Title: Chapter 11: Project Risk Management Schwalbe
1(No Transcript)
2Chapter 11Project Risk Management(Schwalbe)
3Questions
- Do IT projects carry more risk than say,
construction projects? - What are some typical IT project risk categories?
- How much risk planning is done, really?
- What are some tools for risk management?
- In terms of the eight knowledge areas, which is
typically the least mature? - Describe a simple risk mitigation strategy
4Are there two sides to risk? YES!!
- Down-side risk (negative risk) or just risk
- Up-side risk (positive risk) or opportunities
- Can you personally get out of taking risks?
- You want to minimize the negative risk and
maximize the positive risk - Was life designed to be intentionally risky?
- If so, why???
5The Oklahoma State Delimma
- They invested 200M in oil stocks
- They expected the spot market price of oil to
reach 200/barrel this year - They also borrowed 200M against this asset,
which they used for football stadium improvements - What happened?
- Would you regard their behavior as risk seeking,
risk neutral or risk averse?
6The Importance of Project Risk Management
- Project risk management is the art and science of
identifying, assigning, and responding to risk
throughout the life of a project and in the best
interests of meeting project objectives - Risk management is often overlooked on projects,
but it can help improve project success by
helping select good projects, determining project
scope, and developing realistic estimates
7Which of the following software development
methodologies is focused on risk?
- Waterfall methodology
- Evolutionary development
- Spiral model
- Transform model
8What is Risk?
- A dictionary definition of risk is the
possibility of loss or injury - Project risk involves understanding potential
problems that might occur on the project and how
they might impede project success - Risk management is like a form of insurance it
is an investment
9Why Take Risks? Because of Opportunities!
Try to balance risks and opportunities
Risks
Opportunities
10Risk Utility
- Risk utility or risk tolerance is the amount of
satisfaction or pleasure received from a
potential payoff - Utility rises at a decreasing rate for a person
who is risk-averse - Those who are risk-seeking have a higher
tolerance for risk and their satisfaction
increases when more payoff is at stake - The risk neutral approach achieves a balance
between risk and payoff
11Figure 10-1. Risk Utility Function and Risk
Preference
12What is Project Risk Management?
- The goal of project risk management is to
minimize potential risks while maximizing
potential opportunities. Major processes include - Risk management planning involves deciding how
to approach risk management activities for the
project - Risk identification determining which risks are
likely to affect a project - Qualitative risk analysis prioritizing risks
based on impact - Quantitative risk analysis evaluating risks to
assess the range of possible project outcomes - Risk response planning taking steps to enhance
opportunities and developing responses to threats - Risk monitoring and control responding to risks
over the course of the project
13Common Sources of Risk on Information Technology
Projects
- Several studies show that IT projects share some
common sources of risk - The Standish Group developed an IT success
potential scoring sheet based on potential risks - McFarlan developed a risk questionnaire to help
assess risk - Other broad categories of risk help identify
potential risks
14Table 10-1. Information Technology Success
Potential Scoring Sheet
15Table 10-2. McFarlans Risk Questionnaire
16Market, Financial, and Technology Risk
- Market risk Will the new product be useful to
the organization or marketable to others? Will
users accept and use the product or service? - Financial risk Can the organization afford to
undertake the project? Is this project the best
way to use the companys financial resources? - Technology risk Is the project technically
feasible? Could the technology be obsolete before
a useful product can be produced?
17People and Structure risks
- People risk does the organization have or can
they find people with appropriate skills to
complete the project successfullly - Structure/process risk What is the degree of
change the new project will introduce into user
areas and business procedures?
18Risk Identification
- Risk identification is the process of
understanding what potential unsatisfactory
outcomes are associated with a particular project - Several risk identification tools include
checklists, flowcharts, and interviews
19Table 10-3. Potential Risk Conditions Associated
With Each Knowledge Area
20Quantitative analysis
- Risk quantification or risk analysis is the
process of evaluating risks to assess the range
of possible project outcomes - Determine the risks probability of occurrence
and its impact to the project if the risk does
occur - Risk quantification techniques include expected
monetary value analysis, calculation of risk
factors, PERT estimations, simulations, and
expert judgment
21Figure 10-2. Expected Monetary Value (EMV) Example
22Figure 10-3. Chart Showing High-, Medium-, and
Low-Risk Technologies
23Simulation for Risk Analysis
- Simulation uses a representation or model of a
system to analyze the expected behavior or
performance of the system - Monte Carlo analysis simulates a models outcome
many times to provide a statistical distribution
of the calculated results
24What Went Right?
