#10. Risk Management 2008.09.01

Project Risk Management
Rajesh Dhake
PDF created with pdfFactory trial version www.pdffactory.com
What is Project Success?

Project success occurs when we have:
I
Objectives
The 'Golden Triangle' of Project Success
I I I
A delighted client (expectations met) Delivered the agreed objectives Met an agreed budget - $, resources etc. Within an agreed time frame and
Done it all professionally & without killing the team
Time
Cost
Rajesh Dhake
Why Do Projects Fail?

Changing scope Insufficient planning No risk or issues management Poor communication Lack of commitment and responsibility by stakeholders
Rajesh Dhake
Why Should We Care?

To Increase the likelihood that projects will : be done on time and within budget meet peoples expectations be done well
Rajesh Dhake
Project Management Process
Tracking & Control
Initiation
Complete Planning Reporting Assess

&
Review
Initiation Plan
Detailed Plan
Status Report
Post Project Review Report Rajesh Dhake
Objective There are things we know we know. We also know there are known unknowns, that is to say we know there are some things we do not know. But there are also unknown unknowns the ones we dont know we dont know.
Provide you with an overview of the main concepts of Risk Management
Rajesh Dhake
Definition of Risk
It is impossible for risks not to be present. Risks are always there in life: crossing the street paying for items by credit card deciding on who to hire deciding which priority is higher proposing a new idea/project investing $50,000,000 in a new facility
Rajesh Dhake
Definition of Risk Definition Risk is an uncertain outcome Any threat that, if it occurs, may prevent the projects objectives from being achieved in whole, or in part. Meaning Risk does not represents only negative events sometimes the impact can be positive and sometimes negative
Rajesh Dhake
Risk
Cannot be eliminated but must be managed and resolved Three steps for risk management:
identify the risks assess the likelihood of occurrence and impact develop risk management plans
Rajesh Dhake
What is Risk?
Risk
is characterised by Uncertainty is characterised by Loss is defined by
Probability Impact Timing
Expectations is valued by Stakeholder
Objectives
Risk = Probability x Impact

Rajesh Dhake
What is Project Risk?

An event that, if it occurs, causes either a positive or negative impact on a project Keys attributes of Risk Uncertainty Positive and Negative Cause and Consequence Known v Unknown Risks Risk Reward Analysis
Rajesh Dhake
Risk Associated with Projects
A risk is a probability that some adverse circumstance will occur

Project risks affect schedule or resources; Product risks affect the quality or performance of the software being developed; Business risks affect the organisation developing or procuring the software.
Rajesh Dhake
Definition of Risk Management

Definition: The art of assessing and managing risks to ensure that the objective is accomplished within established tolerance levels It is concerned with identifying risks and drawing up plans to minimise their effect on a project thereby reducing threats. Meaning: Risks that arent known cant be managed Risks are managed by recognizing them, mitigating, reducing and monitoring them Risk tolerance is how much variation in outcome we can accept (financial, time, outcome etc)
Rajesh Dhake
What is Project Risk Management?

PMBOK Definition The systematic process of identifying, analyzing, and responding to project risk Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives.
Rajesh Dhake
Problems & Risks

Problems Exist Today Current Effect of Past Decisions Past Risks Potential Problems Future Effect of Current Decisions Present Problem
Decisions Decisions
Rajesh Dhake
Future
Risk
Benefits of Risk Management Completion of project within specified time, specified quality Realistic costing Proper allocations of resources Higher probability of meeting targets Full awareness of potential hazards for everyone Informed go/no-go decisions
Rajesh Dhake
Downsides of Risk Management

Can take extra time to do Can be seen as pessimistic Ensuring that the risk management activities are appropriate to the nature and scale of the activities is key Effective risk communication is vital
Rajesh Dhake
Risk Management Process
Rajesh Dhake
Risk Management Planning

Plan for the Planning Risk planning should be appropriate for the project Question you should ask: 1. How risky is the project? 2. Is it a new technology or something your organization is familiar with? 3. Do you have past projects to reference? 4. What is the visibility of the project? 5. How big is the project? Rajesh Dhake 6. How important is the project?
The Risk Management Plan

