PROJECT RISK MANAGMENT

Chapter Six
Project Risk Monitoring & Control
KURABACHEW M.(PhD)
 Contents
1. Risk Monitoring and Control

2. Risk Threshold and Risk Review

3. Project Risk Efficiency Measurement

4. Risk Audit

5. Inputs for Risk Review

6. Tools and Techniques of Risk Review

7. Outputs of Risk Review

 1. Project Risk Monitoring and Control

Risk monitoring and control includes:

1. Identifying new risks and planning for them

2. Keeping track of existing risks to check if:

• Reassessment of risks is necessary

• Any of risk conditions have been triggered

• Monitor any risks that could become more critical over time

• Tackle the remaining risks that require a longer-term, planned, and managed
approach with risk action plans
 1. Project Risk Monitoring and Control
3. Risk reclassification
For the risks that cannot be closed, the criticality has to go down over a period of
time due to implementing the action plan.
If this is not the case then the action plan might not be effective and should be re-
examined.

4. Risk reporting
The risk register is continuously updated, from risk identification through risk
response planning and status update during risk monitoring and control.
This project risk register is the primary risk reporting tool and is available in the
central project server, which is accessible to all stakeholders.
 1. Project Risk Monitoring and Control
 In General, Risk monitoring control is the process of

 keeping track of the identified risks,

 monitoring residual risks and identifying new risks,

 ensuring the execution of risk plans, and evaluating their effectiveness in reducing
risk.

 It records risk metrics that are associated with implementing contingency plans.

 Good risk monitoring and control processes provide information that assists with
making effective decisions in advance of the risk´s occurring.
 2. Project Risk Threshold & Risk Review

The risk priorities have to be set to direct focus where it is most critical.

The risks with the highest risk exposure rating are the highest priority.

Risks with Exposure Low can be dropped from the mitigation plans, but
may need to be revisited later in the project.

The organizational mandate is that if the projects have at least one “Very
High” risk or more than 3 “High” risks, guidance should be sought from
management and stakeholders, as the project may be at high risk of failure.

Projects can customize the threshold based on project needs.

 3. Project Risk Efficiency Measurement
1. Risk Metrics

The efficiency of risk analysis and management is measured by capturing the

following metrics during project closure.

The analysis results are used to decode lessons learned, which is updated in the
organization's lessons learned database.
Number of risks that occurred / Number of risks that were identified

Was the impact of the risks as severe as originally thought?

How many risks recurred?

How do the actual problems and issues faced in a project differ from the anticipated risks?
 4. Project Risk Audit

This is an independent expert analysis of risks, with

recommendations to enhance maturity or effectiveness of risk
management in the organization.

This evaluates:
How good are we at identifying risk?

Exhaustiveness and granularity of risks identified

Effectiveness of mitigation or contingency plan

Linkage of project risks to organizational risks

 4. Project Risk Audit

The key deliverables of this risk audit are:

Customized checklist to evaluate the risks of a project

Identify areas of importance for risk analysis for a project (risk taxonomy)

Risk radar – risk-prone areas of the product group

Potential additional risks identified based on the review

Top 10 risks in the organization from key projects, which requires

management attention
 5. Inputs to Risk Monitoring and Control
Risk management plan

Risk response plan

Project communication
Work results and other project records described in provide information about project performance and risks.

Reports commonly used to monitor and control risks include Issues Logs, Action-Item Lists, Jeopardy Warnings, or

Escalation Notices.

Additional risk identification and analysis

As project performance is measured and reported, potential risks not previously identified may surface.

The cycle of the six risk processes should be implemented for these risks.

Scope changes
Scope changes often require new risk analysis and response plans.
 6. Tools and Techniques for Risk Monitoring and Control
Project risk response audits:
 Risk auditors examine and document the effectiveness of the risk response in avoiding, transferring, or mitigating risk occurrence

as well as the effectiveness of the risk owner.

Risk audits are performed during the project life cycle to control risk.

Periodic project risk reviews:

 Project risk reviews should be regularly scheduled.

Risk ratings and prioritization may change during the life of the project.

Any changes may require additional qualitative or quantitative analysis.

Earned value analysis:

Earned value is used for monitoring overall project performance against a baseline plan.

Results from an earned value analysis may indicate potential deviation of the project at completion from cost and schedule targets.

Significant deviation from the baseline needs updated risk identification and assessment
 6. Tools and Techniques for Risk Monitoring and Control

Technical performance measurement:

 Technical performance measurement compares technical accomplishments
during project execution to the project plan´s schedule of technical achievement.
Deviation, such as not demonstrating functionality as planned at a milestone, can
imply a risk to achieving the project´s scope.

 Additional risk response planning:

 If a risk emerges that was not anticipated in the risk response plan, or its impact
on objectives is greater than expected, the planned response may not be adequate.
 It will be necessary to perform additional response planning to control the risk.
 7.Risk Monitoring and Control Outputs
Workaround plans.
Workarounds are unplanned responses to emerging risks that were previously
unidentified or accepted.
Workarounds must be properly documented and incorporated into the project plan and
risk response plan.

 Corrective action.
Corrective action consists of performing the contingency plan or workaround.

Project change requests.

Implementing contingency plan or workarounds frequently results in a requirement to
change the project plan to respond to risks.
 7.Risk Monitoring and Control Outputs
Updates to the risk response plan.
Risks may occur or not. Risks that do occur should be documented and evaluated.

Implementation of risk controls may reduce the impact or probability of identified risks.

Risk rankings must be reassessed so that new, important risks may be properly controlled.

Risks that do not occur should be documented and close in the risk response plan.

Risk database.
A repository that provides for collection, maintenance, and analysis of data gathered and used in the risk management

processes.

Use of this database will assist risk management throughout the organization and, over time, form the basis of a risk

lessons learned program.

Updates to risk identification checklists.

 Checklists updated from experience will help risk management of future projects.
END OF CHAPTER