McDonnell Aircraft Company used Monte Carlo
simulation to help quantify risks on several
advanced-design engineering projects. The
National Aerospace Plan (NASP) project involved
many risks. The purpose of this multi-billion
dollar project was to design and develop a
vehicle that could fly into space using a
single-stage-to-orbit approach. A
single-stage-to-orbit approach meant the vehicle
would have to achieve a speed of Mach 25 (25
times the speed of sound) without a rocket
booster. A team of engineers and business
professionals worked together in the mid-1980s to
develop a software model for estimating the time
and cost of developing the NASP. This model was
then linked with Monte Carlo simulation software
to determine the sources of cost and schedule
risk for the project. The results of the
simulation were then used to determine how the
company would invest its internal research and
development funds. Although the NASP project was
terminated, the resulting research has helped
develop more advanced materials and propulsion
systems used on many modern aircraft.
25Expert Judgment
- Many organizations rely on the intuitive feelings
and past experience of experts to help identify
potential project risks - The Delphi method is a technique for deriving a
consensus among a panel of experts to make
predictions about future developments
26Risk Response Planning
- Risk avoidance eliminating a specific threat or
risk, usually by eliminating its causes - Risk acceptance accepting the consequences
should a risk occur - Risk transference shifting responsibility for a
risk to a third party - Risk mitigation reducing the impact of a risk
event by reducing the probability of its
occurrence
27Table 10-4. General Risk Mitigation Strategies
for Technical, Cost, and Schedule Risks
28Risk Management Plans, Contingency Plans, and
Contingency Reserves
- A risk management plan documents the procedures
for managing risk throughout the project - Contingency plans are predefined actions that the
project team will take if an identified risk
event occurs - Contingency reserves are provisions held by the
project sponsor for possible changes in project
scope or quality that can be used to mitigate
cost and/or schedule risk
29Table 10-5. Questions Addressed in a Risk
Management Plan
- Why is it important to take/not take this risk in
relation to the project objectives? - What specifically is the risk and what are the
risk mitigation deliverables? - How is the risk going to be mitigated? (What risk
mitigation approach is to be used?) - Who are the individuals responsible for
implementing the risk management plan? - When will the milestones associated with the
mitigation approach occur? - How much is required in terms of resources to
mitigate risk?
30Risk Monitoring and Control
- Risk response control involves executing the risk
management processes and the risk management plan
to respond to risk events - Risks must be monitored based on defined
milestones and decisions made regarding risks and
mitigation strategies - Sometimes workarounds or unplanned responses to
risk events are needed when there are no
contingency plans
31Top 10 Risk Item Tracking
- Top 10 risk item tracking is a tool for
maintaining an awareness of risk throughout the
life of a project - Establish a periodic review of the top 10 project
risk items - List the current ranking, previous ranking,
number of times the risk appears on the list over
a period of time, and a summary of progress made
in resolving the risk item
32Table 10-6. Example of Top 10 Risk Item Tracking
33Using Software to Assist in Project Risk
Management
- Databases can keep track of risks
- Spreadsheets can aid in tracking and quantifying
risks - More sophisticated risk management software helps
develop models and uses simulation to analyze and
respond to various project risks
34Figure 10-4. Sample Monte Carlo Simulation
Results for Project Schedule
35Figure 10-5. Sample Monte Carlo Simulations
Results for Project Costs
36Results of Good Project Risk Management
- Unlike crisis management, good project risk
management often goes unnoticed - Well-run projects appear to be almost effortless,
but a lot of work goes into running a project
well - Project managers should strive to make their jobs
look easy to reflect the results of well-run
projects
37Discussion Questions
- Discuss the risk utility function and risk
preference chart in Figure 10-1. Would you rate
yourself as being risk averse, risk neutral, or
risk seeking? Give examples of each approach from
different aspects of your life, such as your
current job, your personal finances, romances,
and eating habits. - What is your organizations (your employer's or
your college's) risk preference when it comes to
information technology projects? Give evidence to
support your position. - Describe the Top 10 Risk Item Tracking approach.
How could you use this technique in your
organization?
38(No Transcript)
39Chapter 12Project Procurement Management
40Importance of Project Procurement Management
- Procurement means acquiring goods and/or services
from an outside source - Other terms include purchasing and outsourcing
- By the year 2003 the worldwide information
technology outsourcing market had grown to over
100 billion
41Why Outsource?
