1. Topic 8- 1ICT 327 Management of IT ProjectsSemester 1, 2004 Topic 8 Risk & Procurement Management Schwalbe: Chapters 11, 12

2. Topic 8- 2ICT 327 Management of IT ProjectsSemester 1, 2004 Learning Objectives At the end of this topic, you should be able to: Define risk and the importance of good project risk management List the elements involved in risk management planning List common sources of risks on information technology projects Describe the risk identification process and tools and techniques to help identify project risks Discuss the qualitative risk analysis process and explain how to calculate risk factors, use probability/impact matrixes, the Top Ten Risk Item Tracking technique, and expert judgment to rank risks

3. Topic 8- 3ICT 327 Management of IT ProjectsSemester 1, 2004 Learning Objectives At the end of this topic, you should be able to: Explain the quantify risk analysis process and how to use decision trees and simulation to quantitative risks Provide examples of using different risk response planning strategies such as risk avoidance, acceptance, transference, and mitigation Discuss what is involved in risk monitoring and control Describe how software can assist in project risk management Explain the results of good project risk management

4. Topic 8- 4ICT 327 Management of IT ProjectsSemester 1, 2004 Why is Project Risk Management important? It is the art and science of identifying, assigning, and responding to risk throughout the life of a project and in the best interests of meeting project objectives Risk management is often overlooked on projects, but it can help improve project success by helping select good projects, determining project scope, and developing realistic estimates Risk management is often neglected, especially on IT projects (Ibbs and Kwak) 55 percent of runaway projects did no risk management at all (KPMG)

5. Topic 8- 5ICT 327 Management of IT ProjectsSemester 1, 2004 Project Management Maturity by Industry Group and Knowledge Area

6. Topic 8- 6ICT 327 Management of IT ProjectsSemester 1, 2004 What is Risk? A dictionary definition of risk is “the possibility of loss or injury” Project risk involves understanding potential problems that might occur on the project and how they might impede project success Risk management is like a form of insurance; it is an investment

7. Topic 8- 7ICT 327 Management of IT ProjectsSemester 1, 2004 Example risk: It might rain How do you manage that risk? Take a chance? Take an umbrella? Jacket? Drive? Does it matter if you get wet? If not, then do nothing.

8. Topic 8- 8ICT 327 Management of IT ProjectsSemester 1, 2004 Anatomy of a risk Likelihood of it occurring Impact if it does e.g. something could be very likely, but low impact.

9. Topic 8- 9ICT 327 Management of IT ProjectsSemester 1, 2004 Risk of rain in Perth Project: Outdoor picnic Likely? (probability) Impact Mitigation UnlikelyJan High July J Likely High Rating M H Don’t hold event or hold indoors Backup location

10. Topic 8- 10ICT 327 Management of IT ProjectsSemester 1, 2004 Risk Utility Risk utility or risk tolerance is the amount of satisfaction or pleasure received from a potential payoff Utility rises at a decreasing rate for a person who is risk-averse Those who are risk-seeking have a higher tolerance for risk and their satisfaction increases when more payoff is at stake The risk-neutral approach achieves a balance between risk and payoff

11. Topic 8- 11ICT 327 Management of IT ProjectsSemester 1, 2004 Risk Processes Risk Management Planning Risk Identification Qualitative Risk Analysis Risk Response Planning Risk monitoring and control

12. Topic 8- 12ICT 327 Management of IT ProjectsSemester 1, 2004 Question Are you: risk-averse (conservative) risk-neutral, or risk-seeking in relation to: finances (investment) food recreation activities

13. Topic 8- 13ICT 327 Management of IT ProjectsSemester 1, 2004 Risk Utility Function and Risk Preference

14. Topic 8- 14ICT 327 Management of IT ProjectsSemester 1, 2004 What is Project Risk Management? The goal of project risk management is to minimize potential risks while maximizing potential opportunities. Example 1: an opportunity may exist to expand into another country, but the risk of failure is very high. How is this risk managed? Example 2: Possible to deliver system both on web and hand-held. Hand-held is more difficult, is it worth the risk of failure?