What should it include? How you will identify, quantify or qualify risk Methods and tools Budgetyes budget Who is doing what How often When a risk is really a risk Reporting requirements Monitoring, tracking and documenting Rajesh Dhake strategies
Risk Management Process

1. Risk identification Identify project, product and business risks 2. Risk analysis Assess the likelihood and consequences of risks 3. Risk planning Draw up plans to avoid/minimise risk effects 4. Risk monitoring Monitor the risks throughout the project
Risk identification
Risk analysis
Risk planning
Risk monitoring
List of potential risks
Prioritised risk list
Risk avoidance and contingency plans
Risk assessment
Rajesh Dhake
Risk Management Process Overview

Risk Identification Risk Monitoring PROJECT Risk Analysis
Risk Risk Risk PlanningReduction Mitigation

Rajesh Dhake
1. Risk Identification
PROJECT Risk Identification
Rajesh Dhake
Objective: To identify all the things that could potentially go wrong (or right)
Rajesh Dhake
Continuous, Iterative Process What is it and what does it look like The sooner the better The more the merrier A fact is not a risk Be specific Dont try to do everything at once
Rajesh Dhake
Examples of Risks
Risk Staff turnover Description Experienced staff will leave the project before it is finished. Management There will be a change of change organisational management with different priorities. Equipment Equipment that is essential for the unavailability project will not be delivered on schedule. Requirements There will be a larger number of change changes to the requirements than anticipated. Rajesh Dhake
Examples of Risks
Risk Specification delays Size underestimate Technology change Product competition Description Specifications for various parameters are not available on schedule The size of the project has been underestimated. The underlying technology on which the project is built is superseded by new technology. A competitive product is marketed before the project is completed.
Rajesh Dhake
Risk Factors
Risk type Technology People Organisational Tools Potential indicators Late delivery of hardware or support software, many reported technology problems Poor staff morale, poor relationships amongst team member, job availability organisational gossip, lack of action by senior management reluctance by team members to use tools, complaints about CASE tools, demands for higher-powered workstations many requirements change requests, customer complaints failure to meet agreed schedule, failure to clear reported defects
Requirements Estimation
Rajesh Dhake
1. Risk Identification Techniques

Brainstorming Checklists Interviewing SWOT Analysis Delphi Technique Diagramming Techniques Cause & effect Ishikawa or Fishbone Flow Charts Influence Diagrams
Rajesh Dhake
Best to identify all the possible risks: Reject potential risks only after the analysis - do not apply materiality at this stage. Involve as many people as possible: No one person can fully understand every aspect of the project well enough to identify all the risks alone. Pessimists make good risk identifiers Identification of risks should never be considered to be complete: Risks will become apparent later in the process and during operations and should be included! Rajesh Dhake
Business Risk Areas

External Issues Management
Relationships Business Risks Compliance Performance
Commercial/Financial
Resources
Rajesh Dhake
Critical Path
Rajesh Dhake
Consider all your stakeholders: Project Owner Contractor Suppliers Government Employees Good questions to ask: what can go wrong? what if . ? does it matter?
Rajesh Dhake
2. Risk Analysis
PROJECT Risk Analysis
Rajesh Dhake
2. Risk Analysis
Assess probability and seriousness of each risk Probability may be very low low moderate high very high Risk effects might be catastrophic serious tolerable insignificant
Rajesh Dhake
2. Risk Analysis
Risk Organisational financial problems force reductions in the project budget. It is impossible to recruit staff with the skills required for the project. Key staff is ill at critical times in the project. Changes to requirements which require major design rework are proposed. The organisation is restructured so that different management are responsible for the project. The database used in the system cannot process as many transactions per second as expected. The time required to develop the software is underestimated. Customers fail to understand the impact of requirements changes. Required training for staff is not available. The rate of defect repair is underestimated. The size of the project is underestimated.
Probability Low High Moderate Moderate High
Effects Catastrophic Catastrophic Serious Serious Serious
Moderate
Serious
High Moderate Moderate Moderate High
Serious Tolerable Tolerable Tolerable Tolerable Rajesh Dhake
Sample Risk Register/Risk Analysis

