1. © 2008 Prentice Hall9-1 Introduction to Project Management Chapter 9 Managing Project Risk Information Systems Project Management: A Process and Team Approach, 1e Fuller/Valacich/George

2. © 2008 Prentice Hall9-2 Project Risk “…an uncertain event or condition that, if it occurs, has a positive or a negative effect on a project objective.”

3. © 2008 Prentice Hall9-3 Information Systems Associated Risks Technology and project management related –Positive Availability of new project management tools –Negative Rate of change in technologies –Upgrades and new releases Assumptions computer-generated output is always correct Formation of teams

4. © 2008 Prentice Hall9-4 Risk & Project Life Cycle Initiation stage –Identification and selection of specific projects Inside or outside of organization’s core competencies Planning stage –Procurement Unreliability of new technology delivery timeframe Development of accurate project schedule

5. © 2008 Prentice Hall9-5 Execution stage –Missed scheduled delivery date –Technology upgrades Control stage –Implementation of risk plan –Modification of project schedule Closing stage –Acceptance of project as finished Risk & Project Life Cycle (cont.)

6. © 2008 Prentice Hall9-6 Project Risk Examples New or different project management methodologies Different: –Cultures –Organization structures –Human resources

7. © 2008 Prentice Hall9-7 General Categories of IS Project Risk Ongoing changes to technology Finding, assigning, and retaining skilled personnel Gaining user acceptance Choosing the correct development methodology

8. © 2008 Prentice Hall9-8 Outsourcing / Offshoring Positives: –Expanded skill set availability –Cheaper labor –Reduced requirements for non-core competencies Negatives: –Internal resistance Possible solutions to reduce risk: –Ensure strong upper management support –Select the right personnel –Involve managers early in the outsourcing process –Educate and reassure internal employees

9. © 2008 Prentice Hall9-9 Negatives (cont.) : –Increased security and privacy concerns Possible solutions to reduce risk: –Increase physical security measures –Use software event logging and monitoring tools –Intrusion detection systems and firewalls –Encryption hardware/software Outsourcing / Offshoring (cont.)

10. © 2008 Prentice Hall9-10 Top Five Software Project Risks Lack of top management commitment to the project Failure to gain user commitment Misunderstanding the requirements Lack of adequate user involvement Failure to manage end user expectations

11. © 2008 Prentice Hall9-11 Risk Management Planning A systematic approach to planning the risk management activities of a given project

12. © 2008 Prentice Hall9-12 Risk Management Planning – Inputs Enterprise environmental factors –Attitudes toward risk and risk tolerance Organizational process assets –Processes in place to handle risk Project scope statement –Defining the project Project management plan –Project summary document

13. © 2008 Prentice Hall9-13 PMBOK Required Inputs, Tools, and Techniques Used, and Resulting Outputs During Risk Management

14. © 2008 Prentice Hall9-14 Risk Management Planning – Tools & Techniques Risk planning meetings –Senior managers, project team leaders, stakeholders, project members with decision-making responsibilities –Development of specific risk management plans –Inclusion of risk-related items in budget and schedule –Creation of risk management templates

15. © 2008 Prentice Hall9-15 Risk Management Planning – Outputs Risk Management Plan –Methodology or approach to risk management –Roles and responsibilities of project members –Risk management budget –Integration of risk management activities into project life cycle –Scoring and interpretation of risk analysis –Risk thresholds –Reporting formats –Tracking

16. © 2008 Prentice Hall9-16 Risk Identification The process of identifying potential risks to a project and documenting them

17. © 2008 Prentice Hall9-17 PMBOK Required Inputs, Tools and Techniques Used, and Resulting Outputs During Risk Identification

18. © 2008 Prentice Hall9-18 Risk Identification – Inputs Enterprise environmental factors Organizational process assets Project scope statement Project management plan Risk management plan

