Chapter 10: Project risk management. In this chapter students will be able to: Understand risk and the importance of good project risk management, discuss the elements of planning risk management and the contents of a risk management plan, list common sources of risks on information technology (IT) projects,...
Chapter 10: Project Risk Management adopted from PMI’s PMBOK 2000 and Textbook : Information Technology Project Management Contents • The Importance of Project Risk Management • Project Risk Management process – – – – – – Risk management planning Risk identification Qualitative risk analysis Quantitative risk analysis Risk response planning Risk monitoring and control • Results of good project risk management Chapter 10 Typical Risk Management The Importance of Project Risk Management • Project risk management is the art and science of identifying, assigning, and responding to risk throughout the life of a project and in the best interests of meeting project objectives • Risk management is often overlooked on projects, but it can help improve project success by helping select good projects, determining project scope, and developing realistic estimates • Study by Ibbs and Kwak show how risk management is neglected, especially on IT projects • KPMG study found that 55 % of runaway projects did no risk management at all Chapter 10 What is Project Risk Management? • The goal of project risk management is to minimize potential risks while maximizing potential opportunities • Six processes include – – – – – – Risk management planning Risk identification Qualitative risk analysis Quantitative risk analysis Risk response planning Risk monitoring and control Chapter 10 planning controlling What is Project Risk Management? • Risk management planning: • deciding how to approach and plan the risk management activities for the project • • Risk identification: determining which risks are likely to affect a project and documenting their characteristics • • Qualitative risk analysis: characterizing and analyzing risks and prioritizing their effects on project objectives Quantitative risk analysis: measuring the probability and consequences of risks Risk response planning: taking steps to enhance opportunities and reduce threats to meeting project objectives Risk monitoring and control: monitoring known risks, identifying new risks, reducing risks, and evaluating the effectiveness of risk reduction Chapter 10 Risk Management Planning • 15th of 21 planning phase process • The main output of risk management planning is a risk management plan • The project team should review project documents and understand the organization’s and the sponsor’s approach to risk • The level of detail will vary with the needs of the project Chapter 10 Inputs to Risk Management Planning • Project charter: formally recognizes the existence of a project • Organization’s risk management policies: provide a predefined approach to risk analysis and response • Defined roles & responsibilities: provide authority levels for decisionmaking • Stakeholder risk tolerances: indicators of how stakeholders might react in different situations and risk events • Template for the organization’s risk management plan: proforma standard for used by the project • WBS: a deliverableoriented grouping of project elements that organized and defines the total scope of the project Tools and technique • Planning meetings – everyone responsible for planning and executing activities Output • Risk management plan – It documents procedures for managing risk throughout the project – It details identification and quantification of risk, responsibilities for managing risks, how contingency plans will be implemented, and how reserves will be allocated – other associated documents are • Contingency plan, feedback plan 10 Simulation • Simulation uses a representation or model of a system to analyze the expected behavior or performance of the system • Monte Carlo analysis simulates a model’s outcome many time to provide a statistical distribution of the calculated results • To use a Monte Carlo simulation, you must have three estimates (most likely, pessimistic, and optimistic) plus an estimate of the likelihood of the estimate being between the optimistic and most likely values Chapter 10 31 Risk Response Planning • 19th of 21 planning phase process • Involves developing options and determining actions to enhance opportunities to reduce threats to project objectives • After identifying and quantifying risk, you must decide how to respond to them Chapter 10 32 Inputs • Risk management plan It documents procedures for managing risk throughout the project • List of prioritized risk includes those grouped by ranks, WBS level, risks requiring immediate response, risk that can be handled later, and risk that affect cost, schedule, functionality and quality • Risk ranking of the project – indicates that overall risk position of a project relative to other projects by comparing risk scores • Prioritized list of quantified risks – identifies those that pose the greatest threat or opportunity to the project and proposes some means of measuring their impact 33 Inputs • • • • • • Probabilities analysis of achieving the cost and time objective – assessed under the current project plan and with the current knowledge of the project risks List of potential response – identifies specific risks or categories of risk. These list specify the actions the team will take Risk thresholds – the acceptable level of risk