Title: UN 0603 Unit 11
1UN 0603Unit 11
Dr. J. Michael Bennett, P. Eng., PMP UNENE,
McMaster University, The University of Western
Ontario Version 2K6-X-26
2Change Control
3EP 704 Road Map
- Unit 1 Introduction to Project Management
- Unit 2 The Project Management Context
- Unit 3 Project Management Processes
- Unit 4 Project Integration Management
- Unit 5 Project Scope Management
- Unit 6 Project Cost Management
- Unit 7 Project Time Management
- Unit 8 Project Quality Management
- Unit 9 Project Human Resource Management
- Unit 10 Project Communications Management
- Unit 11 Project Risk Management
- Unit 11 Project Procurement Management
4Dilbert and Risk
5Introduction
- Processes concerned with conducting
- Risk management planning
- Risk identification
- Risk analysis
- Risk responses
- Monitoring and controlling risk
6Commercial databases
11.1 Risk Man. Planning
PMP
PP, Guidelines
Approved Change Reqs
Lessons Learned
Risk Management Plan
Scope Statement
Approved Change Requests
Risk Register
Risk Register Updates
Cost Management Plan
Schedule Management Plan
Risk Register Updates
PMP Updates
Performance Reports
Risk Register Updates Risk-related contractual
agreements
Work Performance Information
History, Calendar
Requested Changes
OPA Updates
PMP Updates
7Objectives of Risk Management
- To increase the probability and impact of
positive events - To decrease the probability and impact of
negative events - Note we normally concentrate on the latter and
thankfully accept the former
8Six Main Processes
- Risk Management Planning
- Risk Identification
- Qualitative Risk Analysis
- Quantitative Risk Analysis
- Risk Response Planning
- Risk Monitoring and Control
9 Project Risk Management
11.2 Risk Identification 11.2.1 Inputs .1EEP
.2 OPA .3 Project Scope Statemt
.4 Risk Management Plan . 5 PMP 11.2.2
Tools and Techniques .1 Documentation
Reviews .2 Info Gathering Techs .3
Checklist Analysis .4 Assumptions Analysis
.5 Diagramming Techs 11.2.3 Output
.1 Risk Register
11.3 Qualitative Risk Analysis 11.3.1 Inputs
.1 EEP .2 OPA .3 Project Scope
Statement .4 Risk Management
Plan 11.3.2 Tools and Techniques .1 Risk
Prob, Impact Assesst .2 Prob Impact
Matrix .3 Risk Data Quality .4 Risk
Categorization .5 Risk Urgency
Assesst 11.3..3 Output .1 Risk Register
Updates
11.1 Risk Management Planning 11.1.1 Inputs
.1 EEP .2 OPA .3 Project Scope
Statement . 4 PMP 11.1.2 Tools and
Techniques .1 Planning Meetings
Analysis 11.1.3 Output .1 Risk
Management Plan
1011.4 Quantitative Risk Analysis 11.4.1 Inputs
.1 EEP .2 Project Scope Statement
.3 Risk Management Plan .4 Risk Register
. 5 PMP 11.4.2 Tools and Techniques .1
Data Gathering Rep Teks .2 Quant. Risk Ana
Modeling 11.4.3 Outputs .1 Risk Register
Updates
11.5 Risk Response Planning 11.5.1 Inputs .1
Risk Management Plan .2 Risk Register 11.5.2
Tools and Techniques .1 Strategies for Risk
Threats .2 Strategies for Opportunities
.3 Strategies for Both .4 Contingent
Response Strategy 11.5.3 Output .1 Risk
Register Updates .2 PMP Updates .3
Risk-related Contractual Agreements
11.6 Risk Monitoring Control 11.6.1 Inputs
.1 Risk Management Plan .2 Risk Register
.3 Approved Change Requests .4 Work
Performance Info. .5 Performance
Reports 11.6.2 Tools and Techniques .1 Risk
Reassessment .2 Risk Audits .3
Recommended Corrections .4 Technical Perf.
