Lecture 8 IS

LECTURE 8:
PROJECT
RISK
MANAGEMENT
Information Systems Department IS 350D: Project Management

Information Systems Department 2
OBJECTIVES
 Understand risk, and project risk management.
 Discuss the elements of planning risk management.
 Describe the process of identifying risks and create a risk

register.
 Explain qualitative risk analysis, and quantitative risk

analysis elements
 Discuss how to control risks

WHAT IS RISK?
RISK:
 A basic dictionary definition states that risk is
“the possibility of loss or injury.”
 This definition highlights the negativity often
associated with risk and points out that
uncertainty is involved

WHAT IS RISK?
Risk can be positive
Risk is an uncertainty
Positive effect Negative

(opportunities) effect (threats)

Project Risk Management
What is Risk?
Examples on Risk:
 Customer not agreeing on the price.
 Not finding a capable supplier.
 Delivery difficulties.

 Project Risk Management is a process in which the

project team continually assesses what risks may
negatively or positively affect the project, determines
the probability of such events occurring, and
determines the impact if such events occur.
 Project Risk Management also involves analyzing and

determining alternate strategies to deal with risks.

Importance of Risk Management
The objectives of Risk Management

are to
Identify Negative risks

before they
address become threats
minimize
maximizing Potential
positive risks

Activity
You opened a coffee shop in a small district,

then another coffee shop opened near your
coffee and provided the same type of
products you offered.
Arrange the following steps that you

should follow to avoid the risks

Activity
Arrange the following steps that you should

follow to avoid the risks?
Performing Identifying
Quantitative Risk
Risk Analysis
Planning
Performing Risk
Qualitative Response Planning Risk
Risk Analysis Management
Monitoring
and
Controlling
Risk
Project Risk Management Processes

No Process Name Description Output
1 Planning Risk Deciding how to approach Risk management plan

Management and plan the risk
I
management activities for
the project.
2 Identifying Risk Determining which risks are Risk register
likely to affect a project and
documenting the
characteristics of each.
3 Performing Prioritizing risks based on Project documents updates
Qualitative Risk their probability and impact
Analysis of occurrence.
4 Performing Numerically estimating the Project documents updates
I
Quantitative effects of risks on project
Risk Analysis objectives. Information Systems Department 12
No Process Name Description Output
5 Planning Risk Enhance opportunities and Project management plan updates,

Response reduce threats to meeting project documents updates
project objectives.
6 Monitoring Monitoring identified and Work performance information,
and residual risks, change requests,
Controlling identifying new risks, project management plan updates,
project documents updates,
Risk carrying out risk response
organizational process assets updates
plans,
and evaluating the
effectiveness of risk
strategies



A risk management plan: how risk management will be performed
Methodology
Revised stakeholders’ tolerances
Roles and responsibilities
Tracking
Budget and schedule
Risk documentation
Risk categories
Risk probability and impact

 A risk management plan summarizes how risk management

will be performed, and it should include:
Methodology
Roles and responsibilities
Budget and schedule
Risk categories
1. Planning Risk Management
Risk probability and impact
Revised stakeholders’ tolerances
Tracking
Risk documentation

What are needed to prepare risk management plan? (inputs)

mm
P
 Project documents and templates,
P
 Corporate risk management policies,
P
 Risk categories,
P
 Lessons learned reports from past projects,
P
 It is also important to review the risk tolerances of
various stakeholders.


2. Identifying Risks
 Identifying risks is the process of understanding what

potential events might hurt or enhance a particular
project
 By understanding common sources of risks and

reviewing a project’s planning documents, project
managers can identify many potential risks.
 Another consideration is the likelihood of advanced

discovery.
22
Tools and techniques used for Identifying Risks:

1. Brainstorming
2. The Delphi Technique
3. Interviewing
4. SWOT analysis.

23
2.1 Brainstorming
 Brainstorming is a technique by which a group attempts to

generate ideas or find a solution for a specific problem by
amassing ideas spontaneously and without judgment
 An experienced facilitator should run the brainstorming

session
 Be careful not to overuse or misuse brainstorming.

