Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

IT Project and Quality Management Lecture 11 -Project Risk Management - Raymond J. Stoneham, Lecture notes of Computers and Information technologies

University of GreenwichComputers and Information technologies

This document about Project Risk Management, The Importance of Project Risk Management, Benefits from Software Risk Management Practices, Risk Can Be Positive, Negative Risk, Risk Utility.

Typology: Lecture notes

2010/2011

Uploaded on 09/09/2011

rossi46
rossi46 🇬🇧

4.5

(10)

313 documents

1 / 11

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Chapter 11:
Project Risk Management
2
Learning Objectives
Understand what risk is and the
importance of good project risk
management.
Discuss the elements involved in risk
management planning and the contents
of a risk management plan.
List common sources of risks in
information technology projects.
3
Learning Objectives (cont’d)
Describe the risk identification process, tools,
and techniques to help identify project risks, and
the main output of risk identification, a risk
register.
Discuss the qualitative risk analysis process and
explain how to calculate risk factors, create
probability/impact matrixes, apply the Top Ten
Risk Item Tracking technique, and use expert
judgment to rank risks.
4
Learning Objectives (cont’d)
Explain the quantitative risk analysis process
and how to apply decision trees, simulation, and
sensitivity analysis to quantify risks.
Provide examples of using different risk
response planning strategies to address both
negative and positive risks.
Discuss what is involved in risk monitoring and
control.
Describe how software can assist in project risk
management.
5
The Importance of Project Risk
Management
Project risk management is the art and science of
identifying, analyzing, and responding to risk
throughout the life of a project and in the best
interests of meeting project objectives.
Risk management is often overlooked in projects,
but it can help improve project success by helping
select good projects, determining project scope,
and developing realistic estimates.
6
Research Shows Need to Improve
Project Risk Management
Study by Ibbs and Kwak shows risk has the
lowest maturity rating of all knowledge areas.
KLCI study shows the benefits of following good
software risk management practices.
KPMG study found that 55 percent of runaway
projects—projects that have significant cost or
schedule overruns—did no risk management at
all.*
*Cole, Andy, “Runaway Projects—Cause and Effects,” Software World, Vol. 26, no. 3, pp. 3–5
(1995).
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download IT Project and Quality Management Lecture 11 -Project Risk Management - Raymond J. Stoneham and more Lecture notes Computers and Information technologies in PDF only on Docsity!

Chapter 11:

Project Risk Management

2

Learning Objectives

  • Understand what risk is and the

importance of good project risk

management.

  • Discuss the elements involved in risk

management planning and the contents

of a risk management plan.

  • List common sources of risks in

information technology projects.

3

Learning Objectives (cont’d)

  • Describe the risk identification process, tools, and techniques to help identify project risks, and the main output of risk identification, a risk register.
  • Discuss the qualitative risk analysis process and explain how to calculate risk factors, create probability/impact matrixes, apply the Top Ten Risk Item Tracking technique, and use expert judgment to rank risks.

4

Learning Objectives (cont’d)

  • Explain the quantitative risk analysis process and how to apply decision trees, simulation, and sensitivity analysis to quantify risks.
  • Provide examples of using different risk response planning strategies to address both negative and positive risks.
  • Discuss what is involved in risk monitoring and control.
  • Describe how software can assist in project risk management.

5

The Importance of Project Risk

Management

  • Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives.
  • Risk management is often overlooked in projects, but it can help improve project success by helping select good projects, determining project scope, and developing realistic estimates.

6

Research Shows Need to Improve

Project Risk Management

  • Study by Ibbs and Kwak shows risk has the lowest maturity rating of all knowledge areas.
  • KLCI study shows the benefits of following good software risk management practices.
  • KPMG study found that 55 percent of runaway projects —projects that have significant cost or schedule overruns—did no risk management at all.* *Cole, Andy, “Runaway Projects—Cause and Effects,” Software World, Vol. 26, no. 3, pp. 3– (1995).

