Professional Documents
Culture Documents
Risk Management
Risk Management
Email: gkinyata@yahoo.co.uk
1
Learning Objectives
❑To explain the concept of risk
❑To identify some of the risks associated
with IS projects
❑To describe the risk management process
❑To suggest ways of dealing with risk
G.KINYATA@SMMUCo 1
What is Risk?
❑The degree of uncertainty associated with
an event, activity or a decision.
❑A problem that could cause a loss or
threaten the success of the project
❑Taking a chance on something, knowing
that it may go wrong
Taking a Risk
❑There are different degrees of risk
associated with most activities e.g.
◼ If I go for a job interview, I may not get the
job
◼ If I sit for the exam, I may not pass it
◼ If I don’t hand in my assignment on time, I
will lose marks
◼ If I book a holiday in Spain, I may not like it
G.KINYATA@SMMUCo 2
5
G.KINYATA@SMMUCo 3
Risk management plan
Risk management plan, is the process of producing a
plan for dealing with each significant risk that might
arise
Risk Identification
❑Take for example; the holiday in Spain
may go wrong because:
◼ The travel company becomes bankrupt
◼ The hotel is a shambles
◼ I will be broke by the time I go
◼ I may have all my money stolen
◼ My wife/husband gets sick
◼ I don’t like Spain, its too hot
G.KINYATA@SMMUCo 4
Risk Assessment(RA)
❑RA is the process of examining a project
and identifying areas of potential risks
❑Note that some risks have a greater
probability of materialising than others
❑Likewise some risks have a greater impact
than others
❑Therefore some risks must be acted on
sooner than others
10
G.KINYATA@SMMUCo 5
Dealing with Risk;
E.g. Book for a Holiday in Spain!
Identified risks How to mitigate the risk.
▪Travel company goes ▪ Before booking check the
bankrupt reliability of the company,
also take out insurance
▪Hotel is a shambles ▪ See whether you can change
hotels, talk to friends etc
▪I will be broke ▪ Put money aside each week
▪Have money stolen ▪ Take out insurance cover
▪Won’t like Spain ▪ Talk to friends who have been
to Spain, watch holiday
programmes etc 11
12
G.KINYATA@SMMUCo 6
Risk Analysis
❑Risk analysis involves examining the impact or
loss and how the risk input variables might
change the project outcomes.
❑When analysing the Risk, one needs to prioritize
the risk i.e. focus on the most severe risks by
assessing the risk exposure.
❑Exposure is the probability multiplied by the
expected loss or impact due to the risk arising
❑Keep the high exposure risks at the top of your
priority list
13
Risk Analysis
❑Use prioritisation mechanism to learn more
where to focus your risk control energy
❑Set goals for determining when each risk has
been satisfactorily controlled
❑Some mitigation strategies might be used to
focus on reducing the probability of the risk or
reducing the loss in case the risk occurs
❑Risk avoidance, i.e. avoid the risk by not
undertaking certain projects or by only relying
on proven rather than untried cutting edge
technology. 14
G.KINYATA@SMMUCo 7
Risk Management is Ongoing
❑Risk management should be a continuous
process because;
◼ Some risks materialise
◼ Some risks disappear or cause fewer problems than
expected
◼ New risks emerge in the course of the project
❑This requires;
❑ Risk monitoring, tracking progress of resolving each
risk item
❑ Risk control, the process of managing risks to achieve
the desired outcomes
15
16
G.KINYATA@SMMUCo 8
Why are IT/IS Projects Risky
❑ Users may not be committed to the project or are
unavailable
❑ Users may dislike new technology and thus resist
changing old ways of working
❑ User acceptance criteria may be vague, thus leading
to disappointment and dissatisfaction
❑ Project’s technical requirements may exceed the
ability of the developers
17
18
G.KINYATA@SMMUCo 9
Examples of Risks in IS Projects
Identified risks How to mitigate the risk.
19
20
G.KINYATA@SMMUCo 10
How to deal with risks in Large-
Scale Projects
21
Summary
❑All projects carry a degree of risk
❑To simply identify the risks facing the project is
not enough!!
❑We need to write them down in a way that lets
us communicate the nature and status of the risk
(i.e. Its vital to have a Risk mgt plan)
❑Use computer/software tools to identify risks and
ascertain their impact
❑Always have a contingency plan to deal with
identified (and unexpected) risks
22
G.KINYATA@SMMUCo 11
Announcement
Read the recommended hand out, this will
further improve your understanding about
the issues covered in today’s lecture
On an individual basis, begin to assess the
risks within your final Year project
Devise a risk register for your project
(avoid copy and paste)
23
G.KINYATA@SMMUCo 12