22 22 project risk analysis and management
TRANSCRIPT
-
7/29/2019 22 22 Project Risk Analysis and Management
1/24
Risk Analysis in IT Projects
-
7/29/2019 22 22 Project Risk Analysis and Management
2/24
What Is Project Risk Analysis And
Management?
Project Risk Analysis and Management is a
process which enables the analysis andmanagement of the risks associated with a
project. Properly undertaken it will increase the
likelihood of successful completion of a project to
cost, time and performance objectives.
-
7/29/2019 22 22 Project Risk Analysis and Management
3/24
Objectives
The objective of performing risk management is to enablethe organization to accomplish its missions:
(1) by better securing the IT systems that store, process, ortransmit organizational information;
(2) by enabling management to make well-informed riskmanagement decisions to justify the expenditures thatare part of an IT budget;
(3) by assisting management in authorizing (oraccrediting) the IT systemson the basis of the supportingdocumentation resulting from the performance of riskmanagement.
-
7/29/2019 22 22 Project Risk Analysis and Management
4/24
The Importance of Project Risk
Management
Project risk management is the art and science of
identifying, analyzing, and responding to riskthroughout the life of a project and in the bestinterests of meeting project objectives
Risk management is often overlooked in projects,
but it can help improve project success by helpingselect good projects, determining project scope, anddeveloping realistic estimates
-
7/29/2019 22 22 Project Risk Analysis and Management
5/24
Integration of Risk Management into theSDLC
SDLC Phases Phase CharacteristicsSupport from Risk
Management Activities
Phase 1Initiation The need for an IT system is
expressed and the purpose and
scope of the IT system is
Documented
Identified risks are used to
support the development of the
system requirements.
Phase 2Development or
Acquisition
The IT system is designed,
purchased, programmed,
developed, or otherwise
Constructed
The risks identified during this
phase can be used to support
the security analyses of the IT
System.
Phase 3Implementation The system security features
should be configured, enabled,
tested, and verified
The risk management process
supports the assessment of the
system implementation against
its requirements.
Phase 4Operation or
Maintenance
The system performs its
functions.
Risk management activities are
performed for periodic system
Reauthorization.
Phase 5Disposal This phase may involve the
disposition of information,hardware, and software.
Risk management activities
are performed for systemComponents.
-
7/29/2019 22 22 Project Risk Analysis and Management
6/24
Project Risk ManagementProcesses
Risk identification: determining which risks are likelyto affect a project and documenting the characteristics ofeach.
Risk analysis: prioritizing risks based on theirprobability and impact of occurrence.
Risk planning:taking steps to enhance opportunitiesand reduce threats to meeting project objectives.
Risk monitoring and control: monitoring identifiedand residual risks, identifying new risks, carrying outrisk response plans, and evaluating the effectiveness ofrisk strategies throughout the life of the project.
-
7/29/2019 22 22 Project Risk Analysis and Management
7/24
Risk Breakdown Structure
Arisk breakdown structure is a hierarchy ofpotential risk categories for a project.
Similar to a work breakdown structure but usedto identify and categorize risks.
-
7/29/2019 22 22 Project Risk Analysis and Management
8/24
-
7/29/2019 22 22 Project Risk Analysis and Management
9/24
Risk Identification
Risk identification is the process ofunderstanding what potential events might hurt orenhance a particular project.
Risk identification tools and techniques include:
Brainstorming
The Delphi Technique
Interviewing
SWOT analysis
-
7/29/2019 22 22 Project Risk Analysis and Management
10/24Contd.
Risk Assessment Methodology Flowchart
-
7/29/2019 22 22 Project Risk Analysis and Management
11/24
-
7/29/2019 22 22 Project Risk Analysis and Management
12/24
Qualitative Risk Analysis
Assess the likelihood and impact ofidentified risks to determine their
magnitude and priority.
Risk quantification tools and techniquesinclude:
Risk-Level matrixes
-
7/29/2019 22 22 Project Risk Analysis and Management
13/24
Risk-Level Matrix
ARisk-Level matrix or chart lists the relative probabilityof a risk occurring on one side of a matrix or axis on a chartand the relative impact of the risk occurring on the other
-
7/29/2019 22 22 Project Risk Analysis and Management
14/24
Risk Scale and NecessaryActions
-
7/29/2019 22 22 Project Risk Analysis and Management
15/24
Quantitative Risk Analysis
A Qualitative Analysis allows the main risk
sources or factors to be identified.