Meas. .5 Reserve Analysis .6 Status
Meetings 11.6.3 Output .1 Risk Register
Updates .2 Requested Changes .3 Recd
Corrections .4 Recd Preventions .5 OPA
Updates .6 PMP Updates
11Risky Quotes
1. If you know your enemy and yourself, you need
not fear the result of a hundred battles (Sun Tzu
500BCE) 2. If you do not actively attack risks,
risks will actively attack you! 3. Risk
prevention is more cost-effective than risk
detection. 4. The degree of risk and its causes
must not be hidden from the decision-makers. 5.
If you dont ask for risk information, youre
asking for trouble.
12Definition of Risk
- Involves at least these 2 characteristics
- uncertainty
- loss
- Risk is the possibility of suffering loss (SEI)
- Risk is the measure of probability and severity
of adverse effects (Lowrance) - Risk is the potential for realization of unwanted
negative consequences of an event (Rowe)
13Risk Statement
- For a risk to be understandable, it must be
expressed clearly - Must include
- description of current conditions that might lead
to a loss - description of loss or consequence
14Principles of Continuous RM
15Core Principle
- Open communication
- encourage free-flow of information
- enable communication(formal, informal, impromptu)
- accept all views
16Defining Principles
- Forward-looking view
- Shared product vision
- Global perspective
17Sustaining Principles
- Integrated Management
- Teamwork
- Continuous Process
18Our Risk Paradigm
Control
Track
Identify
QQ Analysis
Plan
19Identify
- Search for and locate risks before they become a
problem - Risk ID is a continuous process
- Risk is everyones business
20Analyze (Qualitative Quantitative)
- Transform risk data to make decisions
- Evaluate impact, probability, timeframe
- Classify risks
- Prioritize risks
21Plan
- Build a Risk Plan
- Transform risk information into decisions and
actions - Planning is continuous
- Planning is forward-looking
- Planning need shared product, global vision
22Track
- Monitor risk indicators
- Trigger mitigation action plans
- Tracking is continuous
- Combine risk with project tracking
23Control
- Correct for deviations from risk mitigation plans
- Combine with project control
- Keep communications open
24Above all, COMMUNICATE
- Provide internal feedback on risks info
- and external
25SPMP Risk Factors
- Real-world risks
- Technological risks
- Risks due to size
- People risks
- Customer risks
- Business risks (covered above too)
26Real-World Risks
- Contract risks
- Management risks
- External risks (e.g.... Eastern Europe)
- Acts-of-God
27Contract Risks
- Will explore in next unit ad naseum
- Make sure you can deliver
- NEVER promise too much-)!!!!!
28Management Risks
- Financial health of organization
- Takeoverability of organization
- Management attitude
- Government inertia
- Cost of capital
- Cost of raw materials
29External Risks
- Eastern Europe syndrome (i.e.... market
volatility example of a risk) - Government intervention (equal-opportunity
initiatives) - GATT/FTA problems
30Acts-of-God Risks
- Hurricanes, tornadoes, tidal waves etc..
- Pestilence, plagues etc..
- Plane crashes etc..
- Earthquakes
31Technological Risks
- Software
- Hardware
- New technologies
- Technology failures
- Technology scoops
- Write-offs of legacy equipment
32Risks due to Size
- Star-Trek syndrome (to fail boldly where...)
