Managing Project Risk Project Risk • “…an uncertain event or condition that, if it occurs, has a positive or a negative effect on a project objective.” Information Systems Associated Risks • Technology and project management related – Positive • Availability of new project management tools – Negative • Rate of change in technologies – Upgrades and new releases • Assumptions computer-generated output is always correct • Formation of teams Risk & Project Life Cycle • Initiation stage – Identification and selection of specific projects • Inside or outside of organization’s core competencies • Planning stage – Procurement • Unreliability of new technology delivery timeframe • Development of accurate project schedule Risk & Project Life Cycle (cont.) • Execution stage – Missed scheduled delivery date – Technology upgrades • Control stage – Implementation of risk plan – Modification of project schedule • Closing stage – Acceptance of project as finished Project Risk Examples • New or different project management methodologies • Different: – Cultures – Organization structures – Human resources General Categories of Project Risk • Ongoing changes to technology/materials • Finding, assigning, and retaining skilled personnel • Gaining user acceptance • Choosing the correct development methodology • Choosing correct manufacturing tools/materials Outsourcing / Offshoring • Positives: – Expanded skill set availability – Cheaper labor – Reduced requirements for non-core competencies • Negatives: – Internal resistance • Possible solutions to reduce risk: – – – – Ensure strong upper management support Select the right personnel Involve managers early in the outsourcing process Educate and reassure internal employees Outsourcing / Offshoring (cont.) • Negatives (cont.): – Increased security and privacy concerns • Possible solutions to reduce risk: – – – – Increase physical security measures Use software event logging and monitoring tools Intrusion detection systems and firewalls Encryption hardware/software Top Five Project Risks • Lack of top management commitment to the project • Failure to gain user commitment/acceptance • Misunderstanding the requirements • Lack of adequate user/consumer involvement • Failure to manage end user expectations Risk Management Planning • A systematic approach to planning the risk management activities of a given project Risk Management Planning – Inputs • Enterprise environmental factors – Attitudes toward risk and risk tolerance • Organizational process assets – Processes in place to handle risk • Project scope statement – Defining the project • Project management plan – Project summary document Risk Management Planning – Tools & Techniques • Risk planning meetings – Senior managers, project team leaders, stakeholders, project members with decision-making responsibilities – Development of specific risk management plans – Inclusion of risk-related items in budget and schedule – Creation of risk management templates Risk Management Planning – Outputs • Risk Management Plan – Methodology or approach to risk management – Roles and responsibilities of project members – Risk management budget – Integration of risk management activities into project life cycle – Scoring and interpretation of risk analysis – Risk thresholds – Reporting formats – Tracking Risk Identification • The process of identifying potential risks to a project and documenting them Risk Identification – Inputs • Enterprise environmental factors • Organizational process assets • Project scope statement • Project management plan • Risk management plan Risk Categories • Defined in a Risk Register – A formal recording of all project risks, explaining the nature of the risk and management of the risk Risks Risk Identification – Tools & Techniques • Documentation reviews – The review of organizational information to aid during risk identification • May include: – Project profiles (previous project information and related lessons learned) – Published information » Articles/studies/benchmarking information Risk Identification – Tools & Techniques (cont.) • Information gathering techniques – Brainstorming – Delphi technique – Interviewing – Strengths, weaknesses, opportunities, and threats (SWOT) – Checklists Risk Identification – Tools & Techniques (cont.) – Diagramming techniques • Cause and effect (Fishbone) • System or process flowcharts • Influence diagrams Risk Identification – Output Qualitative Risk Analysis • Establishment of probabilities regarding both the impact and likelihood of specific risk occurrences Qualitative Risk Analysis – Inputs • Organizational process assets • Project scope statement • Risk management plan • Risk register Qualitative Risk Analysis – Tools & Techniques • Risk probability and impact assessment • Probability/impact risk rating matrix • Risk data quality assessment • Risk categorization • Risk urgency assessment Probability/Impact Risk Rating Matrix • A technique used to analyze project risk in terms of its probability of occurrence and its impact on project outcomes Risk Data Quality Assessment • Assessment of the quality of the data used to assess risk • May include: • Extent to which a risk is understood • Available risk data • Data quality • Data integrity and reliability Qualitative Risk Analysis – Outputs • Updated risk register Quantitative Risk Analysis • Analysis of the probability of occurrence and impact of risk on project objectives using numerical techniques Quantitative Risk Analysis – Inputs • Organization process assets • Project scope statement • Risk management plan • Risk register • Project management plan Quantitative Risk Analysis – Tools & Techniques • Data gathering through interviewing • Quantitative procedures – Sensitivity analysis • Technique used to examine the potential impact of specific risks to a project (Tornado analysis) – Decision tree analysis • Diagramming technique used to evaluate courses of action in terms of their potential cost and benefits relative to other courses of action Quantitative Risk Analysis – Tools & Techniques (cont.) – Expected monetary value analysis (EMV) • Statistical technique which captures the average value of potential projects by analyzing the likelihood of possible project outcomes as well as each outcome’s financial consequences – Simulation • Statistical technique where what-if analyzes are run to determine the impact of a given situation on a project objective (Monte Carlo) Tornado Analysis Expected Monetary Value + Decision Tree Analysis Quantitative Risk Analysis – Outputs • Updated risk register Risk Response Planning • The process of developing methods for responding to project risks Risk Response Planning – Inputs • Risk management plan • Risk register Risk Response Planning – Tools & Techniques • Avoidance – Identified risks are avoided through a different course of action • Transference – Transfer of risk to another party through the use of contracts • Mitigation – Steps are taken to reduce the occurrence or impact of stated risks • Acceptance – Risks are accepted and contingency strategies are planned Risk Response Planning – Outputs • Updates to: – Risk register – Project management plan – Risk-related contractual agreements Risk Response Plan Contents (Project Management Institute) • Any risks that have been identified along with a description and the areas and objectives the identified risk may affect • The roles and responsibilities of any risk owners • Qualitative and quantitative risk analysis results as well as any trends identified during either of these processes • A description of the risk response strategies including avoidance, transference, mitigation, and acceptance, and the risk that the strategies will be applied to • An acknowledgement of any residual risk projected to remain after any risk response strategies have been applied • A list of actions to be used to implement the risk response strategies • Budget and schedule information in terms of risk response • Any contingency plans used as part of an active response to accept risks Additional Risk Terms • Residual risks – Any risks remaining after risk response strategies have been applied • Secondary risks – Any risks resulting from the application of a risk response strategy • Contractual agreements – Any contracts for the purpose of risk transference during the project Risk Monitoring & Control • The process of monitoring identified risks for change and controlling those changes Questions?