7

Project Management Maturity by

Industry Group and Knowledge Area*

KEY: 1 = LOWEST MATURITY RATING 5 = HIGHEST MATURITY RATING

Procurement 3.33 3.01 2.91 3.

Risk 2.93 2.87 2.75 2.

Communication 3.53 3.53 3.21 3. s

Human 3.18 3.20 2.93 3. Resources

Quality 2.91 3.22 2.88 3.

Cost 3.74 3.22 3.20 3.

Time 3.55 3.41 3.03 3.

Scope 3.52 3.45 3.25 3.

Hi-Tech Manufacturing Informati on Systems

Telecommunicatio ns Engineering/ Knowledge Construction Area

*Ibbs, C. William and Young Hoon Kwak. “Assessing Project Management Maturity,” Project Management Journal (March 2000). 8

Benefits from Software Risk

Management Practices*

80% 60% 47% 47% (^) 43% 35% 6% 0%

20%

40%

60%

80%

100%

Anticipate/avoid problems

Prevent surprises Improve ability to negotiate Meet customer commitments

Reduce schedule slips^ Reduce cost overruns

None

*Kulik, Peter and Catherine Weber, “Software Risk Management Practices – 2001,” KLCI Research Group (August 2001).

9

Negative Risk

• A dictionary definition of risk is “the

possibility of loss or injury.”

• Negative risk involves understanding

potential problems that might occur in

the project and how they might

impede project success.

• Negative risk management is like a

form of insurance; it is an investment.

10

Risk Can Be Positive

  • Positive risks are risks that result in good things happening; sometimes called opportunities.
  • A general definition of project risk is an uncertainty that can have a negative or positive effect on meeting project objectives.
  • The goal of project risk management is to minimize potential negative risks while maximizing potential positive risks.

11

Risk Utility

  • Risk utility or risk tolerance is the

amount of satisfaction or pleasure

received from a potential payoff.

  • Utility rises at a decreasing rate for people who are risk-averse.
  • Those who are risk-seeking have a higher tolerance for risk and their satisfaction increases when more payoff is at stake.
  • The risk-neutral approach achieves a balance between risk and payoff. (^12)

Risk Utility Function and Risk

Preference

19

Information Technology Success

Potential Scoring Sheet

Success Criterion Relative Importance User Involvement 19 Executive Management support 16 Clear Statement of Requirements 15 Proper Planning 11 Realistic Expectations 10 Smaller Project Milestones 9 Competent Staff 8 Ownership 6 Clear Visions and Objectives 3 Hard-Working, Focused Staff 3 Total 100 20

Broad Categories of Risk

  • Market risk
  • Financial risk
  • Technology risk
  • People risk
  • Structure/process risk

21

Risk Breakdown Structure

  • A risk breakdown structure is a

hierarchy of potential risk categories for a

project.

  • Similar to a work breakdown structure but

used to identify and categorize risks.

22

Sample Risk Breakdown Structure

IT Project

Business Technical Organizational (^) ManagementProject

Competitors

Suppliers

Cash flow

Hardware

Software

Network

Executive support

User support

Team support

Estimates

Communication

Resources

23

Potential Negative Risk Conditions

Associated With Each Knowledge Area

Knowledge Area Risk Conditions Integration Inadequate planning; poor resource allocation; poor integration management; lack of post-project review Scope Poor definition of scope or work packages; incomplete definition of quality requirements; inadequate scope control Time Errors in estimating time or resource availability; poor allocation and management of float; early release of competitive products Cost Estimating errors; inadequate productivity, cost, change, or contingency control; poor maintenance, security, purchasing, etc. Quality Poor attitude toward quality; substandard design/materials/workmanship; inadequate quality assurance program Human Resources Poor conflict management; poor project organization and definition of responsibilities; absence of leadership Communications Carelessness in planning or communicating; lack of consultation with key stakeholders Risk Ignoring risk; unclear assignment of risk; poor insurance management Procurement Unenforceable conditions or contract clauses; adversarial relations 24

Risk Identification

  • Risk identification is the process of

understanding what potential events might

hurt or enhance a particular project.

