Slides by: Ms. Shree Jaswalssjaswal.com/wp-content/uploads/2018/10/SPM_Chp9.pdf · The notion of Project risk involves two concepts: The likelihood that some problematic events will

Slides by: Ms. Shree Jaswal

Basic concepts,

Identification,

Assessment,

Response planning,

Management.

Chapter 9 Slides by Ms. Shree J. 2

The notion of Project risk involves two concepts:

The likelihood that some problematic events

will occur

The impact of the event if it does occur

Risk is a joint function of two; that is,

Risk=f(likelihood, impact)


“Although no one can predict the future with

100 percent accuracy, having a solid

foundation , in terms of processes, tools, and

techniques, can increase our confidence in

these estimates.”


Not Understanding the Benefits of Risk

Management

Not Providing Adequate Time for Risk

Management

Not Identifying and Assessing Risk Using a

Standardized Approach


Commitment by all stakeholders

Stakeholder Responsibility

each risk must have an owner

Different Risks for Different Types of Projects


Risk Management Planning

Risk Identification

Qualitative Risk Analysis

Quantitative Risk Analysis

Risk Response Planning

Risk Monitoring and Control


PMBOK definition of Project Risk

An uncertain event or condition that, if it occurs,

has a positive or negative effect on the project

objectives.

PMBOK definition of Project Risk Management

The systematic process of identifying, analyzing,

and responding to project risk. It includes

maximizing the probability and consequences of

positive events and minimizing the probability and

consequences of adverse events.



Risk Planning

Requires a firm commitment to risk management

from all project stakeholders

Ensures adequate resources to plan for and manage

risk

Focuses on preparation


Risk Identification of:

Threats and opportunities

Causes and effects of each risk

Effective strategies for and responses to risk


Risk Assessment

What is the likelihood of a particular risk

occurring?

What is the impact on the project if it does

occur?


Risk Strategies for negative risk:

Accept or ignore the risk

Avoid the risk completely.

Reduce the likelihood or impact of the risk (or both) if the risk occurs.

Transfer the risk to someone else (i.e., insurance).

Risk Strategies for positive risk: Exploitation

Sharing ownership

Enhancement of probability of impact

Accept and take advantage


Risk Monitoring and Control

Risk Response

Risk Evaluation

How did we do?

What can we do better next time?

What lessons did we learn?

What best practices can be incorporated in the

risk management process?



Internal Risks: Internal risks originate within

the project.

Two main categories of internal risks are

market risk and technical risk.

Market risk is the risk of not fulfilling either

market needs or the requirements of

particular customers


Sources of Market risk include:

Incompletely or inadequately defined

market or customer needs and

requirements.

Failure to identify changing needs and

requirements

Failure to identify newly introduced

products by competitors


Market risk can be reduced by

thoroughly and accurately defining needs and

requirements at the start of the project,

and continuously monitoring and updating

requirements as needed throughout the project


Technical risk

Technical risk is the risk of not meeting time,

cost, or performance requirements due to

technical problems with the end-item or

project activities.

Technical risks tend to be high in projects

involving activities that are unfamiliar or

require new ways of integration


Technical risk is low in projects that involve mostly familiar activities done in customary ways.

One approach to rate the risk of project end-item or primary process as being high, medium, or low according to following features:


Maturity: How ready is the end-item or process for production or use?

Complexity: How many steps, elements, or components are in the product or process, and what are their relationships?

Quality: How producible, reliable, and testable is the end-item or process?

Concurrency or Dependency: To what extent do multiple, dependent activities in the project overlap?


External risks: This include the risks that stem

from sources outside the project.

Project managers and stakeholders usually have

little or no control over these.

External risk hazards include changes in:

Market Conditions

Customer needs and behavior

Competitors’ actions


Supplier relations.

Government regulations

Weather (adverse)

Interest rates

Labor availability ( strikes and walkouts)

Decisions made by senior management or

customer regarding project priorities, staffing

or budgets.


Material or labor resources (shortages)

External control by customers or subcontractors over project work and resources.

A project where success depends heavily on external factors is beset with much more risk than one with few dependencies on external factors.


Techniques for pinpointing risks are:

Analogy

Checklists

WBS analysis

Process flowcharts

Brainstorming


In the 5th layer the types of risks are:

Known : Which are bound to occur. Eg. Death

& taxes

Known-unknown: Are of identifiable

uncertainty. Eg. Utilities bill

Unknown-unknown: Are residual risks or

events that we cannot imagine happening.

Eg. The happening of internet


Eg. A consulting firm has been hired by a client to develop a data warehouse that will include business intelligence to identify and better serve its more loyal customers.

