11 PROJECT RISK MANAGEMENT Objective of This Chapter:

Project risk management includes the processes of conducting risk management planning,

identification, analysis, response planning, and monitoring and control on a project Risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective. Objectives can include scope, schedule, cost, and quality

No construction project is risk free. Risk should be managed, minimised, shared, transferred, or accepted. But should not be ignored. Most of the small real estate projects the focus of risk

management is mainly limited to cost escalation and material consumption (cement and steel). Rest of the risks are managed on ad-hoc basis. It is worth mentioning that enlarging the scope of risk management will surely help small as well as big projects

The objective of risk management is to increase the probability and impact of positive events,

and decrease the probability and impact of negative events in the project. Risk and uncertainty can potentially have damaging consequences for the construction projects. Therefore, the risk analysis and management should be a major feature of the

construction projects in an attempt to deal effectively with uncertainty and unexpected events and to achieve project success.

Many problems which are faced in later phases of construction project are result from

unmanaged risks from the earlier stage. Hence poor risk management can result into

Increased costs due to ad-hoc management

Loss or reduction in profit

Damage to brand / reputation

And in worst case disposal of the business or insolvency

Project risk management is an iterative process: the process is beneficial when is implemented in a systematic manner throughout the lifecycle of a construction project, from feasibility to the planning stage and to completion. Though it is highlighted that most case

should be taken during planning and execution phases.

Characteristics of project risks:

Project risk is always in the future.

A risk may have one or more causes and, if it occurs, it may have one or more

impacts. A cause may be a requirement, assumption, constraint, or condition that creates the possibility of negative or positive outcomes.

Project risk has its origins in the uncertainty present in all projects

Risk has positive or negative impact on project objectives i.e. scope, schedule, cost

and quality

Individuals and groups adopt attitudes toward risk that influence the way they

respond. These risk attitudes are driven by perception, tolerances, and other biases, which should be made explicit wherever possible Risk attitude depends on

Risk exists the moment a project is conceived.

Moving forward on a project without a proactive focus on risk management increases

the impact that a realized risk can have on the project and can potentially lead to project failure

Important terms in risk management:

Known risks : those that have been identified and analyzed, making it possible to plan responses for those risks

Specific unknown risks : cannot be managed proactively, which suggests that the project team should create a contingency plan

Issues : A project risk that has occurred

Risk attitude : depends on

o Risk appetite : degree of uncertainty willing to take in anticipation of rewards o Risk tolerance : degree of risk that individual or organization can withstand

o Risk threshold : Risk is acceptable below the threshold but not above

Risk response : reflect an organization's perceived balance between risk taking and

risk avoidance. Based on the risk assessment, an appropriate decision is made regarding further actions or proceeding to the next phase. For each risk use flag 'go', 'maybe' and 'no go' options in a decision making process. A 'go' status will constitute a

green light for proceeding on to the next phase while 'no go' will stop the progress until effective risk response is put in place. Evaluation resulting in a 'maybe' decision

will lead to return to a previous step or even phases for further improvements and minimizing risk.

Risk management approach: The level of risk is always related to the project

complexity The fact that there are so many risks which can be identified in the construction industry, can be explained by the project size and their complexity. The

bigger the project is, the larger the number of potential risks that may be faced. Several factors can stimulate risk occurrence. Moreover, when all potential risks have been identified, the project team must remember that there might be more threats.

Therefore, the project team should not solely focus on management of those identified risks but also be alert for any new potential risks which might arise. The easiest way

to identify risk is to analyze and draw a conclusion from projects which failed in the past.

11.1 Plan Risk Management

Risk management planning is the process of deciding how to conduct risk management activities for a project. Careful planning will almost always improve the results from the

other five processes of risk management and is, therefore, time well spent. Risk planning should begin during the earliest stages of project initiation and should be completed early in the project planning process

Following points must be clearly defined in risk management plan:

Determine the project’s risk register requirements based on project estimate and

complexity, and the need for a written project Following guide lines can be used for risk management of projects of various sizes and complexities:

Risk Management Small or low Mid size or medium Big size or high

Process complexity project complexity project complexity project

Risk Identification Yes Yes Yes

Qualitative Analysis Risk Rating Probability & Impact Analysis

Probability & Impact Analysis

Quantitative Analysis Not Necessary Not Necessary Yes

Risk Response Yes Yes Yes

Risk Monitoring Yes Yes Yes

Populate and maintain the project risk register with risks developed by functional units and the phases

Ensure proactive response to all risks and opportunities that will impact the successful delivery of the project.