- Size has its own problems
- Application may overstretch tech platform
- MULTICs example
- The non-linearity of extrapolation
33People Risks
- People volatility
- People burn-out
- Shrinkage of labour supply
- Inappropriate skilling of people
- Boring work
- Union problems
34Customer Risks
- Customer financial stability
- Requirement changes
- Environmental changes (only buy Mongolian all
documentation must be in Mayan) - External interfaces changed (now we use Linux)
35Business Risks
- Building a product that no one wants
- Building a product that no longer fits into the
FedGov strategy - Building a product that the sales force does not
understand - Losing senior management support
- Losing budget
3611.1 Risk Management Planning
11.1.1 Inputs .1 EEP .2 OPA .3
Project Scope Statement . 4 PMP 11.1.2 Tools
and Techniques .1 Planning Meetings
Analysis 11.1.3 Output .1 Risk
Management Plan
3711.1.1 Inputs
- EEFs
- Flavour of the Org will set the Risk agenda
- May be expressed in policy statements
- May be inferred from actions
- OPAs
- May have risk categories, common definition of
terms - Standard templates
- Roles responsibilities
- Authority levels for risk decision making
38Risk Planning
- can easily have 30-50 risks
- use Pareto 80/20 rule to cull
- prepare a Risk Management Plan RMP
- General plan aspects
- Boehms Top Ten
- Boehms List
- RMMP
39The Top Ten SW Risks (after Boehm)
Risk Risk Management Techniques 1
Personnel Staffing with top talent, job matching
team building shortfalls morale building,
cross-training, prescheduling key people 2
Unrealistic Detailed, multisourced cost-schedule
estimation use of schedules and design and
FP metrics, software reuse requirements
budgets engineering 3 Developing
the Organizational analysis mission analysis
wrong software user surveys prototyping early
users functions manuals 4 Developing
the Task analysis prototyping scenarios user
wrong user characterization interface 5
Gold Requirements scrubbing prototyping
cost-benefit Plating analysis design to
cost
40The Top Ten SW Risks (after Boehm)
6 Changing High change threshold information
hiding incremental Requirements development
7 Shortfalls in Benchmarking inspections
reference checking externally
supplied compatibility analysis
components 8 Shortfalls in Reference
checking pre-audit awards award-fee
externally performed team building competitive
design tasks 9 Real-time Simulation
benchmarking modeling prototyping
performance SFs instrumentation tuning 10
Straining CS Technical analysis cost-benefit
analysis prototyping capabilities referenc
e checking
41Common SW Weaknesses 90-95
- 1 Schedules set before definition
- 2 Excessive schedule pressure
- 3 Major Reqs change after SO
- 4 Inadequate PM skills
- 5 Inadequate pretest defect removal procs
- 6 Inadequate SW process
C. Jones Applied Software Measurement McGH 1997
42Weaknesses cont.
- 7 Inadequate office space, environment
- 8 Inadequate training
- 9 Inadequate support for reuse, code and design
- 10 Inadequate orgs, specialist support
- 11 Too much emphasis on partial solns
- 12 Too new technologies
43Common Strengths, 1990-95
- 1 Experience in application area
- 2 Morale and cohesiveness
- 3 Experience with prog langs
- 4 Experience with support tools
- 5 Experience with hardware
- 6 Availability of hardware
44Strengths cont.
- 7 Availability of support tools
- 8 Use of adequate testing methods
- 9 Use of configuration management
- 10 Use of structured code methodologies
- 11 Use of formal assessments
- 12 Use of geriatric tools for legacy SW
4511.1.2 TT
- The Team will have planning meetings to develop
the Risk Management Plan - Again is successively elaborated
4611.1.3 Risk Management Plan
- Includes at least the following
- Methodology
- Roles responsibilities
- Budgeting
- Timing categories
- Definitions of risk probability and impact
- Probability Impact Matrix
- Stakeholders tolerances
- Reporting formats
- Tracking
47Risk Breakdown Structure (RBS) PMBOK Pg 244
PROJECT
Project Management
Technical
External
Organizational
Project Dependencies
Estimating
Resources
Planning
Funding
Controlling
Prioritization
Communication
48Impact Scales for 4 Project Objectives PMBOK pg
245
49Sample Risk Management Plan (Charette)
- I Introduction 1. Scope and purpose 2.
Overview a) Objectives b) Risk aversion
priorities 3. Organization a) Management b)
Responsibilities c) Job descriptions 4.
Aversion program description a) Schedule b)
Major Milestones and reviews c) Budget
50Sample Risk Management Plan (Charette) cont.
- II Risk Analysis 1. Identification a) Survey
of risks b) Sources of risk c) Risk
Taxonomy 2. Risk Estimation a) Estimated
probability of risk b) Estimated consequence of
risk c) Evaluation of risk referents d)
Evaluation results 3. Evaluation a) Evaluation
methods to be used b) Evaluation method
assumptions and limitations c) Evaluation risk
referents d) Evaluation results
51Sample Risk Management Plan (Charette) cont.
