Scribd
Upload
78 views50 pages

IS Project Risk Management

This document provides an overview of project risk management. It defines risk and discusses types of risks associated with information systems projects. It describes how risks should be managed throughout the different stages of the project life cycle. Various tools for risk identification, qualitative analysis, and quantitative analysis are presented. The key outputs of risk planning, identification, and analysis are also summarized.

Uploaded by

anabaseva92
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
78 views50 pages

IS Project Risk Management

This document provides an overview of project risk management. It defines risk and discusses types of risks associated with information systems projects. It describes how risks should be managed throughout the different stages of the project life cycle. Various tools for risk identification, qualitative analysis, and quantitative analysis are presented. The key outputs of risk planning, identification, and analysis are also summarized.

Uploaded by

anabaseva92
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 50

Introduction to Project

Management

Chapter 9
Managing Project Risk

Information Systems Project Management: A Process and Team Approach, 1e


Fuller/Valacich/George

© 2008 Prentice Hall 9-1


Project Risk

• “…an uncertain event or condition that, if it


occurs, has a positive or a negative effect on a
project objective.”

© 2008 Prentice Hall 9-2


Information Systems
Associated Risks
• Technology and project management related
– Positive
• Availability of new project management tools
– Negative
• Rate of change in technologies
– Upgrades and new releases
• Assumptions computer-generated output is always correct
• Formation of teams

© 2008 Prentice Hall 9-3


Risk & Project Life Cycle

• Initiation stage
– Identification and selection of specific projects
• Inside or outside of organization’s core competencies

• Planning stage
– Procurement
• Unreliability of new technology delivery timeframe
• Development of accurate project schedule

© 2008 Prentice Hall 9-4


Risk & Project Life Cycle (cont.)
• Execution stage
– Missed scheduled delivery date
– Technology upgrades

• Control stage
– Implementation of risk plan
– Modification of project schedule

• Closing stage
– Acceptance of project as finished

© 2008 Prentice Hall 9-5


Project Risk Statistics

© 2008 Prentice Hall 9-6


Project Risk Examples

• New or different project management


methodologies

• Different:
– Cultures
– Organization structures
– Human resources

© 2008 Prentice Hall 9-7


General Categories of
IS Project Risk

• Ongoing changes to technology

• Finding, assigning, and retaining skilled


personnel

• Gaining user acceptance

• Choosing the correct development methodology

© 2008 Prentice Hall 9-8


Outsourcing / Offshoring
• Positives:
– Expanded skill set availability
– Cheaper labor
– Reduced requirements for non-core competencies

• Negatives:
– Internal resistance
• Possible solutions to reduce risk:
– Ensure strong upper management support
– Select the right personnel
– Involve managers early in the outsourcing process
– Educate and reassure internal employees

© 2008 Prentice Hall 9-9


Outsourcing / Offshoring (cont.)

• Negatives (cont.):
– Increased security and privacy concerns
• Possible solutions to reduce risk:
– Increase physical security measures
– Use software event logging and monitoring tools
– Intrusion detection systems and firewalls
– Encryption hardware/software

© 2008 Prentice Hall 9-10


Top Five Software Project Risks

• Lack of top management commitment to the


project

• Failure to gain user commitment

• Misunderstanding the requirements

• Lack of adequate user involvement

• Failure to manage end user expectations

© 2008 Prentice Hall 9-11


Risk Management Planning
• A systematic approach to planning the risk
management activities of a given project

© 2008 Prentice Hall 9-12


Risk Management Planning – Inputs
• Enterprise environmental factors
– Attitudes toward risk and risk tolerance

• Organizational process assets


– Processes in place to handle risk

• Project scope statement


– Defining the project

• Project management plan


– Project summary document
© 2008 Prentice Hall 9-13
PMBOK
Required Inputs, Tools, and Techniques
Used, and Resulting Outputs During Risk
Management

© 2008 Prentice Hall 9-14


Risk Management Planning –
Tools & Techniques
• Risk planning meetings
– Senior managers, project team leaders, stakeholders,
project members with decision-making responsibilities
– Development of specific risk management plans
– Inclusion of risk-related items in budget and schedule
– Creation of risk management templates

© 2008 Prentice Hall 9-15


Risk Management Planning – Outputs

• Risk Management Plan


– Methodology or approach to risk management
– Roles and responsibilities of project members
– Risk management budget
– Integration of risk management activities into project
life cycle
– Scoring and interpretation of risk analysis
– Risk thresholds
– Reporting formats
– Tracking
© 2008 Prentice Hall 9-16
Risk Identification

• The process of identifying potential risks to a


project and documenting them

© 2008 Prentice Hall 9-17


PMBOK
Required Inputs, Tools and Techniques Used,
and Resulting Outputs During Risk Identification

© 2008 Prentice Hall 9-18


Risk Identification – Inputs

• Enterprise environmental factors

• Organizational process assets

• Project scope statement

• Project management plan

• Risk management plan

© 2008 Prentice Hall 9-19


Risk Categories

• Defined in a Risk Register


– A formal recording of all project risks, explaining the
nature of the risk and management of the risk

© 2008 Prentice Hall 9-20


Risks

© 2008 Prentice Hall 9-21


Risk Identification –
Tools & Techniques
• Documentation reviews
– The review of organizational information to aid during
risk identification
• May include:
– Project profiles (previous project information and related
lessons learned)
– Published information
» Articles/studies/benchmarking information

