Risk Monitoring and Reporting

(OBJ 5.2)

Process of
- Tracking identified risks
- Monitoring residual risks
- Identifying new risks
- Evaluating risk response plans
- Evaluating their effectiveness throughout the project lifecycle
Involves ongoing tracking of risks and their response actions
Example:
- A company might use Project Management Software to track risks, regularly reviewing the software to identify any changes in the risk landscape.
Helps determine Residual Risk and Control Risk
- Residual Risk
  - The likelihood and impact of the risk after mitigation, transference, or acceptance measures have been taken on the initial risk
- Control Risk
  - Assessment of how a security measure has lost effectiveness over time
  - Example:
    - Anti-virus software that was initially very good at detecting malware using specific identifiers known as signatures. However, as hackers begin to hide their code, the antivirus became less successful over time.

Communicating information about risk management activities to stakeholders
Includes results of risk identification, assessment, response, and monitoring
Often presented in the form of a risk report
- Might contain information about potential safety hazards, the likelihood of project delays, and the potential financial impact of these risks.
This report will be shared with project managers, company executives, and potentially the client to keep them informed about the risk landscape and the actions being taken to manage these risks.

Informed decision making
- Offer insights for informed decisions on resource allocation, project timelines, and strategic planning
Risk mitigation
- Recognize when a risk is escalating so it can be mitigated before becoming an issue
  - Either a risk is becoming more likely or its potential impact is increasing
Stakeholder communication
- Assist in setting expectations and showing effective risk management
Regulatory compliance
- Demonstrate compliance with these regulations