UN 0603 Unit 11

About This Presentation

Title:

UN 0603 Unit 11

Description:

Enterprise Environmental. 4.3 Develop PMP. 4.6 Int Change Control. Scope Statement ... Star-Trek syndrome (to fail boldly where...) Size has its own problems ... – PowerPoint PPT presentation

Number of Views:121

Avg rating:3.0/5.0

Slides: 162

Provided by: sherryg8

Category:

more less

Transcript and Presenter's Notes

Title: UN 0603 Unit 11

1
UN 0603Unit 11

Project Risk Management

Dr. J. Michael Bennett, P. Eng., PMP UNENE,
McMaster University, The University of Western
Ontario Version 2K6-X-26
2
Change Control

2K6-X-26 3rd edition

3
EP 704 Road Map

Unit 1 Introduction to Project Management
Unit 2 The Project Management Context
Unit 3 Project Management Processes
Unit 4 Project Integration Management
Unit 5 Project Scope Management
Unit 6 Project Cost Management
Unit 7 Project Time Management
Unit 8 Project Quality Management
Unit 9 Project Human Resource Management
Unit 10 Project Communications Management
Unit 11 Project Risk Management
Unit 11 Project Procurement Management

4
Dilbert and Risk
5
Introduction

Processes concerned with conducting
Risk management planning
Risk identification
Risk analysis
Risk responses
Monitoring and controlling risk

6
Commercial databases
11.1 Risk Man. Planning

PMP
PP, Guidelines
Approved Change Reqs
Lessons Learned
Risk Management Plan
Scope Statement
Approved Change Requests
Risk Register
Risk Register Updates
Cost Management Plan
Schedule Management Plan
Risk Register Updates
PMP Updates
Performance Reports
Risk Register Updates Risk-related contractual
agreements
Work Performance Information
History, Calendar
Requested Changes
OPA Updates
PMP Updates
7
Objectives of Risk Management

To increase the probability and impact of
positive events
To decrease the probability and impact of
negative events
Note we normally concentrate on the latter and
thankfully accept the former

8
Six Main Processes

Risk Management Planning
Risk Identification
Qualitative Risk Analysis
Quantitative Risk Analysis
Risk Response Planning
Risk Monitoring and Control

9
Project Risk Management
11.2 Risk Identification 11.2.1 Inputs .1EEP
.2 OPA .3 Project Scope Statemt
.4 Risk Management Plan . 5 PMP 11.2.2
Tools and Techniques .1 Documentation
Reviews .2 Info Gathering Techs .3
Checklist Analysis .4 Assumptions Analysis
.5 Diagramming Techs 11.2.3 Output
.1 Risk Register
11.3 Qualitative Risk Analysis 11.3.1 Inputs
.1 EEP .2 OPA .3 Project Scope
Statement .4 Risk Management
Plan 11.3.2 Tools and Techniques .1 Risk
Prob, Impact Assesst .2 Prob Impact
Matrix .3 Risk Data Quality .4 Risk
Categorization .5 Risk Urgency
Assesst 11.3..3 Output .1 Risk Register
Updates
11.1 Risk Management Planning 11.1.1 Inputs
.1 EEP .2 OPA .3 Project Scope
Statement . 4 PMP 11.1.2 Tools and
Techniques .1 Planning Meetings
Analysis 11.1.3 Output .1 Risk
Management Plan
10
11.4 Quantitative Risk Analysis 11.4.1 Inputs
.1 EEP .2 Project Scope Statement
.3 Risk Management Plan .4 Risk Register
. 5 PMP 11.4.2 Tools and Techniques .1
Data Gathering Rep Teks .2 Quant. Risk Ana
Modeling 11.4.3 Outputs .1 Risk Register
Updates
11.5 Risk Response Planning 11.5.1 Inputs .1
Risk Management Plan .2 Risk Register 11.5.2
Tools and Techniques .1 Strategies for Risk
Threats .2 Strategies for Opportunities
.3 Strategies for Both .4 Contingent
Response Strategy 11.5.3 Output .1 Risk
Register Updates .2 PMP Updates .3
Risk-related Contractual Agreements
11.6 Risk Monitoring Control 11.6.1 Inputs
.1 Risk Management Plan .2 Risk Register
.3 Approved Change Requests .4 Work
Performance Info. .5 Performance
Reports 11.6.2 Tools and Techniques .1 Risk
Reassessment .2 Risk Audits .3
Recommended Corrections .4 Technical Perf.
Meas. .5 Reserve Analysis .6 Status
Meetings 11.6.3 Output .1 Risk Register
Updates .2 Requested Changes .3 Recd
Corrections .4 Recd Preventions .5 OPA
Updates .6 PMP Updates
11
Risky Quotes
1. If you know your enemy and yourself, you need
not fear the result of a hundred battles (Sun Tzu
500BCE) 2. If you do not actively attack risks,
risks will actively attack you! 3. Risk
prevention is more cost-effective than risk
detection. 4. The degree of risk and its causes
must not be hidden from the decision-makers. 5.
If you dont ask for risk information, youre
asking for trouble.
12
Definition of Risk

