Introduction to Project Management Chapter 9 Managing Project Risk Information Systems Project Management: A Process and Team Approach, 1e Fuller/Valacich/George © 2008 Prentice Hall

Project Risk “…an uncertain event or condition that, if it occurs, has a positive or a negative effect on a project objective.” © 2008 Prentice Hall

Information Systems Associated Risks Technology and project management related Positive Availability of new project management tools Negative Rate of change in technologies Upgrades and new releases Assumptions computer-generated output is always correct Formation of teams © 2008 Prentice Hall

Risk & Project Life Cycle Initiation stage Identification and selection of specific projects Inside or outside of organization’s core competencies Planning stage Procurement Unreliability of new technology delivery timeframe Development of accurate project schedule © 2008 Prentice Hall

Risk & Project Life Cycle (cont.) Execution stage Missed scheduled delivery date Technology upgrades Control stage Implementation of risk plan Modification of project schedule Closing stage Acceptance of project as finished © 2008 Prentice Hall

Project Risk Statistics © 2008 Prentice Hall

Project Risk Examples New or different project management methodologies Different: Cultures Organization structures Human resources © 2008 Prentice Hall

General Categories of IS Project Risk Ongoing changes to technology Finding, assigning, and retaining skilled personnel Gaining user acceptance Choosing the correct development methodology © 2008 Prentice Hall

Outsourcing / Offshoring Positives: Expanded skill set availability Cheaper labor Reduced requirements for non-core competencies Negatives: Internal resistance Possible solutions to reduce risk: Ensure strong upper management support Select the right personnel Involve managers early in the outsourcing process Educate and reassure internal employees © 2008 Prentice Hall

Outsourcing / Offshoring (cont.) Negatives (cont.): Increased security and privacy concerns Possible solutions to reduce risk: Increase physical security measures Use software event logging and monitoring tools Intrusion detection systems and firewalls Encryption hardware/software © 2008 Prentice Hall

Top Five Software Project Risks Lack of top management commitment to the project Failure to gain user commitment Misunderstanding the requirements Lack of adequate user involvement Failure to manage end user expectations © 2008 Prentice Hall

Risk Management Planning A systematic approach to planning the risk management activities of a given project © 2008 Prentice Hall

Risk Management Planning – Inputs Enterprise environmental factors Attitudes toward risk and risk tolerance Organizational process assets Processes in place to handle risk Project scope statement Defining the project Project management plan Project summary document © 2008 Prentice Hall

PMBOK Required Inputs, Tools, and Techniques Used, and Resulting Outputs During Risk Management © 2008 Prentice Hall

Risk Management Planning – Tools & Techniques Risk planning meetings Senior managers, project team leaders, stakeholders, project members with decision-making responsibilities Development of specific risk management plans Inclusion of risk-related items in budget and schedule Creation of risk management templates © 2008 Prentice Hall

Risk Management Planning – Outputs Methodology or approach to risk management Roles and responsibilities of project members Risk management budget Integration of risk management activities into project life cycle Scoring and interpretation of risk analysis Risk thresholds Reporting formats Tracking © 2008 Prentice Hall

Risk Identification The process of identifying potential risks to a project and documenting them © 2008 Prentice Hall

PMBOK Required Inputs, Tools and Techniques Used, and Resulting Outputs During Risk Identification © 2008 Prentice Hall

Risk Identification – Inputs Enterprise environmental factors Organizational process assets Project scope statement Project management plan Risk management plan © 2008 Prentice Hall

Risk Categories Defined in a Risk Register A formal recording of all project risks, explaining the nature of the risk and management of the risk © 2008 Prentice Hall

Risks © 2008 Prentice Hall

Risk Identification – Tools & Techniques Documentation reviews The review of organizational information to aid during risk identification May include: Project profiles (previous project information and related lessons learned) Published information Articles/studies/benchmarking information © 2008 Prentice Hall

Risk Identification – Tools & Techniques (cont.) Information gathering techniques Brainstorming Delphi technique Interviewing Strengths, weaknesses, opportunities, and threats (SWOT) Checklists © 2008 Prentice Hall

Risk Identification – Tools & Techniques (cont.) Diagramming techniques Cause and effect (Fishbone) System or process flowcharts Influence diagrams © 2008 Prentice Hall

