Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Slides by: Ms. Shree Jaswal
Basic concepts,
Identification,
Assessment,
Response planning,
Management.
Chapter 9 Slides by Ms. Shree J. 2
The notion of Project risk involves two concepts:
The likelihood that some problematic events
will occur
The impact of the event if it does occur
Risk is a joint function of two; that is,
Risk=f(likelihood, impact)
Chapter 9 Slides by Ms. Shree J. 3
“Although no one can predict the future with
100 percent accuracy, having a solid
foundation , in terms of processes, tools, and
techniques, can increase our confidence in
these estimates.”
Chapter 9 Slides by Ms. Shree J. 4
Not Understanding the Benefits of Risk
Management
Not Providing Adequate Time for Risk
Management
Not Identifying and Assessing Risk Using a
Standardized Approach
Chapter 9 Slides by Ms. Shree J. 5
Commitment by all stakeholders
Stakeholder Responsibility
each risk must have an owner
Different Risks for Different Types of Projects
Chapter 9 Slides by Ms. Shree J. 6
Risk Management Planning
Risk Identification
Qualitative Risk Analysis
Quantitative Risk Analysis
Risk Response Planning
Risk Monitoring and Control
Chapter 9 Slides by Ms. Shree J. 7
PMBOK definition of Project Risk
An uncertain event or condition that, if it occurs,
has a positive or negative effect on the project
objectives.
PMBOK definition of Project Risk Management
The systematic process of identifying, analyzing,
and responding to project risk. It includes
maximizing the probability and consequences of
positive events and minimizing the probability and
consequences of adverse events.
Chapter 9 Slides by Ms. Shree J. 8
Chapter 9 Slides by Ms. Shree J. 9
Risk Planning
Requires a firm commitment to risk management
from all project stakeholders
Ensures adequate resources to plan for and manage
risk
Focuses on preparation
Chapter 9 Slides by Ms. Shree J. 10
Risk Identification of:
Threats and opportunities
Causes and effects of each risk
Effective strategies for and responses to risk
Chapter 9 Slides by Ms. Shree J. 11
Risk Assessment
What is the likelihood of a particular risk
occurring?
What is the impact on the project if it does
occur?
Chapter 9 Slides by Ms. Shree J. 12
Risk Strategies for negative risk:
Accept or ignore the risk
Avoid the risk completely.
Reduce the likelihood or impact of the risk (or both) if the risk occurs.
Transfer the risk to someone else (i.e., insurance).
Risk Strategies for positive risk: Exploitation
Sharing ownership
Enhancement of probability of impact
Accept and take advantage
Chapter 9 Slides by Ms. Shree J. 13
Risk Monitoring and Control
Risk Response
Risk Evaluation
How did we do?
What can we do better next time?
What lessons did we learn?
What best practices can be incorporated in the
risk management process?
Chapter 9 Slides by Ms. Shree J. 14
Chapter 9 Slides by Ms. Shree J. 15
Internal Risks: Internal risks originate within
the project.
Two main categories of internal risks are
market risk and technical risk.
Market risk is the risk of not fulfilling either
market needs or the requirements of
particular customers
Chapter 9 Slides by Ms. Shree J. 16
Sources of Market risk include:
Incompletely or inadequately defined
market or customer needs and
requirements.
Failure to identify changing needs and
requirements
Failure to identify newly introduced
products by competitors
Chapter 9 Slides by Ms. Shree J. 17
Market risk can be reduced by
thoroughly and accurately defining needs and
requirements at the start of the project,
and continuously monitoring and updating
requirements as needed throughout the project
Chapter 9 Slides by Ms. Shree J. 18
Technical risk
Technical risk is the risk of not meeting time,
cost, or performance requirements due to
technical problems with the end-item or
project activities.
Technical risks tend to be high in projects
involving activities that are unfamiliar or
require new ways of integration
Chapter 9 Slides by Ms. Shree J. 19
Technical risk is low in projects that involve mostly familiar activities done in customary ways.
One approach to rate the risk of project end-item or primary process as being high, medium, or low according to following features:
Chapter 9 Slides by Ms. Shree J. 20
Maturity: How ready is the end-item or process for production or use?
Complexity: How many steps, elements, or components are in the product or process, and what are their relationships?
Quality: How producible, reliable, and testable is the end-item or process?
Concurrency or Dependency: To what extent do multiple, dependent activities in the project overlap?
Chapter 9 Slides by Ms. Shree J. 21
External risks: This include the risks that stem
from sources outside the project.