Involves at least these 2 characteristics
uncertainty
loss
Risk is the possibility of suffering loss (SEI)
Risk is the measure of probability and severity
of adverse effects (Lowrance)
Risk is the potential for realization of unwanted
negative consequences of an event (Rowe)

13
Risk Statement

For a risk to be understandable, it must be
expressed clearly
Must include
description of current conditions that might lead
to a loss
description of loss or consequence

14
Principles of Continuous RM

Core
Defining
Sustaining

15
Core Principle

Open communication
encourage free-flow of information
enable communication(formal, informal, impromptu)
accept all views

16
Defining Principles

Forward-looking view
Shared product vision
Global perspective

17
Sustaining Principles

Integrated Management
Teamwork
Continuous Process

18
Our Risk Paradigm
Control
Track
Identify
QQ Analysis
Plan
19
Identify

Search for and locate risks before they become a
problem
Risk ID is a continuous process
Risk is everyones business

20
Analyze (Qualitative Quantitative)

Transform risk data to make decisions
Evaluate impact, probability, timeframe
Classify risks
Prioritize risks

21
Plan

Build a Risk Plan
Transform risk information into decisions and
actions
Planning is continuous
Planning is forward-looking
Planning need shared product, global vision

22
Track

Monitor risk indicators
Trigger mitigation action plans
Tracking is continuous
Combine risk with project tracking

23
Control

Correct for deviations from risk mitigation plans
Combine with project control
Keep communications open

24
Above all, COMMUNICATE

Provide internal feedback on risks info
and external

25
SPMP Risk Factors

Real-world risks
Technological risks
Risks due to size
People risks
Customer risks
Business risks (covered above too)

26
Real-World Risks

Contract risks
Management risks
External risks (e.g.... Eastern Europe)
Acts-of-God

27
Contract Risks

Will explore in next unit ad naseum
Make sure you can deliver
NEVER promise too much-)!!!!!

28
Management Risks

Financial health of organization
Takeoverability of organization
Management attitude
Government inertia
Cost of capital
Cost of raw materials

29
External Risks

Eastern Europe syndrome (i.e.... market
volatility example of a risk)
Government intervention (equal-opportunity
initiatives)
GATT/FTA problems

30
Acts-of-God Risks

Hurricanes, tornadoes, tidal waves etc..
Pestilence, plagues etc..
Plane crashes etc..
Earthquakes

31
Technological Risks

Software
Hardware
New technologies
Technology failures
Technology scoops
Write-offs of legacy equipment

32
Risks due to Size

Star-Trek syndrome (to fail boldly where...)
Size has its own problems
Application may overstretch tech platform
MULTICs example
The non-linearity of extrapolation

33
People Risks

People volatility
People burn-out
Shrinkage of labour supply
Inappropriate skilling of people
Boring work
Union problems

34
Customer Risks

Customer financial stability
Requirement changes
Environmental changes (only buy Mongolian all
documentation must be in Mayan)
External interfaces changed (now we use Linux)

35
Business Risks

Building a product that no one wants
Building a product that no longer fits into the
FedGov strategy
Building a product that the sales force does not
understand
Losing senior management support
Losing budget

36
11.1 Risk Management Planning
11.1.1 Inputs .1 EEP .2 OPA .3
Project Scope Statement . 4 PMP 11.1.2 Tools
and Techniques .1 Planning Meetings
Analysis 11.1.3 Output .1 Risk
Management Plan
37
11.1.1 Inputs

EEFs
Flavour of the Org will set the Risk agenda
May be expressed in policy statements
May be inferred from actions
OPAs
May have risk categories, common definition of
terms
Standard templates
Roles responsibilities
Authority levels for risk decision making

