Chapter 11 - Project Risk Management
Benefits from Software Risk Management Practices
-anticipate/avoid problems -prevent surprises -improve ability to negotiate -meet customer commitments -reduce schedule slips -reduce cost overruns
Mitigation for Technical Risks
-emphasize team support and avoid stand-alone project structure -increase project manager authority -improve problem handling and communication -increase frequency of project monitoring -use WBS and CPM
Elements of a Risk Register
-identification number for each risk event -rank for each risk event -name of the risk event -category under which the risk event falls -root cause of the risk -triggers for each risk -potential responses to each risk -risk owner -probability of the risk occurring -status of the risk
Mitigation for Schedule Risks
-increase frequency of project monitoring -use WBS and CPM -select the most experienced project manager
Mitigation for Cost Risks
-increases the frequency of project monitoring -use WBS and CPM -improve communication, understanding of project goals, and team support -increase project manager authority
Broad Categories of Risks Described on Risk Questionnaires
-market risk -financial risk -technology risk -people risk -structure/process risk
Monte Carlo Analysis - Simplified Approach
1) collect the most likely, optimistic, and pessimistic estimates for the variables int eh model 2) Determine the probability distribution of each variable 3) for each variable, such as the time estimate for a task, select a random value based on the probability distribution for the occurrence of the variable 4) run a deterministic analysis or one pass through the model the combination of values selected for each of the variables 5) Repeat steps 3 and 4 many times to obtain the probability distribution of the model's results
NOTE
Developing a response to risks involves developing options and defining strategies for reducing negative risks and enhancing positive risks
NOTE
Key outputs of implementing risk responses are change requests and project documents updates
NOTE
Main outputs of quantitative risk analysis are updates to project documents, such as the risk report and risk register
NOTE
Main outputs of risk response planning include updates to the project management plan and other project documents and change requests
NOTE
Overall project risk is the effect of uncertainty on the project as a while. Contents of a risk report include sources of overall risk, important drivers of overall project risk exposure, and summary information on risk events, ie) # of risks, total risk exposure, distribution across risk categories, metrics, and trends
NOTE
Some risk experts suggest that organizations and individuals should strive to find a balance between risks and opportunities in all aspects of projects and their personal lives
NOTE
The main output of qualitative risk analysis is updating the risk register
NOTE
The outputs of monitoring risks include work performance information, change requests, and updates to the project management plan, project documents, and organization process assets
NOTE
To create a decision tree, and to calculate EMV, you must estimate the probabilities or chances of certain events occurring
risk utility
amount of satisfaction or pleasure received from a potential payoff
risk (general)
an uncertainty that can have a negative or positive effect on meeting project objectives
Delphi Technique
approach to gathering information that helps prevent some of the negative group. TH basic concept is to derive a consensus among a panel of experts who make predictions about future developments -based on independent and anonymous input regarding future events
project risk management (PRM)
art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives
qualitative risk analysis
assessing the likelihood and impact of identified risks to determine their magnitude and priority
fallback pllans
developed for risks that have a high impact on meeting project objectives and are put into effect if attempts to reduce the risk do not work
decision tree
diagramming analysis technique used to help select the best course of action when future outcomes are uncertain
secondary risks
direct result of implementing a risk response
risk register
document that contains results of various risk management processes; often displayed in a table or spreadsheet format. Tool for documenting potential risk events and related information
risk management plan
document the procedures for managing risk throughout the project
interviewing
fact-finding technique for collecting information in face-to-face, phone, e-mail, or virtual discussions
management reserves
funds held for unknown risks that are used for management control purposes (not part of the cost baseline)
contingency reserves (contingency allowances)
funds included in the cost baseline that can be used to mitigate cost or schedule overruns if known risks occur
risk breakdown structure
hierarchy of potential risk categories for a project (the highest-level categories are business, technical, organizational, and project management)
triggers
indicators or symptoms of actual risk events
watch list
