
The new PMI-RMP exam will cover updated terminology and processes, as well as enterprise-level risks the candidate needs to be knowledgeable about to be successful in project risk management. While the exam will have the same number of questions and will be approximately the same length, it will have new multiple select questions. Predictive, agile, and hybrid approaches will be found throughout the tested domains. Lastly, upon the release of the updated exam (April 2022), candidates have the option to take the exam in either English or Arabic.
The new exam covers the following five domains:
•Risk Strategy and Planning
•Risk Identification
•Risk Analysis
•Risk Response
•Monitor and Close Risks
This standard describes the application of risk management within an Enterprise Risk Management (ERM) context that includes the portfolio, program, and project domains. Risk management shapes the decision-making processes across the organization and within each domain.
Risk management also establishes iterative connections among portfolios, programs, and projects and links these connections with ERM and organizational strategy.
Risk management allows an organization to:
•Anticipate and manage change,
•Improve decision-making,
•Proactively implement typically lower-cost preventive actions instead of higher-cost reaction to issues,
•Increase the chances to realize opportunities for the benefit of the business,
•Generate broad awareness of uncertainty of outcomes,
•Act upon the transformations taking place in its business environment, and
•Support organizational agility and resilience.
The Principles and Concepts chapter introduces the key ideas required to understand and apply Risk Management to Enterprises, portfolios, programs, and projects. These principles and concepts are generally consistent with other approaches to Risk Management commonly used although the terminology may differ in some details.
When a risk event occurs, it ceases to become uncertain. Threats that occur may be called issues or problems; opportunities that occur may be called benefits.
Risk
An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more objectives.
Objectives include scope, schedule, cost, and quality.
Risk Attitude. A chosen mental disposition towards uncertainty, adopted explicitly or implicitly by individuals and groups, driven by perception, and evidenced by observable behavior. Risk attitude exists on a continuous spectrum, but common risk attitudes include risk averse, risk tolerant, risk neutral and risk seeking.
Risk Appetite Risk appetite expresses the level of risk the organization is willing to take in pursuit of its portfolio, program, and project objectives. Portfolio, program, and project risk is not a singular, but rather a multifaceted concept.
Risk Tolerance The degree, amount, or volume of risk that an organization or individual will withstand.
Risk Threshold. A measure of the level of risk exposure above which action must be taken to address risks proactively, and below which risks may be accepted.
Risks are present in every organizational activity, especially across endeavors such as portfolios, programs, and projects. Organizational inertia is inherently risky because products and services become stale over time and organizations may lose their competitiveness due to societal and technological changes.
Risks can be difficult to manage because a single risk can have a different impact on various components of portfolios and programs, and across the various levels of an organization.
Organizations and professionals need to balance threats and opportunities and the dilemmas of inaction versus action.
This section addresses this dilemma by providing the framework for risk management across the enterprise and its portfolio, program, and project management activities
Accountability is individual by nature and derived from a position held in the organization. Accountability is related to authority in that one is usually held accountable within one’s limits of authority. However, one still may be held accountable beyond one’s authority to act.
Responsibility resides in an individual by the assignment of a function or task. By accepting the assignment, an individual takes on the associated responsibility. The fact that others higher in the organization may also be held responsible or accountable does not diminish the responsibility held by the individual. The assigning individual still is held accountable for the delegated task, but the responsibility is passed to the assigned individual.
Authority, like responsibility, may be delegated and gives an individual the ability to make decisions within defined bounds.
The risk management life cycle works within the risk management framework to ensure risks are managed in a structured manner regardless of the portfolio, program, or project life cycle approach.
The purpose of establishing a framework is to align resources and processes to the organization’s strategies and objectives.
Organizations build adaptive frameworks to ensure alignment with environmental competitiveness and confront increasing complexity associated with goal attainment and decision making.
Complexity is an inherent characteristic of portfolios, programs, and projects and their environment, which is difficult to manage due to various aspects involved in the workflow: human behavior, system behavior, uncertainty, and ambiguity.
Complexity impacts the stability, predictability, and capacity of both the organization and its activities to sustain its business.
An integrated view of risk management is required to define the right construct in the organization’s governance and operations. By establishing the appropriate framework, an organization is able to:
Articulate objectives,
Define external and internal parameters for processing an effective risk management life cycle, and
Establish risk criteria within the scope for the remaining processes through iterative activities.
The feasibility of risk management planning is dependent upon the features of the organization in which it is carried out. The rules and guidelines defined in the risk management plan reflect
The culture of the organization,
Its capabilities regarding people and facilities, and
Its values, goals, and objectives.
The risk management plan identifies and describes relevant organizational procedures and any other enterprise environmental factors that apply, such as strategic risk management, enterprise risk management (ERM), and corporate governance processes.
