ist 302 project risk management
TRANSCRIPT
Microsoft PowerPoint -
11_riskMgmt.pptxWhy Do We Care?
• Helps – Select good projects
– Determine project scope
– Develop realistic estimates
• KPMG study (~2000) – 55% of poor projects did no risk management
11/9/2015
2
Scope 3.45 3.25
Time 3.41 3.03
Cost 3.22 3.20
Quality 3.22 2.88
HR 3.20 2.93
Communications 3.53 3.21
Risk 2.87 2.75
Procurement 3.01 2.91
0%
20%
40%
60%
80%
100%
Percentage of Respondents Citing Benefit
KLCI Research surveyed 260 software organizations in 2001 and several common cited benefits of risk management.
11/9/2015
3
Deciding how to approach and plan the risk management activities
Risk Analysis
Quantitative: Measuring the probability and consequences of risks and estimating their effects
Qualitative: Characterizing and analyzing risks and prioritizing their effects on project objectives
Identifying Risks
Determining which risks are will affect a project and documenting the characteristics of each
Planning Risk Response
Taking steps to enhance opportunities and reduce threats to obtaining project objectives
Risk Monitoring and Control
Project Risk Management Processes
Risk management is like insurance.
A risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on a project.
11/9/2015
4
Risk utility is the amount of satisfaction or pleasure received from a potential payoff.
ut ili
11/9/2015
5
• How will risk management be performed on this project? What tools and data sources are available and applicable?
• Which people are responsible for implementing specific tasks?
• What are the estimated costs and schedules for performing risk- related activities?
• What are the main categories of risk? Is there a risk breakdown structure?
• How will probabilities and imapcts be assessed?
• Have stakeholders’ tolerances changed?
Questions Addressed in a Risk Management Plan
• Creeping user requirements
• Unanticipated acceptance criteria
• Unanticipated integration issues
11/9/2015
6
A risk breakdown structure is useful in identifying potential risks in a categorical way.
Business
Competitors
Suppliers
The Standish Group identified success criterion and relative weights.
11/9/2015
7
Planning to Handle Risks
• Contingency Plans – Predefined actions that the project team will take if an identified risk event occurs
• Fallback Plans – Developed for risks that have a high impact on meeting project objectives
• Contingency Reserves – Provisions held by the project sponsor that can be used to mitigate cost or schedule risk if changes in scope or quality occur
• Market risk – Will the new product be useful to the organization or marketable to
others? Will users accept and use the product or service?
• Financial risk – Can the organization afford to undertake the project? Is this project
the best way to use the company’s financial resources?
• Technology risk: – Is the project technically feasible? Could the technology be obsolete
before a useful product can be produced?
Categories of Risk
• Tools and techniques include
11/9/2015
9
Qualitative Risk Analysis assess the likelihood and impact of identified risks to determine their magnitude and priority
• Tools and techniques include
– Expert judgment
Quantitative Risk Analysis provides formal numerical analysis usually based on the outputs of the qualitative analysis.
11/9/2015
10
Avoidance
Four Strategies
Risk Response Planning defines how the project will respond to risks as they occur.
Technical Risks Cost Risks Schedule Risks
Emphasize team support and avoid standalone project structure
Improve communication, project goals understanding, and team support
Select the project manager most experienced
Increase project manager authority
Increase project manager authority
Improve problem handling and communication
Increase the frequency of project monitoring
Use WBS and CPM
Use WBS and CPM
Use WBS and CPM
• Controlling risks – Involves carrying out the risk management plans
• Workarounds are unplanned responses to risk events that must be done when there are no contingency plans
Results of Good Project Risk Management
• Good project risk management often goes unnoticed
• Wellrun projects appear to be almost effortless
Project managers should strive to make their jobs look easy to reflect the results of wellrun projects
11/9/2015
12
• Probability/Impact matrixes
– Plots the relative probability of a risk occurring vs. the relative impact of the risk occurring
• The Top 10 Risk Item Tracking technique
– Periodic review of the top 10 risk items
• Expert judgment
Simple Probability/Impact Matrix
Risk Prob. Impact Response
Average team member leaves
High Low Ensure plan has contingency to allow for less than expected resource availability
Key team member leaves
Medium Medium Ensure project includes good knowledge sharing and documentation.
