2.11 risk management 1
Transcript of 2.11 risk management 1
11 PROJECT RISK MANAGEMENT Objective of This Chapter:
Project risk management includes the processes of conducting risk management planning,
identification, analysis, response planning, and monitoring and control on a project Risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective. Objectives can include scope, schedule, cost, and quality
No construction project is risk free. Risk should be managed, minimised, shared, transferred, or accepted. But should not be ignored. Most of the small real estate projects the focus of risk
management is mainly limited to cost escalation and material consumption (cement and steel). Rest of the risks are managed on ad-hoc basis. It is worth mentioning that enlarging the scope of risk management will surely help small as well as big projects
The objective of risk management is to increase the probability and impact of positive events,
and decrease the probability and impact of negative events in the project. Risk and uncertainty can potentially have damaging consequences for the construction projects. Therefore, the risk analysis and management should be a major feature of the
construction projects in an attempt to deal effectively with uncertainty and unexpected events and to achieve project success.
Many problems which are faced in later phases of construction project are result from
unmanaged risks from the earlier stage. Hence poor risk management can result into
Increased costs due to ad-hoc management
Loss or reduction in profit
Damage to brand / reputation
And in worst case disposal of the business or insolvency
Project risk management is an iterative process: the process is beneficial when is implemented in a systematic manner throughout the lifecycle of a construction project, from feasibility to the planning stage and to completion. Though it is highlighted that most case
should be taken during planning and execution phases.
Characteristics of project risks:
Project risk is always in the future.
A risk may have one or more causes and, if it occurs, it may have one or more
impacts. A cause may be a requirement, assumption, constraint, or condition that creates the possibility of negative or positive outcomes.
Project risk has its origins in the uncertainty present in all projects
Risk has positive or negative impact on project objectives i.e. scope, schedule, cost
and quality
Individuals and groups adopt attitudes toward risk that influence the way they
respond. These risk attitudes are driven by perception, tolerances, and other biases, which should be made explicit wherever possible Risk attitude depends on
Risk exists the moment a project is conceived.
Moving forward on a project without a proactive focus on risk management increases
the impact that a realized risk can have on the project and can potentially lead to project failure
Important terms in risk management:
Known risks : those that have been identified and analyzed, making it possible to plan responses for those risks
Specific unknown risks : cannot be managed proactively, which suggests that the project team should create a contingency plan
Issues : A project risk that has occurred
Risk attitude : depends on
o Risk appetite : degree of uncertainty willing to take in anticipation of rewards o Risk tolerance : degree of risk that individual or organization can withstand
o Risk threshold : Risk is acceptable below the threshold but not above
Risk response : reflect an organization's perceived balance between risk taking and
risk avoidance. Based on the risk assessment, an appropriate decision is made regarding further actions or proceeding to the next phase. For each risk use flag 'go', 'maybe' and 'no go' options in a decision making process. A 'go' status will constitute a
green light for proceeding on to the next phase while 'no go' will stop the progress until effective risk response is put in place. Evaluation resulting in a 'maybe' decision
will lead to return to a previous step or even phases for further improvements and minimizing risk.
Risk management approach: The level of risk is always related to the project
complexity The fact that there are so many risks which can be identified in the construction industry, can be explained by the project size and their complexity. The
bigger the project is, the larger the number of potential risks that may be faced. Several factors can stimulate risk occurrence. Moreover, when all potential risks have been identified, the project team must remember that there might be more threats.
Therefore, the project team should not solely focus on management of those identified risks but also be alert for any new potential risks which might arise. The easiest way
to identify risk is to analyze and draw a conclusion from projects which failed in the past.
11.1 Plan Risk Management
Risk management planning is the process of deciding how to conduct risk management activities for a project. Careful planning will almost always improve the results from the
other five processes of risk management and is, therefore, time well spent. Risk planning should begin during the earliest stages of project initiation and should be completed early in the project planning process
Following points must be clearly defined in risk management plan:
Determine the project’s risk register requirements based on project estimate and
complexity, and the need for a written project Following guide lines can be used for risk management of projects of various sizes and complexities:
Risk Management Small or low Mid size or medium Big size or high
Process complexity project complexity project complexity project
Risk Identification Yes Yes Yes
Qualitative Analysis Risk Rating Probability & Impact Analysis
Probability & Impact Analysis
Quantitative Analysis Not Necessary Not Necessary Yes
Risk Response Yes Yes Yes
Risk Monitoring Yes Yes Yes
Populate and maintain the project risk register with risks developed by functional units and the phases
Ensure proactive response to all risks and opportunities that will impact the successful delivery of the project.
