Professional Documents
Culture Documents
Risk Management in Projects
Risk Management in Projects
Risk Management in Projects
Introduction
- A risk is an uncertain event that has a positive or negative effect on at least one project objective.
- All risks have causes.
- All risks have uncertainty associated with them and all risks have an impact associated with them.
The impacts can affect the project baselines of cost, schedule, and scope.
- The risk may also affect activities in multiple areas of the project as well as activities outside of
the project.
- Risks are justified by the benefits that come as a result of taking them
- In project risk there are many things that can go wrong in the course of the project. The potential
benefits should justify the risks that are taken.
- Risks can have a positive or negative effect. They can produce benefits for the project, or they
can produce loss for the project.
- Risks can be divided into known and unknown risks. Known risks are those risks that can be
identified. Unknown risks are those that cannot be identified
Managing risk
• There are various models of risk management
• They are generally similar and identify to main elements
– risk identification
– risk management
• A popular model is the Boehm Risk Engineering Model
Risk
Engineering
Risk identification
• Identification of hazards that may affect a project must be the first steps in a risk
assessment
• A hazard is an event that if it occurs may adversely affect the project
• The risk a hazard presents to a particular project must decided
• Checklist are often used to help in identifying hazards
• Knowledge based software is also available to help with the task of hazard identification
• Some hazards will be generic
Other hazards will be project specific
Various categories of factors will need to be considered
o Application factors
the nature of the application
e.g. simple data processing or safety critical system
the size of the system
o Staff factors
e.g. experience and appropriateness of experience
skills, turn-over rate, level of absenteeism
Project factors
o definition of the project
o project objectives
o team members understanding of the above
o project quality plan
Hardware / software factors
o the use of new untried hardware carries a higher risk than using existing hardware
o where a system is developed on one type of hardware or software platform for use
on another, then this will carry higher risks
Changeover factor
o An instant change over carries greater risks than an incremental change over
o Parallel running is desirable but has cost implications
Supplier factors
o can be difficult to control suppliers
e.g. installation of phone lines, delivery of equipment
Environmental and social factors
o generally outside the control of the project
e.g. changes in legislation
e.g. public opinion
Health and safety factors
o not generally a major issue for software project when compared to other
engineering projects
o still need to be covered to ensure compliance with statutory obligation
Risk analysis
• Once identified risks should be assessed for their possible affect on the project
• the level of importance of a risk must also be established this is often done by assessing
the risk value
• The importance of a risk is known as the risk value or the the risk exposure
• risk exposure = risk likelihood x risk impact
• risk likelihood is the probability of hazard occurring
• risk impact is the effect the resulting problem will have on the project
• Risk impact is estimated in monetary terms
• Risk likelihood is assessed as a probability
• Risk exposure therefore is an expected cost, in a similar manner to a cost-benefit analysis
• Ranking schemes can be used to assess impact and likelihood
• Impact scores should take account of
• the cost of delay to scheduled dates for deliverables
• cost overruns caused by using additional or more expensive resources
• the costs incurred or implicit in any compromise to the system’s quality or functionality
• Managing risk involves the use of two strategies
- reducing the risk exposure by reducing likelihood and impact
- drawing up contingency plans to deal with the risk should it occur
• All attempts to reduce risk exposure will have a cost
• Risk reduction work should be prioritised to obtain best value
• Factor other than risk exposure that should be taken account of when prioritising risk
management
- confidence of risk assessment
- compound risks
- the number of risks
- cost of action
Reducing risks:
• There are five broad categories for risk reduction
- hazard prevention
- likelihood reduction
- risk reduction
- risk transfer
- contingency planning
Risk management:
• Risk Planning
- preparing contingency plans
- large project will use a risk manager to do this
• Risk Control
- minimising the affect caused by the problems occurring
• Risk monitoring
- ongoing assessment of the importance and relevance of particular risks
Risk directing and staffing
- the day-on-day management of risk
- risk aversion and problem solving