Project Management Training
Download
Report
Transcript Project Management Training
WISQA: Risk Management for I/S
Projects
Paula Duchnowski CQA, CSTE
[email protected]
General Casualty Insurance
May 9, 2002
Risk Management for I/S
Projects
Why is Risk Management
Important?
What is Risk?
Risk Management Process
– Identify project goals & objectives
– Identify Risk
– Analyze Risk
– Plan for Risk
– Control Risk
Why are we here?
Information Technology
Projects are difficult to
manage
Project failures occur
with alarming frequency
Prudent measures to
assess and manage
risk can increase
probability of project
success
What is Risk?
A potential
problem waiting
to happen
May adversely
impact schedule,
cost, objectives
Will vary in
probability, impact
and timeframe
What is Risk Management?
Risk Management is a
systematic process
of identifying,
analyzing and
responding to
project risk.
PMI’s PMBOK
Step 1: Identify Project Goals
and Objectives
What are business objectives?
What are technical objectives?
What are project constraints?
Identify and state risks as they relate to
the ability to achieve objectives within
the known constraints
Note: If objectives aren’t well-defined that is a major risk.
Case Study Introduction
Improving and
enforcing the
Software
Development Life
Cycle
– Small Shop
– Not a processoriented culture
Project Objectives:
Increase consistency
among all software
development
projects
Utilize processes that
will increase the
probability of project
success
Step 2: Identify Risks
Encourage input of perceived risk
Identify risk while there is time to take
action
Capture risk in readable format
Communicate risk to those who can
solve it
Goal: Prevent project surprises
Risk Identification: examples
Inadequate
Management
Commitment
Ambiguous
requirements
Inadequate user
involvement
New Technology
Undefined or
ambiguous Scope
Insufficient or
inappropriate staffing
Inadequate tools or
technology
Large and dispersed
project team
Identifying Risks
Various publications Consider three
and organizations
perspectives:
have developed
– Project Management
and staffing
generic risk categories
and generic checklists. – Technical
Checklists help assure – Quality of Product
aren’t overlooking
something
Project Management Perspective:
Tactical Considerations
Budget
Schedule &
Resource availability Estimating risks
and expertise
Vendor
Management
Adequacy of
Methodology /
Project
process
Communication
Project Size &
Sponsorship and
Complexity
high-level support
Technical Perspective
Data Conversion: (GIGO)
System Interfaces
Operations / Postimplementation Support
New or unproven
Technology
Implementation & rollout
Infrastructure support
Adequacy of Infrastructure
Legacy Impacts / Support
Quality Risks
How well will
product meet
expectations?
– Ease of Use
– Data Integrity
– Understand impact
to users
Defects in
production
Techniques to Identify Risk
Checklists: Several Checklists are
available as reminders of possible risk
areas to consider
Interviews: Group or individual
Working Group / Workshop
Periodic meetings: Dialogue of risk
information
Surveys: Selected categories of people
identify risks quickly
Statement of Risk
May need to “Drill Down” to determine
the real risk to the project:
– Asking Why?
– Why is this situation a risk to the project?
– What is the worst case scenario if the risk
is realized?
– Some less than ideal circumstances may
not be true risks
Discussion
Case Study: Enhancing
and enforcing the
Software Development
Life Cycle
What are some of the
risks?
(be creative- pretend you
know this company)
Step 2: Risk Analysis
Quantify two factors:
– Probability of a failure
– Impact of a failure
Risk Exposure (RE) = P x I
Examples:
– Tornado in Wisconsin (low probability, high impact)
– My son forgetting to take out garbage (High
probability, low impact)
– Others: What risk(s) have you taken today??
Quantifying Risk
Early in Project
More difficult to be
precise
Establish risk ‘order
of magnitude’
Continue to revisit
as part of risk
management
process
Quantifying Risk: Tools and
Techniques
Decision tree
– Identify possible outcomes: associated
likelihood and impact
Identify expected monetary value:
– (probability %) x (Risk event value)
Simulation:
– Prototype ‘what if’ scenarios
Expert Judgement (Use a ‘judgement’
based scale)
Quantifying Risk
Define scale you will be
using for Probability and
Impact
Try to define scale to
correspond to key
objectives and
constraints
Look at example
Checklist
See GC’s Risk Checklist
Work in Process
Based on Lessons Learned & Industry
standard risks
Tool for PMs
Includes a risk ‘scale’ for probability and
impact
Weighted factors for size & complexity
Discussion: Case Study Risks
What is probability
of each risk
occurring?
What is impact if the
risk is realized?
Step 4: Plan for Risk
Develop Risk
Management Plan
For each Risk
– Determine Time
Frame for action
– Define Mitigation
Strategy
Plan for Risk: Risk Management
Plan
Define the Process for
tracking and monitoring
risk
Roles &
Responsibilities
What and how risk
information will be
tracked
Establish Mitigation
Possible Mitigation Strategies
Acceptance: Consciously choose to live
with the risk consequences
Avoidance: Eliminate the risk.
Protection: Backup / contingency plan,
i.e. Redundant system.
Reduction: Reduce either the
probability or impact of the risk.
More Mitigation Strategies
Research: Need more information - i.e.
market research; prototypes
Risk Reserves: Leave a contingency or margin for error.
Transfer: Shift risk to another
organization, person or group (retain
responsibility)
Document Known Risks
Description of risk
Date identified
Who identified
Category
Status
Risk Owner
Who is assigned
Mitigation strategy
Action Plan
Time Frame to act
RE: Probability &
Impact
Other Measures:
– Quantitative
threshold
– Leading indicators
– Risk Leverage
Discussion
Discuss possible
mitigation strategies
for case study risks
Step 5: Control Risk - On-going
Periodic monitoring and reporting of risk
data
– Visibility and accountability regarding risk
status
– Reports from risk repository
Periodic meetings / updates regarding
risk status
Periodic re-assessment of risk exposure
Update Risk data and project plan
Summary
Why Risk Management is Important
Steps of a Risk Management Process
– Identify Project Goals & Objectives
– Identify Risk
– Analyze Risk
– Plan for Risk
– Control Risk
Thank you
Bibliography
Project Management Institute: Project Management Body of
Knowledge
Keil, Mark; Cule, Paul; Lytinen, Kalle; Schmidt, Roy: A
Framework for identifying software project risks:
Communications of the ACM, November 1998
Hall, Elaine. Managing Risk. Methods for software systems
development. Reading, MA: Addison-Wesley Publishing,
1998.
Jones, Capers. Assessment and Control of Software Risks,
1994.
Mulcahy, Rita, Managing and Estimating Project Risks,
September, 1999.