Risk Management

Plans, identifies, analyzes, responds to, and controls project risks.

established project management guidelines definition

Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, response implementation, and monitoring risk on a project. The objectives of risk management are to increase the probability and/or impact of positive risks and to decrease the probability and/or impact of negative risks. Work products include the risk management plan and the Risk Register.

Processes in this Knowledge Area

Plan Risk Management

Outputs: risk management plan.

No AI_PM requirements primarily mapped to this process.

Identify Risks

Outputs: risk register, risk report.

No AI_PM requirements primarily mapped to this process.

Perform Qualitative Risk Analysis

Outputs: risk register updates (probability/impact scoring).

No AI_PM requirements primarily mapped to this process.

Perform Quantitative Risk Analysis

Outputs: risk report updates.

No AI_PM requirements primarily mapped to this process.

Plan Risk Responses

Outputs: change requests, PM plan updates, risk register updates with responses.

Implement Risk Responses

Outputs: change requests, project documents updates.

No AI_PM requirements primarily mapped to this process.

Monitor Risks

Outputs: work performance information, change requests, risk register updates.

No AI_PM requirements primarily mapped to this process.

General Knowledge Area support

These requirements support the knowledge area broadly rather than fitting one specific process.

Secondary support

Requirements whose primary KA is elsewhere, but which also support Risk Management.

IDDescriptionPrimary KA
REQ-FUN-072Audit log includes tamper-detection (hash chain or equivalent)Integration Management
REQ-FUN-092Reconciliation report lists drift between AIPM and MAS for requirement, plan, memoryIntegration Management
REQ-FUN-096Global read-only mode controlled by AIPM_READ_ONLY environment variableIntegration Management
REQ-NFR-013Audit log append-only at the DB role levelIntegration Management
REQ-NFR-014Agent delegated scope enforced server-side (not client-side trust)Resource Management
REQ-NFR-066Send-text/poll-output fallback channel rate-limited per agent token (60 send-text/min, 600 poll-output/min default)Communications Management

All requirements primarily mapped to Risk Management (10)

IDDescriptionPrimary Process Group
REQ-FUN-004Store risks with id, project_id, description, probability, impact, owner, response, statusPlanning
REQ-FUN-144Risk Report view (overall risk dashboard)Monitoring & Controlling
REQ-NFR-010All non-localhost traffic over TLS 1.2+Planning
REQ-NFR-011Bearer tokens revocable with configurable expiryMonitoring & Controlling
REQ-NFR-012Passwords (if stored) hashed with modern KDF (Argon2id or bcrypt)Planning
REQ-NFR-030System tolerates single-process restarts without data lossPlanning
REQ-NFR-032Backups schedulable; restore-from-backup produces identical operational statePlanning
REQ-NFR-051Loss of MAS connectivity degrades gracefully (read-only on MAS-canonical entities, queue writes for replay)Executing
REQ-NFR-064PWA service worker MUST NOT cache approval-decision-bearing endpoints — only static shellPlanning
REQ-TRN-002Rollback procedure documented and testedClosing