11.1 Risk  Management Planning  11.2 Risk  Identification  11.3 Qualitative  Risk Analysis  11.4 Quantitative  Risk Analysis  11.5 Risk Response  Planning  11.6 Risk Monitoring  and Control
 Integration  Scope  Time  Cost  Quality  Resource  Communications  Risk  Procurement

return to model

11.6 Risk Monitoring and Control

Risk monitoring control is the process of keeping track of the identified riks, monitoring residual risks and identifying new riks, ensuring the execution of risk plans, and evaluating their effectiveness in reducing risk. Risk monitoring and control records risk metrics that are associated with implementing contingency plans. Risk monitoring and control is an ongoing process for the life of the project. The risks change as the project matures, new risks develop, or anticipated risks disappear.
  Good risk monitoring and control processes provide information that assists with making effective decisions in advance of the riskīs occuring. Communication to all project stakeholders is needed to assess periodically the acceptability of the level of risk on the project.
  The purpose of risk monitoring is to determine if:

   Risk responses have been implemented as planned.

   Risk response actions are as effective as expected, or if new responses should be developed.

   Project assumptions are still valid.

   Risk expouse has changed from its prior state, with anlysis of trends.

   A risk trigger has occurred.

   Proper policies and procedures are followed.

   Risks have occurred or arisen that were not previously identied.

  Risk control may involve choosing alternative strategies, implementing a contigency plan, taking corrective action, or replanning the project. The risk response owner should report periodically to the project manager and the risk team leader on the effectiveness of the plan, any unanticipated effects, and any mid-course correction needed to mitigate the risk.

Inputs
   .1 Risk management plan
   .2 Risk response plan
   .3 Project communication
   .4 Additional risk identification
       and analysis
   .5 Scope changes
oooooooooooooooooooooooooo
oooooooooooooo
ooooooooooo
Tools & Techniques
   .1 Project risk response audits
   .2 Periodic project risk reviews
   .3 Earned value analysis
   .4 Techinical performance
       measurement
   .5 Additional risk response
       planning
oooooooooooooooooooooooooo
oooooooooooooooooooooooooo
Outputs
   .1 Workaround plans
   .2 Corrective action
   .3 Project change requests
   .4 Updates to the risk
       response plan
   .5 Risk database
   .6 Updates to risk
       identification checklists
oooooooooooooooooooooooooo

11.6.1 Inputs to Risk Monitoring and Control

.1 Risk management plan. The risk management plan is described in Section 11.1.3.

.2 Risk response plan. The risk response plan is described in Section 11.5.3.1.

.3 Project communication. Work results and other project records described in Section 10.3.1 provide information about project performance and risks. Reports commonly used tomonitor and control risks include Issues Logs, Action-Item Lists, Jeopardy Warnings, or Escalation Notices.

.4 Additional risk identification and analysis. As project performance is measured and reported, potential risks not previously identified may surface. The cycle of the six risk processes should be implemented for these risks.

.5 Scope changes. Scope changes often require new risk analysis and response plans. Scope changes are described in Section 5.5.3.1.

11.6.2 Tools and Techniques for Risk Monitoring and Control

.1 Project risk response audits. Risk auditors examine and document the effectiveness of the risk response in avoiding, transferring, or mitigating risk occurrence as well as the effectiness of the risk owner. Risk audits are performed during the project life cycle to control risk.

.2 Periodic project risk reviews. Project risk reviews should be regulary scheduled. Project risk should be an agenda item at all team meetings. Risk ratings and prioritization may change during the life of the project. Any changes may require additional qualitative or quantitative analysis.

.3 Earned value analysis. Earned value is used for monitoring overall project performance against a baseline plan. Results from an earned value analysis may indicate potential deviation of the project atcompletion from cost and schedule targets. When a project deviates significantly from the baseline, updated risk identification and analysis should be performed. Eaned value analysis is described in Section 10.3.2.4.

.4 Technical performance measurement. Technical performance measurement compares technical accomplishments during project execution to the project planīs schedule of technical achievement. Deviation, such as not demonstrating functionality as planned at a milestone, can imply a risk to achieving the projectīs scope.

.5 Additional risk response planning. If a risk emerges that was not anticipated in the risk response plan, or its impact on objectives is greater than expected, the planned response may not be adequate. It will be necessary to perform additional response planning to control the risk.

11.6.2 Outputs from Risk Monitoring and Control

.1 Wokaround plans. Workarounds are unplanned responses to emerging risks that were previously unidentified or accepted. Workarounds must be properly documented and incorporated into the project plan and risk response plan.

.2 Corrective action. Corrective action consists of performig the contingency plan or workaround.

.3 Project change requests. Implementing contingency plan or workarounds frequently results in a requirement to change the project plan to respond to risks. The result it issuance of a change request that is managed by integrated change control, as described in Section 4.3.

.4 Updates to the risk response plan. Risks may occur or not. Risks that do occur should be documented and evaluated. Implementation of risk controls may reduce the impact or probability of probability of identified risks. Risk rankings must be reassessed so that new, important risks may be properly controlled. Risks that do not occur should be documented and close in the risk response plan.

.5 Risk database. A repository that provides for collection, maitenance, and analysis of data gathered and used in the risk management processes. Use of this database will assist risk management throughout the organization and, over time, form the basis of a risk lessons learned program.

.6 Updates to risk identification checklists. Checklists updated from experience will help risk management of future projects.

return to model

  previous page      next page