No. Rank Risk Description Categor y Root Caus e Triggers Potential Respons es Risk Owne r Probability Impac t Severity Statu s
R44
R21
R7
Project severity = expectation (1-10) * impact (1-10) When should risk analysis be formed? Is not a time activity Periodic update and reviewed
Rajesh Dhake 37
Sample Risk Register/Risk Analysis
Calculating Severity
Problem
Staff availability Late delivery of equipment Communication and Networks problem
Expectation 6 5 5
Impact 5 8 5
Severity 30 40 25
Project severity = expectation (1-10) * impact (1-10) Rajesh Dhake 38

2. Analyzing Risk - Qualitative

Subjective Educated Guess High, Medium, Low Red, Yellow, Green 1-10 Prioritized/Ranked list of ALL identified risks First step in risk analysis!
Rajesh Dhake
Qualitative Risk Analysis Tools
Rajesh Dhake
Qualitative Risk Analysis Tools

Assess the likelihood and impact of identified risks to determine their magnitude and priority. Risk quantification tools and techniques include: 1. Probability/impact matrixes 2. The Top Ten Risk Item Tracking 3. Expert judgment
Rajesh Dhake 41
1. Probability/Impact Matrix
A probability/impact matrix or chart lists the relative probability of a risk occurring on one side of a matrix or axis on a chart and the relative impact of the risk occurring on the other. List the risks and then label each one as high, medium, or low in terms of its probability of occurrence and its impact if it did occur. Can also calculate risk factors: Numbers that represent the overall risk of specific events based on their probability of occurring and the consequences to the project if they do occur. Rajesh Dhake
42
Sample Probability/Impact Matrix
Rajesh Dhake 43
Sample Probability/Impact Matrix for Qualitative Risk Assessment
Rajesh Dhake 44
Chart Showing High-, Medium-, and Low-Risk Technologies
Rajesh Dhake 45
2. Top Ten Risk Item Tracking

Top Ten Risk Item Tracking is a qualitative risk analysis tool that helps to identify risks and maintain an awareness of risks throughout the life of a project. Establish a periodic review of the top ten project risk items. List the current ranking, previous ranking, number of times the risk appears on the list over a period of time, and a summary of progress made in resolving the risk item.
Rajesh Dhake 46
Example of Top Ten Risk Item Tracking

Monthly Ranking Risk Item Inadequate planning Poor definition of scope Absence of leadership This Month 1 2 Last Month 2 3 Number Risk Resolution of Months Progress 4 3 Working on revising the entire project plan Holding meetings with project customer and sponsor to clarify scope Just assigned a new project manager to lead the project after old one quit Revising cost estimates Revising schedule estimates
Poor cost estimates Poor time estimates
4 5
4 5
3 3
Rajesh Dhake 47
3. Expert Judgment
Many organizations rely on the intuitive feelings and past experience of experts to help identify potential project risks. Experts can categorize risks as high, medium, or low with or without more sophisticated techniques. Can also help create and monitor a watch list, a list of risks that are low priority, but are still identified as potential risks.
Rajesh Dhake 48
2. Risk Analysis - Quantitative

Numerical/Statistical Analysis Determines probability of occurrence and consequences of risks Should be focused to highest risks as determine by Qualitative Risk Analysis and Risk Threshold
Rajesh Dhake
Quantitative Risk Analysis Tools
Rajesh Dhake
Quantitative Risk Analysis Tools

Often follows qualitative risk analysis, but both can be done together. Large, complex projects involving leading edge technologies often require extensive quantitative risk analysis. Main techniques include: 1. Decision tree analysis 2. Sensitivity analysis 3. Simulation
Rajesh Dhake 51
1. Decision Trees and Expected Monetary Value (EMV) A decision tree is a diagramming analysis technique used to help select the best course of action in situations in which future outcomes are uncertain. Estimated monetary value (EMV) is the product of a risk event probability and the risk events monetary value. You can draw a decision tree to help find the EMV.
Rajesh Dhake 52
Expected Monetary Value (EMV) Example
Rajesh Dhake 53
Probability & Impact Analysis

