© 2008 prentice hall9-1 introduction to project management chapter 9 managing project risk...

© 2008 Prentice Hall 9-1

Introduction to Project Management

Chapter 9Managing Project Risk

Information Systems Project Management: A Process and Team Approach, 1e Fuller/Valacich/George


Project Risk

• “…an uncertain event or condition that, if it occurs, has a positive or a negative effect on a project objective.”


Information Systems Associated Risks

• Technology and project management related

– Positive

• Availability of new project management tools

– Negative

• Rate of change in technologies

– Upgrades and new releases

• Assumptions computer-generated output is always correct

• Formation of teams


Risk & Project Life Cycle

• Initiation stage

– Identification and selection of specific projects

• Inside or outside of organization’s core competencies

• Planning stage

– Procurement

• Unreliability of new technology delivery timeframe

• Development of accurate project schedule


• Execution stage

– Missed scheduled delivery date

– Technology upgrades

• Control stage

– Implementation of risk plan

– Modification of project schedule

• Closing stage

– Acceptance of project as finished

Risk & Project Life Cycle (cont.)


Project Risk Examples

• New or different project management methodologies

• Different: – Cultures

– Organization structures

– Human resources


General Categories of IS Project Risk

• Ongoing changes to technology

• Finding, assigning, and retaining skilled personnel

• Gaining user acceptance

• Choosing the correct development methodology


Outsourcing / Offshoring• Positives:

– Expanded skill set availability

– Cheaper labor

– Reduced requirements for non-core competencies

• Negatives:

– Internal resistance

• Possible solutions to reduce risk:

– Ensure strong upper management support

– Select the right personnel

– Involve managers early in the outsourcing process

– Educate and reassure internal employees


• Negatives (cont.):

– Increased security and privacy concerns

• Possible solutions to reduce risk:

– Increase physical security measures

– Use software event logging and monitoring tools

– Intrusion detection systems and firewalls

– Encryption hardware/software

Outsourcing / Offshoring (cont.)


Top Five Software Project Risks

• Lack of top management commitment to the project

• Failure to gain user commitment

• Misunderstanding the requirements

• Lack of adequate user involvement

• Failure to manage end user expectations


Risk Management Planning

• A systematic approach to planning the risk management activities of a given project


Risk Management Planning – Inputs

• Enterprise environmental factors

– Attitudes toward risk and risk tolerance

• Organizational process assets

– Processes in place to handle risk

• Project scope statement

– Defining the project

• Project management plan

– Project summary document


PMBOK Required Inputs, Tools, and Techniques Used, and Resulting Outputs During Risk

Management


Risk Management Planning – Tools & Techniques

• Risk planning meetings

– Senior managers, project team leaders, stakeholders, project members with decision-making responsibilities

– Development of specific risk management plans

– Inclusion of risk-related items in budget and schedule

– Creation of risk management templates


Risk Management Planning – Outputs

• Risk Management Plan

– Methodology or approach to risk management

– Roles and responsibilities of project members

– Risk management budget

– Integration of risk management activities into project life cycle

– Scoring and interpretation of risk analysis

– Risk thresholds

– Reporting formats

– Tracking


Risk Identification

• The process of identifying potential risks to a project and documenting them


PMBOK Required Inputs, Tools and Techniques Used,

and Resulting Outputs During Risk Identification


Risk Identification – Inputs

• Enterprise environmental factors




• Risk management plan


Risk Categories

• Defined in a Risk Register

– A formal recording of all project risks, explaining the nature of the risk and management of the risk


Risks


Risk Identification – Tools & Techniques

• Documentation reviews

– The review of organizational information to aid during risk identification

• May include:– Project profiles (previous project information and related

lessons learned)

– Published information

» Articles/studies/benchmarking information


Risk Identification – Tools & Techniques (cont.)

• Information gathering techniques

– Brainstorming

– Delphi technique

– http://en.wikipedia.org/wiki/Delphi_technique

– Interviewing

– Strengths, weaknesses, opportunities, and threats (SWOT)

– http://en.wikipedia.org/wiki/SWOT

– Checklists

http://en.wikipedia.org/wiki/Delphi_technique

http://en.wikipedia.org/wiki/Delphi_technique

http://en.wikipedia.org/wiki/SWOT

http://en.wikipedia.org/wiki/SWOT


Risk Identification – Tools & Techniques (cont.)

– Diagramming techniques

• Cause and effect (Fishbone)

• http://en.wikipedia.org/wiki/Fishbone_diagram

• System or process flowcharts

• Influence diagrams

• http://www.lumina.com/software/influencediagrams.html

• http://en.wikipedia.org/wiki/Influence_diagrams

http://en.wikipedia.org/wiki/Fishbone_diagram

http://en.wikipedia.org/wiki/Fishbone_diagram

http://www.lumina.com/software/influencediagrams.html



http://en.wikipedia.org/wiki/Influence_diagrams


Risk Identification – Output


Qualitative Risk Analysis

• Establishment of probabilities regarding both the impact and likelihood of specific risk occurrences


