1

By Christian D. Kobsa

Project Risk Management in

Business Analysis

The Great Differentiator

TOC

PART I

Definition

Why Important

Risk Impact

Why Difficult

General Risk Analysis Questions

Risk Analysis Focus Areas

Focus Area Breakdown

Analysis Related Risk

PART II

Risk Assessment – How?

Risk Taxonomy & Taxonomy Model

Risk versus Uncertainty

Risk Breakdown Structure

…TBD…

2By Christian D. Kobsa

Definition

“Project risk analysis and management is a

process which enables the analysis and

management of the risks associated with a

project. If performed properly it will increase

the likelihood of successful project completion to

cost, time, and deliverable objectives.”

3By Christian D. Kobsa

Strategy, Tactics, and Risk

4By Christian D. Kobsa

Why? What / How?

Why Perform Risk Analysis and Management?

“Any project will face exposure to the possibility

of stated and unstated uncertain events and

circumstances that can have negative impacts on

the outcome of the project.”

5By Christian D. Kobsa

Risk Occurrence Impact

6By Christian D. Kobsa

Project deliverables can not be completed within

the promised timeframe.

Project deliverables can not be completed within the

defined cost parameters.

Project deliverables do not meet agreed upon client

expectations.

Possible loss of profits.

Possible decline in reputation.

Possible decline or complete loss of trust.

Risk Analysis / Management – Why Difficult?

7By Christian D. Kobsa

Lack of communication about project risk.

Lack of analysis of possible risks.

Stakeholder reluctance to accept that risk neither

good / bad but always present.

Stakeholder reluctance to recognize that identified

risk can be successfully managed.

Cultural bias to bring up risk, as it carries a negative

connotation.

General Risk Analysis Questions

8By Christian D. Kobsa

What could possible go wrong?

How would that influence the project

deliverables?

What is the likelihood of it happening?

How will it affect the project?

How will the effect on the project influence

project deliverables?

What can be done about it?

How will this risk mitigation influence project

deliverables?

Risk Focus Areas

9By Christian D. Kobsa

Staff

Organization

Technological

Environmental

Cultural

Legal

…Others…

Focus Area Questions - Staff

10By Christian D. Kobsa

What happens if staff is not available soon enough?

What happens if the project staff does not have the

right skill set?

What happens if key project team members leave?

What happens if key project team member conflicts

create stalemate?

Focus Area Questions - Organization

11By Christian D. Kobsa

What happens if organizational buy-in is not available?

What happens if the sponsors and/or other key stakeholders do not provide the support promised?

Is the organizational management structure unstable / changing?

Will there be a new project sponsor in case the current one leaves?

If there is a new sponsor, how will the project be affected?

What if another business or business unit withdraws from the project initiative?

What if the deliveries from a vendor do not meet expectations?

Focus Area Questions - Technological

12By Christian D. Kobsa

What if the technological expectations for project

deliverables can not be met?

What if technology cost is higher than anticipated?

What if technology requirements limit project

delivery implementation?

What if technology requirements expand project

delivery expectations?

What if technology requirements don’t allow for

proper interfacing with existing systems?

Focus Area Questions - Environmental

13By Christian D. Kobsa

Are there environmental demands that contradict

business needs?

Are the environmental requirements clearly defined

and understood?

Can the environmental requirements be

implemented without negatively influencing

business-value?

What are the consequences if the environmental

requirements are not met?

Focus Area Questions - Cultural

14By Christian D. Kobsa

Is the project’s deliverable being used primarily in a multi-cultural environment?

Are the motives and interests in the project’s deliverable of culturally divergent stakeholders clearly understood?

Is the project team multi-cultural?

How comfortable are multi-cultural team members with each other?

How do multi-cultural team members communicate with each other?

Are team members aware of typical cultural behaviors of each other?

Are multi-cultural team members respectful of, and interested in, the cultural background of other team members?

Focus Area Questions - Legal

15By Christian D. Kobsa

Is there any question as to whether the project’s

deliverable is legal?

Is there any particular area of the law that

influences how the deliverable must be produced?

Is there any particular area of the law that restrains

what can be produced under this project?

Does the project’s deliverable fall under the

jurisdiction of international law?

Does the law dictate that the project team consists

of individuals with certain backgrounds?