Decide how risk management will be communicated and discussed with directors
Decide how risk management will be discussed with internal department management
about and external stake holders
Schedule of risk management meetings.
How to monitor and update risks.
Ensure quality of the risk data in the risk register.
Track and monitor the effectiveness of risk response actions
11.1.1 Inputs
11.1.1.1 Project Management Plan : The performance baseline in the areas of scope, time,
and cost may all be affected by risk-related activities. 11.1.1.2 Project Charter : High-level risks, high-level project descriptions, and high- level
requirements are all inputs from the project charter that may be used in planning risk management.
11.1.1.3 Stakeholder Register : Provides an overview of the roles of the various stakeholders on the project.
11.1.1.4 EEFs : Risk attitudes, thresholds, and tolerances of the organization.
11.1.1.5 OPAs : Which includes
Risk categories, definitions
Risk statement formulas, templates
Risk-related roles and responsibilities
Authority levels for risk-related decision making
Lessons learned
11.1.2 Tools & Techniques
11.1.2.1 Analytical Techniques : Used to understand and define the overall risk management
context of the project, which is based on a combination of stakeholder risk attitudes and strategic risk exposure of a given project
11.1.2.2 Expert Judgment : Expertise should be considered from subject matter experts, project stakeholders, and senior management, and lessons learned from previous projects.
11.1.2.3 Meetings : Used to develop the risk management plan. High level plan for
conducting risk management activities are defined in these meetings 11.1.3 Outputs
11.1.3.1 Risk Management Plan : Describes how risk management activities will be planned
and executed. The plan may include the following:
Methodology
Roles and responsibility
Budgeting
Timing
Risk categories: may employ information from the RBS (Risk Breakdown Structure)
Definition of probability and impact: how to describe or measure the likelihood that
an event will occur and the effect on project objectives if it does occur.
Probability and impact matrix (more detail under qualitative analysis)
Revised stakeholder tolerances: Risk planning may cause shifts in how much risk is considered acceptable for a specific project.
Reporting formats
Tracking : How the risk activities will be recorded and audited
11.2 Identify Risks
Risk identification involves determining which risk events are likely to affect the project and
documenting their characteristics. Risk identification is not a one-time event; it is an iterative process and normally leads to qualitative analysis. New risks may emerge at any time and
continued risk identification should be performed on a regular basis throughout the project. During the identification of a risk, it may also become apparent what the appropriate response should be. This information should be recorded for subsequent use in the response planning
process. Different stakeholders will have different expectations and interests in the project. This
naturally creates problems and confusion for even the most experienced project managers and contractors on how to manage risk. Still they should jointly look into risk management which might arise due to following factors
Immature project management practices
Lack of integrated approach to project management
Unmanaged dependency on external participants whose behaviour cannot be controlled
Failure to recognise and develop responses to risk and opportunity
Lack of timely resolution of issues as raised by various stakeholders
Poor contract and claim administration
Lack of compliance with project and regulatory requirements
Unclear or unattainable project objectives
Tight project schedule
Too many design variations
Unsuitable construction program planning
Occurrence of dispute
Price inflation of construction materials
Excessive approval procedures in administrative government departments
Incomplete approval and other documents
Inadequate or insufficient site information (soil test and survey report)
Poor estimation
Budget based on incomplete data
Issues due to contractual problems
Delays due to reasons beyond control of project team or contractors
Quality issues
Insufficient time for testing
Act of god
Inflation and interest rate
Political and regulatory issues
Inputs
11.2.1.2 Risk Management Plan : Assigns roles and responsibilities for risk identification, builds money and time into the plan to accommodate risk identification and provides
information about risk identification and provides information about risk categories that may be relevant for the current project
11.2.1.2 Cost Management Plan : Processes and controls that can be used to identify risks on the project.
11.2.1.3 Schedule Management Plan : Project schedule objectives which may be impacted by risks.
11.2.1.4 Quality Management Plan : Quality measures and metrics for use in identifying risks.
11.2.1.5 Human Resource Management Plan : Which includes roles and responsibilities, project organization chart and staffing management plan
11.2.1.6 Scope Baseline : Which includes project scope statement (contains project
assumptions) and WBS (facilitates understanding of potential risks at summary, control account, and work package levels)
11.2.1.7 Activity Cost Estimates : Provides quantitative assessment of the range of costs of completing scheduled activities, with the width of the range indicating the degree of risk.
