topic 8- 1ict 327 management of it projectssemester 1, 2004 topic 8 risk & procurement...

Topic 8- 1 ICT 327 Management of IT Projects Semester 1, 2004

Topic 8 Risk & Procurement Management

Schwalbe: Chapters 11, 12


Learning Objectives

• At the end of this topic, you should be able to:• Define risk and the importance of good project risk

management

• List the elements involved in risk management planning

• List common sources of risks on information technology projects

• Describe the risk identification process and tools and techniques to help identify project risks

• Discuss the qualitative risk analysis process and explain how to calculate risk factors, use probability/impact matrixes, the Top Ten Risk Item Tracking technique, and expert judgment to rank risks


Learning Objectives

• At the end of this topic, you should be able to:• Explain the quantify risk analysis process and how to

use decision trees and simulation to quantitative risks• Provide examples of using different risk response

planning strategies such as risk avoidance, acceptance, transference, and mitigation

• Discuss what is involved in risk monitoring and control• Describe how software can assist in project risk

management• Explain the results of good project risk management


Why is Project Risk Management important?

• It is the art and science of identifying, assigning, and responding to risk throughout the life of a project and in the best interests of meeting project objectives

• Risk management is often overlooked on projects, but it can help improve project success by helping select good projects, determining project scope, and developing realistic estimates

• Risk management is often neglected, especially on IT projects (Ibbs and Kwak)

• 55 percent of runaway projects did no risk management at all (KPMG)


Project Management Maturity by Industry Group and Knowledge Area


What is Risk?

• A dictionary definition of risk is “the possibility of loss or injury”

• Project risk involves understanding potential problems that might occur on the project and how they might impede project success

• Risk management is like a form of insurance; it is an investment


Example risk: It might rain

• How do you manage that risk?

• Take a chance?

• Take an umbrella? Jacket? Drive?

• Does it matter if you get wet? If not, then do nothing.


Anatomy of a risk

• Likelihood of it occurring

• Impact if it does

• e.g. something could be very likely, but low impact.


Risk of rain in Perth

Project: Outdoor picnic

Likely?(probability)

Impact Mitigation

UnlikelyJan High

JulyJ Likely High

Rating

M

H Don’t holdevent or hold indoors

Backup location


Risk Utility

• Risk utility or risk tolerance is the amount of satisfaction or pleasure received from a potential payoff• Utility rises at a decreasing rate for a person

who is risk-averse• Those who are risk-seeking have a higher

tolerance for risk and their satisfaction increases when more payoff is at stake

• The risk-neutral approach achieves a balance between risk and payoff


Risk Processes

• Risk Management Planning

• Risk Identification

• Qualitative Risk Analysis

• Risk Response Planning

• Risk monitoring and control


Question

• Are you:• risk-averse (conservative)• risk-neutral, or • risk-seeking

in relation to:• finances (investment)• food• recreation activities


Risk Utility Function and Risk Preference


What is Project Risk Management?

• The goal of project risk management is to minimize potential risks while maximizing potential opportunities.

• Example 1: an opportunity may exist to expand into another country, but the risk of failure is very high. How is this risk managed?

• Example 2: Possible to deliver system both on web and hand-held. Hand-held is more difficult, is it worth the risk of failure?


Processes

• Risk management planning: deciding how to approach and plan the risk management activities for the project

• Risk identification: determining which risks are likely to affect a project and documenting their characteristics

• Qualitative risk analysis: characterizing and analyzing risks and prioritizing their effects on project objectives

• Quantitative risk analysis: measuring the probability and consequences of risks

• Risk response planning: taking steps to enhance opportunities and reduce threats to meeting project objectives

• Risk monitoring and control: monitoring known risks, identifying new risks, reducing risks, and evaluating the effectiveness of risk reduction


Risk Management Planning

• The main output of risk management planning is a risk management plan

• The project team should review project documents and understand the organization’s and the sponsor’s approach to risk

• The level of detail will vary with the needs of the project


Questions Addressed in a Risk Management Plan


Contingency & Fallback Plans, Contingency Reserves

• Contingency plans: predefined actions that the project team will take if an identified risk event occurs

• Fallback plans: developed for risks that have a high impact on meeting project objectives

• Contingency reserves or allowances: provisions held by the project sponsor that can be used to mitigate cost or schedule risk if changes in scope or quality occur


