ISDS 351

Project Risk Management - DEF - Positive aspects of Project risk management - Goes unnoticed - Little progress has been made - Before improving risks...

- Art and science of Identifying, analyzing, and responding to risks throughout the life of a project and in the best interests of meeting the objectives of the project - Selecting projects, determining scope, and developing realistic schedules and cost estimates - Usually goes unnoticed unlike crisis management where it receives intense interest, though risk management leads to fewer problems in the future, leading more to expeditious resolutions - While studies indicate that organizations do put less attention to risks, they don't really do much to improve the progress - Must understand what risk is (It will be stated in the next slide)

Performing Qualitative Risk Analysis - It involves... (2 things) 1) Probability/Impact matrix or chart - Separate chart for negative risks 2) Top Ten Risk Item Tracking - Establishing... - It includes 4 things - Watch lists DEF - Qualitative Analysis Should...

- Assessing the likelihood and impact of the identified risks to determine their magnitude and priority 1) Lists the relative probability of the risk occurring and the impact of the risk occurring (Seeing what risks need more attention than others) - So that both risks can be adequately addressed 2) Qualitative risk analysis tool that helps identify risks and maintain awareness of risks throughout the projects life cycle - Periodic review of the project's most significant risk items with management - Includes the current ranking, previous ranking, number of times the risk appears on the list over a period of time, and a summary of progress made in resolving the risk item - list of risks that are low priority, but are still identified as potential risks - Identify risks that should be evaluated quantitatively

Common sources of Risk in IT Projects - User Involvement 1) Market Risk 2) Financial Risk 3) Technology Risk 4) people Risk 5) Structure Risk Risk Breakdown Structure - DEF (KEY: Hierarchy of)

- Cited as being the most important criteria for successful projects 1) If an IT project creates a new product, is it for the organization or for the outsiders/ will they use it/ will someone create something better... 2) Can the organization undertake this project, confidence of stakeholders in financial projections, can the organization afford to continue 3) Is it technologically feasible, will hardware function properly, is the tech obsolete 4) Do we have people that have appropriate skills, Proper managerial and people skills, can we find people with such skillsets... 5) Should we do new changes to the organization's structures and procedures, how many systems does the new project need - A hierarchy of potential risks categories in a project (Help managers consider potential risks in different categories)

- Risk Appetite DEF - Risk Tolerance DEF

- Degree of uncertainty that an entity is willing to take in an expectation of a reward - The maximum acceptable deviation an entity is willing to accept on a project or business objectives as the potential impact

- Risk Register (Tool to...) - Risk Events () - Risk Owner - Risk Factors

- Document that contains results of various risk management processes; often on a table or spreadsheet (Tool for documenting potential risks events and related information) - Specific, uncertain events that may occur to the detriment or enhancement of a project - Person who will take responsibility for the risk - Number that represents the overall risk of specific events based on their probability of occurring and the consequences to the project if they do occur

Risk Management Plan - DEF (Summarizes how...) - Meetings 1) Contingency Plans 2) Fallback plan 3) Contingency Reserves (Contingency Allowances) 4) Management Reserves

- Documents procedures for managing risk throughout the project (Summarizes how risk management will be performed on a particular project) - Teams should have several planning meetings early in the project's life to review project documents, risk management policies, risk categories, lessons learned...and more 1) Predefined actions that the project team will take if identified risk event occurs 2) Developed for risks that have a high impact on meeting project objectives and put into effect if attempts to reduce the risk do not work 3) Funds included in the cost baseline to mitigate cost or schedule overruns if the known risk occurs 4) Funds held for unknown risks that are used for management control purposes (Not part of the cost baseline, but part of the budget and funding requirements)

Identifying Risks - Find them early/late stages - Advance discovery Suggestions for Identifying Risks 0 Project teams often begin by... (3 things) 1) Brainstorming - Who should run them 2) Delphi Technique (Fixing negative techniques from brainstorming)\ - Provides 2 things - Repeated rounds of... 3) Interviewing 4) SWOT Analysis

- Find/ identify them in the early stages of the project, but also consider the changing environment as another place to see for risks - It is also good to find risks in advance/ early warnings 0 Looking at recent/ historical data, project documentation, assumptions that might affect the project 1) Technique where a group attempts to generate ideas or find solutions for a specific problem by amassing ideas spontaneously and without judgment - Experienced facilitator should run and group ideas into created categories 2) Derive consensus among a panel of experts who make predictions about future developments - Independent and anonymous input regarding future events - Questioning and written responses to avoid pannel biasing in deliberations 3) Fact-finding techniques together information in either face-to-face, phone, email, or virtual discussions with people with similar project experiences. (Though you can have people that are not experts in the subject) 4) Have groups focus on the broad perspectives of potential risks for particular projects.

Project Risk ("The possibility of loss or injury") - DEF: - Project Risk management takes on project risk - Managing risks (4 occurences that can happen) - Costs of Risk Management - Balance between

- It is the uncertainty that can have a negative or positive effect on meeting the objectives of the project - It involves understanding what potential problems may occur and how they might impede the success of the project - It involves a lot of possible actions that project managers can take to avoid, lessen, change, or accept the potential effects of risks - This is an investment that costs money; depending on the size of the project it differs in costs ( Cost for risk management should not exceed potential benefits ) - There should be a balance between risk and opportunity

Performing Quantitative Risk Analysis - Quantitative vs Qualitative - Large, complex projects... 1) Decisions Tree 2) Expected Monetary Value 3) Simulation - Monte Carlo Analysis 4) Sensitivity Analysis - Used for makings - Most commonly used Software

- Quantitative often follows qualitative risk analysis, but both can be done together - Large, complex projects involving leading-edge technologies often require extensive quantitative risk analysis 1) A diagramming analysis technique used to help select the best course of action when future outcomes are uncertain 2) Product of risk event probability and risk event's monetary value 3) Uses a representation or model of a system to analyze a expected behavior or performance - Simulates model's outcomes many times to provide a statistical distribution of the caluculated results 4) The effects of changing one or more variables in an outcomes - Several business decisions, like break-even points or analysis - Microsoft Excel Spreadsheets

- Risk Utility - Risk-Averse - Risk-Neutral - Risk-seeking - Known Risks - Unknown Risks

- The amount of satisfaction or pleasure received from a potential payoff - When more of a payoff or money is at stake, less satisfaction from risk and a low tolerance for risk - Achieve a balance between risk and payoff - Higher tolerance of risk, satisfaction increase when more payoff is at stake (Outcomes that are more uncertain/ pay penalty for risks) - Describe risks that have been identified and analyzed - Risks that have not been identified and analyzed

Processes Involved in Risk Management 1) Planning Risk Management 2)

1) Deciding how to approach and plan risk management activities

Planning Risk Responses 4 Basic response strategies for negative risks 1) Risk Avoidance 2) Risk Acceptance 3) Risk Transference 4) Risk Mitigation 4 Basic Response Strategies for Positive Risks 1) Risk Exploitation 2) Risk Sharing 3) Risk Enhancement 4) Risk Acceptance

1) Eliminating a specific threat, usually by eliminating its causes. 2) Accepting the consequences if a risk occurs 3) Shifting the consequence of risk and responsibility for its management to a third party. 4) Reduce the impact of the risk event by reducing the probability of its occurrence 1) Doing whatever you can to make sure the positive risk happens 2) Allocating ownership of risk to other people 3) Changing the size of the opportunity by identifying and maximizing key drivers of the positive risk 4) When the project team does not take any actions toward the risk