Threat: Client faces a lawsuit when project was in 2nd phase of PLC Identify risk’s occurrence phase

Identify type: known,…etc

Identify type: external or internal

Identify sources

Identify impact on project’s objectives

Identify impact on project’s MOV


Tools and Techniques Learning Cycles

Brainstorming

Nominal Group Technique (NGT)

Delphi Technique

Interviewing

Checklists

SWOT Analysis

Cause and Effect Diagrams

Past Projects


Nominal Group Technique (NGT) a. Each individual silently writes her or his ideas on a

piece of paperb. Each idea is then written on a board or flip chart one

at a time in a round-robin fashion until each individual has listed all of his or her ideas.

c. The group then discusses and clarifies each of the ideas.

d. Each individual then silently ranks and prioritizes the ideas.

e. The group then discusses the rankings and priorities of the ideas.

f. Each individual ranks and prioritizes the ideas again. g. The rankings and prioritizations are then summarized

for the group.


Documentation from previous projects can be used to create risk checklists-list of factors that may affect the project.

Risk checklists can be created for the overall project or for specific phases, work packages, or tasks within the project.

They might also specify the levels of risk associated with the risk sources.

The levels of risk may be specified as none, low, medium and high.

The greater the experience from the past projects, the more comprehensive the checklist and valid the assessed levels of risk.




Identify the risk in terms of a threat or

opportunity.

Identify the main factors that can cause the

risk to occur.

Identify detailed factors for each of the main

factors.

Continue refining the diagram until satisfied

that the diagram is complete.





Risk analysis is to determine each identified

risk’s probability and impact on project

Risk assessment focusses on prioritizing risks

so that an effective risk strategy can be

formulated.


Qualitative Approaches

Expected Value – probability weighted sum

Payoff Table

Decision Trees

Risk Impact Table

Tusler’s risk classification scheme



Schedule Risk A

Probability

B

Payoff (in 000s)

A . B

Prob. * Payoff

Project completed

20 days early

5% $200 $10

Project completed

10 days early

20% $150 $30

Project completed

on schedule

50% $100 $50

Project completed

10 days late

20% $ -- $ --

Project completed

20 days late

5% $ (50) $ (3)

100% $88

Expected Value

A decision tree is a diagram wherein the"

branches” represent different chance

events or design strategies.

Application of decision tree is weighing

the cost of potential project failure

against the benefit of project success.

Another application of decision trees is

in deciding between alternative risk

responses




Risk(threats 0-100%

Probability

0-10

Impact

P . I

Score

Key member leaves project 40% 4 1.6

Client unable to define scope & requirements

50% 6 3.0

Client has financial problems 10% 9 0.9

Response time not acceptable to client

80% 6 4.8

Technology doesn’t integrate well with existing app

60% 7 4.2

Functional manager deflects resources from project

20% 3 0.6

Client unable to obtain licensing aggreements

5% 7 0.4


Quantitative Approaches

Discrete Probability Distributions

Binomial

Continuous Probability Distributions

Normal

PERT

Triangular

Simulations




shape is determined by its mean (µ) and standard deviation ()

Probability is associated with area under the curve.

Since the distribution is symmetrical, the following probability rules of thumb apply

About 68 percent of all the values will fall between +1 of the mean




Eg. Suppose a project has a mean duration of

10 days and has a standard deviation of 2

days. We could estimate that we would be

about 95% certain that the project’s task

would be complete within 6 to 14 days, using

rule of thumb, µ +2 = 10 +2x2.

In addition, we could also say that we would be

99% confident that the task would be completed

between 4 and 16 days, µ +3 = 10 +3x2



PERT distribution uses a three-point estimate

where:

a denotes an optimistic estimate

b denotes a most likely estimate

c denotes a pessimistic estimate

PERT Mean = (a + 4m + b) / 6

PERT Standard Deviation = (b - a) / 6

In the previous slide, a=2, m=4 and b=8



uses a three-point estimate similar to the PERT

distribution where:

a denotes an optimistic estimate

m denotes a most likely estimate

b denotes a pessimistic estimate

weighting for the mean and standard deviation

are different from PERT

TRIANG Mean = (a + m + b) / 3

TRIANG Standard Deviation =

[((b-a)2 + (m-a)(m-b)) /18]1/2

In the previous slide, a=4, m=6 and b=10


In assigning likelihood values or ratings to risk factors, it is best to use collective judgment, including as much knowledge and experience as possible.

When a project has multiple, independent risk sources, they can be combined and expressed as a single composite likelihood factor or CLF.