Common Sources of Risk on Information Technology Projects

• Several studies show that IT projects share some common sources of risk

• The Standish Group developed an IT success potential scoring sheet based on potential risks

• McFarlan developed a risk questionnaire to help assess risk

• Other broad categories of risk help identify potential risks


Information Technology Success Potential Scoring Sheet

Success Criterion Points

User Involvement 19

Executive Management support 16

Clear Statement of Requirements 15

Proper Planning 11

Realistic Expectations 10

Smaller Project Milestones 9

Competent Staff 8

Ownership 6

Clear Visions and Objectives 3

Hard-Working, Focused Staff 3

Total 100

McFarlan’s Risk Questionnaire1. What is the project estimate in calendar (elapsed) time?

( ) 12 months or less Low = 1 point

( ) 13 months to 24 months Medium = 2 points

( ) Over 24 months High = 3 points

2. What is the estimated number of person days for the system?

( ) 12 to 375 Low = 1 point

( ) 375 to 1875 Medium = 2 points

( ) 1875 to 3750 Medium = 3 points

( ) Over 3750 High = 4 points

3. Number of departments involved (excluding IT)

( ) One Low = 1 point

( ) Two Medium = 2 points

( ) Three or more High = 3 points

4. Is additional hardware required for the project?

( ) None Low = 0 points

( ) Central processor type change Low = 1 point

( ) Peripheral/storage device changes Low = 1

( ) Terminals Med = 2

( ) Change of platform, for example High = 3

PCs replacing mainframes

Elapsed Time

Effort in days

Extra hardware

# Business areas


Other Categories of Risk

• Market risk: Will the new product be useful to the organization or marketable to others? Will users accept and use the product or service?

• Financial risk: Can the organization afford to undertake the project? Is this project the best way to use the company’s financial resources?

• Technology risk: Is the project technically feasible? Could the technology be obsolete before a useful product can be produced?


What Went Wrong?

Many information technology projects fail because of technology risk. One project manager learned an important lesson on a large IT project: focus on business needs first, not technology. David Anderson, a project manager for Kaman Sciences Corp., shared his experience from a project failure in an article for CIO Enterprise Magazine. After spending two years and several hundred thousand dollars on a project to provide new client/server-based financial and human resources information systems for their company, Anderson and his team finally admitted they had a failure on their hands. Anderson revealed that he had been too enamored of the use of cutting-edge technology and had taken a high-risk approach on the project. He "ramrodded through" what the project team was going to do and then admitted that he was wrong. The company finally decided to switch to a more stable technology to meet the business needs of the company.

Hildebrand, Carol. “If At First You Don’t Succeed,” CIO Enterprise Magazine, April 15, 1998


Risk Identification

• Risk identification is the process of understanding what potential unsatisfactory outcomes are associated with a particular project

• Several risk identification tools and techniques include• Brainstorming• The Delphi technique• Interviewing• SWOT analysis

Potential Risk Conditions Associated with Each Knowledge Area

Knowledge Area Risk Conditions

Integration Inadequate planning; poor resource allocation; poor integrationmanagement; lack of post-project review

Scope Poor definition of scope or work packages; incomplete definitionof quality requirements; inadequate scope control

Time Errors in estimating time or resource availability; poor allocationand management of float; early release of competitive products

Cost Estimating errors; inadequate productivity, cost, change, orcontingency control; poor maintenance, security, purchasing, etc.

Quality Poor attitude toward quality; substandarddesign/materials/workmanship; inadequate quality assuranceprogram

Human Resources Poor conflict management; poor project organization anddefinition of responsibilities; absence of leadership

Communications Carelessness in planning or communicating; lack of consultationwith key stakeholders

Risk Ignoring risk; unclear assignment of risk; poor insurancemanagement

Procurement Unenforceable conditions or contract clauses; adversarial relations


Quantitative Risk Analysis

• Assess the likelihood and impact of identified risks to determine their magnitude and priority

• Risk quantification tools and techniques include • Probability/Impact matrixes• The Top 10 Risk Item Tracking technique• Expert judgment


