IT Project Management, Third Edition Chapter 11 1

Chapter 6:Project Risk Management

IT Project Management, Third Edition Chapter 11 2

The Importance of Project Risk Management

Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives

Risk management is often overlooked on projects, but it can help improve project success

IT Project Management, Third Edition Chapter 11 3

What is Risk?

What is Risk ?

“the possibility of loss or injury” What is a project risk?

Project risk involves understanding potential problems that might occur on the project and how they might stop project success

Risk management is like a form of insurance; it is an investment

IT Project Management, Third Edition Chapter 11 4

What is Project Risk Management?The goal of project risk management is to minimize potential risks while maximizing potential opportunities. Major processes include Risk management planning: deciding how to approach

and plan the risk management activities for the project. Risk identification: determining which risks are likely to affect a

project and documenting their characteristics Quantitative risk analysis: measuring the probability and

consequences of risks and estimating their effects on project objectives.

Risk response planning: taking steps to enhance opportunities and reduce threats to meeting project objectives. Using outputs from the preceding risk management processes, project teams can develop a risk response plan.

Risk monitoring and control: monitoring known risks, identifying new risks, reducing risks, and evaluating the effectiveness of risk reduction throughout the life of the project.

IT Project Management, Third Edition Chapter 11 5

Risk Management Planning

The main output of risk management planning is a risk management plan

The project team should review project documents and understand the organization’s and the sponsor’s approach to risk

IT Project Management, Third Edition Chapter 11 6

Emergency and Fallback Plans

Emergency plans are predefined actions that the project team will take if an identified risk event occurs

Fallback plans are developed for risks that have a high effect on meeting project objectives

IT Project Management, Third Edition Chapter 11 7

Common Sources of Risk on Information Technology Projects Several studies show that IT projects

share some common sources of risk The Standish Group developed an IT

success potential scoring sheet based on potential risks

McFarlan developed a risk questionnaire to help assess risk

IT Project Management, Third Edition Chapter 11 8

McFarlan’s Risk Questionnaire1. What is the project estimate in calendar (elapsed) time?

( ) 12 months or less Low = 1 point

( ) 13 months to 24 months Medium = 2 points

( ) Over 24 months High = 3 points

2. What is the estimated number of person days for the system?

( ) 12 to 375 Low = 1 point

( ) 375 to 1875 Medium = 2 points

( ) 1875 to 3750 Medium = 3 points

( ) Over 3750 High = 4 points

3. Number of departments involved (excluding IT)

( ) One Low = 1 point

( ) Two Medium = 2 points

( ) Three or more High = 3 points

4. Is additional hardware required for the project?

( ) None Low = 0 points

( ) Central processor type change Low = 1 point

( ) Peripheral/storage device changes Low = 1

( ) Terminals Med = 2

( ) Change of platform, for example High = 3

PCs replacing mainframes

IT Project Management, Third Edition Chapter 11 9

Risk Identification

Risk identification is the process of understanding what potential unsatisfactory outcomes are associated with a project

Several risk identification tools and techniques include Brainstorming The Delphi technique Interviewing SWOT analysis

IT Project Management, Third Edition Chapter 11 10

Potential Risk Conditions Associated with Each Knowledge AreaKnowledge Area Risk Conditions

Integration Inadequate planning; poor resource allocation; poor integrationmanagement; lack of post-project review

Scope Poor definition of scope or work packages; incomplete definitionof quality requirements; inadequate scope control

Time Errors in estimating time or resource availability; poor allocationand management of float; early release of competitive products

Cost Estimating errors; inadequate productivity, cost, change, orcontingency control; poor maintenance, security, purchasing, etc.

Quality Poor attitude toward quality; substandarddesign/materials/workmanship; inadequate quality assuranceprogram

Human Resources Poor conflict management; poor project organization anddefinition of responsibilities; absence of leadership

Communications Carelessness in planning or communicating; lack of consultationwith key stakeholders

Risk Ignoring risk; unclear assignment of risk; poor insurancemanagement

Procurement Unenforceable conditions or contract clauses; adversarial relations

IT Project Management, Third Edition Chapter 11 11

Risk Response Planning After identifying and quantifying risks, you must

decide how to respond to them Four main strategies:

Risk avoidance: eliminating a specific threat or risk, usually by eliminating its causes

Risk acceptance: accepting the consequences should a risk occur

Risk transference: shifting the consequence of a risk and responsibility for its management to a third party

Risk mitigation: reducing the impact of a risk event by reducing the probability of its occurrence

IT Project Management, Third Edition Chapter 11 12

Risk Monitoring and Control Monitoring risks involves knowing their status Controlling risks involves carrying out the risk

management plans as risks occur Workarounds are unplanned responses to risk

events that must be done when there are no emergency plans

The main outputs of risk monitoring and control are corrective action, project change requests, and updates to other plans

IT Project Management, Third Edition Chapter 11 13

Results of Good Project Risk Management Unlike crisis management, good project risk

management often goes unnoticed Well-run projects appear to be almost

effortless, but a lot of work goes into running a project well

Project managers should strive to make their jobs look easy to reflect the results of well-run projects

IT Project Management, Third Edition Chapter 11 14

Using Software to Assist in Project Risk Management Databases can keep track of risks. Many

IT departments have issue tracking databases

Spreadsheets can aid in tracking and quantifying risks

More sophisticated risk management software, such as Monte Carlo simulation tools, help in analyzing project risks