- III Risk Management1. Recommendations2. Risk
aversion options3. Risk aversion
recommendations4. Risk monitoring procedures - IV Appendices1. Risk estimate of the solution2.
Risk abatement plan
5211.2 Risk Identification
11.2.1 Inputs .1 EEP .2 OPA .3
Project Scope Statement .4 Risk
Management Plan . 5 PMP 11.2.2 Tools and
Techniques .1 Documentation Reviews .2
Info Gathering Techniques .3 Checklist
Analysis .4 Assumptions Analysis .5
Diagramming Techniques 11.2.3 Output .1
Risk Register
53Risk Identification
- Determines which risks might affect the project
and document their characteristics - Who does this
- PM, team members, management team
- SMEs, other external experts
- Customers, end users
- Stakeholders
54Risk Identification
- Step 1 Capture the Statement of Risk
- Step 2 Capture the Context of the Risk
55Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
56Step 1 Capturing a Statement of Risk
- The Risk statement consists of 2 parts
- condition a single phrase describing the key
circumstances, situations, causing concern,
doubt, anxiety, uncertainty - consequence a single sentence describing the key
(normally negative) outcomes of the current
situation
57Example
- Condition The GUI must be coded using X Windows
and we do not have expertise in X Windows - Consequence The GUI code may not be completed in
time and may be inefficient
58Step 2 Capturing the Context of a Risk
- This includes recording additional information
regarding the circumstances, events and
interrelationships that may affect the risk - intent is to provide enough extra information
that other people can understand the risk,
particularly after time has passed
59Example
- A GUI is.. And we need one because
- The graphical interface is an important part of
the system and we do not have anyone trained in X
Windows. We have all been studying the language
but it is complex and only one person on the team
has any graphics experience and that is with
Windows on a PC.
6011.2.2 Risk Identification TT
- .1 Documentation Reviews
- .2 Info Gathering Techniques
- .3 Checklist Analysis
- .4 Assumptions Analysis
- .5 Diagramming Techniques
61.1 Documentation Reviews
- Structured review of
- Project documentation
- Plans, assumptions
- Prior project morgue files
- Check the consistency of the various plans
62.2 Information Gathering Techniques
- Brainstorming
- Delphi technique
- Interviewing
- Root cause identification
- SWOT analysis
63.3 Checklist Analysis
- Like Boehms list
- Org should have one
- Check out textbooks
- Look at the lowest level of the RBS/WBS
- Note that we cannot build an exhaustive list,
ever!
64.4 Assumptions Analysis
- Find the assumptions
- Check out the validity of the assumptions
- Look at the inaccuracy, inconsistencies,
incompleteness of those assumptions
65.5 Diagramming Techniques
- Ishikawas
- Process flow charts
- Influence diagrams
66Ishikawa Diagrams
Environment
People
Process
hard to modify
hard coded
Unit 12 costs 50 of all Effort LQ
Measurement
Machines
Materials
67Sample Process Flowchart PMBOK page 194
NO
7 Vendor makes Proofs
6 Artwork out for Proofs
YES
NO
NO
8 Proofs acceptable?
9 QA Review Approval?
10 Proof back to Vendor
11 Specs Signed
YES
YES
12 Order Materials
6811.2.3 Risk Identification Outputs
- Risk Registry
- A PMI term to indicate the repository of all of
the information associated with risks - Available to other planning areas and processes
69Risk Registry
- List of identified risks
- List of potential responses
- Root causes of the risks
- Updated risk categories
7011.3 Qualitative Risk Analysis
11.3.1 Inputs .1 EEP .2 OPA .3
Project Scope Statement .4 Risk
Management Plan 11.3.2 Tools and Techniques
.1 Risk Probability Impact Assessment .2
Probability Impact Matrix .3 Risk Data
Quality .4 Risk Categorization .5 Risk
Urgency Assessment 11.3.3 Output .1 Risk
Register Updates
71Purpose of Qualitative RA
- Focuses on ranking in non-numeric terms
- Want to focus on high-priority risks especially
- Risk has 3 dimensions
- Probability of occurrence
- Impact of eventuated risk
- Timing of the risk
- Is rapid, cheap, foundational
- Indicates the need for expansion in quant section
72.1 Risk Probability Impact Assessment
- Severity LikelihoodImpact
- Ranking very important
733.1 Risk Estimation
- Also called Risk Attribute Evaluation
- Try to rate
- Likelihood of risks reality
- Consequences of risks effects
- Severity Likelihood x Consequence
74Likelihood
- What is the chance that it might happen?
