Chapter 8 Risk Analysis Management of Computer System Performance
2 Agenda Conclusion 8 Risk Analysis To understand Risk Analysis Methodologies. Objective: Students should be able: to apply the spreadsheet for risk analysis. Risk Analysis
3 The Quantification of Financial Risk During the identification process for the Business Case several methodologies were identified and discussed. Each of these formulas provided for the incorporation of variables. Risk variables consist of two elements: Project Risks – Can the project be done, etc. and Financial Risks – What will LIBOR be in 5 years? These are the elements that must be weighed to perform a risk calculation.
4 Project Risk and Variance The difference between the initial project budget and the actual spending on the project is variance. Causes of budget variance Accuracy of estimates – this is usually the biggest issue. Errors are made when getting aggressive to win the job. Inflation – Lately, this has been in check. Labor inflation is a potential problem. Availability of resources – Try to get a WebSphere Programmer. Use of overtime and Seasonal fluctuations in prices – if not accounted, can trash a budget.
5 Project Risk and Variance Risk is inherent in every project. Risk is a fundamental ingredient of opportunity. It is inherent in every project. It is the possibility, not the certainty, of bearing a loss that must be addressed. Loss could be anything from diminished quality of an end product to increased cost, missed deadlines, or project failure.
6 Project Risk and Variance Risk is not something to fear, but something to manage. Successful Project managers and their teams deal with risk by recognizing and minimizing uncertainty They do this by proactively and aggressively addressing each identified risk area and developing a mitigation for it..
7 Project Risk and Variance Risk should be continuously assessed throughout the project life cycle. Successful risk management is more than just identifying risk factors at the start of the project; Risk must be addressed and a constant assessment of risk throughout the life of the project must be undertaken. New risks are revealed during the life of a project and work continues Previously identified risks change. They become either; more or less probable or more or less severe.
8 Project Risk and Variance Ongoing risk management of a project introduces a degree of resilience to change. Proactive risk management involves identifying risks ahead of time and preventing them through reduction, transference, or avoidance. Reduce the risk. Risk reduction tries to minimize the likelihood that a risk will occur or, to minimize the impact if the risk does occur. Ex: architecting a system with strong system security so that the risk of data loss or corruption is reduced. Ex. minimizing the impact of a risk is installing an uninterruptible power supply to your hardware.
9 Project Risk and Variance Transfer the Risk. (this does not refer to giving it to the new PM when you leave.) Risk transference reduces overall risk by ensuring that it is handled by the most competent party. Ex: when a company contracts with a third-party firm to deploy software, the customer determines that contracting with an outside entity will result in fewer and less severe risks than if the customer’s own people were to do it. A company may also transfer a risk by transferring the consequences. Ex. A company may have offsite data backup and storage. Ex: A company might choose to have an application- hosting provider host its critical functionality in a more secure or proven environment.
10 Project Risk and Variance Avoid the risk. Risk avoidance tries to eliminate the risk by doing something less risky. Selecting an alternative. In the worst case this may involve canceling a project, but in other cases it could involve sacrificing some functional requirements to allow adoption of a packaged solution or avoiding unproven technology. Ex: instead of creating open Internet access for a Web- based application, the company might choose to build a virtual private network to provide greater security. Note: Canceling a project, from a business perspective may, be the correct solution.
11 Project Risk and Variance The process for Risk Management addresses the following elements: Identify risks and quantify potential damages. Determine and document risks likely to affect the project. Perform on a regular basis. Use strategies to reduce potential impact. Address both internal and external risks. This is done from both a Top down and Bottoms up budget perspective.
12 Financial Risk in IT Financial Risk is more difficult to address. Realities are that since the financial turmoil of the Carter Presidency, safe guards for the financial markets have been put into place. Predominately through the use of the Federal Reserve and various banking regulations. Though recent moves may have weakened these regulations. These regulations were put into place to attempt to control the volatility of the financial markets. Market volatility directly affects the quantification of risk in IT projects. Change the interest rates, you change Future Value, etc.
13 Financial Risk in IT One approach to this problem is to perform a series of evaluations, using a Statistical approach such as the Monte Carlo method. Each model that is executed generates an expected result. Repeat this with a sufficient frequency and you eventually develop a curve from which a valid deduction of the probabilities can be made and a recommendation can be made based on the financial calculations and parameters addressed.
14 Calculating Project Risk Risk can usually be calculated in terms of tolerance. Quantitative approaches are usually recommended over a qualitative approach. Develop Risk Scenarios and address with Teams to assess risk probability using the previous methods. What are the chances that the risk item will happen? Rank the mitigation strategies Cost the “best” mitigation strategy. Compare the cost of incurring the risk or mitigating it.
15 Summary Estimating costs and benefits require significant diligence. The more firm data that can be collected, the more accurate the results. Use a consistent methodology DCF is often a preferred method of validating a project’s worth. Identify and work with Risk. Recognize it. Mitigate it
16 Individual Paper Due Download a presentation on IT Risk Management from the Internet and Write a paper based on the presentation and other additional references. Google search engine: IT Risk Management ppt.