CLF can be computed as a weighted average CLF=(W1)Mh+(W2)Ch +(W3)Ms +(W4)Cs+(W5)D

Where W1,W2,W3,W4,W5 have values in the range of 0 to 1 and their sum is 1


Where,

Mh: failure likelihood due to immaturity of hardware

Ms: failure likelihood due to immaturity of software

Ch: failure likelihood due to complexity of hardware

Cs: failure likelihood due to complexity of software

D: failure likelihood due to dependency on external factors


Just as likelihoods from multiple risks can be

combined, so can the impacts from multiple risk

sources

CIF=(W1)TI +(W2)CI +(W3)SI

Where TI is technical impact, CI is cost impact & SI

is schedule impact

Risk consequence can be expressed as a

numerical rating

Risk consequence Rating is, RCR=CLF+CIF-

(CLF)(CIF)


Expected value:

Expected value= ∑ [(Outcomes) * (Likelihoods)]

To account for risk, risk project time and cost consequences are determined using expected values


Risk consequence on project duration is called

risk time, RT.

IT is the expected values of the estimated time

required for risk correction

RT=(Corrective time)*(Likelihood)

RC=(Corrective cost)*(Likelihood)

ET(expected project completion time)=

BTE(Baseline time estimate)+RT

EC(expected project completion

cost)=BCE(Baseline cost estimate)+RC


EG: Baseline time estimate (BTE)=26 weeks

BCE=$71,000

Risk likelihood=0.3, should the risk

materialize it will delay the project by 5

weeks and increase costs by $10,000

Prob of risk not materializing is 0.7


RT=(5)(0.3) +(0)(0.7)=1.5weeks

RC=($10,000)(0.3)+(0)(0.7)=$3,000

Expected project completion time is

ET=BTE+RT=26 +1.5=27.5 weeks

EC=BCE+RC= 71,000+3,000=$74,000


When corrective time and cost cannot be

estimated, the ET and EC can be computed

ET=BTE(1+likelihood)=26(1.3)=

33.8weeks

EC=BCE(1+likelihood)=$71,000(1.3)=

$92,300


Monte Carlo

a technique that randomly generates

specific values for a variable with a specific

probability distribution.

goes through a specific number of

iterations or trials and records the

outcome.

@risk: Its an add-on tool to Microsoft

project

Sensitivity Analysis

Tornado Graph


Chapter 9 Slides by Ms. Shree J. 1-62

Risk Simulation Using @Risk for Microsoft

Project




It is not feasible or advisable to respond to

every possible threat or opportunity

identified as that will cause resources to be

diverted from the real project work.

The risk strategy depends on:

The nature of the risk itself

The impact of the risk on the project’s MOV

and objectives

The project’s constraints in terms of scope,

schedule, budget, and quality requirements

Risk tolerances or preferences of the

various project stakeholders.


Accept or Ignore

Not all risks are severe or fatal, and if the cost of avoiding, reducing, or transferring the risk exceeds the benefit, then “do nothing” might be advisable.

This approach will not be chosen for risks where impacts are severe.

For risks that have low probability but high impact following can be used:

Management Reserves

Contingency Reserves

Contingency plans


Avoidance

Risks can be avoided by altering the original

project concept.

Even though risk factors can be avoided,

not all can be eliminated.

Also avoiding risk can diminish payoff

opportunities.

Because the potential benefit of such a

project is proportionate to the size of the

risk, it is better to reduce the risk to an

acceptable level rather than completely

avoid risk.


Mitigate – Reduce likelihood and/or impact.

There are many ways to reduce risk:

Employ the best technical team

Base decisions on models and simulations

of key technical parameters.

Use mature, computer-aided system

engineering tools


Transfer – e.g. insurance

The contractor and customer may decide

to split the risk through a contractual

agreement in which each manages the

risk they can handle best.

It is impossible to entirely transfer the

risk to one party or another.


The project risk

The trigger which flags that the risk has occurred

The owner of the risk (i.e., the person or group

responsible for monitoring the risk and ensuring that

the appropriate risk response is carried out)

The risk response based on one of the four basic risk

strategies


Risk Information Sheet

Risk ID: Date: Probability: Impact:

Description:

Refinement/context:

Mitigation/monitoring:

Management/contingency plan/trigger:

Current status:

Originator: Assigned:


tools for monitoring and controlling

project risk

Risk Audits by external people

Risk Reviews by internal team members

Risk Status Meetings and Reports



lessons learned and best practices help us to:

Increase our understanding of IT project risk in general.

Understand what information was available to managing risks and for making risk-related decisions.

Understand how and why a particular decision was made.

Understand the implications not only of the risks but also the decisions that were made.

Learn from our experience so that others may not have to repeat our mistakes.


Documents

Slides by: Ms. Shree Jaswalssjaswal.com/wp-content/uploads/2018/10/SPM_Chp9.pdf · The notion of Project risk involves two concepts: The likelihood that some problematic events will