Project Risk Management – SPM Final Exam Notes (University
Level)
1. Risk – Definition
A risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or
more project objectives.
• Positive risks are called opportunities
• Negative risks are called threats
2. Risk Trigger
A risk trigger is an event or situation that indicates a risk is about to occur.
3. Project Risk Management – Definition
Project Risk Management is the knowledge area that includes processes for: - Risk management
planning - Risk identification - Risk analysis - Risk response planning - Risk response implementation -
Risk monitoring and control
4. Risk Management Approach
Risk management focuses on: - The likelihood (probability) of a risk occurring - The potential impact of
the risk on project objectives
5. Risk Management Plan – Definition
A Risk Management Plan is a component of the project management plan that describes how risk
management activities will be structured and performed.
6. Contents of Risk Management Plan
The risk management plan includes: - Risk strategy - Methodology - Roles and responsibilities - Budget
and funding - Timing of risk activities - Risk categories - Stakeholder risk appetite - Definitions of
probability and impact - Probability and impact matrix - Reporting formats - Risk tracking documents
7. Risk Identification
Risk identification is the process of determining which risks may affect the project and documenting
their characteristics.
1
�8. Risk Classification Approaches
Risks can be classified using different approaches:
Effect-based classification – Based on the impact on objectives (cost, schedule, quality)
Source-based classification – Based on the origin of risk (technical, external, organizational)
9. Types of Risk Knowledge
• Known information – Fully understood
• Known but unavailable information – Exists but not accessible
• Unknown risks – Unforeseeable events
• Hidden information – Exists but value is not realized
10. Risk Threshold
Risk threshold is the maximum level of risk that a project manager or stakeholder is willing to accept.
11. Risk Appetite
Risk appetite is the degree of uncertainty an organization or individual is willing to accept in
anticipation of a reward.
12. Risk Tolerance
Risk tolerance is the level of risk exposure above which risks must be addressed and below which risks
may be accepted.
13. Iterative Risk Identification Guidelines
• Identify risks in all project phases and work packages
• Review project documents with stakeholders
• Identify risks and triggers using structured techniques
• Use historical data and lessons learned
• Group risks into common categories
• Record risks in the risk register
14. Qualitative Risk Analysis – Definition
Qualitative Risk Analysis prioritizes risks by assessing their probability and impact.
Characteristics: - Focuses on high-priority risks - Subjective and experience-based - Produces a
prioritized risk list
2
�15. Probability and Impact Matrix
A Probability and Impact Matrix is a grid used to evaluate and prioritize risks based on their likelihood
and impact on project objectives.
16. Quantitative Risk Analysis – Definition
Quantitative Risk Analysis numerically analyzes the combined effect of risks on overall project
objectives.
Key points: - Measures overall project risk exposure - Supports risk response planning - Used for large,
complex, or critical projects
17. Risk Response – Definition
A risk response is an action taken to address a risk.
18. Risk Response Planning
Risk response planning includes: - Assigning an owner to each risk - Selecting response strategies -
Addressing risks by priority - Updating schedule and budget - Developing fallback plans - Reviewing
secondary risks
19. Risk Response Strategies
Risk response strategies are prepared for: - Threats (negative risks) - Opportunities (positive risks)
Strategies are applied to individual risks and overall project risk.
20. Contingency Response Strategies
A contingency response is a predefined action taken if a specific risk trigger occurs.
Key points: - Developed in advance - Used when risks become issues - Reduce negative impact or
enhance benefits - Include time and cost estimates
21. Implementing Risk Responses – Guidelines
• Analyze causes and effects of risks
• Brainstorm possible responses
• Select the most effective strategy
• Escalate risks beyond risk threshold
3
� • Identify backup strategies
• Allocate contingency reserves
• Integrate responses into project plan
22. Issue – Definition
An issue is a current situation or condition that has already occurred and may affect project objectives.
23. Risk vs Issue
• Risk: Future uncertain event
• Issue: Current problem requiring action
24. Issue Log – Definition
An Issue Log is a document used to record, track, and monitor issues throughout the project lifecycle.
25. Issue Resolution Process
• Record the issue in the issue log
• Assign an owner
• Set realistic due dates
• Monitor progress regularly
• Escalate critical issues
• Approve and implement solutions
• Close the issue
Final Exam Revision Summary
Risk Management Process Flow: Plan Risk Management → Identify Risks → Qualitative Analysis →
Quantitative Analysis → Plan Responses → Implement Responses → Monitor Risks