Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Risk - University of Houston-Clear Lake:: Management Information

advertisement 
Risk: Managing Project Uncertainties
Systems Analysis and Design: Paper 3
Carl Dolezal
University of Houston Clear Lake
carl.dolezal@utmb.edu
Abstract:
How a project team addresses project risk is a critical factor to the success or failure of a project. By
adequately identifying risk and effective risk management strategies, organizations can improve
their project success rates. An effective risk management strategy should be a critical component of
any project plan.
Introduction:
Deborah Weiss, Meta Group program director of enterprise planning and architecture strategies,
believes that up to 72 percent of all IT projects are late, over budget, lack functionality or are never
delivered as planned [1]. During a time when technology has become a principle tool for allowing
businesses to take advantage of opportunities, project success rates can be a principle factor in an
organization’s success or failure. Risk management is a methodology used to address project risk
factors and help improve project success rates.
What is Risk and Risk Management?
Project managers continually have to balance multiple resources, obstacles, and challenges over the
life of a project. Risk is an important project issue that should be addressed. Risk has three
components: the event that could occur, the probability that the event will occur, and the impact
that the event would have on the project should that event occur [2 ]. Risk management involves
identifying project risks and developing appropriate response strategies to address them. Risk
management is an ongoing process that continues throughout the SDLC.
Types of Risk:
There are two basic types of risk: business risk, and pure risk [2]. Business risks have a positive
characteristic of a potential gain for an organization. They also have a potential for loss. Business
risks can typically be managed. In contrast, pure risks (sometimes referred to as ‘insurable risks’)
cannot be managed. Pure risks are risks that should not be attempted by an organization or project
team. An example of a pure risk is a natural disaster. Another more common example of a projectrelated pure risk occurs when an organization chooses to approve a project based on a majority of
the requirements being within scope of the organization’s expertise and experience, while one or
more requirements are uncontrollable or outside the scope of the organization’s expertise.
Project managers that have a strong ability to identify risk events and their potential impacts on a
project have the ability to help influence a more favorable project outcome. A risk management
model should be developed to help control the types of risk an organization is willing to accept.
Risk Tolerance:
There are three common classifications for risk: risk averter, risk neutral, and risk seeker [6]. Risk
averters prefer projects where the outcomes are more certain. Risk seekers thrive in environments
of high-uncertainty and high stakes. Those who are risk neutral accommodate risk when there is an
1
equivalent potential payoff for the risk they assume. The risk tolerance of the project manager
should match the risk tolerance of the project and organizational culture.
Risk Management Models:
A risk management model is a group of formalized guidelines and procedures for addressing risk.
The model should start with the project selection phase. During this phase, the priority of the
project should be identified and weighted against other organization priorities to determine the
amount of resources needed and what levels of competition and demand are for those resources. If
a higher-priority project requires all of an organization’s resources, a lower priority project
requiring the same resources will not be successful.
The desired schedule is another risk factor to consider when selecting a project. Timelines that
appear reasonable at first may actually be unreasonable when compared against other projects,
available resources, a work schedules. Care must be taken when developing and reviewing a
project’s schedule to ensure that all potential influences on the schedule are included.
Perhaps the most important tool for identifying risk is a project’s work breakdown structure
(WBS). The WBS includes important information about the project’s tasks. Each of those tasks is
instrumental in identifying the specific type of resources needed by the project. It will become
quickly apparent whether or not the organization has the skills and resources available to perform
the WBS tasks. If resources are not available, the organization will have to consider alternatives
such as outsourcing, staffing-up at acquire skills, or not approving the project.
The WBS will also help to identify when multiple tasks
must be completed before another specific process can
start. In Figure 1, tasks K, G, and A must all be completed
before task H can begin. A delay in any one of these single
tasks will prolong the project (especially if the tasks are
on the project’s critical path). Projects requiring multiple
path convergences like this will have higher risks
associated with them.
WBS Task K
WBS Task G
WBS Task A
WBS Task H
Figure 1
A risk management model should be used to develop a risk management plan for the project.
