BA 421 Lesson 7 risk
EMV (Alternative i) =
(Payoff of 1st state of nature) x (Probability of 1st state of nature) + (Payoff of 2nd state of nature) x (Probability of 2nd state of nature) +...+(Payoff of last state of nature) x (Probability of last state of nature)
brainstorming
, a technique used in problem-solving in which all members of a group contribute spontaneous ideas. A project manager should: 1. Involve key team members in ________________ to identify potential risks and how their consequences might affect the project objective 2. Use common sense when identifying risks to avoid and risks that are unlikely to occur 3. Use historical information from past projects to identify possible risks, including post-project evaluations
the conditional values or payoffs (usually expressed in monetary value) for combinations of alternatives (down the rows) and states of nature (across the columns).
A decision table or payoff table presents
How likely is a risk to happen? How big will the impact be? When will the risk likely occur? Will it be easy to notice and correctly interpret the trigger?
A qualitative risk analysis will address the following questions:
contingency or management reserve
A should be included in the project price and budget to pay for the additional expenses of implementing contingency plans. The amount to budget for contingency may be limited to just the high probability risks. it is determined by estimating the cost if a risk occurs, and multiplying it by the probability.
risk statement
All identifiable risks should be documented as a
Decision Tree
Breaks down a complex problem by mapping alternatives and states of nature to calculate expected monetary value of decisions
-Perform a functional analysis -Generate FMEA cause-and-effect diagrams
Prior to conducting an FMEA, it is often useful to:
Simulation or Monte Carlo Simulation
Selects values of controllable inputs and randomly generates values of probabilistic inputs to calculate probability of outputs.
helps identify, sort, and display possible causes of a specific problem or quality characteristic
The FMEA cause-and-effect diagram is a tool that
RPN = Severity Rating x Occurrence Rating x Detection Rating
The RPN identifies the greatest areas of concern, and comprises the assessment of the: Severity rating Occurrence rating Detection rating for a potential failure mode
Transference.
The team assign the financial impact of risk by contracting out some aspect of the work. Transference reduces the risk only if the contractor is more capable of taking steps to reduce the risk and does so.
Risk Identification Risk Assessment Risk Response Risk Monitoring
There are four stages to risk management planning:
Decision-making under uncertainty
arises when the decision maker cannot assign probabilities to the states of nature. There are three approaches:
Qualitative risk analysis
assesses the impact and likelihood of the identified risks in a rapid and cost-effective manner. The risks are prioritized for further analysis or direct mitigation.
A start trigger
is an event that activates the contingency plan,
stop trigger
is the signal to resume normal operations. Both
Risk management
is the systematic process of planning for, identifying, assessing, responding to, and monitoring project risk. It involves processes, tools, and techniques that will help the project manager maximize the probability and consequences of positive events and minimize the probability and consequences of adverse events
Risk response planning
- developing an action plan to reduce the impact or likelihood of each risk. - It establishes when action plans should be implemented to address each risk, and assigns specific individuals to implement each plan. -This process ensures that someone is responsible for addressing each risk. -focuses on the high-risk items evaluated in the qualitative and/or quantitative risk analysis. -The project manager and the project team identify which strategy is best for each risk, and then design specific actions to implement that strategy.
Avoiding the risk
. The team changes the project plan to eliminate the risk or to protect the project objectives from being affected by it. This can be done by changing scope, adding time, or adding resources (thus relaxing the so-called "triple constraint"). These changes may require a CCR (Change Control Request).
Mitigation of the risk
.The team seeks to reduce the probability or consequences of a risk event to an acceptable threshold. This can be done in various ways that are specific to the project and the risk. Mitigation steps, although costly and time-consuming, may still be preferable to going forward with the unmitigated risk.
risk register
All identifiable risks should be entered into a details all risks, provides descriptions, categorizes them, discusses potential causes as well as probability, and discusses potential responses as well as who would be responsible for dealing with the risks. it is part of the project management plan.
1. Clearly define the problems and the factors that influence it 2. Develop specific and measurable objectives 3. Develop a model 4. Evaluate each alternative solution 5. Select the best alternative 6. Implement the decision and set a timetable for completion
Good decisions are based on logic and consider all available data and possible alternatives and follow the six steps:
true
Most project risks are uncovered early in the life of a project. If risk is identified early in the project, its cost is less than if it is discovered later. In fact, research on software projects indicate that more time spent on requirement analysis phase results in lower quality costs and smoother project execution. Risks discovered late in a project can be expensive.
