Professional Documents
Culture Documents
Means
M to
t reduce
d those
th risks
i k or their
th i iimpactt
good software risk management practices. Cost 3.74 3.22 3.20 3.97
Quality 2.91 3.22 2.88 3.26
KPMG1 studyy found that 55 percent
p of runaway y Human Resources 3 18
3.18 3 20
3.20 2 93
2.93 3 18
3.18
projects (projects that have significant cost or
Communications 3.53 3.53 3.21 3.48
schedule overruns)) did no risk management
g at all. Risk
ik 2 93
2.93 28
2.87 2
2.75 2 6
2.76
Procurement 3.33 3.01 2.91 3.33
1 Cole, Andy, “Runaway Projects - Cause and Effects,” Software World, 26(3), pp. 3-5 (1995). 1 C.W. Ibbs and Y. H. Kwak. “Assessing Project Management Maturity,”
Project Management Journal (March 2000).
Benefits from Software Risk Management
Practices1 Risk As A Trade
Trade-Off
Off
5 6
100%
Of i
Oftentimes we take
k risks
i k to save money or time
i
80%
80% There is a possibility of having to buy another item or
60%
60% 47% 47% 43%
redo the same job
35%
40% … or, at least, suffer greater stress levels
20%
0%
6%
Trade-offs can be identified with time, money,
te
q
quality
y
ns
ps
ts
es
s
e
m
tia
en
on
ru
sli
ris
le
go
N
itm
er
The consequences of some risks may be more severe
p
e
ob
ov
ur
ul
ne
m
pr
ts
d
m
st
he
to
d
en
co
co
oi
ilit
ce
er
ce
Pr
ab
/
m
te
u
u
ed
to
a
ed
e
ip
us
ov
tc
pr
An
Im
ee
M
Contingency
C ti plans
l are predefined
d fi d actions
i that
h the
h Key Risk Symptoms
project team will take if an identified risk event theelements of the project likely to indicate that
occurs. something is going wrong
Fallback plans are developed for risks that have a At this stage,
g , we need to know the outcome of the
high impact on meeting project objectives, and are risk, so that it can be quantified in the next stage of
put into effect if attempts
p p to reduce the risk are not the analysis
y
effective.
Contingency reserves or allowances are provisions
held by the project sponsor or organization to
reduce the risk of cost or schedule overruns to an
acceptable level.
Market risk – Is this a new product? Will people use it Knowledge Area Risk Conditions
Inadequate planning; poor resource allocation; poor integration
Integration
and buyy it? Is there competition
p for it? management; lack of post-project review
Poor definition of scope or work packages; incomplete definition
Scope
Financial risk – Can the organization afford to do this of quality requirements; inadequate scope control
Errors in estimating time or resource availability; poor allocation
project? Is there confidence in financial projections? Time
and management of float; early release of competitive products
Estimating errors; inadequate productivity, cost, change, or
Technology risk – Technically feasible? Easily obsolete? Cost
contingency control; poor maintenance, security, purchasing, etc.
Poor attitude toward q
quality;
y; substandard
M t /l di
Mature/leading-edge/bleeding
d /bl di edge d technology?
t h l ? Quality
design/materials/workmanship; inadequate quality assurance
program
People risk – People have appropriate skills? Does Human Resources
Poor conflict management; poor project organization and
definition of responsibilities; absence of leadership
management support it? Good sponsor relationship? Carelessness in planning or communicating; lack of consultation
Communications
with key stakeholders
Structure/process
/p risk – Changes
g existing g procedures?
p Risk
Ignoring risk; unclear assignment of risk; poor insurance
Does it need to interact with other systems? Procurement
management
Unenforceable conditions or contract clauses; adversarial relations
Common Sources of Risk in Information Information Technology Success Potential
T h l
Technology PProjects
j Scoring Sheet
17 18
Relative
Several studies show that IT projects share some Success Criterion
Importance
common sources of risk.
