Project Risk Management

Learning Objectives
 Understand what risk is and the importance of good
project risk management
 Discuss the elements involved in risk management
planning and List common sources of risks on information
technology projects
 Describe the risk identification and analysis process and
tools and techniques to help identify project risks
 Discuss what is involved in change and risk monitoring
and control
The Importance of Project Risk Management

 Project risk management is the art and science of

identifying, assessing, and responding to risk throughout
the life of a project and in the best interests of meeting
project objectives
 Risk management is often overlooked on projects, but it
can help improve project success by helping select good
projects, determining project scope, and developing
realistic estimates
 A number of studies show how risk management is
neglected, especially on IT projects
What is Risk?
 A dictionary definition of risk is “the possibility of
loss or injury”
 Project risk involves understanding potential
problems that might occur on the project and how
they might impede project success
 Risk management is like a form of insurance; it is
an investment
Major Process of Risk Management?
The goal of project risk management is to minimize potential risks while
maximizing potential opportunities. Major processes include
 Risk management planning: deciding how to approach and plan the
risk management activities for the project
 Risk identification: determining which risks are likely to affect a
project and documenting their characteristics
 Qualitative risk analysis: characterizing and analyzing risks and
prioritizing their effects on project objectives
 Quantitative risk analysis: measuring the probability and
consequences of risks
 Risk response planning: taking steps to enhance opportunities and
reduce threats to meeting project objectives
 Risk monitoring and control: monitoring known risks, identifying new
risks, reducing risks, and evaluating the effectiveness of risk
reduction
Risk Management Planning

 The main output of risk management planning is a

risk management plan
 The project team should review project documents
and understand the organization’s and the sponsor’s
approach to risk
 The level of detail will vary with the needs of the
project
Contingency and Fallback
Plans, Contingency Reserves
 Contingency plans are predefined actions that the
project team will take if an identified risk event
occurs
 Fallback plans are developed for risks that have a
high impact on meeting project objectives
 Contingency reserves or allowances are provisions
held by the project sponsor that can be used to
mitigate cost or schedule risk if changes in scope or
quality occur
Common Sources of Risk on Information
Technology Projects
 Several studies show that IT projects share some
common sources of risk
 The Standish Group developed an IT success
potential scoring sheet based on potential risks
 McFarlan developed a risk questionnaire to help
assess risk
 Other broad categories of risk help identify
potential risks
Information Technology Success
Potential Scoring Sheet
Success Criterion Points
User Involvement 19
Executive Management support 16
Clear Statement of Requirements 15
Proper Planning 11
Realistic Expectations 10
Smaller Project Milestones 9
Competent Staff 8
Ownership 6
Clear Visions and Objectives 3
Hard-Working, Focused Staff 3
Total 100
McFarlan’s Risk Questionnaire
1. What is the project estimate in calendar (elapsed) time?
( ) 12 months or less Low = 1 point
( ) 13 months to 24 months Medium = 2 points
( ) Over 24 months High = 3 points
2. What is the estimated number of person days for the system?
( ) 12 to 375 Low = 1 point
( ) 375 to 1875 Medium = 2 points
( ) 1875 to 3750 Medium = 3 points
( ) Over 3750 High = 4 points
3. Number of departments involved (excluding IT)
( ) One Low = 1 point
( ) Two Medium = 2 points
( ) Three or more High = 3 points
4. Is additional hardware required for the project?
( ) None Low = 0 points
( ) Central processor type change Low = 1 point
( ) Peripheral/storage device changes Low = 1
( ) Terminals Med = 2
( ) Change of platform, for example High = 3
PCs replacing mainframes
Other Categories of Risk
 Market risk: Will the new product be useful to the
organization or marketable to others? Will users accept
and use the product or service?
 Financial risk: Can the organization afford to undertake
the project? Is this project the best way to use the
company’s financial resources?
 Technology risk: Is the project technically feasible?
Could the technology be obsolete before a useful
product can be produced?
Risk Identification

