Risk Management

  • Uploaded by: Chanel Green
  • 0
  • 0
  • July 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Risk Management as PDF for free.

More details

  • Words: 1,688
  • Pages: 8


Risk Management



What is Risk Management



It is about understanding the internal and external influences that can cause project failure.

 The main purpose is to identify and handle the uncommon causes of project variation. 

The SEI definition of risk : “Risk is the possibility of suffering loss” (where loss is any negative impact to the project which could be in terms of time, costs, quality or outright project failure)

 Risk is uncertainty or lack of complete knowledge of the set of all possible future events.



Strictly speaking, there are 2 main categories of risk: 

Internal - which is within the control of a project manager

 External - which is outside the control of a project manager 

Classes of Risks



The Project manager deals with risks resulting from 3 general classes:

 Known knowns - they are noted and described in the SPMP





Known unknowns - they are described in the RMP where they are prioritized and updated on a timely basis



Unknown unknowns - they are unknown, both as a category of risk and as a reality of the project (technical risks)

Risk Management concepts

 Risk event: It is the precise description of what might happen to the project  Risk probability: It is the degree to which the risk event is likely to occur  Amount at stake: It is the loss incurred if the outcome is unsatisfactory  Risk exposure: It is the overall liability potential of the risk; it is the product of Risk probability and loss

 Concept and system exploration, along with requirements are the first three life cycle phases and are the phases in which project planning has the greatest impact on risk mitigation. 

The inherent project risk is highest in these phases and drops through project execution.



Risk Management Models

 Several models of risk management have been identified by the Project Management/Software Engineering institutes and through the ground-breaking work of Boehm. Project Management Institute’s Risk Model



PMI Risk Model As per the PMI model, project risk management is made up of:

 Risk identification: Developing the sources of risk, identifying potential risk events, and symptoms of risk.

 Risk quantification: using quantitative and qualitative analysis, determining the value of the opportunities to pursue verses the threats to avoid, and the opportunities to ignore verses the threats to accept.

 Response planning: developing the risk management and contingency plans, identifying reserves required in both dollars and person-hours and determining how mitigation can occur through contractual means

 Monitoring & Control: developing corrective action plans and monitoring their

implementation as part of the overall implementation of the risk management plan.



Boehm’s Risk Model

 In this model, Risk management consists of 2 activities of risk assessment and control. Risk assessment is further divided into risk identification, analysis and prioritization.



Risk control consists of risk management planning, risk resolution, and risk monitoring. As with risk assessment, these 3 components are supported by sets of tools and techniques. Risk Assessment:

 Risk identification is done by checklists, decision-driver analysis, and problem decomposition. 

Risk Analysis is done through modeling performance and cost, and analyzing network, decision and quality factors.

 Risk prioritization allows the project team to focus on those critical few risks that will have the greatest potential for causing project failure. 

Boehm’s Risk Model



Risk management planning uses tools of buying information and risk avoidance, transfer, reduction, element planning and plan integration

 Risk avoidance is simply finding a way to restructure the project and product to avoid that risk

 Risk resolution is accomplished through prototypes, simulations, benchmarks, analyses and staffing.

 Risk transfer usually involves the buying insurance against the occurrence of the risk. It is the actual transfer of responsibility for that part of the project with the inherent risk, to another organization.

 Milestone tracking, top-ten risk tracking, risk reassessment, and corrective action provide the tools for risk monitoring. 

These tools are all part of the steps that the project manager takes to implement complete risk management.



Boehm’s Risk Model

 

The SEI Model

This model provides information and feedback, internal and external to the project, on the risk activities, current risks, and emerging risks. The processes in this model include: 

Identify - Search for and locate risks before they become problems

 Analyze - transform risk data into decision-making information, evaluate impact, probability and timeframe; classify and prioritize risks



Plan - translate risk information into decisions and mitigating actions (both present and future) and implement those actions



Track - monitor risk indicators and mitigation actions

 Control - correct for deviations from the risk mitigation plans Communication happens throughout all functions with some common process characteristics such as identification, analysis and quantification, response planning, tracking and communication. 

Identifying Risks

 This is accomplished by using the same tools as any analysis task. 

Start out by having the team and the customer brainstorm possible risks to develop “known unknown” lists.



Use checklists of problems from prior projects retrieved from the project repository or knowledge-base.



Examine all project assumptions in the project plan for the slightest hint of risk. Pay special attention to those that assume a rosy future where everything works.