Choosing alternative response strategies Implementing a contingency plan Taking corrective actions Re-planning the project
Risk control involves:
Accepting the risk.
The project manager and the project team decide to accept certain risks. They do not change the project plan to deal with a risk, or identify any response strategy other than agreeing to address the risk if and when it occurs. The team might have to develop a contingency plan if a high risk event with high probability occurs.
Decision-making under uncertainty Decision-making under risk Decision-making under certainty
There are three decision-making environments:
Equally Likely Approach
This approach assumes that each state of nature has the same probability of occurring, so a simple average of possible payoffs for each alternative is computed and the alternative with the best average is chosen
Maximin Approach
This approach is a pessimistic approach, looking at the worst possible outcome for every alternative and choosing the alternative with the "best" worst outcome (i.e., we select the least possible loss).
Maximax Approach
This approach is completely optimistic, searching only for the best payoff in the decision table and selecting the associated alternative with no regard to any other potential outcomes for that alternative.
Detection rating
This rating corresponds to the likelihood that the detection methods or current controls will detect the potential failure mode before the product is released for production for design, or for process before it leaves the production facility. On a scale of 1-10: 1: will detect failure 5: might detect failure 10: almost certain not to detect failures
Occurrence rating.
This rating corresponds to the rate at which a first level cause and its resulting failure mode will occur over the design life of the system, over the design life of the product, or before any additional process controls are applied. On a scale of 1-10: 1: failure unlikely 5: occasional failure 8: high # of failures likely 10: failures certain
Severity rating.
This rating corresponds to the seriousness of a potential failure mode. On a scale of 1-10: 1: no effect on output 5: moderate effect 8: serious effect 10: hazardous effect
Expected Monetary Value
This value is positive for opportunities (positive risks) and negative for threats (negative risks). Project risk management requires you to address both types of project risks.
Assign a probability of occurrence for the risk Assign monetary value of the impact of the risk when it occurs Multiply Step 1 and Step 2
To calculate the Expected Monetary Value in project risk management, you need to:
Failure Modes and Effects Analysis (FEMA)
Used primarily in product development projects. Quantifies severity, occurrence, and detection of each risk to aid in deciding on controls.
Functional analysis
involves identifying the primary and secondary function(s) of products or processes using verb-noun relationships.
Failure Modes and Effects Analysis (FMEA)
is a methodology for analyzing potential reliability problems early in the development cycle where it is easier to correct any problems.
primary function
is a specific function(s) for which a product or process is designed. For example, consider your car door: Primary function is to ingress/egress car Failure mode: door does not open, door sticks, door does not open wide enough
Secondary function
is to protect occupant from noise Failure Mode: door does not seal, door header leaks
contingency planning
it forces the project team to think in advance about what to do if a risk event takes place. 1. Identify the contingency plan tasks (or steps) that can be performed to implement the mitigation strategy. 2. Identify the necessary resources such as money, equipment and labor. 2. Define emergency notification and escalation procedures, if appropriate. 3. Develop contingency plan training materials, if appropriate. 4. Review and update contingency plans if necessary.
Quantitative risk analysis
it is a method that numerically estimates the probability that a project will meet its cost and time objectives. Quantitative analysis is based on a simultaneous evaluation of the impact of all identified and quantified risks. The result is a probability distribution of the project's cost and completion date based on the risks in the project
risk matrix
it is a simple graphical tool. It provides a process for combining: The chance for an occurrence of an event (PoF, i.e., Probability of Failure) (usually an estimate) The consequence if the event occurred (usually an estimate) Thus, Risk = PoF * Consequence. it combines the risk probability with risk severity. The estimates of the two dimensions can be drawn from objective data or subjective assessments
Risk assessment
it is determining the likelihood that the risk event will occur and the degree of impact the event will have on the project objective. Both factors can be assigned a rating of "High," "Medium," or "Low." The project manager and an appropriate team member should determine the rating for each potential risk. Historical data from similar projects can also be helpful.
Risk monitoring and contro
l keeps track of the identified risk, residual risk, and new risk. It also ensures the execution of risk response plans, and evaluates their effectiveness. Risk monitoring and control continues for the life of the project. The list of project risks changes as the project matures, new risks develop, or anticipated risks disappear.
Fault Tree Anaylsis Tree diagram
that depicts patterns of events and calculates probability of project value