15. Topic 8- 15ICT 327 Management of IT ProjectsSemester 1, 2004 Processes Risk management planning: deciding how to approach and plan the risk management activities for the project Risk identification: determining which risks are likely to affect a project and documenting their characteristics Qualitative risk analysis: characterizing and analyzing risks and prioritizing their effects on project objectives Quantitative risk analysis: measuring the probability and consequences of risks Risk response planning: taking steps to enhance opportunities and reduce threats to meeting project objectives Risk monitoring and control: monitoring known risks, identifying new risks, reducing risks, and evaluating the effectiveness of risk reduction

16. Topic 8- 16ICT 327 Management of IT ProjectsSemester 1, 2004 Risk Management Planning The main output of risk management planning is a risk management plan The project team should review project documents and understand the organization’s and the sponsor’s approach to risk The level of detail will vary with the needs of the project

17. Topic 8- 17ICT 327 Management of IT ProjectsSemester 1, 2004 Questions Addressed in a Risk Management Plan

18. Topic 8- 18ICT 327 Management of IT ProjectsSemester 1, 2004 Contingency & Fallback Plans, Contingency Reserves Contingency plans: predefined actions that the project team will take if an identified risk event occurs Fallback plans: developed for risks that have a high impact on meeting project objectives Contingency reserves or allowances: provisions held by the project sponsor that can be used to mitigate cost or schedule risk if changes in scope or quality occur

19. Topic 8- 19ICT 327 Management of IT ProjectsSemester 1, 2004 Common Sources of Risk on Information Technology Projects Several studies show that IT projects share some common sources of risk The Standish Group developed an IT success potential scoring sheet based on potential risks McFarlan developed a risk questionnaire to help assess risk Other broad categories of risk help identify potential risks

20. Topic 8- 20ICT 327 Management of IT ProjectsSemester 1, 2004 Information Technology Success Potential Scoring Sheet

21. McFarlan’s Risk Questionnaire Elapsed Time Effort in days Extra hardware # Business areas

22. Topic 8- 22ICT 327 Management of IT ProjectsSemester 1, 2004 Other Categories of Risk Market risk: Will the new product be useful to the organization or marketable to others? Will users accept and use the product or service? Financial risk: Can the organization afford to undertake the project? Is this project the best way to use the company’s financial resources? Technology risk: Is the project technically feasible? Could the technology be obsolete before a useful product can be produced?

23. Topic 8- 23ICT 327 Management of IT ProjectsSemester 1, 2004 What Went Wrong? Many information technology projects fail because of technology risk. One project manager learned an important lesson on a large IT project: focus on business needs first, not technology. David Anderson, a project manager for Kaman Sciences Corp., shared his experience from a project failure in an article for CIO Enterprise Magazine. After spending two years and several hundred thousand dollars on a project to provide new client/server-based financial and human resources information systems for their company, Anderson and his team finally admitted they had a failure on their hands. Anderson revealed that he had been too enamored of the use of cutting-edge technology and had taken a high-risk approach on the project. He "ramrodded through" what the project team was going to do and then admitted that he was wrong. The company finally decided to switch to a more stable technology to meet the business needs of the company. Hildebrand, Carol. “If At First You Don’t Succeed,” CIO Enterprise Magazine, April 15, 1998

24. Topic 8- 24ICT 327 Management of IT ProjectsSemester 1, 2004 Risk Identification Risk identification is the process of understanding what potential unsatisfactory outcomes are associated with a particular project Several risk identification tools and techniques include Brainstorming The Delphi technique Interviewing SWOT analysis

25. Potential Risk Conditions Associated with Each Knowledge Area

26. Topic 8- 26ICT 327 Management of IT ProjectsSemester 1, 2004 Quantitative Risk Analysis Assess the likelihood and impact of identified risks to determine their magnitude and priority Risk quantification tools and techniques include Probability/Impact matrixes The Top 10 Risk Item Tracking technique Expert judgment

27. Topic 8- 27ICT 327 Management of IT ProjectsSemester 1, 2004 Sample Probability/Impact Matrix

28. Sample Probability/Impact Matrix for Qualitative Risk Assessment

29. Topic 8- 29ICT 327 Management of IT ProjectsSemester 1, 2004 Chart Showing High-, Medium-, & Low-Risk Technologies

30. Topic 8- 30ICT 327 Management of IT ProjectsSemester 1, 2004 Top 10 Risk Item Tracking Similar to the 10 ten songs for the week/month. Top 10 Risk Item Tracking: is a tool for maintaining an awareness of risk throughout the life of a project Steps: 1.Establish a periodic review of the top 10 project risk items 2.List the current ranking, previous ranking, number of times the risk appears on the list over a period of time, and a summary of progress made in resolving the risk item

31. Topic 8- 31ICT 327 Management of IT ProjectsSemester 1, 2004 Example of Top 10 Risk Item Tracking

32. Topic 8- 32ICT 327 Management of IT ProjectsSemester 1, 2004 Expert Judgment Many organizations rely on the intuitive feelings and past experience of experts to help identify potential project risks Experts can categorize risks as high, medium, or low with or without more sophisticated techniques

