9.

   Project Risk Planning

Project risk planning is the planning done in order to identify, analyze and respond to
risks in a timely manner to maintain the flow of the project and complete the project
successfully.

9.1.   Risk Management Plan

9.1.1.      Methodology

Technologically Enhanced Tabletops (TET) project is practically a technology-
dependent. Most of the risks arise from problems caused to glitches in technology. There is also
a greater risk of some other competitor implementing this idea in their restaurant before
Applebees does as this is not a patented technology. A four-step iterative methodology is used
for risk management:

1. Identify Risks
2. Assess Risks
3. Manage Risks
4. Feedback

1. Identify Risks:
The first step of risk management involves the identification of risks. A risk
management team is formed and held responsible for managing risks. Some of the
resources used to identify risks are documentations of similar projects and their
experiences, technical surveys and communication with vendors regarding probable
issues.
2. Assess Risks:
A detailed quantitative and qualitative analysis on identified risks are carried out
and prioritized to have a good understanding of the impact of each risks.
3. Manage Risks:
Depending upon the source, nature and impact of risks, a risk management plan is
created for each type of risk and executed by the risk management team.
4. Communication and Feedback:
After a risk has been addressed, the status of the risk is communicated with all the
stakeholders and project team to get approval and feedback. Once a risk has been
formally closed, it is documented for future use.

9.1.2.      Roles and Responsibilities

Role Responsibility Person Contact

Risk The Risk management manager is Bhargav Bonu bhargavbonu@bghkv.com

Management responsible for the entire risk
Manager management team and their (Project
activities. Some of the key Manager)
responsibilities include developing a
 risk management plan, conduct
frequent meetings, monitor the team
activities and take ownership of the
risk mitigation/contingency plan.

Risk Risk management lead is the key Heidi hmoesinger@bghkv.com

Management person acting directly under the risk Moesinger
Lead management manager. The lead
collects reports from the team (Strategy
members and interacts with the risk Consultant)
management manager.

Risk Team member 1 is assigned the Glenn Natali glenn.natali@bghkv.com

Management objectives of identifying risks,
Team Member quantitatively assessing the (Financial
1 identified risks and report to the risk Consultant)
management team lead.

Risk Team member 2 is assigned the Kate kanticha@bghkv.com

Management objective of qualitatively analyze Sukumalchitku
Team Member the risks and develop contingency l
2 plans. This person also reports to the
risk management lead. (Digital
Specialist)

Risk Team member 3 is assigned the Varun Kumar varunk@bghkv.com

Management objective of writing status reports of Pedapati
Team Member the risk resolution process and
3 submitting it to the Lead. (Systems
Engineer)

Risk Assist This team comprises of the entire Other Key stakeholders@bghkv.com
Team key stakeholders who assist the risk stakeholders
management team in determining
the contexts, impacts and priorities
of identified risks as well as in the
development of risk response plan.

9.1.3.      Budget and Schedule

The risk management plan involves carrying out a risk contingency/mitigation
plan. Certain amount of budget is necessary to execute risk response plans. Risk contingency
budget is defined as 10% of the total reserve allocated to our project. This budget is applicable
for the entire lifecycle of risk management activities starting from identification till documenting
the risk in risk register after closing.
 Schedule is developed from time to time based on the nature and impact of risks.
This risk response schedule is developed by the risk management lead once the risks have been
prioritized and a risk response plan has been approved by the stakeholders.

9.1.4.      Risk Categories

The following are the types of risk categories related to our TET project:
 External Risks:
This risk category comprises of risks which threaten the first-mover
advantage of Applebees in the Greater Boston area. As this technology is not
patented and not new in USA, any restaurant can start using the same technology
before Applebees does, thereby hindering Applebee’s motive of attracting more
customers with new technology.

Particular risks possible are:

 First mover advantage at risk
 Users might reject this technology
 Market share drop

 Technology Risks:
This risk category comprises of risks which arise from technological
issues. With technology, there are always glitches and as this project is heavily
dependent on technology, the probabilities of technology risks are very high.