11.2.1.8 Activity Duration Estimates : Used to identify risks related to time allowances for activities, with the range of the estimates indicating the degree of risk.
11.2.1.9 Stakeholder Register : Useful for soliciting inputs from stakeholders to identify risks.
11.2.1.10 Project Documents : Which includes project charter, project schedule, schedule network diagrams, issue log and quality checklist
11.2.1.11 Procurement Documents : Details used to determine risks associated with planned
procurements. 11.2.1.12 EEFs : Information from industry and academia that give guidance in identification
of risks.
11.2.1.13 OPAs : Which includes project files, organizational process controls, templates for risk statement and lessons learned
11.2.2 Tools & Techniques
11.2.2.1 Documentation Reviews : A structured review of previous project files, project plans and project assumptions.
11.2.2.2 Information Gathering Techniques : Which includes
Brainstorming: Under the leadership of a facilitator, the project team or a multi-
disciplinary group of experts generates ideas about project risks. The information is then refined and categorized.
Delphi technique: A way of reaching consensus among a group of experts who
participate anonymously. The experts give responses to specific questions. The responses are then summarized and provided to the entire group. The anonymity
prevents any participant from dominating the results. Several iterations are usually performed to determine whether a consensus exists among the experts. While this
technique can be used for numerous reasons, the purpose here is to identify major project risks.
Interviewing: Conducted with experienced project managers, subject matter experts
and other stakeholders.
Root cause analysis: Sharpens the definition of a particular risk and facilitates
grouping of risks by cause or category
11.2.2.3 Checklist Analysis : Checklists for risk identification may be compiled from previous projects and an analysis of the risk breakdown structure.
11.2.2.4 Assumptions Analysis : Explores the validity of assumptions as they apply to the
project.
11.2.2.5 Diagramming Techniques : Which includes cause and effect analysis, system or process flow charts, and influence diagrams
11.2.2.6 SWOT Analysis : Examines the project for each of the Strengths, Weaknesses,
Opportunities, and Threats by examining the dimensions of positive and negative risks, and internal and external ones.
11.2.2.7 Expert Judgment : Experts with experience on similar projects or business areas.
11.2.3 Outputs
11.2.3.1 Risk Register : Which contains identified risks and of potential responses. The risk register is built in stages as each risk management process is performed. A plan is provided, risks are identified, risks are then analyzed, response plans are developed and on-going
monitoring and control follows next. New information is developed at each step
11.3 Perform Qualitative Risk Analysis
Qualitative risk analysis is the process of assessing the likelihood and impact of identified
risks and prioritizing them according to their potential effect on project objectives. This process id accomplished using established qualitative methods and tools. The purpose is to help the project team focus on high priority risk and also to lay the foundation for quantitative
analysis should it be needed. Qualitative analysis takes relatively less time and is less expensive to perform when compared to quantitative analysis
11.3.1 Inputs
11.3.1.1 Risk Management Plan : The key elements of the Risk Management Plan used in this
process are
roles and responsibilities for conducting risk management
budget, schedule for risk management activities
definition of risk categories
definition of risk probability and impact
probability and impact matrix
stakeholder’s risk tolerances
11.3.1.2 Scope Baseline : An analysis of the scope baseline will indicate if the project has higher risk, which will occur if the project involves state-of-the-art technology and high
complexity 11.3.1.3 Risk Register : This contains the risks and potential risk responses identified in
process Identify Risks.
11.3.1.4 EEFs : Which includes industry studies of similar projects by risk specialists and risk databases from industry or proprietary sources
11.3.1.5 OPAs : Which includes historical information from similar projects
11.3.2 Tools & Techniques 11.3.2.1 Risk Probability And Impact Assessment: Which comprises of risk probability
assessment investigates likelihood of each risk and risk impact assessment investigates potential effect on project constraints (schedule, cost, quality, scope)
11.3.2.2 Probability and impact matrix : Based on the risk probability and impact assessment, a matrix is created showing both the probability and the impact for each risk. A risk rating is
assigned of high, moderate, or low depending on the pre-determined preference of the organization.
Sometimes, the low risks are put in a watch list for further monitoring during the course of the project.
Risk Categorization :
11.3.2.3 Risk Data Quality Assessment : The degree to which data about risks on the project
has Accuracy, Quality, Reliability and Integrity 11.3.2.4 Risk Categorization : Risks to the project can be categorized according to their
source (using the Risk Breakdown Structure), the area of the project effected (using the Work Breakdown Structure), or the phase of the project effected.
