Chapter 8

1
Chapter 8 Managing Project Risk

• Information Technology Project Management

2
Chapter 8 Objectives

• ??????????????????????????????????????????????????
  
• ????? ??????????????????? (risk identification)
  ??? ?????????? ? (causes) ???????????? (effects)
  ??? ??????????????????????????????? ? ??????????
• ???????????????????????????????????????????
  (qualitative and quantitative analysis
  technique)????? ??????????????????????????????????
  ????????????? project risks.
• ?????? various risk strategies ???? ?????????
  ???????????? ?????????
• ????????????????????????????????????????
• ?????????????????????????? (risk evaluation)
  ??????????????????????????????????????????????????
  ??????????????????????????????????????????????????
  ???????????????????????????????????

3
The Baseline Project Plan is based on

• ?????????????????????????????
• ??????????????????????
• ??????????????????????
• ????????
• Estimates are really forecasts or predictions
• Uncertainty is highest at the beginning of the
  project because we dont all the information we
  would like to have
• Sometimes things happen that are out of our
  control
• ?????? ??????????????????????????????????? 100
  ??????????????????????????????????????????????????
  ???? ? ??????????????????????? ???????? ???? ?
  ?????? ???????????????????????????????????????????
  ?????????

4
The Importance of Project Risk Management

• ????????????????????????????? (Project risk
  management) ?????????????????????????????
  (identifying), ????????????? (assigning),
  ????????????? (responding) ???????????????????????
  ????????????? ? ??? ??????????????????????????????
  ??????????? project objectives
• ??????????????????????????????????????????????????
  ????????????????????????????????????
  ????????????????????????? ????????????????????????
  ???????????????? (realistic estimates)
• ??????????????????????????????? IT projects
• ?????????????? KPMG ????? 55 ????????????????????
  ???????????????????????????????

5
What is Risk?

• ???????????????????????????????????
  ????????????????????????????????????????????
  (the possibility of loss or injury)
• ??????????????????????????????????????????????????
  ???????????? ? ???????????????????????????????????
  ???? ??????????????????????????????????????????
• ????????????????????????????????? ?????????????
  ?????????????????

6
The Risk Formula
7
Tolerance for Risk

• ??????????????????? ???? ??????????????????????
  (Risk avoider)
• ?????????????? ? ????????????? (Risk neutral)
• ??????????????????? (Risk lover)

8
Risk Management Focus

• ????? (The Future)
• ???????????????????????? (Known unknowns)
• Proactive management ?????????????????????????????
  ????
• ??????????????????????????? (Complete
  uncertainty)
• ??????????????????????????? (Relative
  uncertainty)
• ???????????????????????? (Complete certainty)

9

• The alternative to proactive management is
  reactive management, also called crisis
  management. This requires significantly more
  resources and takes longer for problems to
  surface.

10
Risk Management

• ??????????????????????????????????????????????
• ?????????? ??????????????????????????????
  schedule risk management ??? costs risk
  management
• ??????????? ????????? technological risk
  management
• ????????????????????????????????????
• ??????????????????????????????? (risk of
  obsolescence)

11
Risk Utility (?????????????????????)Risk
Tolerance (???????? (???????????????)?????????????

• Risk utility ???? risk tolerance ???
  ???????????????????????????????????????????
  potential payoff
• ??????????????? Utility ??????????????????????????
  ???????????????
• ?????????? risk-seeking ???? tolerance
  (????????)???????????????? risk
  ??????????????????????????????????????????????????
  ??????????
• ?????????? risk-neutral ???????????????????????
  risk ??? payoff

???????????????????
12
Risk Management Processes

• Goal ??? project risk management ??? ?????
  minimize potential risks ???????? maximizing
  potential opportunities ????????????? ?
  ??????????
• Risk management planning ????????????????????????
  ??????????????????????????????????????????????????
  ????????????
• Risk identification ?????????????????????????????
  ?????????????????????????????????(characteristic)?
  ???????????????? ? ?????????????
• Qualitative risk analysis ???????????????????????
  ?????????????? ? ?????????????????????????????????
  ???????? project objectives
• Quantitative risk analysis ?????????????????
  (probability) ?????????? ?????????????
• Risk response planning ??????????????????????????
  ???????????????????????project objectives
• Risk monitoring and control ?????????????????????
  ????? ???????????????????? ???????????? ???
  ???????????????????? risk reduction

13
Risk Management Planning

• ???????????????????????????????????????? (risk
  management planning) ??? ?????????????????????????
  