Risk Probability Impact Expected Value
1 2 3
25% 50% 30%
$45,000 $2,000 $100,000
$11,250 $1,000 $30,000
Risk Assessment Methods and Tools; can perform analysis or review output from analysis; or consultation on: - FMEA, Fault Tree Analysis, Probabilistic Risk Assessment - Tools: SHAPHIRE and RELEX (Receive/coordinate training)
Latest Techniques FMEA, FTA & PRA

Rajesh Dhake
Decision Tree Analysis

Decision Definition Decision Node Cost of the Decision Chance Node Probability Impact Prob x Impact Net Impact Cost + Total EV
Early 10% Develop In House ($20,000) On Time 20% Delayed 70% Develop In House or Contract? Early 10% Contract ($30,000) On Time 70% Delayed 20%
$1,500 +$15,000 $0 $0 ($14,000) -$20,000 TOTAL ($12,500) ($32,500)
$1,500 +$15,000 $0 $0 ($3,000) -$15000 TOTAL ($1,500) ($31,500)
Rajesh Dhake
2. Sensitivity Analysis
Sensitivity analysis is a technique used to show the effects of changing one or more variables on an outcome. For example, many people use it to determine what the monthly payments for a loan will be given different interest rates or periods of the loan, or for determining break-even points based on different assumptions. Spreadsheet software, such as Excel, is a common tool for performing sensitivity analysis.
Rajesh Dhake 56
Figure 11-8. Sample Sensitivity Analysis for Determining Break-Even Point
Rajesh Dhake 57
3. Simulation to Assess Risk
Rajesh Dhake
3. Risk Planning
PROJECT Risk Planning
Rajesh Dhake
Risk Planning
Consider each risk and develop a strategy to manage that risk Avoidance strategies The probability that the risk will arise is reduced Minimisation strategies The impact of the risk on the project or product will be reduced Contingency plans If the risk arises, contingency plans are plans to deal with that risk Rajesh Dhake
Risk Planning Strategies

Risk Organisational financial problems Recruitment problems Staff illness Defective components Requirements changes Organisational restructuring Database performance Underestimated development time Strategy Prepare a briefing document for senior management showing how the project is making a very important contribution to the goals of the business. Alert customer of potential difficulties and the possibility of delays, investigate buying-in components. Reorganise team so that there is more overlap of work and people therefore understand each others jobs. Replace potentially defective components with bought-in components of known reliability. Derive traceability information to assess requirements change impact, maximise information hiding in the design. Prepare a briefing document for senior management showing how the project is making a very important contribution to the goals of the business. Investigate the possibility of buying a higher-performance database. Investigate buying in components, investigate use of a program generator.
Rajesh Dhake
Risk Planning
What are we going to do about it? Techniques/Strategies:
Avoidance Eliminate it Transference Pawn it off Mitigation Reduce probability or impact of it Acceptance Do nothing
Strategy should be commensurate with risk
Hint: Dont spend more money preventing the risk than the impact of the risk would be if it occurs J
The Risk Response Plan/Risk Response Register
Rajesh Dhake
Risk Response Planning

After identifying and quantifying risks, you must decide how to respond to them. Four main response strategies for negative risks: Risk avoidance Risk acceptance Risk transference Risk mitigation
Rajesh Dhake 63
General Risk Mitigation Strategies for Technical, Cost, and Schedule Risks
Rajesh Dhake 64
Response Strategies for Positive Risks

Risk exploitation Risk sharing Risk enhancement Risk acceptance
Rajesh Dhake 65
Residual and Secondary Risks