11.3.2.5 Risk Urgency Assessment : Based on whether the risk is likely to occur in the near-term. Some risk rankings combine the risk probability, risk impact and the risk urgency.
11.3.2.6 Expert Judgment : Expert judgment is often used to determine the risk probability
and impact. 11.3.3 Outputs
11.3.3.1 Project Documents Updates : Risk register for each risk identified in process
Assessments of probability and impact
Risk urgency
Risk ranking
Risk categorization
Watch list for low probability risks Assumptions Log–the project scope statement may contain assumptions about the project
which may be updated as a result of the qualitative risk analysis done in this process.
11.4 Perform Quantitative Risk Analysis
Quantitative analysis numerically analyzes the probability of each risk and its consequence on project objectives. Sophisticated techniques such as Monte Carlo simulation and decision
tree analysis are used to do the following.
Determine the probability that specific project objective can be met.
Quantify risk exposure so that cost and schedule reserves can be determined.
Identify which risks require the most attention.
Identify realistic cost, schedule and performance targets. There may be instances in which quantitative analysis is not needed or is not worth the cost.
11.4.1 Inputs
11.4.1.1 Risk Register : provides a list of risks, risk priorities and risk categories (information from all the previous processes).
11.4.1.2 Risk Management Plan: establishes roles and responsibilities, the budget and time to do the analysis, risk categories and stakeholder risk tolerance.
11.4.1.3 Cost Management Plan: provides the format and structure for handling cost-related
information and issues. 11.4.1.4 Schedule Management Plan: provides the format and structure for handling
schedule-related information and issues. 11.4.1.5 EEFs
11.4.1.6 OPAs : Organizational Process Assets that can influence quantitative analysis include information on previous, similar projects, studies of similar projects by risk
specialists , risk database available from professional associations, industry groups or other proprietary sources
11.4.2 Tools & Techniques
11.4.2.1 Data Gathering And Representation Techniques: These techniques include:
Interviewing: Interviews with appropriate subject matter experts yield data requited to
build provability distributions. A common approach is shown in this site, in which experts provide three estimates (low, most likely and high). This approach is very
much like the PERT technique discussed in the time management area.
Probability Distributions: The outcome of interviewing in a probability distribution.
11.4.2.2 Quantitative risk analysis and modelling techniques: Common techniques include:
Sensitivity Analysis: Also known as “what if” analysis, sensitivity analysis uses the power of the computer to examine the effects of variations in different project
variables. For, example, if you vary the duration of a given task, what is the effect on project costs, quality and resource usage. Tornado diagrams may be used to assess the
potential impact of highly uncertain variables on the rest of the project.
Expected Monetary Value Analysis: A statistical concept that calculates a long-term
average outcome. EMV is quite simply multiplying the probability of an event by the monitory amount at stake. EMV analysis is often used in conjunction with decision trees. A decision tree is a diagram that depicts the interactions of possible events. The
process yields the probabilities and/or expected monetary value of various possible outcomes.
Modelling and Simulation: Using data from subject matter experts, computer software program uses random number generators and input values from a probability
distribution to simulate possible project outcomes. Most common form is Monte Carlo. It quantifies a variety of potential risks, including schedule and cost. Produces a distribution of possible outcomes with associated
probabilities. By comparison, PEPT and CPM analysis understate project duration because they cannot account for path convergence. The results of a Monte Carlo simulation are significantly affected by the choice of statistical distribut ion.
11.4.2.3 Expert Judgment: Subject matter experts are needed to provide data and validate the
results.
11.4.3 Outputs 11.4.3.1 Risk Register Updates: The register is now updated with the following new
information from quantitative analysis:
Probabilistic analysis of the project: A forecast of possible cost and schedule
outcomes along with associated confidence levels. In order words, a probability distribution showing possible cost and schedule results.
Probability of achieving cost and time objectives: A quantitative analysis showing the probability of achieving the current project objectives (given the current knowledge of project risks).
Prioritized list of quantified risks: A list of risks that pose the greatest threat (or opportunity) for the project.
Trends in quantitative risk analysis results: If there are any trends in project performance, repetitive analysis will usually show them.