Project managers and stakeholders usually have
little or no control over these.
External risk hazards include changes in:
Market Conditions
Customer needs and behavior
Competitors’ actions
Chapter 9 Slides by Ms. Shree J. 22
Supplier relations.
Government regulations
Weather (adverse)
Interest rates
Labor availability ( strikes and walkouts)
Decisions made by senior management or
customer regarding project priorities, staffing
or budgets.
Chapter 9 Slides by Ms. Shree J. 23
Material or labor resources (shortages)
External control by customers or subcontractors over project work and resources.
A project where success depends heavily on external factors is beset with much more risk than one with few dependencies on external factors.
Chapter 9 Slides by Ms. Shree J. 24
Techniques for pinpointing risks are:
Analogy
Checklists
WBS analysis
Process flowcharts
Brainstorming
Chapter 9 Slides by Ms. Shree J. 25
In the 5th layer the types of risks are:
Known : Which are bound to occur. Eg. Death
& taxes
Known-unknown: Are of identifiable
uncertainty. Eg. Utilities bill
Unknown-unknown: Are residual risks or
events that we cannot imagine happening.
Eg. The happening of internet
Chapter 9 Slides by Ms. Shree J. 26
Eg. A consulting firm has been hired by a client to develop a data warehouse that will include business intelligence to identify and better serve its more loyal customers.
Threat: Client faces a lawsuit when project was in 2nd phase of PLC Identify risk’s occurrence phase
Identify type: known,…etc
Identify type: external or internal
Identify sources
Identify impact on project’s objectives
Identify impact on project’s MOV
Chapter 9 Slides by Ms. Shree J. 27
Tools and Techniques Learning Cycles
Brainstorming
Nominal Group Technique (NGT)
Delphi Technique
Interviewing
Checklists
SWOT Analysis
Cause and Effect Diagrams
Past Projects
Chapter 9 Slides by Ms. Shree J. 28
Nominal Group Technique (NGT) a. Each individual silently writes her or his ideas on a
piece of paperb. Each idea is then written on a board or flip chart one
at a time in a round-robin fashion until each individual has listed all of his or her ideas.
c. The group then discusses and clarifies each of the ideas.
d. Each individual then silently ranks and prioritizes the ideas.
e. The group then discusses the rankings and priorities of the ideas.
f. Each individual ranks and prioritizes the ideas again. g. The rankings and prioritizations are then summarized
for the group.
Chapter 9 Slides by Ms. Shree J. 29
Documentation from previous projects can be used to create risk checklists-list of factors that may affect the project.
Risk checklists can be created for the overall project or for specific phases, work packages, or tasks within the project.
They might also specify the levels of risk associated with the risk sources.
The levels of risk may be specified as none, low, medium and high.
The greater the experience from the past projects, the more comprehensive the checklist and valid the assessed levels of risk.
Chapter 9 Slides by Ms. Shree J. 30
Chapter 9 Slides by Ms. Shree J. 31
Chapter 9 Slides by Ms. Shree J. 32
Identify the risk in terms of a threat or
opportunity.
Identify the main factors that can cause the
risk to occur.
Identify detailed factors for each of the main
factors.
Continue refining the diagram until satisfied
that the diagram is complete.
Chapter 9 Slides by Ms. Shree J. 33
Chapter 9 Slides by Ms. Shree J. 34
Chapter 9 Slides by Ms. Shree J. 35
Chapter 9 Slides by Ms. Shree J. 36
Risk analysis is to determine each identified
risk’s probability and impact on project
Risk assessment focusses on prioritizing risks
so that an effective risk strategy can be
formulated.
Chapter 9 Slides by Ms. Shree J. 37
Qualitative Approaches
Expected Value – probability weighted sum
Payoff Table
Decision Trees
Risk Impact Table
Tusler’s risk classification scheme
Chapter 9 Slides by Ms. Shree J. 38
Chapter 9 Slides by Ms. Shree J. 39
Schedule Risk A
Probability
B
Payoff (in 000s)
A . B
Prob. * Payoff
Project completed
20 days early
5% $200 $10
Project completed
10 days early
20% $150 $30
Project completed
on schedule
50% $100 $50
Project completed
10 days late
20% $ -- $ --
Project completed
20 days late
5% $ (50) $ (3)
100% $88
Expected Value
A decision tree is a diagram wherein the"
branches” represent different chance
events or design strategies.
Application of decision tree is weighing
the cost of potential project failure
against the benefit of project success.