Decide how risk management will be communicated and discussed with directors

Decide how risk management will be discussed with internal department management

about and external stake holders

Schedule of risk management meetings.

How to monitor and update risks.

Ensure quality of the risk data in the risk register.

Track and monitor the effectiveness of risk response actions

11.1.1 Inputs

11.1.1.1 Project Management Plan : The performance baseline in the areas of scope, time,

and cost may all be affected by risk-related activities. 11.1.1.2 Project Charter : High-level risks, high-level project descriptions, and high- level

requirements are all inputs from the project charter that may be used in planning risk management.

11.1.1.3 Stakeholder Register : Provides an overview of the roles of the various stakeholders on the project.

11.1.1.4 EEFs : Risk attitudes, thresholds, and tolerances of the organization.

11.1.1.5 OPAs : Which includes

Risk categories, definitions

Risk statement formulas, templates

Risk-related roles and responsibilities

Authority levels for risk-related decision making

Lessons learned

11.1.2 Tools & Techniques

11.1.2.1 Analytical Techniques : Used to understand and define the overall risk management

context of the project, which is based on a combination of stakeholder risk attitudes and strategic risk exposure of a given project

11.1.2.2 Expert Judgment : Expertise should be considered from subject matter experts, project stakeholders, and senior management, and lessons learned from previous projects.

11.1.2.3 Meetings : Used to develop the risk management plan. High level plan for

conducting risk management activities are defined in these meetings 11.1.3 Outputs

11.1.3.1 Risk Management Plan : Describes how risk management activities will be planned

and executed. The plan may include the following:

Methodology

Roles and responsibility

Budgeting

Timing

Risk categories: may employ information from the RBS (Risk Breakdown Structure)

Definition of probability and impact: how to describe or measure the likelihood that

an event will occur and the effect on project objectives if it does occur.

Probability and impact matrix (more detail under qualitative analysis)

Revised stakeholder tolerances: Risk planning may cause shifts in how much risk is considered acceptable for a specific project.

Reporting formats

Tracking : How the risk activities will be recorded and audited

11.2 Identify Risks

Risk identification involves determining which risk events are likely to affect the project and

documenting their characteristics. Risk identification is not a one-time event; it is an iterative process and normally leads to qualitative analysis. New risks may emerge at any time and

continued risk identification should be performed on a regular basis throughout the project. During the identification of a risk, it may also become apparent what the appropriate response should be. This information should be recorded for subsequent use in the response planning

process. Different stakeholders will have different expectations and interests in the project. This

naturally creates problems and confusion for even the most experienced project managers and contractors on how to manage risk. Still they should jointly look into risk management which might arise due to following factors

Immature project management practices

Lack of integrated approach to project management

Unmanaged dependency on external participants whose behaviour cannot be controlled

Failure to recognise and develop responses to risk and opportunity

Lack of timely resolution of issues as raised by various stakeholders

Poor contract and claim administration

Lack of compliance with project and regulatory requirements

Unclear or unattainable project objectives

Tight project schedule

Too many design variations

Unsuitable construction program planning

Occurrence of dispute

Price inflation of construction materials

Excessive approval procedures in administrative government departments

Incomplete approval and other documents

Inadequate or insufficient site information (soil test and survey report)

Poor estimation

Budget based on incomplete data

Issues due to contractual problems

Delays due to reasons beyond control of project team or contractors

Quality issues

Insufficient time for testing

Act of god

Inflation and interest rate

Political and regulatory issues

Inputs

11.2.1.2 Risk Management Plan : Assigns roles and responsibilities for risk identification, builds money and time into the plan to accommodate risk identification and provides

information about risk identification and provides information about risk categories that may be relevant for the current project

11.2.1.2 Cost Management Plan : Processes and controls that can be used to identify risks on the project.

11.2.1.3 Schedule Management Plan : Project schedule objectives which may be impacted by risks.

11.2.1.4 Quality Management Plan : Quality measures and metrics for use in identifying risks.

11.2.1.5 Human Resource Management Plan : Which includes roles and responsibilities, project organization chart and staffing management plan

11.2.1.6 Scope Baseline : Which includes project scope statement (contains project

assumptions) and WBS (facilitates understanding of potential risks at summary, control account, and work package levels)

11.2.1.7 Activity Cost Estimates : Provides quantitative assessment of the range of costs of completing scheduled activities, with the width of the range indicating the degree of risk.

