Professional Documents
Culture Documents
Managing Risk
7–2
Risk Management Process
• Risk
– Uncertain or chance events that planning can not
overcome or control.
• Negative Risk
– Staff turnover, lack of technical skills, scope creep,
cost overun
• Positive Risk-too much of a good thing
– Overwhelmed of products sign-up lead to heavy
access of website and affects of server crash
– New product launched is too successful and get more
demand from expected. Yet, the demand exceed firm
capability to produce the products.
7–3
Risk Management Process
• Risk Management
– A proactive attempt to recognize and manage internal
events and external threats that affect the likelihood
of a project’s success.
• What can go wrong (risk event).
• How to minimize the risk event’s impact (consequences).
• What can be done before an event occurs (anticipation).
• What to do when an event occurs (contingency plans).
7–4
The Risk Event Graph
As the project reaches its later stages, risk declines as uncertainties are resolved.
However, the consequences of a risk event increase in cost over the life of the project as
it becomes more difficult to alter fully developed project features.
FIGURE 7.1
7–5
Risk Management’s Benefits
7–6
Risk register
The Risk
Management
Process
FIGURE 7.2
7–7
Managing Risk
• Step 1: Risk Identification
– Generate a list of possible risks through
brainstorming, problem identification and risk
profiling.
• Macro risks first, then specific events
FIGURE 7.3
7–9
Partial Risk Profile for Product Development Project
FIGURE 7.4
7–10
Risk Assessment Form
FIGURE 7.5
7–12
Risk Severity Matrix
User Interface
4 Backlash problems
Impact=5, occurrence = 2
Likelihood
vs
3 Occurrence=5, impact=2
x
2 System
freezing
Hardware
1 malfunc-
tioning
1 2 3 4 5 FIGURE 7.7
Impact
7–13
Question
• The project manager meets with the project
team to review lessons learned from previous
projects. In what activity is the team involved?
7–14
Question
• The project manager meets with the project
team to review lessons learned from previous
projects. In what activity is the team involved?
– Risk Identification
7–15
Managing Risk (cont’d)
• Step 3: Risk Response Development
– Mitigating Risk
• Reducing the likelihood an adverse event will occur.
• Reducing impact of adverse event.
– Avoiding Risk
• Changing the project plan to eliminate the risk or condition.
– Transferring Risk
• Paying a premium to pass the risk to another party – Security
Testing
• Requiring Build-Own-Operate-Transfer (BOOT) provisions _
Highway
– Retaining Risk
• Making a conscious decision to accept the risk.
7–16
Question
• During risk management activities, 236 risks
have been identified which are caused by 13
root causes. You could eliminate the 234 risks
by your risk management activities. For
remaining 2 risks, you, together with your team,
could not find a way to mitigate or insure the
risks. Also these 2 risks cannot be outsourced or
removed from project scope. What is the last
solution?
7–17
Question
• During risk management activities, 236 risks
have been identified which are caused by 13
root causes. You could eliminate the 234 risks
by your risk management activities. For
remaining 2 risks, you, together with your team,
could not find a way to mitigate or insure the
risks. Also these 2 risks cannot be outsourced or
removed from project scope. What is the best
solution?
– Accept the risk
7–18
Question
• Your project has met with an unexpected
problem. The supply of a critical component of
your final product is delayed by 25 days. You
need to show an alpha prototype of the product
in 15 days. You’ve called a brainstorming team
meeting to determine if you can deliver this
limited version without the critical component.
What are you trying to create?
– a) A risk management plan
– b) A risk mitigation strategy
– c) A workaround
– d) An updated scope baseline
7–19
Contingency Planning
• Contingency Plan
– An alternative plan that will be used if a possible
foreseen risk event actually occurs.
– A plan of actions that will reduce or mitigate the
negative impact (consequences) of a risk event.
• Risks of Not Having a Contingency Plan
– Having no plan may slow managerial response.
– Decisions made under pressure can be potentially
dangerous and costly.
7–20
Question
• Which of the following processes has the Risk
Register as the primary output?
