Outline the list of key risk management activities (e.g., who, what, when, where, how)

It requires thorough knowledge of the related aspects involved. These activities have different steps to ensure that project risks are effectively identified, assessed, planned for, and controlled.

1. Establishing Risk Management Context:

• The who: Project manager or Risk Manager.
• The what: Determining the strategic and operational context in which the rest of the process will take place. Setting risk parameters and objectives.
• The when: Performed at the initiation phase of a project.
• The where: Mainly in project meetings, project charter discussions, and strategy sessions.
• The how: This involves the use of stakeholder analysis, current situation analysis, and risk appetite statements, among other tools.

2. Identify Risks:

• The who: Entire project team.
• The what: Systematic identification of potential risks that could impact the project.
• The when: Throughout the project lifecycle, but intensively at the project initiation and planning phases.
• The where: Happens at the project site or in team meetings.
• The how: Risk identification techniques such as brainstorming, Delphi technique, SWOT analysis, expert interviews, etc.

3. Risk Analysis:

• The who: Risk management specialists or the project team members with risk management skills.
• The what: Evaluating the likelihood and impact of identified risks.
• The when: During the planning process and when new risks are identified.
• The where: In risk management meetings, or risk analysis sessions.
• The how: Using qualitative and quantitative risk analysis techniques like Probability and Impact Matrix, Monte Carlo Simulations etc.

4. Risk Response Planning:

• The who: The project manager with the involvement of the whole project team.
• The what: Developing strategies to reduce negative risks (threats) and enhance positives ones (opportunities)
• The when: After risk analysis, and updated throughout the project lifecycle.
• The where: Within project team meetings and stakeholder engagement sessions.
• The how: This involves risk response strategies such as avoidance, transfer, mitigate, accept, exploit, enhance and share depending on whether the risk is a threat or opportunity.

5. Risk Monitoring and Control:

• The who: The project manager, risk owner, and project control team.
• The what: Involves tracking identified risks, monitoring residual risks, identifying new risks, executing risk response plans and evaluating their effectiveness throughout the project life cycle.
• The when: Throughout the project life cycle from start to end.
• The where: Part of regular reporting and project meetings this can be done on-site or virtually.
• The how: Using risk audits, technical performance measurement, reserve analysis, status meetings among other methods.

Implementing the above steps is pivotal in risk management as each step reveals the proper strategy to be used. It is important to articulate these steps alongside the PMI-RMP to understand the entire risk control structure and process.

Using this framework in combination with the guide provided by PMI-RMP will allow any project or risk manager to navigate risk effectively. It will result in more successful projects with fewer surprises, ultimately increasing an organization’s performance level and its ability to fulfill the project objectives.