ISDS 351 (CHAP 11: Project Risk Management)
Identifying Risks (1)
* Understanding what potential events might hurt or enhance a particular project • You cannot manage risks if you do not identify them first * Another consideration is the likelihood of advanced discovery • Often viewed at a program level rather than a project level * Suggestions for identifying risks: tools and techniques • Brainstorming • The Delphi Technique • Interviewing • SWOT analysis
Project Management processes
(1) Planning risk management: deciding how to approach and plan the risk management activities for the project • Identifying risks: determining which risks are likely to affect a project and documenting the characteristics of each • Performing qualitative risk analysis: prioritizing risks based on their probability and impact of occurrence • Performing quantitative risk analysis: numerically estimating the effects of risks on project objectives • Planning risk responses: taking steps to enhance opportunities and reduce threats to meeting project objectives • Implementing risk responses: implementing the risk response plans • Monitoring risk: monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project
Decision Trees and Expected Monetary Value (EMV)
* A decision tree is a diagramming analysis technique used to help select the best course of action in situations in which future outcomes are uncertain -Estimated monetary value (EMV) is the product of a risk event probability and the risk event's monetary value • You can draw a decision tree to help find the EMV
Sensitivity Analysis (1)
* Used to show the effects of changing one or more variables on an outcome • For example, many people use it to determine what the monthly payments for a loan will be given different interest rates or periods of the loan • Spreadsheet software, such as Microsoft Excel, is a common tool for performing sensitivity analysis
Simulation (1)
* Uses a representation or model of a system to analyze the expected behavior or performance of the system • Monte Carlo analysis simulates a model's outcome many times to provide a statistical distribution of the calculated results • Predict the probability of finishing by a certain date or the probability that the cost will be equal to or less than a certain value • You can use several different types of distribution functions when performing a Monte Carlo analysis
Considerations for Agile/Adaptive Environments
*All types of projects should share knowledge related to risks as quickly as possible and keep documents up to date • Risk is considered during each iteration for agile/adaptive projects, which does elevate its importance • Changing priorities can be addressed more easily by changing the product backlog for each iteration
Simulation (2)
*Steps of a Monte Carlo analysis • Collect the most likely, optimistic, and pessimistic estimates for the variables in the model • Determine the probability distribution of each variable • Select a random value based on the probability distribution for each variable • Run a deterministic analysis or one pass through the model • Repeat steps three and four many times to obtain the probability distribution of the model's results
Planning Risk Responses (1)
After identifying and quantifying risks, the organization must decide how to respond to them * Basic response strategies for negative risks • Risk avoidance • Risk acceptance • Risk transference • Risk mitigation • Risk escalation * Basic response strategies for positive risks • Risk exploitation • Risk sharing • Risk enhancement • Risk acceptance • Risk escalation
Identifying Risks (5)
SWOT analysis • Strengths, weaknesses, opportunities, and threats • Helps identify the broad negative and positive risks that apply to a project
Importance of Project risk management
(1) Project Management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives - Risk management is often overlooked in projects, but it can help improve project success by helping select good projects, determining project scope, and developing realistic estimates (2) Research shows a need to improve project risk management • Study by Ibbs and Kwak shows risk management has the lowest maturity rating of all knowledge areas • A similar survey was completed with software development companies in Mauritius, South Africa, and risk management also had the lowest maturity • KLCI study shows the benefits of following good software risk management practices (3)A dictionary definition of risk is "the possibility of loss or injury" • General definition of project risk: an uncertainty that can have a negative or positive effect on meeting project objectives • Managing negative risks involves a number of possible actions that project managers can take to avoid, lessen, change, or accept the potential effects of risks on their projects • Positive risk management is like investing in opportunities (5) Risk utility is the amount of satisfaction or pleasure received from a potential payoff • Utility rises at a decreasing rate for people who are risk-averse • Those who are risk-seeking have a higher tolerance for risk and their satisfaction increases when more payoff is at stake • Risk-neutral approach achieves a balance between risk and payoff
Planning Risk Management (1)
(1) The main output of this process is a risk management plan • Documents the procedures for managing risk throughout a project • The project team should review project documents as well as corporate risk management policies, risk categories, lessons-learned reports from past projects, and templates for creating a risk management plan • It is also important to review the risk tolerances of various stakeholder
Perfoming Qualitative Risk Analysis
* Assess the likelihood and impact of identified risks to determine their magnitude and priority * Risk quantification tools and techniques • Probability/impact matrixes • The Top Ten Risk Item Tracking • Expert judgment
Identifying Risks