33. Topic 8- 33ICT 327 Management of IT ProjectsSemester 1, 2004 Quantitative Risk Analysis Often follows qualitative risk analysis, but both can be done together or separately Large, complex projects involving leading edge technologies often require extensive quantitative risk analysis Main techniques include decision tree analysis simulation

34. Topic 8- 34ICT 327 Management of IT ProjectsSemester 1, 2004 Decision Trees & Expected Monetary Value (EMV) A decision tree is a diagramming method used to help you select the best course of action in situations in which future outcomes are uncertain EMV is a type of decision tree where you calculate the expected monetary value of a decision based on its risk event probability and monetary value

35. Topic 8- 35ICT 327 Management of IT ProjectsSemester 1, 2004 Expected Monetary Value (EMV) Example

36. Topic 8- 36ICT 327 Management of IT ProjectsSemester 1, 2004 Simulation Simulation uses a representation or model of a system to analyze the expected behavior or performance of the system Monte Carlo analysis simulates a model’s outcome many times to provide a statistical distribution of the calculated results To use a Monte Carlo simulation, you must have three estimates (most likely, pessimistic, and optimistic) plus an estimate of the likelihood of the estimate being between the optimistic and most likely values

37. Topic 8- 37ICT 327 Management of IT ProjectsSemester 1, 2004 What Went Right? A large aerospace company used Monte Carlo simulation to help quantify risks on several advanced-design engineering projects. The National Aerospace Plan (NASP) project involved many risks. The purpose of this multibillion-dollar project was to design and develop a vehicle that could fly into space using a single-stage-to-orbit approach. A single-stage-to-orbit approach meant the vehicle would have to achieve a speed of Mach 25 (25 times the speed of sound) without a rocket booster. A team of engineers and business professionals worked together in the mid-1980s to develop a software model for estimating the time and cost of developing the NASP. This model was then linked with Monte Carlo simulation software to determine the sources of cost and schedule risk for the project. The results of the simulation were then used to determine how the company would invest its internal research and development funds. Although the NASP project was terminated, the resulting research has helped develop more advanced materials and propulsion systems used on many modern aircraft.

38. Topic 8- 38ICT 327 Management of IT ProjectsSemester 1, 2004 Risk Response Planning After identifying and quantifying risks, you must decide how to respond to them Four main strategies: Risk avoidance: eliminating a specific threat or risk, usually by eliminating its causes Risk acceptance: accepting the consequences should a risk occur Risk transference: shifting the consequence of a risk and responsibility for its management to a third party Risk mitigation: reducing the impact of a risk event by reducing the probability of its occurrence

39. Topic 8- 39ICT 327 Management of IT ProjectsSemester 1, 2004 General Risk Mitigation Strategies for Technical, Cost, and Schedule Risks

40. Topic 8- 40ICT 327 Management of IT ProjectsSemester 1, 2004 Risk Monitoring and Control Monitoring risks involves knowing their status Controlling risks involves carrying out the risk management plans as risks occur Workarounds are unplanned responses to risk events that must be done when there are no contingency plans The main outputs of risk monitoring and control are corrective action, project change requests, and updates to other plans

41. Topic 8- 41ICT 327 Management of IT ProjectsSemester 1, 2004 Risk Response Control Risk response control involves executing the risk management processes and the risk management plan to respond to risk events Risks must be monitored based on defined milestones and decisions made regarding risks and mitigation strategies Sometimes workarounds or unplanned responses to risk events are needed when there are no contingency plans

42. Topic 8- 42ICT 327 Management of IT ProjectsSemester 1, 2004 Using Software to Assist in Project Risk Management Databases can keep track of risks. Many IT departments have issue tracking databases Spreadsheets can aid in tracking and quantifying risks More sophisticated risk management software, such as Monte Carlo simulation tools, help in analyzing project risks

43. Topic 8- 43ICT 327 Management of IT ProjectsSemester 1, 2004 Sample Monte Carlo Simulation Results for Project Schedule

44. Topic 8- 44ICT 327 Management of IT ProjectsSemester 1, 2004 Sample Monte Carlo Simulations Results for Project Costs

45. Topic 8- 45ICT 327 Management of IT ProjectsSemester 1, 2004 Results of Good Project Risk Management Unlike crisis management, good project risk management often goes unnoticed Well-run projects appear to be almost effortless, but a lot of work goes into running a project well Project managers should strive to make their jobs look easy to reflect the results of well-run projects