For a project in the Planning and Design phase:
Set project cost and schedule targets
Evaluate if cost estimates and schedules are realistic
Evaluate the adequacy of contingency reserves
Request a contingency exceeding the standard Caltrans allowance
Evaluate the probability (risk) of exceeding specific cost and time targets
Determine the sensitivity of the output probability distribution to input risks (Risk Sensitivity Diagram), highlighting the main risk drivers.
For a project in the Construction phase:
Perform risk‐based budget analyses and forecasting cost at completion
Assess the adequacy of remaining contingency
Request supplemental funds
Evaluate the probability of meeting completion targets. 11.5 Plan Risk Response
Risk response planning is the process of determining how to enhance opportunities or reduce
threats. Response planning assigns one or more people as “response owners” and addresses risks according to their priority. Response planning should consider the following factor:
The response is appropriate for the severity of the risk.
The response is cost effective and timely.
The response is agrees upon and realistic.
The response is owned by a specific person (assigned action item).
11.5.1 Inputs
11.5.1.1 Risk Management plan: As before, the risk plan assigns people who own specific risks, defines the thresholds for whether a risk is low, moderate, or high, and provides the
time and budget to conduct response activities.
11.5.1.2 Risk Register: Based on the analysis from the previous processes of identification
and analysis, the risk register provides the following information:
Identified risks and priority
Root causes and risks grouped by categories
List of potential responses
Risk owners and risk triggers (symptoms and warning signs)
Risks requiring near term response
Watch list of row risks that should be periodically monitored
11.5.2 Tools And Techniques
11.5.2.1Strategies For Negative Risks Or Threats: May be addressed with one or more of the following:
Avoid: This strategy attempts to eliminate a threat, if possible. One possible approach
is to adopt an alternative strategy in one of the following ways: 1) reduce scope or change project objectives, 2) allow the schedule to slip, 3) adopt a proven technical
approach instead of a more innovative, risky one, or 4) use a substitute component that does not have the same risk. Risk can be avoided by removing the cause of the
risk or executing the project in a different way while still aiming to achieve project objectives. Not all risks can be avoided or eliminated, and for others, this approach
may be too expensive or time‐consuming. However, this should be the first strategy
considered.
Transfer: You may consider transferring (deflecting) a risk to another party through numerous practices. Transferring risk involves finding another party who is willing to
take responsibility for its management, and who will bear the liability of the risk should it occur. The aim is to ensure that the risk is owned and managed by the party best able to deal with it effectively. Risk transfer usually involves payment of a
premium, and the cost‐effectiveness of this must be considered when deciding whether to adopt a transfer strategy. Example : Handing over sight security to an
agency who has good track record for handling site security in that area.
Mitigate: Actions taken to reduce the probability or the impact of a risk, earlier
preventive approaches are usually more productive than repairing the damage after it occurs. Conducting more tests or designing back-up systems into critical subsystems
are examples of mitigation. Insurance and performance bonds, Warranties and guarantees, Outsourcing (also called procurement or subcontracting), Contract type (a fixed price contract transfers cost risk to the seller and a cost reimbursement
contract transfers cost risk to the buyer) Note: Transferring a risk does not eliminate the risk. It merely gives someone else the
responsibility to manage that risk.
Accept: This approach may be used for negative risks or threats and for positive
opportunities. Passive acceptance is taking no action and dealing with the problems (or opportunities) if and when they occur. Active acceptance is almost always handled using extra money, time, or resources (known as contingency reserve).
11.5.2.2 Strategies For Positive Risks Or Opportunities:
Exploit: This strategy attempts to maximize the chance of reaching an opportunity. lt uses approaches such as: assigning the most talented resources available, reducing the time to completion, providing better quality than planned, and eliminating
uncertainty. The sponsor should exert influence where needed. This strategy seeks to eliminate the uncertainty associated with a particular upside risk by making the
opportunity definitely happen. Exploit is an aggressive response strategy, best reserved for those “golden opportunities” having high probability and impacts. Ex:
Launching Phase 2 of the project immediately if there is above expectation response for phase 1 of the project
Share: This strategy involves joint ventures, strategic alliances, and other
collaborative arrangements to share risks, share costs, and take advantage of technical synergies (each party performs the portion of the project that they do best). Allocate
risk ownership of an opportunity to another party who is best able to maximize its probability of occurrence and increase the potential benefits if it does occur.
Transferring threats and sharing opportunities are similar in that a third party is used. Those to whom threats are transferred take on the liability and those to whom opportunities are allocated should be allowed to share in the potential benefits.
