Monitor Risks

Sensei Short Scroll 46 Monitoring & Controlling Process Group

Monitor Risks

Introduction: Why This Matters

Identifying and planning for risks is essential, but risks must also be tracked throughout the project. The Monitor Risks process ensures that risk response plans are implemented, emerging risks are identified, and overall risk exposure is kept within acceptable thresholds. It provides ongoing vigilance so that the project is not blindsided by threats or misses opportunities.

On the PMP exam, this process is often tested through situational questions about trigger conditions, risk audits, updating risk registers, and handling new or residual risks. In practice, continuous risk monitoring improves preparedness, protects baselines, and allows proactive management of uncertainty (Project Management Institute, 2021).

Purpose and Objectives

Primary Purpose: To track identified risks, monitor residual risks, identify new risks, and evaluate the effectiveness of risk responses.

Key Objectives:

  • Ensure planned risk responses are executed.
  • Monitor trigger conditions for contingent responses.
  • Identify new risks as the project evolves.
  • Reassess and update the risk register and risk report.
  • Conduct risk audits to evaluate effectiveness of strategies.
  • Recommend corrective actions and change requests as needed.

Overview

Monitor Risks is a continuous, data driven process that keeps risk management alive throughout the project life cycle. It connects planned responses to actual performance and ensures that risk information stays current.

  • Track: Follow identified risks, triggers, and responses over time.
  • Evaluate: Assess residual risks and the effectiveness of responses using performance data.
  • Discover: Identify and document new risks as conditions change.
  • Improve: Use risk audits and lessons learned to strengthen future risk management activities.

Characteristics

  • Continuous: Performed regularly throughout the project, not as a one time event.
  • Evidence based: Uses work performance data, reports, and trend analysis to guide decisions.
  • Adaptive: Responds to changing conditions by updating risks, responses, and reserves.
  • Collaborative: Involves risk owners, team members, and key stakeholders in reviews and audits.

Inputs, Tools & Techniques, Outputs (ITTOs)

Inputs

  • Risk management plan
  • Risk register
  • Risk report
  • Work performance data
  • Work performance reports
  • Project documents (assumption log, issue log, lessons learned)

Tools & Techniques

  • Data analysis: Variance analysis, trend analysis, technical performance measurement, reserve analysis.
  • Risk audits: Structured assessments of risk process effectiveness.
  • Meetings: Risk review meetings with stakeholders and risk owners.
  • Interpersonal skills: Active listening, facilitation, negotiation.
  • Project management information systems: Dashboards tracking risks and performance.

Outputs

  • Work performance information
  • Change requests
  • Project management plan updates (risk management plan, baselines)
  • Project document updates (risk register, risk report, lessons learned)
  • Updates to organizational process assets (templates, risk data)

Risk Monitoring in Practice

Key Activities:

  • Tracking identified risks
    • Monitor status and trigger conditions.
    • Verify risk owners are implementing responses.
  • Evaluating residual risks
    • Determine whether risks remain after responses.
    • Assess whether additional responses are needed.
  • Identifying new risks
    • Emerging risks uncovered through ongoing analysis.
    • Document and plan responses promptly.
  • Conducting risk audits
    • Review the effectiveness of risk management strategies.
    • Capture lessons learned for continuous improvement.
  • Updating risk register and risk report
    • Record changes in probability, impact, and status.

Practical Example: High-Speed Rail Project

Context: A government is constructing a high-speed rail line.

Monitor Risks activities:

  • Tracking identified risks: Risk of regulatory delays monitored through weekly compliance reviews.
  • Residual risks: Despite mitigation, supply chain risks remain due to global shortages. A new fallback plan is developed.
  • New risks: Political protests are identified as emerging risks.
  • Risk audit: Independent audit finds that contingency reserves are adequate but recommends improving communication of risk triggers.
  • Updates: Risk register updated, and a change request submitted to add additional security measures.

Outcome: The project remains resilient against regulatory, supply chain, and social risks, ensuring stakeholder confidence.

Common Pitfalls

Risk register becomes static

  • Pitfall: Treating it as a one-time document.
  • Prevention: Update continuously with new and residual risks.

Ignoring trigger conditions

  • Pitfall: Contingent responses not activated in time.
  • Prevention: Monitor triggers closely and act immediately.

Weak risk audits

  • Pitfall: Not evaluating effectiveness of responses.
  • Prevention: Conduct formal audits regularly.

Overlooking opportunities

  • Pitfall: Focusing only on threats.
  • Prevention: Monitor and act on positive risks as well.

Sensei Tip : Treat the risk register and risk report as living tools. Build regular risk review checkpoints into your schedule and invite risk owners to report on triggers and responses. The PMP exam rewards answers that show disciplined, ongoing risk monitoring rather than one time updates.

Exam Alert : A common trap is to improvise when a risk event occurs. On the exam, if a trigger condition has fired, you typically implement the predefined response, then update the risk register and lessons learned. Also do not confuse risk audits and risk reviews with planning activities. They belong in Monitor Risks.

Exam Lens

Patterns on the PMP Exam:

  • Situational questions often ask what to do when a risk event occurs. Correct answer: implement the planned response, not improvise.
  • Risk audits are part of Monitor Risks, not Plan Risk Management.
  • The risk register and risk report are updated continuously, not created once and forgotten.
  • Questions may test recognition of trigger conditions for contingent responses and how to act on them.

Sample Question

Question: A project manager observes that a risk trigger condition has occurred. What should the project manager do next?

  1. Create a new risk response plan.
  2. Implement the predefined contingent response.
  3. Escalate immediately to the sponsor.
  4. Close the risk register entry.

Correct Answer: B. Trigger conditions activate contingent responses defined during planning.

Quick Recap Table

Concept Description Exam Watch Point
Monitor Risks Tracks risks and response effectiveness. Continuous activity, not one-time.
Risk Audits Evaluate quality of risk management. Conducted during Monitor Risks.
Residual Risks Remaining risks after responses. Must be tracked and updated.
Trigger Conditions Events that activate contingent responses. Exam often tests “if then” situations.

Key Takeaways

  • Monitor Risks is a continuous process that ensures project resilience.
  • The risk register and risk report must be updated regularly as conditions change.
  • Risk audits evaluate effectiveness and feed lessons into future projects.
  • On the PMP exam, correct answers emphasize executing planned responses and updating documents.
  • In practice, ongoing risk monitoring prevents surprises and maintains stakeholder confidence.

Next Step

With Monitor Risks complete, the next process is Control Procurements, which focuses on managing vendor performance, enforcing contract terms, and resolving procurement issues.

Bibliography

Project Management Institute. (2021). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) (7th ed.). Project Management Institute.

Scroll to Top