Its also important to identify residual and secondary risks. Residual risks are risks that remain after all of the response strategies have been implemented. Secondary risks are a direct result of implementing a risk response.
Rajesh Dhake 66
Media Snapshot
A highly publicized example of a risk response to corporate financial scandals, such as those affecting Enron, Arthur Andersen, and WorldCom, was legal action. The Sarbanes-Oxley Act of 2002 is considered the most significant change to federal securities laws in the United States since the New Deal. This Act has caused many organizations to initiate projects and other actions to avoid litigation.*
*Iosub, John C., What the Sarbanes-Oxley Act Means for IT Managers, TechRepublic, (March 19, 2003) (http://techrepublic.com.com/5100-6313-5034345.html). Rajesh Dhake 67
3.1 Risk Reduction
PROJECT 3.1 Risk Reduction
Rajesh Dhake
3.1 Risk Reduction Definition: reducing the probability that an event will occur
Rajesh Dhake
3.1 Risk Reduction What can be done to prevent a risk from occurring? contracts in place outlining the scope of work and expectations of each side indemnification clauses meeting minutes engineering controls Risk is seldom eliminated entirely. It is typically reduced or transferred.
Rajesh Dhake
3.1 Risk Reduction When to Transfer Risks Risks are rarely eliminated. Instead they are transferred between parties. Key points to remember: Everyone is trying to manage risk to some, this means they must minimize the risks they accept. Risks should be held by the people best positioned to manage them.
Rajesh Dhake
3.1 Risk Reduction How to Transfer Risks Contractually Legally waivers pure regulatory requirements
Rajesh Dhake
3.1 Risk Reduction -- How to do it?

look both ways before crossing the street obtain written contracts with contractors conducting background checks on prospective employees visit a current user of new equipment before deciding what to buy
Rajesh Dhake
Group Exercise
For 3 of the Risks associated with Homecoming weekend, identify risk reduction measures
industrial visit family picnic trek
Rajesh Dhake
3.2 Risk Mitigation
PROJECT 3.2 Risk Mitigation
Rajesh Dhake
3.2 Risk Mitigation Definition: Reducing the impact of an event once its occurred
Rajesh Dhake
3.2 Risk Mitigation

So its happened. Now what? Risk financing: must be put in place before the event typically insurance but could include options/hedges, funded reserves, unfunded reserves, lines of credit Back up plans: move events inside if it rains hire additional staff to meet surge demand
Rajesh Dhake
3.2 Risk Mitigation -How to do it? Insurance Temporary staff to meet surge demands Storing back up tapes off-site Emergency Response Plans/Business Continuity Plans
Rajesh Dhake
Group Exercise
For the same 3 risks associated with earlier identify risk mitigation measures
industrial visit family picnic trek
Rajesh Dhake
Insurance
Insurance has a limited role. Insurance is good when: large numbers of similar events can be insured premiums can be established based on logic/experience premiums are commercially feasible Cases when insurance is not useful: delays in projects (ERP etc) regulatory fines or jail time loss of a blackberry when things go right! Dont forget all insurance has specified limits!
Rajesh Dhake
Risk Reduction vs Risk Mitigation

Risk reduction is much more important than risk mitigation Would you rather install a baby gate at the top of a flight of stairs or put pillows on the stairs to make the babys landing softer Risk financing is often expensive
Rajesh Dhake
4. Risk Monitoring
PROJECT Risk Monitoring
Rajesh Dhake
4. Risk Monitoring
Definition: Ensuring that the risk identification, risk reduction and risk mitigation activities are effective
Rajesh Dhake
4. Risk Monitoring
Assess each identified risks regularly to decide whether or not it is becoming less or more probable Also assess whether the effects of the risk have changed Each key risk should be discussed at management progress meetings
Rajesh Dhake
Risk Monitoring & Control

Continuous, Iterative Process If done right, the risk should NEVER occur Someone IS responsible Watch for risk triggers CommunicateCommunicateCommunic ate Take corrective action - Execute Re-evaluate and look for new risk constantly Tools: Risk Reviews Rajesh Dhake Risk Audits
4. Risk Monitoring
Learning from the past to influence the future Key questions to ask: what hasnt gone ideally? what went unexpectedly right? what went wrong that I didnt predict? when things went wrong did we have a plan? was the plan realistic and implementable? did everyone know what they needed to? did they know it when they needed to?
Rajesh Dhake
Risk Monitoring and Control