38
Risk Planning

can easily have 30-50 risks
use Pareto 80/20 rule to cull
prepare a Risk Management Plan RMP
General plan aspects
Boehms Top Ten
Boehms List
RMMP

39
The Top Ten SW Risks (after Boehm)
Risk Risk Management Techniques 1
Personnel Staffing with top talent, job matching
team building shortfalls morale building,
cross-training, prescheduling key people 2
Unrealistic Detailed, multisourced cost-schedule
estimation use of schedules and design and
FP metrics, software reuse requirements
budgets engineering 3 Developing
the Organizational analysis mission analysis
wrong software user surveys prototyping early
users functions manuals 4 Developing
the Task analysis prototyping scenarios user
wrong user characterization interface 5
Gold Requirements scrubbing prototyping
cost-benefit Plating analysis design to
cost
40
The Top Ten SW Risks (after Boehm)
6 Changing High change threshold information
hiding incremental Requirements development
7 Shortfalls in Benchmarking inspections
reference checking externally
supplied compatibility analysis
components 8 Shortfalls in Reference
checking pre-audit awards award-fee
externally performed team building competitive
design tasks 9 Real-time Simulation
benchmarking modeling prototyping
performance SFs instrumentation tuning 10
Straining CS Technical analysis cost-benefit
analysis prototyping capabilities referenc
e checking
41
Common SW Weaknesses 90-95

1 Schedules set before definition
2 Excessive schedule pressure
3 Major Reqs change after SO
4 Inadequate PM skills
5 Inadequate pretest defect removal procs
6 Inadequate SW process

C. Jones Applied Software Measurement McGH 1997
42
Weaknesses cont.

7 Inadequate office space, environment
8 Inadequate training
9 Inadequate support for reuse, code and design
10 Inadequate orgs, specialist support
11 Too much emphasis on partial solns
12 Too new technologies

43
Common Strengths, 1990-95

1 Experience in application area
2 Morale and cohesiveness
3 Experience with prog langs
4 Experience with support tools
5 Experience with hardware
6 Availability of hardware

44
Strengths cont.

7 Availability of support tools
8 Use of adequate testing methods
9 Use of configuration management
10 Use of structured code methodologies
11 Use of formal assessments
12 Use of geriatric tools for legacy SW

45
11.1.2 TT

The Team will have planning meetings to develop
the Risk Management Plan
Again is successively elaborated

46
11.1.3 Risk Management Plan

Includes at least the following
Methodology
Roles responsibilities
Budgeting
Timing categories
Definitions of risk probability and impact
Probability Impact Matrix
Stakeholders tolerances
Reporting formats
Tracking

47
Risk Breakdown Structure (RBS) PMBOK Pg 244
PROJECT
Project Management
Technical
External
Organizational
Project Dependencies
Estimating
Resources
Planning
Funding
Controlling
Prioritization
Communication
48
Impact Scales for 4 Project Objectives PMBOK pg
245
49
Sample Risk Management Plan (Charette)

I Introduction 1. Scope and purpose 2.
Overview a) Objectives b) Risk aversion
priorities 3. Organization a) Management b)
Responsibilities c) Job descriptions 4.
Aversion program description a) Schedule b)
Major Milestones and reviews c) Budget

50
Sample Risk Management Plan (Charette) cont.

II Risk Analysis 1. Identification a) Survey
of risks b) Sources of risk c) Risk
Taxonomy 2. Risk Estimation a) Estimated
probability of risk b) Estimated consequence of
risk c) Evaluation of risk referents d)
Evaluation results 3. Evaluation a) Evaluation
methods to be used b) Evaluation method
assumptions and limitations c) Evaluation risk
referents d) Evaluation results

51
Sample Risk Management Plan (Charette) cont.

III Risk Management1. Recommendations2. Risk
aversion options3. Risk aversion
recommendations4. Risk monitoring procedures
IV Appendices1. Risk estimate of the solution2.
Risk abatement plan

52
11.2 Risk Identification
11.2.1 Inputs .1 EEP .2 OPA .3
Project Scope Statement .4 Risk
Management Plan . 5 PMP 11.2.2 Tools and
Techniques .1 Documentation Reviews .2
Info Gathering Techniques .3 Checklist
Analysis .4 Assumptions Analysis .5
Diagramming Techniques 11.2.3 Output .1
Risk Register
53
Risk Identification

