysis consolidates the findings of the periodic audits to identify lessons that would be applicable in general to a large proportion of the organization’s projects in the future, such as appropriate levels of resources, adequate time for the analysis, use of tools, level of detail, etc.

At project closure, the project manager should ensure that a description has been given of the closure of every risk in the risk register, for example: (a) did not occur; (b) occurred and contingency plan invoked; or (c) occurred and impact to the project scope (i.e., time, cost, and quality).

Being a project manager isn't an easy job, it can be hectic for many. However, a project manager doesn't necessarily require certification, but getting a PMI RMP can definitely get you a better paycheck. With this certification, you will be able to think on projects from different aspects, strengthening your overall analysis.

Taking the PMI RMP exam isn't going to be a piece of cake, there are certainly many things you must know before taking the exam. And here, we will be discussing everything you need to know about the PMI-RMP certification exam. Therefore, without further ado, let's get straight into the prime discussion.

PMI or better known as Project Management Institute of the United States is an accreditation body for the PMI RMP certification exam. The organization is one of the leading not-for-profit professional associations, which was founded in 1969.

Before diving into further details, it is vital to start the discussion with the exam structure for the PMI RMP certification exam. The exam will have a total of 115 questions, and all will be multiple choice questions. Candidates are expected to complete their exam within 2.5 hours.

Though the exam is challenging, it is comparatively less difficult than other PMI exams. To maintain your PMI RMP, you must earn 30 professional development units (PDUs) in risk management topics every three years.  Furthermore, if you are a PMP, then it is recommended that you prepare for the PMI RMP certification exam after you have cleared your PMP exam. The overall fee structure for the exam depends on whether you are a member of the Project Management Institute or not.

The exam fees for members are $364.00, whereas when it comes to a nonmember, the exam fees go a little higher, up to $469.00. The best part about this exam is that you can take this according to your convenience. You can take the exam online or in person, whichever you prefer. At the same time, the exam is available in both Arabic and English.

Who is Eligible for the PMI RMP Certification?

Before signing up for the exam, it is crucial to know its eligibility criteria and the prerequisites for taking a PMI RMP exam. Two types of candidates can qualify for taking this examination.  You can qualify for this exam if you have a secondary degree; this means that if you have a high school diploma, associate’s degree, or the global equivalent, then you can take this exam for PMI-RMP certification.

However, you will also need 36 months of project risk management experience which you should achieve in the last five years. Once you have both of them, the last thing you will be required for this exam is 40 hours of project risk management education. If you have all three, you are eligible to take the exam.

However, the second type of candidates that qualify for the exam is those with a four-year degree. This four-year degree can be a bachelor’s degree or the global equivalent. If you have a four-year degree, then the next thing you will acquire is 24 months of project risk management experience.

It is also worth mentioning that the experience will be considered valid when it's from the last five years. And if you have fulfilled both of the requirements, the last thing you will need is 30 hours of project risk management education. Once you have all three, you can take the exam to get your certification.

The Process of Getting Certified

Now that you know the eligibility criteria for the exam along with the prerequisites, you need to know the whole process that you need to follow to get the certification under your name. The very first thing you need to do is fill out the application form that you will find on the official website of the Project Management Institute.

Once you have applied, it will take five working days for the institute to get back to you after viewing your application. Once the application is reviewed and it is not selected for auditing, then you will be notified; this means that you can pay for the examination fees.

However, if your application is selected for auditing, then the candidates must provide some of the requested information. This information may include a copy of the candidate's education certificate and signed risk management experience forms and can even include the PDU certification. PDU certification represents the level of experience that a candidate has.

Collecting and submitting information must be done in under 90 days, and the PMI usually takes 5 to 7 working days to respond to the candidates. Once the process is complete, your application will be accepted, and you can pay the examination fees.

After you have paid the fees, your application is said to be done, and you can now prepare for the exam. Once the candidate is fully eligible to take on the exam, they get a notification on their email that contains information like the candidate’s Unique PMI Eligibility ID, Instructions on the exam schedule, and the period for which the candidate will be eligible to take the exam.

The exams are taken in specific centers, and the candidates that have passed the exams will have their names displayed on the website after a few days of giving the exams. If you are fully ready to take on the exam, then there are a few tips that you must keep in mind to get this certification smoothly. First of all, start by reviewing the PMI certification handout. The handout is available in multiple languages so that you can choose according to your preference.

Before taking the exam, thoroughly go through the exam specifications and content outline. The outline and specifications are available in Arabic and English. It is also recommended to go through the Standard for Risk Management in portfolios, programs, and projects. Ensure you have the best guidebook and training partners to help you ace your exams.

Final Words

All in all, the PMI RMP certification exam is an exam that can help you in a lot of different ways. Though the exam might seem a little costly initially, it is definitely worth the investment as you will have a broader perspective while taking the exam.

Ensure you have the best trainers to teach you for the exam. One of the best courses you can get to train for this exam is provided by Elite Minds. We believe that they have the right teachers who can train you for this exam and assess you throughout the whole training.

Conclusion

Project risk management aims to identify and prioritize risks in advance of their occurrence, and provide action-oriented information to project managers.  This orientation requires consideration of events that may or may not occur and are therefore described in terms of likelihood or probability of occurrence in addition to other dimensions such as their impact on objectives.

If you are curious to know more about the PMI RMP certification exam, Feel free to have a look at our PMI RMP exam preparation workshop, and watch the first three sections before you make your mind. Also, do not hesitate to reach us out through info@eliteminds.co whenever you have a question about the PMI RMP exam preparation journey.