View
216
Download
1
Tags:
Embed Size (px)
Citation preview
Jump to first page
1
9. Managing project risk Project risk management is the art and
science of identifying, assigning, and responding to risk throughout the life of a project and in the best interests of meeting project objectives
Risk management is often overlooked, but it can help improve project success by helping select good projects, determining project scope, and developing realistic estimates
Jump to first page
2
9. What is risk? A dictionary definition of risk is “the possibility
of loss or injury” Project risk involves understanding potential
problems that might occur on the project and how they might impede project success
Risk management is like a form of insurance; it is an investment.
Jump to first page
3
9. Why take risks?
OpportunitiesRisks
Try to balance risks and opportunities
Jump to first page
4
9. Risk utility Risk utility or risk tolerance is the amount of
satisfaction or pleasure received from a potential payoff Utility rises at a decreasing rate for a person
who is risk-averse Those who are risk-seeking have a higher
tolerance for risk and their satisfaction increases when more payoff is at stake
The risk neutral approach achieves a balance between risk and payoff
Jump to first page
5
9. Risk utility function
Jump to first page
6
9. Common source of risks for IT projects
Several studies show that IT projects share some common sources of risk
The Standish Group developed an IT success potential scoring sheet based on potential risks
McFarlan developed a risk questionnaire to help assess risk
Other broad categories of risk help identify potential risks
Jump to first page
7
9. McFarlan’s risk questionnaire1. What is the project estimate in calendar (elapsed) time?
( ) 12 months or less Low = 1 point
( ) 13 months to 24 months Medium = 2 points
( ) Over 24 months High = 3 points
2. What is the estimated number of person days for the system?
( ) 12 to 375 Low = 1 point
( ) 375 to 1875 Medium = 2 points
( ) 1875 to 3750 Medium = 3 points
( ) Over 3750 High = 4 points
3. Number of departments involved (excluding IT)
( ) One Low = 1 point
( ) Two Medium = 2 points
( ) Three or more High = 3 points
4. Is additional hardware required for the project?
( ) None Low = 0 points
( ) Central processor type change Low = 1 point
( ) Peripheral/storage device changes Low = 1
( ) Terminals Med = 2
( ) Change of platform, for example High = 3
PCs replacing mainframes
Jump to first page
8
9. Risk types Market risk: Will the new product be useful to the
organization or marketable to others? Will users accept and use the product or service?
Financial risk: Can the organization afford to undertake the project? Is this project the best way to use the company’s financial resources?
Technology risk: Is the project technically feasible? Could the technology be obsolete before a useful product can be produced?
Jump to first page
9
9. Technology riskDavid Anderson, a project manager for Kaman Sciences Corp., shared his lessons learned from a project failure in an article for CIO Enterprise Magazine. After spending two years and several hundred thousand dollars on a project to provide new client-server based financial and human resources information systems for their company, Anderson and his team finally admitted they had a failure on their hands. Anderson admitted that he was too enamored by using cutting edge technology and took a high-risk approach on the project. He "ramrodded through" what the project team was going to do, and he admitted that he was wrong. The company finally decided to switch to a more stable technology to meet the business needs of the company.
Hildebrand, Carol. “If At First You Don’t Succeed,” CIO Enterprise Magazine, April 15, 1998
Jump to first page
10
9. What is project risk? The goal of project risk management is to minimize
potential risks while maximizing potential opportunities. Major processes include Risk identification: determining which risks are likely
to affect a project Risk quantification: evaluating risks to assess the
range of possible project outcomes Risk response development: taking steps to
enhance opportunities and developing responses to threats
Risk response control: responding to risks over the course of the project
Jump to first page
11
9. Identifying risk Risk identification is the process of
understanding what potential unsatisfactory outcomes are associated with a particular project
Several risk identification tools include checklists, flowcharts, and interviews
Jump to first page
12
9. Potential risk areasKnowledge Area Risk Conditions
Integration Inadequate planning; poor resource allocation; poor integrationmanagement; lack of post-project review
Scope Poor definition of scope or work packages; incomplete definitionof quality requirements; inadequate scope control
Time Errors in estimating time or resource availability; poor allocationand management of float; early release of competitive products
Cost Estimating errors; inadequate productivity, cost, change, orcontingency control; poor maintenance, security, purchasing, etc.
