cathy - risk mngmnt-lecture_w5

8/9/2019 Cathy - Risk Mngmnt-lecture_w5

1/32

CP3046 - Lecture Week 5Project Risk Management

Ref:KathySchwalbe,ITProjectManagement,Chapter11

1


2/32

Learning Objectives

Understand what risk is and the importance of goodproject risk management

Discuss the elements involved in risk managementplanning

List common sources of risks on information

technology projects Describe the risk identification process and tools and

techniques to help identify project risks

2


3/32

Learning Objectives

Discuss the qualitative risk analysis process and

explain how to calculate risk factors, use

probability/impact matrixes, the Top Ten Risk ItemTracking technique, and expert judgment to rank risks

Explain the quantify risk analysis process and how to

use decision trees and simulation to quantitative risks

Using software to assist project risk management

3


4/32

The Importance of Project Risk

Management Project risk management is the art and science ofidentifying, assigning, and responding to risk

throughout the life of a project and in the best interestsof meeting project objectives

Risk management is often overlooked on projects, but

it can help improve project success by helping selectgood projects, determining project scope, anddeveloping realistic estimates

A study by Ibbs and Kwak show how risk managementis neglected, especially on IT projects

4


5/32

Project Management Maturity by Industry

Group and Knowledge Area

5


6/32

What is Risk?

A dictionary definition of risk is the

possibility of loss or injury Project risk involves understanding

potential problems that might occur on theproject and how they might impede projectsuccess

Risk management is like a form ofinsurance; it is an investment

6

Ri k U ili


7/32

Risk Utility

Risk utility or risk tolerance is the amount ofsatisfaction or pleasure received from a

potential payoff Utility rises at a decreasing rate for a person who

is risk-averse

Those who are risk-seeking have a highertolerance for risk and their satisfaction increaseswhen more payoff is at stake

The risk-neutral approach achieves a balancebetween risk and payoff

7

Ri k Utilit F ti d Ri k


8/32

Risk Utility Function and Risk

Preference

8


9/32

What is Project Risk Management?

The goal of project risk management is to minimize potential riskswhile maximizing potential opportunities. Major processes include

Risk management planning: deciding how to approach andplan the risk management activities for the project

Risk identification: determining which risks are likely to affecta project and documenting their characteristics

Qualitative risk analysis: characterizing and analyzing risks and

prioritizing their effects on project objectives Quantitative risk analysis: measuring the probability and

consequences of risks

Risk response planning: taking steps to enhance opportunitiesand reduce threats to meeting project objectives

Risk monitoring and control: monitoring known risks,identifying new risks, reducing risks, and evaluating theeffectiveness of risk reduction

9


10/32

Risk Management Planning

The main output of risk management planning is

a risk management plan The project team should review project

documents and understand the organizations

and the sponsors approach to risk

The level of detail will vary with the needs of

the project

10

Q ti Add d i Ri k


11/32

Questions Addressed in a Risk

Management Plan

11

Contingenc and Fallback Plans


12/32

Contingency and Fallback Plans,

Contingency Reserves

Contingency plans are predefined actions that

the project team will take if an identified riskevent occurs

Fallback plans are developed for risks that have

a high impact on meeting project objectives Contingency reserves or allowances are

provisions held by the project sponsor that canbe used to mitigate cost or schedule risk ifchanges in scope or quality occur

12

I f ti T h l S


13/32

Information Technology Success

Potential Scoring SheetSuccess Criterion Points

User Involvement 19

Executive Management support 16Clear Statement of Requirements 15

Proper Planning 11

Realistic Expectations 10Smaller Project Milestones 9

Competent Staff 8

Ownership 6Clear Visions and Objectives 3

Hard-Working, Focused Staff 3

Total 100

13


14/32

Other Categories of Risk

Market risk: Will the new product be usefulto the organization or marketable to others?

Will users accept and use the product orservice?

Financial risk: Can the organization afford toundertake the project? Is this project the bestway to use the companys financial resources?

Technology risk: Is the project technicallyfeasible? Could the technology be obsoletebefore a useful product can be produced?

14


15/32

Risk Identification

Risk identification is the process of

understanding what potential unsatisfactoryoutcomes are associated with a particular project

15

P t ti l Ri k C diti A i t d


16/32

Potential Risk Conditions Associated

with Each Knowledge AreaKnowledge Area Risk Conditions

Integration Inadequate planning; poor resource allocation; poor integration

management; lack of post-project review

Scope Poor definition of scope or work packages; incomplete definition

of quality requirements; inadequate scope control

Time Errors in estimating time or resource availability; poor allocation

and management of float; early release of competitive products

Cost Estimating errors; inadequate productivity, cost, change, or

contingency control; poor maintenance, security, purchasing, etc.