– a) Perform Qualitative Risk Analysis
– b) Monitor and Control Risks
– c) Plan Risk Management
– d) Identify Risks
7–21
Risk Response Matrix
Windows 7 Project
7–23
Risk and Contingency Planning (cont’d)
• Costs Risks
– Time/cost dependency links: costs increase when
problems take longer to solve than expected.
– Price protection risks (a rise in input costs) increase if
the duration of a project is increased.
• Funding Risks
– What if the funding for the project is cut by 25 percent
or completion projections indicate that costs will
greatly exceed available funds?
– Changes in the supply of funds for the project can
dramatically affect the likelihood of implementation or
successful completion of a project.
7–24
Opportunity Management Tactics
Project managers can use several tactics to exploit an
opportunity (take advantage of a positive risk by:
• Exploit
– Seeking to eliminate the uncertainty associated with an
opportunity to ensure that it definitely happens.
– Examples revising a design to enable a component to be
purchased rather than developed internally.
• Share
– Allocating some or all of the ownership of an opportunity to
another party who is best able to capture the opportunity for the
benefit of the project.
– Examples include establishing continuous improvement
incentives for external contractors or joint ventures.
7–25
Opportunity Management Tactics
Project managers can use several tactics to exploit an
opportunity (take advantage of a positive risk by:
• Enhance
– Taking action to increase the probability and/or the positive
impact of an opportunity.
– Example : choosing raw materials that are likely to decline in
price.
• Accept
– Being willing to take advantage of an opportunity if it occurs, but
not taking action to pursue it.
7–26
Question
• After conducting a SWOT Analysis, you have
determined that a business deal is worth
pursuing. You are required to use Agile
development practices. In your company, there
is no expertise in Agile development. Hence,
you partner with another organization that
specializes in Agile development. This is an
example of:
– a) Sharing a Positive Risk
– b) Mitigating a Negative Risk
– c) Exploiting a Positive Risk
– d) Accepting a Negative Risk
7–27
Contingency Funding and Time Buffers
• Contingency Funds
– Funds to cover project risks—identified and unknown.
• Size of funds reflects overall risk of a project
– Budget reserves
• Are linked to the identified risks of specific work packages.
– Management reserves
• Are large funds to be used to cover major unforeseen risks
(e.g., change in project scope) of the total project.
• Time Buffers
– Amounts of time used to compensate for unplanned
delays in the project schedule.
• Severe risk, merge, noncritical, and scarce resource activities
7–28
Contingency Fund Estimate ($000s)
TABLE 7.1
7–29
Managing Risk (cont’d)
• Step 4: Risk Response Control
– Risk control
• Execution of the risk response strategy
• Monitoring of triggering events
• Initiating contingency plans
• Watching for new risks
7–30
Change Management Control
• Sources of Change
– Project scope changes
– Implementation of contingency plans
– Improvement changes
7–31
Change Control System Process
7–32
The Change
Control Process
FIGURE 7.9
7–33
Benefits of a Change Control System
1. Insignificant changes are discouraged
by the formal process.
2. Costs of changes are maintained in a log.
3. Integrity of the WBS and performance measures
is maintained.
4. Allocation and use of budget and management
reserve funds are tracked.
5. Responsibility for implementation is clarified.
6. Effect of changes is visible to all parties involved.
7. Implementation of change is monitored.
8. Scope changes will be quickly reflected in baseline
and performance measures.
7–34
Sample Change
Request
FIGURE 7.10
7–35
Change
Request Log
FIGURE 7.11
7–36
Key Terms
7–37
PERT and PERT Simulation
Appendix 7.1
7–38
PERT—Program Evaluation Review Technique
7–39
Activity and Project Frequency Distributions
FIGURE A7.1
7–40
Activity Time Calculations
(7.1)
7–41
Activity Time Calculations (cont’d)
(7.2)
(7.3)
Note the standard deviation of the activity is squared in this equation; this
is also called variance. This sum includes only activities on the critical
path(s) or path being reviewed.
7–42
Activity Times and Variances
TABLE A7.1
7–43
Probability of Completing the Project
(7.4)
7–44
Hypothetical Network
FIGURE A7.2
7–45
Hypothetical Network (cont’d)
7–46
Possible Project Duration
FIGURE A7.3
7–47
Z Values and Probabilities
TABLE A7.2
7–48