Another application of decision trees is
in deciding between alternative risk
responses
Chapter 9 Slides by Ms. Shree J. 40
Chapter 9 Slides by Ms. Shree J. 41
Chapter 9 Slides by Ms. Shree J. 42
Risk(threats 0-100%
Probability
0-10
Impact
P . I
Score
Key member leaves project 40% 4 1.6
Client unable to define scope & requirements
50% 6 3.0
Client has financial problems 10% 9 0.9
Response time not acceptable to client
80% 6 4.8
Technology doesn’t integrate well with existing app
60% 7 4.2
Functional manager deflects resources from project
20% 3 0.6
Client unable to obtain licensing aggreements
5% 7 0.4
Chapter 9 Slides by Ms. Shree J. 43
Quantitative Approaches
Discrete Probability Distributions
Binomial
Continuous Probability Distributions
Normal
PERT
Triangular
Simulations
Chapter 9 Slides by Ms. Shree J. 44
Chapter 9 Slides by Ms. Shree J. 45
Chapter 9 Slides by Ms. Shree J. 46
shape is determined by its mean (µ) and standard deviation ()
Probability is associated with area under the curve.
Since the distribution is symmetrical, the following probability rules of thumb apply
About 68 percent of all the values will fall between +1 of the mean
About 95 percent of all the values will fall between +2 of the mean
About 99 percent of all the values will fall between +3 of the mean
Chapter 9 Slides by Ms. Shree J. 47
Eg. Suppose a project has a mean duration of
10 days and has a standard deviation of 2
days. We could estimate that we would be
about 95% certain that the project’s task
would be complete within 6 to 14 days, using
rule of thumb, µ +2 = 10 +2x2.
In addition, we could also say that we would be
99% confident that the task would be completed
between 4 and 16 days, µ +3 = 10 +3x2
Chapter 9 Slides by Ms. Shree J. 48
Chapter 9 Slides by Ms. Shree J. 49
PERT distribution uses a three-point estimate
where:
a denotes an optimistic estimate
b denotes a most likely estimate
c denotes a pessimistic estimate
PERT Mean = (a + 4m + b) / 6
PERT Standard Deviation = (b - a) / 6
In the previous slide, a=2, m=4 and b=8
Chapter 9 Slides by Ms. Shree J. 50
Chapter 9 Slides by Ms. Shree J. 51
uses a three-point estimate similar to the PERT
distribution where:
a denotes an optimistic estimate
m denotes a most likely estimate
b denotes a pessimistic estimate
weighting for the mean and standard deviation
are different from PERT
TRIANG Mean = (a + m + b) / 3
TRIANG Standard Deviation =
[((b-a)2 + (m-a)(m-b)) /18]1/2
In the previous slide, a=4, m=6 and b=10
Chapter 9 Slides by Ms. Shree J. 52
In assigning likelihood values or ratings to risk factors, it is best to use collective judgment, including as much knowledge and experience as possible.
When a project has multiple, independent risk sources, they can be combined and expressed as a single composite likelihood factor or CLF.
CLF can be computed as a weighted average CLF=(W1)Mh+(W2)Ch +(W3)Ms +(W4)Cs+(W5)D
Where W1,W2,W3,W4,W5 have values in the range of 0 to 1 and their sum is 1
Chapter 9 Slides by Ms. Shree J. 53
Where,
Mh: failure likelihood due to immaturity of hardware
Ms: failure likelihood due to immaturity of software
Ch: failure likelihood due to complexity of hardware
Cs: failure likelihood due to complexity of software
D: failure likelihood due to dependency on external factors
Chapter 9 Slides by Ms. Shree J. 54
Just as likelihoods from multiple risks can be
combined, so can the impacts from multiple risk
sources
CIF=(W1)TI +(W2)CI +(W3)SI
Where TI is technical impact, CI is cost impact & SI
is schedule impact
Risk consequence can be expressed as a
numerical rating
Risk consequence Rating is, RCR=CLF+CIF-
(CLF)(CIF)
Chapter 9 Slides by Ms. Shree J. 55
Expected value:
Expected value= ∑ [(Outcomes) * (Likelihoods)]
To account for risk, risk project time and cost consequences are determined using expected values
Chapter 9 Slides by Ms. Shree J. 56
Risk consequence on project duration is called
risk time, RT.