Involves executing the risk management process to respond to risk events. Workarounds are unplanned responses to risk events that must be done when there are no contingency plans. Main outputs of risk monitoring and control are: Requested changes. Recommended corrective and preventive actions. Updates to the risk register, project management plan, and organizational process assets. Rajesh Dhake 87
4. Risk Monitoring -How to do it

Management review meetings Loss history Accident/incident reports Supervisors comments Risk registers to communicate risks
THEN START OVER AGAIN!!!!
Rajesh Dhake
4. Risk Monitoring Risk Evaluation

Evaluations can be Qualitative or Quantitative Quantitative Evaluation of Risks determine the characteristics of the loss determine the maximum, minimum losses conduct a Monte Carlo analysis to determine the Most Probable Number Repeat for all risks on the project Qualitative Evaluation of Risks Risk = probability * impact Probability on a five point 1-5 scale Impact on a five point 1-25 scale Rajesh Dhake
4. Risk Monitoring Probability

Probability
Descriptor
Very Low Low Medium High Very High
Scenario
Not Expected to Occur Small Likelihood Occurs quite often Common Occurrence Very Frequent
Probability
<1% 1-20% 21-49% 50-85% >85%
Score
1 2 3 4 5
Rajesh Dhake
4. Risk Monitoring Impact

IMPACT
Descriptor
Negligible
Financial
0-$49,999
Regulatory
Not regulated
Injury
Environmental
Reputational
negative internal impact, short term
Operational
Disrupts single lab operation, but normal functions able to resume quickly Disrupts operation of a floor, but normal functions able to resume quickly; or disrupts operations of a single lab for longer periods Disrupts operation of a bldg but normal operations resume quickly; disrupts operations of a floor; extensive renovations to a lab Disrupts more than one bldg, not resume quickly; disrupts one bldg for longer period
Score
5
no injury or illness No Impact, internal or possible external
Marginal
$50,000-$249,999
non-compliance with Standard/Guidelines
first aid
Minor or localized internal negative internal impact and internal clean impact, long term up crew
10
Substantial
$250,000-$999,999 non-compliance with Internal Policy
minor injury possible
Minor or localized external impact and internal clean up crew
negative external impact, short term
15
Severe
$1,000,000$3,000,000
potential violation of Act critical injury / Regulation possible
Serious external impact negative external and external cleanup impact, long term crew, required notification to authorities Significant external significant negative impact requires external external impact, long crew & has long lasting term impact requiring authority and community notification
20
Disastrous
<$3,000,000
potential violation of external Permits / Certificates / Licences
fatal injury possible
wide scale disruption of more than one bldg for longer periods, major disruption to a bldg requiring major renovations
25
Rajesh Dhake
4. Risk Monitoring Risk Scoring System
Probability
VLO LO MED HI VHI
Impact
Im pa ct
Disastrous Severe Substantial Marginal Negligible
5 5 5 5 5
4 4 4 5 5
3 3 3 4 4
2 2 3 3 3
1 1 1 1 1
Risk Categories
1 Critical 2 Severe 3 Significant 4 Minor 5 Possible Concern
Rajesh Dhake
Risk Tolerance
What risks are acceptable risks? Risk tolerance statements are a subject of much discussion with the Board of Governors Typical statements include: 10% of faculty/service budget or $1,000,000 (whichever is lower) carrying weapons conducting human stem cell research
There is no absolute right answer on what is an acceptable risk until hindsight is used
Rajesh Dhake
Implementation Risk Management A well thought out, well documented risk management plan is a piece of paper. It is not worth more than that unless the planned risk reduction and risk mitigation measures are implemented. Typically the weakest point in implementation is communications. It is recommended that a Champion be identified for each risk, including ensuring the risk reduction and risk Rajesh mitigation measures are implemented. Dhake
Using Software to Assist in Project Risk Management Risk registers can be created in a simple Word or Excel file or as part of a database. More sophisticated risk management software, such as Monte Carlo simulation tools, help in analyzing project risks. The PMI Risk Specific Interest Groups Web site at www.risksig.com has a detailed list of software products to assist in risk management.
Rajesh Dhake 95
Timing of Risk Management