 Risk identification is the process of understanding what

potential unsatisfactory outcomes are associated with a
particular project
 Several risk identification tools and techniques include
 Brainstorming
 Interviewing
 SWOT analysis
Potential Risk Conditions Associated with Each Knowledge Area
Knowledge Area Risk Conditions
Integration Inadequate planning; poor resource allocation; poor integration
management; lack of post-project review
Scope Poor definition of scope or work packages; incomplete definition
of quality requirements; inadequate scope control
Time Errors in estimating time or resource availability; poor allocation
and management of float; early release of competitive products
Cost Estimating errors; inadequate productivity, cost, change, or
contingency control; poor maintenance, security, purchasing, etc.
Quality Poor attitude toward quality; substandard
design/materials/workmanship; inadequate quality assurance
program
Human Resources Poor conflict management; poor project organization and
definition of responsibilities; absence of leadership
Communications Carelessness in planning or communicating; lack of consultation
with key stakeholders
Risk Ignoring risk; unclear assignment of risk; poor insurance
management
Procurement Unenforceable conditions or contract clauses; adversarial relations
 Qualitative Risk Analysis
 Assess the likelihood and impact of identified risks to
determine their magnitude and priority
 Risk quantification tools and techniques include
 Probability/Impact matrixes
 The Top 10 Risk Item Tracking technique
 Expert judgment
Sample Probability/Impact Matrix
Top 10 Risk Item Tracking
 Top 10 Risk Item Tracking is a tool for maintaining
an awareness of risk throughout the life of a
project
 Establish a periodic review of the top 10 project
risk items
 List the current ranking, previous ranking, number
of times the risk appears on the list over a period
of time, and a summary of progress made in
resolving the risk item
Example of Top 10 Risk Item Tracking
Monthly Ranking
Risk Item This Last Number Risk Resolution
of Months Progress
Month Month
Inadequate 1 2 4 Working on revising the
planning entire project plan
Poor definition 2 3 3 Holding meetings with
of scope project customer and
sponsor to clarify scope
Absence of 3 1 2 Just assigned a new
leadership project manager to lead
the project after old one
quit
Poor cost 4 4 3 Revising cost estimates
estimates
Poor time 5 5 3 Revising schedule
estimates estimates
Expert Judgment

 Many organizations rely on the intuitive feelings

and past experience of experts to help identify
potential project risks
 Experts can categorize risks as high, medium, or
low with or without more sophisticated techniques
Quantitative Risk Analysis
 Often follows qualitative risk analysis, but both
can be done together or separately
 Large, complex projects involving leading edge
technologies often require extensive quantitative
risk analysis
 Main techniques include
 decision tree analysis
 Simulation
 Read on these
Risk Response Planning
 After identifying and quantifying risks, you must decide
how to respond to them
 Four main strategies:
 Risk avoidance: eliminating a specific threat or risk, usually by
eliminating its causes
 Risk acceptance: accepting the consequences should a risk
occur
 Risk transference: shifting the consequence of a risk and
responsibility for its management to a third party
 Risk mitigation: reducing the impact of a risk event by
reducing the probability of its occurrence
General Risk Mitigation Strategies
for Technical, Cost, and Schedule
Risks
Risk Monitoring and Control
 Monitoring risks involves knowing their status
 Controlling risks involves carrying out the risk
management plans as risks occur
 Workarounds are unplanned responses to risk
events that must be done when there are no
contingency plans
 The main outputs of risk monitoring and control
are corrective action, project change requests,
and updates to other plans.
Risk Response Control
 Risk response control involves executing the risk
management processes and the risk management
plan to respond to risk events
 Risks must be monitored based on defined
milestones and decisions made regarding risks
and mitigation strategies
 Sometimes workarounds or unplanned responses
to risk events are needed when there are no
contingency plans
Using Software to Assist in
Project Risk Management
 Databases can keep track of risks. Many IT
departments have issue tracking databases
 Spreadsheets can aid in tracking and quantifying
risks
 More sophisticated risk management software,
such as Monte Carlo simulation tools, help in
analyzing project risks
Results of Good Project Risk
Management
 Unlike crisis management, good project risk
management often goes unnoticed
 Well-run projects appear to be almost effortless,
but a lot of work goes into running a project well
 Project managers should strive to make their
jobs look easy to reflect the results of well-run
projects
Project Quality Management
Objectives
 Define quality and how it relates to various aspects of
information technology projects
 Describe what is involved in quality planning, quality
assurance, and quality control on projects
 Explain quality control tools and techniques such as
Pareto charts, statistical sampling, quality control
charts..
 Describe key issues related to improving quality in
information technology projects

27
What Is Quality?
 The International Organization for Standardization
(ISO) defines quality as the totality of characteristics
of an entity that bear on its ability to satisfy stated or
implied needs
 Other experts define quality based on
 Conformance to requirements: meeting written
specifications
 Fitness for use: ensuring a product can be used as it
was intended
Cont..
 Quality from different perspectives
 End User
 Owner/ manager
 Solution Provider
Quality Management?
 Quality concepts that are critical to the
achievement of quality in projects and project
management.
 Maximizing the satisfaction of customers’ and stakeholders’
needs is paramount
 All work is carried out as a set of planned and interlinked
process
 Quality must be built into both products & processes
 Management is responsible for creating a climate for
quality
 Management is responsible for continuous improvement

