Download - Risk Management and Planning
1
Risk Management and Planning Samavia Akbar (145883)
Aimal Zia (145881)Abiona Olafade (145808)
Yenilmez Ufuk Yılmaz(15500009)
SCT-EMU
EMU 2
Samavia Akbar (145883)
EMU 3
Contents What is risk? What is risk Management? Importance of Risk Management Types of risks Reactive and Proactive Risk Strategies Process of risk management Risk Identification Risk Analysis Risk Mitigation Case study References
EMU 4
What Is Risk ? Risk is defined as the possibility of loss. It is the inability to achieve
program objectives within defined cost, schedule, and technical constraints. Risk management is a set of actions that helps the project manager plan an approach to deal with uncertain occurrences.
Risk is not a bad thing. Risk is bad only when it results in loss for an organization. Risk with positive consequence is “opportunity” Risk with negative consequence is “threat”
EMU 5
Risk Management
What is it? Risk analysis and management are a series of steps that help a software team to understand and manage uncertainty
Who does it? Everyone involved in the software process – managers, software engineers and customers - participate in risk analysis and management
What are the steps?Identifying, analyzing and responding to risk throughout the life of project.
EMU 6
Importance of Risk Management According to the risk management guru Barry Boehm, “Risk
management focuses the project manager’s attention on those portions of the project most likely to cause trouble and compromise participants’ win conditions.”
Risk effects all of your project i.e; budget, schedule, quality etc Main objectives of risk management is to increase the probability and
impact of positive outcomes and decrease the probability and impact of negative outcomes
Unfortunately, many organizations don’t follow a formal risk management process and operate in a perpetual state of crisis management
Crisis management is the opposite of good risk management – organizations find themselves trying to figure out what to do about a problem after it has occurred instead of planning for issues in advance
EMU 7
Types of RisksProject risks can be broadly categorized into development process risks and product risks. Development Process Risks:The risks encountered during product development are categorized as development process risks. These comprise developer errors, natural disasters, disgruntled employees, and poor management objectives.1. Liability risk2. Fidelity risk3. Risk Due to Business Impact4. Technology Risks5. Staff/People Risks6. Natural Disasters 7. Contractual RisksProduct Risks:Product risks crop up in the form of changing requirements during product development. Incomplete and unclear requirements are a risk to the product during development. 8. Risk due to product size9. Risks Due to the Customer
EMU 8
REACTIVE VS. PROACTIVE RISK STRATEGIES Reactive strategies have been laughingly called the “Indiana Jones School
of risk management”.The software team does nothing about risks until something goes wrong. Then, the team flies into action in an attempt to correct the problem rapidly.
A considerably more intelligent strategy for risk management is to be proactive. A proactive strategy begins long before technical work is initiated. The primary objective is to avoid risk, but because not all risks can be avoided, the team works to develop a contingency plan that will enable it to respond in a controlled and effective manner.
EMU 9
Risk Management ProcessProject Risk Management includes the processes concerned with conducting risk management planning, identification, analysis, responses, and control on a project. The actual process of managing risks continues throughout the product development phase. Risk management is a dynamic process because it deals with the activities that are yet to happen. Risk management has a twofold agenda. First, deciding actions for preventing risks from happening, and second, deciding actions for tackling risks that materialize. Risk management process consists of three steps: 1. Risk identification 2. Risk analysis3. Risk mitigation
EMU 10
Risk Management Process
EMU 11
Risk management planning
Plan to manage the risk. The risk management plan is created early in the planning phase of the project
and updated throughout the life of the project. Methodology – approaches (process steps), tools, and data sources that may be
used to perform risk management. Roles and responsibilities to manage risks throughout the entire project. Budgeting for risk management activities (mitigation strategies). Timing of risk management activities (how often are the risks reviewed, when
will mitigation strategies be implemented) . Risk categories – high level used during identification (Technology, Customers,
Performance, etc.).
EMU 12
Abiona Olatade (145808)
RISK IDENTIFICATION
EMU 13
RISK MANAGEMENT PLANNING
RISK IDENTIFICATION
RISK ANALYSIS
RISK ANALYSIS
RISK IDENTIFICATION
RISK ANALYSIS
RISK ANALYSIS
RISK ANALYSIS
ANALOGY
BRAINSTORMINGDELPHI
TECHNIQUEINTERVIEWS
SWOT ANALYSISRISK
IDENTIFICATIONRISK
IDENTIFICATION
EMU 14
RISK IDENTIFICATION
Determining which risks are likely to affect a project Project manager gathers information about potential risks ALONG WITH THE PROJECT TEAM First step is to identify as many risks as possible for the upcoming
project Risk identification is not a one-time process; but a continuous process
(looking for new issues that may affect the success of the project)
EMU 14
ANALOGY
BRAINSTORMINGDELPHI
TECHNIQUEINTERVIEWS
POST-IT-NOTES
SWOT ANALYSISRISK
IDENTIFICATION
ANALOGY
Uses information from past similar projects or the experience of team members to look for risks.