• Project team ????????? project documents
  ??????????????????????????????????????????????????
  ??????????????
• ????????????????????????????????????????????????

14
Questions addressed in a Risk Management Plan
15
Common Mistakes in Managing Project Risk

• ??????????????????????????????????????????????????
  
• ????????????????????????????????????????????
• ??????????????????????????????????????????????????
  ????? (Standardized Approach)

16
Effective and successful project risk management
requires

• ?????????????? stakeholder ???????
• ????????????? Stakeholder
• ???????????????????????????? (????????????????????
  ???????????? ?)
• ??????????????????????????????????????????????????
  ???

17
PMBOK Processes of Risk Management

• ????????????????????????? (Risk Management
  Planning)
• ??????????????????? (Risk Identification)
• ???????????????????????????????? (Qualitative
  Risk Analysis)
• ????????????????????????????????? (Quantitative
  Risk Analysis)
• ????????????????????????????? (Risk Response
  Planning)
• ???????????????????????????? (Risk Monitoring and
  Control)

18
 
Various Software Risks for IT Projects (source
Jones, 1994)
19
IT Project Risk Management Planning Process

• PMBOK ???????? Project Risk ??????
• ?????????????????????????????????
  (??????????????) ?????????????????????????????????
  project objectives.
• PMBOK ???????? Project Risk Management
• ??????????????????????????? ?????? ????????? ???
  ??????? ????????????????????????????????
  ????????????? ????? maximizing the probability
  and consequences of positive events ???
  minimizing the probability and consequences of
  adverse events.

20
IT Project Risk Management Process
21
IT Project Risk Management Planning Process

• Risk Planning
• ????????????????????????????????????? risk
  management ??? all project stakeholders
• ??????????? resource ?????????????????????????????
  ???????????????????
• ????????????????????
• ?????????????????????????
• ??????????????????? ?
• ????????????????????? ? ?????????????????
• Effective strategies for and responses to risk

22
IT Project Risk Management Planning Process

• ???????????????????
• ??????????????????????????????????????????????????
  ??
• ???????????????????????????????????????????????
• ????????????????????????????????
• ???????????????????????????????????
• ??????????????????????????????????????
• ?????????????????????????????????? (???????????)
  ?????????????????????????
• ????????????????????????????? (???? ????????)

23
IT Project Risk Management Planning Process

• ?????????????????? (Risk Monitoring and Control)
• ??????????????????????? (Risk Response)
• Risk Evaluation
• ????????? ?????????????
• ????????????????????????????????
• ?????????????????????????????
• ???????????????????????? (best practices)?????
  ?????????????????????????????????????????????

24
IT Project Risk Framework
25
Types of Risks (General)

• Business risks
• Insurable (pure) risk
• Direct property damage
• Indirect consequential loss
• Legal liability
• Personnel

26
Types of Risks (PMI Method)

• External unpredictable
• External predictable
• Internal non-technical
• Internal technical
• Legal

27
Risk Identification

• Risk identification ???????????????????????????
  what potential unsatisfactory outcomes are
  associated with a particular project
• ?? risk identification tool ??? technique ???????
  ????
• ?????????????? (Brainstorming)
• ????? ?????? (Delphi technique)
• ????????? (Interviewing)
• SWOT analysis

28
Identifying IT Project Risks

• Tools and Techniques
• Learning Cycles (???????????????? 4)
• Brainstorming
• Nominal Group Technique (NGT)
• Delphi Technique
• Interviewing
• Checklists
• SWOT Analysis
• Cause and Effect Diagrams
• Past Projects

29
Identifying IT Project Risks

• Nominal Group Technique (NGT)
• a. ???????????? ?????????????????????????????
• b. ???????????????????????????????????? flip
  chart ??????????????? (??????????????? ?
  ??????????????)
• c. ?????????? discus ??? ?????????????????????????
  ????????
• d. ???????????????????????????????????????????????
  ?????? ? ????????????
• e. ??????????????? discus ?????????????
• f. ???????????????????????????????????????
• g. ???????????????????????????????