list of risks that have low priority but are still identified as potential risks
probability/impact matrix or chart
lists the relative probability of a risk occurring and the relative impact of the risk occurring
Goal of PRM
minimizing potential negative risks while maximizing potential positive risks
risk factors
numbers that represent the overall risk of specific events, based on their probability of occurring and the consequences to the project if they do occur
risk-seeking
person or organization prefers outcomes that are more uncertain and is often willing to pay a penalty to take risks
risk-neutral
person or organization that achieves a balance between risk and payoff
risk owner
person who will take responsibility for the risk
NOTE
positive risk management is like investing in opportunities
contingency plans
predefined actions that the project team will take if an identified risk event occurs
expected monetary value (EMV)
product of a risk event probability and the risk event's monetary value
Top Ten Risk Item Tracking
qualitative risk analysis took - identifies risks and maintains an awareness of risks throughout the life of a product by helping to monitor risks
NOTE
quantitative risk analysis often follows qualitative risk analysis, yet both processes can be done together or separately
risk events
refer to specific, uncertain events that may occur to the detriment or enhancement of the project
unknown risks
risks that have not been identified and analyzed, cannot be managed
residual risks
risks that remain after all of the response strategies have been implemented
known risks
risks that the project team has identified and analyzed
sensitivity analysis
see the effects of changing one or more variables on an outcome. Often used to make several common business decisions, such as determining break-even points based on different assumptions
Monte Carlo Analysis
simulates a model's outcome many times to provide a statistical distribution of the calculated results. Can determine that a project will finish by a certain date only 10% of the time, and determine another date for which the project will finish 50% of the time
SWOT Analysis
strength, weaknesses, opportunities, and threats. Can be used during risk identification by having project teams focus on the broad perspectives of potential risks for particular projects
brainstorming
technique by which a group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneously and without judgement
risk
the possibility of loss or injury
workarounds
unplanned responses to risk events - when they do not have contingency plans in place
risk-averse
utility rises at a decreasing rate for a risk-averse person or organization. When more payoff or money is at stake, a person or organization that is risk-averse gains less satisfaction from the risk, or has lower tolerance for the risk
Risk utility function and risk preference
y-axis: represents utility (amount of pleasure received from taking a risk) x-axis: shows the amount of potential payoff or dollar value of the opportunity at stake
5 Basic Response Strategies for Negative Risks
-risk avoidance - eliminating a specific threat, usually by eliminating its causes -risk acceptance - accepting the consequences if a risk occurs -risk transference - shifting the consequences of a risk and responsibility for its management to a third party -risk mitigation - reducing the impact of a risk event by reducing the probability of its occurrence -risk escalation - notifying a higher level authority
5 Basic Response Strategies for Positive Risks
-risk exploitation - doing whatever you can to make sure the positive risk happens -risk sharing - allocating ownership of the risk to another party -risk enhancement - changing the size of the opportunity by identifying and maximizing key drivers of the positive risk -risk acceptance - the project team does not take any actions toward a risk -risk escalation - notifying a higher level authority
NOTE
Monitoring risks involves ensuring the appropriate risk responses are performed, tracking identified risks, identifying and analyzing new risk, and evaluating the effectiveness of risk management throughout the entire project
NOTE
PRM involves understanding potential problems that might occur on the project and how they might impede project success
NOTE
Rather than treating risk management as part of the problem, we should see it as a major part of the solution
6 Processes of Risk Management
1) Planning Risk Management - deciding how to approach and plan risk management activities for the project 2) Identifying Risks - determining which risks are likely to affect a project and documenting the characteristics of each 3) Performing Qualitative Risk Analysis - prioritizing risks based on their probability of occurrence and impact 4) Performing Quantitative Risk Analysis - numerically estimating the effects of risks on project objectives 5) Planning Risk Responses - taking steps to enhance opportunities and reduce threats to meeting project objectives 6) Implementing Risk Responses - implementing risk response plans 7) Monitoring Risk - monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project