EMU 15
Brainstorming Getting ideas from a group with the hope of generating a complete
list of ideas key to a it's success to foster an atmosphere that allows
outspokenness If not possible other techniques like the Delphi Technique or "post-it
Notes" are available
EMU 16
DELPHI TECHNIQUE
Participants are unknown to each other ideas can be generated without fear.
Questions and answers are presented electronically. The moderator accumulates all responses into one list which is then
distributed to the list for comments. This process continues until a general consensus (agreement) is
reached
EMU 17
INTERVIEWS
Project leader and other members conduct one-on-one discussions with stakeholders.
It is crucial to make the stakeholders feel comfortable sharing their ideas.
The success of this technique is heavily dependent on the skills of the interviewer.
EMU 18
POST-IT-NOTES Each participant writes down on sticky notes as many ideas as they
can think of..1 idea per note. Moderator sticks the note on a wall, and a list of ideas is quickly
generated and the team discusses the merit of each. Ideas with zero probability of occurrence is removed from the board Ideas that remain are rated for likelihood and impact
EMU 19
SWOT ANALYSIS SWOT stands for STRENGTHS, WEAKNESSES, OPPORTUNITIES, and
THREATS
SWOT analysis offers a framework with which to conduct a brainstorming session, sticky-note exercise, or a Delphi Technique session.
A key benefit of this technique is a focus on both sides of each issue:strengths versus weaknesses and opportunities versus threats
EMU 20
EMU 21
SWOT ANALYSIS Strengths – patents, strong brand name, reputation, cost advantages
from proprietary know-how, access to distribution networks Weaknesses – lack of patent, weak brand name, poor reputation, lack
of access to distribution networks Opportunities – an unfilled customer need, arrival of new
technologies, better regulations, international trade barriers Threats – shifts in consumer tastes away from, substitute products,
worse regulations, trade barriers
EMU 21
Risk Register Contents
Risk – name of the risk along with short description.
Trigger event – Events preceding the risk occurring.
Responsible - person or group responsible for monitoring the risk and executing mitigation activities
Consequence – Key project impact if the risk occurs.
Probability – Qualitative or quantitative probability of occurrence.
Mitigation – Strategy being used to reduce likelyhood.
EMU 22
EMU 23
RISK REGISTER
EMU 23
RISK REGISTERPROJECT: ‘ interclass beauty competition’
RISK
TRIGGER EVENT
RESPONSIBLE
CONSEQUENCE
PROBABILITY
MITIGATION
NAME AND SHORT DESCRIPTION
CLASS PARTICIPATION { RISKING THE CLASS UNBEATEN RECORD}
ACTIONS PRECEEDING THE RISK OCCURING
(MISS A) CATCHES THE FLU
PERSON OR GROUP RESPONSIBLE FOR MONITORING AND
MITIGATION CLASS DOCTOR
CLASS MAKEUP TEAM
KEY PROJECT IMPACT IF THE RISK OCCURS
OUR CLASS WILL LOOSE THE ‘interclass beauty competition’ BRAGING RIGHT OUR CLASS WILL LOSE THE ‘interclass beauty competition’ UNBEATEN RECORD
QUALITATIVE OR QUANTITATIVE PROBABILITY
MEDIUM
40%
STRATEGY BEING USED TO REDUCE
LIKELY HOOD
GET A BACKUP CONTESTANT
(MISS B)
INFECT OTHER CONTESTANTS
EMU 24
Yenilmez Ufuk Yilmaz (15500009)
EMU 25
Risk Analysis
After identifying the risks, the project manager needs to analyze the risks. Uncertainty and loss are the two characteristics of risk. The uncertainty
factor in risk means that the unknown event mayor may not happen. project manager needs to quantify the level of uncertainty and the degree of
loss. Based on this, the project manager plans schedules and costs. During analysis, information on risk is converted into information on decision-
making. Analysis provides the basis for the project manager to work on the “right” risks.
Qualitative Risk Analysis—performing a qualitative analysis of risks and conditions to prioritize their effects on project objectives. Quantitative Risk Analysis—measuring the probability and consequences of risks and estimating their implications for project objectives.
Risk Analysis Table
First, the WBS elements are identified. One of the tasks in the risk analysis phase is to describe the risk. The risk can be product-related, process-related, organization-related, client-related, or infrastructure-related.
Second, the WBS elements are evaluated to determine the risk events. Then the project manager quantifies the probability of occurrence of risk. The project manager can assign probability values between 0 and 1.
Third, the risks are rated depending on their probability of occurrence, the project manager identifies the impact of the risk. The impact of risk on cost, schedule, and quantity needs to be calculated and graded.
Then the risk factor is calculated by multiplying the probability of risk and the impact of risk. Finally, each risk is prioritized relative to other risks. The risk factor is used to prioritize the identified risks.
