IT Project Management Individual Assignment
Tubekbay001
Lesson18ProjectRiskMgmt.pptxIT Project Management
version 1.0
Diploma in Information Technology
Copyright © 2020 by Singapore Institute of Management Pte Ltd. All rights reserved.
Lesson 18: Project Risk Management
1
Learning objectives
Understand what risk is and the importance of good project risk management.
Discuss the elements involved in risk management planning and the contents of a risk management plan.
List common sources of risks on IT projects.
Describe the process of identifying risks.
2
Learning objectives
Explain the quantitative risk analysis process and how to apply decision trees, simulation, and sensitivity analysis to quantify risks.
Discuss what is involved in monitoring and controlling risks.
Describe how software can assist in project risk management.
3
PMI defines a project risk as an uncertainty that can have a negative or positive effect on meeting project objectives
Note that some people only view risks as negative and call positive risks opportunities
18.1 What is Project Risk?
4
The goal of project risk management can be viewed as minimising potential negative risks while maximising potential positive risks.
Known risks are risks that the project team have identified and analysed. Known risks can be managed proactively.
Unknown risks, are risks that have not been identified and analysed, they cannot be managed.
18.1 What is Project Risk?
5
The main planning processes are:
Planning risk management,
Identifying risks,
Performing qualitative risk analysis,
Performing quantitative risk analysis,
Planning risk responses.
18.2 Risk Planning Processes
6
18.2 Risk Planning Processes
7
A risk management plan documents the procedures for managing risk throughout the life of a project
The general topics that a risk management plan should address include:
Methodology for risk management,
Roles and responsibilities,
Budget and schedule estimates for risk-related activities,
Risk categories,
Probability and impact matrices,
Risk documentation.
18.3 Planning Risk Management
8
18.3 Planning Risk Management
9
18.3 Planning Risk Management
10
18.3.1 Sample Risk Management Plan
1. Methodology
The project team will review data available from the Phase I project and past training programs within Global Construction. They will also review information related to external projects similar to this one. The team will use several tools and techniques, including brainstorming, surveys, and risk-related checklists to assist in risk management.
11
2. Roles and Responsibilities
The project manager will be responsible for leading the team and other stakeholders in performing risk-related activities. As detailed risk-related activities and deliverables are determined, the project manager will delegate those tasks to others as appropriate.
18.3.1 Sample Risk Management Plan
12
3. Funding and Timing
As specific risk-related activities and deliverables are determined, budget and schedule information will be provided. Protocols for the application of contingency and management reserves will be reviewed with the project sponsor.
18.3.1 Sample Risk Management Plan
13
4. Risk Categories
General categories and sub-categories for risk on this project include:
Business risks (suppliers & cash flow),
Technical risks (course content, hardware, software, & network),
Organisational risks (executive support, user support, supplier support, & team support),
Project management risks (estimates, communication, & resources).
18.3.1 Sample Risk Management Plan
14
5. Risk Probability and Impact
Risk probability and impact will initially be estimated as high, medium, or low based on expert judgment.
High means a 75-100% probability or impact, low means 0-25%, and medium is in between.
If more advanced scoring is needed, the project team will determine an appropriate approach.
18.3.1 Sample Risk Management Plan
15
6. Stakeholder Risk Appetite
Measureable risk thresholds for each project objective will be documented for key stakeholders. These thresholds determine the acceptable overall project risk exposure and influence the probability and impact ratings.
18.3.1 Sample Risk Management Plan
16
7. Risk Documentation
All risk-related information will be summarised in a risk register. Detailed documentation will be available in a secure area on the project website.
18.3.1 Sample Risk Management Plan
17
18.4 Identifying Risks
You cannot manage risks until you identify them.
Identifying risks involves determining which risks are likely to affect a project and documenting the characteristics of each.
The main outputs of this process are a risk register and a risk report.
18
Risk events refer to specific, uncertain events that may occur to the detriment or enhancement of the project.
Negative risk events include the performance failure of a product produced as part of a project, delays in completing work as scheduled, increases in estimated costs, supply shortages, litigation against the company, and strikes (+ political turmoil, natural disasters).
18.4 Identifying Risks
19
Positive risk events include completing work sooner than planned or at an unexpectedly reduced cost, collaborating with suppliers to produce better products, and obtaining good publicity from the project.