2.2 The Delphi Technique

25
2.2 The Delphi Technique forexpert

interview
 The Delphi Technique is used to derive a consensus among

a panel of experts who make predictions about future
developments
jW pt.is
 Provides independent and anonymous input regarding
future events
Ise.gg 53
 Uses repeated rounds of questioning and written responses
and avoids the biasing effects possible in oral methods, such
as brainstorming. Information Systems Department 25
26
2.3 Interviewing
 Interviewing is a fact-finding technique for collecting

information in face-to-face, phone, e-mail, or instant-
messaging discussions
 Interviewing people with similar project experience is an

important tool for identifying potential risks

27
2.4 SWOT analysis
 SWOT analysis (strengths, weaknesses, opportunities,

and threats) can also be used during risk identification
 Helps identify the broad negative and positive risks that

apply to a project

28
The main output of this process is a Risk Register:
 A document that contains the results of various risk

management processes and that is often displayed in
a table or spreadsheet format
 A tool for documenting potential risk events and

related information
Risk events refer to specific, uncertain events that may occur

to the detriment or enhancement of the project
29
2. Identifying Risks: Risk register
Elements of a risk register include:

• An identification number for each risk event
unige number
• A rank for each risk event
• The name of each risk event
so
• A description of each risk event
so
• The category under which each risk event falls (human risk)
e or
• The root cause of each risk
too
If
30
2. Identifying Risks: Risk register
Elements of a risk register include:

 Triggers for each risk (indicators or symptoms)
 Potential responses to each risk
 The risk owner
 The probability and impact of each risk
occurring.
 The status of each risk

3. Performing Qualitative Risk Analysis
 Qualitative risk analysis involves assessing the

likelihood and impact of identified risks to determine
their magnitude and priority
 Risk quantification tools and techniques include:
1. Probability/impact matrixes
2. The Top Ten Risk Item Tracking
3. Expert judgment

r
3.1 Probability/Impact Matrix

34
3.1 Probability/Impact Matrix a

 A probability/impact matrix or chart, lists the relative
probability of a risk occurring on one side of a matrix/
axis on a chart and the relative impact of the risk
occurring on the other
 List the risks and then label each one as high, medium,
or low in terms of its probability of occurrence and its
impact if it did occur
35
 Can also used to calculate risk factors: Numbers that

represent the overall risk of specific events based on
their probability of occurring and the consequences to
the project if they do occur

36
 Sample Probability/Impact Matrix

37
 Chart Showing High-, Medium-, and Low-Risk Technologies
D
It's
51 In
9

Activity
1. Close your eyes
2. Imagine that you are preparing for your wedding after three days.
3. Using Probability/Impact Matrix, list all the potential risks and

risk factors that could happen for making your wedding in an
outdoor place.

39
3.2 Top Ten Risk Item Tracking
 Top Ten Risk Item Tracking is a qualitative risk analysis

tool that helps to identify risks and maintain an awareness of
risks throughout the life of a project
 Establish a periodic review of the top ten project risk items
 List the current ranking, previous ranking, number of times

the risk appears on the list over a period of time, and a
summary of progress made in resolving the risk item
40
 Example of Top Ten Risk Item Tracking:
mr

41
3.2 Top Ten Risk Item Tracking
 A watch list is a list of risks that are low priority, but are still
identified as potential risks
 Qualitative analysis can also identify risks that should be

evaluated on a quantitative basis

4. Performing Quantitative Risk Analysis
 Often follows qualitative risk analysis, but both can be

done together.
 The main techniques for quantitative risk analysis

include:
1. Decision tree analysis

feeding s
2. Simulation
3. Sensitivity analysis

4. Performing
43 Quantitative Risk Analysis
4.1 Decision Trees and Expected Monetary Value (EMV)
 A decision tree is a diagramming analysis technique

used to help select the best course of action in situations
in which future outcomes are uncertain
 Estimated monetary value (EMV) is the product of a risk

event probability and the risk event’s monetary value
 You can draw a decision tree to help find the EMV

4. Performing
 Expected Monetary Value (EMV) Example
X 60000
X 32 000
X 10000
X 2000
X 42000
60000 132000 28000
320001 100007 1200042000 30000

4. Performing
 Expected Monetary Value (EMV) Example

4. Performing
 The higher the EMV, the better.
 Because the EMV is positive for both Projects 1 and 2, Cliff’s
firm would expect a positive outcome from each and could bid
on both projects.
 If it had to choose between the two projects, perhaps because of
limited resources, Cliff’s firm should bid on Project 2 because it
has a higher EMV. a

Example
I need to choose between the two vendors. which of
them will bring higher benefit for my project? 3
22 AWB 24
4127819
47
c

4. Performing
yes
4.2 Simulation
 Simulation uses a representation or model of a system to

analyze the expected behavior or performance of the system
 Monte Carlo analysis simulates a model’s outcome many

times to provide a statistical distribution of the calculated
results.
 To use this model, you must have three estimates (most likely,
pessimistic, and optimistic) plus an estimate of the likelihood of the
estimate being between the most likely and optimistic values.
4. Performing
4.2 Simulation
 Sample Monte Carlo Simulation Results for Project Schedule

4. Performing
4.3 Sensitivity Analysis
 Sensitivity analysis is a technique used to show the effects

of changing one or more variables on an outcome
 For example, many people use it to determine what the

monthly payments for a loan will be given different interest
rates or periods of the loan, or for determining break-even
points based on different assumptions (Excel, is a common tool
for performing sensitivity analysis).