Risk Management Plans:
The risk management plan is the beginning of the risk management process. A risk management
plan is used to communicate the processes used to manage the risks of the project for which it was
developed. The risk management plan includes two parts: risk management planning and risk
response planning [3]. The risk management plan defines and communicates how project risks are
identified, how they are managed by the project team, and how they are tracked. By successfully
planning for risk, an organization can improve its performance, profits, efficiency, and better meet
goals [4]. The risk management plan includes the methodology used to manage risk, monitors and
controls, roles and responsibilities, funding, how to measure risk, level of responsibility, a
communication plan, and risk tracking and documentation processes.
Risk Management Methodology:
This section of the risk management plan describes the tools and techniques used to
identify risks and how the project team will respond to project risk.
2
Monitors and Controls:
This section includes how risk will be monitored throughout the duration of the project’s
life. Project team members will have responsibilities for monitoring risk and reporting
(communicating) any changes in the status of risk.
Roles and Responsibilities:
This section of the risk management plan clearly lists and defines each of the project team
member’s roles and responsibilities for the project. Each of the team members should know
when and how to report problem events during a project and understand the reporting
process that needs to be followed. This will allow project leadership to understand and
address risk issues as they arise.
Risk Analysis and Measurement Methodology:
This section of the risk management plan describes how risk is analyzed and measured. It
should include a methodology for scoring and evaluating risk that is clearly understood by
the project team and stakeholders. There are many mathematical formulas and methods for
measuring risk. The ones selected by the organization or project team should be clearly
defined in this section of the plan.
Levels of Risk Response Responsibility:
All risks are not created equal. Each risk has a varying level of impact on the project. Each
member of the project team should have a certain amount of authority to address risk, but
should pass events on to the next higher authority if the specific risk reaches a
predetermined level (threshold).
Funding:
Funding is an important part of the risk management plan. A lack of funding or project
overruns can easily cause a project to fail. Plans should be in place to provide contingency
funding for a project and define when and how those funds will be used.
Risk Communication Plan (Reporting):
This section of the risk management plan defines how and who will receive and review
reports of project risk as they occur. The entire project team and stakeholders should have
appropriate tracking and documentation related to risks as they occur and the risk
communication plan defines how this process takes place.
Risk Tracking and Documentation:
The risk tracking and documentation section of the risk management plan defines how risk
is tracked, archived, and reviewed. Risk tracking and documentation should also be useful
for identifying best risk management practices for related projects.
Identifying and Measuring Risk:
Identifying risk is a challenging but important process. The failure to identify risk is a main
contributing factor to the failure rate of projects. The project team should be gathered in a meeting
to help identify risk as part of a group process. This helps take all of the team-member’s
experiences into account when identifying project risk factors. Combining techniques like
brainstorming and cause-and-effect diagrams (also known as fishbone diagrams) can help to
identify and organize project risk. Researching past project documentation can also help identify
risks as well as how they were managed.
3
Qualifying Risk
A risk must be qualified to determine how to manage it. A probability should be assigned to risks
based on the likelihood of occurrence. Once the risks have been identified and assigned a
probability, they should be ranked and prioritized with other project risks. By prioritizing risks, the
project manager can focus their limited resources on the risks that will most likely occur. The
expected value analysis technique is used to identify the most likely result of an outcome based on
risks and the probability they will occur.
Developing and Implementing Risk Response Strategies:
Project managers should be proactive in their approach toward responding to project risk. The
entire project team should understand how risk will be addressed when it is encountered in a
project. The basic steps a risk response strategy should include are risk identification, risk analysis,
a response plan, and a monitoring process [3]. Triggers should also be included so that when risk
events do occur, the appropriate risk response strategy is implemented.
Once the project team has identified and analyzed risks, it is time to develop the risk response.
Ideally, a risk response should be developed for each known risk. Once a risk is realized, the
response should be implemented. Response options include avoiding risk, transferring risk,
mitigating risk, and accepting risk [3].




Avoiding risk involves plans to move the project around a risk factor. For example, if
a project involves the install and configuration of a server and the organization lacks
these resources, those services could be purchased from a server hosting company
to avoid any potential risk related to server install and configuration. Hewlett
Packard encourages the re-use of previously developed software because it helps to
avoid risk when compared to developing new software [5].
Risk transfer involves the movement of risk from one entity to another. A common
way of doing this is through purchasing insurance. The insurance company is at risk
should an adverse event occur.
Mitigation of risk involves reducing risk to a more acceptable and manageable level.