Determines which risks might affect the project
and document their characteristics
Who does this
PM, team members, management team
SMEs, other external experts
Customers, end users
Stakeholders

54
Risk Identification

Step 1 Capture the Statement of Risk
Step 2 Capture the Context of the Risk

55
Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
56
Step 1 Capturing a Statement of Risk

The Risk statement consists of 2 parts
condition a single phrase describing the key
circumstances, situations, causing concern,
doubt, anxiety, uncertainty
consequence a single sentence describing the key
(normally negative) outcomes of the current
situation

57
Example

Condition The GUI must be coded using X Windows
and we do not have expertise in X Windows
Consequence The GUI code may not be completed in
time and may be inefficient

58
Step 2 Capturing the Context of a Risk

This includes recording additional information
regarding the circumstances, events and
interrelationships that may affect the risk
intent is to provide enough extra information
that other people can understand the risk,
particularly after time has passed

59
Example

A GUI is.. And we need one because
The graphical interface is an important part of
the system and we do not have anyone trained in X
Windows. We have all been studying the language
but it is complex and only one person on the team
has any graphics experience and that is with
Windows on a PC.

60
11.2.2 Risk Identification TT

.1 Documentation Reviews
.2 Info Gathering Techniques
.3 Checklist Analysis
.4 Assumptions Analysis
.5 Diagramming Techniques

61
.1 Documentation Reviews

Structured review of
Project documentation
Plans, assumptions
Prior project morgue files
Check the consistency of the various plans

62
.2 Information Gathering Techniques

Brainstorming
Delphi technique
Interviewing
Root cause identification
SWOT analysis

63
.3 Checklist Analysis

Like Boehms list
Org should have one
Check out textbooks
Look at the lowest level of the RBS/WBS
Note that we cannot build an exhaustive list,
ever!

64
.4 Assumptions Analysis

Find the assumptions
Check out the validity of the assumptions
Look at the inaccuracy, inconsistencies,
incompleteness of those assumptions

65
.5 Diagramming Techniques

Ishikawas
Process flow charts
Influence diagrams

66
Ishikawa Diagrams
Environment
People
Process
hard to modify
hard coded
Unit 12 costs 50 of all Effort LQ
Measurement
Machines
Materials
67
Sample Process Flowchart PMBOK page 194
NO
7 Vendor makes Proofs
6 Artwork out for Proofs
YES
NO
NO
8 Proofs acceptable?
9 QA Review Approval?
10 Proof back to Vendor
11 Specs Signed
YES
YES
12 Order Materials
68
11.2.3 Risk Identification Outputs

Risk Registry
A PMI term to indicate the repository of all of
the information associated with risks
Available to other planning areas and processes

69
Risk Registry

List of identified risks
List of potential responses
Root causes of the risks
Updated risk categories

70
11.3 Qualitative Risk Analysis
11.3.1 Inputs .1 EEP .2 OPA .3
Project Scope Statement .4 Risk
Management Plan 11.3.2 Tools and Techniques
.1 Risk Probability Impact Assessment .2
Probability Impact Matrix .3 Risk Data
Quality .4 Risk Categorization .5 Risk
Urgency Assessment 11.3.3 Output .1 Risk
Register Updates
71
Purpose of Qualitative RA

Focuses on ranking in non-numeric terms
Want to focus on high-priority risks especially
Risk has 3 dimensions
Probability of occurrence
Impact of eventuated risk
Timing of the risk
Is rapid, cheap, foundational
Indicates the need for expansion in quant section

72
.1 Risk Probability Impact Assessment

Severity LikelihoodImpact
Ranking very important

73
3.1 Risk Estimation

Also called Risk Attribute Evaluation
Try to rate
Likelihood of risks reality
Consequences of risks effects
Severity Likelihood x Consequence

74
Likelihood

What is the chance that it might happen?
Impossible
Unlikely
Likely
Guaranteed to happen

75
Risk Consequences

Nature of riskWhat are the problems associated
with this risk happening?
Scope of riskhow serious is it AND how much of
the project will be harmed (or how many
customers?)
Timing of riskwhen and how long will the effects
be felt?
Assign a rating