Sample Probability/Impact Matrix

Sample Probability/Impact Matrix for Qualitative Risk Assessment


Chart Showing High-, Medium-, & Low-Risk Technologies


Top 10 Risk Item Tracking

• Similar to the 10 ten songs for the week/month.• Top 10 Risk Item Tracking: is a tool for

maintaining an awareness of risk throughout the life of a project

• Steps:1. Establish a periodic review of the top 10 project risk items

2. List the current ranking, previous ranking, number of times the risk appears on the list over a period of time, and a summary of progress made in resolving the risk item


Example of Top 10 Risk Item Tracking

Monthly Ranking

Risk Item This

Month

Last

Month

Numberof Months

Risk ResolutionProgress

Inadequateplanning

1 2 4 Working on revising theentire project plan

Poor definitionof scope

2 3 3 Holding meetings withproject customer andsponsor to clarify scope

Absence ofleadership

3 1 2 Just assigned a newproject manager to leadthe project after old onequit

Poor costestimates

4 4 3 Revising cost estimates

Poor timeestimates

5 5 3 Revising scheduleestimates


Expert Judgment

• Many organizations rely on the intuitive feelings and past experience of experts to help identify potential project risks

• Experts can categorize risks as high, medium, or low with or without more sophisticated techniques


Quantitative Risk Analysis

• Often follows qualitative risk analysis, but both can be done together or separately

• Large, complex projects involving leading edge technologies often require extensive quantitative risk analysis

• Main techniques include• decision tree analysis• simulation


Decision Trees & Expected Monetary Value (EMV)

• A decision tree is a diagramming method used to help you select the best course of action in situations in which future outcomes are uncertain

• EMV is a type of decision tree where you calculate the expected monetary value of a decision based on its risk event probability and monetary value


Expected Monetary Value (EMV) Example


Simulation

• Simulation uses a representation or model of a system to analyze the expected behavior or performance of the system

• Monte Carlo analysis simulates a model’s outcome many times to provide a statistical distribution of the calculated results

• To use a Monte Carlo simulation, you must have three estimates (most likely, pessimistic, and optimistic) plus an estimate of the likelihood of the estimate being between the optimistic and most likely values


What Went Right?

A large aerospace company used Monte Carlo simulation to help quantify risks on several advanced-design engineering projects. The National Aerospace Plan (NASP) project involved many risks. The purpose of this multibillion-dollar project was to design and develop a vehicle that could fly into space using a single-stage-to-orbit approach. A single-stage-to-orbit approach meant the vehicle would have to achieve a speed of Mach 25 (25 times the speed of sound) without a rocket booster. A team of engineers and business professionals worked together in the mid-1980s to develop a software model for estimating the time and cost of developing the NASP. This model was then linked with Monte Carlo simulation software to determine the sources of cost and schedule risk for the project. The results of the simulation were then used to determine how the company would invest its internal research and development funds. Although the NASP project was terminated, the resulting research has helped develop more advanced materials and propulsion systems used on many modern aircraft.


Risk Response Planning

• After identifying and quantifying risks, you must decide how to respond to them

• Four main strategies:• Risk avoidance: eliminating a specific threat or risk,

usually by eliminating its causes• Risk acceptance: accepting the consequences should a

risk occur• Risk transference: shifting the consequence of a risk

and responsibility for its management to a third party• Risk mitigation: reducing the impact of a risk event by

reducing the probability of its occurrence


General Risk Mitigation Strategies for Technical, Cost, and Schedule Risks


Risk Monitoring and Control

• Monitoring risks involves knowing their status• Controlling risks involves carrying out the risk

management plans as risks occur• Workarounds are unplanned responses to risk

events that must be done when there are no contingency plans

• The main outputs of risk monitoring and control are corrective action, project change requests, and updates to other plans


Risk Response Control

• Risk response control involves executing the risk management processes and the risk management plan to respond to risk events

• Risks must be monitored based on defined milestones and decisions made regarding risks and mitigation strategies

• Sometimes workarounds or unplanned responses to risk events are needed when there are no contingency plans


Using Software to Assist in Project Risk Management

• Databases can keep track of risks. Many IT departments have issue tracking databases

• Spreadsheets can aid in tracking and quantifying risks

• More sophisticated risk management software, such as Monte Carlo simulation tools, help in analyzing project risks


Sample Monte Carlo Simulation Results for Project Schedule


Sample Monte Carlo Simulations Results for Project Costs


Results of Good Project Risk Management

• Unlike crisis management, good project risk management often goes unnoticed

• Well-run projects appear to be almost effortless, but a lot of work goes into running a project well

