planning for risk and change geoff leese sept 1999 revised sept 2001, jan 2003, jan 2006, jan 2007,...
TRANSCRIPT
Planning for Risk and Change
Geoff Leese Sept 1999 revised Sept 2001, Jan 2003, Jan 2006, Jan 2007, Jan 2008,
Dec 2008(special thanks to Geoff
Leese)
Risk and risk management
Much “risk management” focussed on Health and Safety risks these days
Topic is much bigger than that Business risk Security risk Business continuity
Introduction
Is it worth doing? Cost/benefit analysis
What might affect it if we go ahead? Risk management
Cost-benefit analysis (1)
Cashflow projection Payback period
Time taken to “break even” Return on Investment (Accounting
Rate of Return) average annual profit/total
investment*100
Cost-benefit analysis (2)
Present value value in year t/(1+r)t
“r” is discount rate as decimal value Discount factor tables are available! Net Present Value of a project (NPV)
Sum of discounted values of all cashflows for that project
Assessment of riskRisk Importance Likelihood
Customer cancels contract High Low
Supplier goes bankrupt Low Medium
Budget exceeded by <= 20% Low Medium Budget exceeded by > 20% Medium Low Maintenance costs higher than estimate
Low Low
Response time targets not met
Low High
“Risky” projects less likely to start.
Apply “Risk premium” to discount rates for NPV
Expected Value
Sales Net AnnualIncome (I)
Probability(P)
ExpectedValue (I*P)
Optimistic £800,000 0.1 £80,000
Most Likely £650,000 0.6 £390,000
Pessimistic £100,000 0.3 £30,000
ExpectedIncome
£500,000
Weighted average of all possible outcomes. A useful measure for comparing contracts!
Risk Profile Analysis
Sensitivity analysis Vary each factor (in turn) by + or -
5% Recalculate costs/benefits Indicates sensitivity of project to each
factor Helps with risk assessment
Monte Carlo Method? (see Cotterill. & Hughes Chap 7)
Decision trees (1)Improve or replace machinery?Market will expand, or not expand?
D
Improve
Replace
Expansion
Expansion
No expansion
No expansion
NPV (£)-100,000
75,000
250,000
-50,000
0.2
0.8
0.2
0.8
Decision trees (2)
Improve - (0.2*-100,000) +(0.8*75,000) =£25,600
Replace (0.2*250,000) + (0.8*-50,000) =£10,000
Therefore choose Improvement!
Project Evaluation
Evaluate on economic,strategic and technical grounds
Assess all costs & income over lifetime of project
Discount accordingly Allow for uncertainty! Evaluate expected outcomes and
choose strategies
Risk management (1)
Estimation errors Use historical data and keep records!
Planning assumptions State, and be prepared to revise
them! Eventualities
Identify, and deal with them!
Risk management (2)
Hazard identification Risk analysis Risk prioritisation Risk reduction Risk monitoring
Hazard identification
Contract Factors (is it special or different?) Customer Factors Staff Factors Project Methods Technology Factors Changeover Factors Supplier Factors Environment Factors
Consider for each phase or product!
Risk Analysis (1)
Risk Value = Likelihood * Impact Impact expressed as monetary
values? Likely to be difficult or impossible!
Likelihood AND impact expressed using “arbitrary scale “ (1-10)
Most likely - 10, least likely - 1 Highest impact -10, lowest impact - 1
Risk Analysis (2)
Hazard Likelihood Impact Risk Value
Sickness affecting critical path activities
5 7 35
Production takes longer than expected
5 5 25
Specification takes longer than estimate
3 7 21
Sickness affecting non-critical activities
7 3 21
Changes to requirements during production
2 8 16
Product testing shows up design deficiencies
1 10 10
Risk Prioritisation Prioritise by risk value? Consider
Confidence in assessment Compound risks Number of risks Cost of action
Risk Reduction Leverage (RRL) = (RV(before) - RV(after))/risk reduction cost Use the same units!
Risk Reduction (1)
Hazard prevention Likelihood reduction Risk avoidance Risk transfer Contingency planning
Risk Reduction (2)
Personnel shortfalls get the best, job matching, early
scheduling, personal development, team building
Unrealistic estimating multiple estimates, use of different
techniques, standardisation of methods, use of historical data
Risk Monitoring
Assign INDIVIDUALS to monitor risks Part of “change plan” Use PERT techniques to assess
potential effects of uncertainties on project schedule 3 way estimating Activity standard deviations Probability & “Z” values” (Cott. &
Hughes)
Evaluation and Review
Projects should be reviewed on completion The risk management plan should be
reviewed at the end of the project . Risks were successfully foreseen? Contingencies were properly planned for? Lessons to be learnt? Improvements to be made? should be built into the risk management plan
Change Control Plan
Vital part of the project plan Changes are almost inevitable
Example: the client originally asked for sweetcorn on all sandwiches but now wants sweetcorn on tuna only. What changes will need to be made?
Project roles should include a Project Librarian, responsible for logging change requests and responses.
Controlling Change
Risk of “scope creep” One big change? Lots of little ones? Poorly documented changes make
maintenance and enhancement difficult May comprise the integrity of the design May comprise the profitability and
deliverability of the contract
Change Control Plan
Change Request (CRF) Change Specification Change Analysis Costing & feasibility Change decision (Change Control
Board) Change implementation &
documentation
And the downside -
Perceived as bureaucratic, expensive & time-consuming
Likely to annoy users and may affect their relationship with the company.
Will definitely annoy production staff. Restricts responsiveness to user needs Emphasises costs and control rather
than user needs
Summary
Project evaluation should we do it? How should we do it?
Risk management - what COULD happen if we do? How will we cope if it does?
Change control
Further Reading
http://www.rmri.co.uk/ Link to BSI risk management