* Brainstorming • Group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneously and without judgment • An experienced facilitator should run the brainstorming session • Be careful not to overuse or misuse brainstorming • Psychology literature shows that individuals produce a greater number of ideas working alone than they do through brainstorming in small, face-to-face groups • Group effects often inhibit idea generation
Identifying Risks (3)
* Delphi Technique • Used to derive a consensus among a panel of experts who make predictions about future developments • Provides independent and anonymous input regarding future events • Uses repeated rounds of questioning and written responses and avoids the biasing effects possible in oral methods
The Risk Register (4)
* Important output of the risk identification process • List of identified risks and other information needed to begin creating a risk register • Contains the results of various risk management processes and that is often displayed in a table or spreadsheet format • Tool for documenting potential risk events and related information • Risk events refer to specific, uncertain events that may occur to the detriment or enhancement of the project
Identifying Risks (4)
* Interviewing • Fact-finding technique for collecting information in face-to-face, phone, e-mail, or virtual discussions • Interviewing people with similar project experience is an important tool for identifying potential risks
Monitoring Risks
* Involves ensuring the appropriate risk responses are performed, tracking identified risks, identifying and analyzing new risk, and evaluating effectiveness of risk management throughout the entire project: • Project risk management does not stop with the initial risk analysis * Carrying out individual risk management plans involves monitoring risks based on defined milestones and making decisions regarding risks and their response strategies • Project teams sometimes use workarounds—unplanned responses to risk events—when they do not have contingency plans in place
Planning Risk Responses
* It's also important to identify residual and secondary risks • Residual risks: risks that remain after all of the response strategies have been implemented • Secondary risks: direct result of implementing a risk response
Implementing Risk Responses
* Main executing process performed as part of project risk management is implementing risk responses • Key outputs: • Change requests • Project documents updates
Performing Quantitative Risk Analysis
* Often follows qualitative risk analysis, but both can be done together • Large, complex projects involving leading edge technologies often require extensive quantitative risk analysis * Main techniques • Decision tree analysis • Simulation • Sensitivity analysis
The risk register (2)
* Risk register contents • Identification number for each risk event • Rank for each risk event • Name of each risk event • Description of each risk event • Category under which each risk event falls • Root cause of each risk • Triggers for each risk; indicators or symptoms of actual risk events • Potential responses to each risk • Risk owner or person who will own or take responsibility for each risk • Probability and impact of each risk occurring • Status of each risk
Using Software to Assist in Project Risk Management
* Risk registers can be created in a simple Microsoft Word or Excel file or as part of a sophisticated database: • More sophisticated risk management software, such as Monte Carlo simulation tools, help develop models and use simulations to analyze and respond to various risks
Risk Register (4)
* Risk report contents • Sources of overall project risk • Important drivers of overall project risk exposure • Summary information on risk events
Common Sources of Risk on IT projects (1)
* Several studies show that IT projects share some common sources of risk • The Standish Group developed an IT success potential scoring sheet based on potential risks * Other broad categories of risk help identify potential risks • Market risk • Financial risk • Technology risk • People risk • Structure/process risk * A risk breakdown structure is a hierarchy of potential risk categories for a project
Project Risk Management (3)
1. Methodology: How will risk management be performed on this project? What tools and data sources are available and applicable? 2. Roles and responsibilities: Which people are responsible for implementing specific tasks and providing deliverables related to risk management? 3. Budget and schedule:What are the estimated costs and schedules for performing risk-related activities? 4. Risk Categories: What are the main categories of risks that should be addressed on this project? Is there a risk breakdown structure for the project? 5. Risk probability and impact: How will the probabilities and impacts of risk items be assessed? What scoring and interpretation methods will be used for the qualitative and quantitative analysis of risks? How will the probability and impact matrix be developed? 6. Revised stakeholders' tolerances: Have stakeholders' tolerances for risk changed? How will those changes affect the project? 7. Tracking: How will the team track risk management activities? How will lessons learned be documented and shared? How will risk management processes be audited? 8. Risk documentation: What reporting formats and processes will be used for risk management activities?
Project Risk Management (2)
Additional Plans • Contingency plans: predefined actions that the project team will take if an identified risk event occurs • Fallback plans: developed for risks that have a high impact on meeting project objectives, and are put into effect if attempts to reduce the risk are not effective • Contingency reserves or allowances: funds included in the cost baseline that can be used to mitigate cost or schedule overruns if known risks occur • Management reserves: funds held for unknown risks that are used for management control purposes