30
Project Quality Management
Processes
 Quality planning: identifying which quality
standards are relevant to the project and how to
satisfy them
 Quality assurance: evaluating overall project
performance to ensure the project will satisfy the
relevant quality standards
 Quality control: monitoring specific project
results to ensure that they comply with the
relevant quality standards while identifying ways
to improve overall quality
Quality Planning
 It is important to design in quality and
communicate important factors that directly
contribute to meeting the customer’s
requirements
 Design of experiments helps identify which
variables have the most influence on the overall
outcome of a process
 Many scope aspects of IT projects affect quality
like functionality, features, system outputs,
performance, reliability, and maintainability
Quality Assurance
 Quality assurance includes all the activities related
to satisfying the relevant quality standards for a
project
 Another goal of quality assurance is continuous
quality improvement
 Benchmarking can be used to generate ideas for
quality improvements
 Quality audits help identify lessons learned that
can improve performance on current or future
projects
Quality Control
 Is checking the project out put for its
quality.
 The main outputs of quality control are
 acceptance decisions
 rework
 process adjustments
Cont…
 Some tools and techniques include
 Pareto analysis
 statistical sampling (to work on sample
area)
 quality control charts (to represent in
charts )
Pareto Analysis
 Pareto analysis involves identifying the vital few contributors
that account for the most quality problems in a system
 Also called the 80-20 rule, meaning that 80% of problems are
often due to 20% of the causes.
 Arranges the phenomena or values in order of frequency of
occurrence in order that the most prevalent can be quickly
identified
 Pareto diagrams are histograms that help identify and
prioritize problem areas

36
Sample Pareto Diagram

37
Testing/evaluation
 Many IT professionals think of testing as a stage
that comes near the end of IT product
development
 Testing should be done during almost every
phase of the IT product development life cycle
 As there are deliverables at the end of each
major tasks
Types of Tests- System development
 A unit test is done to test each individual component
(often a program) to ensure it is as defect free as
possible
 Integration testing occurs between unit and system
testing to test functionally grouped components
 System testing tests the entire system as one entity
 User acceptance testing is an independent test
performed by the end user prior to accepting the
delivered system
 Also requirement, designs, and UIs should be tested at
their appropriate time.
 This applies to all types of IT projects – test early, often
and in levels
Modern Quality Management
 Modern quality management
 requires customer satisfaction
 prefers prevention to inspection
 recognizes management responsibility for
quality
 Noteworthy quality experts include Deming,
Juran, Crosby, Ishikawa, Taguchi, and
Feigenbaum
Quality Experts
 Deming was famous for his work in rebuilding
Japan and his 14 points regarding quality (read)
 Juran wrote the Quality Control Handbook and 10
steps to quality improvement
 Crosby wrote Quality is Free and suggested that
organizations strive for zero defects
 Ishikawa developed the concept of quality circles
and pioneered the use of Fishbone diagrams
 Taguchi developed methods for optimizing the
process of engineering experimentation
 Feigenbaum developed the concept of total quality
control
Sample Fishbone or Ishikawa Diagram
Improving Information
Technology Project Quality
 Several suggestions for improving quality for IT
projects include
 Leadership that promotes quality
 Understanding the cost of quality
 Focusing on organizational influences and workplace
factors that affect quality
 Following maturity models to improve quality
Leadership
 “It is most important that top management be
quality-minded. In the absence of sincere
manifestation of interest at the top, little will
happen below.” (Juran, 1945)
 A large percentage of quality problems are
associated with management, not technical issues
The Cost of Quality
 The cost of quality is
 the cost of conformance or delivering products
that meet requirements and fitness for use
 the cost of nonconformance or taking
responsibility for failures or not meeting
quality expectations
 Costs Per Hour of Downtime
Caused by Software Defects
Business Cost per Hour Downtime
Automated teller machines (medium-sized bank) $14,500
Package shipping service $28,250
Telephone ticket sales $69,000
Catalog sales center $90,000
Airline reservation center (small airline) $89,500
 Five Cost Categories Related to
Quality
 Prevention cost: the cost of planning and executing a
project so it is error-free or within an acceptable error
range
 Appraisal cost: the cost of evaluating processes and their
outputs to ensure quality
 Internal failure cost: cost incurred to correct an identified
defect before the customer receives the product
 External failure cost: cost that relates to all errors not
detected and corrected before delivery to the customer
 Measurement and test equipment costs: capital cost of
equipment used to perform prevention and appraisal
activities
Using Software to Assist in
Project Quality Management
 Spreadsheet and charting software helps create
Pareto diagrams, Fishbone diagrams, etc.
 Statistical software packages help perform
statistical analysis
 Project management software helps create Gantt
charts and other tools to help plan and track work
related to quality management