Chapter 11

-Study by Ibbs and Kwak shows risk has the lowest maturity rating of all knowledge areas -A similar survey was completed with software development companies in Mauritus, South Africa in 2003, and risk management also had the lowest maturity

-Although many organizations know that they do not do a good job of managing project risk, little progress seems to have been made over the past decade in improving risk management on a project level or an enterprise level

Performing Qualitative Risk Analysis

-Assess the likelihood and impact of identified risks to determine their magnitude and priority

Brainstorming

-Be careful not to overuse to misuse brainstorming -psychology literature shows that individuals produce a greater number of ideas working alone than they do though brainstorming in small, face-to-face groups -Group effects often inhibit idea generation -fear of social disapproval -domination of the session by one or two vocal people

4 risk identification tools and techniques

-Brainstorming -The Delphi Technique -Interviewing -SWOT analysis

-In addition to a risk management plan, many projects also include:

-Contingency plans -Fallback plans -Contingency reserves or contingency allowances -Management reserves

-Some organizations make the mistake of only addressing tactical and negative risks when performing project risk managment

-David Hilson suggests overcoming this problem by widening the scope of risk management to encompass both strategic risks and upside opportunities, which he refers to as integrated risk management -in a 2014 paper Hilson described the importance of good working relationships, especially between the project sponsor and project manager

Performing Quantitative Risk Analysis main techniques:

-Decisions tree analysis -Simulation -Sensitivity analysis

-many organizations develop their own risk questionnaires -5 broad categories of risk:

-Market risk -Financial risk -Technology risk -People risk -Structure/process risk

Risk quantification tools and techniques:

-Probability/impact matrixes -The Top Ten Risk Item Tracking -Expert judgment

4 main response strategies for positive risks

-Risk exploitation -Risk sharing -Risk enhancement -Risk acceptance

Project Risk Management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectivtes

-Risk management is often overlooked in projects, but it can help improve project success by helping select good projects, determining project scope, and developing realistic estimates

SWOT Analysis

-SWOT analysis (strengths, weaknesses, opportunities, and threats) can also be used during risk identification and strategic planning -Root cause analysis (recall in Ch 8) often results in identifying even more potential risks for a project

Decision Tree

-a diagramming analysis technique used to help select the best course of action in situations in which future outcomes are uncertain -usually involves calculating expected monetary value (EMV)

Risk Register

-a document that contains results of various risk management processes; it is often displayed in a table or spreadsheet format -is a tool for documenting potential risk events and related information

Interviewing

-a fact-finding technique for collecting information in face-to-face, phone, e-mail, or instant-messaging virtual discussions -Interviewing people with similar project experience is an important tool for identifying potential risks

Risk Breakdown Structure

-a hierarchy of potential risk categories for a project -similar to a work breakdown structure but used to identify and categorize risks

Watch list

-a list of risks that are low priority but are still identified as potential risks -qualitative analysis can also identify risks that should be evaluated on a quantitative basis

Risk management plan

-a plan that documents the procedures for managing risk throughout a project

Top Ten Risk Item Tracking

-a qualitative risk analysis tool that helps identify risks and maintain an awareness of risks throughout the life of a project -using this tool involves establishing a periodic review of the project's most significant risk items -list the current ranking, previous ranking, number of times the risk appears on the list over a period of time, and a summary of progress made in resolving the risk item

Brainstorming

-a technique by which a group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneous and w/o judgement -An experienced facilitator should run the brainstorming session and introduce new categories of potential risks to keep ideas flowing

Sensitivity Analysis

-a technique used to show the effects of changing one or more variables on an outcome

Risk-Neutral

-achieves a balance between risk and payoff -might perform a series of analyses to evaluate possible purchase decsions

-reviewing a proposed project in terms of the Standish Group's success criteria, a risk questionnaire, or another similar tool is a good method fro understanding common sources of risk on IT projects.

-also useful to review the work breakdown structure (WBS) to see if there might be specific risks by WBS categories -ex) if an item on the WBS involves preparing a press release and no one on the project team has ever written one, it could be a negative risk if the release is not handled professionally

Risk

-an uncertainty that can have a negative or positive effect on meeting project objectives -dictionary definition of risk is "the possibility of loss or injury -Project risk management involves understanding potential problems that might occur on the project and how they might impede project success. (can be referred to as a negative risk or threat)

-Identifying risks is the process of understanding what potential events might hurt or enhance a particular project

-another consideration is the likelihood of advanced discovery -ex)monitoring a supplier who might remove support for software used on several projects

Secondary risks

-are a direct result of implementing a risk response.

3 other techniques for risk identification:

-checklists -analysis of assumptions -creation of diagrams Ex) recall from ch 8, fishbone diagrams help trace problems back to their root cause

Planning risk management

-deciding how to approach and plan the risk management activities for the project -main output is risk management plan

Risk Appetite

-degree of uncertainty an entity is willing to take on, in anticipation of a reward

2. Identifying risks

-determining which risks are likely to affect a project and documenting the characteristics of each -main output is the start of a risk register

Fallback plans

-developed for risks that have a high impact on meeting project objectives and are put into effect if attempts to reduce the risk do not work -ex) college graduate might have a main plan and several contingency plans for where to live after gradation but if these plans do not work out, a fallback plan might be to live at home for a while -sometimes terms contingency plan and fallback plan are used interchangeably

Flowcharts

-diagrams that show how different parts of a system interrelate

Management risks

-funds held for unknown risks that are used for management control purposes. -not part of the cost baseline, but they are part of the project budget and funding requirements. -if the management reserves are used for unforeseen work, they are added to the cost baseline after the change is approved

