In the previous chapter, we took a high level look at the monitor and control risks process. By now, you must be accustomed to the fact that, every process has a set of inputs and uses a set of tools and techniques to generate an output. This process – Monitor and Control Risks is no different.
Before we actually take a look at the actual inputs used in this process let us look at the purpose of this process. The idea here is to give you another opportunity to try to guess what inputs you may require for this process. If you read the purpose statement carefully, you can get a fair idea of what artifacts from our Project you may want to use for this activity.
Purpose of the Process:
To implement risk response plans, track identified risks, monitor residual risks, identify new risks, evaluate the effectiveness of risk response plans and of the risk management process.
This process uses a total of 4 inputs. They are:
1. Risk Register
2. Project Management Plan
3. Work Performance Information
4. Performance Reports
People easily confuse work performance information and performance reports. So, be cautious and understand them properly before you move on to the next chapter.
Let’s take a detailed look at each of these inputs…
This one is a no brainer, isn’t it? What process in Risk Management does not use the Risk Register as an input? The answer would be – Plan Risk Management and Identify risks where you actually create this document. Isn’t it?
The monitor and control risks process will make use of all of the Contents of the Risk Registerthat is available till date. However, for easier understanding, the following elements of the Risk Register are used in particular for this process:
1. Agreed Upon Risk Responses - This is a key input because, these responses are what we will be implemented during this process. We created them during the plan risk responses process. During this process, after we implement the responses, we also try to find out the effectiveness of the response and see if the response was sufficient. This is required because, if the risk still exists, we need to take actions to prevent any further impact on our project. Right?
2. Implementation Actions - Implementation Actions refers to - what exactly needs to be done in order to implement a response. For ex: In case our strategy to handle a risk is “Transfer” whereby we entrust the responsibility to handle the risk to a third party, a common implementation action would be – Get a formal contract signed with the 3rd party.
3. Risk Owners – People who own the risk and have been assigned the responsibility of tracking this risk
4. Symptoms and Warning Signs – Indications that can tell us if a risk event is about to occur or has already occurred. This is important because; if you do not know what warning signs suggest if a risk is about to occur, how would you handle it?
5. Residual Risks – These are risks that remain after you implement your response. Typically we will use contingency plans and reserves to handle residual risks.
6. Secondary Risks – These are risks that were created as a direct consequence of us implementing a risk response. Here again, we may utilize contingency reserves to handle them.
7. Watchlist – A list of low priority risks that we have kept aside. You may be wondering why this is an input to this process. Actually, when we place a low priority risk in this watchlist, it means that this risk isn’t relevant now but its status could change in the future. During the monitor and control risks process, we will be actually checking the status of each of those watchlist risks so that we will be prepared to handle them in case any of their probabilities or impacts have changed
8. Contingency Reserves for Time & Cost – as contingency plans are put into action, we need to continuously track them in line with the reserves that were put in place during the planning phase.
Project Management Plan
Actually speaking, the Risk Management Plan is the key input that we will be using for this process. But, since the RM Plan is a subsidiary of the PM Plan and also since we may need to refer to other subsidiary plans inside the PM Plan, the PMBOK chose the use the holistic term “Project Management Plan” instead of “Risk Management Plan”.
The following items from the Risk Management Plan are used in this process:
• Roles and Responsibilities
• Risk Tolerance Levels
• Time and Resources set aside for Risk Management Activities
Work Performance Information
Work Performance Information is generated by the Directing and Managing Project Execution process which is part of the Project Integration Management in Project Execution Phase.
As the project progresses, a lot of information is collected about the project like:
• Status of the deliverables
• Schedule Progress
• Cost incurred
A point to note here is that, all of the above mentioned information is collected as of the current date. Naturally, this information will not be available until we actually start doing project work (In the Project Execution Phase) and may vary as our work progresses.
Performance Reports are generated as part of Report Project Performance process and is part of Communications Management during Monitoring & Controlling the Project.
Performance reports contain an analysis of the Work Performance Information collected during Project Execution. We will need this information to perform variance analysis, earned value analysis etc.
Performance reports include:
• Analysis of Past Performance
• Status of Risks & Issues
• Work Completed (So Far)
• Work that was to be Completed (So Far)
• Summary of Changes
• Variance Analysis Results
• Forecasted completion information (date & cost)
As suggested earlier, all of these items are generated using the Work Performance Information. To recollect, Work Performance Information is generated by the Directing and Managing Project Execution process which is part of the Project Integration Management in Project Execution Phase.
You may be wondering why PMBOK has used both Performance Reports and Work Performance Information as inputs. If the performance reports are generated using the work performance information, why not use just the performance reports?
The performance reports actually take the status of the project collected (the work performance info) and provides us with reports that give us valuable insight on how the project work is progressing. However, as with any other process, we don’t just use the output. We also store the basis of our findings and hence without work performance information we wouldn’t be in a position to confirm the fact that the report is indeed correct. We are doing risk management here. So, we need to take into account of the fact that, incorrect reports could be a source of risks for the project.
Prev: Introduction - Monitor & Control Risks
Next: Overview of Tools & Techniques used in Monitor & Control Risks