CS计算机代考程序代写 decision tree Excel PowerPoint Presentation

PowerPoint Presentation

Information Technology

FIT2002

IT Project Management

Lecture 7

Project Risk Management

Video 1:
Learning Objectives

 Understand risk and the importance of good project risk

management

 Discuss the elements of planning risk management and the

contents of a risk management plan

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 2

The Importance of Project Risk Management

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 3

 Project risk management is the art and science of identifying,

analysing, and responding to risk throughout the life of a project

and in the best interests of meeting project objectives

 Risk management is often overlooked in projects, but it can help

improve project success by helping select good projects,

determining project scope, and developing realistic estimates

 Helps project stakeholders understand the nature of the project,

and helps to integrate other project management knowledge

areas.

Benefits from Software Risk Management

Practices*

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 4

*Source: Kulik and Weber, KLCI Research Group

Global Issues

 According to a global survey of 316 financial services executives,

over 70 percent of respondents believed that the losses

stemming from the credit crisis were largely due to failures to

address risk management issues

 Worldwide banking and insurance sectors will spend about $78.6

billion on risk information technologies and services in 2015,

growing to $96.3 billion by 2018

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 5

Negative Risk

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 6

 A dictionary definition of risk is “the possibility of loss or

injury”

 Negative risk involves understanding potential problems

that might occur in the project and how they might impede

project success

 Managing negative risks involves a number of possible

actions such as to avoid, lessen, change, or accept the

potential effects of risks on projects

Risk Can Be Positive

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 7

 Positive risks are risks that result in good things happening;

sometimes called opportunities

 A general definition of project risk is an uncertainty that can

have a negative or positive effect on meeting project objectives

 The goal of project risk management is to minimize potential

negative risks while maximizing potential positive risks

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 8

Risk Management

 Risk management is an investment—costs are associated with it

 Cost for risk management should not exceed the potential

benefits

 Organisation should not only address tactical and negative risks

 David Hillson, (www.risk-doctor.com) suggests to as integrated

risk management by widening the scope of risk management to

encompass both strategic risks and upside opportunities

Some ‘Risk’ Terms

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 9

 Risk appetite – the degree of uncertainty an entity is willing to

take on, in anticipation of a reward

 Risk tolerance – the maximum acceptable deviation an entity is

willing to accept as the potential impact.

 Risk utility is the amount of satisfaction or pleasure received

from a potential payoff

 Known risks – Risks that the project team has identified and

analyzed and that can be managed proactively.

 Unknown risks – Risks that have not been identified and

analysed and cannot be managed.

Risk Utility Function and Risk Preference

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 10

Utility rises at a

decreasing rate for

people who are risk-

averse

Risk-neutral

approach achieves a

balance between risk

and payoff

Risk-seekers have a

higher tolerance for risk

& satisfaction increases

with higher payoffs

Project Risk Management Processes

 Planning risk management : Deciding how to approach and
plan the risk management activities for the project

 Identifying risks: Determining which risks are likely to affect a

project and documenting the characteristics of each

 Performing qualitative risk analysis: Prioritizing risks based on

their probability and impact of occurrence

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 11

Project Risk Management Processes (cont’d)

 Performing quantitative risk analysis: Numerically estimating

the effects of risks on project objectives

 Planning risk responses: Taking steps to enhance

opportunities and reduce threats to meeting project objectives

 Controlling risk: Monitoring identified and residual risks,

identifying new risks, carrying out risk response plans, and

evaluating the effectiveness of risk strategies throughout the life

of the project

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 12

Project Risk Management Summary

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 13

Planning Risk Management

 The main output of this process is a risk management

plan—a plan that documents the procedures for managing

risk throughout a project

 The project team should review project documents and

understand the organization’s and the sponsor’s

approaches to risk

 The level of detail will vary with the needs of the project

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 14

Topics Addressed in a Risk Management Plan

 Methodology

 Roles and responsibilities

 Budget and schedule

 Risk categories

 Risk probability and impact

 Revised stakeholders’ tolerances

 Tracking

 Risk documentation

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 15

Video 2:
Learning Objectives

 Discuss the different categories of risk

 Describe a risk breakdown structure

 Describe the process of identifying risks and create a risk

register (in supplementary video)

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 16

IT Success Potential Scoring Sheet

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 17

Success Criterion Relative Importance

User Involvement 19

Executive Management support 16

Clear Statement of Requirements 15

Proper Planning 11

Realistic Expectations 10

Smaller Project Milestones 9

Competent Staff 8

Ownership 6

Clear Visions and Objectives 3

Hard-Working, Focused Staff 3

Total 100

Broad Categories of Risk

 Market risk

 Financial risk

 Technology risk

 People risk

 Structure/process risk

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 18

Risk Breakdown Structure

 A risk breakdown structure is a hierarchy of potential risk

categories for a project

 Similar to a work breakdown structure but used to identify and

categorize risks

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 19

Sample Risk Breakdown Structure

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 20

Potential Negative Risk Conditions Associated With

Each Knowledge Area

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 21

Identifying Risks

 Identifying risks is the process of understanding what potential

events might hurt or enhance a particular project

 Another consideration is the likelihood of advanced discovery

 Risk identification tools and techniques include:

– Brainstorming

– The Delphi Technique

– Interviewing

– SWOT analysis

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 22

Brainstorming

 Brainstorming is a technique by which a group attempts to

generate ideas or find a solution for a specific problem by

amassing ideas spontaneously and without judgment

 An experienced facilitator should run the brainstorming session

 Be careful not to overuse or misuse brainstorming.