- Impossible
- Unlikely
- Likely
- Guaranteed to happen
75Risk Consequences
- Nature of riskWhat are the problems associated
with this risk happening? - Scope of riskhow serious is it AND how much of
the project will be harmed (or how many
customers?) - Timing of riskwhen and how long will the effects
be felt? - Assign a rating
76Risk Examples
- task is to map quadruples onto STEPS to avert risk
RISK Management
RMMP
77Evaluating Risks
- Air Force example
- Binary level
- Ternary level
- Probability
78Binary Level
- There are 4 possibilities (impact-probability)
- 1 yes-yes (high)
- 2 yes-no (moderate)
- 3 no-yes (moderate)
- 4 no-no (low)
79Ternary Level
- 9 levels
- h-h, h-m, m-h (high)
- h-l, m-m, l-h (moderate)
- m-l, l-m, l-l (low)
80Air Force Categorization
- Impact
- catastrophic
- critical
- marginal
- negligible
- Probability
- frequent
- probable
- improbable
- impossible
81.2 Probability Impact Matrix
- Can also use a stoplight chart as follows
- Permits us to rank risks or put them in a common
risk basket
82Probability- Impact Matrix PMBOK page 252
THREATS
OPPORTUNITIES
Impact
83International Nuclear Event Scale
- L Name Criteria Examples
- 0 Below scale no safety experience
- 1 Anomaly variation from pp
- 2 Incident insig release of R
- 3 Serious " very small RoR Vandellos E, 1989
- 4 Acc without minor RoR StLaurent F, 1980
- sig offsite RoR Sig plant dam, death
- 5 Acc with " limited RoR TMI 1979, Japan 2K
- 6 Serious A sig RoR
- 7 Major Acc major RoR, Widespread Chernobyl
- health, envir effects
- RoR Release of Radiation
sigsignificant
84.3 Risk Data Quality
- An non-numeric assessment of the quality of the
data - Tries to qualitatively estimate
- Degree of understanding of the risk
- Accuracy of the risk data
- Quality of the risk data
- Reliability of the risk data
- Integrity of the risk data
85.4 Risk Categorization
- Grouping makes it much more cost-effective
86Risk Classification
- Group risks into similar groups
- Permits removal of duplicate risks
- Allows for separate approaches depending on the
group
87Classification Perspective
- Predefined (like Boehms)
- Self-organized (based on common characteristics)
88Classification by Source/Impact
- Source based on the same cause or source
- Impact based on the impact on the Project
89Taxonomy Element
90.5 Risk Urgency Assessment
- Need to assess the risk timing
- A risk that has eventuated is no longer a risk
its a FACT
9111.3.3 Qual Risk Analysis Outputs
- Risk Registry Updates
- Priority ranking of risks
- Risks grouped by category
- Risks requiring near-term response
- Risks requiring more analysis/response
- Watch lists of low priority risks
- Trends in qualitative risk analysis results
9211.4 Quantitative Risk Analysis
11.4.1 Inputs .1 EEP .2 Project Scope
Statement .3 Risk Management Plan
.4 Risk Register . 5 PMP 11.4.2 Tools and
Techniques .1 Data Gathering
Representation Techniques .2 Quantitative
Risk Analysis Modeling 11.4.3 Outputs .1
Risk Register Updates
93Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
94Quantitative
- Here we put numbers on the risks
- Here be Dragons
- Just because there is a number, does not make it
true! - Not everything that matters, can be measured.