46. Topic 8- 46ICT 327 Management of IT ProjectsSemester 1, 2004 Project Procurement Management Schwalbe: Chapter 12

47. Topic 8- 47ICT 327 Management of IT ProjectsSemester 1, 2004 Learning Objectives Understand the importance of project procurement management and the increasing use of outsourcing for information technology projects Describe the procurement planning process, procurement planning tools and techniques, types of contracts, and statements of work Discuss what is involved in solicitation planning and the difference between a request for proposal and a request for quote Explain what occurs during the solicitation process

48. Topic 8- 48ICT 327 Management of IT ProjectsSemester 1, 2004 Learning Objectives Describe the source selection process and different approaches for evaluating proposals or selecting suppliers Discuss the importance of good contract administration Describe the contract close-out process Discuss types of software available to assist in project procurement management

49. Topic 8- 49ICT 327 Management of IT ProjectsSemester 1, 2004 Importance of Project Procurement Management Procurement means acquiring goods and/or services from an outside source Other terms include purchasing and outsourcing Experts predicted that by the year 2003 the worldwide information technology outsourcing market would grow to over $110 billion U.S. federal spending on IT outsourcing is projected to increase from $6.6 billion in 2002 to nearly $15 billion by 2007 due to an emphasis on e-government, homeland security, and the shortage of IT workers in government

50. Topic 8- 50ICT 327 Management of IT ProjectsSemester 1, 2004 Why Outsource? To reduce both fixed and recurrent costs To allow the client organization to focus on its core business To access skills and technologies To provide flexibility To increase accountability

51. Topic 8- 51ICT 327 Management of IT ProjectsSemester 1, 2004 Question What are the risks of outsourcing?

52. Topic 8- 52ICT 327 Management of IT ProjectsSemester 1, 2004 Project Procurement Management Processes Procurement planning: determining what to procure and when Solicitation planning: documenting product requirements and identifying potential sources Solicitation: obtaining quotations, bids, offers, or proposals as appropriate Source selection: choosing from among potential vendors Contract administration: managing the relationship with the vendor Contract close-out: completion and settlement of the contract

53. Topic 8- 53ICT 327 Management of IT ProjectsSemester 1, 2004 Project Procurement Management Processes and Key Outputs

54. Topic 8- 54ICT 327 Management of IT ProjectsSemester 1, 2004 Procurement Planning Procurement planning involves identifying which project needs can be best met by using products or services outside the organization. It includes deciding whether to procure how to procure what to procure how much to procure when to procure

55. Topic 8- 55ICT 327 Management of IT ProjectsSemester 1, 2004 Question What is the relationship between outsourcing & procurement?

56. Topic 8- 56ICT 327 Management of IT ProjectsSemester 1, 2004 What Went Right? Several organizations, such as The Boots Company PLC in England, outsourced their IT services to save money compared with running the systems themselves Carefully planning procurement can also save millions of dollars, as the U.S. Air Force did by using a flexible pricing strategy for a large office automation project

57. Topic 8- 57ICT 327 Management of IT ProjectsSemester 1, 2004 Procurement Planning Tools and Techniques Make-or-buy analysis: determining whether a particular product or service should be made or performed inside the organization or purchased from someone else. Often involves financial analysis Experts, both internal and external, can provide valuable inputs in procurement decisions

58. Topic 8- 58ICT 327 Management of IT ProjectsSemester 1, 2004 Make-or Buy Example Assume you can lease an item you need for a project for $150/day. To purchase the item, the investment cost is $1,000, and the daily cost would be another $50/day. How long will it take for the lease cost to be the same as the purchase cost? If you need the item for 12 days, should you lease it or purchase it?

59. Topic 8- 59ICT 327 Management of IT ProjectsSemester 1, 2004 Make-or Buy Solution Set up an equation so the “make” is equal to the “buy” In this example, use the following equation. Let d be the number of days to use the item. $150d = $1,000 + $50d Solve for d as follows: Subtract $50d from the right side of the equation to get $100d = $1,000 Divide both sides of the equation by $100 d = 10 days The lease cost is the same as the purchase cost at 10 days If you need the item for 12 days, it would be more economical to purchase it

60. Topic 8- 60ICT 327 Management of IT ProjectsSemester 1, 2004 Types of Contracts Fixed-price or lump-sum: involve a fixed total price for a well-defined product or service Cost-reimbursable: involve payment to the seller for direct and indirect costs Time and material contracts: hybrid of both fixed- price and cost-reimbursable, often used by consultants Unit price contracts: require the buyer to pay the seller a predetermined amount per unit of service

61. Topic 8- 61ICT 327 Management of IT ProjectsSemester 1, 2004 Cost Reimbursable Contracts Cost plus incentive fee (CPIF): the buyer pays the seller for allowable performance costs plus a predetermined fee and an incentive bonus Cost plus fixed fee (CPFF): the buyer pays the seller for allowable performance costs plus a fixed fee payment usually based on a percentage of estimated costs Cost plus percentage of costs (CPPC): the buyer pays the seller for allowable performance costs plus a predetermined percentage based on total costs

