Risk Management g

What is a Project Risk?

uncertain event or condition I Impacts project objectives j bj i Examples?

Uncertainty is a rule, not an exception Uncertainty is there while pursuing opportunities as well Risk d R k identification consequence f of uncertainty and not reflection of our own ability

Characterizing Uncertainty in Projects

Variation: Cost, time and performance levels vary randomly, randomly but in predictable range Foreseen Uncertainty : A few known factors will influence the project , but in unpredictable way Unforeseen uncertainty: One or more major influences factors can not be predicted Chaos Chaos: Unforeseen events completely invalidate the project's target, planning and approach

Managing Project Uncertainty, Meyer, Loch, and Pich, Sloan Mgmt Review,2002

What is risk management?

Risk Management : Identify, di Id if discuss and d d document and d finalize the mitigation and contingency action plans for foreseen uncertainty through the lifecycle of the project. Also, review and revaluate existing identified risks, and discuss the progress on the mitigation actions.

Risk Planning Risk Monitoring & g Control

IT PROJECT RISK MANAGEMENT PROCESSES

Risk Identification de t cat o

Risk Response planning

Risk Assessment

Project Risk Management Processes

Risk management planning: deciding how to approach and plan the risk management activities for the project Risk identification: determining which risks are likely to affect a project and documenting the characteristics of each Qualitative risk analysis: prioritizing risks based on their probability and impact of occurrence
10

Project Risk Management Processes (continued)

Quantitative risk analysis: numerically estimating the effects of risks on project objectives Risk response planning: taking steps to enhance opportunities and reduce threats to meeting project objectives Risk monitoring and control: monitoring identified and residual risks, id tif i new risks, carrying d sid l isks identifying isks i out risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project
11

Project Risk Management Summary

12

Risk Management Planning

Create a RM plan
Commitment of Stakeholders ti C it t f St k h ld time Frequency of review of the risks Methodology to be followed Availability of tools, if required

Review and up dation of the plan at regular intervals or when required

Risk Identification
Both threats and opportunities can be identified Risks need to be identified through every phase of the project
Can have unique risks associated to every phase Risk identification to start from the proposal stage

Risk Identification
How will you identify? Risk identification tools and techniques include:
Brainstorming The Delphi Technique Interviewing

16

Risk Identification
How will you document identified risk? Risk Register What will you document?
Name Description Owner Triggers Mitigation plan contingency plan

18

Sample Risk Register

22

Qualitative Risk Analysis

Assess the likelihood and impact of identified risks to determine their magnitude and priority Risk quantification tools and techniques include:
Probability/impact matrixes The Top Ten Risk Item Tracking h k k Expert judgment

23

Risk Assessment & Analysis

Analysis: To determine probability and impact of each risk Assessment : Prioritizing risk to formulate the strategy Risk Priority = Probability * Impact

Risk Assessment & Analysis Techniques

W i h d Analysis Weighted A l i Multi-variable Analysis

Weighted Analysis
Probability Reference Table Score 1 2 3 General Scale Low Medium High Probability Infrequently Occasionally Frequently Sco re 1 2 3 4 Impact Reference Table General Scale S l Very Low Low Medium High Very High Impact Nuisance or NA Limits effectiveness Financial Impact, Customer Dissatisfaction Disruption to Operation, Large Financial Impact Major Financial impact, significant compliance concern

Risk Priority = Probability * Impact

5

Highest possible priority = 15 Lowest possible priority = 1

Weighted Analysis
For each variable, determine probability and impact

Risk Variable Schedule Slippage IBM AIX skills not available Delay in Visa processing

Probability (1-3) 3 2 2

Impact (1-5) 5 5 3

Priority (P I) (P*I) 15 10 6

Priority cut-off is determined after calculating priorities Only risks above the cut-off are carried forward for analysis Method favors Impact over Probability

Multi-Variable Analysis
Impact calculated against 4 variables of Schedule, Cost, Quality & Scope to determine impact weight Probability assessed to determine probability weight Probability & Impact used to calculate priority Impact weight classified as Low, Medium or High based on the table below:
Impact Schedule Cost Quality Scope Impact Wt 2

Low

<5% Delay 5% to 10% Delay

<5% increase in effort or cost 5% to 10% increase in effort or cost ff

<2% increase in defect rate or contractually agreed 2% to 5% increase in defect rate f

<2% of functionality can not be delivered 2% to 5% of f functionality y cannot be delivered >5% of functionality cannot be delivered

Medium

High

>10% Delay

>10% Increase in effort or cost

>5% increase in defect rate

10

Multi-Variable Analysis
Probability of impact is classified as Occurrence Improbable Likely Very Likely Probability < 5% chance of occurrence 5% - 50% chance of occurrence 50% chance of occurrence Weight 2 5 10

Multi-Variable Analysis
Risk Impact on Impact Weight Probability Weight Impact Value

IBM AIX skills not available

Schedule Cost Quality Scope Risk Weight

5 5 10 2

5 5 10 2

25 25 100 4 154

Priority of the risk decided on the risk weight as computed above Priority cut-off is determined after calculating priorities Only risks above the cut-off are carried forward for analysis Method favors Impact and Probability equally

Quantitative Risk Analysis

Often follows qualitative risk analysis, but both can be done together Large, complex projects involving leading edge technologies often require extensive quantitative risk analysis Main techniques include:
Decision tree analysis Simulation Sensitivity analysis

38

Steps of a Monte Carlo Analysis

1. Assess the range for the variables being considered 2. Determine the probability distribution of each variable 3. For each variable, select a random value based on the probability distribution 4. 4 Run a deterministic analysis or one pass through the model 5. Repeat steps 3 and 4 many times to obtain the probability distribution of the models results
39

Sample Monte Carlo Simulation Results for Project Schedule

s1

Information Technology Project Management, Fifth Edition, Copyright 2007

40

What should be Risk Strategy or Response to Risk?

Accept or Ignore Avoidance Mitigate Transfer

Slide 40 s1 I can't seem to read the final art files for this chapter. This figure is the same as what should be here except for the dates. OK as is, or can someone put in the proper art file?
schwalbe, 1/21/2005

Risk Response Planning

Each risk must have

One or more mitigation act ons m t gat on actions Contingency actions Each action must have an owner and target completion date
Mitigation action may include modification to project approach or roles and responsibilities Must have a Risk Profile : a template to present
Risk assessment, impact and mitigation plans

The impact on estimates of time, costs, scope

RISK MONITORING AND CONTROL

Risk Audits Ri k R i Risk Reviews Risk Status meeting and Reports Monitor the triggers continuously and keep track of various project risks risks.

Risk Management for the Project

Risk Identification: Risk Assessment & Analysis : Risk Response Planning :

Brain Storming Delphi

Multi-variable Analysis

Risk Monitoring and Control :

Update Monthly or when required Status Reporting Audits & Reviews

Mitigation and Contingency actions stated