Presentation is loading. Please wait.

Presentation is loading. Please wait.

SW Project Management Managing Project Risk

Published byColeen Phillips Modified over 8 years ago

Similar presentations

Presentation on theme: "SW Project Management Managing Project Risk"— Presentation transcript:

1 SW Project Management Managing Project Risk
INFO 420 Dr. Jennifer Booker INFO 420 Chapter 8

2 Risk avoided American culture avoids facing risk
This leads to many problems in project management We want to stick our heads in the sand Somehow that doesn’t make risks go away We need to manage risks proactively INFO 420 Chapter 8

3 Risk Management “If you don’t actively attack risks, they will attack you” - Tom Gilb Risk management is still looked upon as bad news - and messengers are still shot INFO 420 Chapter 8

4 What is risk? A risk is something that might go wrong, which could affect the project outcome The key word is might If the probability is zero, it isn’t a risk at all If the probability is one, it’s certain to occur, and can be treated as a project constraint So any risk has 0% < p < 100% INFO 420 Chapter 8

5 Risk management problems
Typical problems in risk management are Not valuing risk management (RM) Some insist there is no benefit to doing RM Not allowing time for RM RM takes time and effort, get over it! Not identifying and assessing risks consistently Which can waste time and miss opportunities INFO 420 Chapter 8

6 Risk lessons learned So a few lessons learned include
Get commitment by all stakeholders, both to do RM, and agree on significant risks Identify an owner for each risk, so someone is actively managing it Look for typical risks for your type of project; patterns vary INFO 420 Chapter 8

7 RM elements The main elements in risk management are
Risk management planning Risk identification Qualitative and Quantitative risk analysis Risk response planning Risk monitoring and control INFO 420 Chapter 8

8 Risk Management Planning
Similar to security analysis: Identify threats Prevent threats Detect threats (not trivial with information systems!) Mitigate (reduce) the effects of the threats INFO 420 Chapter 8

9 Risk planning The PMBOK defines risk as So a risk can be a good thing
“An uncertain event or condition that, if it occurs, has a positive or negative effect on the project objectives” So a risk can be a good thing We tend to think of the bad ones INFO 420 Chapter 8

10 Project reserves A financial reserve is kept for most projects, in part for risk management Helps protect against Flawed estimates Minor anomalies (unexpected events) Permanent variances (unexpected skill levels) Minor variances (estimates slightly off) INFO 420 Chapter 8

11 Project risk management steps
Risk planning Get commitment from stakeholders Allocate resources Develop and approve RM plan Risk identification Develop a list of risks, their causes and effects INFO 420 Chapter 8

12 Project risk management steps
Risk assessment Analyze the risks for probability and impact Risk strategies Document how to respond to each risk if it occurs (risk response or mitigation plan) Risk monitoring and control During project, look for known risks to occur, and identify new risks INFO 420 Chapter 8

13 Project risk management steps
Risk response Respond to risks that have occurred Risk evaluation Find lessons learned, and how to improve future projects’ RM INFO 420 Chapter 8

14 Identifying IT project risks
The scope and context of risks can be a little intimidating at first, so we break the big problem into little ones Ultimately, and risk might affect the project’s MOV Which could result from changes in scope, quality, schedule, or budget INFO 420 Chapter 8

15 Identifying IT project risks
These could result from people, legal, process, environment, technology, organization, product, or other issues These could be internal to your organization, or external Risks could be known risks, known-unknown risks (risk is known, extent is unknown), or completely unknown risks (unimaginable) INFO 420 Chapter 8

16 Identifying IT project risks
And finally, risks could affect any part of the project life cycle: Conceptualize and initialize the project Develop project charter and plan Execute and control the project Close project Evaluate project success INFO 420 Chapter 8

17 All clear? That only gives:
1x4x7x2x3x5 = 840 ways to classify a risk! Realistically, we only focus on the issues most likely to affect our project Our goal is to identify all the significant risks, not every conceivable risk! INFO 420 Chapter 8

18 Risk tools Learning cycles Brainstorming
For each suspected risk area, identify facts known about it, assumptions being made, and what needs to be researched in that area Test assumptions, and conduct research to identify specific risks Brainstorming INFO 420 Chapter 8

19 Nominal Group Technique (NGT)
Have everyone write down ideas on paper Write on flip chart, one idea from each person, until all are recorded Discuss and clarify the ideas Each person ranks and prioritizes the ideas Group discusses ranking and priorities Redo personal ranking and prioritization Summarize for the group INFO 420 Chapter 8

