Control Risks

00:01 Hello and welcome.

00:02 This module will focus on the control risks process and the PMBOK guide.

00:09 It's a controlling process.

00:11 So the exam importance is medium was, of course, it's important that you always check what you plan to do and what you're actually doing.

00:19 Stay matched throughout the entire project lifecycle.

00:23 The difficulty and memorization are both ranked as low because you've probably seen a lot of these concepts and you probably do some of this work already.

00:34 So the control risks process is one of six processes and total and the risk management knowledge area.

00:41 The other five are all Planning processes.

00:46 Now do keep in mind that our risk register is a very live document, subject to successive iterations throughout the entire life of the project.

00:55 And that's where controlling risks plays its part.

00:59 We're going to take a look at all of our risk management activities and what we'd plan to do. And we're going to see what's actually happening and we're going to take a close look. Did we identify all of the risks? Are there certain ones we missed? What new risks have manifested? Which of our identified risks have now disappeared? Were we good with our qualitative and quantitative risk analysis, or were we too conservative? Did we match and meet our risk tolerance or risk aversion expectations? What about all our risk responses? Were they appropriate? Were they too much or too little? All of these questions we will ask during control risks.

01:47 The particular domain task that the control risk process helps us understand better is monitoring and controlling task for which says we monitor and assess risk by determining whether exposure has changed and evaluating the effectiveness of response strategies in order to manage the impact of risks and opportunities on the project.

02:14 So everything that we do when we control risks feeds back to improve our approach to risk management.

02:22 And once that's one of the key foundational concepts that will help you in the exam is not only are we looking for continuous improvement in all aspects of our project, but particularly with risk management, how can we do better risk management? Particularly important if you have a high risk aversion culture in your organization.

02:44 The key themes of the control risk process are you've done all of your planning. Now it's time to do the controlling part of it.

02:52 So your planning resulted in the risk management plan, your risk breakdown structure and a wonderfully complete risk register.

03:00 But now we're going to check all of these Planning documents against what's actually going on.

03:07 And we're going to compare what we plan to do, what we captured in our risk management plan, our risk breakdown structure and our risk register.

03:15 We're going to compare that with what's actually occurring.

03:19 And if we detect a variance between those, we make changes as necessary to make sure that what we plan to do and what's actually occurring stay the same. So these are the inputs that we may find useful for controlling risks.

03:38 Our project management plan and all the subsidiary plans and documents and baselines that make it up.

03:45 Obviously, the one that we're probably most interested in is our risk management plan as part of that. But some of the other aspects of the project management plan will be important to us.

03:56 Our Scope Management Plan, Time Management Plan, Cost Management Plan, all of these things are going to be very important to us because they will identify how uncertainty in those areas is dealt with.

04:09 Now we're going to be able to provide some feedback to that part of the project as a result of this monitoring and controlling process.

04:16 Obviously, we'll also want our risk register so we can check it.

04:21 Did we identify all the risks correctly? Did we assess their impact either qualitatively or quantitatively, correctly and again? Did we do our risk responses appropriately? Or will we unprepared or unprepared for them, underprepared for them? We'll also want some relevant work performance data and some work performance reports about how the project is performing, particularly in relation to risk management.

04:51 So did we get all of our risks right? Was our quantitative analysis accurate? Were the contingency reserves we built up using it accurate? This is all the information we will need to determine if there's variance between what we plan to do and what we're actually doing.

05:12 So with each of these inputs, we need to realize that they each provide valuable insight into different aspects of your risk management activities.

05:21 As I've already mentioned, the scope management plan, time management and plan and cost management plan all come with baselines as well.

05:30 And it's those baselines and management plans we need to use to figure out if we're going to plan.

05:37 So we're going to use all of this information to see if our risk management activities are actually working as expected.

05:46 The particular tools and techniques that we may choose to use, if appropriate, include risk reassessment.

05:54 Now this is simply asking the question with your risks.

