![Page 1: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/1.jpg)
WISQA: Risk Management for I/S Projects
Paula Duchnowski CQA, CSTEpaula.duchnowski@generalcasualty
.comGeneral Casualty Insurance
May 9, 2002
![Page 2: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/2.jpg)
Risk Management for I/S Projects
Why is Risk Management Important?What is Risk?Risk Management Process
– Identify project goals & objectives– Identify Risk– Analyze Risk– Plan for Risk– Control Risk
![Page 3: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/3.jpg)
Why are we here?
Information Technology Projects are difficult to manage
Project failures occur with alarming frequency
Prudent measures to assess and manage risk can increase probability of project success
![Page 4: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/4.jpg)
What is Risk?
A potential problem waiting to happen
May adversely impact schedule, cost, objectives
Will vary in probability, impact and timeframe
![Page 5: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/5.jpg)
What is Risk Management?Risk Management is
a systematic process of identifying, analyzing and responding to project risk.
PMI’s PMBOK
![Page 6: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/6.jpg)
Step 1: Identify Project Goals and ObjectivesWhat are business objectives? What are technical objectives?What are project constraints?Identify and state risks as they relate
to the ability to achieve objectives within the known constraints
Note: If objectives aren’t well-defined - that is a major risk.
![Page 7: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/7.jpg)
Case Study Introduction
Improving and enforcing the Software Development Life Cycle– Small Shop– Not a process-
oriented culture
Project Objectives:Increase consistency
among all software development projects
Utilize processes that will increase the probability of project success
![Page 8: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/8.jpg)
Step 2: Identify Risks
Encourage input of perceived riskIdentify risk while there is time to
take actionCapture risk in readable formatCommunicate risk to those who
can solve itGoal: Prevent project surprises
![Page 9: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/9.jpg)
Risk Identification: examplesInadequate
Management Commitment
Ambiguous requirements
Inadequate user involvement
New Technology
Undefined or ambiguous Scope
Insufficient or inappropriate staffing
Inadequate tools or technology
Large and dispersed project team
![Page 10: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/10.jpg)
Identifying Risks
Various publications and organizations have developed generic risk categories and generic checklists.
Checklists help assure aren’t overlooking something
Consider three perspectives: – Project
Management and staffing
– Technical– Quality of Product
![Page 11: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/11.jpg)
Project Management Perspective: Tactical Considerations BudgetResource availability
and expertiseAdequacy of
Methodology / process
Project Size & Complexity
Schedule & Estimating risks
Vendor Management
Project Communication
Sponsorship and high-level support
![Page 12: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/12.jpg)
Technical Perspective
Data Conversion: (GIGO) System Interfaces Operations / Post-
implementation Support New or unproven
Technology Implementation & rollout Infrastructure support Adequacy of Infrastructure Legacy Impacts / Support
![Page 13: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/13.jpg)
Quality Risks
How well will product meet expectations?– Ease of Use– Data Integrity– Understand
impact to users
Defects in production
![Page 14: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/14.jpg)
Techniques to Identify Risk
Checklists: Several Checklists are available as reminders of possible risk areas to consider
Interviews: Group or individualWorking Group / WorkshopPeriodic meetings: Dialogue of risk
informationSurveys: Selected categories of
people identify risks quickly
![Page 15: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/15.jpg)
Statement of Risk
May need to “Drill Down” to determine the real risk to the project:– Asking Why?– Why is this situation a risk to the project?– What is the worst case scenario if the risk
is realized?– Some less than ideal circumstances may
not be true risks
![Page 16: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/16.jpg)
Discussion
Case Study: Enhancing and enforcing the Software Development Life Cycle
What are some of the risks?
(be creative- pretend you know this company)
![Page 17: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/17.jpg)
Step 2: Risk Analysis
Quantify two factors: – Probability of a failure– Impact of a failure
Risk Exposure (RE) = P x IExamples:
– Tornado in Wisconsin (low probability, high impact)– My son forgetting to take out garbage (High
probability, low impact)– Others: What risk(s) have you taken today??