4.2 Sensitivity Analysis: For example, Cliff’s team could develop sensitivity
analysis models to estimate their profits on jobs by varying the number of hours required to
do the jobs or by varying costs per hour.
Point
Even
Break

5. Planning Risk Responses
 After identifying and quantifying risks, you must decide how to

respond to them
 Four main response strategies for negative risks

Four main response strategies for negative risks
Risk acceptance
Risk avoidance
eliminate risk causes accepting the
consequences if a risk
occurs
Risk mitigation
reducing the impact
Risk transference
of a risk event by shifting the consequence of a risk and
reducing the responsibility to a third party (purchase an
probability of insurance or warranty protection for
its occurrence specific hardware needed 53
Four main response strategies for Threats
Acknowledge the
existence of a threat
Reducing Scope without taking an action
Extending the schedule Risk acceptance
Risk avoidance
Conducting more Insurance

tests. Guarantees
Risk mitigation Risk transference

54
Four main response strategies for positive risks

(opportunity):

Risk exploitation Risk sharing
share the ownership of the
do whatever to make risk with other party
sure the positive risk Sharing
happens benefits
Risk enhancement Risk acceptance
changing the size of also applies to positive

the opportunity. risks when the project team
does not take any actions
toward a risk
Probability/impact 56
Risk exploitation Risk sharing
Using new Partnership

technologieshappen
s
Risk acceptance
Risk enhancement
project team does not take
Adding some recourses to an any actions toward a risk
activity finish early
57
 Risk response strategies often include identification of

residual and secondary risks:
 Residual risks are risks that remain after all of
the response strategies have been implemented
 Example: even when using a more stable
hardware is used, there will be some risk of
failing

 Risk response strategies often include identification of

residual and secondary risks:
 Secondary risks are new risks that occur as a
direct result of implementing a risk response
 Example: using a new hardware, may cause
some peripheral devices to fail

6. Controlling Risks
 Controlling risks involves executing the risk management process

to respond to risk events and ensuring that risk awareness is an
ongoing activity performed by the entire project team throughout
the entire project
 Workarounds are unplanned responses to risk events that must

be done when there are no contingency plans
Example: The project environment is dynamic and even an experienced

project manager cannot identify all risks. If any unidentified risk occurs, you will
manage it through a workaround. If you have any identified risks you did not
plan for, you will use a workaround to manage them.
6. Controlling Risks
Main outputs of risk control are:
 Work performance information
 change requests
 updates to the project management plan,

other project documents, and organizational
process assets

Activity
62
Activity
c
63
Activity
64
REFERENCE
 Schwalbe, K. Information Technology Project

Management (8th Edition). Chapter 11

Lecture 8 IS

Uploaded by

Copyright:

Available Formats

Lecture 8 IS

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lecture 8 IS

Uploaded by

Copyright:

Available Formats

LECTURE 8:

Information Systems Department IS 350D: Project Management

 Understand risk, and project risk management.

 Discuss the elements of planning risk management.

 Describe the process of identifying risks and create a risk

 Explain qualitative risk analysis, and quantitative risk

 Discuss how to control risks

Information Systems Department 3

Information Systems Department 5

Risk can be positive

Positive effect Negative

Information Systems Department 6

 Customer not agreeing on the price.

 Not finding a capable supplier.

Information Systems Department 7

 Project Risk Management is a process in which the

 Project Risk Management also involves analyzing and

Information Systems Department 8

Importance of Risk Management

The objectives of Risk Management

Identify Negative risks

Information Systems Department 9

You opened a coffee shop in a small district,

Arrange the following steps that you

Information Systems Department 10

Arrange the following steps that you should

Project Risk Management Processes

1 Planning Risk Deciding how to approach Risk management plan

Project Risk Management Processes

No Process Name Description Output

5 Planning Risk Enhance opportunities and Project management plan updates,

Information Systems Department 13

Project Risk Management Processes

Information Systems Department 14

Information Systems Department 15

A risk management plan: how risk management will be performed

Risk probability and impact

Information Systems Department 16

 A risk management plan summarizes how risk management

Roles and responsibilities

Budget and schedule

1. Planning Risk Management

Risk probability and impact

Revised stakeholders’ tolerances

Information Systems Department 18

1. Planning Risk Management

What are needed to prepare risk management plan? (inputs)

Information Systems Department 19

1. Planning Risk Management

Information Systems Department 20

 Identifying risks is the process of understanding what

 By understanding common sources of risks and

 Another consideration is the likelihood of advanced

Tools and techniques used for Identifying Risks:

Information Systems Department 22

 Brainstorming is a technique by which a group attempts to

 An experienced facilitator should run the brainstorming

 Be careful not to overuse or misuse brainstorming.

2.2 The Delphi Technique

Information Systems Department 24