20 Risk tools Delphi technique – same as used for estimation, but use for identifying risks and their probability and impact Interviewing Checklists, typically from past projects or industry common risks INFO 420 Chapter 8

21 Risk tools SWOT analysis – look at organization and project’s strengths, weaknesses, opportunities and threats Past projects – the ideal solution for all project management problems! Use lessons learned from previous projects INFO 420 Chapter 8

22 Risk tools Cause and effect diagram, or fishbone diagram
Start with a major type of risk Identify 4-6 categories of causes of that risk Brainstorm about ‘what could cause’ that risk to occur, based on the categories Fill in details until you’re bored Then eliminate known minimal risks areas or causes INFO 420 Chapter 8

23 Risk analysis and assessment
Risk analysis estimates the probability and impact of each risk Risk assessment prioritizes risks to help define your risk strategy Which risks are significant enough to prevent actively? Which will require effort if they occur? INFO 420 Chapter 8

24 Qualitative vs quantitative
Both kinds of assessment can be done Use the former most of the time Use the latter for key risks in a steady environment Caveat: the text is misleading about qualitative vs quantitative assessment What they call qualitative is really quantitative What they call quantitative is statistical process control (SPC) INFO 420 Chapter 8

25 Expected value Think of ‘deal or no deal’
If we have several possible outcomes, can calculate for each the probability and resulting payoff (or cost) Multiply probability and payoff to get the impact of each outcome Add impact outcomes to determine the overall expected value of all possible results INFO 420 Chapter 8

26 Decision Tree This is a graphic form of a payoff table
Nodes represent choices (and their costs) or probabilities Map out possible choices, and what their impact outcomes are Pick the highest impact outcome INFO 420 Chapter 8

27 Risk Impact Table Great for analysis and prioritization of risks
Define each risk, its probability, and impact Impact could be in $ or effort to resolve the risk Multiply the latter to get the impact outcomes (P-I score) Sort risks by descending P-I score  instant prioritization! (risk rankings) INFO 420 Chapter 8

28 Risk Impact Table You could* categorize risks by their general impact and probability Kittens – low probability and impact Puppies – high prob, low impact Alligators – low prob, high impact Tigers – high prob and impact, was good at golf * I wouldn’t, but you could… INFO 420 Chapter 8

29 “Quantitative” approaches
Those approaches will cover most situations and needs These approaches might apply if you have more extensive data on specific risks All are based on various types of probability distributions INFO 420 Chapter 8

30 Discrete probability distribution
When you’re measuring discrete events (it happens, or not) then a family of discrete probability distributions come into play In these cases, calculate the probability of each individual event happening (x=0, x=1, etc.), and add them up A subset of these are binomial distributions, where events either happen, or not (like a coin flip, or someone dies) INFO 420 Chapter 8

31 Continuous probability distribution
Often of interest is when a measurement can have real values (not just integers) This results in a continuous probability distribution There are dozens of them: Gaussian, Poisson, Chi-square, F, Student T, etc. INFO 420 Chapter 8

32 Normal distribution A normal (Gaussian) distribution is a bell curve
It has a mean value m and a standard deviation s The probability of an event occurring is the area under the curve If we know a risk follows a normal distribution, we can predict how likely it is to occur within a given range (e.g. of time) INFO 420 Chapter 8

33 PERT distribution This goes with the PERT estimation technique
The mean is (low + 4*likely + high)/6 Std deviation is (high – low)/6 The PERT distribution is lopsided, since we know zero can’t occur INFO 420 Chapter 8

34 Triangular distribution
This is similar to a simplified PERT distribution The mean is (low + likely + high)/3 Std dev = { [ (high-low) (likely-low)*(likely-high) ]/18 }1/2 INFO 420 Chapter 8

35 Simulations In studying the behavior of projects, we could try to determine how they are affected by changes in inputs (assumptions, task durations, etc.) The output of interest might be the project’s cost, schedule, customer satisfaction, etc. INFO 420 Chapter 8

36 Monte Carlo simulations
If we automate this kind of analysis, one approach is using a Monte Carlo simulation (Monte Carlo is the Las Vegas of Europe) In a MC simulation, we define the probability distribution of the inputs we’ve defined INFO 420 Chapter 8

37 Monte Carlo simulations
Then the project results are simulated to see how they turn out This produces a histogram of outputs, with the mean duration, and can find the probability of finishing within a range of times Tools exist to automate this kind of analysis INFO 420 Chapter 8

