Chap 11 Risk
Transcript of Chap 11 Risk
-
8/3/2019 Chap 11 Risk
1/39
1IT Project Management, Third Edition Chapter 11
Chapter 11:
Project Risk Management
-
8/3/2019 Chap 11 Risk
2/39
2IT Project Management, Third Edition Chapter 11
Learning Objectives
Understand what risk is and the importance of goodproject risk management
Discuss the elements involved in risk managementplanning
List common sources of risks on informationtechnology projects
Describe the risk identification process and tools andtechniques to help identify project risks
Discuss the qualitative risk analysis process andexplain how to calculate risk factors, useprobability/impact matrixes, the Top Ten Risk ItemTracking technique, and expert judgment to rank risks
-
8/3/2019 Chap 11 Risk
3/39
3IT Project Management, Third Edition Chapter 11
Learning Objectives
Explain the quantify risk analysis process and how touse decision trees and simulation to quantitative risks
Provide examples of using different risk response
planning strategies such as risk avoidance, acceptance,
transference, and mitigation
Discuss what is involved in risk monitoring and control
Describe how software can assist in project risk
management Explain the results of good project risk management
-
8/3/2019 Chap 11 Risk
4/39
4IT Project Management, Third Edition Chapter 11
The Importance of Project Risk
Management Project risk management is the art and science of
identifying, assigning, and responding to riskthroughout the life of a project and in the best interestsof meeting project objectives
Risk management is often overlooked on projects, butit can help improve project success by helping selectgood projects, determining project scope, anddeveloping realistic estimates
A study by Ibbs and Kwak show how risk managementis neglected, especially on IT projects
KPMG study found that 55 percent of runaway projectsdid no risk management at all
-
8/3/2019 Chap 11 Risk
5/39
5IT Project Management, Third Edition Chapter 11
Table 11-1. Project Management Maturity
by Industry Group and Knowledge Area
-
8/3/2019 Chap 11 Risk
6/39
6IT Project Management, Third Edition Chapter 11
What is Risk?
A dictionary definition of risk is thepossibility of loss or injury
Project risk involves understandingpotential problems that might occur on theproject and how they might impede projectsuccess
Risk management is like a form ofinsurance; it is an investment
-
8/3/2019 Chap 11 Risk
7/39
7IT Project Management, Third Edition Chapter 11
Risk Utility
Risk utility or risk tolerance is the amount ofsatisfaction or pleasure received from apotential payoff
Utility rises at a decreasing rate for a person whois risk-averse
Those who are risk-seeking have a highertolerance for risk and their satisfaction increaseswhen more payoff is at stake
The risk-neutral approach achieves a balancebetween risk and payoff
-
8/3/2019 Chap 11 Risk
8/39
8IT Project Management, Third Edition Chapter 11
Figure 11-1. Risk Utility
Function and Risk Preference
-
8/3/2019 Chap 11 Risk
9/39
9IT Project Management, Third Edition Chapter 11
What is Project Risk Management?
