Professional Documents
Culture Documents
Purpose
Identify control best practices for managing project risk Review Microsoft Excel Risk Assessment Template to assist in identifying & mitigating project risk
Agenda
Purpose Agenda Definition of Terms Manage Projects Why Project Risk Is Important Project Risk Management Risk Assessment Template Summary
3
Definition of Terms
Risk Possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood (Institute of Internal Auditors)
Manage Projects
Manage Projects One of COBiT s 34 IT processes (Plan & Organize PO10) A programme & project management framework for the management of all IT projects
o Ensures correct prioritization & coordination of all projects
10
PO10.1 PO10.2
Project Management Approach Stakeholder Commitment Project Scope Statement Project Phase Initiation Integrated Project Plan
11
PO10.8 Project Resources PO10.9 Project Risk Management PO10.10 Project Quality Plan PO10.11 Project Change Control PO10.12 Project Planning of Assurance Methods PO10.13 Project Performance Measurement, Reporting & Monitoring P010.14 Project Closure
12
13
Requirements change
o Example: Additional features
15
16
17
18
Inadequate leadership (project manager, sponsor) Loss of sponsor Loss of key team members Poor project attitude
o Example: We dont plan, we do
19
20
21
22
23
26
28
Manage & communicate risk appropriately within the project governance structure
o Include project risk on project team meeting agenda
29
30
31
Definition
Exit the activities or conditions that give rise to the risk. Do this when no other options are adequate Take action to detect, reduce frequency, and reduce impact of risk
Examples
Terminate difficult team member Terminate project Do not use technology because it prevents future growth Counsel difficult team member Apply additional controls (e.g., increase monitoring, increase testing, apply stricter change management) Obtain insurance Have vendor perform high risk part of project
Mitigate Risk
Transfer Risk
Accept Risk
Done when risk is known and management decides it is acceptable to accept risk
32
Analyze the log periodically for trends and recurring problems, to ensure root causes are corrected
o Assess specific issue o Assess impact to entire project
(COBiT Control Practices, page 64)
33
Flexible
Create own risk categories Modify as appropriate
34
Summary
Project risk management is essential element of managing a project
Should be done throughout project
There are several business benefits to managing project risk There are a number of mechanisms project teams should employ to manage project risk
36
Questions?
37