76
Risk Examples

task is to map quadruples onto STEPS to avert risk

RISK Management
RMMP
77
Evaluating Risks

Air Force example
Binary level
Ternary level
Probability

78
Binary Level

There are 4 possibilities (impact-probability)
1 yes-yes (high)
2 yes-no (moderate)
3 no-yes (moderate)
4 no-no (low)

79
Ternary Level

9 levels
h-h, h-m, m-h (high)
h-l, m-m, l-h (moderate)
m-l, l-m, l-l (low)

80
Air Force Categorization

Impact
catastrophic
critical
marginal
negligible
Probability
frequent
probable
improbable
impossible

81
.2 Probability Impact Matrix

Can also use a stoplight chart as follows
Permits us to rank risks or put them in a common
risk basket

82
Probability- Impact Matrix PMBOK page 252
THREATS
OPPORTUNITIES
Impact
83
International Nuclear Event Scale

L Name Criteria Examples
0 Below scale no safety experience
1 Anomaly variation from pp
2 Incident insig release of R
3 Serious " very small RoR Vandellos E, 1989
4 Acc without minor RoR StLaurent F, 1980
sig offsite RoR Sig plant dam, death
5 Acc with " limited RoR TMI 1979, Japan 2K
6 Serious A sig RoR
7 Major Acc major RoR, Widespread Chernobyl
health, envir effects
RoR Release of Radiation
sigsignificant

84
.3 Risk Data Quality

An non-numeric assessment of the quality of the
data
Tries to qualitatively estimate
Degree of understanding of the risk
Accuracy of the risk data
Quality of the risk data
Reliability of the risk data
Integrity of the risk data

85
.4 Risk Categorization

Grouping makes it much more cost-effective

86
Risk Classification

Group risks into similar groups
Permits removal of duplicate risks
Allows for separate approaches depending on the
group

87
Classification Perspective

Predefined (like Boehms)
Self-organized (based on common characteristics)

88
Classification by Source/Impact

Source based on the same cause or source
Impact based on the impact on the Project

89
Taxonomy Element
90
.5 Risk Urgency Assessment

Need to assess the risk timing
A risk that has eventuated is no longer a risk
its a FACT

91
11.3.3 Qual Risk Analysis Outputs

Risk Registry Updates
Priority ranking of risks
Risks grouped by category
Risks requiring near-term response
Risks requiring more analysis/response
Watch lists of low priority risks
Trends in qualitative risk analysis results

92
11.4 Quantitative Risk Analysis
11.4.1 Inputs .1 EEP .2 Project Scope
Statement .3 Risk Management Plan
.4 Risk Register . 5 PMP 11.4.2 Tools and
Techniques .1 Data Gathering
Representation Techniques .2 Quantitative
Risk Analysis Modeling 11.4.3 Outputs .1
Risk Register Updates
93
Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
94
Quantitative

Here we put numbers on the risks
Here be Dragons
Just because there is a number, does not make it
true!
Not everything that matters, can be measured.
Not everything that is measured, matters

95
The Ideal is to

Quantify the possible outcome
Assess the probability of achieving objectives
Use the numeric ranking to watch the highest
Identify realistic costs, schedules, scope
targets in the face of the project risks
Determine the best PM decision when some risks
rear their ugly heads

96
.1 Data Gathering Representation Teks

Interviewing
Probability distributions
Expert judgment

97
Range of Cost Estimates
98
Probability Distributions
Likely
Likely
Beta
Triangular
99
.2 Quantitative Risk Analysis Modeling

Sensitivity analysis
Expected monetary value
Decision tree analysis
Modeling and simulation

100
Decision Tree Diagram Upgrade?
Build New Plant
Build or Upgrade
Upgrade New Plant
101
Risk Register Updates

Probabilistic analysis of project
Probability of achieving cost and time objectives
Prioritized list of quantified risks
Trends in quantitative risk analysis results

102
Probability

0 means impossible
1 means will happen
0.0001.0.99999
provides a continuum of values
normally must eyeball

103
Failure Intensities (Death/106 hrs)

Space shuttles 38,000
Nuclear Plants 3,400
Horseback ride 2,860
Light bulbs 1,000
NYC subway cars 478
Motorcycles 143
(Disabling household injuries)
4.1

(Car thefts) 1.1
Death at 35 1.0
Auto deaths 0.7
Air deaths 0.5
Death by fire .00023
Electrocution .00006

104
Quantifying Risks with Probability

Sev Likelihoodi x Impacti
Problem is that it is hard to quantify these
For example, what is the likelihood of a ship
hitting an iceberg in the North Atlantic?

