You are on page 1of 16

Risk Management g

What is a Project Risk?
• uncertain event or condition • I Impacts project objectives j bj i • Examples?

planning and approach Managing Project Uncertainty.Uncertainty is a rule. but in unpredictable way • Unforeseen uncertainty: One or more major influences factors can not be predicted Chaos • Chaos: Unforeseen events completely invalidate the project's target. randomly but in predictable range • Foreseen Uncertainty : A few known factors will influence the project . Sloan Mgmt Review. time and performance levels vary randomly. Meyer. Loch.2002 . and Pich. not an exception Uncertainty is there while pursuing opportunities as well Risk d R k identification consequence f of uncertainty and not reflection of our own ability Characterizing Uncertainty in Projects • Variation: Cost.

and discuss the progress on the mitigation actions. Also. di Id if discuss and d d document and d finalize the mitigation and contingency action plans for foreseen uncertainty through the lifecycle of the project.What is risk management? Risk Management : Identify. review and revaluate existing identified risks. Risk Planning Risk Monitoring & g Control IT PROJECT RISK MANAGEMENT PROCESSES Risk Identification de t cat o Risk Response planning Risk Assessment .

Project Risk Management Processes • Risk management planning: deciding how to approach and plan the risk management activities for the project • Risk identification: determining which risks are likely to affect a project and documenting the characteristics of each • Qualitative risk analysis: prioritizing risks based on their probability and impact of occurrence 10 Project Risk Management Processes (continued) • Quantitative risk analysis: numerically estimating the effects of risks on project objectives • Risk response planning: taking steps to enhance opportunities and reduce threats to meeting project objectives • Risk monitoring and control: monitoring identified and residual risks. and evaluating the effectiveness of risk strategies throughout the life of the project 11 . id tif i new risks. carrying d sid l isks identifying isks i out risk response plans.

if required • Review and up dation of the plan at regular intervals or when required .Project Risk Management Summary 12 Risk Management Planning • Create a RM plan • • • • Commitment of Stakeholders ti C it t f St k h ld time Frequency of review of the risks Methodology to be followed Availability of tools.

Risk Identification • Both threats and opportunities can be identified • Risks need to be identified through every phase of the project • Can have unique risks associated to every phase • Risk identification to start from the proposal stage Risk Identification • How will you identify? • Risk identification tools and techniques include: • Brainstorming • The Delphi Technique • Interviewing 16 .

Risk Identification • How will you document identified risk? • Risk Register • What will you document? • • • • • • Name Description Owner Triggers Mitigation plan contingency plan 18 Sample Risk Register 22 .

Qualitative Risk Analysis • Assess the likelihood and impact of identified risks to determine their magnitude and priority • Risk quantification tools and techniques include: • Probability/impact matrixes • The Top Ten Risk Item Tracking h k k • Expert judgment 23 Risk Assessment & Analysis • Analysis: To determine probability and impact of each risk • Assessment : Prioritizing risk to formulate the strategy • Risk Priority = Probability * Impact .

Large Financial Impact Major Financial impact. Customer Dissatisfaction Disruption to Operation.Risk Assessment & Analysis Techniques • W i h d Analysis Weighted A l i • Multi-variable Analysis Weighted Analysis Probability Reference Table Score 1 2 3 General Scale Low Medium High Probability Infrequently Occasionally Frequently Sco re 1 2 3 4 Impact Reference Table General Scale S l Very Low Low Medium High Very High Impact Nuisance or NA Limits effectiveness Financial Impact. significant compliance concern • Risk Priority = Probability * Impact 5 • Highest possible priority = 15 Lowest possible priority = 1 .

determine probability and impact Risk Variable Schedule Slippage IBM AIX skills not available Delay in Visa processing Probability (1-3) 3 2 2 Impact (1-5) 5 5 3 Priority (P I) (P*I) 15 10 6 • Priority cut-off is determined after calculating priorities • Only risks above the cut-off are carried forward for analysis • Method favors Impact over Probability Multi-Variable Analysis • • • • Impact calculated against 4 variables of Schedule. Cost.Weighted Analysis For each variable. Medium or High based on the table below: Impact Schedule Cost Quality Scope Impact Wt 2 Low <5% Delay 5% to 10% Delay <5% increase in effort or cost 5% to 10% increase in effort or cost ff <2% increase in defect rate or contractually agreed 2% to 5% increase in defect rate f <2% of functionality can not be delivered 2% to 5% of f functionality y cannot be delivered >5% of functionality cannot be delivered Medium 5 High >10% Delay >10% Increase in effort or cost >5% increase in defect rate 10 . Quality & Scope to determine impact weight Probability assessed to determine probability weight Probability & Impact used to calculate priority Impact weight classified as Low.

Multi-Variable Analysis • Probability of impact is classified as Occurrence Improbable Likely Very Likely Probability < 5% chance of occurrence 5% .50% chance of occurrence 50% chance of occurrence Weight 2 5 10 Multi-Variable Analysis Risk Impact on Impact Weight Probability Weight Impact Value IBM AIX skills not available Schedule Cost Quality Scope Risk Weight 5 5 10 2 5 5 10 2 25 25 100 4 154 • Priority of the risk decided on the risk weight as computed above • Priority cut-off is determined after calculating priorities • Only risks above the cut-off are carried forward for analysis • Method favors Impact and Probability equally .

Quantitative Risk Analysis • Often follows qualitative risk analysis. Repeat steps 3 and 4 many times to obtain the probability distribution of the model’s results 39 . Determine the probability distribution of each variable 3. For each variable. select a random value based on the probability distribution 4. Assess the range for the variables being considered 2. complex projects involving leading edge technologies often require extensive quantitative risk analysis • Main techniques include: • Decision tree analysis • Simulation • Sensitivity analysis 38 Steps of a Monte Carlo Analysis 1. 4 Run a deterministic analysis or one pass through the model 5. but both can be done together • Large.

Copyright 2007 40 What should be Risk Strategy or Response to Risk? • • • • Accept or Ignore Avoidance Mitigate Transfer . Fifth Edition.Sample Monte Carlo Simulation Results for Project Schedule s1 Information Technology Project Management.

This figure is the same as what should be here except for the dates. OK as is.Slide 40 s1 I can't seem to read the final art files for this chapter. 1/21/2005 . or can someone put in the proper art file? schwalbe.

scope RISK MONITORING AND CONTROL • Risk Audits • Ri k R i Risk Reviews • Risk Status meeting and Reports Monitor the triggers continuously and keep track of various project risks risks. costs.Risk Response Planning • Each risk must have • One or more mitigation act ons m t gat on actions • Contingency actions • Each action must have an owner and target completion date • Mitigation action may include modification to project approach or roles and responsibilities • Must have a Risk Profile : a template to present • Risk assessment. impact and mitigation plans • The impact on estimates of time. .

Risk Management for the Project • Risk Identification: • Risk Assessment & Analysis : • Risk Response Planning : • • • • • • • Brain Storming Delphi Multi-variable Analysis • Risk Monitoring and Control : Update Monthly or when required Status Reporting Audits & Reviews Mitigation and Contingency actions stated .