Upload
citnia
View
218
Download
0
Embed Size (px)
Citation preview
8/10/2019 6 Project Risk Management Kathys
1/20
1
Chapter 11:
Project Risk Management
2
Learning Objectives Understand what risk is and the importance of good
project risk management
Discuss the elements involved in risk managementplanning
List common sources of risks on informationtechnology projects
Describe the risk identification process and tools andtechniques to help identify project risks
Discuss the qualitative risk analysis process andexplain how to calculate risk factors, use
probability/impact matrixes, the Top Ten Risk ItemTracking technique, and expert judgment to rank risks
8/10/2019 6 Project Risk Management Kathys
2/20
3
Learning Objectives
Explain the quantify risk analysis process and how touse decision trees and simulation to quantitative risks
Provide examples of using different risk response
planning strategies such as risk avoidance, acceptance,
transference, and mitigation
Discuss what is involved in risk monitoring and control
Describe how software can assist in project risk
management
Explain the results of good project risk management
4
The Importance of Project Risk
Management Project risk management is the art and science of
identifying, assigning, and responding to riskthroughout the life of a project and in the best interestsof meeting project objectives
Risk management is often overlooked on projects, butit can help improve project success by helping selectgood projects, determining project scope, anddeveloping realistic estimates
A study by Ibbs and Kwak show how risk managementis neglected, especially on IT projects
KPMG study found that 55 percent of runaway projectsdid no risk management at all
8/10/2019 6 Project Risk Management Kathys
3/20
5
Table 11-1. Project Management Maturity by
Industry Group and Knowledge Area
6
What is Risk?
A dictionary definition of risk is thepossibility of loss or injury
Project risk involves understandingpotential problems that might occur on theproject and how they might impede projectsuccess
Risk management is like a form ofinsurance; it is an investment
8/10/2019 6 Project Risk Management Kathys
4/20
7
Risk Utility
Risk utility or risk tolerance is the amount ofsatisfaction or pleasure received from a
potential payoff
Utility rises at a decreasing rate for a person whois risk-averse
Those who are risk-seeking have a highertolerance for risk and their satisfaction increaseswhen more payoff is at stake
The risk-neutral approach achieves a balance
between risk and payoff
8
Figure 11-1. Risk Utility Function
and Risk Preference
8/10/2019 6 Project Risk Management Kathys
5/20
9
What is Project Risk Management?
The goal of project risk management is to minimize potential risks
while maximizing potential opportunities. Major processes include Risk management planning: deciding how to approach and plan
the risk management activities for the project
Risk identification: determining which risks are likely to affect aproject and documenting their characteristics
Qualitative risk analysis: characterizing and analyzing risks andprioritizing their effects on project objectives
Quantitative risk analysis: measuring the probability andconsequences of risks
Risk response planning: taking steps to enhance opportunitiesand reduce threats to meeting project objectives
Risk monitoring and control: monitoring known risks,identifying new risks, reducing risks, and evaluating theeffectiveness of risk reduction
10
Risk Management Planning
The main output of risk management planning is
a risk management plan
The project team should review project
documents and understand the organizations
and the sponsors approach to risk
The level of detail will vary with the needs of
the project
8/10/2019 6 Project Risk Management Kathys
6/20
11
Table 11-2. Questions Addressed in a
Risk Management Plan
12
Contingency and Fallback Plans,
Contingency Reserves
Contingency plans are predefined actions thatthe project team will take if an identified riskevent occurs
Fallback plans are developed for risks that havea high impact on meeting project objectives
Contingency reserves or allowances are
provisions held by the project sponsor that canbe used to mitigate cost or schedule risk ifchanges in scope or quality occur
8/10/2019 6 Project Risk Management Kathys
7/20
13
Common Sources of Risk on
Information Technology Projects
Several studies show that IT projects share some
common sources of risk
The Standish Group developed an IT success
potential scoring sheet based on potential risks
McFarlan developed a risk questionnaire to help
assess risk
Other broad categories of risk help identify
potential risks
14
Table 11-3. Information Technology
Success Potential Scoring SheetSuccess Criterion Points
User Involvement 19
Executive Management support 16
Clear Statement of Requirements 15
Proper Planning 11
Realistic Expectations 10
Smaller Project Milestones 9
Competent Staff 8
Ownership 6
Clear Visions and Objectives 3
Hard-Working, Focused Staff 3
Total 100
8/10/2019 6 Project Risk Management Kathys
8/20
15
Table 11-4. McFarlans Risk Questionnaire1. What is the project estimate in calendar (elapsed) time?
