Chapter 11 - Project Risk Management

Benefits from Software Risk Management Practices

-anticipate/avoid problems -prevent surprises -improve ability to negotiate -meet customer commitments -reduce schedule slips -reduce cost overruns

Mitigation for Technical Risks

-emphasize team support and avoid stand-alone project structure -increase project manager authority -improve problem handling and communication -increase frequency of project monitoring -use WBS and CPM

Elements of a Risk Register

-identification number for each risk event -rank for each risk event -name of the risk event -category under which the risk event falls -root cause of the risk -triggers for each risk -potential responses to each risk -risk owner -probability of the risk occurring -status of the risk

Mitigation for Schedule Risks

-increase frequency of project monitoring -use WBS and CPM -select the most experienced project manager

Mitigation for Cost Risks

-increases the frequency of project monitoring -use WBS and CPM -improve communication, understanding of project goals, and team support -increase project manager authority

Broad Categories of Risks Described on Risk Questionnaires

-market risk -financial risk -technology risk -people risk -structure/process risk

Monte Carlo Analysis - Simplified Approach

1) collect the most likely, optimistic, and pessimistic estimates for the variables int eh model 2) Determine the probability distribution of each variable 3) for each variable, such as the time estimate for a task, select a random value based on the probability distribution for the occurrence of the variable 4) run a deterministic analysis or one pass through the model the combination of values selected for each of the variables 5) Repeat steps 3 and 4 many times to obtain the probability distribution of the model's results

NOTE

Developing a response to risks involves developing options and defining strategies for reducing negative risks and enhancing positive risks

NOTE

Key outputs of implementing risk responses are change requests and project documents updates

NOTE

Main outputs of quantitative risk analysis are updates to project documents, such as the risk report and risk register

NOTE

Main outputs of risk response planning include updates to the project management plan and other project documents and change requests

NOTE

Overall project risk is the effect of uncertainty on the project as a while. Contents of a risk report include sources of overall risk, important drivers of overall project risk exposure, and summary information on risk events, ie) # of risks, total risk exposure, distribution across risk categories, metrics, and trends

NOTE

Some risk experts suggest that organizations and individuals should strive to find a balance between risks and opportunities in all aspects of projects and their personal lives

NOTE

The main output of qualitative risk analysis is updating the risk register

NOTE

The outputs of monitoring risks include work performance information, change requests, and updates to the project management plan, project documents, and organization process assets

NOTE

To create a decision tree, and to calculate EMV, you must estimate the probabilities or chances of certain events occurring

risk utility

amount of satisfaction or pleasure received from a potential payoff

risk (general)

an uncertainty that can have a negative or positive effect on meeting project objectives

Delphi Technique

approach to gathering information that helps prevent some of the negative group. TH basic concept is to derive a consensus among a panel of experts who make predictions about future developments -based on independent and anonymous input regarding future events

project risk management (PRM)

art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives

qualitative risk analysis

assessing the likelihood and impact of identified risks to determine their magnitude and priority

fallback pllans

developed for risks that have a high impact on meeting project objectives and are put into effect if attempts to reduce the risk do not work

decision tree

diagramming analysis technique used to help select the best course of action when future outcomes are uncertain

secondary risks

direct result of implementing a risk response

risk register

document that contains results of various risk management processes; often displayed in a table or spreadsheet format. Tool for documenting potential risk events and related information

risk management plan

document the procedures for managing risk throughout the project

interviewing

fact-finding technique for collecting information in face-to-face, phone, e-mail, or virtual discussions

management reserves

funds held for unknown risks that are used for management control purposes (not part of the cost baseline)

contingency reserves (contingency allowances)

funds included in the cost baseline that can be used to mitigate cost or schedule overruns if known risks occur

risk breakdown structure

hierarchy of potential risk categories for a project (the highest-level categories are business, technical, organizational, and project management)

triggers

indicators or symptoms of actual risk events

watch list

list of risks that have low priority but are still identified as potential risks

probability/impact matrix or chart

lists the relative probability of a risk occurring and the relative impact of the risk occurring