IT is the expected values of the estimated time
required for risk correction
RT=(Corrective time)*(Likelihood)
RC=(Corrective cost)*(Likelihood)
ET(expected project completion time)=
BTE(Baseline time estimate)+RT
EC(expected project completion
cost)=BCE(Baseline cost estimate)+RC
Chapter 9 Slides by Ms. Shree J. 57
EG: Baseline time estimate (BTE)=26 weeks
BCE=$71,000
Risk likelihood=0.3, should the risk
materialize it will delay the project by 5
weeks and increase costs by $10,000
Prob of risk not materializing is 0.7
Chapter 9 Slides by Ms. Shree J. 58
RT=(5)(0.3) +(0)(0.7)=1.5weeks
RC=($10,000)(0.3)+(0)(0.7)=$3,000
Expected project completion time is
ET=BTE+RT=26 +1.5=27.5 weeks
EC=BCE+RC= 71,000+3,000=$74,000
Chapter 9 Slides by Ms. Shree J. 59
When corrective time and cost cannot be
estimated, the ET and EC can be computed
ET=BTE(1+likelihood)=26(1.3)=
33.8weeks
EC=BCE(1+likelihood)=$71,000(1.3)=
$92,300
Chapter 9 Slides by Ms. Shree J. 60
Monte Carlo
a technique that randomly generates
specific values for a variable with a specific
probability distribution.
goes through a specific number of
iterations or trials and records the
outcome.
@risk: Its an add-on tool to Microsoft
project
Sensitivity Analysis
Tornado Graph
Chapter 9 Slides by Ms. Shree J. 61
Chapter 9 Slides by Ms. Shree J. 1-62
Risk Simulation Using @Risk for Microsoft
Project
Chapter 9 Slides by Ms. Shree J. 63
Chapter 9 Slides by Ms. Shree J. 64
Chapter 9 Slides by Ms. Shree J. 65
It is not feasible or advisable to respond to
every possible threat or opportunity
identified as that will cause resources to be
diverted from the real project work.
The risk strategy depends on:
The nature of the risk itself
The impact of the risk on the project’s MOV
and objectives
The project’s constraints in terms of scope,
schedule, budget, and quality requirements
Risk tolerances or preferences of the
various project stakeholders.
Chapter 9 Slides by Ms. Shree J. 66
Accept or Ignore
Not all risks are severe or fatal, and if the cost of avoiding, reducing, or transferring the risk exceeds the benefit, then “do nothing” might be advisable.
This approach will not be chosen for risks where impacts are severe.
For risks that have low probability but high impact following can be used:
Management Reserves
Contingency Reserves
Contingency plans
Chapter 9 Slides by Ms. Shree J. 67
Avoidance
Risks can be avoided by altering the original
project concept.
Even though risk factors can be avoided,
not all can be eliminated.
Also avoiding risk can diminish payoff
opportunities.
Because the potential benefit of such a
project is proportionate to the size of the
risk, it is better to reduce the risk to an
acceptable level rather than completely
avoid risk.
Chapter 9 Slides by Ms. Shree J. 68
Mitigate – Reduce likelihood and/or impact.
There are many ways to reduce risk:
Employ the best technical team
Base decisions on models and simulations
of key technical parameters.
Use mature, computer-aided system
engineering tools
Chapter 9 Slides by Ms. Shree J. 69
Transfer – e.g. insurance
The contractor and customer may decide
to split the risk through a contractual
agreement in which each manages the
risk they can handle best.
It is impossible to entirely transfer the
risk to one party or another.
Chapter 9 Slides by Ms. Shree J. 70
The project risk
The trigger which flags that the risk has occurred
The owner of the risk (i.e., the person or group
responsible for monitoring the risk and ensuring that
the appropriate risk response is carried out)
The risk response based on one of the four basic risk
strategies
Chapter 9 Slides by Ms. Shree J. 71
Risk Information Sheet
Risk ID: Date: Probability: Impact:
Description:
Refinement/context:
Mitigation/monitoring:
Management/contingency plan/trigger:
Current status:
Originator: Assigned:
Chapter 9 Slides by Ms. Shree J. 72
tools for monitoring and controlling
project risk
Risk Audits by external people
Risk Reviews by internal team members
Risk Status Meetings and Reports
Chapter 9 Slides by Ms. Shree J. 73
Chapter 9 Slides by Ms. Shree J. 74
lessons learned and best practices help us to:
Increase our understanding of IT project risk in general.
Understand what information was available to managing risks and for making risk-related decisions.
Understand how and why a particular decision was made.
Understand the implications not only of the risks but also the decisions that were made.
Learn from our experience so that others may not have to repeat our mistakes.
Chapter 9 Slides by Ms. Shree J. 75