cathy - risk mngmnt-lecture_w5
TRANSCRIPT
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
1/32
CP3046 - Lecture Week 5Project Risk Management
Ref:KathySchwalbe,ITProjectManagement,Chapter11
1
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
2/32
Learning Objectives
Understand what risk is and the importance of goodproject risk management
Discuss the elements involved in risk managementplanning
List common sources of risks on information
technology projects Describe the risk identification process and tools and
techniques to help identify project risks
2
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
3/32
Learning Objectives
Discuss the qualitative risk analysis process and
explain how to calculate risk factors, use
probability/impact matrixes, the Top Ten Risk ItemTracking technique, and expert judgment to rank risks
Explain the quantify risk analysis process and how to
use decision trees and simulation to quantitative risks
Using software to assist project risk management
3
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
4/32
The Importance of Project Risk
Management Project risk management is the art and science ofidentifying, assigning, and responding to risk
throughout the life of a project and in the best interestsof meeting project objectives
Risk management is often overlooked on projects, but
it can help improve project success by helping selectgood projects, determining project scope, anddeveloping realistic estimates
A study by Ibbs and Kwak show how risk managementis neglected, especially on IT projects
4
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
5/32
Project Management Maturity by Industry
Group and Knowledge Area
5
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
6/32
What is Risk?
A dictionary definition of risk is the
possibility of loss or injury Project risk involves understanding
potential problems that might occur on theproject and how they might impede projectsuccess
Risk management is like a form ofinsurance; it is an investment
6
Ri k U ili
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
7/32
Risk Utility
Risk utility or risk tolerance is the amount ofsatisfaction or pleasure received from a
potential payoff Utility rises at a decreasing rate for a person who
is risk-averse
Those who are risk-seeking have a highertolerance for risk and their satisfaction increaseswhen more payoff is at stake
The risk-neutral approach achieves a balancebetween risk and payoff
7
Ri k Utilit F ti d Ri k
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
8/32
Risk Utility Function and Risk
Preference
8
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
9/32
What is Project Risk Management?
The goal of project risk management is to minimize potential riskswhile maximizing potential opportunities. Major processes include
Risk management planning: deciding how to approach andplan the risk management activities for the project
Risk identification: determining which risks are likely to affecta project and documenting their characteristics
Qualitative risk analysis: characterizing and analyzing risks and
prioritizing their effects on project objectives Quantitative risk analysis: measuring the probability and
consequences of risks
Risk response planning: taking steps to enhance opportunitiesand reduce threats to meeting project objectives
Risk monitoring and control: monitoring known risks,identifying new risks, reducing risks, and evaluating theeffectiveness of risk reduction
9
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
10/32
Risk Management Planning
The main output of risk management planning is
a risk management plan The project team should review project
documents and understand the organizations
and the sponsors approach to risk
The level of detail will vary with the needs of
the project
10
Q ti Add d i Ri k
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
11/32
Questions Addressed in a Risk
Management Plan
11
Contingenc and Fallback Plans
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
12/32
Contingency and Fallback Plans,
Contingency Reserves
Contingency plans are predefined actions that
the project team will take if an identified riskevent occurs
Fallback plans are developed for risks that have
a high impact on meeting project objectives Contingency reserves or allowances are
provisions held by the project sponsor that canbe used to mitigate cost or schedule risk ifchanges in scope or quality occur
12
I f ti T h l S
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
13/32
Information Technology Success
Potential Scoring SheetSuccess Criterion Points
User Involvement 19
Executive Management support 16Clear Statement of Requirements 15
Proper Planning 11
Realistic Expectations 10Smaller Project Milestones 9
Competent Staff 8
Ownership 6Clear Visions and Objectives 3
Hard-Working, Focused Staff 3
Total 100
13
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
14/32
Other Categories of Risk
Market risk: Will the new product be usefulto the organization or marketable to others?
Will users accept and use the product orservice?
Financial risk: Can the organization afford toundertake the project? Is this project the bestway to use the companys financial resources?
Technology risk: Is the project technicallyfeasible? Could the technology be obsoletebefore a useful product can be produced?
14
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
15/32
Risk Identification
Risk identification is the process of
understanding what potential unsatisfactoryoutcomes are associated with a particular project
15
P t ti l Ri k C diti A i t d
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
16/32
Potential Risk Conditions Associated
with Each Knowledge AreaKnowledge Area Risk Conditions
Integration Inadequate planning; poor resource allocation; poor integration
management; lack of post-project review
Scope Poor definition of scope or work packages; incomplete definition
of quality requirements; inadequate scope control
Time Errors in estimating time or resource availability; poor allocation
and management of float; early release of competitive products
Cost Estimating errors; inadequate productivity, cost, change, or
contingency control; poor maintenance, security, purchasing, etc.
