PMI Visual Wall — Batch 1: Foundation & PMBOK 7

PMI VISUAL WALL · BATCH 3

Section 4 — Risk Management · Posters 11–13 🖨 Print / Save as PDF — A3 landscape Tip: in the print dialog set paper = A3, layout = Landscape, margins = None, "Background graphics" ON.

Batch 3 — Risk Management (Posters 11–13)

This batch covers The Standard for Risk Management in Portfolios, Programs & Projects: the fundamentals & guiding principles, the end-to-end risk process with all response strategies, and how risk scales and cascades across the three levels. Same anatomy as the rest of the wall, with a red spine for Risk. Print with the button above (A3, landscape, margins None, background graphics ON).

The big idea: a risk is an uncertain event with a positive (opportunity) or negative (threat) effect on objectives. Risk management exists to maximise opportunity and minimise threat — protecting and creating value.

POSTER 11

Section 4 · Risk Management — Foundations

Risk Fundamentals & Principles

A risk is an uncertain event or condition that, if it occurs, has a positive (opportunity) or negative (threat) effect on objectives. Risk management exists to maximise opportunity and minimise threat — protecting and creating value across projects, programs and portfolios.

The Core Distinctions

Term	Means	Not to be confused with
Risk	Uncertain — may happen (future)	Issue — has already occurred (now)
Threat	Risk with a negative effect	Opportunity — risk with a positive effect
Individual risk	One discrete event/condition	Overall risk — aggregate effect of all uncertainty
Secondary risk	Created by a response	Residual risk — left after a response

How Much Risk? — The Appetite Stack

• Risk appetite — the amount of risk an organisation is willing to pursue (board-level).
• Risk tolerance — the acceptable variation around objectives.
• Risk threshold — the measurable trigger point where action is required.
• Risk capacity — the maximum risk the organisation can absorb.
• Risk attitude: averse · neutral · seeking · tolerant.

Guiding Principles of Effective Risk Management

• Value-focused — protect and create value.

• Aligned to objectives, strategy & governance.

• Tailored to context, scale & complexity.

• Balanced — addresses threats and opportunities.

• Integrated into decisions & everyday processes.

• Best information — explicit about uncertainty & bias.

• Transparent & inclusive communication.

• Iterative & responsive to change.

• Clear ownership & accountability.

• Risk-aware culture — everyone, continuously.

Exam Concepts

• Risk is both positive & negative — opportunities are risks.
• Risk = future & uncertain; an issue is certain / already here.
• Appetite ≠ tolerance ≠ threshold — know each.
• Secondary vs residual risk; individual vs overall risk.

Executive View

• Risk appetite is a board-level strategic statement.
• Risk-adjusted decisions beat gut calls — fund uncertainty deliberately.
• A risk-aware culture surfaces bad news early.

Industry Example

Defence

• Threat: a single-source forging supplier could slip 12 weeks. Opportunity: a new alloy could cut hull weight and win follow-on work. Both are logged, owned and managed.

Relationships

• Operationalises PMBOK 7 Principle 10 (Risk) & the Uncertainty domain (Poster 3).
• Managed at three levels — project, program, portfolio (Poster 13).
• Quantitative outputs feed reserves & the cost baseline (EVM, Posters 14–15).

Memory Hooks

• "Risk is future; an issue is now."
• Threats AND opportunities — risk cuts both ways.
• Appetite → tolerance → threshold = want → accept → act.

60-sec Review Risk vs issue Threat vs opportunity Appetite / tolerance / threshold Secondary vs residual Name 4 principles

PMI Visual Wall · Poster 11 · Risk — Fundamentals & Principles · original instructional design · A3 landscape

POSTER 12

Section 4 · Risk Management — The Process

The Risk Management Process

An iterative cycle : set the strategy, find risks, size them (qualitatively then, where needed, quantitatively), plan & implement responses, and monitor — repeating throughout the life cycle. The risk register and risk report are the living artifacts that carry it.

Visual Map — Plan → Identify → Analyse → Respond → Monitor

1 · Plan strategy, RBS, P&I scales ▸ 2 · Identify ongoing → risk register ▸ 3 · Qualitative P×I → prioritise ▸ 4 · Quantitative model overall risk ▸ 5 · Plan Responses ▸ 6 · Implement ▸ 7 · Monitor ↺

Identify and Monitor never stop. Quantitative analysis is optional — used on larger/complex efforts to size overall risk and justify reserves; qualitative is the fast triage every time.

Threat Responses

Avoid eliminate the threat or its cause (change the plan). Transfer shift impact & ownership to a third party (insurance, warranty, fixed-price). Mitigate reduce probability and/or impact. Accept take no action (passive) or set a contingency (active). Escalate raise to the level with authority to act.