05:57 Did we get it right? With your identification of risks, did we identify all of them, are there new risks? When we describe the consequence of each risks, was our consequence accurate? What about when we did urgency assessment, was that accurate? Also, our qualitative risk assessment.

06:22 Was it accurate? Did we get those probabilities and impacts right, or do we need to improve those processes? And what about the quantitative tools and techniques we used? Did we use the right tools, the right bits of software? Did we put the right information into it and our responses where our responses appropriate? Did they help us mitigate, avoid or transfer those negative risks? Or did they help us enhance, exploit or shear those positive risks? So you can see the technique of risk reassessment means looking at all of those assumptions and that information that you put into that risk register and determining was it accurate? Is it actually working? You may also choose to undertake some risk audits.

07:13 And like audits in our quality assurance process, these are independent analysis that people and team members are following the risk management processes. As determined by your organizational process assets. So if you say that you develop a risk response for each risk event, have you done that? If your process is that for proactive risk responses, you do use a checklist to make sure they've all been put in place.

07:44 Have you done that? If your process says that, all risk responses must be then included into the scope baseline and put into your work breakdown structure and have time and cost estimated, are you doing that? So risk audits are about checking whether you're following all of your risk management processes. Now, one of the other catch-all tools and techniques is variants and trend analysis, variance analysis is that process of looking at what you plan to do and what's actually occurring and looking for variance between them.

08:19 And remember, if you do spot variance between what you plan to do and what you're actually doing, you must act.

08:27 One of the key foundational concepts of professional project management is that at all times in a project, what you plan to do and what you're actually doing must match. Variance analysis is how we determine if they don't and if we find out they don't match, we must change one of them.

08:45 We must change either what we plan to do or what we're actually doing and make sure they align. And of course, the usual way we make these changes is with change requests. Trend analysis is using some sort of mapping technique, perhaps a spreadsheet or linear regression mapping if you want to get very complicated to spot trends in your risk management activity. Do you routinely underestimate the impact of risks by 10 percent or overestimate them by 10 percent.

09:18 What's the trend that's happening? Do you routinely miss risks? Are your responses inadequate or more than adequate? Is the cost of the responses outweighing the benefit of the responses? These are all trends you can track ultimately to improve your risk management activities.

09:37 We may also have some technical performance measurements to help us.

09:41 These are some metrics and numbers we can use to figure out is risk management helping our project as we intended it to do? Are we saving money? Are we gaining time? Are we improving stakeholder expectation and engagement levels? You need these technical performance measurements to measure the value of risk management activities on your project.

10:05 We may also look at reserves analysis.

10:08 One of the things that we use quantitative risk analysis to do was to build up a transparent and defensible contingent contingency reserve.

10:20 Now we want to use reserve's analysis to take a look and say, well, if we used that technique to build our contingency reserve, did we do it appropriately? Did it give us a robust contingency reserve or do we need to change things? Do we need to release some money back to the organization? Do we need to get more money for our contingency reserve meetings? I've often found that dedicating a part of a regular meeting or having an entire meeting devoted to monitoring and controlling your risks is very useful for two reasons.

10:56 Number one, you get technical input from the experts on risk management. These are your project team members and the stakeholders like the sponsor and the customer. The other reason meetings are really important is it creates buy-in and an understanding from these people that risk management should be taken seriously and is actually helping your project.

11:18 So let's take a closer look at some of those tools and techniques, starting with risk reassessment. Now you should reassess as often as necessary for your project. In fact, I think you should be doing it constantly and you need to be able to ask yourself these questions of your entire risk management process.

11:37 Did you identify all of the risks? Did you assess them correctly? What about your planned risk responses? Were they appropriate? Were they too much, too little? Are there any new risks that you may have missed or ones that have just evolved? And what about the level of risk tolerance in your organization within the project? Have you become more or less risk tolerant or risk adverse? This is what risk reassessment is all about double checking, triple checking the answers to all of these questions.

