Risk Management
Plans, identifies, analyzes, responds to, and controls project risks.
established project management guidelines definition
Project Risk Management includes the processes of conducting risk management planning, identification, analysis, response planning, response implementation, and monitoring risk on a project. The objectives of risk management are to increase the probability and/or impact of positive risks and to decrease the probability and/or impact of negative risks. Work products include the risk management plan and the Risk Register.
Processes in this Knowledge Area
Plan Risk Management
Outputs: risk management plan.
No AI_PM requirements primarily mapped to this process.
Identify Risks
Outputs: risk register, risk report.
No AI_PM requirements primarily mapped to this process.
Perform Qualitative Risk Analysis
Outputs: risk register updates (probability/impact scoring).
No AI_PM requirements primarily mapped to this process.
Perform Quantitative Risk Analysis
Outputs: risk report updates.
No AI_PM requirements primarily mapped to this process.
Plan Risk Responses
Outputs: change requests, PM plan updates, risk register updates with responses.
REQ-NFR-010— All non-localhost traffic over TLS 1.2+REQ-NFR-012— Passwords (if stored) hashed with modern KDF (Argon2id or bcrypt)REQ-NFR-030— System tolerates single-process restarts without data lossREQ-NFR-032— Backups schedulable; restore-from-backup produces identical operational stateREQ-NFR-051— Loss of MAS connectivity degrades gracefully (read-only on MAS-canonical entities, queue writes for replay)REQ-NFR-064— PWA service worker MUST NOT cache approval-decision-bearing endpoints — only static shellREQ-TRN-002— Rollback procedure documented and tested
Implement Risk Responses
Outputs: change requests, project documents updates.
No AI_PM requirements primarily mapped to this process.
Monitor Risks
Outputs: work performance information, change requests, risk register updates.
No AI_PM requirements primarily mapped to this process.
General Knowledge Area support
These requirements support the knowledge area broadly rather than fitting one specific process.
REQ-FUN-004— Store risks with id, project_id, description, probability, impact, owner, response, statusREQ-NFR-011— Bearer tokens revocable with configurable expiry
Secondary support
Requirements whose primary KA is elsewhere, but which also support Risk Management.
| ID | Description | Primary KA |
|---|---|---|
| REQ-FUN-072 | Audit log includes tamper-detection (hash chain or equivalent) | Integration Management |
| REQ-FUN-092 | Reconciliation report lists drift between AIPM and MAS for requirement, plan, memory | Integration Management |
| REQ-FUN-096 | Global read-only mode controlled by AIPM_READ_ONLY environment variable | Integration Management |
| REQ-NFR-013 | Audit log append-only at the DB role level | Integration Management |
| REQ-NFR-014 | Agent delegated scope enforced server-side (not client-side trust) | Resource Management |
| REQ-NFR-066 | Send-text/poll-output fallback channel rate-limited per agent token (60 send-text/min, 600 poll-output/min default) | Communications Management |
All requirements primarily mapped to Risk Management (10)
| ID | Description | Primary Process Group |
|---|---|---|
| REQ-FUN-004 | Store risks with id, project_id, description, probability, impact, owner, response, status | Planning |
| REQ-FUN-144 | Risk Report view (overall risk dashboard) | Monitoring & Controlling |
| REQ-NFR-010 | All non-localhost traffic over TLS 1.2+ | Planning |
| REQ-NFR-011 | Bearer tokens revocable with configurable expiry | Monitoring & Controlling |
| REQ-NFR-012 | Passwords (if stored) hashed with modern KDF (Argon2id or bcrypt) | Planning |
| REQ-NFR-030 | System tolerates single-process restarts without data loss | Planning |
| REQ-NFR-032 | Backups schedulable; restore-from-backup produces identical operational state | Planning |
| REQ-NFR-051 | Loss of MAS connectivity degrades gracefully (read-only on MAS-canonical entities, queue writes for replay) | Executing |
| REQ-NFR-064 | PWA service worker MUST NOT cache approval-decision-bearing endpoints — only static shell | Planning |
| REQ-TRN-002 | Rollback procedure documented and tested | Closing |