30
Example of a Risk Check List

• Funding for the project has been secured
• Funding for the project is sufficient
• Funding for the project has been approved by
  senior management
• The project team has the requisite skills to
  complete the project
• The project has adequate manpower to complete the
  project
• The project charter and project plan have been
  approved by senior
• management or the project sponsor
• The projects goal is realistic and achievable
• The projects schedule is realistic and
  achievable
• The projects scope has been clearly defined
• Processes for scope changes have been clearly
  defined

31
SWOT Analysis
32
Cause and Effect Diagram

• ???????????????????????????????????????
• ?????? main factor ???? ? ????????????????????????
  ?????????????? (???????????)
• ?????? detailed factors (??????????) ??????? main
  factors (???????????)
• Continue refining the diagram until satisfied
  that the diagram is complete.

33
Cause and Effect Diagram
34
Risk Analysis and Assessment

• Qualitative Approaches
• Expected Value probability weighted sum
• Payoff Table
• Decision Trees
• Risk Impact Table
• Tuslers risk classification scheme

35
Five Steps to Develop Payoff Tables

• ??????????????????????????????
• ??????????????????????????????
• ?????? payoff ???? ? ???????????????????
  combination.
• ??????? degree of certainty ??????? combinations
  ?????????????????????
• ???????????????? decision criterion.

36
Expected Value of a Payoff Table
Schedule Risk A Probability B Payoff (in 000s) A B Prob. Payoff
Project completed 20 days early 5 200 10
Project completed 10 days early 20 150 30
Project completed on schedule 50 100 50
Project completed 10 days late 20 -- --
Project completed 20 days late 5 (50) (3)
100 88 Expected Value
37
Decision Tree Analysis
38
Tuslers Risk Classification Scheme
39
Risk Analysis and Assessment

• Quantitative Approaches
• Discrete Probability Distributions
• Binomial
• Continuous Probability Distributions
• Normal
• PERT
• Triangular
• Simulations

40
Quantitative Risk Analysis

• ?????????????? qualitative risk analysis
  ????????????????????????????????????????????????
• ?????????????????????????????? ???????????????????
  ? ?????????? extensive quantitative risk analysis
• ????????????????????
• decision tree analysis
• simulation

41
Binomial Probability Distribution
42
Normal Distribution
43
Normal Distribution

• ???????????????????????????? mean (µ) ???
  standard deviation (?)
• ??????????????????????????????????
• ?????????????????????????? ????????????????
• ?????? 68????????????????????? 1 ? ??????????
  mean
• ?????? 95 ???????????????????????? 2 ?
  ?????????? mean
• ?????? 99 ???????????????????????? 3 ?
  ?????????? mean

44
PERT Distribution
45
PERT Distribution

• PERT distribution ??? three-point estimate ?????
  
• a ??????? optimistic estimate (??????????????????)
  
• b ??????? most likely estimate (????????????????
  ?)
• c ??????? pessimistic estimate (??????????????????
  ???)
• PERT Mean (a 4m b) / 6
• PERT Standard Deviation (b - a) / 6

46
Triangular Distribution
47
Triangular Distribution

• ??? three-point estimate ???????? PERT
  distribution ??????
• a ??????? optimistic estimate
• b ??????? most likely estimate
• c ??????? pessimistic estimate
• ????????????? mean ??? standard deviation
  ????????? PERT ???
• TRIANG Mean (a m b) / 3
• TRIANG Standard Deviation
• ((b-a)2 (m-a)(m-b)) /181/2

48
Simulations

• Monte Carlo
• ??????????????????????????????????????????????????
  ????????? ? ??????????????????????????????????????
  ???
• ????????????????????????????? ? ????
  ????????????? ? ??????????????????
• _at_risk (?????????????? Microsoft Project)
• Sensitivity Analysis
• Tornado Graph

49
Simulation

• Simulation ???????????????????????????????????????
  ????????????????????????????????????????
• Monte Carlo analysis ??? simulate
  ??????????????????????? ? ????????????????????????
  ?????????????????????????????????????
• ?????? Monte Carlo simulation ????????? 3
  estimates ??? most likely, pessimistic, and
  optimistic ???????????????? likelihood of the
  estimate ?????????????????? optimistic ??? most
  likely values

