Introduction to Project Management

advertisement
Managing Project Risk
Project Risk
• “…an uncertain event or condition that, if it occurs,
has a positive or a negative effect on a project
objective.”
Information Systems
Associated Risks
• Technology and project management related
– Positive
• Availability of new project management tools
– Negative
• Rate of change in technologies
– Upgrades and new releases
• Assumptions computer-generated output is always correct
• Formation of teams
Risk & Project Life Cycle
• Initiation stage
– Identification and selection of specific projects
• Inside or outside of organization’s core competencies
• Planning stage
– Procurement
• Unreliability of new technology delivery timeframe
• Development of accurate project schedule
Risk & Project Life Cycle (cont.)
• Execution stage
– Missed scheduled delivery date
– Technology upgrades
• Control stage
– Implementation of risk plan
– Modification of project schedule
• Closing stage
– Acceptance of project as finished
Project Risk Examples
• New or different project management methodologies
• Different:
– Cultures
– Organization structures
– Human resources
General Categories of
Project Risk
• Ongoing changes to technology/materials
• Finding, assigning, and retaining skilled personnel
• Gaining user acceptance
• Choosing the correct development methodology
• Choosing correct manufacturing tools/materials
Outsourcing / Offshoring
• Positives:
– Expanded skill set availability
– Cheaper labor
– Reduced requirements for non-core competencies
• Negatives:
– Internal resistance
• Possible solutions to reduce risk:
–
–
–
–
Ensure strong upper management support
Select the right personnel
Involve managers early in the outsourcing process
Educate and reassure internal employees
Outsourcing / Offshoring (cont.)
• Negatives (cont.):
– Increased security and privacy concerns
• Possible solutions to reduce risk:
–
–
–
–
Increase physical security measures
Use software event logging and monitoring tools
Intrusion detection systems and firewalls
Encryption hardware/software
Top Five Project Risks
• Lack of top management commitment to the project
• Failure to gain user commitment/acceptance
• Misunderstanding the requirements
• Lack of adequate user/consumer involvement
• Failure to manage end user expectations
Risk Management Planning
• A systematic approach to planning the risk
management activities of a given project
Risk Management Planning – Inputs
• Enterprise environmental factors
– Attitudes toward risk and risk tolerance
• Organizational process assets
– Processes in place to handle risk
• Project scope statement
– Defining the project
• Project management plan
– Project summary document
Risk Management Planning –
Tools & Techniques
• Risk planning meetings
– Senior managers, project team leaders, stakeholders,
project members with decision-making responsibilities
– Development of specific risk management plans
– Inclusion of risk-related items in budget and schedule
– Creation of risk management templates
Risk Management Planning – Outputs
• Risk Management Plan
– Methodology or approach to risk management
– Roles and responsibilities of project members
– Risk management budget
– Integration of risk management activities into project life
cycle
– Scoring and interpretation of risk analysis
– Risk thresholds
– Reporting formats
– Tracking
Risk Identification
• The process of identifying potential risks to a project
and documenting them
Risk Identification – Inputs
• Enterprise environmental factors
• Organizational process assets
• Project scope statement
• Project management plan
• Risk management plan
Risk Categories
• Defined in a Risk Register
– A formal recording of all project risks, explaining the
nature of the risk and management of the risk
Risks
Risk Identification –
Tools & Techniques
• Documentation reviews
– The review of organizational information to aid during risk
identification
• May include:
– Project profiles (previous project information and related lessons
learned)
– Published information
» Articles/studies/benchmarking information
Risk Identification –
Tools & Techniques (cont.)
• Information gathering techniques
– Brainstorming
– Delphi technique
– Interviewing
– Strengths, weaknesses, opportunities, and threats (SWOT)
– Checklists
Risk Identification –
Tools & Techniques (cont.)
– Diagramming techniques
• Cause and effect (Fishbone)
• System or process flowcharts
• Influence diagrams
Risk Identification – Output
Qualitative Risk Analysis
• Establishment of probabilities regarding both the
impact and likelihood of specific risk occurrences
Qualitative Risk Analysis – Inputs
• Organizational process assets
• Project scope statement
• Risk management plan
• Risk register
Qualitative Risk Analysis –
Tools & Techniques
• Risk probability and impact assessment
• Probability/impact risk rating matrix
• Risk data quality assessment
• Risk categorization
• Risk urgency assessment
Probability/Impact
Risk Rating Matrix
• A technique used to analyze project risk in terms of
its probability of occurrence and its impact on project
outcomes
Risk Data Quality Assessment
• Assessment of the quality of the data used to assess
risk
• May include:
• Extent to which a risk is understood
• Available risk data
• Data quality
• Data integrity and reliability
Qualitative Risk Analysis – Outputs
• Updated risk register
Quantitative Risk Analysis
• Analysis of the probability of occurrence and impact
of risk on project objectives using numerical
techniques
Quantitative Risk Analysis – Inputs
• Organization process assets
• Project scope statement
• Risk management plan
• Risk register
• Project management plan
Quantitative Risk Analysis –
Tools & Techniques
• Data gathering through interviewing
• Quantitative procedures
– Sensitivity analysis
• Technique used to examine the potential impact of specific risks to
a project (Tornado analysis)
– Decision tree analysis
• Diagramming technique used to evaluate courses of action in terms
of their potential cost and benefits relative to other courses of action
Quantitative Risk Analysis –
Tools & Techniques (cont.)
– Expected monetary value analysis (EMV)
• Statistical technique which captures the average value of potential
projects by analyzing the likelihood of possible project outcomes as
well as each outcome’s financial consequences
– Simulation
• Statistical technique where what-if analyzes are run to determine
the impact of a given situation on a project objective (Monte Carlo)
Tornado Analysis
Expected Monetary Value + Decision
Tree Analysis
Quantitative Risk Analysis – Outputs
• Updated risk register
Risk Response Planning
• The process of developing methods for responding to
project risks
Risk Response Planning – Inputs
• Risk management plan
• Risk register
Risk Response Planning –
Tools & Techniques
• Avoidance
– Identified risks are avoided through a different course of
action
• Transference
– Transfer of risk to another party through the use of
contracts
• Mitigation
– Steps are taken to reduce the occurrence or impact of stated
risks
• Acceptance
– Risks are accepted and contingency strategies are planned
Risk Response Planning – Outputs
• Updates to:
– Risk register
– Project management plan
– Risk-related contractual agreements
Risk Response Plan Contents
(Project Management Institute)
• Any risks that have been identified along with a description and the areas
and objectives the identified risk may affect
• The roles and responsibilities of any risk owners
• Qualitative and quantitative risk analysis results as well as any trends
identified during either of these processes
• A description of the risk response strategies including avoidance,
transference, mitigation, and acceptance, and the risk that the strategies will
be applied to
• An acknowledgement of any residual risk projected to remain after any risk
response strategies have been applied
• A list of actions to be used to implement the risk response strategies
• Budget and schedule information in terms of risk response
• Any contingency plans used as part of an active response to accept risks
Additional Risk Terms
• Residual risks
– Any risks remaining after risk response strategies have
been applied
• Secondary risks
– Any risks resulting from the application of a risk response
strategy
• Contractual agreements
– Any contracts for the purpose of risk transference during
the project
Risk Monitoring & Control
• The process of monitoring identified risks for change
and controlling those changes
Questions?
Download