  • Risk identification tools and techniques

include:

  • Brainstorming
  • The Delphi Technique
  • Interviewing
  • SWOT analysis

25

Brainstorming

  • Brainstorming is a technique by which a group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneously and without judgment.
  • An experienced facilitator should run the brainstorming session.
  • Be careful not to overuse or misuse brainstorming. - Psychology literature shows that individuals produce a greater number of ideas working alone than they do through brainstorming in small, face-to-face groups. - Group effects often inhibit idea generation. 26

Delphi Technique

  • The Delphi Technique is used to derive a consensus among a panel of experts who make predictions about future developments.
  • Provides independent and anonymous input regarding future events.
  • Uses repeated rounds of questioning and written responses and avoids the biasing effects possible in oral methods, such as brainstorming.

27

Interviewing

  • Interviewing is a fact-finding technique for

collecting information in face-to-face,

phone, e-mail, or instant-messaging

discussions.

  • Interviewing people with similar project

experience is an important tool for

identifying potential risks.

28

SWOT Analysis

  • SWOT analysis (strengths, weaknesses,

opportunities, and threats) can also be

used during risk identification.

  • Helps identify the broad negative and

positive risks that apply to a project.

29

Risk Register

  • The main output of the risk identification process is a list of identified risks and other information needed to begin creating a risk register.
  • A risk register is:
    • A document that contains the results of various risk management processes and that is often displayed in a table or spreadsheet format.
    • A tool for documenting potential risk events and related information.
  • Risk events refer to specific, uncertain events that may occur to the detriment or enhancement of the project.

30

Risk Register Contents

  • An identification number for each risk

event.

  • A rank for each risk event.
  • The name of each risk event.
  • A description of each risk event.
  • The category under which each risk event

falls.

  • The root cause of each risk.

37

Chart Showing High-, Medium-, and

Low-Risk Technologies

38

Top Ten Risk Item Tracking

  • Top Ten Risk Item Tracking is a qualitative risk analysis tool that helps to identify risks and maintain an awareness of risks throughout the life of a project.
  • Establish a periodic review of the top ten project risk items.
  • List the current ranking, previous ranking, number of times the risk appears on the list over a period of time, and a summary of progress made in resolving the risk item.

39

Example of Top Ten Risk Item Tracking

Monthly Ranking Risk Item This Month

Last Month

Number of Months

Risk Resolution Progress Inadequate planning

1 2 4 Working on revising the entire project plan Poor definition of scope

2 3 3 Holding meetings with project customer and sponsor to clarify scope Absence of leadership

3 1 2 Just assigned a new project manager to lead the project after old one quit Poor cost estimates

4 4 3 Revising cost estimates

Poor time estimates

5 5 3 Revising schedule estimates (^40)

Expert Judgment

  • Many organizations rely on the intuitive

feelings and past experience of experts to

help identify potential project risks.

  • Experts can categorize risks as high,

medium, or low with or without more

sophisticated techniques.

  • Can also help create and monitor a watch

list , a list of risks that are low priority, but

are still identified as potential risks.

41

Quantitative Risk Analysis

  • Often follows qualitative risk analysis, but

both can be done together.

  • Large, complex projects involving leading

edge technologies often require extensive

quantitative risk analysis.

  • Main techniques include:
    • Decision tree analysis
    • Simulation
    • Sensitivity analysis

42

Decision Trees and Expected

Monetary Value (EMV)

  • A decision tree is a diagramming analysis

technique used to help select the best

course of action in situations in which future

outcomes are uncertain.

  • Estimated monetary value (EMV) is the

product of a risk event probability and the

risk event’s monetary value.

  • You can draw a decision tree to help find

the EMV.