risk User Involvement 19
After CHAOS, the Standish Group developed an Executive Management support 16
IT success potential
i l scoring
i sheet
h b
basedd on Clear Statement of Requirements 15
Proper Planning 11
potential risks Realistic Expectations 10
Consisted of a questionnaire whose responses relate Smaller Project Milestones 9
to identified project success criteria Competent Staff 8
Scales based on Yes answers to questions were used Ownership 6
Clear Visions and Objectives 3
to identify how well a project satisfies the criteria
Hard-Working Focused Staff
Hard-Working, 3
Total 100
Executive
Competitors Hardware Estimates
pp
support
Suppliers
pp Software User support
pp Communication
Just how risky is an event or activity? Expected value of an identified event is the value
Analysis
y in terms of likelihood (probability)
(p y) and the of the possible outcome multiplied by the
extent of the effects probability of its occurrence
Project A: 50% chance, $200 million return
Some projects fail because of risks that were not
initially identified Project B: 70% chance, $150 million return
Decision?
Therefore,
Therefore a third factor to consider is risk “hideability”
– the ability of a party to conceal the fact that things Project B ($100 million for A vs. $105 million for B)
are going wrong with part of the project The same kind of reasoning can be applied to risks
For each activity on the critical path, look at their A Probability/Impact Matrix or Chart lists the relative
likelihood, severity, and hideability probability of a risk occurring on one side of a matrix
Rate each of these on a scale from 1 to 10 and the relative impact of the risk occurring on the
Total risk for an activity is the product of the three other.
Ex. Consider the risk of a SW development activity: List the risks and then label each one as high, medium,
or low in terms of its probability of occurrence and its
Activity Likelihood Severity Hideability Total impact if it did occur.
In House
In-House
8 2 2 32 Can also calculate risk factors:
Development
Numbers that represent the overall risk of specific events
Outsourced
O tso rced
6 2 7 84 b d on their
based th i probability
b bilit off occurring
i and d th
the
Development consequences to the project if they do occur.
Sample Probability/Impact Matrix Monte Carlo Simulation
29 30
Similar to PERT, only we use equal deviations above Note that any of our original numbers may change,
and below the expected
p value (10%
( is quite
q and they may not change in the way we’d like them to
common) and calculate the resulting values The following chart shows how the profit varies with
Note that changes need not go in the same direction changes
g in material and labour & overhead costs
Consider a project with revenue of $1,200 that requires: Materials cost Materials cost Materials cost
$600 of materials 10% less as expected 10% more
$200 of labour Labour & Overhead
165 105 45
$350 of overhead costs cost 10% less
Profit
= revenue - materials – (labour + overhead) Labour & Overhead
110 50 -10
as expected
= $1,200
$1 200 – 600 – (200 + 350) Labour & Overhead
55 -5 -65
= $50 cost10% more
Risk Response Planning Risk Response Planning
33 34
Good for small ones, bad for medium ones, … If the project life cycle spans into the next fiscal year, and
Avoid the risk: stayy clear of,, sidestep,
p, p
pass up
p there is a risk that new funds may not be allocated, getting
ALL the funds in this fiscal year prevents the risk
Transfer the risk
Mitigate it: define steps and actions to be taken so as to
Many among the cheaper air tickets are non-refundable
non refundable
alleviate or lessen the risk
Insurance against malpractice
If there is a risk that a subcontractor will not deliver by a
Not so easy with IT (unfortunately)
certain date, written commitments can be sought, or strong
Note: this does not absolve the project manager of all penalties can be put in the contract
responsibilities
Use the
h contingency plan:
l what to do if the risk
Finally, we can … materializes
There is a resource (i.e. skilled people) shortage as Involves executing the risk management process to
a result of budget cuts and staff turnover respond
p to risk events.
Options Main outputs of risk monitoring and control are:
Ignore: not a viable option Requested changes.
changes
Avoid: restructure the project (downsize) Recommended corrective and preventive actions.
Transfer: outsource the project Updates
U d to the
h risk
i k log,
l project
j management plan,
l and
d
Accept: transfer resources, defer the project until organizational process assets.
people with critical skills become available Workarounds are unplanned responses to risk events
that must be done when there are no contingency
plans.