11.2.1.8 Activity Duration Estimates : Used to identify risks related to time allowances for activities, with the range of the estimates indicating the degree of risk.

11.2.1.9 Stakeholder Register : Useful for soliciting inputs from stakeholders to identify risks.

11.2.1.10 Project Documents : Which includes project charter, project schedule, schedule network diagrams, issue log and quality checklist

11.2.1.11 Procurement Documents : Details used to determine risks associated with planned

procurements. 11.2.1.12 EEFs : Information from industry and academia that give guidance in identification

of risks.

11.2.1.13 OPAs : Which includes project files, organizational process controls, templates for risk statement and lessons learned

11.2.2 Tools & Techniques

11.2.2.1 Documentation Reviews : A structured review of previous project files, project plans and project assumptions.

11.2.2.2 Information Gathering Techniques : Which includes

Brainstorming: Under the leadership of a facilitator, the project team or a multi-

disciplinary group of experts generates ideas about project risks. The information is then refined and categorized.

Delphi technique: A way of reaching consensus among a group of experts who

participate anonymously. The experts give responses to specific questions. The responses are then summarized and provided to the entire group. The anonymity

prevents any participant from dominating the results. Several iterations are usually performed to determine whether a consensus exists among the experts. While this

technique can be used for numerous reasons, the purpose here is to identify major project risks.

Interviewing: Conducted with experienced project managers, subject matter experts

and other stakeholders.

Root cause analysis: Sharpens the definition of a particular risk and facilitates

grouping of risks by cause or category

11.2.2.3 Checklist Analysis : Checklists for risk identification may be compiled from previous projects and an analysis of the risk breakdown structure.

11.2.2.4 Assumptions Analysis : Explores the validity of assumptions as they apply to the

project.

11.2.2.5 Diagramming Techniques : Which includes cause and effect analysis, system or process flow charts, and influence diagrams

11.2.2.6 SWOT Analysis : Examines the project for each of the Strengths, Weaknesses,

Opportunities, and Threats by examining the dimensions of positive and negative risks, and internal and external ones.

11.2.2.7 Expert Judgment : Experts with experience on similar projects or business areas.

11.2.3 Outputs

11.2.3.1 Risk Register : Which contains identified risks and of potential responses. The risk register is built in stages as each risk management process is performed. A plan is provided, risks are identified, risks are then analyzed, response plans are developed and on-going

monitoring and control follows next. New information is developed at each step

11.3 Perform Qualitative Risk Analysis

Qualitative risk analysis is the process of assessing the likelihood and impact of identified

risks and prioritizing them according to their potential effect on project objectives. This process id accomplished using established qualitative methods and tools. The purpose is to help the project team focus on high priority risk and also to lay the foundation for quantitative

analysis should it be needed. Qualitative analysis takes relatively less time and is less expensive to perform when compared to quantitative analysis

11.3.1 Inputs

11.3.1.1 Risk Management Plan : The key elements of the Risk Management Plan used in this

process are

roles and responsibilities for conducting risk management

budget, schedule for risk management activities

definition of risk categories

definition of risk probability and impact

probability and impact matrix

stakeholder’s risk tolerances

11.3.1.2 Scope Baseline : An analysis of the scope baseline will indicate if the project has higher risk, which will occur if the project involves state-of-the-art technology and high

complexity 11.3.1.3 Risk Register : This contains the risks and potential risk responses identified in

process Identify Risks.

11.3.1.4 EEFs : Which includes industry studies of similar projects by risk specialists and risk databases from industry or proprietary sources

11.3.1.5 OPAs : Which includes historical information from similar projects

11.3.2 Tools & Techniques 11.3.2.1 Risk Probability And Impact Assessment: Which comprises of risk probability

assessment investigates likelihood of each risk and risk impact assessment investigates potential effect on project constraints (schedule, cost, quality, scope)

11.3.2.2 Probability and impact matrix : Based on the risk probability and impact assessment, a matrix is created showing both the probability and the impact for each risk. A risk rating is

assigned of high, moderate, or low depending on the pre-determined preference of the organization.

Sometimes, the low risks are put in a watch list for further monitoring during the course of the project.

Risk Categorization :

11.3.2.3 Risk Data Quality Assessment : The degree to which data about risks on the project

has Accuracy, Quality, Reliability and Integrity 11.3.2.4 Risk Categorization : Risks to the project can be categorized according to their

source (using the Risk Breakdown Structure), the area of the project effected (using the Work Breakdown Structure), or the phase of the project effected.