( ) 12 months or less Low = 1 point
( ) 13 months to 24 months Medium = 2 points
( ) Over 24 months High = 3 points
2. What is the estimated number of person days for the system?
( ) 12 to 375 Low = 1 point
( ) 375 to 1875 Medium = 2 points
( ) 1875 to 3750 Medium = 3 points
( ) Over 3750 High = 4 points
3. Number of departments involved (excluding IT)
( ) One Low = 1 point
( ) Two Medium = 2 points
( ) Three or more High = 3 points
4. Is additional hardware required for the project?
( ) None Low = 0 points
( ) Central processor type change Low = 1 point
( ) Peripheral/storage device changes Low = 1
( ) Terminals Med = 2
( ) Change of platform, for example High = 3
PCs replacing mainframes
16
Other Categories of Risk Market risk: Will the new product be useful to
the organization or marketable to others? Will
users accept and use the product or service?
Financial risk: Can the organization afford to
undertake the project? Is this project the best
way to use the companys financial resources?
Technology risk: Is the project technicallyfeasible? Could the technology be obsolete
before a useful product can be produced?
8/10/2019 6 Project Risk Management Kathys
9/20
17
What Went Wrong?
Many information technology projects fail because of technology risk. Oneproject manager learned an important lesson on a large IT project: focus on
business needs first, not technology. David Anderson, a project manager for
Kaman Sciences Corp., shared his experience from a project failure in an article
for CIO Enterprise Magazine. After spending two years and several hundred
thousand dollars on a project to provide new client/server-based financial and
human resources information systems for their company, Anderson and his
team finally admitted they had a failure on their hands. Anderson revealed that
he had been too enamored of the use of cutting-edge technology and had taken
a high-risk approach on the project. He "ramrodded through" what the project
team was going to do and then admitted that he was wrong. The company
finally decided to switch to a more stable technology to meet the business needs
of the company.
Hildebrand, Carol. If At First You Dont Succeed, CIO Enterprise Magazine, April 15, 1998
18
Risk Identification
Risk identification is the process ofunderstanding what potential unsatisfactoryoutcomes are associated with a particular project
Several risk identification tools and techniquesinclude
Brainstorming
The Delphi technique Interviewing
SWOT analysis
8/10/2019 6 Project Risk Management Kathys
10/20
19
Table 11-5. Potential Risk Conditions
Associated with Each Knowledge AreaKnowledge Area Risk Conditions
Integration Inadequate planning; poor resource allocation; poor integration
management; lack of post-project review
Scope Poor defin it ion of scope or work packages; incomplete definit ion
of quality requirements; inadequate scope control
Time Errors in est imat ing t ime or resource availability; poor allocat ion
and management of float; early release of competitive products
Cost Estimat ing errors; inadequate productivit y, cost, change, or
contingency control; poor maintenance, security, purchasing, etc.
Quality Poor attitude toward qualit y; substandard
design/materials/workmanship; inadequate quality assurance
program
Human Resources Poor conflict management; poor project organization and
definition of responsibilities; absence of leadership
Communications Carelessness in planning or communicating; lack of consultationwith key stakeholders
Risk Ignoring risk; unclear assignment of risk; poor insurance
management
Procurement Unenforceable conditions or contract clauses; adversarial relations
20
Quantitative Risk Analysis Assess the likelihood and impact of
identified risks to determine their magnitude
and priority
Risk quantification tools and techniques
include
Probability/Impact matrixes
The Top 10 Risk Item Tracking technique Expert judgment
8/10/2019 6 Project Risk Management Kathys
11/20
21
Sample Probability/Impact Matrix
22
Table 11-6. Sample Probability/Impact Matrix for Qualitative Risk Assessment
8/10/2019 6 Project Risk Management Kathys
12/20
23
Figure 11-3. Chart Showing High-, Medium-,
and Low-Risk Technologies
24
Top 10 Risk Item Tracking Top 10 Risk Item Tracking is a tool for
maintaining an awareness of risk throughout
the life of a project
Establish a periodic review of the top 10
project risk items
List the current ranking, previous ranking,
number of times the risk appears on the listover a period of time, and a summary of
progress made in resolving the risk item
8/10/2019 6 Project Risk Management Kathys
13/20
25
Table 11-7. Example of Top 10 Risk
Item TrackingMonthly Ranking
Risk Item This
Month
Last
Month
Number
of Months
Risk Resolution
Progress
Inadequate
planning
1 2 4 Working on revising the
entire project plan
Poor definition
of scope
2 3 3 Holding meetings with
project customer andsponsor to clarify scope
Absence ofleadership
3 1 2 Just assigned a newproject manager to lead
the project after old onequit