- To reduce both fixed and recurrent costs
- To allow the client organization to focus on its
core business - To access skills and technologies
- To provide flexibility
- To increase accountability
42Project Procurement Management Processes
- Planning purchases and acquisitions determining
what to procure and when - Planning contracting documenting product
requirements and identifying potential sources - Requesting Seller Responses obtaining
quotations, bids, offers, or proposals as
appropriate
43Project Procurement Management Processes,
Continued
- Selecting sellers choosing from among potential
vendors - Administering the contract managing the
relationship with the vendor - Closing the contract completion and settlement
of the contract
44Figure 12-1. Project Procurement Management
Processes and Key Outputs
45Planning purchases and acquisitions
- Procurement planning involves identifying which
project needs can be best met by using products
or services outside the organization. It
includes deciding - whether to procure
- how to procure
- what to procure
- how much to procure
- when to procure
46Collaborative Procurement
- Several organizations, even competitors, have
found that it makes sense to collaborate on
procurement for some projects - Kodak worked with several competitors to develop
the Advantix Advanced Photo System (see What Went
Right? on pg. 303)
47Procurement Planning Tools and Techniques
- Make-or-buy analysis determining whether a
particular product or service should be made or
performed inside the organization or purchased
from someone else. Often involves financial
analysis - Experts, both internal and external, can provide
valuable inputs in procurement decisions
48Types of Contracts
- Fixed price or lump sum involve a fixed total
price for a well-defined product or service - Cost reimbursable involve payment to the seller
for direct and indirect costs - Unit price contracts require the buyer to pay
the seller a predetermined amount per unit of
service
49Cost Reimbursable Contracts
- Cost plus incentive fee (CPIF) the buyer pays
the seller for allowable performance costs plus a
predetermined fee and an incentive bonus - Cost plus fixed fee (CPFF) the buyer pays the
seller for allowable performance costs plus a
fixed fee payment usually based on a percentage
of estimated costs - Cost plus percentage of costs (CPPC) the buyer
pays the seller for allowable performance costs
plus a predetermined percentage based on total
costs
50Figure 12-2. Contract Types Versus Risk
51Statement of Work (SOW)
- A statement of work is a description of the work
required for the procurement - Many contracts, or other mutually binding
agreements, include SOWs - A good SOW gives bidders a better understanding
of the buyers expectations
52A Common Contractual Relationship
- Time and Materials Contract
- Is essentially a cost reimbursement contract, but
reimburses material costs as well - May be agreed to through transmittal of a letter
53Solicitation Planning
- Solicitation planning involves preparing several
documents - Request for Proposals used to solicit proposals
from prospective sellers where there are several
ways to meet the sellers needs - Requests for Quotes used to solicit quotes for
well-defined procurements - Invitations for bid or negotiation, and initial
contractor responses are also part of
solicitation planning
54Figure 12-4. Outline for a Request for Proposal
(RFP)
55Solicitation
- Solicitation involves obtaining proposals or bids
from prospective sellers - Organizations can advertise to procure goods and
services in several ways - approaching the preferred vendor
- approaching several potential vendors
- advertising to anyone interested
- A bidders conference can help clarify the
buyers expectations
56Source Selection
- Source selection involves
- evaluating bidders proposals
- choosing the best one
- negotiating the contract
- awarding the contract
- It is helpful to prepare formal evaluation
procedures for selecting vendors - Buyers often create a short list
57Figure 12-5. Sample Proposal Evaluation Sheet
58Figure 12-6. Detailed Criteria for Selecting
Vendors
59Contract Administration
- Contract administration ensures that the sellers
performance meets contractual requirements - Contracts are legal relationships, so it is
important that legal and contracting
professionals be involved in writing and
administering contracts - Many project managers ignore contractual issues,
which can result in serious problems (see What
Went Wrong? on pg. 315)
60Suggestions on Change Control for Contracts
- Changes to any part of the project need to be
reviewed, approved, and documented by the same
people in the same way that the original part of
the plan was approved - Evaluation of any change should include an impact
analysis. How will the change affect the scope,
time, cost, and quality of the goods or services
being provided? - Changes must be documented in writing. Project
team members should also document all important
meetings and telephone phone calls
61Contract Close-out
- Contract close-out includes
- product verification to determine if all work was
completed correctly and satisfactorily - administrative activities to update records to
reflect final results - archiving information for future use
- Procurement audits identify lessons learned in
the procurement process
62Discussion Questions
- Discuss the scenario in the opening case. Have
you experienced similar situations? How did the
parties involved handle them? - Provide examples of information technology goods
and services that were outsourced. Which were for
information technology projects and which were
parts of on-going operations? Was it advantageous
for the organization to use outsourcing? - Some experts recommend working with preferred
vendors, even if their prices may be higher than
other vendors. Why do you think this is the
case?