50
Risk Simulation Using _at_Risk for Microsoft Project
51
Output from Monte Carlo Simulation
52
Cumulative Probability Distribution
53
Sensitivity Analysis Using a Tornado Graph
54
Risk Strategies

• ??????????????????
• ?????????????????????????????????
• Really a threat or an opportunity?
• ???????????????????????????????????? MOV ???
  objectives ??????????
• What is the probability and impact of a risk
• ??????????????????????????? scope, schedule,
  budget, ??? quality requirements
• Can a response be made with existing resources
  and/or constraints?
• Risk Tolerances ???? preferences (???????) ???
  project stakeholders
• How much risk is tolerable?

55
Risk Strategy Alternatives

• ??????????????? (Accept or Ignore)
• Management Reserves
• Contingency Reserves
• Contingency plans
• ????????? (Avoidance)
• ??????? (Mitigate) ??????? likelihood ???/????
  impact
• ??????? ???? ??????????? (insurance)

56
Risk Response Planning

• ??????????????????????????????????
  ?????????????????????????????????
• ?????????????? ???
• Risk avoidance ???? specific threat ???? risk,
  ??????????????????????????
• Risk acceptance ?????????????????????????????????
  ??? ?
• Risk transference ??????????????????????? risk
  ?????????????????????????????
• Risk mitigation ??????????????????? risk event
  ?????????????????????????????????? (probability
  of its occurrence)

57
Risk Response Plan should include

• The project risk
• ?????????? trigger ?????????? risk
  ???????????????
• ???????? owner of the risk (????
  ??????????????????????????????????? risk ???
  ????????? ????????????? risk ?????????????????????
  ?????)
• ????????????? risk ??????????????? four basic
  risk strategies ??????????????

58
Risk Monitoring and Control

• Monitoring risks ??????? knowing their status
• Controlling risks ??????? ????? risk management
  plans ?????????????? risks occur
• Workaround ???????????????????????????? risk
  events ?????????? ?????????? contingency plans
• main outputs ??? risk monitoring ??? control ???
  corrective action, project change requests, ???
  updates to other plans

59
Risk Monitoring and Control

• ??????????????????????????????? project risk
  ??????
• Risk Audits ??????????????
• Risk Reviews ????????????????????????????
• Risk Status Meetings and Reports

60
Risk Response Control

• Risk response control ????????????????????????????
  ??????????????????????????????????????????????????
  ??? risk events
• Risks ??????????????? based on milestones
  ???????? ??? ????????????????????? risks and
  mitigation strategies
• ???????? workarounds ???? unplanned responses to
  risk events ????????????????????????? contingency
  plans

61
Project Risk Radar
Monitoring project risks is analogous to a radar
scope where threat and opportunities may present
themselves at different times
62
Risk Handling

• Assumption (retention)
• Avoidance
• Control (mitigation)
• Transfer

63
Which Method to Use?
Project ProceduralDocumentation
Guidelines
High
Low
Tolerance for Risk
64
Risk Response and Evaluation

• lessons learned ??? best practices ??????????
• ???????????? IT project risk ???????
  ??????????????????????
• ??????????????? ??????????????????????????????????
  ?????? ??? ?????????
• ????????????????????????? risk
• ??????????????????????????????????????????????????
  ?????????????
• ?????????????????????????????????? risk
  ??????????????????????????????????
• ??????????????????????????????????????????????????
  ??????????????????

65
Special Topics in Risk Management

• Prioritization of Risks
• Contingency Plans
• Results of Good Project Risk Management

66
Prioritization of Risks
TechnicalPerformanceor Quality
Schedule
Cost
First (Highest)Priority
Second Priority
ThirdPriority
67
Contingency Plans

• Contingency plans ????????????????????????????????
  ???? ??? risk ???????????????????????????????
• Fallback plans ???????????????????????????????????
  ???????????????????????????? project objectives
• Contingency reserves ???? allowances ??????????
  project sponsor ?????????????????????
  ?????????????? cost ???? schedule risk
  ??????????????????? scope ???? quality ????????

68
Results of Good Project Risk Management

• Good project risk management often goes unnoticed
• Well-run projects appear to be almost effortless
• Project managers ?????????????????????????????????
  ???????????????????????????????? well-run projects

69
???????? 8

• ????? ..