Quality Poor attitude toward quality; substandarddesign/materials/workmanship; inadequate quality assuranceprogram
Human Resources Poor conflict management; poor project organization anddefinition of responsibilities; absence of leadership
Communications Carelessness in planning or communicating; lack of consultationwith key stakeholders
Risk Ignoring risk; unclear assignment of risk; poor insurancemanagement
Procurement Unenforceable conditions or contract clauses; adversarial relations
Jump to first page
13
9. Quantifying risk Risk quantification or risk analysis is the
process of evaluating risks to assess the range of possible project outcomes
Determine the risk’s probability of occurrence and its impact to the project if the risk does occur
Risk quantification techniques include expected monetary value analysis, calculation of risk factors, PERT estimations, simulations, and expert judgment
Jump to first page
14
9. Expected Monetary Value
Jump to first page
15
Bid the Best Project by utilizing EMV and your personal risk tolerance
Project Chance of Outcome Estimated Profits
Project 150%50%
$120,000-$50,000
Project 2
30%40%30%
$100,000$50,000-$60,000
Project 370%30%
$20,000-$5,000
Project 4
30%30%20%20%
$40,000$30,000$20,000-$50,000
Jump to first page
16
9. Simulation for quantifying riskMcDonnell Aircraft Company used Monte Carlo simulation to help quantify risks on several advanced-design engineering projects. The National Aerospace Plan (NASP) project involved many risks. The purpose of this multi-billion dollar project was to design and develop a vehicle that could fly into space using a single-stage-to-orbit approach. A single-stage-to-orbit approach meant the vehicle would have to achieve a speed of Mach 25 (25 times the speed of sound) without a rocket booster. A team of engineers and business professionals worked together in the mid-1980s to develop a software model for estimating the time and cost of developing the NASP. This model was then linked with Monte Carlo simulation software to determine the sources of cost and schedule risk for the project. The results of the simulation were then used to determine how the company would invest its internal research and development funds. Although the NASP project was terminated, the resulting research has helped develop more advanced materials and propulsion systems used on many modern aircraft.
Jump to first page
17
9. Expert judgment Many organizations rely on the intuitive
feelings and past experience of experts to help identify potential project risks
The Delphi method is a technique for deriving a consensus among a panel of experts to make predictions about future developments
Jump to first page
18
9. Response to risk Risk avoidance: eliminating a specific threat
or risk, usually by eliminating its causes Risk acceptance: accepting the
consequences should a risk occur Risk mitigation: reducing the impact of a risk
event by reducing the probability of its occurrence
Jump to first page
19
9. Risk Mitigation Strategies
Technical Risks Cost Risks Schedule Risks
Emphasize team supportand avoid stand aloneproject structure
Increase the frequency ofproject monitoring
Increase the frequency ofproject monitoring
Increase project managerauthority
Use WBS and PERT/CPM Use WBS and PERT/CPM
Improve problem handlingand communication
Improve communication,project goals understandingand team support
Select the most experiencedproject manager
Increase the frequency ofproject monitoring
Increase project managerauthority
Use WBS and PERT/CPM
Jump to first page
20
9. Risk planning A risk management plan documents the
procedures for managing risk throughout the project
Contingency plans are predefined actions that the project team will take if an identified risk event occurs
Contingency reserves are provisions held by the project sponsor for possible changes in project scope or quality that can be used to mitigate cost and/or schedule risk
Jump to first page
21
9. Risk management questions Why is it important to take/not take this risk in
relation to the project objectives? What specifically is the risk and what are the risk
mitigation deliverables? How is the risk going to be mitigated? (What risk
mitigation approach is to be used?) Who are the individuals responsible for implementing
the risk management plan? When will the milestones associated with the
mitigation approach occur? How much is required in terms of resources to
mitigate risk?
Jump to first page
22
9. Response to risks Risk response control involves executing the
risk management processes and the risk management plan to respond to risk events
Risks must be monitored based on defined milestones and decisions made regarding risks and mitigation strategies
Sometimes workarounds or unplanned responses to risk events are needed when there are no contingency plans
Jump to first page
23
9. Tracking risks Top 10 risk item tracking is a tool for
maintaining an awareness of risk throughout the life of a project
Establish a periodic review of the top 10 project risk items
List the current ranking, previous ranking, number of times the risk appears on the list over a period of time, and a summary of progress made in resolving the risk item
Jump to first page
24
9. Example for risk tracking Monthly Ranking
Risk Item This
Month
Last
Month
Number of Months
Risk Resolution Progress
Inadequate planning
1 2 4 Working on revising the entire project plan
Poor definition of scope
2 3 3 Holding meetings with project customer and sponsor to clarify scope
Absence of leadership
3 1 2 Just assigned a new project manager to lead the project after old one quit
Poor cost estimates
4 4 3 Revising cost estimates
Poor time estimates
5 5 3 Revising schedule estimates
Jump to first page
25
9. Tools for tracking risks Databases can keep track of risks Spreadsheets can aid in tracking and
quantifying risks More sophisticated risk management
software helps develop models and uses simulation to analyze and respond to various project risks
Jump to first page
26
9. Good project risk management Unlike crisis management, good project risk
management often goes unnoticed Well-run projects appear to be almost
effortless, but a lot of work goes into running a project well
Project managers should strive to make their jobs look easy to reflect the results of well-run projects
Jump to first page
27
Jump to first page
28
9. Discussion questions Can you avoid risks? What are common sources of risk for IT
projects? How does spreadsheet help to quantify risk? How does simulation help to quantify risk? What is the best way to plan for risks? What is the difference between contingency
plan and contingency reserve?
Jump to first page
29
9. Discussion questions Read and comment on interview questions
and answers at the end of this chapter. What question or which response do you find interesting and why?
Which group of risks (internal, external) described in this chapter is more critical to an information system project? Why? What is the most critical risk for any information system project?
Jump to first page
30
9. Discussion questions Is user involvement important to risk
management? Why? Comment on sources of risk:
continued management support top management style alignment with organizational needs user acceptance shifting goals and objectives
Jump to first page
31
9. Discussion questions Comment on sources of risk:
vendors consultants contract employees market and change fluctuation government regulation
What are effective ways of avoiding the risk of losing internal talents to external providers?