It enables the impacts of the risks to bequantified against the three basic projectsuccess criteria: cost, time andperformance.
-
7/29/2019 22 22 Project Risk Analysis and Management
16/24
Quantitative Techniques
Sensitivity Analysis simply determines the effect on the whole
project of changing one of its risk variables such as delays in designor the cost of materials .
Probabilistic Analysis specifies a probability distribution for eachrisk and then considers the effect of risks in combination. This is
perhaps the most common method of performing a quantitative riskanalysis.
Influence Diagrams are a relatively new technique for riskanalysis. They provide a powerful means of constructing models of
the issues in a project which are subject to risk .
Decision Trees are another graphical method of structuringmodels. They bring together the information needed to make projectdecisions and show the present possible courses of action and all
future possible outcomes.
-
7/29/2019 22 22 Project Risk Analysis and Management
17/24
Risk Mitigation
Risk mitigation, involves prioritizing, evaluating, andimplementing the appropriate risk-reducing controlsrecommended from the risk assessmentprocess.
Risk mitigation can be achieved through any of thefollowing risk mitigation options: Risk Assumption.
Risk Avoidance. Risk Limitation. Research and Acknowledgment. Risk Transference.
-
7/29/2019 22 22 Project Risk Analysis and Management
18/24
Risk Mitigation Strategy
-
7/29/2019 22 22 Project Risk Analysis and Management
19/24
Risk Monitoring and Control
In most organizations, the components change, and itssoftware applications replaced or updated with newerversions. In addition, personnel changes will occur andsecurity policies are likely to change over time.
These changes mean that new risks will surface and risks
previously mitigated may again become a concern. Thus, thereis a need for an ongoing risk evaluation andassessment.
In implementing recommended controls to mitigate risk, an
organization should consider: Technical
Management
Operational security controls
to maximize the effectiveness of controls for their IT systemsand organization.
-
7/29/2019 22 22 Project Risk Analysis and Management
20/24
Risk Analysis Using an Enhanced FMEATECHNIQUE The TCS Way.
Failure Mode and Effects Analysis (FMEA) is astructured, proactive technique to identify the ways inwhich a product or process can fail and to prevent such
failure.
It is a systematic technique to analyze potential failuremodes and assist in mitigating them.
It systematically anticipates and studies the cause andeffect of failure.
-
7/29/2019 22 22 Project Risk Analysis and Management
21/24
TCS Risk Management Circle
-
7/29/2019 22 22 Project Risk Analysis and Management
22/24
FMEA The Driver Model
The power of FMEA is four-fold. Firstly, all FMEAartifacts are dynamic, living documents. Continuousimprovement and risk level reduction drive FMEA.
Next, the technique identifies high-priority, vital fewrisks because, in real life, not all problems are equallyimportant.
Thirdly, FMEA is customer-oriented although acustomerrepresentative may not be an end-user.
Fourthly, FMEA offers audit trails, i.e. a welldocumented record of improvements arising out ofcorrective action implemented.
In sum, FMEA gives one a mechanism to document andmonitor all data elements required to meet businessdrivers.
-
7/29/2019 22 22 Project Risk Analysis and Management
23/24
REFERENCES
www.openseminar.orgRisk Management, Author: Laurie Williams andSarah Smith
www.sei.cmu.edu The Software Engineering Institute for riskmanagement.
Effective Risk Management: Risk Analysis Using an enhancedFMEA technique -Vijaya Deepti Nimmagadda Ramanamurthy and K.Uma Balasubramania (Tata Consultancy Services) Bangalore, KarnatakaIndia
Risk Analysis Techniques - By Geoffrey H. Wold and Robert F. Shriver
http://www.openseminar.org/http://www.sei.cmu.edu/http://www.openseminar.org/http://www.sei.cmu.edu/http://www.sei.cmu.edu/http://www.sei.cmu.edu/http://www.sei.cmu.edu/http://www.openseminar.org/ -
7/29/2019 22 22 Project Risk Analysis and Management
24/24