Interview stakeholders for risk identification and quantification.

 Take the work breakdown structure and network diagrams from the PMP and look for precedence bottlenecks. These are the real choke points in the project planning network and have the highest risk reaction with schedule slips. 

Identifying Risks

 Sometimes flowcharting a process helps spot risky areas (especially if the process is not familiar) 

Examine sources of key decisions in the project (decision-drivers).



There are different types of risks and the most important ones are: 

Technical



Operational



Political



Legal

 Regulatory 

Market



Social



Internal



External



In general there are 3 basic risk areas - supportability, technical and programmatic.



The 3 basic risk areas

 Technical tasks are a major part of software development business since software is the driver of high technology.



Programmatic sources arise from the process of trying to manage the software development project.

 As the software project nears completion, the risks inherent in the software delivery, installation and maintainability are very real and obvious.





These 3 are the areas that add risk to cost and schedule. It should be kept in mind that cost and schedule are inherently risky.

 Analyzing and Quantifying Risks 

Brainstorming

 Offer risk analysis ideas without judgement or evaluation





Build on ideas offered



Repeat until all ideas on risk analysis are exhausted

Delphi Method 

Select a panel of experts (isolated and unknown)



Prepare and circulate a questionnaire about a risk

 Solicit risk handling approaches and opinions 

Share all responses and statistical feedback with entire group



Repeat until there is convergence on a consensus approach

Newer Methods 

Sensitivity Analysis 

Choose a few variables with big impact to the plan

 Define a likely range of variation 

Assess effect of changing them on project outcome



Analyzing and Quantifying Risks



Probability Analysis





Similar to sensitivity analysis



Adds a probability distribution for each variable.

Monte Carlo simulation

 Similar to probability analysis





Assign randomly chosen values for each variable



Run simulation a number of times to get a probability distribution for the outcome



Produces a range of probabilities for the outcome

Utility Theory

 Comprehends decision maker’s attitude towards risk  

Viewed as theoretical

Decision Tree Analysis





Graphical Method



Forces probability considerations for each outcome



Usually applied to cost and time

Developing & Controlling Risks

 Examples of key engineering development risks and treatments: 

Unrealistic budget and schedule

 Track all estimates and actuals; understand the teams’ performance level 

Understand how all team members’ time is spent-there are always overhead activities in any organization

 Don’t allow the client to talk you into an unrealistic estimate 

Personnel shortfalls



Plan for training in areas needed for the project



Establish a learning pattern for team members throughout the project’s life



Cultivate teaming relationships with knowledgeable parties

 Developing wrong capabilities





Insist on meeting with the customer



Prototype and demonstrate planned approaches

Risk Response The risk response development can handle identified tasks in 3 ways



Accept consequences in an active or passive fashion



Transfer or move the loss to a third party through a contract (warranty or insurance)



Mitigate or reduce the impact or probability of using contingency planning or a reserve, or eliminate the cause by using alternative software development strategies. Prepare appropriate responses by answering these questions:



Who is responsible for the action?



When is the action due?



What is the metric to watch?



What is the metric trigger value?



Risk Categories

1

Mission and Goals

2

Organization Management

3

Customer

4

Budget/Cost

5

Schedule

6

Project Content

7

Performance

8

Project Management

9

Development Process

10

Development Environment

11 Staff 12 Maintenance 

Risk Management Plan

 The Risk Management Plan will contain all the identified risks and mitigation plans where appropriate. It models the 12 categories of potential risk to any specific project.

 1

Developing a risk management plan is a simple matter of 5 steps: Using the categories, construct a risk categorization table.

2 Rank the risk to the project for each category - Risk factors and areas, Low risk evidence (L), Medium risk evidence (M), High risk evidence (H), Rating, Comments. 3 Sort the risk table in order of risk with high-risk items first and calculate their risk exposure (key risks). Identify means to control them, establish ownership, and the date of completion. Integrate key risks into the project plan. Determine impact on schedule and cost. 4

Establish a regular risk report format for weekly project status meetings.

Related Documents

Risk Management
June 2020 20
Risk Management
June 2020 17
Risk Management
June 2020 11
Risk Management
May 2020 10
Risk Management
October 2019 26
Risk Management
November 2019 25

More Documents from ""

Risk Management
July 2020 2
01termarbod.docx
May 2020 7
Cover Lestari.docx
June 2020 6
Toyotamesinserik.pdf
June 2020 19
Admission-form.pdf
October 2019 37