Project Risk Management SEII - Lecture 9

Project Risk ManagementSEII-Lecture 9Dr. Muzafar KhanAssistant ProfessorDepartment of Computer ScienceCIIT, Islamabad.RecapProject quality managementPlanning qualityPerforming quality assurancePerforming quality controlProject communication managementIdentifying stakeholdersPlanning communicationsDistributing informationManaging stakeholder expectationsReporting performance2Importance [1/2]Risk management is the art and scienceA frequently overlooked and underestimated aspectSignificant improvement can be achieved to meet project objectivesOften goes unnoticed Study conducted with 38 organizationsEngineering and construction, telecommunications, information systems/software development, high-tech manufacturingMaturity level in different knowledge areasLowest maturity level in risk management3Importance[2/2]KLCI Study with 260 software organizations in 20014Figure source: IT Project Management, K. Schwalbe, 6th ed., p. 424Basic Concepts [1/2]Risk“the possibility of loss or injury”Negativity is associated and uncertainty is involvedNegative VS positive risksNegative risk managementTo lessen the impact of potentially adverse eventsPositive risk managementInvesting in opportunitiesRisk management is an investment5Basic Concepts [2/2]Risk utility / toleranceThe amount of satisfaction / pleasure received from a potential payoffRisk averseLower tolerance for the riskRisk seekingHigher tolerance for the riskRisk neutralA balanced approachKnown and unknown risksResidual and secondary risks6Risk Tolerance7Figure source: IT Project Management, K. Schwalbe, 6th ed., p. 427Main ProcessesPlanning risk managementIdentifying risksPerforming qualitative risk analysisPerforming quantitative risk analysisPlanning risk responsesMonitoring and controlling risk8Planning Risk ManagementHow to approach and plan for risk management activitiesMain output: risk management planPlanning meetings at early stage of projectRisk management policies, risk categories, lesson-learned reports from past projectsReview risk tolerance of stakeholdersClarify roles and responsibilities, prepare budget and schedule estimates for risk-related activitiesLevel of information details can vary9Topics Addressed in Risk Management Plan10Figure source: IT Project Management, K. Schwalbe, 6th ed., p. 427Additional PlansContingency plansPredefined action if risk occursExample: unavailability of new softwareFallback plansTo address high impact riskContingency reserves/allowancesProvisions by organization / project sponsor to reduce the risk11Common Sources of Risks on IT ProjectsStandish group study with 60 IT professionals12Success CriterionRelative ImportanceUser involvement19Executive management support16Clear statement of requirements15Proper planning11Realistic expectations10Smaller project milestones9Competent staff8Ownership6Clear visions and objectives3Hardworking, focused staff3Total100Risk CategoriesMarket riskNew product or serviceFinancial riskAffordance to undertake the projectTechnology riskTechnical feasibilityPeople riskAvailability of skilled peopleStructure/process riskChange in business processes13Example – Risk Breakdown Structure14Figure source: IT Project Management, K. Schwalbe, 6th ed., p. 433Potential Negative Risk Conditions Associated With Each Knowledge Area 15Figure source: IT Project Management, K. Schwalbe, 6th ed., p. 433Potential Negative Risk Conditions Associated With Each Knowledge Area16Figure source: IT Project Management, K. Schwalbe, 6th ed., p. 434Identifying RisksDifferent tools and techniquesBrainstormingDelphi techniqueInterviewingSWOT analysisChecklistsAnalysis of assumptionsDiagramming techniquesRisk registers17Contents of Risk RegisterIdentification numberRisk rankingRisk titleRisk descriptionRisk categoryRoot causeTriggersPotential responsesRisk ownerProbability, impact, and status18Performing Qualitative Risk AnalysisExpert judgment to assess likelihood and impact of identified risksUsing probability/impact matrixTop ten risk item trackingRisk management reviewUpdated risk registersWatch list19Example – Probability/Impact Matrix20Figure source: IT Project Management, K. Schwalbe, 6th ed., p. 439Example – Top Ten Risk Item Tracking21Figure source: IT Project Management, K. Schwalbe, 6th ed., p. 441Performing Quantitative Risk AnalysisFollows qualitative risk analysisMain techniquesData gatheringDecision trees – expected monetary value Simulation – Monte Carlo analysisSensitivity analysisUpdated risk register22Planning Risk Responses [1/2]Developing options and defining strategiesRisk avoidanceEliminate the causeRisk acceptanceAccepting the consequencesRisk transferenceShifting the consequences to other partyRisk mitigationReducing the impact23Planning Risk Responses [2/2]Strategies for positive risksRisk exploitationMake sure the positive risk happensRisk sharingSharing the ownership with other partyRisk enhancementMaximizing the opportunityRisk acceptanceNo extra effort24Monitoring and Controlling RisksExecution of risk processesRisk awarenessRedistribution of resourcesWorkarounds – unplanned responsesRisk reassessment, risk audits, variance and trend analysis, technical performance measurements, reserve analysis, status meetingsUpdated risk register25SummaryBasic conceptsRisk, positive/negative risk management, Risk utility / tolerance (risk averse, risk seeking, risk neutral)Planning risk managementRisk management plan, contingency and fallback plansIdentifying risksBrainstorming, Delphi technique, interviewing, SWOT analysis, checklists, risk registersPerforming qualitative and quantitative risk analysisPlanning risk responsesRisk avoidance, risk acceptance, risk transference, risk mitigation, Risk exploitation, Risk sharingMonitoring and controlling risks26