11/9/2015 1 IST 302 Project Risk Management Why Do We Care? • Risk management can improve project success • Helps – Select good projects – Determine project scope – Develop realistic estimates • KPMG study (~2000) – 55% of poor projects did no risk management
Transcript
Microsoft PowerPoint -
11_riskMgmt.pptxWhy Do We Care?
• Helps – Select good projects
– Determine project scope
– Develop realistic estimates
• KPMG study (~2000) –
55% of poor projects did no risk management
11/9/2015
2
Scope 3.45 3.25
Time 3.41 3.03
Cost 3.22 3.20
Quality 3.22 2.88
HR 3.20 2.93
Communications 3.53 3.21
Risk 2.87 2.75
Procurement 3.01 2.91
0%
20%
40%
60%
80%
100%
Percentage of Respondents Citing Benefit
KLCI Research surveyed 260 software organizations in 2001
and several common cited benefits of risk management.
11/9/2015
3
Deciding how to approach and plan the risk management
activities
Risk Analysis
Quantitative: Measuring the probability and consequences of risks
and estimating their effects
Qualitative: Characterizing and analyzing risks and prioritizing
their effects on project objectives
Identifying Risks
Determining which risks are will affect a project and documenting
the characteristics of each
Planning Risk Response
Taking steps to enhance opportunities and reduce threats to
obtaining project objectives
Risk Monitoring and Control
Project Risk Management Processes
Risk management is like insurance.
A risk
is an uncertain event or condition that, if it
occurs, has a positive or negative effect on a project.
11/9/2015
4
Risk utility is the amount of satisfaction or pleasure
received from a potential payoff.
ut ili
11/9/2015
5
• How will risk management be performed on this project? What tools
and data sources are available and applicable?
• Which people are responsible for implementing specific
tasks?
• What are the estimated costs and schedules for performing risk-
related activities?
• What are the main categories of risk? Is there a risk breakdown
structure?
• How will probabilities and imapcts be assessed?
• Have stakeholders’ tolerances changed?
Questions Addressed in a Risk Management Plan
• Creeping user requirements
• Unanticipated acceptance criteria
• Unanticipated integration issues
11/9/2015
6
A risk breakdown structure is useful in identifying
potential risks in a categorical way.
Business
Competitors
Suppliers
The Standish Group identified success criterion and relative
weights.
11/9/2015
7
Planning to Handle Risks
• Contingency Plans –
Predefined actions that the project team will take if an
identified risk event occurs
• Fallback Plans –
Developed for risks that have a high impact on meeting
project objectives
• Contingency Reserves –
Provisions held by the project sponsor that can be used to
mitigate cost or schedule risk if changes in scope or quality
occur
• Market risk –
Will the new product be useful to the organization or marketable to
others? Will users accept and use the product or service?
• Financial risk –
Can the organization afford to undertake the project? Is this project
the best way to use the company’s financial resources?
• Technology risk: –
Is the project technically feasible? Could the technology be obsolete
before a useful product can be produced?
Categories of Risk
• Tools and techniques include
11/9/2015
9
Qualitative Risk Analysis assess the likelihood and impact of
identified risks to determine their magnitude and priority
• Tools and techniques include
– Expert judgment
Quantitative Risk Analysis provides formal numerical analysis usually
based on the outputs of the qualitative analysis.
11/9/2015
10
Avoidance
Four Strategies
Risk Response Planning defines how the project will
respond to risks as they occur.
Technical Risks Cost Risks Schedule Risks
Emphasize team support
and avoid standalone project structure
Improve communication, project goals
understanding, and team support
Select the project manager most
experienced
Increase project manager authority
Increase project manager authority
Improve problem handling and communication
Increase the frequency of
project monitoring
Use WBS and CPM
Use WBS and CPM
Use WBS and CPM
• Controlling risks –
Involves carrying out the risk management plans
•
Workarounds are unplanned responses to risk events that
must be done when there are no contingency plans
Results of Good Project Risk Management
•
Good project risk management often goes unnoticed
•
Wellrun projects appear to be almost effortless
Project managers should strive to make their jobs look
easy to reflect the results of wellrun projects
11/9/2015
12
• Probability/Impact matrixes
–
Plots the relative probability of a risk occurring vs. the
relative impact of the risk occurring
•
The Top 10 Risk Item Tracking technique
–
Periodic review of the top 10 risk items
• Expert judgment
Simple Probability/Impact Matrix
Risk Prob. Impact Response
Average team member leaves
High Low Ensure plan has contingency
to allow for less
than expected resource availability
Key team member leaves
Medium Medium Ensure project
includes good knowledge sharing
and documentation.
Solution doesn’t meet business needs
Low High Ensure
sufficient participation of diverse
stakeholder base
Insufficient user participation
High Medium
Ensure supporting sponsors are aware of the
importance of participation.
Significant change in business needs
Medium High Plan
project to be agile to respond efficiently to
changes.
Technical solution has major flaws
Low High Ensure
testing is sufficiently planned and
supported. Have fallback plan to rev to previous
system.
Technical solution has operational flaws
High Low Ensure
processes, resources, and responsibilities
for ongoing maintenance are established early.
Examples of Common Risks
Risk Prob. Impact Response
System Failure High Medium Invest
in fault tolerant components and
redundancy. Ensure disaster recovery plans are
established.
Infrastructure sizing inadequate to meet
demands
Medium Medium Plan for scalability.
Users fail to use
system effectively and efficiently
Medium Medium Plan
for a detailed training needs analysis.
Consider how to coach and support users after
deployment.
Users resist change High High
Use change management experts
to assess the
issues and create a change program.
Examples of Common Risks
11/9/2015
14
A more complex approach is to try to quantify the risk.
• Quantify the probability of failure •
Quantify the consequence of failure
• Compute the risk factor:
RF = (PF + CF) – (PF * CF)
RF : Risk Factor
PF : probability of failure
CF : consequence of failure
Value Maturity HW/SW Complexity HW/SW
Support Base
0.5 Major Change Fairly Complex Several Parallel
Programs
0.7 Complex/New Design
0.9 Completely Novel Extremely Complex No additional
programs
Sample Categorization: Probability of Failure (PF)
11/9/2015
15
Schedule Factor
Confident Reduce DT
Unconfident On Schedule
Unconfident Reduce DT
Figure 11-3, Schwalbe
• Expected Monetary Value
–
Diagramming method used to select a best course
of action
–
Type of decision tree / probability tree
• Simulation
What’s expected value?
Project 1
Project 2
PW = 0.2
PL = 0.8
P1 = 0.2
P3 = 0.7
Project 1:
Decision trees can get very complex when risks have
interdependencies.
How are probabilities computed?
P1
P2