We can chart the probability and impact of risk events on a matrix.
18.4 Identifying Risks
20
Overall project risk is the effect of uncertainty on the project as a whole.
Contents of a risk report include sources of overall project risk and summary information on risk events, such as number of risks, distribution across risk categories, metrics, and trends.
The risk report is developed progressively during the entire risk planning processes.
18.4 Identifying Risks
21
Interviewing is a fact-finding technique for collecting information in face-to-face, phone, e-mail, or instant-messaging discussions. Interviewing people with similar project experience is an important tool for identifying potential risks.
Brainstorming is a technique by which a group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneously and without judgment.
18.4 Identifying Risks
22
Mid-project change in scope.
Changes in scope are frequent in IT projects.
Suggestions for radical change can arise after the project implementation has started.
Very unpleasant when it happens in the middle of the project.
Choices are either to reject the changes or to trash the work done up to that point and implement the new requests.
18.4.1 Risks in IT Project
23
Going behind schedule due to unforeseen complications.
Unforeseen technical complications can turn the project upside down.
Surprises are still possible despite knowing the technologies well.
Unfortunately, little can be done to avoid this common IT project risk but pray that it doesn’t happen to you.
18.4.1 Risks in IT Project
24
3. Technical inability for a given feature to be implemented.
Technical complications lead to project delays and can affect the scope.
If a given functionality can’t be implemented due to technical inability, the easiest solution is to skip this functionality but when other components depend on it, then it is not wise to do so.
Having experienced technical people can lower the risk of unforeseen technical limitations but this risk is always present.
18.4.1 Risks in IT Project
25
4. No problems are reported.
When everything is blissfully calm and no problems are reported, this should be worrying.
It could mean that there are no problems to report, which is extremely rare, or that problems exist but nobody dares to report.
Sometimes even brave guys and gals are cautious to be the messenger to report a severe problem as they know the “shoot the messenger” approach by the upper management.
18.4.1 Risks in IT Project
26
5. A key employee leaves.
When a key employee quits, it can really shatter a project.
Employees quit due to various reasons and generally they do serve a notice period.
When a key employee is leaving soon, there is a need to rearrange the team.
If there is no suitable person to take over the tasks of the leaving person, this can have serious disruptions.
18.4.1 Risks in IT Project
27
18.4.2 Risk Register
A risk register is a document that contains the results of various risk management processes and is often displayed in a table or spreadsheet format.
It is a tool for documenting potential risk events and related information.
28
It includes:
An identification number for each risk event
A rank for each risk event (usually high, medium, or low)
The name of the risk event
A description of the risk event
The category under which the risk event falls
The root cause: The real or underlying reason a problem occurs
Triggers: Indicators or symptoms of actual risk events
Potential responses to each risk event
The risk owner, or person who will own or take responsibility
The probability of the risk event occurring
The impact to the project if the risk event occurs
The status of the risk event
18.4.2 Risk Register
29
18.4.3 Risk Register Template
30
18.4.4 Risk Register Example
Note: The components in the risk register differ in various projects.
31
18.5 Performing Qualitative Risk Analysis
Results in prioritising risks as High, Medium, or Low.
A probability and impact matrix is a good technique to help decide which risks are most important on a project.
32
Probability and Impact Matrix.
18.5 Performing Qualitative Risk Analysis
33
See next slide for the mapping of Risks 1 to 5.
For illustration:
45
24
36
64
72
18.5 Performing Qualitative Risk Analysis
34
Probability and Impact Matrix.
18.5 Performing Qualitative Risk Analysis
35
18.6 Performing Quantitative Risk Analysis
Large, complex projects involving leading-edge technologies often require extensive quantitative risk analysis.
Data gathering often involves interviewing experts and collecting probability distribution information.
36
Quantitative risk analysis and modeling techniques include :
Decision tree analysis,
Simulation (e.g. Monte Carlo analysis)
Sensitivity analysis.
18.6 Performing Quantitative Risk Analysis
37
For quantitative risk analysis, decision tree analysis is an important technique to understand.
Expected Monetary Value (EMV) analysis is the foundational concept on which decision tree analysis is based.
