Risk Management: Implement & Monitor

Implement Risk Responses

The Implement Risk Responses process is where the value of risk management shines. With well-prepared plans from the risk register and risk report, responses to risk events can be executed smoothly and timely. Risk owners, supported by the project manager, use triggers to identify when a risk is imminent and implement pre-planned responses to avert threats or seize opportunities.

Example: In a hardware/software installation project during hurricane season, a project manager with proper risk management would schedule the project outside the forecasted hurricane period. By monitoring weather reports (risk triggers), the team could implement a response plan to avoid delays, rework, and costs.

If a response plan, like rescheduling, doesn’t fully mitigate the risk (e.g., hurricane damage exceeds expectations), change requests to the cost and schedule management plans are used to address unforeseen outcomes.

Artifacts of Implement Risk Responses

Implementing risk responses updates key project documents:

Risk Register: Updated with details on responses taken and their effectiveness.
Risk Report: Reflects changes in project risk exposure and planned responses.
Lessons Learned Register: Captures what worked and what didn’t during implementation.
Issue Log: Records ongoing issues, like confusion during response execution.

Monitor Risks

The Monitor Risks process ensures that risk management plans are effective. Project managers evaluate whether procedures are followed and watch for unexpected consequences. In predictive environments, corrective actions or change requests are sent to integrated change control. In agile environments, risk adjustments are made to the backlog.

Key Assumption: For exams, assume proper risk management (assigning risk owners, contingency plans, reserves) reduces project risk significantly unless stated otherwise.

Methods for Monitoring Risk

Workarounds are unplanned responses to unanticipated events or accepted risks. Unlike pre-planned contingency responses, workarounds address issues as they arise to keep the project on track.

Periodic reviews of the risk management plan and risk register to adjust documentation based on new information. Discussed in team meetings or retrospectives to identify necessary changes.

Risk Reviews: Regular discussions on the effectiveness of implemented responses, identifying new or secondary risks, and closing obsolete risks.
Risk Audits: Assess how well risk processes are working, documented in the risk management plan.

Checks the remaining contingency and management reserves against needs. Contingency reserves are for specific risks; management reserves require sponsor approval for unidentified issues.

Compares planned versus actual technical requirement completion to identify variances that may indicate risks.

Retrospectives: End-of-iteration reviews to improve productivity, quality, and capacity while addressing risks.
Risk Burndown Charts: Visualize risk trends, showing if threats are decreasing or escalating (e.g., resolving a resume builder issue in a library software project).

Artifacts of Monitor Risks

Monitoring risks updates the following:

Work Performance Information: Includes results of risk reviews, audits, performance measurements, and variance analyses.
Risk Register Updates: Outcomes of reassessments, audits, response results, new risks, closed risks, and lessons learned.
Organizational Process Assets: Updates to risk templates, checklists, risk reports, and agile artifacts like backlogs and burndown charts.

Common Risk Management Mistakes

Avoid these pitfalls to ensure effective risk management:

Incomplete risk identification without iteration.
Using padding instead of proper risk management.
Blending risk identification with analysis, reducing identified risks.
Identifying general rather than specific risks.
Missing entire risk categories (e.g., technological, cultural).
Using only one risk identification method.
Selecting the first response strategy without evaluating options.
Neglecting risk management or failing to explain it to the team.
Signing contracts before completing risk analysis.

Agile Risk Management

In agile environments, risk management is iterative, occurring during release planning and each iteration. Teams reprioritize the backlog, create risk response stories, and update plans to address risks dynamically.