11.3.2.5 Risk Urgency Assessment : Based on whether the risk is likely to occur in the near-term. Some risk rankings combine the risk probability, risk impact and the risk urgency.

11.3.2.6 Expert Judgment : Expert judgment is often used to determine the risk probability

and impact. 11.3.3 Outputs

11.3.3.1 Project Documents Updates : Risk register for each risk identified in process

Assessments of probability and impact

Risk urgency

Risk ranking

Risk categorization

Watch list for low probability risks Assumptions Log–the project scope statement may contain assumptions about the project

which may be updated as a result of the qualitative risk analysis done in this process.

11.4 Perform Quantitative Risk Analysis

Quantitative analysis numerically analyzes the probability of each risk and its consequence on project objectives. Sophisticated techniques such as Monte Carlo simulation and decision

tree analysis are used to do the following.

Determine the probability that specific project objective can be met.

Quantify risk exposure so that cost and schedule reserves can be determined.

Identify which risks require the most attention.

Identify realistic cost, schedule and performance targets. There may be instances in which quantitative analysis is not needed or is not worth the cost.

11.4.1 Inputs

11.4.1.1 Risk Register : provides a list of risks, risk priorities and risk categories (information from all the previous processes).

11.4.1.2 Risk Management Plan: establishes roles and responsibilities, the budget and time to do the analysis, risk categories and stakeholder risk tolerance.

11.4.1.3 Cost Management Plan: provides the format and structure for handling cost-related

information and issues. 11.4.1.4 Schedule Management Plan: provides the format and structure for handling

schedule-related information and issues. 11.4.1.5 EEFs

11.4.1.6 OPAs : Organizational Process Assets that can influence quantitative analysis include information on previous, similar projects, studies of similar projects by risk

specialists , risk database available from professional associations, industry groups or other proprietary sources

11.4.2 Tools & Techniques

11.4.2.1 Data Gathering And Representation Techniques: These techniques include:

Interviewing: Interviews with appropriate subject matter experts yield data requited to

build provability distributions. A common approach is shown in this site, in which experts provide three estimates (low, most likely and high). This approach is very

much like the PERT technique discussed in the time management area.

Probability Distributions: The outcome of interviewing in a probability distribution.

11.4.2.2 Quantitative risk analysis and modelling techniques: Common techniques include:

Sensitivity Analysis: Also known as “what if” analysis, sensitivity analysis uses the power of the computer to examine the effects of variations in different project

variables. For, example, if you vary the duration of a given task, what is the effect on project costs, quality and resource usage. Tornado diagrams may be used to assess the

potential impact of highly uncertain variables on the rest of the project.

Expected Monetary Value Analysis: A statistical concept that calculates a long-term

average outcome. EMV is quite simply multiplying the probability of an event by the monitory amount at stake. EMV analysis is often used in conjunction with decision trees. A decision tree is a diagram that depicts the interactions of possible events. The

process yields the probabilities and/or expected monetary value of various possible outcomes.

Modelling and Simulation: Using data from subject matter experts, computer software program uses random number generators and input values from a probability

distribution to simulate possible project outcomes. Most common form is Monte Carlo. It quantifies a variety of potential risks, including schedule and cost. Produces a distribution of possible outcomes with associated

probabilities. By comparison, PEPT and CPM analysis understate project duration because they cannot account for path convergence. The results of a Monte Carlo simulation are significantly affected by the choice of statistical distribut ion.

11.4.2.3 Expert Judgment: Subject matter experts are needed to provide data and validate the

results.

11.4.3 Outputs 11.4.3.1 Risk Register Updates: The register is now updated with the following new

information from quantitative analysis:

Probabilistic analysis of the project: A forecast of possible cost and schedule

outcomes along with associated confidence levels. In order words, a probability distribution showing possible cost and schedule results.

Probability of achieving cost and time objectives: A quantitative analysis showing the probability of achieving the current project objectives (given the current knowledge of project risks).

Prioritized list of quantified risks: A list of risks that pose the greatest threat (or opportunity) for the project.

Trends in quantitative risk analysis results: If there are any trends in project performance, repetitive analysis will usually show them.