![Page 18: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/18.jpg)
Quantifying Risk
Early in Project More difficult to be
precise Establish risk ‘order
of magnitude’ Continue to revisit
as part of risk management process
![Page 19: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/19.jpg)
Quantifying Risk: Tools and Techniques
Decision tree– Identify possible outcomes: associated
likelihood and impactIdentify expected monetary value:
– (probability %) x (Risk event value)Simulation:
– Prototype ‘what if’ scenariosExpert Judgement (Use a
‘judgement’ based scale)
![Page 20: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/20.jpg)
Quantifying Risk
Define scale you will be using for Probability and Impact
Try to define scale to correspond to key objectives and constraints
Look at example Checklist
![Page 21: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/21.jpg)
See GC’s Risk Checklist
Work in ProcessBased on Lessons Learned &
Industry standard risksTool for PMsIncludes a risk ‘scale’ for probability
and impactWeighted factors for size &
complexity
![Page 22: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/22.jpg)
Discussion: Case Study Risks
What is probability of each risk occurring?
What is impact if the risk is realized?
![Page 23: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/23.jpg)
Step 4: Plan for Risk
Develop Risk Management Plan
For each Risk– Determine Time
Frame for action– Define Mitigation
Strategy
![Page 24: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/24.jpg)
Plan for Risk: Risk Management PlanDefine the Process for
tracking and monitoring risk
Roles & Responsibilities What and how risk
information will be tracked
Establish Mitigation Strategies
![Page 25: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/25.jpg)
Possible Mitigation Strategies
Acceptance: Consciously choose to live with the risk consequences
Avoidance: Eliminate the risk. Protection: Backup / contingency
plan, i.e. Redundant system.Reduction: Reduce either the
probability or impact of the risk.
![Page 26: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/26.jpg)
More Mitigation Strategies
Research: Need more information - i.e. market research; prototypes
Risk Reserves: Leave a contingency - or margin for error.
Transfer: Shift risk to another organization, person or group (retain responsibility)
![Page 27: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/27.jpg)
Document Known Risks
Description of riskDate identifiedWho identifiedCategoryStatusRisk OwnerWho is assignedMitigation strategy
Action PlanTime Frame to actRE: Probability &
ImpactOther Measures:
– Quantitative threshold
– Leading indicators– Risk Leverage
![Page 28: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/28.jpg)
Discussion
Discuss possible mitigation strategies for case study risks
![Page 29: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/29.jpg)
Step 5: Control Risk - On-goingPeriodic monitoring and reporting of risk
data– Visibility and accountability regarding risk
status– Reports from risk repository
Periodic meetings / updates regarding risk status
Periodic re-assessment of risk exposureUpdate Risk data and project plan
![Page 30: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/30.jpg)
Summary
Why Risk Management is ImportantSteps of a Risk Management Process
– Identify Project Goals & Objectives– Identify Risk– Analyze Risk– Plan for Risk– Control Risk
![Page 31: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/31.jpg)
Thank you
![Page 32: WISQA: Risk Management for I/S Projects Paula Duchnowski CQA, CSTE paula.duchnowski@generalcasualty.com General Casualty Insurance May 9, 2002](https://reader035.vdocuments.mx/reader035/viewer/2022062315/5697bfd91a28abf838caf678/html5/thumbnails/32.jpg)
Bibliography Project Management Institute: Project Management
Body of Knowledge Keil, Mark; Cule, Paul; Lytinen, Kalle; Schmidt, Roy: A
Framework for identifying software project risks: Communications of the ACM, November 1998
Hall, Elaine. Managing Risk. Methods for software systems development. Reading, MA: Addison-Wesley Publishing, 1998.
Jones, Capers. Assessment and Control of Software Risks, 1994.
Mulcahy, Rita, Managing and Estimating Project Risks, September, 1999.