00:01
Hello and welcome.
00:02
This module will focus on the control risks
process and the PMBOK guide.
00:09
It's a controlling process.
00:11
So the exam importance is medium was, of
course, it's important
that you always check what you plan to do
and what you're actually doing.
00:19
Stay matched throughout the entire project
lifecycle.
00:23
The difficulty and memorization are both
ranked as low because you've probably seen a
lot of these concepts and you probably do
some of this work already.
00:34
So the control risks process is one of six
processes and
total and the risk management knowledge
area.
00:41
The other five are all Planning processes.
00:46
Now do keep in mind that our risk register
is a very live document,
subject to successive iterations throughout
the entire life of the project.
00:55
And that's where controlling risks plays its
part.
00:59
We're going to take a look at all of our
risk management activities and what we'd plan
to do. And we're going to see what's
actually happening and we're going to take a
close look. Did we identify all of the
risks?
Are there certain ones we missed?
What new risks have manifested?
Which of our identified risks have now
disappeared?
Were we good with our qualitative and
quantitative risk analysis, or were we
too conservative?
Did we match and meet our risk tolerance or
risk aversion expectations?
What about all our risk responses?
Were they appropriate?
Were they too much or too little?
All of these questions we will ask during
control risks.
01:47
The particular domain task that the control
risk process helps us
understand better is monitoring and
controlling task for
which says we monitor and assess risk by
determining
whether exposure has changed and evaluating
the effectiveness of
response strategies in order to manage the
impact of risks and
opportunities on the project.
02:14
So everything that we do when we control
risks feeds back
to improve our approach to risk management.
02:22
And once that's one of the key foundational
concepts that will help you in the
exam is not only are we looking for
continuous improvement in all
aspects of our project, but particularly
with risk management, how can we do
better risk management?
Particularly important if you have a high
risk aversion culture in
your organization.
02:44
The key themes of the control risk process
are you've done all of your
planning. Now it's time to do the
controlling part of it.
02:52
So your planning resulted in the risk
management plan, your risk breakdown
structure and a wonderfully complete risk
register.
03:00
But now we're going to check all of these
Planning documents against what's
actually going on.
03:07
And we're going to compare what we plan to
do, what we captured in our risk management
plan, our risk breakdown structure and our
risk register.
03:15
We're going to compare that with what's
actually occurring.
03:19
And if we detect a variance between those,
we make changes as necessary
to make sure that what we plan to do and
what's actually occurring stay the
same. So these are the inputs that we may
find
useful for controlling risks.
03:38
Our project management plan and all the
subsidiary plans and documents and
baselines that make it up.
03:45
Obviously, the one that we're probably most
interested in is our risk management plan as
part of that. But some of the other aspects
of the project management plan will be
important to us.
03:56
Our Scope Management Plan, Time Management
Plan, Cost Management
Plan, all of these things are going to be
very important to us because they will
identify how uncertainty in those areas is
dealt with.
04:09
Now we're going to be able to provide some
feedback to that part of the project as a
result of this monitoring and controlling
process.
04:16
Obviously, we'll also want our risk register
so we can check it.
04:21
Did we identify all the risks correctly?
Did we assess their impact either
qualitatively or quantitatively,
correctly and again?
Did we do our risk responses appropriately?
Or will we unprepared or unprepared for
them, underprepared for them?
We'll also want some relevant work
performance data and some work performance
reports about how the project is performing,
particularly in
relation to risk management.
04:51
So did we get all of our risks right?
Was our quantitative analysis accurate?
Were the contingency reserves we built up
using it accurate?
This is all the information we will need to
determine if there's variance between what
we plan to do and what we're actually doing.
05:12
So with each of these inputs, we need to
realize that they each provide valuable
insight into different aspects of your risk
management activities.
05:21
As I've already mentioned, the scope
management plan, time management and plan and
cost management plan all come with baselines
as well.
05:30
And it's those baselines and management
plans we need to use to figure out if we're
going to plan.
05:37
So we're going to use all of this
information to see if our risk management
activities are actually working as expected.
05:46
The particular tools and techniques that we
may choose to use, if appropriate, include
risk reassessment.
05:54
Now this is simply asking the question with
your risks.
05:57
Did we get it right?