19. © 2008 Prentice Hall9-19 Risk Categories Defined in a Risk Register –A formal recording of all project risks, explaining the nature of the risk and management of the risk

20. © 2008 Prentice Hall9-20 Risks

21. © 2008 Prentice Hall9-21 Risk Identification – Tools & Techniques Documentation reviews –The review of organizational information to aid during risk identification May include: –Project profiles (previous project information and related lessons learned) –Published information »Articles/studies/benchmarking information

22. © 2008 Prentice Hall9-22 Risk Identification – Tools & Techniques (cont.) Information gathering techniques –Brainstorming –Delphi technique –http://en.wikipedia.org/wiki/Delphi_techniquehttp://en.wikipedia.org/wiki/Delphi_technique –Interviewing –Strengths, weaknesses, opportunities, and threats (SWOT) –http://en.wikipedia.org/wiki/SWOThttp://en.wikipedia.org/wiki/SWOT –Checklists

23. © 2008 Prentice Hall9-23 Risk Identification – Tools & Techniques (cont.) –Diagramming techniques Cause and effect (Fishbone) http://en.wikipedia.org/wiki/Fishbone_diagram System or process flowcharts Influence diagrams http://www.lumina.com/software/influencediagrams.htmlhttp://www.lumina.com/software/influencediagrams.html http://en.wikipedia.org/wiki/Influence_diagrams

24. © 2008 Prentice Hall9-24 Risk Identification – Output

25. © 2008 Prentice Hall9-25 Qualitative Risk Analysis Establishment of probabilities regarding both the impact and likelihood of specific risk occurrences

26. © 2008 Prentice Hall9-26 PMBOK Required Inputs, Tools and Techniques Used, and Resulting Outputs During Qualitative Risk Analysis

27. © 2008 Prentice Hall9-27 Qualitative Risk Analysis – Inputs Organizational process assets Project scope statement Risk management plan Risk register

28. © 2008 Prentice Hall9-28 Qualitative Risk Analysis – Tools & Techniques Risk probability and impact assessment Probability/impact risk rating matrix Risk data quality assessment Risk categorization Risk urgency assessment

29. © 2008 Prentice Hall9-29 Probability/Impact Risk Rating Matrix A technique used to analyze project risk in terms of its probability of occurrence and its impact on project outcomes

30. © 2008 Prentice Hall9-30 Risk Data Quality Assessment Assessment of the quality of the data used to assess risk May include: Extent to which a risk is understood Available risk data Data quality Data integrity and reliability

31. © 2008 Prentice Hall9-31 Qualitative Risk Analysis – Outputs Updated risk register

32. © 2008 Prentice Hall9-32 Quantitative Risk Analysis Analysis of the probability of occurrence and impact of risk on project objectives using numerical techniques

33. © 2008 Prentice Hall9-33 Required Inputs, Tools and Techniques Used, and Resulting Outputs During Quantitative Risk Analysis

34. © 2008 Prentice Hall9-34 Quantitative Risk Analysis – Inputs Organization process assets Project scope statement Risk management plan Risk register Project management plan

35. © 2008 Prentice Hall9-35 Quantitative Risk Analysis – Tools & Techniques Data gathering through interviewing Quantitative procedures –Sensitivity analysis Technique used to examine the potential impact of specific risks to a project (Tornado analysis) http://www.modeladvisor.com/specific_use/modelin g/productivity_tools/what_if_analysis_manager/wh at_if_analysis_manager.htmhttp://www.modeladvisor.com/specific_use/modelin g/productivity_tools/what_if_analysis_manager/wh at_if_analysis_manager.htm

36. © 2008 Prentice Hall9-36 Tornado Analysis It is a sensitivity analysis technique. Shows which risks can cause the greatest variability in the base value of an information system.