Risk Focus Areas - Summary

16By Christian D. Kobsa

Human: individuals, stakeholder groups, departments, illness, death, etc…

Operational: disruption to supplies and operations, loss of access to essential

assets, failure in distribution, etc…

Reputational: loss of business partner or employee confidence, damage to

reputation in the market.

Procedural: from failures of accountability, internal systems and controls,

organization, fraud, etc…

Project: risk of cost over-runs, jobs taking too long, insufficient product or

service quality, etc…

Financial: from business failure, stock market, interest rates,

unemployment, etc…

Technical: from advances in technology, technical failure, etc…

Natural: threats from weather, natural disaster, accident, disease, etc…

Political: from changes in tax regimes, public opinion, government policies,

foreign influence, etc.

Analysis Related Risks

17By Christian D. Kobsa

Business Situations:1. The contract is not finalized, hence the scope is undefined.

2. The project charter is not shared with the consulting BA team.

3. Requirements planning cannot be conducted prior to a formal kick-off.

4. The organization does not have a requirements management plan.

5. Current state documentation or business workflows are not always made available.

6. Business requirements have received sign-off, but continue to change during implementation.

7. Stakeholders are not prepared for analysis elicitation workshops.

8. All product enhancement requests are ranked as “high”.

9. Buy-in to conduct formal stakeholder analysis can not be obtained.

10. Resources responsible for elicitation are not communication requirements.

Risk Assessment – How?

18By Christian D. Kobsa

Risk Assessment

Identify

UncertaintiesAnalyze Risk Prioritize Risk

Identify Uncertainty – Risk Taxonomy

19By Christian D. Kobsa

IT Engineering Risk Taxonomy

Product Engineering Engineering Environment Program Constraints

Requirements Engineering

Specialties….Engineering

ProcessWork

Environment…. Resources

Program

Interfaces….

Stability Scale… FormalityProduct

Control… Schedule Facilities…

Cla

ssEle

ment

Att

ribute

Risk Identification Using a Taxonomy Model

20By Christian D. Kobsa

Select a Base

Taxonomy

Select a

Project Type

Classification

Adjust Risk

Taxonomy

Develop Risk

Identification

Rules

Customization Execution Tracking

Specification of Project

Characteristics

Execute Risk

Identification Rules

Respond to Risk Related

Questions

Execute Risk

Identification Rules

Undefined

RiskYes

Present All Identified

Risks

No

Track Identified Risks

Improve Risk Detection

as Possible

Risk Versus Uncertainty

21By Christian D. Kobsa

A definite fact about the project

and/or its environment.CAUSE

RISKUncertainty that could affect

the project if it occurs.

EFFECTContingent result of risk on

project objectives.

Structured Risk Statement:

“As a result of <definite cause>,

<uncertain event> may occur,

which would lead to <effect on

objectives>”.

Risk Breakdown Structure (RBS)

22By Christian D. Kobsa

Project Name

Technical Risk External Risk Organizational Risk Project Mgmt. Risk

Requirements

Technology

Complexity

Interfaces

Performance

Reliability

Quality

???

Sub-Contractors

Suppliers

Regulatory

Market

Customer

???

Project Dependencies

Resources

Funding

Prioritization

???

Estimating

Planning

Controlling

Communication

???

References

23By Christian D. Kobsa

Books:

Managing Risk – Methods for Software Systems Development (Elaine M. Hall)

Crisis Management – Planning for The Inevitable (Steven Fink)

Practice Standard for Project Risk Management (Project Management Institute)

White Papers:

Overcoming Cultural Obstacles to Managing Risk (Daniel Galorath)

Managing Risk in Multi-Cultural Projects (Kirsi Aaltonen, Mervi Murtonen, Sampo Tukiainen)

What is the Likelihood and Impact of a BA Communicating Risk? (Maureen McVey)

When is a Risk not a Risk? (Dr. David Hilson)

A Taxonomy Based Model for Identifying Risks (Sebastian Maniasi, Paola Britos, Ramon Garcia-Martinez)

Integrated Risk Management As A Framework For Organizational Success (Dr. David Hillson)

Web Sites:

http://whatis.techtarget.com

http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=11847; (“Taxonomy Based Risk Identification” by

Carnegie Mellon University, SEI)

http://www.mindtools.com (