Solution doesn’t meet business needs
Low High Ensure sufficient participation of diverse stakeholder base
Insufficient user participation
High Medium Ensure supporting sponsors are aware of the importance of participation.
Significant change in business needs
Medium High Plan project to be agile to respond efficiently to changes.
Technical solution has major flaws
Low High Ensure testing is sufficiently planned and supported. Have fallback plan to rev to previous system.
Technical solution has operational flaws
High Low Ensure processes, resources, and responsibilities for ongoing maintenance are established early.
Examples of Common Risks
Risk Prob. Impact Response
System Failure High Medium Invest in fault tolerant components and redundancy. Ensure disaster recovery plans are established.
Infrastructure sizing inadequate to meet demands
Medium Medium Plan for scalability.
Users fail to use system effectively and efficiently
Medium Medium Plan for a detailed training needs analysis. Consider how to coach and support users after deployment.
Users resist change High High Use change management experts to assess the issues and create a change program.
Examples of Common Risks
11/9/2015
14
A more complex approach is to try to quantify the risk.
• Quantify the probability of failure • Quantify the consequence of failure
• Compute the risk factor:
RF = (PF + CF) – (PF * CF)
RF : Risk Factor PF : probability of failure CF : consequence of failure
Value Maturity HW/SW Complexity HW/SW
Support Base
0.5 Major Change Fairly Complex Several Parallel Programs
0.7 Complex/New Design
0.9 Completely Novel Extremely Complex No additional programs
Sample Categorization: Probability of Failure (PF)
11/9/2015
15
Schedule Factor
Confident Reduce DT
Unconfident On Schedule
Unconfident Reduce DT
Figure 11-3, Schwalbe
• Expected Monetary Value
– Diagramming method used to select a best course of action
– Type of decision tree / probability tree
• Simulation
What’s expected value?
Project 1
Project 2
PW = 0.2
PL = 0.8
P1 = 0.2
P3 = 0.7
Project 1:
Decision trees can get very complex when risks have interdependencies.
How are probabilities computed?
P1
P2
• Helps – Select good projects
– Determine project scope
– Develop realistic estimates
• KPMG study (~2000) – 55% of poor projects did no risk management
11/9/2015
2
Scope 3.45 3.25
Time 3.41 3.03
Cost 3.22 3.20
Quality 3.22 2.88
HR 3.20 2.93
Communications 3.53 3.21
Risk 2.87 2.75
Procurement 3.01 2.91
0%
20%
40%
60%
80%
100%
Percentage of Respondents Citing Benefit
KLCI Research surveyed 260 software organizations in 2001 and several common cited benefits of risk management.
11/9/2015
3
Deciding how to approach and plan the risk management activities
Risk Analysis
Quantitative: Measuring the probability and consequences of risks and estimating their effects
Qualitative: Characterizing and analyzing risks and prioritizing their effects on project objectives
Identifying Risks
Determining which risks are will affect a project and documenting the characteristics of each
Planning Risk Response
Taking steps to enhance opportunities and reduce threats to obtaining project objectives
Risk Monitoring and Control
Project Risk Management Processes
Risk management is like insurance.
A risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on a project.
11/9/2015
4
Risk utility is the amount of satisfaction or pleasure received from a potential payoff.
ut ili
11/9/2015
5
• How will risk management be performed on this project? What tools and data sources are available and applicable?
• Which people are responsible for implementing specific tasks?
• What are the estimated costs and schedules for performing risk- related activities?
• What are the main categories of risk? Is there a risk breakdown structure?
• How will probabilities and imapcts be assessed?
• Have stakeholders’ tolerances changed?
Questions Addressed in a Risk Management Plan
• Creeping user requirements
• Unanticipated acceptance criteria
• Unanticipated integration issues
11/9/2015
6
A risk breakdown structure is useful in identifying potential risks in a categorical way.
Business
Competitors
Suppliers
The Standish Group identified success criterion and relative weights.