• Project managers should strive to make their jobs look easy to reflect the results of well-run projects


Project Procurement Management

Schwalbe: Chapter 12


Learning Objectives

• Understand the importance of project procurement management and the increasing use of outsourcing for information technology projects

• Describe the procurement planning process, procurement planning tools and techniques, types of contracts, and statements of work

• Discuss what is involved in solicitation planning and the difference between a request for proposal and a request for quote

• Explain what occurs during the solicitation process


Learning Objectives

• Describe the source selection process and different approaches for evaluating proposals or selecting suppliers

• Discuss the importance of good contract administration

• Describe the contract close-out process• Discuss types of software available to assist in

project procurement management


Importance of Project Procurement Management

• Procurement means acquiring goods and/or services from an outside source

• Other terms include purchasing and outsourcing• Experts predicted that by the year 2003 the

worldwide information technology outsourcing market would grow to over $110 billion

• U.S. federal spending on IT outsourcing is projected to increase from $6.6 billion in 2002 to nearly $15 billion by 2007 due to an emphasis on e-government, homeland security, and the shortage of IT workers in government


Why Outsource?

• To reduce both fixed and recurrent costs

• To allow the client organization to focus on its core business

• To access skills and technologies

• To provide flexibility

• To increase accountability


Question

• What are the risks of outsourcing?


Project Procurement Management Processes

• Procurement planning: determining what to procure and when

• Solicitation planning: documenting product requirements and identifying potential sources

• Solicitation: obtaining quotations, bids, offers, or proposals as appropriate

• Source selection: choosing from among potential vendors

• Contract administration: managing the relationship with the vendor

• Contract close-out: completion and settlement of the contract


Project Procurement Management Processes and Key Outputs


Procurement Planning

• Procurement planning involves identifying which project needs can be best met by using products or services outside the organization.

• It includes deciding• whether to procure• how to procure• what to procure• how much to procure• when to procure


Question

• What is the relationship between outsourcing & procurement?


What Went Right?

• Several organizations, such as The Boots Company PLC in England, outsourced their IT services to save money compared with running the systems themselves

• Carefully planning procurement can also save millions of dollars, as the U.S. Air Force did by using a flexible pricing strategy for a large office automation project


Procurement Planning Tools and Techniques

• Make-or-buy analysis: determining whether a particular product or service should be made or performed inside the organization or purchased from someone else. Often involves financial analysis

• Experts, both internal and external, can provide valuable inputs in procurement decisions


Make-or Buy Example

• Assume you can lease an item you need for a project for $150/day. To purchase the item, the investment cost is $1,000, and the daily cost would be another $50/day.

• How long will it take for the lease cost to be the same as the purchase cost?

• If you need the item for 12 days, should you lease it or purchase it?


Make-or Buy Solution

• Set up an equation so the “make” is equal to the “buy”• In this example, use the following equation. Let d be the

number of days to use the item.$150d = $1,000 + $50d

• Solve for d as follows:• Subtract $50d from the right side of the equation to get

$100d = $1,000• Divide both sides of the equation by $100

d = 10 days• The lease cost is the same as the purchase cost at 10 days• If you need the item for 12 days, it would be more

economical to purchase it


Types of Contracts

• Fixed-price or lump-sum: involve a fixed total price for a well-defined product or service

• Cost-reimbursable: involve payment to the seller for direct and indirect costs

• Time and material contracts: hybrid of both fixed-price and cost-reimbursable, often used by consultants

• Unit price contracts: require the buyer to pay the seller a predetermined amount per unit of service


Cost Reimbursable Contracts

• Cost plus incentive fee (CPIF): the buyer pays the seller for allowable performance costs plus a predetermined fee and an incentive bonus

• Cost plus fixed fee (CPFF): the buyer pays the seller for allowable performance costs plus a fixed fee payment usually based on a percentage of estimated costs

• Cost plus percentage of costs (CPPC): the buyer pays the seller for allowable performance costs plus a predetermined percentage based on total costs


Contract Types Versus Risk


Statement of Work (SOW)

• A statement of work is a description of the work required for the procurement

• Many contracts, or mutually binding agreements, include SOWs

• A good SOW gives bidders a better understanding of the buyer’s expectations


Statement of Work (SOW) Template

I. Scope of Work: Describe the work to be done to detail. Specify the hardware andsoftware involved and the exact nature of the work.