– Psychology literature shows that individuals produce a

greater number of ideas working alone than they do through

brainstorming in small, face-to-face groups

– Group effects often inhibit idea generation

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 23

Delphi Technique

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 24

 The Delphi Technique is used to derive a consensus among a

panel of experts

 It is a systematic, interactive procedure based on independent

and anonymous input from project risk experts.

 Facilitator uses repeated rounds of questioning and written

responses and consensus may be reached in a few rounds of

this process

 It avoids the biasing effects possible in oral methods, such as

brainstorming

Interviewing

 Interviewing is a fact-finding technique for collecting information

in face-to-face, phone, e-mail, or instant-messaging discussions

 Interviewing people with similar project experience or

stakeholders and subject matter experts is an important tool for

identifying potential risks

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 25

Root Cause Analysis and SWOT Analysis

 Root cause analysis – a technique used to identify a problem,

discover the underlying causes and then develop preventive

measures

 SWOT analysis (strengths, weaknesses, opportunities, and

threats) can also be used during risk identification

 SWOT analysis helps identify the broad negative and positive

risks that apply to a project

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 26

Diagramming Techniques

 Cause and effect diagrams – also known as Ishikawa or

fishbone diagram

 Systems or process flowchart – show how various elements

of a system interrelate

 Influence diagram – showing causal influences and

relationships among variables and outcomes

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 27

Risk Register

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 28

 The main output of the risk identification process is a list of

identified risks and other information needed to begin creating a

risk register

 A risk register is:

– A document that contains the results of various risk

management processes often presented in a table

– A tool for documenting potential risk events and related

information

 Risk events refer to specific, uncertain events that may occur

– to the detriment (due to negative risk event) or

– enhancement (due to positive risk event) of the project

Sample Risk Register

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 29

• No.: R44

• Rank: 1

• Risk: New customer

• Description: We have never done a project for this organization before and

don’t know too much about them. One of our company’s strengths is

building good customer relationships, which often leads to further projects

with that customer. We might have trouble working with this customer

because they are new to us.

• Category: People risk

• Etc.

Risk Register Contents

 An identification number for each risk event

 A rank for each risk event

 The name of each risk event

 A description of each risk event

 The category under which each risk event falls

 The root cause of each risk

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 30

Risk Register Contents (cont’d)

 Triggers for each risk; triggers are indicators or symptoms of

actual risk events

 Potential responses to each risk

 The risk owner or person who will own or take responsibility for

each risk

 The probability and impact of each risk occurring.

 The status of each risk

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 31

Video 3:
Learning Objectives

 Discuss qualitative risk analysis

 Explain how to calculate risk factors, create

probability/impact matrixes and apply the Top Ten Risk

Item Tracking technique to rank risks

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 32

Performing Qualitative Risk Analysis

 Assess the likelihood and impact of identified risks to determine

their magnitude and priority

 Risk quantification tools and techniques include:

– Probability/impact matrixes

– The Top Ten Risk Item Tracking

– Expert judgment

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 33

Probability/Impact Matrix

 A probability/impact matrix or chart lists the relative probability

of a risk occurring on one side of a matrix or axis on a chart and

the relative impact of the risk occurring on the other

 List the risks and then label each one as high, medium, or low in

terms of its probability of occurrence and its impact if it did occur

 Can also calculate risk factors:

– Numbers that represent the overall risk of specific events

based on their probability of occurring and the

consequences to the project if they do occur

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 34

Sample Probability/Impact Matrix

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 35

36

Chart Showing High-, Medium-, and Low-Risk

Technologies

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning

Top Ten Risk Item Tracking

 Top Ten Risk Item Tracking is a qualitative risk analysis tool

that helps to identify risks and maintain an awareness of risks

throughout the life of a project

 Establish a periodic review of the top ten project risk items

 List the current ranking, previous ranking, number of times the

risk appears on the list over a period of time, and a summary of

progress made in resolving the risk item

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 37

Example of Top Ten Risk Item Tracking

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 38

Risk Management Review

 Objectives of risk management review:

– keeps management (and probably customer) aware of

major influences that could prevent or enhance the project’s

success;

– to consider alternative strategies for addressing the risks;