- Not everything that is measured, matters
95The Ideal is to
- Quantify the possible outcome
- Assess the probability of achieving objectives
- Use the numeric ranking to watch the highest
- Identify realistic costs, schedules, scope
targets in the face of the project risks - Determine the best PM decision when some risks
rear their ugly heads
96.1 Data Gathering Representation Teks
- Interviewing
- Probability distributions
- Expert judgment
97Range of Cost Estimates
98Probability Distributions
Likely
Likely
Beta
Triangular
99.2 Quantitative Risk Analysis Modeling
- Sensitivity analysis
- Expected monetary value
- Decision tree analysis
- Modeling and simulation
100Decision Tree Diagram Upgrade?
Build New Plant
Build or Upgrade
Upgrade New Plant
101Risk Register Updates
- Probabilistic analysis of project
- Probability of achieving cost and time objectives
- Prioritized list of quantified risks
- Trends in quantitative risk analysis results
102Probability
- 0 means impossible
- 1 means will happen
- 0.0001.0.99999
- provides a continuum of values
- normally must eyeball
103Failure Intensities (Death/106 hrs)
- Space shuttles 38,000
- Nuclear Plants 3,400
- Horseback ride 2,860
- Light bulbs 1,000
- NYC subway cars 478
- Motorcycles 143
- (Disabling household injuries)
4.1
- (Car thefts) 1.1
- Death at 35 1.0
- Auto deaths 0.7
- Air deaths 0.5
- Death by fire .00023
- Electrocution .00006
104Quantifying Risks with Probability
- Sev Likelihoodi x Impacti
- Problem is that it is hard to quantify these
- For example, what is the likelihood of a ship
hitting an iceberg in the North Atlantic?
105Prioritizing Risks
- Use the Pareto Rule
- Pick the top 10
106Risk Example
- Suppose that you have identified the triplet
- 1. r1 high staff turnover
- 2. l1 estimated at 0.70
- 3. x1 impact of increasing project duration by
15 and overall cost 12 - 4. s1 severity is .7 X .15
-
107 Risk Example cont.
- Steps to Reduce the Risk of Turnovers might
include - meet with current staff to determine causes of
high turnover - change these before project commences
- assume that turnover WILL occur during project
and build that into plan - organize project teams so that information about
each development activity is widely dispersed - define documentation standards
- establish mechanism so that these are developed
in a timely manner - conduct peer reviews and walkthroughs for
second-sourcing - identify critical technologists
- define a backup person for each critical
technologist
108Risk Product Number (RPN)
- Uses 3 variables
- Occurrence
- Severity
- Detection
- RPNOSD (each ranked 1-10, increasing)
- RPN1 most risk free
- RPN1000 yikes! Head for the hills!
109OOccurrence
- Remote 1
- Low failure rate 2-3
- Moderate 4-6
- High 7-9
- Very high almost certain 10
110SSeverity
- Insignificant 1 - customer will not notice
- Low severity 2-3 - slight annoyance
- Moderate 4-6 - some dissatisfaction
- High 7-9 - anger
- Very high 10 - customer at risk
111DDetection Ranking
- Very High 1 - design controls will find Ds
- High 2-3 - good chance to detect failure
- Moderate 4-5 - may detect failures
- Low 6-7 - not likely to detect
- Very low 8-9 - will not detect
- Unlikely 10 - no controls at all!
112 Case Study aluminum beverage cans
- Pressure of compressed liquid splits can open
- Compression of top causes stepped neck into can
- Cans side wrinkles the way they do in an empty
can - Cans bottom pops out
- Cans bottom splits open
- Cans top arches to accommodate pressure
- Rivet in pop-top is ejected
- Top cracks open when scored
- Can leaks at rim where top joins side
113Aluminum Can Example
- Part FM F Mech Eff FR SR DR RPN Acts
- Side break pressure splits leak 4 7 4 112
thicken - sides open can wall
- wrinkle insuff wall ugly 4 5 3 60
- thickness
- Top neck ext impact ugly 3 6 6 108 protect
- pushed in when shipd
- arches top arches ugly 3 5 3 45
stiffen - out can wall
- Bottom pops out press can 5 6 5 150 stiffen
dish - falls bottom
- splits press leaks 3 7 4 84 stiffen
- can wall
- Rivet ejected hi press leaks 5 8 4 160 ??