© 2008 Prentice Hall 9-22


Risk Identification –
Tools & Techniques (cont.)
• Information gathering techniques
– Brainstorming
– Delphi technique
– Interviewing
– Strengths, weaknesses, opportunities, and threats
(SWOT)
– Checklists

© 2008 Prentice Hall 9-23


Risk Identification –
Tools & Techniques (cont.)
– Diagramming techniques
• Cause and effect (Fishbone)
• System or process flowcharts
• Influence diagrams

© 2008 Prentice Hall 9-24


Risk Identification – Output

© 2008 Prentice Hall 9-25


Qualitative Risk Analysis

• Establishment of probabilities regarding both the


impact and likelihood of specific risk occurrences

© 2008 Prentice Hall 9-26


PMBOK
Required Inputs, Tools and Techniques
Used, and Resulting Outputs During
Qualitative Risk Analysis

© 2008 Prentice Hall 9-27


Qualitative Risk Analysis – Inputs

• Organizational process assets

• Project scope statement

• Risk management plan

• Risk register

© 2008 Prentice Hall 9-28


Qualitative Risk Analysis –
Tools & Techniques
• Risk probability and impact assessment

• Probability/impact risk rating matrix

• Risk data quality assessment

• Risk categorization

• Risk urgency assessment

© 2008 Prentice Hall 9-29


Probability/Impact
Risk Rating Matrix
• A technique used to analyze project risk in terms
of its probability of occurrence and its impact on
project outcomes

© 2008 Prentice Hall 9-30


Risk Data Quality Assessment

• Assessment of the quality of the data used to


assess risk

• May include:
• Extent to which a risk is understood
• Available risk data
• Data quality
• Data integrity and reliability

© 2008 Prentice Hall 9-31


Qualitative Risk Analysis – Outputs

• Updated risk register

© 2008 Prentice Hall 9-32


Quantitative Risk Analysis

• Analysis of the probability of occurrence and


impact of risk on project objectives using
numerical techniques

© 2008 Prentice Hall 9-33


Required Inputs, Tools and Techniques
Used, and Resulting Outputs During
Quantitative Risk Analysis

© 2008 Prentice Hall 9-34


Quantitative Risk Analysis – Inputs

• Organization process assets

• Project scope statement

• Risk management plan

• Risk register

• Project management plan

© 2008 Prentice Hall 9-35


Quantitative Risk Analysis –
Tools & Techniques
• Data gathering through interviewing

• Quantitative procedures
– Sensitivity analysis
• Technique used to examine the potential impact of specific
risks to a project (Tornado analysis)
– Decision tree analysis
• Diagramming technique used to evaluate courses of action in
terms of their potential cost and benefits relative to other
courses of action

© 2008 Prentice Hall 9-36


Quantitative Risk Analysis –
Tools & Techniques (cont.)
– Expected monetary value analysis (EMV)
• Statistical technique which captures the average value of
potential projects by analyzing the likelihood of possible
project outcomes as well as each outcome’s financial
consequences
– Simulation
• Statistical technique where what-if analyzes are run to
determine the impact of a given situation on a project
objective (Monte Carlo)

© 2008 Prentice Hall 9-37


Tornado Analysis

© 2008 Prentice Hall 9-38


Expected Monetary Value +
Decision Tree Analysis

© 2008 Prentice Hall 9-39


Quantitative Risk Analysis – Outputs

• Updated risk register

© 2008 Prentice Hall 9-40


Risk Response Planning
• The process of developing methods for
responding to project risks

© 2008 Prentice Hall 9-41


Required Inputs, Tools and Techniques
Used, and Resulting Outputs During Risk
Response Planning

© 2008 Prentice Hall 9-42


Risk Response Planning – Inputs

• Risk management plan

• Risk register

© 2008 Prentice Hall 9-43


Risk Response Planning –
Tools & Techniques
• Avoidance
– Identified risks are avoided through a different course
of action
• Transference
– Transfer of risk to another party through the use of
contracts
• Mitigation
– Steps are taken to reduce the occurrence or impact of
stated risks
• Acceptance
– Risks are accepted and contingency strategies are
planned
© 2008 Prentice Hall 9-44
Risk Response Planning – Outputs

• Updates to:
– Risk register
– Project management plan
– Risk-related contractual agreements

© 2008 Prentice Hall 9-45


Risk Response Plan Contents
(Project Management Institute)
• Any risks that have been identified along with a description and the
areas and objectives the identified risk may affect
• The roles and responsibilities of any risk owners
• Qualitative and quantitative risk analysis results as well as any
trends identified during either of these processes
• A description of the risk response strategies including avoidance,
transference, mitigation, and acceptance, and the risk that the
strategies will be applied to
• An acknowledgement of any residual risk projected to remain after
any risk response strategies have been applied
• A list of actions to be used to implement the risk response strategies
• Budget and schedule information in terms of risk response
• Any contingency plans used as part of an active response to accept
risks
© 2008 Prentice Hall 9-46
Additional Risk Terms

• Residual risks
– Any risks remaining after risk response strategies
have been applied

• Secondary risks
– Any risks resulting from the application of a risk
response strategy

• Contractual agreements
– Any contracts for the purpose of risk transference
during the project
© 2008 Prentice Hall 9-47
Risk Monitoring & Control

• The process of monitoring identified risks for


change and controlling those changes

© 2008 Prentice Hall 9-48


PMBOK Required Inputs, Tools and
Techniques Used, and Resulting Outputs
During Risk Monitoring and Control

© 2008 Prentice Hall 9-49


Questions?

© 2008 Prentice Hall 9-50

You might also like