The Importance of Project Risk ManagementProject risk management is the art and science
of identifying, assigning, and responding to risk throughout the life of a project and in the best interests of meeting project objectives
Risk management is often overlooked on projects, but it can help improve project success by helping selecting good projects, determining project scope, and developing realistic estimates
Study has shown how risk management is neglected, especially on IT projects
2
The Importance of Project Risk ManagementKPMG 2001 study found that:
55 % of runaway projects (projects that have significant cost or schedule overruns) did no have risk mgmt at all
38% did some (but half didn’t use their risk findings)
7% didn’t know whether they have risk mgmt or not
This study suggest risk mgmt important to improve project success and prevent runaway project
3
What is Risk?
A dictionary definition of risk is “the possibility of loss or injury”
Project risk involves understanding potential problems that might occur on the project and how they might impede project success
Risk management is like a form of insurance; it is an investment
5
What is Project Risk Management (PRM)?
PRM goal : to minimize potential risks while maximizing potential opportunities. Major processes includea. Risk management planningb. Risk identificationc. Risk analysisd. Risk response planninge. Risk monitoring and control
6
a. Risk Management PlanningIs the process of deciding how to approach
and plan for risk mgmt activitiesThe main output of risk management
planning is a risk management plan (RMP)The project team should review project
documents and understand the organization’s and the sponsor’s approach to risk
RMP include Summary results of other processes - risk
identification, risk analysis, response planning and monitoring & control processes
Roles & responsibility for managing riskResources required to manage risks
7
Others Similar PlanContingency plans are predefined actions that the
project team will take if an identified risk event occurs.Ex: if the project team knows that a new release of a
software package may not be available in time for them to use it for their project, they might have a contingency plan to use the existing, older version of the software.
Fallback plans define actions to be taken if attempts to reduce fails.
Contingency reserve or allowances are provisions held by the project sponsor that can be used to mitigate cost or schedule risk if changes in scope or quality occur.Ex: if a project appears to be off course because the staff
is inexperienced with some new technology, the project sponsor may provide additional funds from contingency reserves to hire outside consultant to train and advise the project staff in using the new technology.
9
Common Sources of Risk on Information Technology Projects
Several studies show that IT projects share some common sources of risk
The Standish Group developed an IT success potential scoring sheet based on potential risks
Risk questionnaire to help access riskOther broad categories of risk help identify
potential risks
10
11
Success Criterion Points
User Involvement 19
Executive Management support 16
Clear Statement of Requirements 15
Proper Planning 11
Realistic Expectations 10
Smaller Project Milestones 9
Competent Staff 8
Ownership 6
Clear Visions and Objectives 3
Hard-Working, Focused Staff 3
Total 100
Other Categories of RiskMarket risk: Will the new product be useful
to the organization or marketable to others? Will users accept and use the product or service?
Financial risk: Can the organization afford to undertake the project? Is this project the best way to use the company’s financial resources?
Technology risk: Is the project technically feasible? Could the technology be obsolete before a useful product can be produced?
12
b. Risk IdentificationRisk identification is the process of understanding what
potential unsatisfactory outcomes are associated with a particular project
Output – list of identified risksReview past risk on similar projectTools & techniques
Brainstorming – technique by which a group attempts to generate ideas/find a solution for a specific problem by amassing ideas spontaneously and without judgment. Small group face-to-face
The Delphi technique – to derive a consensus among a panel of experts who make predictions about future developments. Uses repeated rounds of questioning and written responses,
including feedback to earlier-round responses, to take advantage of group input, while avoiding the biasing effects possible in oral panel deliberations.
Interviewing – a fact-finding technique for collecting information in face-to-face/telephone discussions. Through email & instant messaging
SWOT analysis Checklist
13
14
Knowledge Area Risk Conditions
Integration Inadequate planning; poor resource allocation; poor integrationmanagement; lack of post-project review
Scope Poor definition of scope or work packages; incomplete definitionof quality requirements; inadequate scope control
Time Errors in estimating time or resource availability; poor allocationand management of float; early release of competitive products
Cost Estimating errors; inadequate productivity, cost, change, orcontingency control; poor maintenance, security, purchasing, etc.