11411.5 Risk Response Planning
11.5.1 Inputs .1 Risk Management Plan
.2 Risk Register 11.5.2 Tools and Techniques
.1 Strategies for Risk Threats .2 Strategies
for Risk Opportunities .3 Strategies for
Threats and Opportunities .4 Contingent
Response Strategy 11.5.3 Output .1 Risk
Register Updates .2 PMP Updates .3
Risk-related Contractual Agreements
115Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
116.1 Strategies for Risk Threats
117Planning
- What is planning?
- Is it MY Risk? (assign responsibility)
- What can I do? (approach)
- How Much and What? (scope and actions)
- Set Mitigation considerations
- Guidelines and tips
118Objectives of the PLAN
- ID risks sources and consequences
- develop effective plans
- plan efficiently
- produce the correct set of actions to minimize
risk and impacts - plan important risks first
119Whose Risk IS it?
- 3 options
- 1 keep the risk
- 2 delegate the risk within the organization
- 3 transfer it outside
120Qs to Ask
- Who could solve this risk?
- Who has the power to allocate resources?
- Who can be held accountable for this risk?
- Who has the time to manage this risk?
- Who has the opportunity to take action?
121Keep the Risk
- Retain accountability, responsibility, authority
- You have resources, knowledge, position to manage
risk - You approve all risk actions
122Delegate
- You retain accountability, assign responsibility
and authority - You manage the risk
123Transfer
- You assign accountability, responsibility,
authority - Third party now accepts the risk
124What to do?
- If you do not know enough about this risk to
decide, research - Can you live with the risk? Accept
- No can I mitigate? No track the risk
- Yes develop a mitigation plan
125Culling Risks
- All risks cannot be planned simultaneously.
- Plan in order of important at this time
- What is important now to the project, client,
user, management? - Is the project facing critical milestones?
- What limits, constraints does the project have?
- What milestones are fixed, flexible?
- What resources are available for mitigation?
- How does this risk factor into the overall
project concerns?
126Range of Mitigation Approaches
- 1 Research
- 2 Accept
- 3 Mitigate
- 4 Track
127Mitigation Scope
- Some Questions for Mitigation
- How complex will the mitigation be?
- How will it be documented?
- What is the strategy?
- What are the tasks?
128Action Item?
- Risk statement
- Mitigation goal measures
- Responsible person
- Action items
- Due dates and closing dates
- Contingency action and triggers
129or Task Plan?
- Risk statement
- Mitigation goal measures
- Responsible person(s)
- Related risks
- Due date for task plan completion
- Due dates and closing dates
130Task Plan cont.
- Chosen strategies
- Specific actions
- Budget
- Schedule (MSP)
- Risk tracking indicators, thresholds, reporting
frequency - Contingency action and triggers
131Risk ROI
- Rule of Thumb do not spend more than 10 on
mitigation
132Set Mitigation Considerations
- Try to collect related risks into a set
- can benefit from coordinated mitigation
- avoid possibly conflicting goals
- increase cost-effectiveness
133Hints
- ID specific, implementable actions which will
preempt problems - Create the desired further state
- Integrate RMMP with project plans
- Communicate mitigation plans to all affected
personnel - Do not lose sight of the end product
134.2 Strategies for Risk Opportunities
135 .3 Strategies for Threats and Opportunities
136.4 Contingent Response Strategy
- Will happen only if predefined conditions occur
- Events that can trigger the contingency must be
defined and tracked
13711.6 Risk Monitoring and Control
11.6.1 Inputs
11.6.3 Output .1 Risk Management Plan
.1 Risk Register Updates .2
Risk Register .2
Requested Changes .3 Approved Change
Requests .3 Recd Corrections .4
Work Performance Info. .4 Recd
Preventions .5 Performance Reports
.5 OPA Updates 11.6.2 Tools and
Techniques .6 PMP Updates
.1 Risk Reassessment .2 Risk Audits .3
Recommended Corrections .4 Technical
Performance Meas. .5 Reserve Analysis
.6 Status Meetings
138.2 Risk Reassessment
- Risks are temporal
- Constantly being reassessed
- At project meetings for example
139 Risk Tracking
- Starts as soon as RMP is done
- Gaulish in that its 3 objectives are1. to
assess whether a risk does occur2. to ensure
that the risk aversion steps defined in the
RMMP are properly applied and3. to collect
information for the database - this is a BIG job!
140Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
141Tracking
- Definitions
- Acquiring
- Compiling
- Reporting
142Definitions
- metrics
- measure
- indicator
- trigger
- provides a warning of an impending critical event
- indicates a need to implement the RMP
- requests immediate attention to a risk
143Acquiring
- Includes all steps to collect information about
the risk measures and status indicators for
watched and mitigated risks - input to the compile phase
144CSFs for tracking data
- Status information is only as good as its
accuracy and timeliness - stale data is worse than useless
- when a group of indicators is required, all of
the data must be collected at the same time - collecting tracking data is responsibility of
person responsible for the risk
145Compiling
- Risk data is analyzed, combined, calculated,
organized for the tracking of the risk and its
associated Risk Mitigation Plan
146CSFs for the Report
- What information needs to be reported?
- What results are desired from the report?
- Does the reports format match the desired
outcome?
147Reporting
- Status information is reported to the decision
makers, team members - verbal reporting
- written reports
- formal presentations
148Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
149.2 Risk Audits
- Formal checks by management to ensure that proper
risking is occurring
150Controlling
- Analyzing
- Deciding
- Executing
1511 Analyzing
- Uses tracking data to examine risks for trends,
deviations, anomalies - Need to have a clear understanding as to the risk
picture
152Analyzing Tracking Data
- Cause and effect Analysis
- Cost-Benefit Analysis
- Mitigation Status reports
- PERT Charts
- Spreadsheet Risk Tracking
- Stoplight Chart
1532 Deciding
- There are 4 options
- 1 replan
- 2 close the risk
- 3 invoke a contingency plan
- 4 continuing tracking
1543 Executing
- Implement the control decisions
- may decide to close out the risks
155Closing Risks
- Person responsible for the risk closes it
- Personnel who either initiated the risk or
received status info from it are notified - Proper approval for closing is acquired
- If the risk is in a set, decide to close the set
or not
156- Failed mitigation plans and the reasons for their
failure - Risk relationships which were not obvious
- Successful mitigation plans and why they were
successful - Relevant analysis data (esp. cost and benefits of
the mitigation plan)
157.5 Reserve Analysis
- We compare mitigation costs against remaining
reserves
158Your Chances of Dying from
- Small pox 0
- Asteroid impact 1 in 1,960,000,000
- Winning the powerball jackpot 1 in 80,089,128
- Anthrax 1 in 55,052,999
- Black death 1 in 54,049,705
- Venomous snakes, spiders, etc 1 in 54,049,600
- Falling after collision or shoving 1 in
45,041,333 - Your IQ is higher than B Fischers 1 in
36,927,646
159Still Dyin
- Domestic highjacking 1 in 16,817,784
- Odds a coin is heads 24 times 1 in 16,777,216
- Salmonella 1 in 10,587,115
- Execution by US justice 1 in 3,622,270
- Lightning strikes 1 in 3,106,880
- Flesh-eating bacteria 1 in 1,254,488
- Airplane crash 1 in 659,779
- Royal flush 1 in 649,739
- Railway accident 1 in 524,753
160Read the last Entry ?
- Poisonous gases 1 in 494,960
- Electricity 1 in 493,153
- Falling objects 1 in 373,787
- Bad medical care 1 in 83,720
- Residential fire 1 in 83,025
- Gun shot 1 in 8,802
- Having triplets (without drugs) 1 in 8,100
- Motor vehicle accident 1 in 6,585
- Flu or pneumonia 1 in 4,107
161- Diabetes 1 in 4,009
- Unintentional injuries 1 in 2,941
- Chronic respiratory disease 1 in 2,228
- Stroke 1 in 1,658
- Odds of injuring yourself in golf 1 in 600
- Cancer 1 in 400
- Heart disease 1 in 388
- Your next meal will be at McDonalds 1 in 8