II. Location of Work: Describe where the work must be performed. Specify thelocation of hardware and software and where the people must perform the work

III. Period of Performance: Specify when the work is expected to start and end,working hours, number of hours that can be billed per week, where the work mustbe performed, and related schedule information.

IV. Deliverables Schedule: List specific deliverables, describe them in detail, andspecify when they are due.

V. Applicable Standards: Specify any company or industry-specific standards thatare relevant to performing the work.

VI. Acceptance Criteria: Describe how the buyer organization will determine if thework is acceptable.

VII. Special Requirements: Specify any special requirements such as hardware orsoftware certifications, minimum degree or experience level of personnel, travelrequirements, and so on.


Solicitation Planning

• Solicitation planning involves preparing several documents:• Request for Proposals: used to solicit

proposals from prospective sellers • Requests for Quotes: used to solicit quotes

for well-defined procurements• Invitations for bid or negotiation and initial

contractor responses are also part of solicitation planning


Outline for a Request for Proposal (RFP)

I. Purpose of RFP

II. Organization’s Background

III. Basic Requirements

IV. Hardware and Software Environment

V. Description of RFP Process

VI. Statement of Work and Schedule Information

VII. Possible Appendices

A. Current System Overview

B. System Requirements

C. Volume and Size Data

D. Required Contents of Vendor’s Response to RFP

E. Sample Contract


Solicitation

• Solicitation involves obtaining proposals or bids from prospective sellers

• Organizations can advertise to procure goods and services in several ways• approaching the preferred vendor• approaching several potential vendors• advertising to anyone interested

• A bidders’ conference can help clarify the buyer’s expectations


Source Selection

• Source selection involves• evaluating bidders’ proposals• choosing the best one• negotiating the contract• awarding the contract

• It is helpful to prepare formal evaluation procedures for selecting vendors

• Buyers often create a “short list”


Sample Proposal Evaluation Sheet


Detailed Criteria for Selecting Suppliers


Be Careful in Selecting Suppliers and Writing Their Contracts

• Many dot-com companies were created to meet potential market needs, but many went out of business, mainly due to poor business planning, lack of senior management operations experience, lack of leadership, and lack of visions. Check the stability of suppliers

• Even well-known suppliers can impede project success. Be sure to write and manage contracts well with all suppliers (see What Went Wrong?)


Contract Administration

• Contract administration ensures that the seller’s performance meets contractual requirements

• Contracts are legal relationships, so it is important that legal and contracting professionals be involved in writing and administering contracts

• Many project managers ignore contractual issues, which can result in serious problems


Suggestions on Change Control for Contracts

• Changes to any part of the project need to be reviewed, approved, and documented by the same people in the same way that the original part of the plan was approved

• Evaluation of any change should include an impact analysis. How will the change affect the scope, time, cost, and quality of the goods or services being provided?

• Changes must be documented in writing. Project team members should also document all important meetings and telephone calls


Contract Close-out

• Contract close-out includes• product verification to determine if all work was

completed correctly and satisfactorily• administrative activities to update records to

reflect final results• archiving information for future use

• Procurement audits identify lessons learned in the procurement process


Using Software to Assist in Project Procurement Management

• Word processing software: writing proposals and contracts. (Templates & macros)

• Spreadsheets: help in evaluating suppliers. (Templates & macros)

• Databases help track suppliers, and presentation software aids in presenting procurement-related information


Procurement Systems

• In the late 1990s and early 2000s, many companies started using e-procurement software to do many procurement functions electronically

• Companies such as Commerce One, Ariba, Concur Technologies, SAS, and Baan provide corporate procurement services over the Internet

• Organizations also use other Internet tools to help find information on suppliers or auction goods and services

• WA State Government: Government Electronic Market (GEM) www.gem.wa.gov.au/Gem

www.gem.wa.gov.au/Gem

http://web.worldbank.org/WBSITE/EXTERNAL/PROJECTS/PROCUREMENT/0,,pagePK:84271~theSitePK:84266,00.html

procurementguidelines

topic 8- 1ict 327 management of it projectssemester 1, 2004 topic 8 risk & procurement...

Documents

risk tolerance

risk preferencewhat

risk of rain

risk avoidance

injuryproject risk

investmentexample risk

risk factors

project risk managementexplain