Risk Management in PMP [Exam Notes]
- Karthick Kumar Rajappan
- Feb 24
- 2 min read
| Key Points | Example |
Purpose | Identify, analyse, and prepare for uncertainty (threats & opportunities). | Tower‑crane breakdown risk P 30 %, I SAR 1 M; opportunity: bulk steel price drop. |
Activities | Plan Risk → Identify → Qualitative → Quantitative → Plan Responses → Implement Responses → Monitor Risks | Monte‑Carlo predicts P90 schedule = 26 months; buy spare crane motor (mitigate). |
Responses | Threats: Avoid, Mitigate, Transfer, Accept • Opportunities: Exploit, Enhance, Share, Accept | Took forward‑buy agreement to Exploit expected steel price fall. |
Artefacts | Risk Register, Risk Report, Watch List, Workaround Log |
Risk activities are the steps performed to manage uncertainty in a project — both threats (negative risks) and opportunities (positive risks).
Core Risk Management Activities (PMP-Aligned)
Step | Activity | Description |
1 | Plan Risk Management | Define how risk management will be conducted on the project |
2 | Identify Risks | List all potential risks that could impact the project |
3 | Perform Qualitative Risk Analysis | Prioritize risks based on probability and impact |
4 | Perform Quantitative Risk Analysis (optional) | Numerically analyze the effect of identified risks on objectives |
5 | Plan Risk Responses | Develop options and actions to reduce threats or enhance opportunities |
6 | Implement Risk Responses | Carry out the agreed-upon mitigation/enhancement actions |
7 | Monitor Risks | Track existing risks, monitor new ones, evaluate response effectiveness |
Plan Risk Management
Decide how to approach risk for the specific project.
Who’s responsible
Risk appetite & tolerance
Tools and templates
Frequency of reviews
Example: Define that the risk register will be updated weekly, and risk scoring will be done using a 1–5 scale.
Identify Risks
Create a risk register with all known risks.
Use tools like brainstorming, interviews, checklists, SWOT, PESTLE
Identify both threats and opportunities
Example: "Late delivery of HVAC units due to customs clearance" → Threat"Unexpected supplier discount" → Opportunity
Perform Qualitative Risk Analysis
Assess and prioritize risks using probability and impact.
Create a risk matrix (low–high)
Categorize risks (technical, external, etc.)
Use expert judgment
Example: A high-probability / high-impact risk like "Data breach" is ranked as critical.
Perform Quantitative Risk Analysis (Optional)
Use numerical models to assess impact.
Monte Carlo simulation
Expected Monetary Value (EMV)
Sensitivity analysis
Example: A schedule risk analysis shows there’s a 30% chance of project delay beyond 15 days.
Plan Risk Responses
Decide how to address each high-priority risk.
For Threats:
Strategy | Description |
Avoid | Eliminate the threat (e.g., change scope) |
Mitigate | Reduce probability/impact (e.g., extra testing) |
Transfer | Shift risk to third party (e.g., insurance) |
Accept | Do nothing or set contingency |
For Opportunities:
Strategy | Description |
Exploit | Ensure it happens (e.g., assign top talent) |
Enhance | Increase its probability or impact |
Share | Partner to capture benefits |
Accept | Take advantage if it occurs |
Implement Risk Responses
Carry out the mitigation, transfer, or enhancement actions planned.
Example: If the risk response is to "outsource roofing work to avoid delays", then contracting and supervising that vendor is part of this step.
Monitor Risks
Continually track risks and the effectiveness of responses.
Update risk register
Reassess and close risks
Conduct risk audits
Example: During weekly review, a previously identified risk (supplier bankruptcy) is resolved, and a new one (political instability) is added.
Risk Register Example (Simplified)
ID | Risk Description | Type | Impact | Probability | Priority | Response |
R01 | Equipment delivery delay | Threat | High | Medium | High | Mitigate – add buffer |
R02 | Design optimization found | Opportunity | Medium | High | High | Exploit – assign top team |
Comments