105
Prioritizing Risks

Use the Pareto Rule
Pick the top 10

106
Risk Example

Suppose that you have identified the triplet
1. r1 high staff turnover
2. l1 estimated at 0.70
3. x1 impact of increasing project duration by
15 and overall cost 12
4. s1 severity is .7 X .15

107
Risk Example cont.

Steps to Reduce the Risk of Turnovers might
include
meet with current staff to determine causes of
high turnover
change these before project commences
assume that turnover WILL occur during project
and build that into plan
organize project teams so that information about
each development activity is widely dispersed
define documentation standards
establish mechanism so that these are developed
in a timely manner
conduct peer reviews and walkthroughs for
second-sourcing
identify critical technologists
define a backup person for each critical
technologist

108
Risk Product Number (RPN)

Uses 3 variables
Occurrence
Severity
Detection
RPNOSD (each ranked 1-10, increasing)
RPN1 most risk free
RPN1000 yikes! Head for the hills!

109
OOccurrence

Remote 1
Low failure rate 2-3
Moderate 4-6
High 7-9
Very high almost certain 10

110
SSeverity

Insignificant 1 - customer will not notice
Low severity 2-3 - slight annoyance
Moderate 4-6 - some dissatisfaction
High 7-9 - anger
Very high 10 - customer at risk

111
DDetection Ranking

Very High 1 - design controls will find Ds
High 2-3 - good chance to detect failure
Moderate 4-5 - may detect failures
Low 6-7 - not likely to detect
Very low 8-9 - will not detect
Unlikely 10 - no controls at all!

112
Case Study aluminum beverage cans

Pressure of compressed liquid splits can open
Compression of top causes stepped neck into can
Cans side wrinkles the way they do in an empty
can
Cans bottom pops out
Cans bottom splits open
Cans top arches to accommodate pressure
Rivet in pop-top is ejected
Top cracks open when scored
Can leaks at rim where top joins side

113
Aluminum Can Example

Part FM F Mech Eff FR SR DR RPN Acts
Side break pressure splits leak 4 7 4 112
thicken
sides open can wall
wrinkle insuff wall ugly 4 5 3 60
thickness
Top neck ext impact ugly 3 6 6 108 protect
pushed in when shipd
arches top arches ugly 3 5 3 45
stiffen
out can wall
Bottom pops out press can 5 6 5 150 stiffen
dish
falls bottom
splits press leaks 3 7 4 84 stiffen
can wall
Rivet ejected hi press leaks 5 8 4 160 ??

114
11.5 Risk Response Planning
11.5.1 Inputs .1 Risk Management Plan
.2 Risk Register 11.5.2 Tools and Techniques
.1 Strategies for Risk Threats .2 Strategies
for Risk Opportunities .3 Strategies for
Threats and Opportunities .4 Contingent
Response Strategy 11.5.3 Output .1 Risk
Register Updates .2 PMP Updates .3
Risk-related Contractual Agreements
115
Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
116
.1 Strategies for Risk Threats

Avoid
Transfer
Mitigate

117
Planning

What is planning?
Is it MY Risk? (assign responsibility)
What can I do? (approach)
How Much and What? (scope and actions)
Set Mitigation considerations
Guidelines and tips

118
Objectives of the PLAN

ID risks sources and consequences
develop effective plans
plan efficiently
produce the correct set of actions to minimize
risk and impacts
plan important risks first

119
Whose Risk IS it?

3 options
1 keep the risk
2 delegate the risk within the organization
3 transfer it outside

120
Qs to Ask

Who could solve this risk?
Who has the power to allocate resources?
Who can be held accountable for this risk?
Who has the time to manage this risk?
Who has the opportunity to take action?

121
Keep the Risk

Retain accountability, responsibility, authority
You have resources, knowledge, position to manage
risk
You approve all risk actions

122
Delegate

You retain accountability, assign responsibility
and authority
You manage the risk

123
Transfer

You assign accountability, responsibility,
authority
Third party now accepts the risk

124
What to do?

If you do not know enough about this risk to
decide, research
Can you live with the risk? Accept
No can I mitigate? No track the risk
Yes develop a mitigation plan

125
Culling Risks

All risks cannot be planned simultaneously.
Plan in order of important at this time
What is important now to the project, client,
user, management?
Is the project facing critical milestones?
What limits, constraints does the project have?
What milestones are fixed, flexible?
What resources are available for mitigation?
How does this risk factor into the overall
project concerns?