to the organization, which influences risk response planning Risk owners – identifies staff to provide accountabilities for managing responses Common risk causes – several risks driven by a common causes. This reveals opportunities to mitigate many risks with one response Trends in qualitative & quantitative risk analysis result become apparent as the analysis is repeated can make risk response more or less urgent and important 34 Table 108. General Risk Mitigation Strategies for Technical, Cost, and Schedule Risks Chapter 10 35 Tools and techniques • Risk avoidance: eliminating a specific threat or risk, usually by eliminating its causes • Risk acceptance: accepting the consequences should a risk occur • Risk transference: shifting the consequence of a risk and responsibility for its management to a third party • Risk mitigation: reducing the impact of a risk event by reducing the probability of its occurrence 36 Outputs • Risk response plan • Residual risks – remain after avoidance, transfer, or mitigation responses have been taken • Secondary risk – arise in direct result of implementing a risk response • Contractual agreements • Contingency reserve amounts needed • Inputs to other processes • Inputs to a revised plan 37 Risk Monitoring and Control • 8 of 8 controlling phase process • This is the process of keeping track of the identified risks, monitoring residual risk and identify new risks, ensuring the execution of risk plans, and evaluating the plans’ effectiveness in reducing risk – Monitoring risks involves knowing their status – Controlling risks involves carrying out the risk management plans as risks occur – Workarounds are unplanned responses to risk events that must be done when there are no contingency Chapter 10 plans 38 Risk Response Control • Risk response control involves executing the risk management processes and the risk management plan to respond to risk events • Risks must be monitored based on defined milestones and decisions made regarding risks and mitigation strategies • Sometimes workarounds or unplanned responses to risk events are needed when there are no contingency plans Chapter 10 39 Using Software to Assist in Project Risk Management • Databases can keep track of risks. Many IT departments have issue tracking databases • Spreadsheets can aid in tracking and quantifying risks • More sophisticated risk management software, such as Monte Carlo simulation tools, help in analyzing project risks Chapter 10 40 Results of Good Project Risk Management • Unlike crisis management, good project risk management often goes unnoticed • Wellrun projects appear to be almost effortless, but a lot of work goes into running a project well • Project managers should strive to make their jobs look easy to reflect the results of wellrun projects Chapter 10 41 Outputs • The main outputs of risk monitoring and control are corrective action, project change requests, and updates to other plans – Corrective action: This encompasses anything that brings your expected performance back in line with the project plan. At this stage, it involves carrying out either your contingency plan or workaround – Project change requests: Implementing a contingency plan or workaround frequently requires changing the risk responses described in the project plan. Know the process flow and feedback loop 42 Outputs (2) – Updates to risk response plan: Document the risks that occur. Risks that don't occur should also be noted and closed out in the risk response plan. It's important to keep this uptodate, and it becomes a permanent addition to project records, eventually feeding into lessons learned – Workaround plans – Risk database – Updates to risk identification checklists 43 Summary • Project Risk Management – is the art and science of identifying, assigning, and responding to risk • Project Risk Management process – Risk management planning: deciding how to approach and plan the risk management activities for the project – Risk identification: determining which risks are likely to affect a project and documenting their characteristics – Qualitative risk analysis: characterizing and analyzing risks and prioritizing their effects on project objectives – Quantitative risk analysis: measuring the probability and consequences of risks – Risk response planning: taking steps to enhance opportunities and reduce threats to meeting project objectives – Risk monitoring and control: monitoring known risks, identifying new risks, reducing risks, and evaluating the 44 effectiveness of risk reduction Summary 2 • Tools – – – – – charts risk item tracking expert judgment decision trees expected monetary value (EMV) • Using software to assist project risk management – database, simulation, Monte Carlo • Results of good project risk management – unusually unnotice, look easy but require a lot of good risk management 45 ... Risk response planning Risk monitoring and control • Results of good project risk management Chapter 10 Typical Risk Management The Importance of Project Risk Management • Project risk management is the art and science of ... The Importance of Project Risk Management • Project Risk Management process – – – – – – Risk management planning Risk identification Qualitative risk analysis Quantitative risk analysis Risk response planning... KPMG study found that 55 % of runaway projects did no risk management at all Chapter 10 What is Project Risk Management? • The goal of project risk management is to minimize potential risks while maximizing