EMU 26
EMU 27
Probability/Impact matrix
The probability and impact matrix aids the project team in prioritizing which risks need more attention based on either their probability of occurring or the size of the impact to the project or both
EMU 28
Probability/Impact matrix continued
The columns represent the degree of impact to the project’s scope, time, cost, and quality goals
This example using a five level scale: zero to low impact, low to medium, medium, medium to high, and high impact. The scores are determined by subject matter experts and historical data
The next step determine the probability that a risk will materialize again using expert judgment and historical data
EMU 29
Quantitative Risk Analysis Techniques Decision trees with
expected monetary value analysis (EMV)
Decision tree analysis is generally used along with its graphical representation that describes a set of options under consideration along with estimated implications of each option
The EMV analysis technique is a statistical concept that calculates the average outcome when dealing with unknown future scenarios
EMU 30
Simulation (Monte Carlo) Monte Carlo simulation was as an aid in building accurate time
estimates for WBS activities It can also be used during quantitative risk analysis to simulate the
impact a risk may have on project goals Based on the probabilities of various outcomes, similar to the decision
tree analysis example, the simulation can be run multiple times based on the frequency distribution to determine the expected outcomes with probabilities.
EMU 31
Risk Response Planning
Eliminate threat before it happen Decrease impact of threat Contingency plan (do something if risk happens) Fallback plan (do something if contingency plans are not effective)
EMU 32
Risk Response Planning
Four main strategies: Risk avoidance: eliminating a specific threat or risk, usually by
eliminating its causes Risk acceptance: accepting the consequences should a risk occur without
trying to control it Risk transference: shifting the consequence of a risk and responsibility
for its management to a third party internal or external to the organization Risk mitigation: reducing the impact of a risk event by reducing the
probability of its occurrence
EMU 33
Aimal zia 145881
EMU 34
Risk Mitigation Risk mitigation is the best possible approach adopted by the
project manager to avoid risks from occurring. The probability of the risk occurring and the potential impact of the risk can be mitigated by dealing with the problem early in the project. Essentially, risk mitigation involves three possibilities and the project manager needs to adopt a risk mitigation strategy aimed at them.
The three possibilities include: • Risk avoidance • Risk monitoring • Contingency planning
EMU 35
Risk Avoidance To avoid risks from occurring, the project team prepares the risk plan before
the commencement of the project. The project team identifies the potential risks and prioritizes them based on their probability of occurrence and impact. Then, the team prepares a plan for managing risks. In most software projects, this plan is popularly called the risk management plan.
Format of a risk management plan
EMU 36
Risk Monitoring
It is not possible to monitor closely all the risks that are identified for the project. For example, if 100 risks are identified for a project, only top 20 risks are monitored.
There are re-planning checkpoints where the information obtained from monitoring the risks is used to refine the risk assessments and management plan.
The project manager monitors the top 20 percent of the factors that may indicate the status of the risks in the project.
In the case of large teams, the project manager also needs to monitor the attitude of the team members and their problems. This helps the project manager monitor any possible team-related risks.
For example, choosing a more expensive but proven technology over, a newer, less expensive technology is a step toward mitigating project risks.
EMU 37
Contingency Planning
The possibility of contingency planning arises when mitigation efforts fail and risk becomes a reality.
Contingency planning is used to monitor risks and invoke a predetermined response.
According to the plan, a trigger is set up. If the trigger is reached, the contingency plan is put into effect.
Contingency planning involves maintaining an alternative plan if the original plan fails.
example. Despite the massive attack on WTC, the stock markets in the US resumed functioning within a few days. This was possible because the finance companies had backed up their data and information on computers elsewhere. The contingency planning of finance companies prevented the risk of huge data loss for the stock market.
EMU 38
Managing Risks: Case Study Consider a scenario. Your organization is a vendor of software solutions. A
bus transport company the US wants you to develop a Schedule Adherence system. The team that will develop this software is new and the platform selected for development is also new to your organization. The project team needs to be trained intensively for this.
During this project, the team is expected to manage a large volume of data. The team has never had any experience in managing such a large volume of data. The system also needs to use this data to generate various MIS reports related to delays or adherence of bus services.
The performance requirement is less than fifteen seconds for all popular browsers. Your organization is anticipating numerous requirement changes during the development process. The system needs to be implemented across several states in the country. The data related to the system is highly confidential because it can provide an edge to the competitors.
Now, as a project manager, you need to prepare a risk management plan for this project. The project starts on May 15 and should be completed on November 15.
EMU 39
Case Study First, you need to identify the potential risks involved in the project.
The potential risks to the project are described in Table.
After identifying the risks, you need to estimate the probability of their occurrence and their impact on product development. Based on this, you calculate the risk factor and plan the mitigation steps.
EMU 40
Case Study The Risk Management Plan for Building a Schedule Adherence System
EMU 41
References: http://www.slideshare.net/AbhinyaKalyan/risk-manage
ment-16546063?related=1 http://www.slideshare.net/aleemhabib7/project-risk-ma
nagement-pmbok-5 http://www.slideshare.net/Schopra17/risk-mangement?r
elated=1 http://www.slideshare.net/Samuel90/risk-management-
slides-4397491
Software Project Management (CS615) © Copyright Virtual University of Pakistan
Information Technology Project Management, 3rd Edition, John Wiley, Jack T. Marchewka
EMU 42
EMU 43