Example : Sharing profits with investment partner
Enhance: This strategy attempts to increase the "size of an opportunity" by 1)
increasing probability and positive impact (the opposite of mitigating negative risks) and 2)by identifying and maximizing key drivers of positive opportunities. For instance, one might decide to leverage the advantages of a superior technology.
Accept: Used when the organization prefers not to actively pursue an opportunity, but will take advantage of it if it occurs. For example, the organization might not wish to
divert resources from a more promising opportunity.
11.5.2.3 Contingent Response Strategy: A response plan that is used only under predetermined circumstances. This approach is appropriate when planners feel that future warning symptoms will provide adequate time to implement the response activity if the
conditions begin to occur. For example, a particular risk response strategy may be triggered only if a specific milestone is missed.
11.5.2.4 Expert Judgment: As always, people with the right experience, training, and knowledge should be used for the task at hand (in this case, for response planning).
11.5.3 Outputs
11.5.3.1 Project Management Plan Updates: Elements of the plan that may be updated as a result of response planning include:
Schedule management plan
Cost management plan
Quality management plan
Procurement management plan
Human resource management plan
Work breakdown structure
Schedule baseline
Cost performance baseline
Risk register update
11.5.3.2 Project Document Updates: Documents that are updated include risk register update
,assumptions log updates, technical documentation and change requests
11.6 Control Risks
Risk monitoring is the process of keeping track of identified risks, ensuring that risk response
plans are implemented, evaluating the effectiveness of risk responses, monitoring residual risks, and identifying new risks. The purpose of monitoring is to determine whether:
Risk responses have been implemented.
Risk responses were effective (or new responses are needed).
Project assumptions are still valid.
Any risk triggers have occurred.
Risk exposure has changed.
Policies and procedures are being followed-
Any new risks have emerged.
11.6.1 Inputs
11.6.1.1 Risk Register
11.6.1.2 Project Management Plan: Contains the risk management plan which assigns people, risk owners, and the resources needed to carry out risk monitoring activities.
11.6.1.3 Work Performance Data : Includes performance data related to various performance results possibly impacted by risk which includes deliverable status, schedule progress and
cost incurred.
11.6.1. 4 Work Performance Reports: These reports analyze the work performance information just mentioned to create status reports and forecasts using various methods such as earned value.
11.6.2 Tools And Techniques
11.6.2.1 Risk Reassessment: The project team should regularly check for new risks and reassess previously identified risks. At least three possible scenarios should be considered: a)
new risks may have emerged and a new response plan must be devised, b) if a previously identified risk actually occurs, the effectiveness of the response plan should be evaluated for
lessons learned, and c) if a risk does not occur, it should be officially closed out in the risk register.
11.6.2.2 Risk Audits: Evaluate and document the effectiveness of risk responses as well as the effectiveness of the processes being used. Risk audits may be incorporated into the
agenda of regularly scheduled status meetings or may be scheduled as separate events. 11.6.2.3 Variance and Trend Analysis: Used to monitor overall project performance. These
analyses are used to forecast future project performance and to determine if deviations from the plan are being caused by risks or opportunities.
11.6.2.4 Technical Performance Measurement: Using the results of testing, prototyping, and other techniques to determine whether planned technical achievements are being met. As with trend analysis, this information is also used to forecast the degree of technical success on
the project.
11.6.2.5 Reserve Analysis: Compares the remaining reserves to the remaining risk to determine whether the remaining reserve is adequate to complete the project.
11.6.2.6 Meetings: Risk management should be a regular agenda item at the regular team meetings.
11.6.3 Output 11.6.3.1 Work Performance Information : To communicate and support project decision
making
11.6.3.2 Change Requests: When contingency plans are implemented, it is sometimes necessary to change the project management plan. A classic example is the addition of extra money, time, or resources for contingency purposes. These change requests may lead to
recommended corrective actions or recommended preventive actions. Corrective actions may include contingency plans (devised at the time a risk event is identified and used later if the
risk actually occurs) and workarounds (passive acceptance of a risk where no action is taken until or unless the risk event actually occurs). The major distinction is that workaround responses are not planned in advance.
11.6.3.3 Project Management Plan Updates: Again, if approved changes have an effect on
risk information or processes, the project management plan should be revised accordingly.
11.6.3.4 Project Document Updates: Documents that may be updated include assumptions
log updates and technical documentation updates.
11.6.3.5 OPAs Updates: Includes risk plan templates, the risk register, the risk breakdown structure, and lessons learned.