Project Risk Management

صفحه 1:
Project Risk Management 

صفحه 2:
Table 11-5. Sample Risk Register / Risk Analysis " Project severity = expectation (1-10) * impact (1-10) " When should risk analysis be formed? " Is not a time activity " Periodic update and reviewed 

صفحه 3:
Severity 30 40 25 Calculating severity Impact 5 8 5 Expectatio n 6 5 5 Problem Staff Late delivery of hardware Communication and Networks problem 

صفحه 4:
Qualitative Risk Analysis " Assess the likelihood and impact of identified risks to determine their magnitude and priority. " Risk quantification tools and techniques include: * Probability/impact matrixes " The Top Ten Risk Item Tracking " Expert judgment 

صفحه 5:
Probability/Impact Matrix * A probability/impact matrix or chart lists the relative probability of a risk occurring on one side of a matrix or axis on a chart and the relative impact of the risk occurring on the other. " List the risks and then label each one as high, medium, or low in terms of its probability of occurrence and its impact if it did occur. * Can also calculate risk factors: = Numbers that represent the overall risk of specific events based on their probability of occurring and the consequences to the project if they do occur. 

صفحه 6:
Figure 11-4. Sample Probability/Impact Matrix risk 1 risk 4 risk 12 High risk 9 risk 2 risk 5 risk 11 risk 8 risk 10 Medium Impact risk 6 risk 3 risk 7 Low High Probability Medium 

صفحه 7:
lable 11-6. sample Probability/Impact Matrix for Qualitative Riclz Nccacemant PROBABILITY OF FAILURE (Ps) ATTRIBUTES OF SUGGESTED TECHNOLOGY عمق باق ی سا سا ‎Haowant/Sorrwane __Harowane/Sornwant‏ ‎Exiting Simple Design Mubiple ogame‏ ذه And Services ‎Minor Redesign Somewhat Complex Mubiple Programs‏ اذه ‎Major Change Feasisle Fairly Complex Several Parallel Programs‏ 05 ‎Complex HW Designs ew Very Complex AL Leis! One Other Proytarn‏ 0.7 ‎'SW'Simlar co Exiting ‎0.9 Some Research Completed’ Extemely Complex No Additional ‏كمي‎ ‎Never Done Defore ‎‘CONSEQUENCE OF FAILURE (Ci) ATTRIBUTES OF SUGGESTED TECHNOLOGY ‎ ‎ ‎ ‎Downer (OT)‏ ] مس سا هعومجم ‎Souris‏ ‎Confident Mighty Contident‏ 90—100% موه ام بو ‎Wil Meet 1OC Wil Renee DT‏ تسس ‎Sigmileanly‏ ‏تقر م كته مد تدس بق ممم كيه 05 ‎Wil Reduce DT‏ الل لسر باس ‎Significant‏ ‎Sinwle Accpiable LCC WIN Nor 30—75% enident—mughly Content‏ 0 ‎Aleraiive ge Much Wl Moet IOC Wil Reduce DT.‏ ‎Somewhat‏ ‎Some Possible Fale Confident 25—S0% canddent Farry Coariéent‏ 07 ‎Alteratives Willncrase 1c Wi Meet IOC Wil Reduce DT‏ ‎Somewhat‏ ‎NoAccepsable Highly Confident 0—25% Confers DT May Not Be‏ 09 ‏۱ مس 

صفحه 8:
Figure li-o, Chart showing High-, Medium-, and Low-Risk Technologies | High Risk ae Medium Risk 2 Risk 0.2 04 0.6 0.8 1.0 Consequence of Failure (Cf) 1.0 08 0.6 04 0.2 0 Probability of Failure (Pf) 

صفحه 9:
Top Ten Risk Item Tracking Top Ten Risk Item Tracking is a qualitative risk analysis tool that helps to identify risks and maintain an awareness of risks throughout the life of a project. Establish a periodic review of the top ten project risk items. List the current ranking, previous ranking, number of times the risk appears on the list over a period of time, and a summary of progress made in resolving the risk item. 

صفحه 10:
Table 11-7. Example of Top Ten Risk Item Tracking Went Radi RisItem [This |Last [Number | Risk Resolution Month | Month | oMonths | Progress Tradequate T 2 4 Working on revising the planning entire project plan Poor definition | 2 3 3 Holding meetings with of scope project customer and ‘sponsor to clarify scope Absenccof 3 1 2 Just assigned anew leadership [project manager to lead the project after old one quit Poor cost 4 4 3 Revising cost estimates ۹ Poor time 5 5 3 Revising schedule estimates estimates 

صفحه 11:
Expert Judgment = Many organizations rely on the intuitive feelings and past experience of experts to help identify potential project risks. " Experts can categorize risks as high, medium, or low with or without more sophisticated techniques. = Can also help create and monitor a watch list, a list of risks that are low priority, but are still identified as potential risks. 

صفحه 12:
Quantitative Risk Analysis " Often follows qualitative risk analysis, but both can be done together. * Large, complex projects involving leading edge technologies often require extensive quantitative risk analysis. * Main techniques include: " Decision tree analysis * Simulation " Sensitivity analysis 

صفحه 13:
0 « ۲/۱ ۱( ۵10/11ن1ی ات1271 ‎Expected Monetary Value‏ ‎(EMV)‏ " A decision tree is a diagramming analysis technique used to help select the best course of action in situations in which future outcomes are uncertain. " Estimated monetary value (EMV) is the product of a risk event probability and the risk event’s monetary value. = You can draw a decision tree to help find the EMV. 