38 Tornado graph This type of analysis can also produce a tornado graph, which is a bar chart emphasizing the highest risk tasks This is like a Pareto diagram Here the ‘highest risk’ also implies ‘has the highest probability of affecting the project schedule’ INFO 420 Chapter 8

39 Risk strategies Ok, so we have defined risks, and analyzed them to find the biggest threats Now we answer a big question: so what? If these risks occur, what, if anything, will we do about it? That’s our risk strategy, which is different for each risk INFO 420 Chapter 8

40 Risk strategies How we select a strategy depends on
Is the risk a threat or opportunity? How and when will the project be affected? How do we know if the risk is occurring (triggers or risk detection)? What impact does the risk have on MOV? INFO 420 Chapter 8

41 Risk strategies How many resources do we have to deal with this risk?
Remember the balance among scope, schedule, budget, and quality Can we modify a contract or assign resources or otherwise mitigate a risk? How tolerant are the stakeholders of this risk? INFO 420 Chapter 8

42 Risk strategy choices In response to a risk, we can
Accept or ignore the risk, if the impact is minimal, or we can’t do anything about it Use financial reserves to deal with it Have a contingency plan in place Avoid the risk (prevention) Change the project to reduce the chance of the risk occurring INFO 420 Chapter 8

43 Risk strategy choices Mitigate the risk – lessen the impact of the risk after it has occurred Transfer the risk – give the problem to someone else! Buy insurance, subcontract something out, etc. INFO 420 Chapter 8

44 Risk response plan Once key risks have been identified, and your strategies selected, put all this in a risk response plan For each risk, identify What trigger tells you the risk has occurred The owner of the risk (person, not group) The risk response strategy INFO 420 Chapter 8

45 Risk monitoring and control
Now your job is to monitor the risk triggers to see which ones go off And then follow up with appropriate responses Tools exist, such as Risk Radar to help do this Can also conduct risk audits, reviews, or status meetings INFO 420 Chapter 8

46 Risk response When a risk is triggered, your response plan is put into action May include following your mitigation strategy Could include assigning resources to deal with the risk INFO 420 Chapter 8

47 Risk evaluation The process of risk management can be improved like any other through keeping lessons learned What risks did you identify? Which ones occurred? How severe was their impact? Did you risk strategy work or not? Why? INFO 420 Chapter 8

48 Summary Manage risks, or they will manage you Identify plausible risks
Quantify their probability and impact Identify significant risks Develop strategies for dealing with them Keep an eye out for risks which occur, and follow your strategies for dealing with them INFO 420 Chapter 8

Download ppt "SW Project Management Managing Project Risk"

Similar presentations

Chapter 7 Managing Risk.

Chapter 7 Managing Risk.
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
Information Technology Project Management – Third Edition

Information Technology Project Management – Third Edition
Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.

Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.
Project Management.

Project Management.
Risk Management Chapter 7.

Risk Management Chapter 7.
Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.

Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.
Project Risk Management

Project Risk Management
Computer Engineering 203 R Smith Risk Management 7/2009 1 Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks.

Computer Engineering 203 R Smith Risk Management 7/ Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks.
Project Risk Management

Project Risk Management
Proprietary and confidential. © 2006 Perot Systems. All rights reserved. All registered trademarks are the property of their respective owners. www.perotsystems.com.

Proprietary and confidential. © 2006 Perot Systems. All rights reserved. All registered trademarks are the property of their respective owners.
Chapter 11: Project Risk Management

Chapter 11: Project Risk Management
Session 33 Guest Speaker: Gini Van Siclen. Risk Management for Project Managers Gini Van Siclen.

Session 33 Guest Speaker: Gini Van Siclen. Risk Management for Project Managers Gini Van Siclen.
Project Based Risk Management Defusing a potential ticking time bomb

Project Based Risk Management Defusing a potential ticking time bomb
Managing Project Risk.

Managing Project Risk.
Software Project Risk Management

Software Project Risk Management
Managing Project Risk.

Managing Project Risk.
Project Risk Management. Learning Objectives  Understand what risk is and the importance of good project risk management.  Identify project risks, describe.

Project Risk Management. Learning Objectives  Understand what risk is and the importance of good project risk management.  Identify project risks, describe.
Part II Project Planning © 2012 John Wiley & Sons Inc.

Part II Project Planning © 2012 John Wiley & Sons Inc.

Similar presentations

Ads by Google