12:11 Let's take a closer look at risk audits now.

12:15 Remember that risk audits are all about the processes we use, not about the individual risks.

12:21 It's about checking that if we do have a project management methodology and part of that is devoted to our risk management processes that we ensure that we're doing it that way.

12:34 So ask yourself these questions.

12:38 Are you following the processes as outlined in your risk management plan and your project management methodology? But go one step further and be brave enough to ask, are the processes appropriate or just process for the sake of process? And this is a key part of tailoring any project management methodology.

12:59 Tailoring is making sure that you customize both before and during the project to make sure your methodology and all of the processes are appropriate and stay appropriate.

13:12 The other things about risk audits is generally, they're better when they're done by somebody independent of the project, and they're never about looking to blame. They're always about looking to improve.

13:22 So if any sort of audit, including risk audits, carry them out at regular intervals, have somebody independent, do them and use the results as an opportunity for improvement, not blame.

13:36 Variance and trend analysis is another useful total technique, as I've already said, variance analysis is looking and determining whether there's a difference between what you plan to do and what's actually occurring and if there is a variance between them changing one of them either change what you plan to do or change what you're actually doing, and you can map any variances or any other metrics with a trend analysis.

14:02 And you can determine with that trend analysis is indicating that you routinely underestimate or overestimate risk responses or your contingency reserves are too light or too heavy.

14:15 So use both variants and trend analysis to track and look for either variances or trends that may occur with risk management.

14:25 Some other tools and techniques that we've already been over, but let's go over them once more. Technical performance measurements, these are actually looking at quantitative assessments of your risk performance.

14:36 Basically asking the question Is it worth it? And if so, how can we prove it? This is where you need real metrics of the impact that risk management is having on your project.

14:49 Is it helping you come in under budget or increase stakeholder satisfaction or reduce quality errors and reserves analysis? If you have built up your contingency reserve using quantitative risk analysis, this is where you examine it and determine whether there's anything that needs to be returned to the organization, or whether you routinely underestimate or overestimate the amounts needed for contingency reserves.

15:18 And obviously, meetings, as I've already mentioned, good for two reasons.

15:23 First, getting input from technical specialists on monitoring and controlling of risk activities.

15:29 But again, and this is the one that's more important to me, creating buy-in and an understanding of the importance of risk management on a project.

15:40 The outputs from the control risks process include turning their work performance data that was an input into useful information about how risk management is helping or hindering our project, and we can use that information in our work performance reports to tell stakeholders that we're either doing a great job or maybe need to do a little bit better when it comes to risk management activities on our project.

16:07 We may also choose to raise change requests to change either what we're planning to do or what we're actually doing.

16:14 Remember to keep those two things aligned.

16:17 Remember, these change requests go on to become an input into the form integrated change control process with our subject to your change control process and decisions are made.

16:28 We may also choose to update our project management plan.

16:33 Any other part of it, including our risk management plan, but we probably want to also look at our Scope Management Plan, Schedule Management Plan or Time Management Plan, Cost Management Plan, Quality Management Plan, Human Resource Management Plan, in fact, any of the other plans we might want to update as a result of examining how we're doing risk management activities on our project, we may wish to update project documents, particularly our risk register and also our lessons learned project documents.

17:06 We may also choose to update relevant organizational process assets generally as a result of audits that we carry out.

17:14 We may choose to update our project management methodology or the parts of it that relate to risk management.

17:23 So in summary, the control risks process is the single monitoring and controlling process in the risk management knowledge area, and it examines whether your planned risk management work matches what is actually occurring.

17:40 And remember, if you find a variance between those two things, you act on it.

17:45 It's also an opportunity to make improvements in your risk management approach. Through our audits and the variance and trend analysis, and don't forget, that's a commitment that we make not just in risk management, but in all parts of our project, a commitment to continuous improvement.

18:08 Thank you very much.

18:09 This has been an overview and an introduction to the control risks process and the PMBOK guide.