SPM Lecture 23
SPM Lecture 23
Inputs:
Risk Data Quality Assessment: Ensuring the data used to analyze risks is
accurate and complete.
3|Page
Outputs:
Risk Register: Includes identified risks, their probabilities, impacts, and risk
owners.
Risk Management Plan: Guides the approach for quantitative analysis,
including data collection methods and models to use.
Cost Management Plan: Provides information about the project’s budget and
funding levels to assess financial risks.
Schedule Management Plan: Provides time-related information to assess
risks related to project timelines.
Stakeholder Register: Can provide insights into stakeholder concerns and
expectations that may impact risk analysis.
Enterprise Environmental Factors (EEFs): Such as industry standards and
risk tolerance that influence the analysis.
Organizational Process Assets (OPAs): Historical data or lessons learned
from previous projects to support the analysis.
Outputs:
Monitoring/Controlling Risks
Inputs:
Risk Management Plan: Provides the processes and guidelines for tracking
and managing risks.
Risk Register: Contains the updated list of identified risks and their associated
information (probabilities, impacts, responses).
Work Performance Data: Provides real-time information on project
performance, which is crucial for risk monitoring.
Project Documents: Includes project schedules, cost reports, issue logs, and
any other documents that can provide insight into how well the project is
managing its risks.
Data Analysis: Techniques like trend analysis, variance analysis, and reserve
analysis to assess the effectiveness of risk responses and track ongoing risks.
Audits: Independent reviews of the project’s risk management processes to
ensure that risk responses are being followed and are effective.
Meetings: Regular team meetings or risk review sessions to discuss current
risks, new risks, and the effectiveness of risk response strategies.
Risk Reassessments: Re-evaluation of risks and their potential impacts,
considering changes in project conditions and new risks.
Workarounds: Unplanned, reactive actions taken to address risks when no
prior contingency plans are available.
Outputs:
Work Performance Information: Provides insights into how well the risk
responses are working and whether adjustments are needed.
Change Requests: Proposals for changes in risk responses, schedules, costs, or
other aspects of the project in response to monitored risks.
Updates to the Risk Register: Inclusion of newly identified risks, changes in
risk probabilities, and updated risk response strategies.
Updates to the Project Management Plan: Modifications to the overall plan,
particularly in areas like scope, schedule, or cost management, as a result of
monitoring risks.
8|Page
1. Risk Avoidance:
o Change the project plan to eliminate the risk entirely.
o Example: Switching to a more stable technology to avoid technical
risks.
2. Risk Transfer:
o Transfer the risk to a third party, such as outsourcing a part of the project
or purchasing insurance.
o Example: Subcontracting a risky component of the project to a
specialist firm.
3. Risk Reduction:
o Reduce the probability or impact of the risk.
o Example: Implementing additional testing to catch defects early or
breaking the project into smaller milestones to monitor progress more
closely.
4. Risk Acceptance:
o Acknowledge the risk and prepare a contingency plan to address it if it
occurs.
o Example: Accepting a minor schedule delay if it has minimal impact on
the project’s success.
5. Contingency Plans:
o Prepare for unexpected risks by establishing a backup plan.
o Example: Having a plan for managing resource shortages or a backup
team in case of critical skill gaps.
9|Page
Solution:
Identified Risks:
Mitigation Strategies:
Schedule Risk:
o Mitigation: Introduce more robust change management processes, set
clearer client expectations, and allocate buffer time for unexpected
changes.
Resource Risk:
o Mitigation: Cross-train team members, plan for additional resources, or
bring in a temporary developer to cover the key role.
Solution:
Risk Identification:
Mitigation Strategies:
Mitigation 2: Set Clear Expectations: Work closely with the client to finalize
requirements early, minimizing the chances of further changes.
Mitigation 3: Agile Approach: Adopt an agile methodology where iterations
allow flexibility to adjust and incorporate changes incrementally without
disrupting the entire timeline.
Scenario: The project team is small, and a key developer falls ill and is unable to
work for a few weeks. This may lead to delays in key development milestones,
especially in areas of the project requiring their expertise.
Solution:
Risk Identification:
Mitigation Strategies:
Scenario: During the initial stages of a software development project, the team
encounters significant compatibility issues between the app's front-end framework
and the backend API, which could lead to integration challenges and delays.
Solution:
Risk Identification:
Mitigation Strategies:
11 | P a g e
Scenario: The project is developing a healthcare app that handles sensitive patient
data. The development team is concerned about potential data breaches or security
vulnerabilities, especially since the app needs to comply with strict healthcare
regulations (e.g., HIPAA).
Solution:
Risk Identification:
Mitigation Strategies:
Solution:
12 | P a g e
Risk Identification:
Mitigation Strategies:
Solution:
Risk Identification:
Mitigation Strategies:
Scenario: A software development company has secured funding for a new project.
However, due to unforeseen costs—such as higher-than-expected labor expenses,
licensing fees for third-party software, or unexpected delays—there's a concern that
the project could run over budget.
Solution:
Risk Identification:
Mitigation Strategies:
1. Detailed Budget Planning: Establish a clear, detailed budget at the start of the
project, including a contingency fund to address unforeseen costs.
2. Regular Financial Monitoring: Implement regular reviews of project
expenses to track spending and identify areas where cost overruns are
occurring.
3. Cost Optimization: Look for opportunities to reduce costs without
compromising quality, such as optimizing the use of resources, reducing scope,
or negotiating better rates with suppliers.
4. Contingency Planning: Prepare for the possibility of financial shortfalls by
securing additional funding or restructuring payment schedules with investors
or clients.
Scenario: A software company develops a healthcare app that collects and processes
personal health data. However, the company is unaware of the recent updates in
privacy regulations, such as the General Data Protection Regulation (GDPR) in the
EU or Health Insurance Portability and Accountability Act (HIPAA) in the US.
Solution:
Risk Identification:
involve the app not meeting required legal standards for data security or
privacy, leading to legal actions or market withdrawal.
Mitigation Strategies:
Example: Monitor changes in data privacy laws across different regions where
the app will be released to ensure compliance.
3. Engage Legal and Regulatory Experts: Work with legal teams or external
consultants who specialize in relevant regulatory frameworks. These experts
can guide the development team on how to structure data collection, storage,
and sharing to comply with laws.
Example: Work with GDPR consultants to ensure that user data is stored and
handled according to regulations and that users’ consent is properly recorded.
Example: Prepare a response plan for addressing issues if the app fails to meet
regulatory standards, including corrective measures and communication with
regulatory bodies.
6. Training and Awareness: Ensure that the development team is trained and
aware of the relevant regulations affecting the project. This can help prevent
accidental violations due to ignorance or misunderstanding.
Example: Organize regular training sessions on data privacy laws for the
development and legal teams involved in the project.