Concept 5% Planning 20% Execution/Control 60% Closing 15%
Effort
Effort/Cost expended Impact of the risk Ability to influence the risk
Time
Rajesh Dhake
Exercise
For your typical projects: identify three risks identify two risk reduction measures for each risk identify two risk mitigation measures for each risk rank the risks
Rajesh Dhake
Results of Good Project Risk Management Unlike crisis management, good project risk management often goes unnoticed. Well-run projects appear to be almost effortless, but a lot of work goes into running a project well. Project managers should strive to make their jobs look easy to reflect the results of well-run projects.
Rajesh Dhake 98
Summary
Risk is everywhere Risk cannot be totally eliminated Risks can not be managed unless they are identified Risk reduction is more important than risk mitigation Risk management isnt scary!
RISK
Rajesh Dhake
Conclusion
The future is not necessarily less predictable than the past. The past was not predictable when it started.
Rajesh Dhake
Rajesh Dhake
Risks & Risk Types

Risk type Technology Possible risks The database used in the system cannot process as many transactions per second as expected. Software components that should be reused contain defects that limit their functionality. It is impossible to recruit staff with the skills required. Key staff are ill and unavailable at critical times. Required training for staff is not available.
People
Organisational The organisation is restructured so that different management are responsible for the project. Organisational financial problems force reductions in the project budget. Requirements Changes to requirements that require major design rework are proposed. Customers fail to understand the impact of requirements changes. The time required to develop the software is underestimated. The rate of defect repair is underestimated. Rajesh Dhake The size of the software is underestimated.
Estimation
Risk analysis
Assess probability and seriousness of each risk. Probability may be very low, low, moderate, high or very high. Risk effects might be catastrophic, serious, tolerable or insignificant.
Rajesh Dhake
Risk analysis (i)
Risk Organisational financial problems force reductions in the project budge t. It is impossible to recruit staff with the skills required for the project. Key staff are ill at critical times in the project. Software components that should be reused contain defects which limit their functionality. Changes to requirements that require major design rework are proposed. The organisation is restructured so that different management are responsible for the project.
Probability Low High Moderate Moderate Moderate High
Effects Catastrophic Catastrophic Serious Serious Serious Serious
Rajesh Dhake
Risk analysis (ii)
Risk The database used in the system cannot process as many transactions per second as expec ted. The time required to develop the software is underestimated. CASE tools cannot be integrated. Customers fail to understand the impact of requirements changes. Required training for staff is not available. The rate of defect repair is underestimated. The size of the software is underestimated. The code generated by CASE tools is inefficient.
Probability Moderate High High Moderate Moderate Moderate High Moderate
Effects Serious Serious Tolerable Tolerable Tolerable Tolerable Tolerable Insignificant
Rajesh Dhake
Risk planning
Consider each risk and develop a strategy to manage that risk. Avoidance strategies The probability that the risk will arise is reduced; Minimisation strategies The impact of the risk on the project or product will be reduced; Contingency plans If the risk arises, contingency plans are plans to deal with that risk;
Rajesh Dhake
Risk management strategies (i)
Risk Organisational financial problems Recruitment problems Staff illness Defective components
Strategy Prepare a briefing document for senior management showing how th e project is making a very important contribution to the goals of the business. Alert customer of potential difficulties and the possibility of delays, investigate buying-in components. Reorganise team so that there is more overlap of work and people therefore understand each others jobs. Replace potentially defective components with bough tin components of known reliability.
Rajesh Dhake
Risk management strategies (ii)