Contingency reserves or Contingency allowances

-funds included in the cost baseline that can be used to mitigate cost or schedule overruns if known risks occur -ex) if a project appears to be off course because the staff is not experienced with a new technology and the team had identified that as a risk, the contingency reserves could be used to hire an outside consultant to train and advise the project staff in using the new technology

Risk-Seeking

-have a higher tolerance for risk and their satisfaction increases when more payoff is at stake -a risk-seeking person prefers outcomes that are more uncertain and is often willing to pay a penalty to take risks

Triggers

-indicators or symptoms of actual risk events -ex)defective products may be symptoms of a low-quality supplier -an element of a risk register

Controlling Risks

-involves executing the risk management process to respond to risk events and ensuring that risk awareness is an ongoing activity performed by the entire project team throughout the entire project

Probability/impact matrix or chart

-lists the relative probability of a risk occurring and the relative impact of the risk occurring -list the risks and then label each one as high, medium, or low in terms of probability of occurrence and is impact if it did occur

6. Controlling risk

-monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project

-risk registers can be created in a simple Word or Excel file or as part of a database

-more sophisticated risk management software, such as Monte Carlo simulation tools, help in analyzing project risks

Simulation

-more sophisticated technique for quantitative risk analysis -uses a representation or model of a system to analyze its expected behavior or performance of the system -most simulations are based on some form of Monte Carlo analysis

Risk

-negative risk is like a form of insurance; it is an investment -positive risk management is like investing in opportunities -the cost for risk management should not exceed potential benefits

Risk factors

-numbers that represent the overall risk of specific events based on their probability of occurring and the consequences to the project if they do occur

4. Performing quantitative risk analysis

-numerically estimating the effects of risks on project objectives -main output is project documents updates

Risk Owner

-person who will take responsibility for the risk -element of a risk register

-risks can be positive

-positive risks are risks that result in good things happening; sometimes called opportunities -a general definition of project risk is an uncertainty that can have a negative or positive effect on meeting project objectives

Contingency plans

-predefined actions that the project team will take if an identified risk event occurs -ex) if project team knows that a new release of a software package may not be available in time for the project, the team might have a contingency plan to use the existing, older version of the software

3. Performing qualitative risks analysis

-prioritizing risks based on their probability of occurrence and impact -after identifying risks, project teams can use various tools and techniques to rank risks and update information in the risk register -main output is project documents updates

Risk Events

-refer to specific, uncertain events that may occurs to the detriment or enhancement of the project

Influence diagram

-represents decision problems by displaying essential elements, including decisions, uncertainties, causality, and objectives, and how the influence each other

Unknown Risks

-risks that have not been identified and analyzed, cannot be managed

Residual risks

-risks that remain after all pf the response strategies have been implemented

Monte Carol analysis

-simulates a model's outcome many times to produce a statistical distribution of the calculated results -to use a Monte Carol simulation, you must have 3 estimates (most likely, pessimistic, and optimistic) plus an estimate of the likelihood of the estimate being between the most likely and optimistic values

Known Risks

-sometimes used to describe risks that the project team has identified and analyzed -can be managed proactively

5. Planning risk responses

-taking steps to enhance opportunities and reduce threats to meeting project objectives -using outputs from the preceding risk management processes, project teams can develop risk response stragies that often result in updates to the project management plan and other project documents

Risk Utility

-the amount of satisfaction or pleasure received from a potential payoff. -the y-axis represents utility, or the amount of pleasure received from taking a risk. -the x-axis shows the amount of potential payoff or dollar value of the opportunity at stake

-Planning risk management is the process of deciding how to approach risk management activities and plan for them in a project -main output of this process is a risk management plan

-the first step in project risk management is determining how to address this knowledge area for a particular project by performing risk management planning

Risk Tolerance

-the maximum acceptable deviation an entity is willing to accept on the project or business objectives as the potential impact -the project may be accepted if the risks are within tolerances and are in balances with the rewards that may be gained by taking the risks -some organizations or people have a neutral tolerance for risk, some have an aversion to risk, and others are risk-seeking (these 3 preferences are part of the utility theory of risk)

Expected monetary value (EMV)

-the product of a risk event probability and the risk event's monetary value -you can draw a decision tree to help find the EMV -to calculate the EMV for each project, multiply the probability by the outcome value for each potential outcome for each project and sum the results

-project teams should hold several planning meetings early in the project's life cycle to help develop the risk management plan

-the project team should review project documents and understand the organization's and the sponsor's approaches to risk. (project sponsor might be risk-averse or a risk-seeker)

Workarounds

-unplanned responses to risk events that must be done when there are no contingency plans

The Delphi Technique

-used to derive a consensus among a panel of experts who make predictions about future developments -an approach to gathering information that helps prevent some of the negative group effects found in brainstorming -is a systematic, interactive forecasting procedure based on independent and anonymous input regarding future events

The Delhi Technique

-uses repeated rounds of questioning and written responses and avoids the biasing effects possible in oral methods, such a brainstorming

Risk-Averse

-utility rises at a decreasing rate -when more money or payoff is at stake, a person or organization that is risk-averse gains less satisfaction from the risk, or has lower tolerance for the risk

6 major processes involved in risk managment

1. Planning risk management 2. Identifying risks 3. Performing qualitative risk analysis 4. Performing quantitative risks analysis 5. Planning risk responses 6. Controlling risk

-after identifying and quantifying risks, you must decide how to respond to them -developing a response to risks involves identifying options and defining strategies for reducing negative risks and enhancing positive risks

4 main response strategies for negative risks: -Risk avoidance -Risk acceptance -Risk transference -Risk mitigaiton

-Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives

Main processes include: -Planning risk management -Identify risks -Perform qualitative risk analysis -Perform quantitative risk analysis -Plan risk responses -Control risk responses