PMBOK Required Inputs, Tools and Techniques

Used, and Resulting Outputs During

Qualitative Risk Analysis


Qualitative Risk Analysis – Inputs




• Risk register


Qualitative Risk Analysis – Tools & Techniques

• Risk probability and impact assessment

• Probability/impact risk rating matrix

• Risk data quality assessment

• Risk categorization

• Risk urgency assessment


Probability/Impact Risk Rating Matrix

• A technique used to analyze project risk in terms of its probability of occurrence and its impact on project outcomes


Risk Data Quality Assessment

• Assessment of the quality of the data used to assess risk

• May include:

• Extent to which a risk is understood

• Available risk data

• Data quality

• Data integrity and reliability


Qualitative Risk Analysis – Outputs

• Updated risk register


Quantitative Risk Analysis

• Analysis of the probability of occurrence and impact of risk on project objectives using numerical techniques


Required Inputs, Tools and Techniques Used, and Resulting Outputs During

Quantitative Risk Analysis


Quantitative Risk Analysis – Inputs

• Organization process assets



• Risk register



Quantitative Risk Analysis – Tools & Techniques

• Data gathering through interviewing

• Quantitative procedures

– Sensitivity analysis

• Technique used to examine the potential impact of specific risks to a project (Tornado analysis)

• http://www.modeladvisor.com/specific_use/modeling/productivity_tools/what_if_analysis_manager/what_if_analysis_manager.htm

http://www.modeladvisor.com/specific_use/modeling/productivity_tools/what_if_analysis_manager/what_if_analysis_manager.htm




Tornado Analysis

• It is a sensitivity analysis technique. Shows which risks can cause the greatest variability in the base value of an information system.


Tornado AnalysisNOTES: Discount rate - The interest rate used in determining the present

value of future cash flows. For example, let's say you expect $1,000 dollars in one year's time. To determine the present value of this $1,000 (what it is worth to you today) you would need to discount it by a particular rate of interest (often the risk-free rate but not always). Assuming a discount rate of 10%, the $1,000 in a year's time would be the equivalent of $909.09 to you today (1000/[1.00 + 0.10]).

The difference between the present value of cash inflows and the present value of cash outflows. NPV is used in capital budgeting to analyze the profitability of an investment or project. NPV compares the value of a dollar today to the value of that same dollar in the future, taking inflation and returns into account. If the NPV of a prospective project is positive, it should be accepted. However, if NPV is negative, the project should probably be rejected because cash flows will also be negative.


Quantitative Risk Analysis – Tools & Techniques

– Decision tree analysis• Diagramming technique used to evaluate courses

of action in terms of their potential cost and benefits relative to other courses of action

• http://en.wikipedia.org/wiki/Decision_tree

– Expected monetary value analysis (EMV)• Statistical technique which captures the average

value of potential projects by analyzing the likelihood of possible project outcomes as well as each outcome’s financial consequences

http://en.wikipedia.org/wiki/Decision_tree

http://en.wikipedia.org/wiki/Decision_tree


Expected Monetary Value + Decision Tree Analysis


– Simulation

• Statistical technique where what-if analyzes are run to determine the impact of a given situation on a project objective (Monte Carlo)

• A problem solving technique used to approximate the probability of certain outcomes by running multiple trial runs, called simulations, using random variables. Monte Carlo simulation is named after the city in Monaco, where the primary attractions are casinos that have games of chance. Gambling games, like roulette, dice, and slot machines, exhibit random behavior.

• http://masamiki.com/project/blackjack.htm

Quantitative Risk Analysis – Tools & Techniques (cont.)

http://masamiki.com/project/blackjack.htm


Quantitative Risk Analysis – Outputs

• Updated risk register


Risk Response Planning

• The process of developing methods for responding to project risks


Required Inputs, Tools and Techniques Used, and Resulting Outputs During Risk

Response Planning


Risk Response Planning – Inputs


• Risk register


Risk Response Planning – Tools & Techniques

• Avoidance– Identified risks are avoided through a different course

of action

• Transference– Transfer of risk to another party through the use of

contracts

• Mitigation– Steps are taken to reduce the occurrence or impact of

stated risks

• Acceptance– Risks are accepted and contingency strategies are

planned


Risk Response Planning – Outputs

• Updates to:

– Risk register

– Project management plan

– Risk-related contractual agreements


Risk Response Plan Contents(Project Management Institute)

• Any risks that have been identified along with a description and the areas and objectives the identified risk may affect

• The roles and responsibilities of any risk owners

• Qualitative and quantitative risk analysis results as well as any trends identified during either of these processes

• A description of the risk response strategies including avoidance, transference, mitigation, and acceptance, and the risk that the strategies will be applied to

• An acknowledgement of any residual risk projected to remain after any risk response strategies have been applied

• A list of actions to be used to implement the risk response strategies

• Budget and schedule information in terms of risk response

• Any contingency plans used as part of an active response to accept risks


Additional Risk Terms

• Residual risks

– Any risks remaining after risk response strategies have been applied

• Secondary risks

– Any risks resulting from the application of a risk response strategy

• Contractual agreements

– Any contracts for the purpose of risk transference during the project


Risk Monitoring & Control

• The process of monitoring identified risks for change and controlling those changes


PMBOK Required Inputs, Tools and Techniques Used, and Resulting Outputs

During Risk Monitoring and Control


Questions?

© 2008 prentice hall9-1 introduction to project management chapter 9 managing project risk...

Documents