With your identification of risks, did we
identify all of them, are there
new risks?
When we describe the consequence of each
risks, was our
consequence accurate?
What about when we did urgency assessment,
was that accurate?
Also, our qualitative risk assessment.
06:22
Was it accurate?
Did we get those probabilities and impacts
right, or do we need to improve those
processes? And what about the quantitative
tools and techniques we
used? Did we use the right tools, the right
bits of software?
Did we put the right information into it and
our
responses where our responses appropriate?
Did they help us mitigate, avoid or transfer
those
negative risks?
Or did they help us enhance, exploit or
shear those positive risks?
So you can see the technique of risk
reassessment means looking at all
of those assumptions and that information
that you put into that risk register and
determining was it accurate?
Is it actually working?
You may also choose to undertake some risk
audits.
07:13
And like audits in our quality assurance
process, these are independent
analysis that people and team members are
following the risk management
processes. As determined by your
organizational process
assets. So if you say that you develop a
risk response for
each risk event, have you done that?
If your process is that for proactive risk
responses, you do use a
checklist to make sure they've all been put
in place.
07:44
Have you done that?
If your process says that, all risk
responses must be then included into
the scope baseline and put into your work
breakdown structure and have time and cost
estimated, are you doing that?
So risk audits are about checking whether
you're following all of your risk management
processes. Now, one of the other catch-all
tools
and techniques is variants and trend
analysis, variance
analysis is that process of looking at what
you plan to do and what's
actually occurring and looking for variance
between them.
08:19
And remember, if you do spot variance
between what you plan to do and what you're
actually doing, you must act.
08:27
One of the key foundational concepts of
professional project management is that at
all times in a project, what you plan to do
and what you're actually doing must
match. Variance analysis is how we determine
if they don't and if
we find out they don't match, we must change
one of them.
08:45
We must change either what we plan to do or
what we're actually doing and make sure they
align. And of course, the usual way we make
these changes is with change
requests. Trend analysis is using some sort
of
mapping technique, perhaps a spreadsheet or
linear regression mapping if you want to get
very complicated to spot trends in your risk
management
activity. Do you routinely underestimate the
impact of risks by
10 percent or overestimate them by 10
percent.
09:18
What's the trend that's happening?
Do you routinely miss risks?
Are your responses inadequate or more than
adequate?
Is the cost of the responses outweighing the
benefit of the responses?
These are all trends you can track
ultimately to improve your risk
management activities.
09:37
We may also have some technical performance
measurements to help us.
09:41
These are some metrics and numbers we can
use to figure out is risk
management helping our project as we
intended it to do?
Are we saving money?
Are we gaining time?
Are we improving stakeholder expectation and
engagement levels?
You need these technical performance
measurements to measure the value of risk
management activities on your project.
10:05
We may also look at reserves analysis.
10:08
One of the things that we use quantitative
risk analysis to do was to build up
a transparent and defensible contingent
contingency reserve.
10:20
Now we want to use reserve's analysis to
take a look and say, well, if we
used that technique to build our contingency
reserve, did we do it appropriately?
Did it give us a robust contingency reserve
or do we need to
change things?
Do we need to release some money back to the
organization?
Do we need to get more money for our
contingency reserve
meetings? I've often found that dedicating a
part of a regular
meeting or having an entire meeting devoted
to monitoring and controlling your
risks is very useful for two reasons.
10:56
Number one, you get technical input from the
experts on risk
management. These are your project team
members and the stakeholders like the sponsor
and the customer. The other reason meetings
are really important is it creates
buy-in and an understanding from these
people that risk management should be taken
seriously and is actually helping your
project.
11:18
So let's take a closer look at some of those
tools and techniques, starting with risk
reassessment. Now you should reassess as
often as necessary for your
project. In fact, I think you should be
doing it constantly and you need to be able
to ask yourself these questions of your
entire risk management process.
11:37
Did you identify all of the risks?
Did you assess them correctly?
What about your planned risk responses?
Were they appropriate?
Were they too much, too little?
Are there any new risks that you may have
missed or ones that have just evolved?
And what about the level of risk tolerance
in your organization within the project?
Have you become more or less risk tolerant
or risk adverse?
This is what risk reassessment is all about
double checking, triple
checking the answers to all of these
questions.