– promotes confidence in the project team by demonstrating

that the team is aware of significant risks, has a strategy in

place and is effectively carrying out that strategy

 A watch list is a list of risks that are low priority, but are still

identified as potential risks

 Qualitative analysis can also identify risks that should be

evaluated on a quantitative basis

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 39

Video 4:
Learning Objectives

 Explain quantitative risk analysis and

 How to apply decision trees, simulation, and sensitivity

analysis to quantify risks

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 40

Performing Quantitative Risk Analysis

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 41

 Often follows qualitative risk analysis, but both can be done
together

 Large, complex projects involving leading edge technologies
often require extensive quantitative risk analysis

 Main techniques include:

– Data gathering

• Interviewing experts

• collecting probability distribution information

– Analysis and modelling techniques:

• Decision tree analysis

• Simulation

• Sensitivity analysis

Decision Trees and Expected Monetary Value

(EMV)

 A decision tree is a diagramming analysis technique used to

help select the best course of action in situations in which future

outcomes are uncertain

 Estimated monetary value (EMV) is the product of a risk event

probability and the risk event’s monetary value

 You can draw a decision tree to help find the EMV

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 42

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 43

Expected Monetary Value (EMV) Example

Simulation

 Simulation uses a representation or model of a system to

analyze the expected behavior or performance of the system

 Monte Carlo analysis simulates a model’s outcome many times

to provide a statistical distribution of the calculated results

 To use a Monte Carlo simulation, you must have three estimates

(most likely, pessimistic, and optimistic) plus an estimate of the

likelihood of the estimate being between the most likely and

optimistic values

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 44

Steps of a Monte Carlo Analysis

1. Assess the range for the variables being considered

2. Determine the probability distribution of each variable

3. For each variable, select a random value based on the

probability distribution

4. Run a deterministic analysis or one pass through the model

5. Repeat steps 3 and 4 many times to obtain the probability

distribution of the model’s results

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 45

Sensitivity Analysis

 Sensitivity analysis is a technique used to show the effects of

changing one or more variables on an outcome

 For example, sensitivity analysis may be used to determine the

monthly payments for a loan at different interest rates or periods

of the loan, or for determining break-even points based on

different assumptions

 Spreadsheet software, such as Excel, is a common tool for

performing sensitivity analysis

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 46

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 47

Sample Sensitivity Analysis for Determining

Break-Even Point

Video 5:
Learning Objectives

 Provide examples of using different risk response planning

strategies to address both negative and positive risks

 Discuss how to control risks

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 48

Planning Risk Responses

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 49

 After identifying and quantifying risks, you must decide how to

respond to them

 Developing options and defining strategies for reducing negative

risks and enhancing positive risks

 Four main response strategies for negative risks (TARA)

– Risk Transference

– Risk Avoidance

– Risk Mitigation (Reduction)

– Risk Acceptance

General Risk Mitigation Strategies for

Technical, Cost, and Schedule Risks

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 50

Response Strategies for Positive Risks

 Risk exploitation

 Risk sharing

 Risk enhancement

 Risk acceptance

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 51

Residual and Secondary Risks

 It’s also important to identify residual and secondary risks

 Residual risks are risks that remain after all of the response

strategies have been implemented

 Secondary risks are a direct result of implementing a risk

response

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 52

Controlling Risks

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 53

 Involves executing the risk management process to respond to

risk events and ensuring that risk awareness is an ongoing

activity performed by the entire project team throughout the

entire project

 A redistribution of resources devoted to risk management may

be necessary because of changes in risk exposure

 Monitoring risks based on defined milestones and making

decisions regarding risks and their response strategies

 Workarounds are unplanned responses to risk events that must

be done when there are no contingency plans

Contingency and Fallback Plans, Contingency

Reserves

 Contingency plans are predefined actions that the project team

will take if an identified risk event occurs

 Fallback plans are developed for risks that have a high impact

on meeting project objectives, and are put into effect if attempts

to reduce the risk are not effective

 Contingency reserves or allowances are provisions held by

the project sponsor or organization to reduce the risk of cost or

schedule overruns to an acceptable level;

 Management reserves are funds held for unknown risks that are

NOT part of the cost baseline but ARE part of the budget and

funding requirements

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 54

Controlling Risks – Outputs, Tools & Techniques

 Main outputs of risk control are:

– Work performance information

– change requests

– updates to the project management plan, other project

documents, and organisational process assets

 Tools and Techniques:

– risk reassessment or audits

– variance and trend analysis

– technical performance measurements

– reserve analysis

– status meetings/periodic risk reviews – Top Ten Risk Item

Tracking

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 55

Results of Good Project Risk Management

 Unlike crisis management, good project risk management often

goes unnoticed

 Well-run projects appear to be almost effortless, but a lot of work

goes into running a project well

 Managing project risks requires dedicated and talented

professionals

Schwalbe, K.. (2015). Information Technology Project Management. (8e) Cengage Learning 56