11/9/2015
7
Planning to Handle Risks
• Contingency Plans – Predefined actions that the project team will take if an identified risk event occurs
• Fallback Plans – Developed for risks that have a high impact on meeting project objectives
• Contingency Reserves – Provisions held by the project sponsor that can be used to mitigate cost or schedule risk if changes in scope or quality occur
• Market risk – Will the new product be useful to the organization or marketable to
others? Will users accept and use the product or service?
• Financial risk – Can the organization afford to undertake the project? Is this project
the best way to use the company’s financial resources?
• Technology risk: – Is the project technically feasible? Could the technology be obsolete
before a useful product can be produced?
Categories of Risk
• Tools and techniques include
11/9/2015
9
Qualitative Risk Analysis assess the likelihood and impact of identified risks to determine their magnitude and priority
• Tools and techniques include
– Expert judgment
Quantitative Risk Analysis provides formal numerical analysis usually based on the outputs of the qualitative analysis.
11/9/2015
10
Avoidance
Four Strategies
Risk Response Planning defines how the project will respond to risks as they occur.
Technical Risks Cost Risks Schedule Risks
Emphasize team support and avoid standalone project structure
Improve communication, project goals understanding, and team support
Select the project manager most experienced
Increase project manager authority
Increase project manager authority
Improve problem handling and communication
Increase the frequency of project monitoring
Use WBS and CPM
Use WBS and CPM
Use WBS and CPM
• Controlling risks – Involves carrying out the risk management plans
• Workarounds are unplanned responses to risk events that must be done when there are no contingency plans
Results of Good Project Risk Management
• Good project risk management often goes unnoticed
• Wellrun projects appear to be almost effortless
Project managers should strive to make their jobs look easy to reflect the results of wellrun projects
11/9/2015
12
• Probability/Impact matrixes
– Plots the relative probability of a risk occurring vs. the relative impact of the risk occurring
• The Top 10 Risk Item Tracking technique
– Periodic review of the top 10 risk items
• Expert judgment
Simple Probability/Impact Matrix
Risk Prob. Impact Response
Average team member leaves
High Low Ensure plan has contingency to allow for less than expected resource availability
Key team member leaves
Medium Medium Ensure project includes good knowledge sharing and documentation.
Solution doesn’t meet business needs
Low High Ensure sufficient participation of diverse stakeholder base
Insufficient user participation
High Medium Ensure supporting sponsors are aware of the importance of participation.
Significant change in business needs
Medium High Plan project to be agile to respond efficiently to changes.
Technical solution has major flaws
Low High Ensure testing is sufficiently planned and supported. Have fallback plan to rev to previous system.
Technical solution has operational flaws
High Low Ensure processes, resources, and responsibilities for ongoing maintenance are established early.
Examples of Common Risks
Risk Prob. Impact Response
System Failure High Medium Invest in fault tolerant components and redundancy. Ensure disaster recovery plans are established.
Infrastructure sizing inadequate to meet demands
Medium Medium Plan for scalability.
Users fail to use system effectively and efficiently
Medium Medium Plan for a detailed training needs analysis. Consider how to coach and support users after deployment.
Users resist change High High Use change management experts to assess the issues and create a change program.
Examples of Common Risks
11/9/2015
14
A more complex approach is to try to quantify the risk.
• Quantify the probability of failure • Quantify the consequence of failure
• Compute the risk factor:
RF = (PF + CF) – (PF * CF)
RF : Risk Factor PF : probability of failure CF : consequence of failure
Value Maturity HW/SW Complexity HW/SW
Support Base
0.5 Major Change Fairly Complex Several Parallel Programs
0.7 Complex/New Design
0.9 Completely Novel Extremely Complex No additional programs
Sample Categorization: Probability of Failure (PF)
11/9/2015
15
Schedule Factor
Confident Reduce DT
Unconfident On Schedule
Unconfident Reduce DT
Figure 11-3, Schwalbe
• Expected Monetary Value
– Diagramming method used to select a best course of action
– Type of decision tree / probability tree
• Simulation
What’s expected value?
Project 1
Project 2
PW = 0.2
PL = 0.8
P1 = 0.2
P3 = 0.7
Project 1:
Decision trees can get very complex when risks have interdependencies.
How are probabilities computed?
P1
P2