12:11
Let's take a closer look at risk audits now.
12:15
Remember that risk audits are all about the
processes we use, not about
the individual risks.
12:21
It's about checking that if we do have a
project management
methodology and part of that is devoted to
our risk management
processes that we ensure that we're doing it
that way.
12:34
So ask yourself these questions.
12:38
Are you following the processes as outlined
in your risk management
plan and your project management
methodology?
But go one step further and be brave enough
to ask, are the processes appropriate
or just process for the sake of process?
And this is a key part of tailoring any
project management methodology.
12:59
Tailoring is making sure that you customize
both before and during
the project to make sure your methodology
and all of the processes are appropriate
and stay appropriate.
13:12
The other things about risk audits is
generally, they're better when they're done
by somebody independent of the project, and
they're never about looking to
blame. They're always about looking to
improve.
13:22
So if any sort of audit, including risk
audits, carry them out at regular
intervals, have somebody independent, do
them and use the results as an
opportunity for improvement, not blame.
13:36
Variance and trend analysis is another
useful total technique, as
I've already said, variance analysis is
looking and determining whether there's a
difference between what you plan to do and
what's actually occurring and if there is a
variance between them changing one of them
either change what you plan to do
or change what you're actually doing, and
you can map any variances or
any other metrics with a trend analysis.
14:02
And you can determine with that trend
analysis is indicating that you routinely
underestimate or overestimate risk responses
or your
contingency reserves are too light or too
heavy.
14:15
So use both variants and trend analysis to
track and look for either
variances or trends that may occur with risk
management.
14:25
Some other tools and techniques that we've
already been over, but let's go over them
once more. Technical performance
measurements, these are actually looking at
quantitative assessments of your risk
performance.
14:36
Basically asking the question Is it worth
it?
And if so, how can we prove it?
This is where you need real metrics of the
impact that risk management is
having on your project.
14:49
Is it helping you come in under budget or
increase stakeholder
satisfaction or reduce quality errors
and reserves analysis?
If you have built up your contingency
reserve using quantitative risk
analysis, this is where you examine it and
determine whether there's anything that needs
to be returned to the organization, or
whether you routinely underestimate or
overestimate the amounts needed for
contingency reserves.
15:18
And obviously, meetings, as I've already
mentioned, good for two reasons.
15:23
First, getting input from technical
specialists on monitoring and
controlling of risk activities.
15:29
But again, and this is the one that's more
important to me, creating buy-in and an
understanding of the importance of risk
management on a project.
15:40
The outputs from the control risks process
include turning their
work performance data that was an input into
useful information
about how risk management is helping or
hindering our project, and we can
use that information in our work performance
reports to tell
stakeholders that we're either doing a great
job or maybe need to do a little bit better
when it comes to risk management activities
on our project.
16:07
We may also choose to raise change requests
to change either what we're planning to
do or what we're actually doing.
16:14
Remember to keep those two things aligned.
16:17
Remember, these change requests go on to
become an input into the form integrated
change control process with our subject to
your change control process and
decisions are made.
16:28
We may also choose to update our project
management plan.
16:33
Any other part of it, including our risk
management plan, but we probably want to also
look at our Scope Management Plan, Schedule
Management Plan or Time Management Plan, Cost
Management Plan, Quality Management Plan,
Human Resource Management Plan, in fact, any
of the other plans we might want to update
as a result of examining
how we're doing risk management activities
on our project,
we may wish to update project documents,
particularly our risk register
and also our lessons learned project
documents.
17:06
We may also choose to update relevant
organizational process assets
generally as a result of audits that we
carry out.
17:14
We may choose to update our project
management methodology or the parts of it
that relate to risk management.
17:23
So in summary, the control risks process is
the single
monitoring and controlling process in the
risk management knowledge area, and it
examines whether your planned risk
management work matches what is
actually occurring.
17:40
And remember, if you find a variance between
those two things, you act on it.
17:45
It's also an opportunity to make
improvements in your risk management
approach. Through our audits and the
variance and trend analysis,
and don't forget, that's a commitment that
we make not just in risk
management, but in all parts of our project,
a commitment to
continuous improvement.
18:08
Thank you very much.
18:09
This has been an overview and an
introduction to the control risks process and
the PMBOK guide.