37. © 2008 Prentice Hall9-37 Tornado Analysis NOTES:  Discount rate - The interest rate used in determining the present value of future cash flows. For example, let's say you expect $1,000 dollars in one year's time. To determine the present value of this $1,000 (what it is worth to you today) you would need to discount it by a particular rate of interest (often the risk-free rate but not always). Assuming a discount rate of 10%, the $1,000 in a year's time would be the equivalent of $909.09 to you today (1000/[1.00 + 0.10]).  The difference between the present value of cash inflows and the present value of cash outflows. NPV is used in capital budgeting to analyze the profitability of an investment or project. NPV compares the value of a dollar today to the value of that same dollar in the future, taking inflation and returns into account. If the NPV of a prospective project is positive, it should be accepted. However, if NPV is negative, the project should probably be rejected because cash flows will also be negative.

38. © 2008 Prentice Hall9-38 Quantitative Risk Analysis – Tools & Techniques –Decision tree analysis Diagramming technique used to evaluate courses of action in terms of their potential cost and benefits relative to other courses of action http://en.wikipedia.org/wiki/Decision_tree –Expected monetary value analysis (EMV) Statistical technique which captures the average value of potential projects by analyzing the likelihood of possible project outcomes as well as each outcome’s financial consequences

39. © 2008 Prentice Hall9-39 Expected Monetary Value + Decision Tree Analysis

40. © 2008 Prentice Hall9-40 –Simulation Statistical technique where what-if analyzes are run to determine the impact of a given situation on a project objective (Monte Carlo) A problem solving technique used to approximate the probability of certain outcomes by running multiple trial runs, called simulations, using random variables. Monte Carlo simulation is named after the city in Monaco, where the primary attractions are casinos that have games of chance. Gambling games, like roulette, dice, and slot machines, exhibit random behavior. http://masamiki.com/project/blackjack.htm Quantitative Risk Analysis – Tools & Techniques (cont.)

41. © 2008 Prentice Hall9-41 Quantitative Risk Analysis – Outputs Updated risk register

42. © 2008 Prentice Hall9-42 Risk Response Planning The process of developing methods for responding to project risks

43. © 2008 Prentice Hall9-43 Required Inputs, Tools and Techniques Used, and Resulting Outputs During Risk Response Planning

44. © 2008 Prentice Hall9-44 Risk Response Planning – Inputs Risk management plan Risk register

45. © 2008 Prentice Hall9-45 Risk Response Planning – Tools & Techniques Avoidance –Identified risks are avoided through a different course of action Transference –Transfer of risk to another party through the use of contracts Mitigation –Steps are taken to reduce the occurrence or impact of stated risks Acceptance –Risks are accepted and contingency strategies are planned

46. © 2008 Prentice Hall9-46 Risk Response Planning – Outputs Updates to: –Risk register –Project management plan –Risk-related contractual agreements

47. © 2008 Prentice Hall9-47 Risk Response Plan Contents (Project Management Institute) Any risks that have been identified along with a description and the areas and objectives the identified risk may affect The roles and responsibilities of any risk owners Qualitative and quantitative risk analysis results as well as any trends identified during either of these processes A description of the risk response strategies including avoidance, transference, mitigation, and acceptance, and the risk that the strategies will be applied to An acknowledgement of any residual risk projected to remain after any risk response strategies have been applied A list of actions to be used to implement the risk response strategies Budget and schedule information in terms of risk response Any contingency plans used as part of an active response to accept risks

48. © 2008 Prentice Hall9-48 Additional Risk Terms Residual risks –Any risks remaining after risk response strategies have been applied Secondary risks –Any risks resulting from the application of a risk response strategy Contractual agreements –Any contracts for the purpose of risk transference during the project

49. © 2008 Prentice Hall9-49 Risk Monitoring & Control The process of monitoring identified risks for change and controlling those changes

50. © 2008 Prentice Hall9-50 PMBOK Required Inputs, Tools and Techniques Used, and Resulting Outputs During Risk Monitoring and Control

51. © 2008 Prentice Hall9-51 Questions?