The goal of project risk management is to minimize potential risks
while maximizing potential opportunities. Major processes include Risk management planning: deciding how to approach and plan
the risk management activities for the project
Risk identification: determining which risks are likely to affect aproject and documenting their characteristics
Qualitative risk analysis: characterizing and analyzing risks andprioritizing their effects on project objectives
Quantitative risk analysis: measuring the probability andconsequences of risks
Risk response planning: taking steps to enhance opportunitiesand reduce threats to meeting project objectives
Risk monitoring and control: monitoring known risks,identifying new risks, reducing risks, and evaluating theeffectiveness of risk reduction
-
8/3/2019 Chap 11 Risk
10/39
10IT Project Management, Third Edition Chapter 11
Risk Management Planning
The main output of risk management planning is
a risk management plan
The project team should review projectdocuments and understand the organizations
and the sponsors approach to risk
The level of detail will vary with the needs of
the project
-
8/3/2019 Chap 11 Risk
11/39
11IT Project Management, Third Edition Chapter 11
Table 11-2. Questions Addressed
in a Risk Management Plan
-
8/3/2019 Chap 11 Risk
12/39
12IT Project Management, Third Edition Chapter 11
Contingency and Fallback Plans,
Contingency Reserves
Contingency plans are predefined actions thatthe project team will take if an identified riskevent occurs
Fallback plans are developed for risks that havea high impact on meeting project objectives
Contingency reserves or allowances are
provisions held by the project sponsor that canbe used to mitigate cost or schedule risk ifchanges in scope or quality occur
-
8/3/2019 Chap 11 Risk
13/39
13IT Project Management, Third Edition Chapter 11
Common Sources of Risk on
Information Technology Projects
Several studies show that IT projects share some
common sources of risk
The Standish Group developed an IT successpotential scoring sheet based on potential risks
McFarlan developed a risk questionnaire to help
assess risk
Other broad categories of risk help identify
potential risks
-
8/3/2019 Chap 11 Risk
14/39
14IT Project Management, Third Edition Chapter 11
Table 11-3. Information Technology
Success Potential Scoring SheetSuccess Criterion Points
User Involvement 19
Executive Management support 16
Clear Statement of Requirements 15
Proper Planning 11
Realistic Expectations 10
Smaller Project Milestones 9
Competent Staff 8
Ownership 6
Clear Visions and Objectives 3
Hard-Working, Focused Staff 3
Total 100
-
8/3/2019 Chap 11 Risk
15/39
15IT Project Management, Third Edition Chapter 11
Table 11-4. McFarlans Risk Questionnaire
1. What is the project estimate in calendar (elapsed) time?
( ) 12 months or less Low = 1 point
( ) 13 months to 24 months Medium = 2 points
( ) Over24 months High = 3 points
2. What is the estimated number of person days for the system?( ) 12 to 375 Low = 1 point
( ) 375 to 1875 Medium = 2 points
( ) 1875 to 3750 Medium = 3 points
( ) Over3750 High = 4 points
3. Number of departments involved (excluding IT)( ) One Low = 1 point
( ) Two Medium = 2 points
( ) Three or more High = 3 points
4. Is additional hardware required for the project?( ) None Low = 0 points
( ) Central processor type change Low = 1 point
( ) Peripheral/storage device changes Low = 1
( ) Terminals Med = 2
( ) Change of platform, for example High = 3
PCs replacing mainframes
-
8/3/2019 Chap 11 Risk
16/39
16IT Project Management, Third Edition Chapter 11
Other Categories of Risk
Market risk: Will the new product be useful to
the organization or marketable to others? Will
users accept and use the product or service?
Financial risk: Can the organization afford toundertake the project? Is this project the best
way to use the companys financial resources?
Technology risk: Is the project technicallyfeasible? Could the technology be obsolete
before a useful product can be produced?
-
8/3/2019 Chap 11 Risk
17/39
17IT Project Management, Third Edition Chapter 11
What Went Wrong?
Many information technology projects fail because of technology risk. Oneproject manager learned an important lesson on a large IT project: focus on
business needs first, not technology. David Anderson, a project manager for
Kaman Sciences Corp., shared his experience from a project failure in an article
for CIO Enterprise Magazine. After spending two years and several hundred
thousand dollars on a project to provide new client/server-based financial and
human resources information systems for their company, Anderson and his
team finally admitted they had a failure on their hands. Anderson revealed that
he had been too enamored of the use of cutting-edge technology and had taken
a high-risk approach on the project. He "ramrodded through" what the project
team was going to do and then admitted that he was wrong. The company
finally decided to switch to a more stable technology to meet the business needsof the company.
Hildebrand, Carol. If At First You Dont Succeed, CIO Enterprise Magazine, April 15, 1998
-
8/3/2019 Chap 11 Risk
18/39
18IT Project Management, Third Edition Chapter 11
Risk Identification
Risk identification is the process ofunderstanding what potential unsatisfactoryoutcomes are associated with a particular project
Several risk identification tools and techniquesinclude
Brainstorming
The Delphi technique
Interviewing
SWOT analysis
-
8/3/2019 Chap 11 Risk
19/39
19IT Project Management, Third Edition Chapter 11
Table 11-5. Potential Risk Conditions
Associated with Each Knowledge AreaKnowledge Area Risk Conditions
Integration Inadequate planning; poor resource allocation; poor integration
management; lack of post-project review
Scope Poor definition of scope or work packages; incomplete definition
of quality requirements; inadequate scope control
Time Errors in estimating time or resource availability; poor allocation
and management of float; early release of competitive products
Cost Estimating errors; inadequate productivity, cost, change, or
contingency control; poor maintenance, security, purchasing, etc.