Some of the risks possible are

 Software not working properly
 Irresponsive touchscreen
 Limited functionality
 Crashing of applications

 Security Risks:
This risk category comprises of risks which threaten the security aspect of
the tabletops and the payment feature.

Particular risks possible are

 Breach of customer credit card information
 Physical threat due to power or mechanical failure of tabletops

 Management Risks:
This risk category comprises of risks which arise from project
management, available resources and communication.

Particular risks possible are

 The technology and human resources required might not be readily
available.
 There may be miscommunication between project members and
stakeholders
  Inter-dependency risks of resources.
 Risk decisions pertaining to renting/purchasing tabletops and
purchasing tablets

9.1.5.      Risk Probabilities and Impact

For our project, we use a pre-determined set of risk values and definitions to assess risk
probabilities, their impacts and calculate total risks. It is defined in the following table:

Item Definition Risk Value

Probability The probability of occurrence 1 – Unlikely to Occur
of a risk 2 – May or May not occur
3 – Likely to Occur
Impact The impact of the risk on the 1 – Minimal Impact
objectives of the project if the 2 – Moderate impact
risk occurs. 3 – Significant impact
Total Risk The calculation of Probability 1 to 3 – Low
times impact 4 to 6 – Moderate
7 to 9 - High

9.1.6.     Risk Documentation

Once a risk has been identified, assessed and taken proper response action, the results of the
risks are documented in a risk register by the risk management team. The risk register contains the
risk id, description of the risk, the category to which the risk falls, the probability of the risk, the
impact the risk had on the project, total risk score given to that risk, the type of response strategy
chosen by the risk management, current status and owner of the risk. Periodically, this register is
used for documenting all types of risks and is accessible to the stakeholders of the project. Based on
the feedback of the stakeholders, additional steps needed to be taken to reduce the probability of such
risks are documented.

ID Rank Risk Description Category Root Triggers Potential Owner Probability Impact Risk Status
Cause Responses Response

3
9.2.   Risk Identification
Several project team meetings are held between the project members and stakeholders
and potential risks are identified based on discussions as well as previous project experiences.
They are listed below:

Risk ID Risk
R1 First-Mover risk
R2 User acceptance risk
R3 Software risk
R4 Touchscreen risk
R5 Limited functionality risk
R6 Credit card breach risk
R7 Mechanical failure risk
R8 Miscommunication risk
R9 Resource availability risk

9.2.1.      Risk Analysis

Once the probable risks are identified, the risk management lead assigns risk team member 1
for quantitative assessment and risk team member 2 for qualitative assessment of all the risks.

 Qualitative (Probability/Impact) risk analysis

Based on our definitions and values assigned for risk probabilities and their impact,
the risk management team charts a scoring table for each type of risk and finally a risk
probability/impact matrix is developed to qualitatively assess the severity of each type of risk

Risk ID Risk Probability Impact Total Risk

R1 First-Mover risk 3 3 9
R2 User acceptance risk 2 3 6
R3 Software Failure risk 2 2 4
R4 Touchscreen risk 2 3 6
R5 Limited functionality risk 1 1 1
R6 Credit card data breach risk 2 3 6
R7 Mechanical failure risk 1 2 2
R8 Miscommunication risk 1 2 2
R9 Resource availability risk 1 1 1
 Probability/Impact Matrix

High Low R1
P
R
O Medium
B
R2
A R3
R4
Medium High
B R6
I
L
I
R5 R7
T
Low R9 R8
Y

IMPACT

 Quantitative risk analysis

Most of the risks associated with our project are related to the functioning of
technology involved and qualitative analysis is sufficient for them. Some management risks
like deciding whether to go for purchasing the tabletops or tablets require quantitative
analysis.
Our risk management team has chosen decision trees and expected monetary value as
the primary method of quantitative risk analysis as this is a very common approach. The user
acceptance risk for tabletops or tablets is assessed using decision tree and EMV as below:

Probability (P) times Outcome = EMV

P=.70 . $191,200 = +$133,840
 Tabletops

P=.30
User
Acceptance

P=.30

P=.10
Tablets

P=.60

For the tabletops, stakeholders agreed to that there is a 70% probability for the users
to accept this technology and the outcome is $191,200. There is a 30% probability that users
might reject this technology and the outcome is -$57,360. For the tablets, there is a 30%
probability that it will lose -$55,500, 10% probability that it will lose -$18,500 and 60%
probability that it will profit $185,000. EMV is calculated by multiplying the probability by
outcome for each potential outcome for each type of project and summing up the results as
below:

EMV for Tabletops:

0.70($191,200) + 0.30(-$57,360) = +$133,840 - $17,208 = $116,632

EMV for Tablets:

0.30(-$55,500) + 0.10(-$18,500) + 0.60($185,000) = -$16,650 - $1,850 + $111,000 = $92,500

The EMV provides an estimate for the total dollar value of a decision. Therefore, the
better choice among tabletops and tablets is tabletops as their expected monetary value is high.

9.2.2.      A List of Prioritized Risks and Risk Response Plan

 Based on the probability/impact analysis and the quantitative analysis, ranks from
1 to 5 are assigned to the risks and prioritized. Rank 1 is the most important risk to be addressed
and the importance reduces through rank 5 being the least important risk.

Risk Risk Probability Impact Total Risk Rank

ID
R1 First-Mover risk 3 3 9 1
R2 User acceptance risk 2 3 6 2
R3 Software Failure risk 2 2 4 3
R4 Touchscreen risk 2 3 6 2
R5 Limited functionality risk 1 1 1 5
R6 Credit card breach risk 2 3 6 2
R7 Mechanical failure risk 1 2 2 4
R8 Miscommunication risk 1 2 2 4
R9 Resource availability risk 1 1 1 5

Summary Table

Ranking Name Potential Risks (Description) Category Owner

1 First-Mover Applebees may lose first mover External Project

2 Credit card data
breach
2 User acceptance
2 Touchscreen
3 Software Failure
4 Mechanical Failure
4 Miscommunication
5 Limited
advantage if another restaurants Manager
implements this technology
before applebees.
Security of POS transactions has Security Sponsor
not been clearly defined by the
vendor and there is a risk
associated with customer credit
card data breach.
The users might not be interested External Financial
in this technology and might not Consultant
choose applebees to dine.
Touch feature might not work Technology Systems
properly Engineer
Software operating the tabletops Technology Digital
might crash as it is not a standard Specialist
operating system.
Due to the nature of food and Technology Vendor
drinks placed over the tabletops,
there is a risk of mechanical
failure in power supply units as
well as the system.
Miscommunications might arise Managemen Strategy
due to non-involvement of all t Consultant
stakeholders in all the meetings.
The tabletop technology has Technology Systems
 Functionality limited functionality for now and Engineer
only a set of predefined features
are present. New user requests
might take more time to
implement and users might not be
happy about this.
5 Resource availability Not readily available resources Managemen Project
like networking equipment and t Manager
more resources might be a risk.

9.2.3.      Risk Response Plan

(1) First-Mover risk (Priority 1 Risk)
 Root Cause
o Technology being available to everyone (Not patented)
 Triggers
o When a rival restaurant discretely starts implementing the same technology
 Risk Response Plan
o Shorten the go-live plan by 15 days or 1 month depending upon the rival go-live date.
o Reduce the scope i.e. Instead of launching this technology at all four locations on the
same date, focus on completing the project in 1 location first to get that first-mover
advantage
o Enhance the technology by adding new features which the rival restaurant technology
does not offer.

(2) Credit Card breach risk (Priority 2 Risk)

 Root Cause
o Vendor supplied interactive tabletops with payment feature which are not fully
security-compliant.
 Triggers
o Hackers
o Over the air spyware worms
 Risk Response Plan
o Make the POS software completely compliant with all the security standards
o Add additional firewall to protect incoming and outgoing data

(2) User acceptance risk (Priority 2 Risk)

 Root Cause
o Some customers/users might not be interested in the new technology.
 Triggers
o Customers not knowing how to effectively use this technology.
o Negative feedback by customers
o Rival restaurant offering better featured technology
 Risk Response Plan
o Survey the customers and satisfy their requirements
o Provide proper and entertaining ways of educating and training them to use this
technology