For a project in the Planning and Design phase:

Set project cost and schedule targets

Evaluate if cost estimates and schedules are realistic

Evaluate the adequacy of contingency reserves

Request a contingency exceeding the standard Caltrans allowance

Evaluate the probability (risk) of exceeding specific cost and time targets

Determine the sensitivity of the output probability distribution to input risks (Risk Sensitivity Diagram), highlighting the main risk drivers.

For a project in the Construction phase:

Perform risk‐based budget analyses and forecasting cost at completion

Assess the adequacy of remaining contingency

Request supplemental funds

Evaluate the probability of meeting completion targets. 11.5 Plan Risk Response

Risk response planning is the process of determining how to enhance opportunities or reduce

threats. Response planning assigns one or more people as “response owners” and addresses risks according to their priority. Response planning should consider the following factor:

The response is appropriate for the severity of the risk.

The response is cost effective and timely.

The response is agrees upon and realistic.

The response is owned by a specific person (assigned action item).

11.5.1 Inputs

11.5.1.1 Risk Management plan: As before, the risk plan assigns people who own specific risks, defines the thresholds for whether a risk is low, moderate, or high, and provides the

time and budget to conduct response activities.

11.5.1.2 Risk Register: Based on the analysis from the previous processes of identification

and analysis, the risk register provides the following information:

Identified risks and priority

Root causes and risks grouped by categories

List of potential responses

Risk owners and risk triggers (symptoms and warning signs)

Risks requiring near term response

Watch list of row risks that should be periodically monitored

11.5.2 Tools And Techniques

11.5.2.1Strategies For Negative Risks Or Threats: May be addressed with one or more of the following:

Avoid: This strategy attempts to eliminate a threat, if possible. One possible approach

is to adopt an alternative strategy in one of the following ways: 1) reduce scope or change project objectives, 2) allow the schedule to slip, 3) adopt a proven technical

approach instead of a more innovative, risky one, or 4) use a substitute component that does not have the same risk. Risk can be avoided by removing the cause of the

risk or executing the project in a different way while still aiming to achieve project objectives. Not all risks can be avoided or eliminated, and for others, this approach

may be too expensive or time‐consuming. However, this should be the first strategy

considered.

Transfer: You may consider transferring (deflecting) a risk to another party through numerous practices. Transferring risk involves finding another party who is willing to

take responsibility for its management, and who will bear the liability of the risk should it occur. The aim is to ensure that the risk is owned and managed by the party best able to deal with it effectively. Risk transfer usually involves payment of a

premium, and the cost‐effectiveness of this must be considered when deciding whether to adopt a transfer strategy. Example : Handing over sight security to an

agency who has good track record for handling site security in that area.

Mitigate: Actions taken to reduce the probability or the impact of a risk, earlier

preventive approaches are usually more productive than repairing the damage after it occurs. Conducting more tests or designing back-up systems into critical subsystems

are examples of mitigation. Insurance and performance bonds, Warranties and guarantees, Outsourcing (also called procurement or subcontracting), Contract type (a fixed price contract transfers cost risk to the seller and a cost reimbursement

contract transfers cost risk to the buyer) Note: Transferring a risk does not eliminate the risk. It merely gives someone else the

responsibility to manage that risk.

Accept: This approach may be used for negative risks or threats and for positive

opportunities. Passive acceptance is taking no action and dealing with the problems (or opportunities) if and when they occur. Active acceptance is almost always handled using extra money, time, or resources (known as contingency reserve).

11.5.2.2 Strategies For Positive Risks Or Opportunities:

Exploit: This strategy attempts to maximize the chance of reaching an opportunity. lt uses approaches such as: assigning the most talented resources available, reducing the time to completion, providing better quality than planned, and eliminating

uncertainty. The sponsor should exert influence where needed. This strategy seeks to eliminate the uncertainty associated with a particular upside risk by making the

opportunity definitely happen. Exploit is an aggressive response strategy, best reserved for those “golden opportunities” having high probability and impacts. Ex:

Launching Phase 2 of the project immediately if there is above expectation response for phase 1 of the project

Share: This strategy involves joint ventures, strategic alliances, and other

collaborative arrangements to share risks, share costs, and take advantage of technical synergies (each party performs the portion of the project that they do best). Allocate

risk ownership of an opportunity to another party who is best able to maximize its probability of occurrence and increase the potential benefits if it does occur.

Transferring threats and sharing opportunities are similar in that a third party is used. Those to whom threats are transferred take on the liability and those to whom opportunities are allocated should be allowed to share in the potential benefits.