Goal of PRM

minimizing potential negative risks while maximizing potential positive risks

risk factors

numbers that represent the overall risk of specific events, based on their probability of occurring and the consequences to the project if they do occur

risk-seeking

person or organization prefers outcomes that are more uncertain and is often willing to pay a penalty to take risks

risk-neutral

person or organization that achieves a balance between risk and payoff

risk owner

person who will take responsibility for the risk

NOTE

positive risk management is like investing in opportunities

contingency plans

predefined actions that the project team will take if an identified risk event occurs

expected monetary value (EMV)

product of a risk event probability and the risk event's monetary value

Top Ten Risk Item Tracking

qualitative risk analysis took - identifies risks and maintains an awareness of risks throughout the life of a product by helping to monitor risks

NOTE

quantitative risk analysis often follows qualitative risk analysis, yet both processes can be done together or separately

risk events

refer to specific, uncertain events that may occur to the detriment or enhancement of the project

unknown risks

risks that have not been identified and analyzed, cannot be managed

residual risks

risks that remain after all of the response strategies have been implemented

known risks

risks that the project team has identified and analyzed

sensitivity analysis

see the effects of changing one or more variables on an outcome. Often used to make several common business decisions, such as determining break-even points based on different assumptions

Monte Carlo Analysis

simulates a model's outcome many times to provide a statistical distribution of the calculated results. Can determine that a project will finish by a certain date only 10% of the time, and determine another date for which the project will finish 50% of the time

SWOT Analysis

strength, weaknesses, opportunities, and threats. Can be used during risk identification by having project teams focus on the broad perspectives of potential risks for particular projects

brainstorming

technique by which a group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneously and without judgement

risk

the possibility of loss or injury

workarounds

unplanned responses to risk events - when they do not have contingency plans in place

risk-averse

utility rises at a decreasing rate for a risk-averse person or organization. When more payoff or money is at stake, a person or organization that is risk-averse gains less satisfaction from the risk, or has lower tolerance for the risk

Risk utility function and risk preference

y-axis: represents utility (amount of pleasure received from taking a risk) x-axis: shows the amount of potential payoff or dollar value of the opportunity at stake

5 Basic Response Strategies for Negative Risks

-risk avoidance - eliminating a specific threat, usually by eliminating its causes -risk acceptance - accepting the consequences if a risk occurs -risk transference - shifting the consequences of a risk and responsibility for its management to a third party -risk mitigation - reducing the impact of a risk event by reducing the probability of its occurrence -risk escalation - notifying a higher level authority

5 Basic Response Strategies for Positive Risks

-risk exploitation - doing whatever you can to make sure the positive risk happens -risk sharing - allocating ownership of the risk to another party -risk enhancement - changing the size of the opportunity by identifying and maximizing key drivers of the positive risk -risk acceptance - the project team does not take any actions toward a risk -risk escalation - notifying a higher level authority

NOTE

Monitoring risks involves ensuring the appropriate risk responses are performed, tracking identified risks, identifying and analyzing new risk, and evaluating the effectiveness of risk management throughout the entire project

NOTE

PRM involves understanding potential problems that might occur on the project and how they might impede project success

NOTE

Rather than treating risk management as part of the problem, we should see it as a major part of the solution

6 Processes of Risk Management

1) Planning Risk Management - deciding how to approach and plan risk management activities for the project 2) Identifying Risks - determining which risks are likely to affect a project and documenting the characteristics of each 3) Performing Qualitative Risk Analysis - prioritizing risks based on their probability of occurrence and impact 4) Performing Quantitative Risk Analysis - numerically estimating the effects of risks on project objectives 5) Planning Risk Responses - taking steps to enhance opportunities and reduce threats to meeting project objectives 6) Implementing Risk Responses - implementing risk response plans 7) Monitoring Risk - monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project