Transcript Project Management Training

WISQA: Risk Management for I/S
Projects
Paula Duchnowski CQA, CSTE
[email protected]
General Casualty Insurance
May 9, 2002
Risk Management for I/S
Projects
Why is Risk Management
Important?
What is Risk?
Risk Management Process
– Identify project goals & objectives
– Identify Risk
– Analyze Risk
– Plan for Risk
– Control Risk
Why are we here?
 Information Technology
Projects are difficult to
manage
 Project failures occur
with alarming frequency
 Prudent measures to
assess and manage
risk can increase
probability of project
success
What is Risk?
A potential
problem waiting
to happen
May adversely
impact schedule,
cost, objectives
Will vary in
probability, impact
and timeframe
What is Risk Management?
Risk Management is a
systematic process
of identifying,
analyzing and
responding to
project risk.
PMI’s PMBOK
Step 1: Identify Project Goals
and Objectives
What are business objectives?
What are technical objectives?
What are project constraints?
Identify and state risks as they relate to
the ability to achieve objectives within
the known constraints
Note: If objectives aren’t well-defined that is a major risk.
Case Study Introduction
 Improving and
enforcing the
Software
Development Life
Cycle
– Small Shop
– Not a processoriented culture
Project Objectives:
Increase consistency
among all software
development
projects
Utilize processes that
will increase the
probability of project
success
Step 2: Identify Risks
Encourage input of perceived risk
Identify risk while there is time to take
action
Capture risk in readable format
Communicate risk to those who can
solve it
Goal: Prevent project surprises
Risk Identification: examples
Inadequate
Management
Commitment
Ambiguous
requirements
Inadequate user
involvement
New Technology
Undefined or
ambiguous Scope
Insufficient or
inappropriate staffing
Inadequate tools or
technology
Large and dispersed
project team
Identifying Risks
 Various publications  Consider three
and organizations
perspectives:
have developed
– Project Management
and staffing
generic risk categories
and generic checklists. – Technical
 Checklists help assure – Quality of Product
aren’t overlooking
something
Project Management Perspective:
Tactical Considerations
Budget
Schedule &
Resource availability Estimating risks
and expertise
Vendor
Management
Adequacy of
Methodology /
Project
process
Communication
Project Size &
 Sponsorship and
Complexity
high-level support
Technical Perspective
 Data Conversion: (GIGO)
 System Interfaces
 Operations / Postimplementation Support
 New or unproven
Technology
 Implementation & rollout
 Infrastructure support
 Adequacy of Infrastructure
 Legacy Impacts / Support
Quality Risks
 How well will
product meet
expectations?
– Ease of Use
– Data Integrity
– Understand impact
to users
 Defects in
production
Techniques to Identify Risk
Checklists: Several Checklists are
available as reminders of possible risk
areas to consider
Interviews: Group or individual
Working Group / Workshop
Periodic meetings: Dialogue of risk
information
Surveys: Selected categories of people
identify risks quickly
Statement of Risk
May need to “Drill Down” to determine
the real risk to the project:
– Asking Why?
– Why is this situation a risk to the project?
– What is the worst case scenario if the risk
is realized?
– Some less than ideal circumstances may
not be true risks
Discussion
 Case Study: Enhancing
and enforcing the
Software Development
Life Cycle
 What are some of the
risks?
(be creative- pretend you
know this company)
Step 2: Risk Analysis
Quantify two factors:
– Probability of a failure
– Impact of a failure
Risk Exposure (RE) = P x I
Examples:
– Tornado in Wisconsin (low probability, high impact)
– My son forgetting to take out garbage (High
probability, low impact)
– Others: What risk(s) have you taken today??
Quantifying Risk
Early in Project
 More difficult to be
precise
 Establish risk ‘order
of magnitude’
 Continue to revisit
as part of risk
management
process
Quantifying Risk: Tools and
Techniques
Decision tree
– Identify possible outcomes: associated
likelihood and impact
Identify expected monetary value:
– (probability %) x (Risk event value)
Simulation:
– Prototype ‘what if’ scenarios
Expert Judgement (Use a ‘judgement’
based scale)
Quantifying Risk
Define scale you will be
using for Probability and
Impact
Try to define scale to
correspond to key
objectives and
constraints
Look at example
Checklist
See GC’s Risk Checklist
Work in Process
Based on Lessons Learned & Industry
standard risks
Tool for PMs
Includes a risk ‘scale’ for probability and
impact
Weighted factors for size & complexity
Discussion: Case Study Risks
 What is probability
of each risk
occurring?
 What is impact if the
risk is realized?
Step 4: Plan for Risk
 Develop Risk
Management Plan
 For each Risk
– Determine Time
Frame for action
– Define Mitigation
Strategy
Plan for Risk: Risk Management
Plan
Define the Process for
tracking and monitoring
risk
Roles &
Responsibilities
What and how risk
information will be
tracked
Establish Mitigation
Possible Mitigation Strategies
Acceptance: Consciously choose to live
with the risk consequences
Avoidance: Eliminate the risk.
Protection: Backup / contingency plan,
i.e. Redundant system.
Reduction: Reduce either the
probability or impact of the risk.
More Mitigation Strategies
Research: Need more information - i.e.
market research; prototypes
Risk Reserves: Leave a contingency or margin for error.
Transfer: Shift risk to another
organization, person or group (retain
responsibility)
Document Known Risks
Description of risk
Date identified
Who identified
Category
Status
Risk Owner
Who is assigned
Mitigation strategy
Action Plan
Time Frame to act
RE: Probability &
Impact
Other Measures:
– Quantitative
threshold
– Leading indicators
– Risk Leverage
Discussion
 Discuss possible
mitigation strategies
for case study risks
Step 5: Control Risk - On-going
Periodic monitoring and reporting of risk
data
– Visibility and accountability regarding risk
status
– Reports from risk repository
Periodic meetings / updates regarding
risk status
Periodic re-assessment of risk exposure
Update Risk data and project plan
Summary
Why Risk Management is Important
Steps of a Risk Management Process
– Identify Project Goals & Objectives
– Identify Risk
– Analyze Risk
– Plan for Risk
– Control Risk
Thank you
Bibliography
 Project Management Institute: Project Management Body of
Knowledge
 Keil, Mark; Cule, Paul; Lytinen, Kalle; Schmidt, Roy: A
Framework for identifying software project risks:
Communications of the ACM, November 1998
 Hall, Elaine. Managing Risk. Methods for software systems
development. Reading, MA: Addison-Wesley Publishing,
1998.
 Jones, Capers. Assessment and Control of Software Risks,
1994.
 Mulcahy, Rita, Managing and Estimating Project Risks,
September, 1999.