Poor costestimates 4 4 3 Revising cost estimates
Poor time
estimates
5 5 3 Revising schedule
estimates
26
Expert Judgment
Many organizations rely on the intuitive feelings
and past experience of experts to help identify
potential project risks
Experts can categorize risks as high, medium, or
low with or without more sophisticated
techniques
8/10/2019 6 Project Risk Management Kathys
14/20
27
Quantitative Risk Analysis
Often follows qualitative risk analysis, but both
can be done together or separately
Large, complex projects involving leading edge
technologies often require extensive quantitative
risk analysis
Main techniques include
decision tree analysis
simulation
28
Decision Trees and Expected Monetary
Value (EMV)
A decision tree is a diagramming method used
to help you select the best course of action in
situations in which future outcomes are
uncertain
EMV is a type of decision tree where you
calculate the expected monetary value of a
decision based on its risk event probability and
monetary value
8/10/2019 6 Project Risk Management Kathys
15/20
29
Figure 11-4. Expected Monetary Value
(EMV) Example
30
Simulation Simulation uses a representation or model of a
system to analyze the expected behavior orperformance of the system
Monte Carlo analysis simulates a modelsoutcome many times to provide a statisticaldistribution of the calculated results
To use a Monte Carlo simulation, you must
have three estimates (most likely, pessimistic,and optimistic) plus an estimate of thelikelihood of the estimate being between theoptimistic and most likely values
8/10/2019 6 Project Risk Management Kathys
16/20
31
What Went Right?A large aerospace company used Monte Carlo simulation to help quantify
risks on several advanced-design engineering projects. The NationalAerospace Plan (NASP) project involved many risks. The purpose of this
multibillion-dollar project was to design and develop a vehicle that could
fly into space using a single-stage-to-orbit approach. A single-stage-to-orbit
approach meant the vehicle would have to achieve a speed of Mach 25 (25
times the speed of sound) without a rocket booster. A team of engineers and
business professionals worked together in the mid-1980s to develop a
software model for estimating the time and cost of developing the NASP.
This model was then linked with Monte Carlo simulation software to
determine the sources of cost and schedule risk for the project. The results
of the simulation were then used to determine how the company would
invest its internal research and development funds. Although the NASP
project was terminated, the resulting research has helped develop more
advanced materials and propulsion systems used on many modern aircraft.
32
Risk Response Planning After identifying and quantifying risks, you
must decide how to respond to them
Four main strategies:
Risk avoidance: eliminating a specific threat or risk,usually by eliminating its causes
Risk acceptance: accepting the consequences shoulda risk occur
Risk transference: shifting the consequence of a riskand responsibility for its management to a thirdparty
Risk mitigation: reducing the impact of a risk eventby reducing the probability of its occurrence
8/10/2019 6 Project Risk Management Kathys
17/20
33
Table 11-8. General Risk Mitigation Strategies for
Technical, Cost, and Schedule Risks
34
Risk Monitoring and Control
Monitoring risks involves knowing their status
Controlling risks involves carrying out the riskmanagement plans as risks occur
Workarounds are unplanned responses to riskevents that must be done when there are nocontingency plans
The main outputs of risk monitoring and controlare corrective action, project change requests,and updates to other plans
8/10/2019 6 Project Risk Management Kathys
18/20
35
Risk Response Control
Risk response control involves executing the riskmanagement processes and the risk management
plan to respond to risk events
Risks must be monitored based on defined
milestones and decisions made regarding risks
and mitigation strategies
Sometimes workarounds or unplanned responses
to risk events are needed when there are nocontingency plans
36
Using Software to Assist in Project
Risk Management
Databases can keep track of risks. Many IT
departments have issue tracking databases
Spreadsheets can aid in tracking and quantifying
risks
More sophisticated risk management software,
such as Monte Carlo simulation tools, help in
analyzing project risks
8/10/2019 6 Project Risk Management Kathys
19/20
37
Figure 11-5. Sample Monte Carlo Simulation
Results for Project Schedule
38
Figure 11-6. Sample Monte Carlo Simulations
Results for Project Costs
8/10/2019 6 Project Risk Management Kathys
20/20
39
Results of Good Project Risk
Management
Unlike crisis management, good project risk
management often goes unnoticed
Well-run projects appear to be almost effortless,
but a lot of work goes into running a project
well
Project managers should strive to make their
jobs look easy to reflect the results of well-run
projects