Post on 21-Dec-2015
Project Risk
• “…an uncertain event or condition that, if it occurs, has a positive or a negative effect on a project objective.”
Information Systems Associated Risks
• Technology and project management related– Positive
• Availability of new project management tools
– Negative• Rate of change in technologies
– Upgrades and new releases
• Assumptions computer-generated output is always correct
• Formation of teams
Risk & Project Life Cycle
• Initiation stage– Identification and selection of specific projects
• Inside or outside of organization’s core competencies
• Planning stage– Procurement
• Unreliability of new technology delivery timeframe
• Development of accurate project schedule
• Execution stage– Missed scheduled delivery date
– Technology upgrades
• Control stage– Implementation of risk plan
– Modification of project schedule
• Closing stage– Acceptance of project as finished
Risk & Project Life Cycle (cont.)
Project Risk Examples
• New or different project management methodologies
• Different: – Cultures
– Organization structures
– Human resources
General Categories of Project Risk
• Ongoing changes to technology/materials
• Finding, assigning, and retaining skilled personnel
• Gaining user acceptance
• Choosing the correct development methodology
• Choosing correct manufacturing tools/materials
Outsourcing / Offshoring• Positives:– Expanded skill set availability
– Cheaper labor
– Reduced requirements for non-core competencies
• Negatives:– Internal resistance
• Possible solutions to reduce risk:
– Ensure strong upper management support– Select the right personnel– Involve managers early in the outsourcing process– Educate and reassure internal employees
• Negatives (cont.):– Increased security and privacy concerns
• Possible solutions to reduce risk:
– Increase physical security measures– Use software event logging and monitoring tools– Intrusion detection systems and firewalls– Encryption hardware/software
Outsourcing / Offshoring (cont.)
Top Five Project Risks
• Lack of top management commitment to the project
• Failure to gain user commitment/acceptance
• Misunderstanding the requirements
• Lack of adequate user/consumer involvement
• Failure to manage end user expectations
Risk Management Planning
• A systematic approach to planning the risk management activities of a given project
Risk Management Planning – Inputs
• Enterprise environmental factors– Attitudes toward risk and risk tolerance
• Organizational process assets– Processes in place to handle risk
• Project scope statement– Defining the project
• Project management plan– Project summary document
Risk Management Planning – Tools & Techniques
• Risk planning meetings– Senior managers, project team leaders, stakeholders,
project members with decision-making responsibilities
– Development of specific risk management plans
– Inclusion of risk-related items in budget and schedule
– Creation of risk management templates
Risk Management Planning – Outputs• Risk Management Plan– Methodology or approach to risk management
– Roles and responsibilities of project members
– Risk management budget
– Integration of risk management activities into project life cycle
– Scoring and interpretation of risk analysis
– Risk thresholds
– Reporting formats
– Tracking
Risk Identification – Inputs
• Enterprise environmental factors
• Organizational process assets
• Project scope statement
• Project management plan
• Risk management plan
Risk Categories
• Defined in a Risk Register– A formal recording of all project risks, explaining the
nature of the risk and management of the risk
Risk Identification – Tools & Techniques
• Documentation reviews– The review of organizational information to aid during risk
identification• May include:
– Project profiles (previous project information and related lessons learned)
– Published information» Articles/studies/benchmarking information
Risk Identification – Tools & Techniques (cont.)
• Information gathering techniques– Brainstorming
– Delphi technique
– Interviewing
– Strengths, weaknesses, opportunities, and threats (SWOT)
– Checklists
Risk Identification – Tools & Techniques (cont.)
– Diagramming techniques• Cause and effect (Fishbone)
• System or process flowcharts
• Influence diagrams
Qualitative Risk Analysis
• Establishment of probabilities regarding both the impact and likelihood of specific risk occurrences
Qualitative Risk Analysis – Inputs
• Organizational process assets
• Project scope statement
• Risk management plan
• Risk register
Qualitative Risk Analysis – Tools & Techniques
• Risk probability and impact assessment
• Probability/impact risk rating matrix
• Risk data quality assessment
• Risk categorization
• Risk urgency assessment
Probability/Impact Risk Rating Matrix
• A technique used to analyze project risk in terms of its probability of occurrence and its impact on project outcomes
Risk Data Quality Assessment
• Assessment of the quality of the data used to assess risk
• May include:• Extent to which a risk is understood
• Available risk data
• Data quality
• Data integrity and reliability
Quantitative Risk Analysis
• Analysis of the probability of occurrence and impact of risk on project objectives using numerical techniques
Quantitative Risk Analysis – Inputs
• Organization process assets
• Project scope statement
• Risk management plan
• Risk register
• Project management plan
Quantitative Risk Analysis – Tools & Techniques
• Data gathering through interviewing
• Quantitative procedures– Sensitivity analysis
• Technique used to examine the potential impact of specific risks to a project (Tornado analysis)
– Decision tree analysis• Diagramming technique used to evaluate courses of action in terms
of their potential cost and benefits relative to other courses of action
– Expected monetary value analysis (EMV)• Statistical technique which captures the average value of potential
projects by analyzing the likelihood of possible project outcomes as well as each outcome’s financial consequences
– Simulation• Statistical technique where what-if analyzes are run to determine
the impact of a given situation on a project objective (Monte Carlo)
Quantitative Risk Analysis – Tools & Techniques (cont.)
Risk Response Planning – Tools & Techniques
• Avoidance– Identified risks are avoided through a different course of
action
• Transference– Transfer of risk to another party through the use of
contracts
• Mitigation– Steps are taken to reduce the occurrence or impact of stated
risks
• Acceptance– Risks are accepted and contingency strategies are planned
Risk Response Planning – Outputs
• Updates to:– Risk register
– Project management plan
– Risk-related contractual agreements
Risk Response Plan Contents(Project Management Institute)
• Any risks that have been identified along with a description and the areas and objectives the identified risk may affect
• The roles and responsibilities of any risk owners
• Qualitative and quantitative risk analysis results as well as any trends identified during either of these processes
• A description of the risk response strategies including avoidance, transference, mitigation, and acceptance, and the risk that the strategies will be applied to
• An acknowledgement of any residual risk projected to remain after any risk response strategies have been applied
• A list of actions to be used to implement the risk response strategies
• Budget and schedule information in terms of risk response
• Any contingency plans used as part of an active response to accept risks
Additional Risk Terms
• Residual risks– Any risks remaining after risk response strategies have
been applied
• Secondary risks– Any risks resulting from the application of a risk response
strategy
• Contractual agreements– Any contracts for the purpose of risk transference during
the project
Risk Monitoring & Control
• The process of monitoring identified risks for change and controlling those changes