126
Range of Mitigation Approaches

1 Research
2 Accept
3 Mitigate
4 Track

127
Mitigation Scope

Some Questions for Mitigation
How complex will the mitigation be?
How will it be documented?
What is the strategy?
What are the tasks?

128
Action Item?

Risk statement
Mitigation goal measures
Responsible person
Action items
Due dates and closing dates
Contingency action and triggers

129
or Task Plan?

Risk statement
Mitigation goal measures
Responsible person(s)
Related risks
Due date for task plan completion
Due dates and closing dates

130
Task Plan cont.

Chosen strategies
Specific actions
Budget
Schedule (MSP)
Risk tracking indicators, thresholds, reporting
frequency
Contingency action and triggers

131
Risk ROI

Rule of Thumb do not spend more than 10 on
mitigation

132
Set Mitigation Considerations

Try to collect related risks into a set
can benefit from coordinated mitigation
avoid possibly conflicting goals
increase cost-effectiveness

133
Hints

ID specific, implementable actions which will
preempt problems
Create the desired further state
Integrate RMMP with project plans
Communicate mitigation plans to all affected
personnel
Do not lose sight of the end product

134
.2 Strategies for Risk Opportunities

Exploit
Share
Enhance

135
.3 Strategies for Threats and Opportunities

Acceptance

136
.4 Contingent Response Strategy

Will happen only if predefined conditions occur
Events that can trigger the contingency must be
defined and tracked

137
11.6 Risk Monitoring and Control
11.6.1 Inputs
11.6.3 Output .1 Risk Management Plan
.1 Risk Register Updates .2
Risk Register .2
Requested Changes .3 Approved Change
Requests .3 Recd Corrections .4
Work Performance Info. .4 Recd
Preventions .5 Performance Reports
.5 OPA Updates 11.6.2 Tools and
Techniques .6 PMP Updates
.1 Risk Reassessment .2 Risk Audits .3
Recommended Corrections .4 Technical
Performance Meas. .5 Reserve Analysis
.6 Status Meetings
138
.2 Risk Reassessment

Risks are temporal
Constantly being reassessed
At project meetings for example

139
Risk Tracking

Starts as soon as RMP is done
Gaulish in that its 3 objectives are1. to
assess whether a risk does occur2. to ensure
that the risk aversion steps defined in the
RMMP are properly applied and3. to collect
information for the database
this is a BIG job!

140
Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
141
Tracking

Definitions
Acquiring
Compiling
Reporting

142
Definitions

metrics
measure
indicator
trigger
provides a warning of an impending critical event
indicates a need to implement the RMP
requests immediate attention to a risk

143
Acquiring

Includes all steps to collect information about
the risk measures and status indicators for
watched and mitigated risks
input to the compile phase

144
CSFs for tracking data

Status information is only as good as its
accuracy and timeliness
stale data is worse than useless
when a group of indicators is required, all of
the data must be collected at the same time
collecting tracking data is responsibility of
person responsible for the risk

145
Compiling

Risk data is analyzed, combined, calculated,
organized for the tracking of the risk and its
associated Risk Mitigation Plan

146
CSFs for the Report

What information needs to be reported?
What results are desired from the report?
Does the reports format match the desired
outcome?

147
Reporting

Status information is reported to the decision
makers, team members
verbal reporting
written reports
formal presentations

148
Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
149
.2 Risk Audits

Formal checks by management to ensure that proper
risking is occurring

150
Controlling

Analyzing
Deciding
Executing

151
1 Analyzing

Uses tracking data to examine risks for trends,
deviations, anomalies
Need to have a clear understanding as to the risk
picture

152
Analyzing Tracking Data

Cause and effect Analysis
Cost-Benefit Analysis
Mitigation Status reports
PERT Charts
Spreadsheet Risk Tracking
Stoplight Chart

153
2 Deciding

There are 4 options
1 replan
2 close the risk
3 invoke a contingency plan
4 continuing tracking

154
3 Executing

Implement the control decisions
may decide to close out the risks

155
Closing Risks

Person responsible for the risk closes it
Personnel who either initiated the risk or
received status info from it are notified
Proper approval for closing is acquired
If the risk is in a set, decide to close the set
or not

156