Opportunity Responses

Exploit make certain the opportunity is realised (mirror of Avoid). Share partner with someone better able to capture it (mirror of Transfer). Enhance increase probability and/or impact (mirror of Mitigate). Accept take it if it arrives, but don't actively chase it. Escalate raise to the level that can pursue it.

Tools by Step

• Identify: brainstorming, checklists, RBS, assumption analysis, SWOT, interviews.

• Qualitative: probability & impact (P-I) matrix, risk categorisation, urgency.

• Quantitative: EMV, decision tree, Monte Carlo, sensitivity / tornado.

• Reserves: contingency vs management reserve analysis.

Reserves — Funding Uncertainty

• Contingency reserve — for known risks; inside the cost baseline; the PM controls it.
• Management reserve — for unknown risks; outside the baseline; management approves its release.

Exam Concepts

• Qualitative = subjective P×I, fast; quantitative = numeric model of overall risk.
• Contingency (known, PM) vs management (unknown, mgmt) reserve.
• Risk owner manages the risk; a response owner executes an action.
• A trigger is the early-warning sign a risk is occurring.

Executive View

• Quantitative analysis defends the contingency ask to the board.
• Response strategy = a cost-vs-exposure trade, not box-ticking.
• Watch overall risk, not just the loudest single risk.

Industry Example

Manufacturing

• Line install: supplier-delay risk → qualitative HIGH → Monte Carlo shows P80 finish +5 wks → response = transfer (LD clause) + mitigate (dual-source).

60-sec Review Recite the 7-step cycle 5 threat responses 5 opportunity responses Qual vs quant Contingency vs management reserve

PMI Visual Wall · Poster 12 · Risk — The Process & Responses · original instructional design · A3 landscape

POSTER 13

Section 4 · Risk Management — Scaling & Quantifying

Risk Across the Three Levels & Quantitative Tools

This standard's signature idea: risk is managed at project, program and portfolio levels — each with a different focus and horizon — and risks cascade and escalate between them. Below: what risk means at each level, plus the quantitative tools that turn uncertainty into numbers.

Visual Map — One Risk Discipline, Three Altitudes

Level	Risk is about…	Primary focus	Horizon	Owner
Portfolio	Strategic objectives & the balance/mix of components; aggregate exposure vs risk capacity	Doing the right mix	Long / strategic	Portfolio governance
Program	Risks between components & their interdependencies; threats to benefits & integration	Coordinated benefits	Medium	Program manager
Project	Risks to scope, schedule, cost, quality of a specific deliverable	Reliable delivery	Short / tactical	Project manager

Escalation & cascade: a project risk beyond the PM's authority escalates up to program or portfolio; strategic decisions and constraints cascade down. Consolidated reporting rolls individual risks into an overall picture at each level.

Expected Monetary Value (EMV)

EMV = Σ (probability × impact) ; impacts are signed (− threat, + opportunity).

• Threat: 20% × (−$500k) = −$100k
• Opportunity: 30% × (+$200k) = +$60k
• Net EMV = −$40k → size the contingency accordingly.

Feed EMVs into a decision tree to choose the option with the best expected value (e.g. build vs buy).

Modelling Overall Risk

• Monte Carlo: simulate thousands of runs → a range & confidence (e.g. P80 cost/finish).
• Sensitivity / tornado: rank which risks swing the outcome most.
• Decision tree: compare options by EMV under uncertainty.
• Outputs justify reserves and feed the cost baseline (EVM).

Probability & Impact Matrix (Qualitative)

Prob ↓ / Impact →	Low	Medium	High
High	Medium	High	High
Medium	Low	Medium	High
Low	Low	Low	Medium

Score = probability × impact → a priority that drives response order & depth.

Exam Concepts

• Portfolio = strategic / aggregate; program = interdependencies & benefits; project = delivery.
• Risk capacity (portfolio) sets the ceiling that appetite sits within.
• Escalate up, cascade down ; aggregate vs individual risk.
• EMV, Monte Carlo & decision trees are quantitative.

Executive View

• Portfolio risk is a strategy & capacity conversation, not a register.
• Consolidated, roll-up reporting gives the board one risk picture.

Industry Example — A Defence Prime

Defence

• Portfolio: balance the mix of bids & live programs against capacity.
• Program: integrate ship + combat system + training so the capability benefit lands.
• Project: deliver the radar subsystem on cost & to spec.

Memory Hooks

• Portfolio = right mix · Program = right benefits · Project = right delivery.
• "Risk rolls up; response rolls down."
• Reserves: contingency = knowns I control; management = unknowns the boss controls.

60-sec Review Risk focus at each level Escalate up vs cascade down Compute a 2-line EMV What Monte Carlo gives you Capacity vs appetite

PMI Visual Wall · Poster 13 · Risk — Three Levels & Quantitative Tools · original instructional design · A3 landscape