Managing Software Development Projects -

MSDP - CT067-3

Risk Management

Prepared by: Nehru Nagappan First Prepared on: Oct 25, 2015
For Asia Pacific University of Technology & Innovation
 MSPD-Module Topics

This module covers the following topics:

1. Introduction
2. Commencing Project and Scope Management
3. Work Breakdown Structure
4. Scheduling
5. Resource Utilization and Maximization
6. Risk Management
7. Quality Management and Software Testing
8. Communication Management
9. Procurement Management
10. Earned Value Management
11. Project Management Skills/Methodologies (Tailoring and
Hybrids)

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Learning Outcomes

• At the end of this module, YOU should be able

to:
– appreciate the role of risk planning in project
management
– apply some common risk management techniques
to a typical IT project
– create and maintain an effective risk database
– integrate the risk plan and project plan for a typical
project
– work within a basic risk management system

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹#›

 Key Terms

• If you have mastered this topic, you should be able to

use the following terms correctly in your assignments
and exams:

– Risk Management
– Risk Register
– Risk Probability
– Risk Impact
– Qualitative Risk
– Quantitative Risk
– Risk Response
– Risk Categories

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹#›

 Main Teaching Points

Definition of Risk & Risk Identification Risk Probability and

Risk Management Impact

Risk Response Risk Control

Planning

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 PMBOK 10 Knowledge Area

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹6›

 Project Life Cycle Processes

Closing
Initiation

Monitor / Project Life Cycle

Control

Planning

Executing

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Project Mgmt Processes

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹8›

 Project Risk Management

11.3
Perform
Qualitativ
11.2
e
Identif
Risk
y
Analysis
Risk

11.4
11.1 Perform
Plan Risk Project Risk Quantitativ
Manageme e
nt
Management Risk
Analysis

11.5
Plan
Risk
Responses
11.6
Monitor
&
Control
Risks

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Definition (PMBOK)

Definition of Project Risk

- an uncertain event or condition that, if occurs, has a
positive or negative effect on the project objectives

Definition of Risk management

- the systematic process of identifying, analyzing and
responding to project risk. It includes maximizing the
probability and consequences of positive events and
minimizing the probability and consequences of
adverse events

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹10›

 General Risks (what to look for)

Preliminary &
Project approval Execution Closure
detailed planning

Unavailable subject matter experts No Risk Management Plan Unskilled Labor Poor quality

Poor definition of problems Hasty Planning Material availability Unacceptable to customer

Unclear objectives Poor Specifications Strikes Cash flow issues

Unclear SOW Weather

No management support Changes in Scope

Poor Role definition Changes in schedules

Inexperienced Team Regulatory requirements

no control system in place

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹11›

 What is Risk?

• Measure of probability and consequences of

NOT achieving a project goal

• 3 components:
– An Event
– A probability
– An Impact

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 What is Risk Management?

• An organized means of identifying and

measuring risk, and selecting, and managing
options for handling these risks.
- Harold Kerzner

• Not to be managed separately (i.e. risk mgmt

dept).
• Is a PROACTIVE approach

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Plan Risk Management

– Document:
• statement of scope & degree of risk management applied to
particular project
• commitment from stakeholders
– Resources – time, people and technology
• description of risk management process applied to particular
project

• method of assessment
– when & how monitoring takes place
• roles & responsibilities
– who is in charge of RM process & reporting structure etc.
• description of risk management deliverables

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹14›

 Identify Risks

• Classify project risk according to source.

• Sample sources:
– PMBOK Knowledge Area
– System Engineering documentation
– Project Life Cycle
– Plan/WBS decomposition
– Schedule analysis
– Requirement Documents
– Lessons learned files
– Assumptions analysis
– Performance measurement
– Expert judgment
– Brainstorming

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Risk Quantification

• Qualititative Risk Analysis

• Quantitative Risk Analysis

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹16›

 Qualitative Risk Analysis

1. Identify probability

1. Identify the likely impact or consequence

1. Identify Priority

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Qualitative Risk Analysis

A suggested scheme for assessment

– probability (likelihood) of risk occurring:
• high > 50%
• medium 10% - 50%
• low <10%

– impact on project:
• high overspend/over-run by > 50% or abandon
• medium overspend/over-run by 10% - 50%
• low overspend/over-run by <10%

– Urgency/priority of the risk

• how soon risk may occur
• how soon measures need to be in place

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹18›

 Qualitative Risk Analysis

Measures to be taken:

High ACCEPT MITIGATE INCLUDE

PROBABILITY

Med IGNORE OPTION MITIGATE

Low IGNORE IGNORE INSURANCE

Low Med High

IMPAC
T

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Qualitative Risk Analysis

• Risk Heat Map

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹20›

 Quantitative Risk Analysis

• Estimated
Monetary
Value (EMV)
= Probability *
Contingency
Cost

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹21›

 Plan Risk Responses

• Range of responses:
– Eliminate Risks
• to remove the risks completely
– Mitigate Risks
• reducing the risk probability and impact
– Deflect Risks
• Transfer risk to another party
– Accept Risks
• Accept the consequences.

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Risk Register

• Document all identified risks, quantify and

respond
• Assign responsibility for implementation.

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Risk Register

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Risk Register

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Monitor & Control Risk

Risk management is a continuous process:

– risks arise, are ‘managed’, monitored & ‘archived’
– some predicted risks never arise & are ‘cancelled’
– unpredicted risks arise, are assessed & added to plan

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization ‹26›

 Monitor & Control Risk

• Use the RMP as basis for Risk Control

• Analyze existing Risks weekly
• Communicate risks to all stakeholders – get
agreement on the action plan
• Where possible, follow-up with appropriate
training and dry-runs
• Document lessons learned

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization

 Any Questions ?

(CE00232-7-ITPM) 06 – Resource Utilization & Maximization