43

Expected Monetary Value

(EMV) Example

44

Simulation

  • Simulation uses a representation or model of a system to analyze the expected behavior or performance of the system.
  • Monte Carlo analysis simulates a model’s outcome many times to provide a statistical distribution of the calculated results.
  • To use a Monte Carlo simulation, you must have three estimates (most likely, pessimistic, and optimistic) plus an estimate of the likelihood of the estimate being between the most likely and optimistic values.

45

Steps of a Monte Carlo Analysis

  1. Assess the range for the variables being considered.
  2. Determine the probability distribution of each variable.
  3. For each variable, select a random value based on the probability distribution.
  4. Run a deterministic analysis or one pass through the model.
  5. Repeat steps 3 and 4 many times to obtain the probability distribution of the model’s results.

46

Sample Monte Carlo Simulation

Results for Project Schedule

s

47

What Went Right?

  • A large aerospace company used Monte Carlo simulation to help quantify risks on several advanced-design engineering projects, such as the National Aerospace Plan (NASP).
  • The results of the simulation were used to determine how the company would invest its internal research and development funds.
  • Although the NASP project was terminated, the resulting research has helped develop more advanced materials and propulsion systems used on many modern aircraft. 48

Sensitivity Analysis

  • Sensitivity analysis is a technique used to show the effects of changing one or more variables on an outcome.
  • For example, many people use it to determine what the monthly payments for a loan will be given different interest rates or periods of the loan, or for determining break-even points based on different assumptions.
  • Spreadsheet software, such as Excel, is a common tool for performing sensitivity analysis.

49

Sample Sensitivity Analysis for

Determining Break-Even Point

50

Risk Response Planning

  • After identifying and quantifying risks, you

must decide how to respond to them.

  • Four main response strategies for negative

risks:

  • Risk avoidance
  • Risk acceptance
  • Risk transference
  • Risk mitigation

51

General Risk Mitigation Strategies for

Technical, Cost, and Schedule Risks

52

Response Strategies for Positive

Risks

  • Risk exploitation
  • Risk sharing
  • Risk enhancement
  • Risk acceptance

53

Residual and Secondary Risks

  • It’s also important to identify residual and

secondary risks.

  • Residual risks are risks that remain after

all of the response strategies have been

implemented.

  • Secondary risks are a direct result of

implementing a risk response.

54

Media Snapshot

  • A highly publicized example of a risk response to corporate financial scandals, such as those affecting Enron, Arthur Andersen, and WorldCom, was legal action.
  • The Sarbanes-Oxley Act of 2002 is considered the most significant change to federal securities laws in the United States since the New Deal.
  • This Act has caused many organizations to initiate projects and other actions to avoid litigation.* *Iosub, John C., “What the Sarbanes-Oxley Act Means for IT Managers,” TechRepublic , (March 19, 2003) ( http://techrepublic.com.com/5100-6313-5034345.html ).

55

Risk Monitoring and Control

  • Involves executing the risk management process to respond to risk events.
  • Workarounds are unplanned responses to risk events that must be done when there are no contingency plans.
  • Main outputs of risk monitoring and control are:
    • Requested changes.
    • Recommended corrective and preventive actions.
    • Updates to the risk register, project management plan, and organizational process assets.

56

Using Software to Assist in

Project Risk Management

  • Risk registers can be created in a simple

Word or Excel file or as part of a database.

  • More sophisticated risk management

software, such as Monte Carlo simulation

tools, help in analyzing project risks.

  • The PMI Risk Specific Interest Group’s Web

site at www.risksig.com has a detailed list of

software products to assist in risk

management.

57

Results of Good Project Risk

Management

  • Unlike crisis management, good project risk

management often goes unnoticed.

  • Well-run projects appear to be almost

effortless, but a lot of work goes into

running a project well.

  • Project managers should strive to make

their jobs look easy to reflect the results of

well-run projects.

58

Chapter Summary

  • Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives.
  • Main processes include:
    • Risk management planning
    • Risk identification
    • Qualitative risk analysis
    • Quantitative risk analysis
    • Risk response planning
    • Risk monitoring and control