The risk manager should first check the risk register for proper risk classification, probability, and impact (C), as these are essential components of an effective risk management process. Next, the risk manager should ensure that the risk origin, triggering events, and ownership are identified (D), as this information helps in assigning responsibilities and taking appropriate actions for each risk. References to these steps can be found in the Project Management Institute's (PMI) A Guide to the Project Management Body of Knowledge (PMBOK Guide), Sixth Edition.
The risk manager should check for risk classification and that probability and impact are identified, as these are essential elements of a risk register. Risk classification helps to group risks into categories based on their sources, types, or impacts, which can facilitate risk analysis and response planning. Probability and impact are the two dimensions of risk assessment, which help to measure the likelihood and severity of a risk event, and to prioritize risks based on their significance. The risk manager should also check to ensure that risk origin, triggering event, and ownership is identified, as these are also important components of a risk register. Risk origin refers to the root cause or source of a risk, which can help to understand the nature and characteristics of a risk, and to devise effective risk responses. Triggering event is a specific occurrence or condition that indicates that a risk event has occurred or is about to occur, which can help to monitor and control risks. Ownership is the assignment of a risk to a person or a group who is responsible for managing the risk, which can help to ensure accountability and communication. The risk manager should not check to ensure that the risk is supported by a Monte Carlo simul-ation, as this is not a mandatory or universal requirement for a risk register. Monte Carlo simul-ation is a quantitative risk analysis technique that uses computer-generated random scenarios to model the possible outcomes of a project, based on the probability distributions of the input variables. While this technique can provide useful information about the overall project risk exposure and the probability of achieving project objectives, it is not a necessary or sufficient condition for an effective risk register. The risk manager should not check to ensure that the risks are gathered using Delphi technique, as this is also not a compulsory or exclusive requirement for a risk register. Delphi technique is a qualitative risk identification technique that uses a panel of experts to anonymously provide their opinions on potential risks, which are then aggregated and refined through a series of rounds until a consensus is reached. While this technique can help to elicit expert judgment and reduce bias, it is not the only or the best way to identify risks. The risk manager should not check to ensure the risk meeting agenda and supporting documents are distributed, as this is not a relevant or appropriate action for analyzing the effectiveness of a risk register. The risk meeting agenda and supporting documents are part of the risk management plan, which describes how the project team will conduct risk management activities, such as identifying, analyzing, responding, and monitoring risks. The risk meeting agenda and supporting documents are useful for planning and conducting risk meetings, but they are not part of the risk register, which is the output of the risk identification process and the input for the risk analysis and response processes. References: PMI. (2017). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Sixth Edition. Chapter 11: Project Risk Management, pp. 395-454. 5
