IS 425

1
IS 425

• Enterprise Information ILECTURE 9
• Autumn 2004-2005 ?2004 Norma Sutcliffe

2
Sourcing Decisions Risk Management

• Exercise
• Quiz
• Lecture

3
Exercise

• Each team is given Leadership Effectivenesstasks
• For each task
• Give one example of the wording of the task in
• Directive Style and who is the appropriate
  audience
• Interactive Style and who is the appropriate
  audience
• Nondirective Style and who is the appropriate
  audience

4
Quiz

• DL students have homework assignment on COL

5
Risk Management

• DefinitionThe process in which potential risks
  to a business are identified, analyzed and
  mitigated, along with the process of balancing
  the cost of protecting the company against a
  risk          vs. the cost of exposure to that
  risk.
• Or, "What imperils getting benefits from
  effort?"

6
General Categories of Risks

• Economic Risks 
• Technical Risks
• Organizational Risks
• Legal Risks
• Terrorist Risks

7
General Categories of Risks

• Economic Risks applies to risks that can
  potentially impact the business. These risks
  could result to failure or loss of business.
• business environment changes
• vendor survival

8
General Categories of Risks

• Technical Risks applies to the risks that can
  impact the development, implementation, and the
  operation of a system. Sources of these risks can
  come from the project teams degree of
  familiarity with the technology, familiarity with
  the application, security and project size. 
• integrating technology with existing portfolio
• poor training
• poor monitor/control 

9
General Categories of Risks

• Organizational Risks  applies to the risks that
  could potentially impact the acceptance of the
  project. Problems arise when there is potential
  reduction of manpower, changing the way business
  process is performed, and when there is increase
  of workload. Consequences to these risks are
  defined below
• resistance to the system
• low morale of personnel
• lack of political support
• possible rejection of the system
• poor procedures
• lack of trained support
• lack of trainers
• ineffective use by users
• poor help desk

10
General Categories of Risks

• Legal Risksapplies to risks arising from
  potential lawsuits and liabilities associated
  with the implementation of a project.
• fiduciary responsibility of managers
• laws and regulations inappropriately administered
  
• personal financial and criminal liability (from
  shareholder lawsuits and FCPA)

11
General Categories of Risks

• Terrorist Risks
• applies to risks arising from intentional
  destruction or malevolent modification of the 
• physical equipment
• data and information files
• communication links
• software

12
Sources of Project Risks

• Project Work
• Project Team and Leader
• Management
• Business Situation
• Other Projects
• External Factors
• Technology
• Vendors and Contractors
• Business Processes
• Business Units
• Customers and Suppliers

13
Sources of Project Risks

• Project Work quality and completeness of the
  work
• Project Team and Leader personality
  issuesallocation of resourcestrust issues
• Management poor or no decision makinglack of
  attention
• Business Situation -- assumptions change--
  conditions change

14
Sources of Project Risks

• Other Projects-- Changes in priorities
• External Factors-- regulatory changes, -- union
  pressures, -- consumer groups-- various special
  interest groups
• Technology-- changes that can make project
  irrelevant

15
Sources of Project Risks

• Vendors and Contractors-- reliability --
  quality-- sustainability
• Business Processes-- reengineering changes power
  bases
• Business Units-- management changes--
  organization changes-- staffing changing
• Customers and Suppliers-- changes in mix

16
Keeping Track of Risks
Keep a count of the OPEN RISKS by type for each
project Update regularly
Keep track of your progress in mitigating /
resolving risksREMEMBER MANY RISKS WILL COME
TOWARDS THE END OF THE PROJECT SO THINK / PLAN
AHEAD
17
Constraints on Taking Actions

• Before taking actions to resolve/mitigate risks
  keep in mind
• Symptoms seen as Problems symptoms can be
  treated leaving the underlying problem
  unresolved growing
• Seen as panicking If you constantly bring the
  risks to managements attention may be seen as
  crying wolf
• Look before you leap get enough facts first

18
Risk Strategies

• Deal only with critical factors need to monitor
  all problems and catch those before they balloon
• React quickly to issues need to know enough
  about what causes issues
• Proactive but still conservative use a method
  that will help you know you have enough to act
  and then act

19
Preferred Project Risk Strategy Method

• Group issues by
• Impact if not solved
• Time pressure to do something
• Use your judgment and experience on positioning
  issues

20
Issues to be Addressed

• Issues 23 and 27 must be addressed
• Issue 10 has time pressure so investigate

21
Time Marches on

• Some issues go away
• Some issues emerge
• Some get more troublesome

22
Risk Issue Management Process

• Create project risk issue database200 commonly
  known problems
• Identify 20-30 most likely based on experience
• Present potential issues to management with
  project proposal
• In estimating project tasks more issues may
  emerge
• All issues relate to tasks if not find the
  missing tasks

23
Risk Issue Management Process

• Phase beginning -- team meetings on near term
  issues-- discuss impact of issues-- track the
  issues-- develop issues resolution table-- use
  1-page project summary to Mgt.
• Create table of issues versus projectsCreate
  GANTT chart (major tasks / issues)-- follow-up
  on resolved issues (no reappearance)-- implement
  actions when known or appropriate
• When resolved -- celebrate

24
Management Communications

• Focus on informal communications with management
  on risk issues
• Focus on getting management slowly on board with
  knowledge of problem growing
• Then on presenting alternatives
• Then on getting approval for actions

25
Project Risk Portfolio Approach

• Same issues database for all major projects
• Common issues reporting method
• Periodically prepare new table of issues versus
  projects
• Support / facilitate
• Meetings
• Analysis on issues
• When issue resolved -- take the decisions,
  then-- identify action items for each impacted
  project-- follow up on action items across
  project-- report to management

26
AFTER PROJECT DEPLOYMENT
RISKS CONTINUE andMUST BE HANDLED
27
OTHER RISK APPROACHES

• For IT investments not project management
•      Portfolio approach manage risks by
  treating IT resources such as hardware, software,
  services and personnel as collection of
  investments. Decisions are made based from the
  potential return of investment or payoff against
  the level of risks.
•      Interdisciplinary Approach applies an
  integrated assessment of the risks from various
  groups in a company to determine and assess all
  dimensions of risks.

28
NEXT WEEK

• REVIEW
• DEBATE WORKSHOP