Risk Identification – Output © 2008 Prentice Hall

Qualitative Risk Analysis Establishment of probabilities regarding both the impact and likelihood of specific risk occurrences © 2008 Prentice Hall

PMBOK Required Inputs, Tools and Techniques Used, and Resulting Outputs During Qualitative Risk Analysis © 2008 Prentice Hall

Qualitative Risk Analysis – Inputs Organizational process assets Project scope statement Risk management plan Risk register © 2008 Prentice Hall

Qualitative Risk Analysis – Tools & Techniques Risk probability and impact assessment Probability/impact risk rating matrix Risk data quality assessment Risk categorization Risk urgency assessment © 2008 Prentice Hall

Probability/Impact Risk Rating Matrix A technique used to analyze project risk in terms of its probability of occurrence and its impact on project outcomes © 2008 Prentice Hall

Risk Data Quality Assessment Assessment of the quality of the data used to assess risk May include: Extent to which a risk is understood Available risk data Data quality Data integrity and reliability © 2008 Prentice Hall

Qualitative Risk Analysis – Outputs Updated risk register © 2008 Prentice Hall

Quantitative Risk Analysis Analysis of the probability of occurrence and impact of risk on project objectives using numerical techniques © 2008 Prentice Hall

Required Inputs, Tools and Techniques Used, and Resulting Outputs During Quantitative Risk Analysis © 2008 Prentice Hall

Quantitative Risk Analysis – Inputs Organization process assets Project scope statement Risk management plan Risk register Project management plan © 2008 Prentice Hall

Quantitative Risk Analysis – Tools & Techniques Data gathering through interviewing Quantitative procedures Sensitivity analysis Technique used to examine the potential impact of specific risks to a project (Tornado analysis) Decision tree analysis Diagramming technique used to evaluate courses of action in terms of their potential cost and benefits relative to other courses of action © 2008 Prentice Hall

Quantitative Risk Analysis – Tools & Techniques (cont.) Expected monetary value analysis (EMV) Statistical technique which captures the average value of potential projects by analyzing the likelihood of possible project outcomes as well as each outcome’s financial consequences Simulation Statistical technique where what-if analyzes are run to determine the impact of a given situation on a project objective (Monte Carlo) © 2008 Prentice Hall

Tornado Analysis © 2008 Prentice Hall

Expected Monetary Value + Decision Tree Analysis © 2008 Prentice Hall

Quantitative Risk Analysis – Outputs Updated risk register © 2008 Prentice Hall

Risk Response Planning The process of developing methods for responding to project risks © 2008 Prentice Hall

Required Inputs, Tools and Techniques Used, and Resulting Outputs During Risk Response Planning © 2008 Prentice Hall

Risk Response Planning – Inputs Risk management plan Risk register © 2008 Prentice Hall

Risk Response Planning – Tools & Techniques Avoidance Identified risks are avoided through a different course of action Transference Transfer of risk to another party through the use of contracts Mitigation Steps are taken to reduce the occurrence or impact of stated risks Acceptance Risks are accepted and contingency strategies are planned © 2008 Prentice Hall

Risk Response Planning – Outputs Updates to: Risk register Project management plan Risk-related contractual agreements © 2008 Prentice Hall

Risk Response Plan Contents (Project Management Institute) Any risks that have been identified along with a description and the areas and objectives the identified risk may affect The roles and responsibilities of any risk owners Qualitative and quantitative risk analysis results as well as any trends identified during either of these processes A description of the risk response strategies including avoidance, transference, mitigation, and acceptance, and the risk that the strategies will be applied to An acknowledgement of any residual risk projected to remain after any risk response strategies have been applied A list of actions to be used to implement the risk response strategies Budget and schedule information in terms of risk response Any contingency plans used as part of an active response to accept risks © 2008 Prentice Hall

Additional Risk Terms Residual risks Secondary risks Any risks remaining after risk response strategies have been applied Secondary risks Any risks resulting from the application of a risk response strategy Contractual agreements Any contracts for the purpose of risk transference during the project © 2008 Prentice Hall

Risk Monitoring & Control The process of monitoring identified risks for change and controlling those changes © 2008 Prentice Hall

PMBOK Required Inputs, Tools and Techniques Used, and Resulting Outputs During Risk Monitoring and Control © 2008 Prentice Hall

Questions? © 2008 Prentice Hall