Once the risk management scope and objectives are agreed upon, the process of identifying risks begins, with care taken to distinguish genuine risks from non-risks, such as concerns and issues. It is unlikely that all risks are, or even can be, identified at the outset. Over time, the level of risk exposure may change as a result of the decisions and actions taken previously and of externally imposed changes.
The purpose of risk identification is to identify risks to the extent practicable. The emergent nature of risk requires the risk management process to be iterative, repeating the risk identification activities in order to find risks that were not previously evident.
The aim is to expose and document all knowable risks, recognizing that some risks are inherently unknowable and others emerge later in the work. Input is sought from a wide range of stakeholders when identifying risks, since each stakeholder may have a different perspective on the risks facing the portfolio, program, or project.
Historical records and documents may also be reviewed to help identify risks.
Qualitative risk analysis evaluates the importance of each risk in order to categorize and prioritize individual risks for further attention. It also provides a mechanism for evaluating the level of overall portfolio, program, or project risk.
The Perform Quantitative Risk Analysis process provides insight into the combined effect of identified risks on the desired outcome. This process takes into account probabilistic or component-wide effects, such as correlation between risks, interdependency, and feedback loops. It provides an indication of the degree of overall risk faced by the portfolio, program, or project.
The Plan Risk Responses process determines the effective response actions that are appropriate for the priority of the individual risks and for the overall risk. This process takes into account the stakeholders’ risk attitudes and the conventions specified in the risk management plan, in addition to any constraints and assumptions that were determined when the risks were identified and analyzed.
Once the planning of risk responses is complete, all of the approved unconditional response actions are included and defined in the relevant management plans. These actions may be delegated to action owners as appropriate. The risk owner monitors actions to determine their effectiveness and to identify any secondary risks that may arise because of the implementation of risk responses.
The purpose of risk management within the portfolio domain is to secure efficient and effective value delivery, which is pursued through the realization of the organization’s strategic objectives. It is achieved by combining the management of opportunities and threats.
A portfolio is a collection of projects, programs, subsidiary portfolios, and operations managed as a group to achieve strategic objectives. Risk management in the portfolio domain ensures that all of the components implement effective processes to manage the entire risk management life cycle.
At the portfolio level, risk management takes into account the entire organizational framework.
One of the main goals of portfolio management is to build a risk-efficient portfolio, where the organization chooses to take an appropriate amount of risk within the portfolio in order to achieve the required value in the overall organizational strategy. This is achieved by adding or removing portfolio components, based on their contributions to the overall risk exposure and strategic value.
The purpose of risk management within the program domain is to secure optimal realization of program benefits. This purpose is achieved by combining the management of opportunities and threats.
One of the key characteristics of a program is complexity, and risk management addresses this aspect. Risk management practices within a program use opportunities to reduce complexity and address threats that occur as a result of complexity.
Programs consist of related projects, subsidiary programs, and program activities managed in a coordinated manner to obtain benefits not available from managing them individually.
Risk management ensures that all of these components have effective processes to manage the entire risk management life cycle.
Program Strategy Alignment ensures that a program contributes to organizational strategy in the expected way.
Risk management efforts in this domain address new strategic opportunities and threats. When necessary, these efforts lead to appropriate program redefinition or changes in the relevant program components.
The purpose of risk management within the project domain is to support the optimal delivery of project results leading to the realization of benefits for which the project was undertaken. In addition, risk management helps to ensure that delivery of these results occurs within the identified project constraints.
•Projects are aimed at creating a unique product, service, or result. Project risks are triggered by uncertainty in some of the operational activities and enterprise environmental factors. Project success is assessed and evaluated based upon the ability to deliver a tangible outcome.
•Therefore, risks that are managed at the project level are evaluated and considered according to their potential impact on the ability to deliver a tangible outcome. The evaluation and analysis of risks are focused at the tactical level, and every other consideration in terms of impact on expected value or benefit creation is escalated to the portfolio or program governance level.
•Project teams need to have visibility into the strategic objectives that led to its authorization. This allows for effective, proactive project management and reporting of key opportunities and threats that could potentially impact the objectives.
Development life cycles: one or more phases that are associated with the development. can be predictive, iterative, incremental, adaptive, or a hybrid model.
Predictive life cycle (waterfall) scope, time, and cost are determined in the early phases.
Iterative life cycle, the project scope is generally determined early, but time and cost estimates are routinely modified.
Incremental life cycle, the deliverable is produced through a series of iterations that successively add functionality within a predetermined timeframe.
Adaptive life cycles are agile or change-driven life cycles, iterative, or incremental. The detailed scope is defined and approved before the start of an iteration.
hybrid life cycle is a combination of a predictive and an adaptive life cycle.
The Practice Standard for Project Risk Management was published in 2009. Its purpose was to (a) provide a standard for project management practitioners and other project stakeholders that defined the aspects of project risk management recognized as good practice on most projects most of the time and (b) provide a standard that is globally applicable and consistently applied.
