Browse Skills

PMBOK Risk Management

    Get Started with This Skill

    Overview

    The PMBOK Risk Management skill supports the elaboration of documents for the Risk Management knowledge area — planning, identifying, analyzing, response planning, response implementation, and monitoring risk on a project. It covers risk management plans defining methodology, roles, and funding for risk activities; risk registers using the structured “cause → risk → effect” statement format; probability-impact matrices with defined scales; risk breakdown structures; quantitative risk analysis reports using Expected Monetary Value (EMV), sensitivity analysis (tornado diagrams), and Monte Carlo simulation descriptions; risk response plans with strategies for both threats and opportunities; and risk monitoring reports tracking trigger watch lists, response effectiveness, and reserve consumption.

    Getting Started

    Upload your project charter, scope statement, or preliminary risk list to the workspace and activate the PMBOK Risk Management skill. The agent will ask about organizational risk appetite, relevant risk categories, and whether quantitative analysis is needed. It then identifies risks using the cause-risk-effect format, scores them against a defined probability-impact matrix, and develops response strategies with named owners, triggers, and contingency plans.


    Example Conversation

    Below is an example of a typical session building a risk register and response plan for an infrastructure project. The agent identifies risks, scores them, and proposes response strategies.

    You: We’re building a new data center — 18-month construction project, $28M budget. I need a risk register with at least the top risks identified and scored, plus response plans for the high-priority ones. Main concerns: supply chain delays for electrical equipment, permitting timeline, concrete supplier reliability, and cybersecurity for the building management system.

    Agent: I’ll build the risk register with probability-impact scoring. First, let me confirm the scales:

    • Probability: 5-level scale (Very Low < 10%, Low 10–30%, Medium 30–50%, High 50–70%, Very High > 70%)
    • Impact: 5-level scale on cost and schedule objectives (Very Low through Very High)
    • Score: P × I, classified as Low (1–4), Medium (5–9), High (10–15), Very High (16–25)

    Does this align with your organization’s risk framework, or do you use different scales?

    You: Those scales work. Please also include some risks I might be missing — we want a comprehensive register.

    Agent: I’ve identified 14 risks across 4 RBS categories (Technical, External, Organizational, Project Management). Here’s the summary:

    • Very High (16–25): 2 risks — supply chain delays for switchgear/transformers (lead times currently 40–52 weeks), and permitting delays due to environmental review
    • High (10–15): 4 risks — concrete supplier single-source dependency, cybersecurity vulnerabilities in BMS, skilled labor shortage in the region, and weather delays during foundation phase
    • Medium (5–9): 5 risks — including scope creep from tenant requirements, utility connection delays, and commissioning complexity
    • Low (1–4): 3 risks — including currency fluctuation on imported equipment

    For the 6 Very High and High risks, I’ve developed full response plans with strategies (avoid, mitigate, transfer), specific actions, triggers, residual risk, and contingency plans. The response plan for the supply chain risk recommends a dual-source strategy with early procurement — placing orders 14 months before installation. Based on the risk analysis, I recommend a contingency reserve of $2.8M (10% of BAC) to cover the top risks.


    Document Excerpt

    Below is a representative excerpt from a risk register with response plan drafted with the skill.


    Risk Register — Excerpt

    Project: Metro East Data Center Construction Budget (BAC): $28,000,000 | Duration: 18 months


    Probability-Impact Matrix (Reference)

    Very Low (1)Low (2)Medium (3)High (4)Very High (5)
    Very High (5)510152025
    High (4)48121620
    Medium (3)3691215
    Low (2)246810
    Very Low (1)12345

    Top Risks

    Risk IDRisk Statement (Cause → Risk → Effect)PIScorePriorityOwner
    R-01Because of global semiconductor shortages and 40–52 week lead times, delivery of medium-voltage switchgear and transformers may be delayed by 3–6 months, leading to a critical-path delay of the electrical installation phase and potential $1.2M–$2.4M in idle labor costs.4520Very HighProcurement Mgr
    R-02Because of newly enacted wetland buffer regulations, the environmental review for the site permit may take 4–8 weeks longer than planned, leading to a delay in foundation work and a cascade to the overall schedule.4416Very HighProject Director
    R-03Because we rely on a single concrete supplier (MegaCrete Inc.) with no contractual volume guarantee, concrete delivery may be interrupted if the supplier prioritizes larger contracts, leading to foundation and structural delays of 2–4 weeks.3412HighConstruction Mgr
    R-04Because the building management system (BMS) uses IP-connected controllers, a cybersecurity vulnerability may be exploited during commissioning when temporary network access is granted, leading to unauthorized control of HVAC/fire suppression and potential safety incident.3412HighIT Security Lead

    Risk Response Plan (Top Risks)

    Risk IDStrategyResponse ActionsTriggerContingency Plan
    R-01Mitigate(1) Place purchase orders for switchgear/transformers immediately (14 months before install). (2) Pre-qualify alternate supplier (ABB as backup to Siemens). (3) Include liquidated damages clause for late delivery.Supplier confirms delivery date > 2 months past planActivate alternate supplier. Re-sequence non-critical electrical work. Deploy temporary power for commissioning. Budget impact: $400K contingency allocated.
    R-02Mitigate(1) Engage environmental consultant in Month 1 for pre-assessment. (2) Submit permit application with wetland mitigation plan proactively. (3) Schedule community stakeholder meeting early.Environmental review extends beyond 6 weeksFast-track foundation work in non-restricted zones. Parallel-path interior design. Budget impact: $200K contingency allocated.
    R-03Avoid(1) Contract with 2 concrete suppliers (MegaCrete + regional backup). (2) Include minimum volume commitment in both contracts. (3) Maintain 1-week buffer stock at site.Primary supplier misses 2 consecutive deliveriesActivate secondary supplier at pre-negotiated rates. Adjust pour schedule to available supply.
    R-04Mitigate(1) Require BMS vendor to perform penetration testing before commissioning. (2) Implement network segmentation — BMS on isolated VLAN. (3) Temporary commissioning network uses VPN-only access.Vulnerability scan during commissioning reveals critical findingHalt BMS network connectivity. Revert to manual controls for commissioning period. Engage incident response team.

    This excerpt is illustrative. Final content must reflect the specific project’s risks, organizational risk appetite, and current market conditions.

    Ready to let your expertise drive the workflow?

    Stop wrestling with rigid templates and complex tooling. Write your process in markdown, let the agent handle the rest.

    Get Started