Quality Poor attitude toward quality; substandarddesign/materials/workmanship; inadequate quality assurance
program
Human Resources Poor conflict management; poor project organization and
definition of responsibilities; absence of leadership
Communications Carelessness in planning or communicating; lack of consultation
with key stakeholders
Risk Ignoring risk; unclear assignment of risk; poor insurance
managementProcurement Unenforceable conditions or contract clauses; adversarial relations
16
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
17/32
Quantitative Risk Analysis
Assess the likelihood and impact of
identified risks to determine their magnitude
and priority
Risk quantification tools and techniques
include Probability/Impact matrixes
The Top 10 Risk Item Tracking technique
Expert judgment
17
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
18/32
Sample Probability/Impact Matrix
18
Chart Showing High Medium and
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
19/32
Chart Showing High-, Medium-, and
Low-Risk Technologies
19
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
20/32
Top 10 Risk Item Tracking
Top 10 Risk Item Tracking is a tool for
maintaining an awareness of risk throughout
the life of a project Establish a periodic review of the top 10
project risk items List the current ranking, previous ranking,
number of times the risk appears on the list
over a period of time, and a summary of
progress made in resolving the risk item
20
Example of Top 10 Risk Item
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
21/32
Example of Top 10 Risk Item
TrackingMonthly Ranking
Risk Item This
Month
Last
Month
Number
of Months
Risk Resolution
Progress
Inadequate
planning
1 2 4 Working on revising the
entire project plan
Poor definition
of scope
2 3 3 Holding meetings with
project customer and
sponsor to clarify scope
Absence of
leadership
3 1 2 Just assigned a new
project manager to lead
the project after old one
quit
Poor costestimates
4 4 3 Revising cost estimates
Poor time
estimates
5 5 3 Revising schedule
estimates
21
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
22/32
Expert Judgment
Many organizations rely on the intuitive feelings
and past experience of experts to help identifypotential project risks
Experts can categorize risks as high, medium, or
low with or without more sophisticated
techniques
22
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
23/32
Quantitative Risk Analysis
Often follows qualitative risk analysis, but both
can be done together or separately Large, complex projects involving leading edge
technologies often require extensive quantitative
risk analysis
Main techniques include
decision tree analysis
simulation
23
Decision Trees and Expected
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
24/32
Decision Trees and Expected
Monetary Value (EMV)
A decision tree is a diagramming method used
to help you select the best course of action insituations in which future outcomes are
uncertain
EMV is a type of decision tree where you
calculate the expected monetary value of a
decision based on its risk event probability andmonetary value
24
Expected Monetary Value (EMV)
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
25/32
Expected Monetary Value (EMV)
Example
25
Si l i
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
26/32
Simulation
Simulation uses a representation or model of asystem to analyze the expected behavior or
performance of the system Monte Carlo analysis simulates a models
outcome many times to provide a statistical
distribution of the calculated results To use a Monte Carlo simulation, you must
have three estimates (most likely, pessimistic,and optimistic) plus an estimate of thelikelihood of the estimate being between the
optimistic and most likely values26
Sample Monte Carlo Simulation Results
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
27/32
Sample Monte Carlo Simulation Results
for Project Schedule
27
Sample Monte Carlo Simulations Results
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
28/32
Sample Monte Carlo Simulations Results
for Project Costs
28
Ri k R Pl i
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
29/32
Risk Response Planning
After identifying and quantifying risks, youmust decide how to respond to them
Four main strategies: Risk avoidance: eliminating a specific threat or
risk, usually by eliminating its causes
Risk acceptance: accepting the consequencesshould a risk occur
Risk transference: shifting the consequence of a
risk and responsibility for its management to a thirdparty
Risk mitigation: reducing the impact of a risk eventby reducing the probability of its occurrence
29
Ri k M it i d C t l
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
30/32
Risk Monitoring and Control
Monitoring risks involves knowing their status
Controlling risks involves carrying out the riskmanagement plans as risks occur
Workarounds are unplanned responses to risk
events that must be done when there are nocontingency plans
The main outputs of risk monitoring and controlare corrective action, project change requests,and updates to other plans
30
Ri k R C t l
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
31/32
Risk Response Control
Risk response control involves executing the risk
management processes and the risk management
plan to respond to risk events Risks must be monitored based on defined
milestones and decisions made regarding risksand mitigation strategies
Sometimes workarounds or unplanned responses
to risk events are needed when there are no
contingency plans
31
Using Software to Assist in
-
8/9/2019 Cathy - Risk Mngmnt-lecture_w5
32/32
gProject Risk Management
Databases can keep track of risks. Many IT
departments have issue tracking databases Spreadsheets can aid in tracking and quantifying
risks
More sophisticated risk management software,
such as Monte Carlo simulation tools, help in
analyzing project risks
32