Quality Poor attitude toward quality; substandard
design/materials/workmanship; inadequate quality assurance
program
Human Resources Poor conflict management; poor project organization and
definition of responsibilities; absence of leadership
Communications Carelessness in planning or communicating; lack of consultation
with key stakeholders
Risk Ignoring risk; unclear assignment of risk; poor insurance
management
Procurement Unenforceable conditions or contract clauses; adversarial relations
-
8/3/2019 Chap 11 Risk
20/39
20IT Project Management, Third Edition Chapter 11
Quantitative Risk Analysis
Assess the likelihood and impact ofidentified risks to determine their magnitude
and priority
Risk quantification tools and techniquesinclude
Probability/Impact matrixes
The Top 10 Risk Item Tracking technique Expert judgment
-
8/3/2019 Chap 11 Risk
21/39
21IT Project Management, Third Edition Chapter 11
Sample Probability/Impact Matrix
-
8/3/2019 Chap 11 Risk
22/39
22IT Project Management, Third Edition Chapter 11
Table 11-6. Sample Probability/Impact
Matrix for Qualitative Risk Assessment
-
8/3/2019 Chap 11 Risk
23/39
23IT Project Management, Third Edition Chapter 11
Figure 11-3. Chart Showing High-,
Medium-, and Low-Risk Technologies
-
8/3/2019 Chap 11 Risk
24/39
24IT Project Management, Third Edition Chapter 11
Top 10 Risk Item Tracking
Top 10 Risk Item Tracking is a tool formaintaining an awareness of risk throughout
the life of a project
Establish a periodic review of the top 10project risk items
List the current ranking, previous ranking,
number of times the risk appears on the list
over a period of time, and a summary of
progress made in resolving the risk item
-
8/3/2019 Chap 11 Risk
25/39
25IT Project Management, Third Edition Chapter 11
Table 11-7. Example of Top 10
Risk Item TrackingMonthly Ranking
Risk Item This
Month
Last
Month
Number
of Months
Risk Resolution
Progress
Inadequate
planning
1 2 4 Working on revising the
entire project plan
Poor definition
of scope
2 3 3 Holding meetings with
project customer andsponsor to clarify scope
Absence ofleadership
3 1 2 Just assigned a newproject manager to lead
the project after old one
quit
Poor cost
estimates
4 4 3 Revising cost estimates
Poor time
estimates
5 5 3 Revising schedule
estimates
-
8/3/2019 Chap 11 Risk
26/39
26IT Project Management, Third Edition Chapter 11
Expert Judgment
Many organizations rely on the intuitive feelings
and past experience of experts to help identify
potential project risks
Experts can categorize risks as high, medium, or
low with or without more sophisticated
techniques
-
8/3/2019 Chap 11 Risk
27/39
27IT Project Management, Third Edition Chapter 11
Quantitative Risk Analysis
Often follows qualitative risk analysis, but both
can be done together or separately
Large, complex projects involving leading edge
technologies often require extensive quantitative
risk analysis
Main techniques include
decision tree analysis
simulation
-
8/3/2019 Chap 11 Risk
28/39
28IT Project Management, Third Edition Chapter 11
Decision Trees and Expected
Monetary Value (EMV)
A decision tree is a diagramming method used
to help you select the best course of action in
situations in which future outcomes are
uncertain
EMV is a type of decision tree where you
calculate the expected monetary value of a
decision based on its risk event probability andmonetary value
-
8/3/2019 Chap 11 Risk
29/39
29IT Project Management, Third Edition Chapter 11
Figure 11-4. Expected Monetary
Value (EMV) Example
-
8/3/2019 Chap 11 Risk
30/39
30IT Project Management, Third Edition Chapter 11
Simulation
Simulation uses a representation or model of asystem to analyze the expected behavior orperformance of the system
Monte Carlo analysis simulates a models
outcome many times to provide a statisticaldistribution of the calculated results
To use a Monte Carlo simulation, you must
have three estimates (most likely, pessimistic,and optimistic) plus an estimate of thelikelihood of the estimate being between theoptimistic and most likely values
-
8/3/2019 Chap 11 Risk
31/39
31IT Project Management, Third Edition Chapter 11
What Went Right?A large aerospace company used Monte Carlo simulation to help quantify
risks on several advanced-design engineering projects. The NationalAerospace Plan (NASP) project involved many risks. The purpose of this
multibillion-dollar project was to design and develop a vehicle that could
fly into space using a single-stage-to-orbit approach. A single-stage-to-orbit
approach meant the vehicle would have to achieve a speed of Mach 25 (25
times the speed of sound) without a rocket booster. A team of engineers and
business professionals worked together in the mid-1980s to develop asoftware model for estimating the time and cost of developing the NASP.
