IT Project Management

Lecture 4: Risk Management

George Kinyata (MSc, BSc, Dipl)

Lecturer (Computer Science/IT)

Email: gkinyata@yahoo.co.uk
1

Learning Objectives
❑To explain the concept of risk
❑To identify some of the risks associated
with IS projects
❑To describe the risk management process
❑To suggest ways of dealing with risk

G.KINYATA@SMMUCo 1
 What is Risk?
❑The degree of uncertainty associated with
an event, activity or a decision.
❑A problem that could cause a loss or
threaten the success of the project
❑Taking a chance on something, knowing
that it may go wrong

Taking a Risk
❑There are different degrees of risk
associated with most activities e.g.
◼ If I go for a job interview, I may not get the
job
◼ If I sit for the exam, I may not pass it
◼ If I don’t hand in my assignment on time, I
will lose marks
◼ If I book a holiday in Spain, I may not like it

G.KINYATA@SMMUCo 2
 5

What is Risk management

❑Risk management is the process of identifying,
addressing and eliminating potential problems
before they can damage the project
❑These potential problems might have adverse
impact on the cost, quality, team moral or
technical success of the project
❑Therefore risk management should deal with
concerns or potential problems before they lead
to a crisis or conspire to throw the project off
track
6

G.KINYATA@SMMUCo 3
 Risk management plan
Risk management plan, is the process of producing a
plan for dealing with each significant risk that might
arise

Risk Identification
❑Take for example; the holiday in Spain
may go wrong because:
◼ The travel company becomes bankrupt
◼ The hotel is a shambles
◼ I will be broke by the time I go
◼ I may have all my money stolen
◼ My wife/husband gets sick
◼ I don’t like Spain, its too hot

G.KINYATA@SMMUCo 4
 Risk Assessment(RA)
❑RA is the process of examining a project
and identifying areas of potential risks
❑Note that some risks have a greater
probability of materialising than others
❑Likewise some risks have a greater impact
than others
❑Therefore some risks must be acted on
sooner than others

Methods of Risk Assessment

❑Seek expert assistance
❑Use statistical analysis
❑Use computer tools
❑Apply soft systems analysis
❑Use past experience

10

G.KINYATA@SMMUCo 5
 Dealing with Risk;
E.g. Book for a Holiday in Spain!
Identified risks
▪Travel company goes
bankrupt
▪Hotel is a shambles
▪I will be broke
▪Have money stolen
▪Won’t like Spain
How to mitigate the risk.
▪ Before booking check the
reliability of the company,
also take out insurance
▪ See whether you can change
hotels, talk to friends etc
▪ Put money aside each week
▪ Take out insurance cover
▪ Talk to friends who have been
to Spain, watch holiday
programmes etc 11

Dealing with Risks;

The Risk Register
Risk Probability Impact/Loss Exposure Risk
Indentified (0 to 10) (1 to 10) Mitigation
Travel 2 10 20 Check the
company goes reliability of
bankrupt the company
Take out
insurance
cover
Poor hotel 5 5 25 Change hotel
I will be broke 7 9 63 Save money

12

G.KINYATA@SMMUCo 6
 Risk Analysis
❑Risk analysis involves examining the impact or
loss and how the risk input variables might
change the project outcomes.
❑When analysing the Risk, one needs to prioritize
the risk i.e. focus on the most severe risks by
assessing the risk exposure.
❑Exposure is the probability multiplied by the
expected loss or impact due to the risk arising
❑Keep the high exposure risks at the top of your
priority list
13

Risk Analysis
❑Use prioritisation mechanism to learn more
where to focus your risk control energy
❑Set goals for determining when each risk has
been satisfactorily controlled
❑Some mitigation strategies might be used to
focus on reducing the probability of the risk or
reducing the loss in case the risk occurs
❑Risk avoidance, i.e. avoid the risk by not
undertaking certain projects or by only relying
on proven rather than untried cutting edge
technology. 14

G.KINYATA@SMMUCo 7
 Risk Management is Ongoing
❑Risk management should be a continuous
process because;
◼ Some risks materialise
◼ Some risks disappear or cause fewer problems than
expected
◼ New risks emerge in the course of the project
❑This requires;
❑ Risk monitoring, tracking progress of resolving each
risk item
❑ Risk control, the process of managing risks to achieve
the desired outcomes
15

Why are IT/IS Projects Risky

❑ They often involve high levels of innovation
❑ They are more complex and resource-intensive
❑ More companies are outsourcing and involving third
parties in project development
❑ Poor analysis of the business environment
❑ The contract is ill-defined or proper agreement between
the parties has not been secured, leading to
misunderstandings
❑ The type of contract agreed is inappropriate

16

G.KINYATA@SMMUCo 8
 Why are IT/IS Projects Risky
❑ Users may not be committed to the project or are
unavailable
❑ Users may dislike new technology and thus resist
changing old ways of working
❑ User acceptance criteria may be vague, thus leading
to disappointment and dissatisfaction
❑ Project’s technical requirements may exceed the
ability of the developers

17

Why are IT/IS Projects Risky

❑ Project too ambitious thus difficult to meet deadline
❑ The company or the developer may run out of
resources needed to complete the project
❑ Key staff leave, go sick or do not perform as expected
❑ Technology being used to develop the system may be
new and unproven
❑ Supplier may go bankrupt.

18

G.KINYATA@SMMUCo 9
 Examples of Risks in IS Projects
Identified risks How to mitigate the risk.

❑ Business case is weak, ❑ Ensure there is a pre-

contract is ill-defined project review
procedure
❑ Users not committed to ❑ Get users involved at an
the project, dislike IT, early stage, provide
engage in sabotage training
❑ Developers lack ❑ Undertake skills audit,
necessary technical provide training, hire
skills contractors

19

Examples of Risks in IS Projects

❑ Can’t meet deadlines ❑ Monitor Gantt Chart,

reschedule activities,
extend deadlines
❑ monitor budget, divert
❑ Running out of other resources to
resources project, use reserve
funds, ask for more
resources
❑ Check credentials,
❑ Supplier goes bankrupt don’t rely on one
supplier, spread risk

20

G.KINYATA@SMMUCo 10
 How to deal with risks in Large-
Scale Projects

❑Appoint a Risk Manager who will identify,

assess and monitor the risks
❑Use computer-based tools to identify risks ,
simulate their impact and carry out “what if”
scenarios
❑Risks should be continuously monitored
❑Contingency plans should be implemented to
reduce the impact of risks

21

Summary
❑All projects carry a degree of risk
❑To simply identify the risks facing the project is
not enough!!
❑We need to write them down in a way that lets
us communicate the nature and status of the risk
(i.e. Its vital to have a Risk mgt plan)
❑Use computer/software tools to identify risks and
ascertain their impact
❑Always have a contingency plan to deal with
identified (and unexpected) risks
22

G.KINYATA@SMMUCo 11
 Announcement
Read the recommended hand out, this will
further improve your understanding about
the issues covered in today’s lecture
On an individual basis, begin to assess the
risks within your final Year project
Devise a risk register for your project
(avoid copy and paste)

23

G.KINYATA@SMMUCo 12