Analysis and adjustment of the scope of a project to reduce functionality to a core
level of requirements is a way to reduce the amount of potential risk that the project
might have if all the ‘bells and whistles’ have to be implemented.
The acceptance of risk means that the project must accept that a particular event
may occur and should develop an alternative plan to implement should that risk
occur.
Implementing Risk Response Strategies:
Once a risk has occurred, the risk response strategy should be implemented. Triggers are activated
so that the team knows what has happened and what steps to take (in accordance with the plan).
Monitoring and communication is critical so that project leadership and project team members are
aware of triggers, when events occur, and what steps to take.
Tracking Risk Response:
Once implemented, a risk response should be tracked to ensure that the strategy is working as
planned. If the response plan is not working as planned, an alternative approach must be planned
and implemented. The project manager must develop a methodology to assess the effectiveness of
the risk response strategies so that the strategy can be continually assessed.
4
Documenting and Archiving Risk:
Risks strategies should be appropriately documented an archived so that best practices can be
identified. Lessons learned meetings should take place following project completion so that future
projects can benefit from the most effective strategies developed. Strategies can also be developed
to help avoid unanticipated risks that occurred during previous projects. Unfortunately,
documentation and post-project review meetings are important steps that are often skipped. A
well-disciplined organization will ensure that these meetings are part of the project closing process
so that the organization continually learns and improves with each project.
Conclusion:
Risk is an element that must be addressed for any project. Failure to plan for risk by developing a
risk management and response strategy places the project at a higher risk for failure. The project
manager and project team have responsibility for planning for risk to help ensure that the project at
hand will succeed. Each project with a unique work breakdown structure will require a unique risk
management plan and risk response strategy. It is as important to include a documentation and
archiving process as part of the project close out process so that the organization learns and
develops best risk management processes. By appropriately recognizing and addressing risk
factors, projects will have an improved chance of success.
5
REFERENCES
1. McBride, Siobhan. IT World, “Poor project management leads to high failure rate”,
http://www.itworld.com/, October 15, 2004.
2. Taylor, James. “Managing Information Technology Projects: Applying Project Management
Strategies to Software, Hardware, and Integration Initiatives,” AMACOM, 2004.
3. Tomczyk, Catherine A. “Defining Your Risk Management Plan, Project Manager's Spotlight
on Planning,” Sybex, 2005.
4. Heldman, Kim. “What Is Risk Management? Project Manager's Spotlight on Risk
Management,” Sybex, 2005.
5. Smith, Preston G. and Guy M. Merritt. “Risk Management Approaches and Strategies,
Proactive Risk Management,” Productivity Press, 2002.
6. Kerzner, Harold. “Risk Management, Project Management: A systems Approach to Planning,
Scheduling, and Controlling,” John Wiley and Sons, 2003.
6
Related documents
Effective Project Management Process
Effective Project Management Process
© www.free-management-ebooks.com 2013. All Rights Reserved
© www.free-management-ebooks.com 2013. All Rights Reserved
Project Activity Planning
Project Activity Planning
Project Management for Maximum Effectiveness
Project Management for Maximum Effectiveness
Project Management Training Outline
Project Management Training Outline
Project Plan Review Checklist
Project Plan Review Checklist
wbs
wbs
Project Scope Management
Project Scope Management
Project Management System Based on Work-Breakdown
Project Management System Based on Work-Breakdown
Quality Plan Template
Quality Plan Template
CIS 746 Software Measurement
CIS 746 Software Measurement
Developing-Tasks-and-the-Work-Breakdown-Structure
Developing-Tasks-and-the-Work-Breakdown-Structure
FPE_Assignment_Help_WBS
FPE_Assignment_Help_WBS
Project Scope Management
Project Scope Management
cis486ch04 - Cal State LA
cis486ch04 - Cal State LA
Enterprise Structure & Master Data
Enterprise Structure & Master Data
ANALISA & PERANCANGAN SISTEM INFORMASI I
ANALISA & PERANCANGAN SISTEM INFORMASI I
RISK ANALYSIS and COST MANAGEMENT
RISK ANALYSIS and COST MANAGEMENT
final_project - An-Najah National University
final_project - An-Najah National University
JLab_SBS_Monthly-Report_2013Dec15_v2
JLab_SBS_Monthly-Report_2013Dec15_v2
Results
Results
Linux+ Study Guide
Linux+ Study Guide
Download
advertisement