Risk Management g

What is a Project Risk?
• uncertain event or condition • I Impacts project objectives j bj i • Examples?

Sloan Mgmt Review. planning and approach Managing Project Uncertainty. randomly but in predictable range • Foreseen Uncertainty : A few known factors will influence the project .Uncertainty is a rule. but in unpredictable way • Unforeseen uncertainty: One or more major influences factors can not be predicted Chaos • Chaos: Unforeseen events completely invalidate the project's target. Meyer. time and performance levels vary randomly.2002 . Loch. and Pich. not an exception Uncertainty is there while pursuing opportunities as well Risk d R k identification consequence f of uncertainty and not reflection of our own ability Characterizing Uncertainty in Projects • Variation: Cost.

Risk Planning Risk Monitoring & g Control IT PROJECT RISK MANAGEMENT PROCESSES Risk Identification de t cat o Risk Response planning Risk Assessment . Also. di Id if discuss and d d document and d finalize the mitigation and contingency action plans for foreseen uncertainty through the lifecycle of the project.What is risk management? Risk Management : Identify. and discuss the progress on the mitigation actions. review and revaluate existing identified risks.

carrying d sid l isks identifying isks i out risk response plans. id tif i new risks. and evaluating the effectiveness of risk strategies throughout the life of the project 11 .Project Risk Management Processes • Risk management planning: deciding how to approach and plan the risk management activities for the project • Risk identification: determining which risks are likely to affect a project and documenting the characteristics of each • Qualitative risk analysis: prioritizing risks based on their probability and impact of occurrence 10 Project Risk Management Processes (continued) • Quantitative risk analysis: numerically estimating the effects of risks on project objectives • Risk response planning: taking steps to enhance opportunities and reduce threats to meeting project objectives • Risk monitoring and control: monitoring identified and residual risks.

if required • Review and up dation of the plan at regular intervals or when required .Project Risk Management Summary 12 Risk Management Planning • Create a RM plan • • • • Commitment of Stakeholders ti C it t f St k h ld time Frequency of review of the risks Methodology to be followed Availability of tools.

Risk Identification • Both threats and opportunities can be identified • Risks need to be identified through every phase of the project • Can have unique risks associated to every phase • Risk identification to start from the proposal stage Risk Identification • How will you identify? • Risk identification tools and techniques include: • Brainstorming • The Delphi Technique • Interviewing 16 .

Risk Identification • How will you document identified risk? • Risk Register • What will you document? • • • • • • Name Description Owner Triggers Mitigation plan contingency plan 18 Sample Risk Register 22 .

Qualitative Risk Analysis • Assess the likelihood and impact of identified risks to determine their magnitude and priority • Risk quantification tools and techniques include: • Probability/impact matrixes • The Top Ten Risk Item Tracking h k k • Expert judgment 23 Risk Assessment & Analysis • Analysis: To determine probability and impact of each risk • Assessment : Prioritizing risk to formulate the strategy • Risk Priority = Probability * Impact .

Risk Assessment & Analysis Techniques • W i h d Analysis Weighted A l i • Multi-variable Analysis Weighted Analysis Probability Reference Table Score 1 2 3 General Scale Low Medium High Probability Infrequently Occasionally Frequently Sco re 1 2 3 4 Impact Reference Table General Scale S l Very Low Low Medium High Very High Impact Nuisance or NA Limits effectiveness Financial Impact. Customer Dissatisfaction Disruption to Operation. Large Financial Impact Major Financial impact. significant compliance concern • Risk Priority = Probability * Impact 5 • Highest possible priority = 15 Lowest possible priority = 1 .

determine probability and impact Risk Variable Schedule Slippage IBM AIX skills not available Delay in Visa processing Probability (1-3) 3 2 2 Impact (1-5) 5 5 3 Priority (P I) (P*I) 15 10 6 • Priority cut-off is determined after calculating priorities • Only risks above the cut-off are carried forward for analysis • Method favors Impact over Probability Multi-Variable Analysis • • • • Impact calculated against 4 variables of Schedule. Cost. Medium or High based on the table below: Impact Schedule Cost Quality Scope Impact Wt 2 Low <5% Delay 5% to 10% Delay <5% increase in effort or cost 5% to 10% increase in effort or cost ff <2% increase in defect rate or contractually agreed 2% to 5% increase in defect rate f <2% of functionality can not be delivered 2% to 5% of f functionality y cannot be delivered >5% of functionality cannot be delivered Medium 5 High >10% Delay >10% Increase in effort or cost >5% increase in defect rate 10 .Weighted Analysis For each variable. Quality & Scope to determine impact weight Probability assessed to determine probability weight Probability & Impact used to calculate priority Impact weight classified as Low.

50% chance of occurrence 50% chance of occurrence Weight 2 5 10 Multi-Variable Analysis Risk Impact on Impact Weight Probability Weight Impact Value IBM AIX skills not available Schedule Cost Quality Scope Risk Weight 5 5 10 2 5 5 10 2 25 25 100 4 154 • Priority of the risk decided on the risk weight as computed above • Priority cut-off is determined after calculating priorities • Only risks above the cut-off are carried forward for analysis • Method favors Impact and Probability equally .Multi-Variable Analysis • Probability of impact is classified as Occurrence Improbable Likely Very Likely Probability < 5% chance of occurrence 5% .

complex projects involving leading edge technologies often require extensive quantitative risk analysis • Main techniques include: • Decision tree analysis • Simulation • Sensitivity analysis 38 Steps of a Monte Carlo Analysis 1. select a random value based on the probability distribution 4.Quantitative Risk Analysis • Often follows qualitative risk analysis. For each variable. 4 Run a deterministic analysis or one pass through the model 5. Assess the range for the variables being considered 2. but both can be done together • Large. Determine the probability distribution of each variable 3. Repeat steps 3 and 4 many times to obtain the probability distribution of the model’s results 39 .

Sample Monte Carlo Simulation Results for Project Schedule s1 Information Technology Project Management. Fifth Edition. Copyright 2007 40 What should be Risk Strategy or Response to Risk? • • • • Accept or Ignore Avoidance Mitigate Transfer .

or can someone put in the proper art file? schwalbe. OK as is. 1/21/2005 . This figure is the same as what should be here except for the dates.Slide 40 s1 I can't seem to read the final art files for this chapter.

scope RISK MONITORING AND CONTROL • Risk Audits • Ri k R i Risk Reviews • Risk Status meeting and Reports Monitor the triggers continuously and keep track of various project risks risks. . impact and mitigation plans • The impact on estimates of time.Risk Response Planning • Each risk must have • One or more mitigation act ons m t gat on actions • Contingency actions • Each action must have an owner and target completion date • Mitigation action may include modification to project approach or roles and responsibilities • Must have a Risk Profile : a template to present • Risk assessment. costs.

Risk Management for the Project • Risk Identification: • Risk Assessment & Analysis : • Risk Response Planning : • • • • • • • Brain Storming Delphi Multi-variable Analysis • Risk Monitoring and Control : Update Monthly or when required Status Reporting Audits & Reviews Mitigation and Contingency actions stated .