INFO3333
Computing 3 Management
Lecture 6
Managing IT Project: Risk
Semester 1, 2021 Dr Rabiul Hasan
The University of Sydney
Page 1
Source:
Schwalbe, K, Information Technology Project Management (9th Edition). Cengage Learning, 2019
Recapture From Lecture 5
We discussed Managing IT Project: Quality
Concept of project quality
Quality management overview
Basic tools and techniques for quality control
The University of Sydney
Page 2
Where Are We Now ? — Course map
The University of Sydney Page 3
Learning Objectives
Discuss Project Risk Management Processes
Explain the process of identifying risks and developing risk
register
Discuss the risk response strategies
Discuss the concept of residual and secondary risks.
The University of Sydney
Page 4
Risk?
General meaning — “the possibility of loss or injury”
Project risk is an uncertainty that can have a negative or
positive effect on meeting project objectives
The University of Sydney Page 5
Why Is Risk Management Important?
KEY: 1 = LOWEST MATURITY RATING 5 = HIGHEST MATURITY RATING
Knowledge Area
Engineering/ Construction
Telecommunications
Information Systems
Hi-Tech Manufacturing
Scope
3.52
3.45
3.25
3.37
Time
3.55
3.41
3.03
3.50
Cost
3.74
3.22
3.20
3.97
Quality
2.91
3.22
2.88
3.26
Human Resources
3.18
3.20
2.93
3.18
Communications
3.53
3.53
3.21
3.48
Risk
2.93
2.87
2.75
2.76
Procurement
3.33
3.01
2.91
3.33
The University of Sydney
Page 6
Influence of Risk
The University of Sydney Adapted from: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Fifth Edition Page 7
Negative & Positive Risk
Negative risks: potential problems that might occur in the project and how they might obstruct project success
Positive risks: risks that result in good things happening; sometimes called opportunities
The University of Sydney Page 8
Project Risk Management Processes
Planning risk management : Deciding how to approach and plan the risk management activities for the project
Identifying risks: Determining which risks are likely to affect a project and documenting the characteristics of each
Performing qualitative risk analysis: Prioritizing risks based on their probability and impact of occurrence
Performing quantitative risk analysis: Numerically estimating the effects of risks on project objectives
Planning risk responses: Taking steps to enhance opportunities and reduce threats to meeting project objectives
Controlling risk: Monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project
The University of Sydney Page 9
Categories of Risk
Following are some categories of IT project risks. Market risk:
Financial risk
Technology risk
People risk
Structure/process risk
The University of Sydney
Page 10
Risks Identification
Identifying risks is the process of understanding what potential events might hurt or enhance a particular project
Risk identification tools and techniques include: – Brainstorming
– TheDelphiTechnique – Interviewing
– SWOT analysis
The University of Sydney
Page 11
Risk Analysis
The University of Sydney Adapted from: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Fifth Edition Page 12
Risk Analysis
Sensitivity analysis. It helps to determine which risks have the most potential impact on the project.
The University of Sydney Adapted from: A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Fifth Edition Page 13
Risk Register
A risk register is:
– A document that contains the results of various risk management processes and that is often displayed in a table or spreadsheet format
– A tool for documenting potential risk events and related information
The University of Sydney Page 14
Risk Register – Contents
An identification number for each risk event
A rank for each risk event
The name of each risk event
A description of each risk event
The category under which each risk event falls
The root cause of each risk
Potential responses to each risk
The risk owner or person who will own or take responsibility for each risk
The probability and impact of each risk occurring.
The status of each risk
The University of Sydney Page 15
Risk Register
The following is a template of Risk Register. You may add more contents (e.g., risk status) as needed
No.: R05
Rank: 1
Risk name: New customer
Description: We have never done a project for this organization before and don’t
know too much about them. One of our company’s strengths is building good customer relationships, which often leads to further projects with that customer. We might have trouble working with this customer because they are new to us.
Category: People risk
Etc.
The University of Sydney
Page 16
Risk Response Strategies
Response strategies for negative risks:
– Riskavoidanceoreliminatingaspecificthreat,usuallybyeliminatingits
causes
– Riskacceptanceoracceptingtheconsequencesshouldariskoccur.
– Risktransferenceorshiftingtheconsequenceofariskandresponsibility for its management to a third party.
– Riskmitigationorreducingtheimpactofariskeventbyreducingthe probability of its occurrence.
Response strategies for positive risks:
– Riskexploitationinvolvesdoingwhateveryoucantomakesurethe
positive risk happens.
– Risksharinginvolvesallocatingownershipoftherisktoanotherparty
– Riskenhancementinvolveschangingthesizeoftheopportunityby identifying and maximizing key drivers of the positive risk.
– Riskacceptanceappliestopositiveriskswhentheprojectteamcannotor chooses not to take any actions toward a risk.
The University of Sydney Page 17
Residual and Secondary Risks
Residual risks are risks that remain after all of the response strategies have been implemented
Secondary risks are a direct result of implementing a risk response
The University of Sydney
Page 18
Class Quiz
Q1: Who monitors individual risk?
Q2: Who is responsible for managing project risks?
Q3: How many risks you need to identify for your project? Why?
Q4 (a): How to present (the best way to deal with) risk in your project proposal?
Q4 (b): What is the objective of discussing risks in the project proposal?
The University of Sydney Page 19
Class Exercise 1 – Risk Management Activities using the case of Self Driving Uber
The case study is uploaded on Canvas week 6.
Review it and identify project risks
Q.2: Which response strategy would you use to address each of the risks? Why?
Room 1, write your response here: https://docs.google.com/document/d/1JHuYzZevW47LNSFffKydH43K8phpMl
B3-lot6Bg2okQ/edit?usp=sharing
The University of Sydney Page 20
Class Exercise 2 – South Australia Health IT Project The case study is uploaded on Canvas week 6.
Q1: Review it and identify the risks, their types and potential impact on the project.
Room 2, write your response here: https://docs.google.com/document/d/19tXS_DqiZEpwgv4Lv1jvk7eQiuTS5iswn
MQSM-CsyxQ/edit?usp=sharing
The University of Sydney Page 21
Class Exercise 3 – IBM and HP on notice The case study is uploaded on Canvas week 6.
Q1: Assume you are an IT project manager. What did you learn from this case study in terms of project risks?
Room 3, write your response here: https://docs.google.com/document/d/1-
DZyKPl_7lyB4VOThD3OTELnDyUxo66eSd80fKNjJCo/edit?usp=sharing
The University of Sydney Page 22
Discussion on Group Projects
The University of Sydney Page 23
Lecture Summary
Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives
Main processes include:
– Planriskmanagement
– Identifyrisks
– Performqualitativeriskanalysis – Performquantitativeriskanalysis – Planriskresponses
– Controlrisks The University of Sydney
Page 24
Announcement (if any)
Q &A?
Thanks everyone !
The University of Sydney Page 25