Risk Requirements changes Organisational restructuring Database performance Underestimated development time Strategy Derive traceability information to assess requirements change impact, maximise information hiding in the design. Prepare a briefing document for senior management showing how th e project is making a very important contribution to the goals of the business. Investigate the possibility of buying a higherperformance database. Investigate buying in components, investigate use of a program generator
Rajesh Dhake
Risk monitoring
Assess each identified risks regularly to decide whether or not it is becoming less or more probable. Also assess whether the effects of the risk have changed. Each key risk should be discussed at management progress meetings.
Rajesh Dhake
Risk indicators
Risk type Technology People Organisational Tools Requirements Estimation Potential indicators Late delivery of hardware or support software, many reported technology problems Poor staff morale, poor relationships amongst team member, job availability Organisational gossip, lack of action by senior management Reluctance by team members to use tools, complaints about CASE tools, demands for higher-powered workstations Many requirements change requests, customer complaints Failure to meet agreed schedule, failure to clear reported defects
Rajesh Dhake
Key points
Good project management is essential for project success. The intangible nature of software causes problems for management. Managers have diverse roles but their most significant activities are planning, estimating and scheduling. Planning and estimating are iterative processes which continue throughout the course of a project.
Rajesh Dhake
Key points
A project milestone is a predictable state where a formal report of progress is presented to management. Project scheduling involves preparing various graphical representations showing project activities, their durations and staffing. Risk management is concerned with identifying risks which may affect the project and planning to ensure that these risks do not develop into major threats.
Rajesh Dhake

#10. Risk Management 2008.09.01

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

#10. Risk Management 2008.09.01

Uploaded by

Copyright:

Available Formats

Project Risk Management

What is Project Success?

Done it all professionally & without killing the team

PDF created with pdfFactory trial version www.pdffactory.com

Why Do Projects Fail?

Why Should We Care?

Project Management Process

Tracking & Control

Complete Planning Reporting Assess

Post Project Review Report Rajesh Dhake

PDF created with pdfFactory trial version www.pdffactory.com

Probability Impact Timing

Expectations is valued by Stakeholder

Risk = Probability x Impact

What is Project Risk?

Risk Associated with Projects

A risk is a probability that some adverse circumstance will occur

Definition of Risk Management

What is Project Risk Management?

Problems & Risks

Downsides of Risk Management

Risk Management Process

Risk Management Planning

PDF created with pdfFactory trial version www.pdffactory.com

The Risk Management Plan

Risk Management Process

List of potential risks

Prioritised risk list

Risk avoidance and contingency plans

PDF created with pdfFactory trial version www.pdffactory.com

Risk Management Process Overview

Risk Risk Risk PlanningReduction Mitigation

PROJECT Risk Identification

1. Risk Identification Techniques

Business Risk Areas

Relationships Business Risks Compliance Performance

PROJECT Risk Analysis

Probability Low High Moderate Moderate High

Effects Catastrophic Catastrophic Serious Serious Serious

High Moderate Moderate Moderate High

Serious Tolerable Tolerable Tolerable Tolerable Rajesh Dhake

Sample Risk Register/Risk Analysis

Sample Risk Register/Risk Analysis

Project severity = expectation (1-10) * impact (1-10) Rajesh Dhake 38

2. Analyzing Risk - Qualitative

Qualitative Risk Analysis Tools

Qualitative Risk Analysis Tools

Sample Probability/Impact Matrix

Sample Probability/Impact Matrix for Qualitative Risk Assessment

Chart Showing High-, Medium-, and Low-Risk Technologies

2. Top Ten Risk Item Tracking

Example of Top Ten Risk Item Tracking

Poor cost estimates Poor time estimates

2. Risk Analysis - Quantitative

Quantitative Risk Analysis Tools

Quantitative Risk Analysis Tools

Expected Monetary Value (EMV) Example

Probability & Impact Analysis

25% 50% 30%

$45,000 $2,000 $100,000

$11,250 $1,000 $30,000

Latest Techniques FMEA, FTA & PRA

Decision Tree Analysis

$1,500 +$15,000 $0 $0 ($14,000) -$20,000 TOTAL ($12,500) ($32,500)