Professional Documents
Culture Documents
Information Technology Project Management - Third Edition: by Jack T. Marchewka Northern Illinois University
Information Technology Project Management - Third Edition: by Jack T. Marchewka Northern Illinois University
Copyright 2009 John Wiley & Sons, Inc. all rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the
1976 United States Copyright Act without the express permission of the copyright owner is unlawful. Request for further information should be
addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for
distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages caused by the use of these programs or from the
use of the information contained herein.
Managing Project Risk
Chapter 8
Learning Objectives
Describe the project risk management planning framework
introduced in this chapter.
Define risk identification and the causes, effects, and integrative
nature of project risks.
Apply several qualitative and quantitative analysis techniques
that can be used to prioritize and analyze various project risks.
Describe the various risk strategies, such as insurance,
avoidance, or mitigation.
Describe risk monitoring and control.
Describe risk evaluation in terms of how the entire risk
management process should be evaluated in order to learn
from experience and to identify best practices.
PMBOK® Risk Management Processes
Risk management planning
Determining how to approach and plan the project risk management activities. An output of this
process is the development of a risk management plan.
Risk identification
Deciding which risks can impact the project. Risk identification generally includes many of the project
stakeholders and requires an understanding of the project’s goal, as well as the project’s scope, schedule,
budget, and quality objectives.
Qualitative risk analysis
Focusing on a qualitative analysis concerning the impact and likelihood of the risks that were identified.
Quantitative risk analysis
Using a quantitative approach for developing a probabilistic model for understanding and responding to
the risks identified.
Risk response planning
Developing procedures and techniques to reduce the threats of risks, while enhancing the likelihood of
opportunities.
Risk monitoring and control
Providing an early warning system to monitor identified risks and any new risks. This system ensures
that risk responses have been implemented as planned and had the effect as intended.
Common Mistakes in Managing Project Risk
Not understanding the benefits of risk management
Not providing adequate time for risk management
Not identifying and assessing risk using a standardized
approach
Effective & Successful Risk
Management Requires
Commitment by all stakeholders
Stakeholder responsibility
Different risks for different types of projects
Definitions
Risk
An uncertain event or condition that, if occurs, has a positive
or negative effect on the project objectives.
Project Risk Management (PMBOK®)
Includes the processes concerned with conducting risk
management planning, identification, analysis, responses, and
monitoring and control of a project; most of these processes
are updated throughout the project. The objectives of project
risk management are to increase the probability and impact of
positive events and decrease the probability and impact of
events adverse to the project.
IT Project Risk Management Processes
Risk Planning
Requires firm commitment by all stakeholders to a RM
approach
Assures adequate resources are in place
Focuses on preparation
Risk Identification
Framework
IT Project Risk Identification Framework
Risk Identification Tools & Techniques
Learning Cycles
Brainstorming
Nominal Group Technique
Delphi Technique
Interviews
Checklists
SWOT Analysis
Cause & Effect (a.k.a. Fishbone/Ishikawa)
Past Projects
Nominal Group Technique (NGT)
A B A*B
Prob *
100% $88
Decision Tree Analysis
Risk Impact Table
0 - 100% 0-10 P*I
Where:
a = optimistic estimate
m = most likely
b = pessimistic
PERT Distribution
Triangular Distribution
Simulations
Monte Carlo
Technique that randomly generates specific values for a
variable with a specific probability distribution
Goes through a number of trials or iterations and records the
outcome
@RISK®
An MS Project® add in that provides a useful tool for conducting risk
analysis of your project plan
http://www.palisade.com/riskproject/default.asp
Monte Carlo Simulation
Output From Monte Carlo Simulation
Cumulative Probability Distribution
Sensitivity Analysis Using a Tornado Graph
Tornado
Graph
Risk Strategies
Accept or Ignore
Management Reserves
Released by senior management
Contingency Reserves
Part of project’s budget
Contingency Plans
Avoidance
Mitigate
Reduce the likelihood or impact (or both)
Transfer
E.g. insurance
Risk Strategies Depend On
The nature of the risk
Really an opportunity or threat?
Impact on MOV and project objectives
Probability? Impact?
Project constraints
Available resources?
Risk tolerances or preferences of the project
stakeholders
Risk Monitoring & Control
Risk Audits
External to project team
Risk Reviews
Internal
Risk Status Meetings & Reports
Risk Response Plan should include:
A trigger which flags that the risk has occurred
An owner of the risk (i.e., the person or group responsible
for monitoring the risk and ensuring that the appropriate
risk response is carried out)
A response based on one of the four basic risk strategies
Adequate resources
Project Risk Radar
Monitoring project
risks is analogous
to a radar scope
where threat and
opportunities may
present themselves
at different times over
the project
Risk Evaluation
Lessons learned and best practices help us to:
Increase our understanding of IT project risk in general.
Understand what information was available to managing
risks and for making risk-related decisions.
Understand how and why a particular decision was made.
Understand the implications not only of the risks, but also
the decisions that were made.
Learn from our experience so that others may not have to
repeat our mistakes.