risk management in business analysis the great differentiator
TRANSCRIPT
TOC
PART I
Definition
Why Important
Risk Impact
Why Difficult
General Risk Analysis Questions
Risk Analysis Focus Areas
Focus Area Breakdown
Analysis Related Risk
PART II
Risk Assessment – How?
Risk Taxonomy & Taxonomy Model
Risk versus Uncertainty
Risk Breakdown Structure
…TBD…
2By Christian D. Kobsa
Definition
“Project risk analysis and management is a
process which enables the analysis and
management of the risks associated with a
project. If performed properly it will increase
the likelihood of successful project completion to
cost, time, and deliverable objectives.”
3By Christian D. Kobsa
Why Perform Risk Analysis and Management?
“Any project will face exposure to the possibility
of stated and unstated uncertain events and
circumstances that can have negative impacts on
the outcome of the project.”
5By Christian D. Kobsa
Risk Occurrence Impact
6By Christian D. Kobsa
Project deliverables can not be completed within
the promised timeframe.
Project deliverables can not be completed within the
defined cost parameters.
Project deliverables do not meet agreed upon client
expectations.
Possible loss of profits.
Possible decline in reputation.
Possible decline or complete loss of trust.
Risk Analysis / Management – Why Difficult?
7By Christian D. Kobsa
Lack of communication about project risk.
Lack of analysis of possible risks.
Stakeholder reluctance to accept that risk neither
good / bad but always present.
Stakeholder reluctance to recognize that identified
risk can be successfully managed.
Cultural bias to bring up risk, as it carries a negative
connotation.
General Risk Analysis Questions
8By Christian D. Kobsa
What could possible go wrong?
How would that influence the project
deliverables?
What is the likelihood of it happening?
How will it affect the project?
How will the effect on the project influence
project deliverables?
What can be done about it?
How will this risk mitigation influence project
deliverables?
Risk Focus Areas
9By Christian D. Kobsa
Staff
Organization
Technological
Environmental
Cultural
Legal
…Others…
Focus Area Questions - Staff
10By Christian D. Kobsa
What happens if staff is not available soon enough?
What happens if the project staff does not have the
right skill set?
What happens if key project team members leave?
What happens if key project team member conflicts
create stalemate?
Focus Area Questions - Organization
11By Christian D. Kobsa
What happens if organizational buy-in is not available?
What happens if the sponsors and/or other key stakeholders do not provide the support promised?
Is the organizational management structure unstable / changing?
Will there be a new project sponsor in case the current one leaves?
If there is a new sponsor, how will the project be affected?
What if another business or business unit withdraws from the project initiative?
What if the deliveries from a vendor do not meet expectations?
Focus Area Questions - Technological
12By Christian D. Kobsa
What if the technological expectations for project
deliverables can not be met?
What if technology cost is higher than anticipated?
What if technology requirements limit project
delivery implementation?
What if technology requirements expand project
delivery expectations?
What if technology requirements don’t allow for
proper interfacing with existing systems?
Focus Area Questions - Environmental
13By Christian D. Kobsa
Are there environmental demands that contradict
business needs?
Are the environmental requirements clearly defined
and understood?
Can the environmental requirements be
implemented without negatively influencing
business-value?
What are the consequences if the environmental
requirements are not met?
Focus Area Questions - Cultural
14By Christian D. Kobsa
Is the project’s deliverable being used primarily in a multi-cultural environment?
Are the motives and interests in the project’s deliverable of culturally divergent stakeholders clearly understood?
Is the project team multi-cultural?
How comfortable are multi-cultural team members with each other?
How do multi-cultural team members communicate with each other?
Are team members aware of typical cultural behaviors of each other?
Are multi-cultural team members respectful of, and interested in, the cultural background of other team members?
Focus Area Questions - Legal
15By Christian D. Kobsa
Is there any question as to whether the project’s
deliverable is legal?
Is there any particular area of the law that
influences how the deliverable must be produced?
Is there any particular area of the law that restrains
what can be produced under this project?
Does the project’s deliverable fall under the
jurisdiction of international law?
Does the law dictate that the project team consists
of individuals with certain backgrounds?