This model was then linked with Monte Carlo simulation software to
determine the sources of cost and schedule risk for the project. The results
of the simulation were then used to determine how the company would
invest its internal research and development funds. Although the NASPproject was terminated, the resulting research has helped develop more
advanced materials and propulsion systems used on many modern aircraft.
-
8/3/2019 Chap 11 Risk
32/39
32IT Project Management, Third Edition Chapter 11
Risk Response Planning
After identifying and quantifying risks, youmust decide how to respond to them
Four main strategies:
Risk avoidance: eliminating a specific threat or risk,
usually by eliminating its causes
Risk acceptance: accepting the consequences shoulda risk occur
Risk transference: shifting the consequence of a riskand responsibility for its management to a thirdparty
Risk mitigation: reducing the impact of a risk eventby reducing the probability of its occurrence
-
8/3/2019 Chap 11 Risk
33/39
33IT Project Management, Third Edition Chapter 11
Table 11-8. General Risk Mitigation Strategies
for Technical, Cost, and Schedule Risks
-
8/3/2019 Chap 11 Risk
34/39
34IT Project Management, Third Edition Chapter 11
Risk Monitoring and Control
Monitoring risks involves knowing their status
Controlling risks involves carrying out the riskmanagement plans as risks occur
Workarounds are unplanned responses to riskevents that must be done when there are nocontingency plans
The main outputs of risk monitoring and controlare corrective action, project change requests,and updates to other plans
-
8/3/2019 Chap 11 Risk
35/39
35IT Project Management, Third Edition Chapter 11
Risk Response Control
Risk response control involves executing the riskmanagement processes and the risk management
plan to respond to risk events
Risks must be monitored based on definedmilestones and decisions made regarding risks
and mitigation strategies
Sometimes workarounds or unplanned responsesto risk events are needed when there are no
contingency plans
-
8/3/2019 Chap 11 Risk
36/39
36IT Project Management, Third Edition Chapter 11
Using Software to Assist in
Project Risk Management
Databases can keep track of risks. Many IT
departments have issue tracking databases
Spreadsheets can aid in tracking and quantifying
risks
More sophisticated risk management software,
such as Monte Carlo simulation tools, help in
analyzing project risks
-
8/3/2019 Chap 11 Risk
37/39
37IT Project Management, Third Edition Chapter 11
Figure 11-5. Sample Monte Carlo
Simulation Results for Project Schedule
-
8/3/2019 Chap 11 Risk
38/39
38IT Project Management, Third Edition Chapter 11
Figure 11-6. Sample Monte Carlo
Simulations Results for Project Costs
l f G d j i k
-
8/3/2019 Chap 11 Risk
39/39
39IT Project Management, Third Edition Chapter 11
Results of Good Project Risk
Management
Unlike crisis management, good project risk
management often goes unnoticed
Well-run projects appear to be almost effortless,
but a lot of work goes into running a project
well
Project managers should strive to make their
jobs look easy to reflect the results of well-runprojects