Example : Sharing profits with investment partner

Enhance: This strategy attempts to increase the "size of an opportunity" by 1)

increasing probability and positive impact (the opposite of mitigating negative risks) and 2)by identifying and maximizing key drivers of positive opportunities. For instance, one might decide to leverage the advantages of a superior technology.

Accept: Used when the organization prefers not to actively pursue an opportunity, but will take advantage of it if it occurs. For example, the organization might not wish to

divert resources from a more promising opportunity.

11.5.2.3 Contingent Response Strategy: A response plan that is used only under predetermined circumstances. This approach is appropriate when planners feel that future warning symptoms will provide adequate time to implement the response activity if the

conditions begin to occur. For example, a particular risk response strategy may be triggered only if a specific milestone is missed.

11.5.2.4 Expert Judgment: As always, people with the right experience, training, and knowledge should be used for the task at hand (in this case, for response planning).

11.5.3 Outputs

11.5.3.1 Project Management Plan Updates: Elements of the plan that may be updated as a result of response planning include:

Schedule management plan

Cost management plan

Quality management plan

Procurement management plan

Human resource management plan

Work breakdown structure

Schedule baseline

Cost performance baseline

Risk register update

11.5.3.2 Project Document Updates: Documents that are updated include risk register update

,assumptions log updates, technical documentation and change requests

11.6 Control Risks

Risk monitoring is the process of keeping track of identified risks, ensuring that risk response

plans are implemented, evaluating the effectiveness of risk responses, monitoring residual risks, and identifying new risks. The purpose of monitoring is to determine whether:

Risk responses have been implemented.

Risk responses were effective (or new responses are needed).

Project assumptions are still valid.

Any risk triggers have occurred.

Risk exposure has changed.

Policies and procedures are being followed-

Any new risks have emerged.

11.6.1 Inputs

11.6.1.1 Risk Register

11.6.1.2 Project Management Plan: Contains the risk management plan which assigns people, risk owners, and the resources needed to carry out risk monitoring activities.

11.6.1.3 Work Performance Data : Includes performance data related to various performance results possibly impacted by risk which includes deliverable status, schedule progress and

cost incurred.

11.6.1. 4 Work Performance Reports: These reports analyze the work performance information just mentioned to create status reports and forecasts using various methods such as earned value.

11.6.2 Tools And Techniques

11.6.2.1 Risk Reassessment: The project team should regularly check for new risks and reassess previously identified risks. At least three possible scenarios should be considered: a)

new risks may have emerged and a new response plan must be devised, b) if a previously identified risk actually occurs, the effectiveness of the response plan should be evaluated for

lessons learned, and c) if a risk does not occur, it should be officially closed out in the risk register.

11.6.2.2 Risk Audits: Evaluate and document the effectiveness of risk responses as well as the effectiveness of the processes being used. Risk audits may be incorporated into the

agenda of regularly scheduled status meetings or may be scheduled as separate events. 11.6.2.3 Variance and Trend Analysis: Used to monitor overall project performance. These

analyses are used to forecast future project performance and to determine if deviations from the plan are being caused by risks or opportunities.

11.6.2.4 Technical Performance Measurement: Using the results of testing, prototyping, and other techniques to determine whether planned technical achievements are being met. As with trend analysis, this information is also used to forecast the degree of technical success on

the project.

11.6.2.5 Reserve Analysis: Compares the remaining reserves to the remaining risk to determine whether the remaining reserve is adequate to complete the project.

11.6.2.6 Meetings: Risk management should be a regular agenda item at the regular team meetings.

11.6.3 Output 11.6.3.1 Work Performance Information : To communicate and support project decision

making

11.6.3.2 Change Requests: When contingency plans are implemented, it is sometimes necessary to change the project management plan. A classic example is the addition of extra money, time, or resources for contingency purposes. These change requests may lead to

recommended corrective actions or recommended preventive actions. Corrective actions may include contingency plans (devised at the time a risk event is identified and used later if the

risk actually occurs) and workarounds (passive acceptance of a risk where no action is taken until or unless the risk event actually occurs). The major distinction is that workaround responses are not planned in advance.

11.6.3.3 Project Management Plan Updates: Again, if approved changes have an effect on

risk information or processes, the project management plan should be revised accordingly.

11.6.3.4 Project Document Updates: Documents that may be updated include assumptions

log updates and technical documentation updates.

11.6.3.5 OPAs Updates: Includes risk plan templates, the risk register, the risk breakdown structure, and lessons learned.