Risk Management Knowledge Area - PMP Study Guide

When we talk about risk in our daily lives, negative things usually appear in our minds first. Because that's usually what the word risk corresponds to in everyday life. But before we begin to provide information about the risk management knowledge area, it is necessary to mention that the word risk can mean both negative and positive. 

We define the positive risks that may occur in a project as opportunities, and we characterize the negative risks as threats. In Risk management, our main goal is always to increase the likelihood of positive risks to happen, and minimize the likelihood of negative risks that have the potential to affect our project badly.

Risks always stem from uncertainty. Uncertainty, in the simplest terms, means not knowing what we will encounter at the end of a process, what the outcome will be, whether our predictions will come true. The level of uncertainty may differ according to the nature of the risks. Some risks may be identified before and necessary contingency actions are planned. These are called known risks. The ones that we had no idea before they happened, are called unknown risks.

Risk management in a project involves, planning how to manage it, identifying, analyzing, and developing responses, and monitoring them.

There are six processes in the Risk Management knowledge area. These are;

  • Plan Risk Management
  • Identify Risks
  • Perform Qualitative Risk Analysis
  • Perform Quantitative Risk Analysis
  • Plan Risk Responses
  • Implement Risk Responses
  • Monitor Risks
Risk management starts in the initiating process group when we create the project charter as a part of project integration. In the project charter, we include a high-level summary of possible risks in the project. Then in the plan risk management process, we define how to conduct efficient risk management throughout the project and prepare a risk management plan which will guide everyone. In this plan, valuable information such as the methodology to be used, roles, and responsibilities especially regarding the risk responses to be applied. Risk categories, costs related to risk management, a probability and impact matrix, risk tolerances of the project and stakeholders are documented in the risk management plan.

In identifying risks process our main goal is to create a risk list by identifying as many risks as we can, using all the instruments we have. It is important that everyone in the project team, key stakeholders, and, more precisely, everyone who will contribute to the risk identification process is involved in the process.

Perform Qualitative Risk Analysis is another step together with quantitative risk analysis. It is simply sorting risks according to their priority by using qualitative methods. Quantitive risk analysis is doing the same prioritization process by using numerical data. Qualitative risk analysis must be performed in all projects where quantitative risk analysis may be skipped in some projects.

As a next step, risk responses about the identified and analyzed risks will be determined. For threats, several risk response strategies can be used. This includes avoiding the risk by eliminating the root cause of the threat directly, mitigating risk by reducing the likelihood and potential impact of the risk by using different approaches or transferring risks, like making a contract with an insurance company. Similarly, different approaches for positive risks can be chosen according to the case. This includes exploiting the opportunity with changes to the project to guarantee it happens for sure, enhancing by increasing its chance to happen or sharing it with a third party. Also accepting the risk is an option both for positive and negative risks.

Before leaving read also our other articles about knowledge areas.