صفحه 14:
1 ‏1للمال1!‎ 2 1 1۰۹۷. LAVOCULou Monetary Value (EMV) Example Probability (P) times Outcome = EMV P=.20, x $300,000 = +$60,000 Project 1 Decision, P=.80 x —$40,000 = —$32,000 P=.20 X —$50,000 =—$10,000 Project 2 ‏ير که‎ —$20,000 = —$2,000 P=.70 x $60,000 = $42,000 Project 1's EMV = $60,000 —32,000 = $28,000 Project 2's EMV = —$10,000 —2,000 + 42,000 = $30,000 14 

صفحه 15:
Sensitivity Analysis " Sensitivity analysis is a technique used to show the effects of changing one or more variables on an outcome. " For example, many people use it to determine what the monthly payments for a loan will be given different interest rates or periods of the loan, or for determining break-even points based on different assumptions. = Spreadsheet software, such as Excel, is a common tool for performing sensitivity analysis. 

صفحه 16:
Figure ۲1-0. 521122216 7 Analysis for Determining Break- 2 ‏لله الخصقيصظط دحصبحط‎ rat at 07 Fever ‏مر‎ 5 95 5.00 ‏ود ند مسر‎ 2 na 100112660 0 ۷ ‏و انز‎ 0 200 24000 4900 ne ‏لد ان‎ 46.000 1 ‏رد سا‎ 48-00] an 3900_4200 200 x ‘fool 48,00) 67-00] 3 ‏لسع سرد‎ rs ‏اللا الل‎ ELL 86.00 له ند 56 1 ‎una‏ ات ره ند ]73.00 رد تلو ‎Lo‏ لس ]77-00 رو تلم 7 ‏تلا‎ 4 ( ‏هلر 5 — او وا وم‎ e600] ‏ات تنل‎ ]0 62 تیا تلو ‎SU) 1 9” 0]‏ مومع واه ‎Fixed‏ ‏]00 1 ۳۹ نتود 70 ‏تعتاند .نت2‎ 106 0] ‏تحت‎ Point (Unite Sot: 0] ‘o.sua| Tas cco) 108.0] Revenue at resl-Even Pont 500) 11 ‏تانق‎ 113.00] ‏را رنه رز‎ 1 تا نتق مر ]124.0 )60.000 نت2 12 تا نقق 3 ‎tea Geo] —1=3.0]‏ ]7.500 ‎tes oo] Vs]‏ ]74,000 سح سس 

صفحه 17:
17 Risk Response Planning " After identifying and quantifying risks, you must decide how to respond to them. " Four main response strategies for negative risks: = Risk avoidance = Risk acceptance " Risk transference * Risk mitigation 

صفحه 18:
Mitigation Strategies for Technical, Cost, and Schedule 3 TECHNICAL RISKS Cost Risks ‘SCHEDULE RISKS. Emphasize team support Increase the frequency Increase the frequency and avoid stand-alone of project monitoring of project monitoring project structure Increase project manager Use WBS and CPM Use WBS and CPM authority Improve problem handling Improve communication, _ Select the most experienced and communication project goals understanding, project manager and team support Increase the frequency of Increase project manager project monitoring authority Use WBS and CPM. 18 

صفحه 19:
Response Strategies for Positive Risks Risk exploitation Risk sharing Risk enhancement Risk acceptance 

صفحه 20:
Residual and Secondary Risks " It’s also important to identify residual and secondary risks. * Residual risks are risks that remain after all of the response strategies have been implemented. " Secondary risks are a direct result of implementing a risk response. 

صفحه 21:
Media Snapshot " A highly publicized example of a risk response to corporate financial scandals, such as those affecting Enron, Arthur Andersen, and WorldCom, was legal action. " The Sarbanes-Oxley Act of 2002 is considered the most significant change to federal securities laws in the United States since the New Deal. " This Act has caused many organizations to initiate projects and other actions to avoid litigation.* *losub, John C., “What the Sarbanes-Oxley Act Means for IT Managers,” TechRepublic, (March 19, 2003) (http://techrepublic.com.com/5100-6313-5034345.htm)). 21 

صفحه 22:
22 Risk Monitoring and Control " Involves executing the risk management process to respond to risk events. " Workarounds are unplanned responses to risk events that must be done when there are no contingency plans. " Main outputs of risk monitoring and control are: = Requested changes. = Recommended corrective and preventive actions. " Updates to the risk register, project management plan, and organizational process assets. 

صفحه 23:
Using Software to Assist in Project Risk Management " Risk registers can be created in a simple Word or Excel file or as part of a database. " More sophisticated risk management software, such as Monte Carlo simulation tools, help in analyzing project risks. " The PMI Risk Specific Interest Group’s Web site at has a detailed list of software products to assist in risk management. 

صفحه 24:
Results of Good Project Risk Management " Unlike crisis management, good project risk management often goes unnoticed. " Well-run projects appear to be almost effortless, but a lot of work goes into running a project well. " Project managers should strive to make their jobs look easy to reflect the results of well-run projects. 

صفحه 25:
Chapter Summary * Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives. = Main processes include: * Risk management planning * Risk identification " Qualitative risk analysis " Quantitative risk analysis * Risk response planning " Risk monitoring and control 

صفحه 26:
lable 1-2. ۱5 Addressed in a Risk Management Plan Methodology Roles and responsibilities Budget and schedule Risk categories Risk probability and impact Risk documentation