•2009: The Practice Standard for Project Risk Management covered risk management for a single project. (PMBOK® Guide 4th Edition) formed the basis for the Practice Standard for Project Risk Management. Like the PMBOK® Guide, the practice standard did not cover risk in portfolios or programs.
•2018, PMI recognized that risk management is a major consideration in portfolios and programs as well as projects (PMBOK® Guide 6th Edition)
A portfolio is a collection of projects, programs, subsidiary portfolios, and operations managed as a group to achieve strategic objectives. At the portfolio level, projects, programs, and operations are aligned with the organization’s investment strategy to assure achievement of strategic objectives through portfolio operations.
The focus of portfolio management is on the alignment of programs, projects, and operations with the organization’s strategy and balancing risks to achieve strategic objectives. Portfolio managers manage the resources, constraints, and interfaces between subordinate programs, projects, and operational activities.
The primary objective of portfolio risk management is to ensure portfolio components achieve the best possible success according to the organization’s strategy and business model. From a risk perspective, this is accomplished through the balancing of positive and negative risks. Risk management controls help to achieve this by seamlessly integrating risk practices into the portfolio life cycle within all of the performance domains. This approach ensures that risk management becomes a natural part of portfolio management and helps achieve success in value delivery.
The purpose of risk management within a program is to secure optimal realization of intended program benefits. Risk management controls help to achieve that by seamlessly integrating risk practices into the program life cycle and within all of the performance domains.
This approach ensures that risk management becomes a natural part of program management and helps achieve success in benefits delivery by the program.
The purpose of risk management within projects is to secure the optimal delivery of the unique product, service, or result for which the project was undertaken. Risk management controls help to achieve optimal delivery by seamlessly integrating risk practices into the project life cycle and within all of the Knowledge Areas. This approach ensures that risk management becomes a natural part of project management.
Many techniques are in widespread use to support risk management processes. This appendix provides examples and highlights some of the most common and effective techniques that support the risk management life cycle. This information is not intended to explain the techniques in detail but to list their most important characteristics. Those who are interested in learning more are encouraged to seek additional sources of information.
There are three major types of techniques: templates and lists, process techniques, and quantitative techniques. Templates and lists are designed to reflect industry and internal benchmarks and best practices as well as lessons learned. Process techniques make it easier to manage the risk management process and range from basic documents and spreadsheets to automated processes. Quantitative techniques support the analytical aspect of considering options and consequences in definitive terms.
Enterprise risk management (ERM) considers all of an organization’s risks as an interrelated collection. It is a systematic, organized, and structured methodology of examining and measuring all risks facing an organization, developing suitable responses, and communicating, monitoring, and managing these to align with the strategic objectives of the organization. For ERM to deliver maximum benefits, it is essential that a common approach to risk management be used across the enterprise.
This course was designed based on the new PMI-RMP® exam (April 2022) to enable professionals to identify, assess, and successfully treat risks in all types of Entreprises, portfolios, programs, projects, and capacities including day-to-day work, and empowers them to become internationally recognized and certified as Project Risk Management Professionals based on PMBOk® (7th & 6th Editions).
Risk management allows an organization to:
•Anticipate and manage change,
•Improve decision-making,
•Proactively implement typically lower-cost preventive actions instead of higher-cost reactions to issues,
•Increase the chances to realize opportunities for the benefit of the business,
•Generate broad awareness of uncertainty of outcomes,
•Act upon the transformations taking place in its business environment, and
•Support organizational agility and resilience.
The new PMI-RMP exam will cover updated terminology and processes, as well as enterprise-level risks the candidate needs to be knowledgeable about to be successful in project risk management.
The new PMI-RMP exam covers the following five domains:
•Risk Strategy and Planning
•Risk Identification
•Risk Analysis
•Risk Response
•Monitor and Close Risks
Course Objectives:
Upon completion of this course, participants will be able to:
Describe and understand all Risk Management defined processes, as outlined in the PMI® PMBOK® Guide
Gain the necessary information to prepare for the PMI® Project Risk Management Professional (PMI RMP) Certification Exam
Use internationally-recognized best practices for managing project and operations risks.
Apply risk management techniques to determine the true cost and schedule for projects and operations
Demonstrate the impact of successful Risk Management on the organization
Avoid common risk management pitfalls
Describe Risk Management principles and techniques and how they apply to the day-to-day management of projects and operations
Have a practical set of self-study techniques and a bibliography of reference material
Use common risk management terminology
Be more focused and proactive about preventing problems, rather than just dealing with them as they occur
Who Should Attend
This course serves in preparing the participants to qualify for the Project Management Institute Risk Management Professional (PMI-RMP) exam.
This course is also for any individual, who is engaged in the risks management profession with a minimum of one year of experience as a risk management practitioner. Risk managers, project managers, and line managers will benefit from this course.
Best Regards
Dr. Ahmed Hassan, DBA, Ph.D., PgMP, PMP, RMP, ACP, PBA
PMO Director, MCIT