Quality Poor attitude toward quality; substandarddesign/materials/workmanship; inadequate quality assuranceprogram
Human Resources Poor conflict management; poor project organization anddefinition of responsibilities; absence of leadership
Communications Carelessness in planning or communicating; lack of consultationwith key stakeholders
Risk Ignoring risk; unclear assignment of risk; poor insurancemanagement
Procurement Unenforceable conditions or contract clauses; adversarial relations
Example risk in project life cycle
Phase Possible risk
Requirement
Definition
•Misunderstanding user/client requirements •Lack of communication or lack of user involvement in determining requirement
Analysis/
Design
•Misinterpretation of requirement•Making assumptions on what users want or need•Incomplete design specification
Testing •Inadequate testing•User not accepting the system
15
c. Risk Analysis
Can be done quantitatively and qualitatively
Qualitative tools and techniques include Probability/Impact matrixesThe Top 10 Risk Item Tracking techniqueExpert judgment
16
- Top 10 Risk Item TrackingTop 10 Risk Item Tracking is a tool for
maintaining an awareness of risk throughout the life of a project
Establish a periodic review of the top 10 project risk items
List the current ranking, previous ranking, number of times the risk appears on the list over a period of time, and a summary of progress made in resolving the risk item
18
19
Monthly Ranking
Risk Item This
Month
Last
Month
Numberof Months
Risk ResolutionProgress
Inadequateplanning
1 2 4 Working on revising theentire project plan
Poor definitionof scope
2 3 3 Holding meetings withproject customer andsponsor to clarify scope
Absence ofleadership
3 1 2 Just assigned a newproject manager to leadthe project after old onequit
Poor costestimates
4 4 3 Revising cost estimates
Poor timeestimates
5 5 3 Revising scheduleestimates
- Expert Judgment
Many organizations rely on the intuitive feelings and past experience of experts to help identify potential project risks
Experts can categorize risks as high, medium, or low with or without more sophisticated techniques
20
Risk Analysis: Quantitative Risk
Often follows qualitative risk analysis, but both can be done together or separately
Large, complex project involving leading edge technologies often require extensive quantitative risk analysis
Main techniques includeDecision tree analysissimulation
21
- Decision Trees and Expected Monetary Value (EMV)
A decision tree is a diagramming method used to help you select the best course of action in situations in which future outcomes are uncertain
EMV is a type of decision tree where you calculate the expected monetary value of a decision based on its risk event probability and monetary value
22
d. Risk Response PlanningAfter identifying and quantifying risk, you must decide how to
respond to themFour main strategies:
Risk avoidance: eliminating a specific threat or risk, usually by eliminating its causes A project team may decide to continue using a specific of hardware/software on a
project because they know it works. Other products that could be used on the project may be available, but if the team is unfamiliar with them – could cause significant risk.
Risk acceptance: accepting the consequences should a risk occur A project team planning a big project review meeting could take an active approach
to risk by having a contingency plan if they cannot get approval for a specific site for the meeting.
Risk transference: shifting the consequence of a risk and responsibility for its management to a third party A project team may purchase special insurance/warranty protection for specific
hardware needed for a project. If the hardware fails, the insurer must replace it within an agreed-upon period of time.
Risk mitigation: reducing the impact of a risk event by reducing the probability of its occurrence Include using proven technology, having competent project personnel, using various
analysis and validation techniques, and buying maintenance/service agreements from subcontractors.
24
e. Risk Monitoring and Control
Monitoring risks involves knowing their statusControlling risks involves carrying out the risk
management plans as risks occurWorkarounds are unplanned responses to risk
events that must be done when there are no contingency plans
Input: risk reassessment, risk audits, technical performance measurement, status meeting. And others
The main outputs of this process are corrective action, project change requests, recommended corrective and preventive actions, and updates to other plans
26
Using Software to Assist in Project Risk Management
Databases can keep track of risks. Many IT departments have issue tracking databases
Spreadsheets can aid in tracking and quantifying risks
27
Results of Good Project Risk Management
Unlike crisis management, good project risk management often goes unnoticed
Well-run projects appear to be almost effortless, but a lot of work goes into running a project well
Project managers should strive to make their jobs look easy to reflect the results of well-run projects
28
Top Related