18.6.1 Decision Tree Analysis
38
The formula for EMV of a risk is this:
Expected Monetary Value (EMV)
= Probability of the Risk (P) * Impact of the Risk (I)
or simply,
EMV = P * I
18.6.1 Decision Tree Analysis
39
EMV calculates the average outcome when the future includes uncertain scenarios — positive (opportunities) or negative (threats).
Opportunities are expressed as positive (+) values, while threats have negative (-) values.
Both the values will be considered by adding them together.
18.6.1 Decision Tree Analysis
40
Example:
For a work package, the negative risk (or threat) has a 10% probability with an estimated loss of $50,000, while the positive risk (opportunity) has a 15% probability with a potential return of $30,000. Should you execute the work package?
Answer:
EMV for the threat = P * I = 10% * (-$50,000) = -$5000
EMV for the opportunity = P * I = 15% * (+$30,000) = $4,500
Now, the EMV = – $5,000 + $4,500 = -$500
18.6.1 Decision Tree Analysis
41
18.6.1 Decision Tree Analysis
Legend:
42
18.6.1 Decision Tree Analysis
EMV for Chance Node 1, (the 1st circle):
The net path value for the prototype with 70% success = Payoff – Cost:
= +$500,000 – $100,000
= +$400,000
The net path value, for the prototype with a 30% failure = Payoff – Cost:
= -$50,000 – $100,000
= -$150,000
EMV of chance node 1 = [70% * (+$400,000)] + (30% * (-$150,000)]
= +$280,000 – $45,000
= +$235,000
43
18.6.1 Decision Tree Analysis
EMV for Chance Node 2 (the 2nd circle):
The net path value for the prototype with a 20% success = Payoff – Cost:
= +$500,000 – $0
= +$500,000
The net path value for the prototype with 80% failure = Payoff – Cost:
= -$250,000 – $0
= -$250,000
EMV of chance node 2 = [20% * (+$500,000)] + (80% * (-$250,000)]
= +$100,000 – $200,000
= -$100,000
44
18.6.1 Decision Tree Analysis
45
18.7 Planning Risk Responses
| Negative risk responses | Description |
| Risk acceptance | Passive acceptance: No action, and deal with the risks as they occur Active acceptance: Establish a contingency reserve to deal with the risk |
| Risk avoidance | Eliminate the threat entirely; Remove the causes that are creating risks |
| Risk transference | Shift some or all ownership of a threat to 3rd party who can better manage & control it |
| Risk mitigation | Reduce the impact and/or probability of threat |
46
18.7 Planning Risk Responses
| Positive risk responses | Description |
| Risk acceptance | Not actively pursuing, but willing to take the opportunity when it occur |
| Risk exploitation | Eliminate the uncertainties to ensure or increase the cause for the opportunity to happen |
| Risk enhancement | Increasing the probability and/or impact of the opportunity |
| Risk sharing | Allocate some or all the ownership of the opportunity to a 3rd party who can capture and take advantage of it |
47
18.8 Monitor & Control Risks
Identified risks may not materialise, or their probabilities of occurrence or loss may diminish.
Previously identified risks may be determined to have a greater probability of occurrence or a higher estimated loss value.
48
18.8 Monitor & Control Risks
New risks will be identified as the project progresses.
Newly identified risks need to go through the same process as those identified during the initial risk assessment.
A redistribution of resources devoted to risk management may be necessary because of relative changes in risk exposure.
49
18.9 How Software Assist Risk Management
PM software can help identify areas of new risk while a project plan is being executed because it has features that can highlight the effect on future tasks of what has already happened.
It is a good tool for managing project schedule and budget.
50
18.9 How Software Assist Risk Management
When entering actual work effort expended so far on a task, the software can update its remaining duration and the new expected end date.
It can also automatically recalculate the expected start and finish dates for the remaining tasks in the project plan.
It analyses the final end date or any critical milestones or deadlines to see if they have been impacted or if there are any additional risks that should be analysed.
51
18.9 How Software Assist Risk Management
When resource availability changes or a resource is pulled from the project, the software has a filter to determine what future tasks will be affected.
By changing the percentage availability of the resource in the software, we can recompute the start and finish dates for tasks involving the resource and identify any additional risks introduced by this change of resource availability.
52
Questions?
53