Risk Focus Areas - Summary
16By Christian D. Kobsa
Human: individuals, stakeholder groups, departments, illness, death, etc…
Operational: disruption to supplies and operations, loss of access to essential
assets, failure in distribution, etc…
Reputational: loss of business partner or employee confidence, damage to
reputation in the market.
Procedural: from failures of accountability, internal systems and controls,
organization, fraud, etc…
Project: risk of cost over-runs, jobs taking too long, insufficient product or
service quality, etc…
Financial: from business failure, stock market, interest rates,
unemployment, etc…
Technical: from advances in technology, technical failure, etc…
Natural: threats from weather, natural disaster, accident, disease, etc…
Political: from changes in tax regimes, public opinion, government policies,
foreign influence, etc.
Analysis Related Risks
17By Christian D. Kobsa
Business Situations:1. The contract is not finalized, hence the scope is undefined.
2. The project charter is not shared with the consulting BA team.
3. Requirements planning cannot be conducted prior to a formal kick-off.
4. The organization does not have a requirements management plan.
5. Current state documentation or business workflows are not always made available.
6. Business requirements have received sign-off, but continue to change during implementation.
7. Stakeholders are not prepared for analysis elicitation workshops.
8. All product enhancement requests are ranked as “high”.
9. Buy-in to conduct formal stakeholder analysis can not be obtained.
10. Resources responsible for elicitation are not communication requirements.
Risk Assessment – How?
18By Christian D. Kobsa
Risk Assessment
Identify
UncertaintiesAnalyze Risk Prioritize Risk
Identify Uncertainty – Risk Taxonomy
19By Christian D. Kobsa
IT Engineering Risk Taxonomy
Product Engineering Engineering Environment Program Constraints
Requirements Engineering
Specialties….Engineering
ProcessWork
Environment…. Resources
Program
Interfaces….
Stability Scale… FormalityProduct
Control… Schedule Facilities…
Cla
ssEle
ment
Att
ribute
Risk Identification Using a Taxonomy Model
20By Christian D. Kobsa
Select a Base
Taxonomy
Select a
Project Type
Classification
Adjust Risk
Taxonomy
Develop Risk
Identification
Rules
Customization Execution Tracking
Specification of Project
Characteristics
Execute Risk
Identification Rules
Respond to Risk Related
Questions
Execute Risk
Identification Rules
Undefined
RiskYes
Present All Identified
Risks
No
Track Identified Risks
Improve Risk Detection
as Possible
Risk Versus Uncertainty
21By Christian D. Kobsa
A definite fact about the project
and/or its environment.CAUSE
RISKUncertainty that could affect
the project if it occurs.
EFFECTContingent result of risk on
project objectives.
Structured Risk Statement:
“As a result of <definite cause>,
<uncertain event> may occur,
which would lead to <effect on
objectives>”.
Risk Breakdown Structure (RBS)
22By Christian D. Kobsa
Project Name
Technical Risk External Risk Organizational Risk Project Mgmt. Risk
Requirements
Technology
Complexity
Interfaces
Performance
Reliability
Quality
???
Sub-Contractors
Suppliers
Regulatory
Market
Customer
???
Project Dependencies
Resources
Funding
Prioritization
???
Estimating
Planning
Controlling
Communication
???
References
23By Christian D. Kobsa
Books:
Managing Risk – Methods for Software Systems Development (Elaine M. Hall)
Crisis Management – Planning for The Inevitable (Steven Fink)
Practice Standard for Project Risk Management (Project Management Institute)
White Papers:
Overcoming Cultural Obstacles to Managing Risk (Daniel Galorath)
Managing Risk in Multi-Cultural Projects (Kirsi Aaltonen, Mervi Murtonen, Sampo Tukiainen)
What is the Likelihood and Impact of a BA Communicating Risk? (Maureen McVey)
When is a Risk not a Risk? (Dr. David Hilson)
A Taxonomy Based Model for Identifying Risks (Sebastian Maniasi, Paola Britos, Ramon Garcia-Martinez)
Integrated Risk Management As A Framework For Organizational Success (Dr. David Hillson)
Web Sites:
http://whatis.techtarget.com
http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=11847; (“Taxonomy Based Risk Identification” by
Carnegie Mellon University, SEI)
http://www.mindtools.com (