Quality Poor attitude toward quality; substandarddesign/materials/workmanship; inadequate quality assurance

program

Human Resources Poor conflict management; poor project organization and

definition of responsibilities; absence of leadership

Communications Carelessness in planning or communicating; lack of consultation

with key stakeholders

Risk Ignoring risk; unclear assignment of risk; poor insurance

managementProcurement Unenforceable conditions or contract clauses; adversarial relations

16


17/32

Quantitative Risk Analysis

Assess the likelihood and impact of

identified risks to determine their magnitude

and priority

Risk quantification tools and techniques

include Probability/Impact matrixes

The Top 10 Risk Item Tracking technique

Expert judgment

17


18/32

Sample Probability/Impact Matrix

18

Chart Showing High Medium and


19/32

Chart Showing High-, Medium-, and

Low-Risk Technologies

19


20/32

Top 10 Risk Item Tracking

Top 10 Risk Item Tracking is a tool for

maintaining an awareness of risk throughout

the life of a project Establish a periodic review of the top 10

project risk items List the current ranking, previous ranking,

number of times the risk appears on the list

over a period of time, and a summary of

progress made in resolving the risk item

20

Example of Top 10 Risk Item


21/32

Example of Top 10 Risk Item

TrackingMonthly Ranking

Risk Item This

Month

Last

Month

Number

of Months

Risk Resolution

Progress

Inadequate

planning

1 2 4 Working on revising the

entire project plan

Poor definition

of scope

2 3 3 Holding meetings with

project customer and

sponsor to clarify scope

Absence of

leadership

3 1 2 Just assigned a new

project manager to lead

the project after old one

quit

Poor costestimates

4 4 3 Revising cost estimates

Poor time

estimates

5 5 3 Revising schedule

estimates

21


22/32

Expert Judgment

Many organizations rely on the intuitive feelings

and past experience of experts to help identifypotential project risks

Experts can categorize risks as high, medium, or

low with or without more sophisticated

techniques

22


23/32

Quantitative Risk Analysis

Often follows qualitative risk analysis, but both

can be done together or separately Large, complex projects involving leading edge

technologies often require extensive quantitative

risk analysis

Main techniques include

decision tree analysis

simulation

23

Decision Trees and Expected


24/32

Decision Trees and Expected

Monetary Value (EMV)

A decision tree is a diagramming method used

to help you select the best course of action insituations in which future outcomes are

uncertain

EMV is a type of decision tree where you

calculate the expected monetary value of a

decision based on its risk event probability andmonetary value

24

Expected Monetary Value (EMV)


25/32

Expected Monetary Value (EMV)

Example

25

Si l i


26/32

Simulation

Simulation uses a representation or model of asystem to analyze the expected behavior or

performance of the system Monte Carlo analysis simulates a models

outcome many times to provide a statistical

distribution of the calculated results To use a Monte Carlo simulation, you must

have three estimates (most likely, pessimistic,and optimistic) plus an estimate of thelikelihood of the estimate being between the

optimistic and most likely values26

Sample Monte Carlo Simulation Results


27/32

Sample Monte Carlo Simulation Results

for Project Schedule

27

Sample Monte Carlo Simulations Results


28/32

Sample Monte Carlo Simulations Results

for Project Costs

28

Ri k R Pl i


29/32

Risk Response Planning

After identifying and quantifying risks, youmust decide how to respond to them

Four main strategies: Risk avoidance: eliminating a specific threat or

risk, usually by eliminating its causes

Risk acceptance: accepting the consequencesshould a risk occur

Risk transference: shifting the consequence of a

risk and responsibility for its management to a thirdparty

Risk mitigation: reducing the impact of a risk eventby reducing the probability of its occurrence

29

Ri k M it i d C t l


30/32

Risk Monitoring and Control

Monitoring risks involves knowing their status

Controlling risks involves carrying out the riskmanagement plans as risks occur

Workarounds are unplanned responses to risk

events that must be done when there are nocontingency plans

The main outputs of risk monitoring and controlare corrective action, project change requests,and updates to other plans

30

Ri k R C t l


31/32

Risk Response Control

Risk response control involves executing the risk

management processes and the risk management

plan to respond to risk events Risks must be monitored based on defined

milestones and decisions made regarding risksand mitigation strategies

Sometimes workarounds or unplanned responses

to risk events are needed when there are no

contingency plans

31

Using Software to Assist in


32/32

gProject Risk Management

Databases can keep track of risks. Many IT

departments have issue tracking databases Spreadsheets can aid in tracking and quantifying

risks

More sophisticated risk management software,

such as Monte Carlo simulation tools, help in

analyzing project risks

32

cathy - risk mngmnt-lecture_w5

Documents