62. Topic 8- 62ICT 327 Management of IT ProjectsSemester 1, 2004 Contract Types Versus Risk

63. Topic 8- 63ICT 327 Management of IT ProjectsSemester 1, 2004 Statement of Work (SOW) A statement of work is a description of the work required for the procurement Many contracts, or mutually binding agreements, include SOWs A good SOW gives bidders a better understanding of the buyer’s expectations

64. Topic 8- 64ICT 327 Management of IT ProjectsSemester 1, 2004 Statement of Work (SOW) Template

65. Topic 8- 65ICT 327 Management of IT ProjectsSemester 1, 2004 Solicitation Planning Solicitation planning involves preparing several documents: Request for Proposals: used to solicit proposals from prospective sellers Requests for Quotes: used to solicit quotes for well-defined procurements Invitations for bid or negotiation and initial contractor responses are also part of solicitation planning

66. Topic 8- 66ICT 327 Management of IT ProjectsSemester 1, 2004 Outline for a Request for Proposal (RFP)

67. Topic 8- 67ICT 327 Management of IT ProjectsSemester 1, 2004 Solicitation Solicitation involves obtaining proposals or bids from prospective sellers Organizations can advertise to procure goods and services in several ways approaching the preferred vendor approaching several potential vendors advertising to anyone interested A bidders’ conference can help clarify the buyer’s expectations

68. Topic 8- 68ICT 327 Management of IT ProjectsSemester 1, 2004 Source Selection Source selection involves evaluating bidders’ proposals choosing the best one negotiating the contract awarding the contract It is helpful to prepare formal evaluation procedures for selecting vendors Buyers often create a “short list”

69. Topic 8- 69ICT 327 Management of IT ProjectsSemester 1, 2004 Sample Proposal Evaluation Sheet

70. Topic 8- 70ICT 327 Management of IT ProjectsSemester 1, 2004 Detailed Criteria for Selecting Suppliers

71. Topic 8- 71ICT 327 Management of IT ProjectsSemester 1, 2004 Be Careful in Selecting Suppliers and Writing Their Contracts Many dot-com companies were created to meet potential market needs, but many went out of business, mainly due to poor business planning, lack of senior management operations experience, lack of leadership, and lack of visions. Check the stability of suppliers Even well-known suppliers can impede project success. Be sure to write and manage contracts well with all suppliers (see What Went Wrong?)

72. Topic 8- 72ICT 327 Management of IT ProjectsSemester 1, 2004 Contract Administration Contract administration ensures that the seller’s performance meets contractual requirements Contracts are legal relationships, so it is important that legal and contracting professionals be involved in writing and administering contracts Many project managers ignore contractual issues, which can result in serious problems

73. Topic 8- 73ICT 327 Management of IT ProjectsSemester 1, 2004 Suggestions on Change Control for Contracts Changes to any part of the project need to be reviewed, approved, and documented by the same people in the same way that the original part of the plan was approved Evaluation of any change should include an impact analysis. How will the change affect the scope, time, cost, and quality of the goods or services being provided? Changes must be documented in writing. Project team members should also document all important meetings and telephone calls

74. Topic 8- 74ICT 327 Management of IT ProjectsSemester 1, 2004 Contract Close-out Contract close-out includes product verification to determine if all work was completed correctly and satisfactorily administrative activities to update records to reflect final results archiving information for future use Procurement audits identify lessons learned in the procurement process

75. Topic 8- 75ICT 327 Management of IT ProjectsSemester 1, 2004 Using Software to Assist in Project Procurement Management Word processing software: writing proposals and contracts. (Templates & macros) Spreadsheets: help in evaluating suppliers. (Templates & macros) Databases help track suppliers, and presentation software aids in presenting procurement-related information

76. Topic 8- 76ICT 327 Management of IT ProjectsSemester 1, 2004 Procurement Systems In the late 1990s and early 2000s, many companies started using e-procurement software to do many procurement functions electronically Companies such as Commerce One, Ariba, Concur Technologies, SAS, and Baan provide corporate procurement services over the Internet Organizations also use other Internet tools to help find information on suppliers or auction goods and services WA State Government: Government Electronic Market (GEM) www.gem.wa.gov.au/Gem

77. www.gem.wa.gov.au/Gem

78. http://web.worldbank.org/WBSITE/EXTERNAL/PROJECTS/PROCUREMENT/0,,pagePK:84271~theSitePK:84266,00.html

79. procurement guidelines