1

Risk Management and Planning Samavia Akbar (145883)

Aimal Zia (145881)Abiona Olafade (145808)

Yenilmez Ufuk Yılmaz(15500009)

SCT-EMU

EMU 2

Samavia Akbar (145883)

EMU 3

Contents What is risk? What is risk Management? Importance of Risk Management Types of risks Reactive and Proactive Risk Strategies Process of risk management Risk Identification Risk Analysis Risk Mitigation Case study References

EMU 4

What Is Risk ? Risk is defined as the possibility of loss. It is the inability to achieve

program objectives within defined cost, schedule, and technical constraints. Risk management is a set of actions that helps the project manager plan an approach to deal with uncertain occurrences.

Risk is not a bad thing. Risk is bad only when it results in loss for an organization. Risk with positive consequence is “opportunity” Risk with negative consequence is “threat”

EMU 5

Risk Management

What is it? Risk analysis and management are a series of steps that help a software team to understand and manage uncertainty

Who does it? Everyone involved in the software process – managers, software engineers and customers - participate in risk analysis and management

What are the steps?Identifying, analyzing and responding to risk throughout the life of project.

EMU 6

Importance of Risk Management According to the risk management guru Barry Boehm, “Risk

management focuses the project manager’s attention on those portions of the project most likely to cause trouble and compromise participants’ win conditions.”

Risk effects all of your project i.e; budget, schedule, quality etc Main objectives of risk management is to increase the probability and

impact of positive outcomes and decrease the probability and impact of negative outcomes

Unfortunately, many organizations don’t follow a formal risk management process and operate in a perpetual state of crisis management

Crisis management is the opposite of good risk management – organizations find themselves trying to figure out what to do about a problem after it has occurred instead of planning for issues in advance

EMU 7

Types of RisksProject risks can be broadly categorized into development process risks and product risks. Development Process Risks:The risks encountered during product development are categorized as development process risks. These comprise developer errors, natural disasters, disgruntled employees, and poor management objectives.1. Liability risk2. Fidelity risk3. Risk Due to Business Impact4. Technology Risks5. Staff/People Risks6. Natural Disasters 7. Contractual RisksProduct Risks:Product risks crop up in the form of changing requirements during product development. Incomplete and unclear requirements are a risk to the product during development. 8. Risk due to product size9. Risks Due to the Customer

EMU 8

REACTIVE VS. PROACTIVE RISK STRATEGIES Reactive strategies have been laughingly called the “Indiana Jones School

of risk management”.The software team does nothing about risks until something goes wrong. Then, the team flies into action in an attempt to correct the problem rapidly.

A considerably more intelligent strategy for risk management is to be proactive. A proactive strategy begins long before technical work is initiated. The primary objective is to avoid risk, but because not all risks can be avoided, the team works to develop a contingency plan that will enable it to respond in a controlled and effective manner.

EMU 9

Risk Management ProcessProject Risk Management includes the processes concerned with conducting risk management planning, identification, analysis, responses, and control on a project. The actual process of managing risks continues throughout the product development phase. Risk management is a dynamic process because it deals with the activities that are yet to happen. Risk management has a twofold agenda. First, deciding actions for preventing risks from happening, and second, deciding actions for tackling risks that materialize. Risk management process consists of three steps: 1. Risk identification 2. Risk analysis3. Risk mitigation

EMU 10

Risk Management Process

EMU 11

Risk management planning

Plan to manage the risk. The risk management plan is created early in the planning phase of the project

and updated throughout the life of the project. Methodology – approaches (process steps), tools, and data sources that may be

used to perform risk management. Roles and responsibilities to manage risks throughout the entire project. Budgeting for risk management activities (mitigation strategies). Timing of risk management activities (how often are the risks reviewed, when

will mitigation strategies be implemented) . Risk categories – high level used during identification (Technology, Customers,

Performance, etc.).

EMU 12

Abiona Olatade (145808)

RISK IDENTIFICATION

EMU 13

RISK MANAGEMENT PLANNING

RISK IDENTIFICATION

RISK ANALYSIS

RISK ANALYSIS

RISK IDENTIFICATION

RISK ANALYSIS

RISK ANALYSIS

RISK ANALYSIS

ANALOGY

BRAINSTORMINGDELPHI

TECHNIQUEINTERVIEWS

SWOT ANALYSISRISK

IDENTIFICATIONRISK

IDENTIFICATION

EMU 14

RISK IDENTIFICATION

Determining which risks are likely to affect a project Project manager gathers information about potential risks ALONG WITH THE PROJECT TEAM First step is to identify as many risks as possible for the upcoming

project Risk identification is not a one-time process; but a continuous process

(looking for new issues that may affect the success of the project)

EMU 14

ANALOGY

BRAINSTORMINGDELPHI

TECHNIQUEINTERVIEWS

POST-IT-NOTES

SWOT ANALYSISRISK

IDENTIFICATION

ANALOGY

Uses information from past similar projects or the experience of team members to look for risks.

EMU 15

Brainstorming Getting ideas from a group with the hope of generating a complete

list of ideas key to a it's success to foster an atmosphere that allows

outspokenness If not possible other techniques like the Delphi Technique or "post-it

Notes" are available

EMU 16

DELPHI TECHNIQUE

Participants are unknown to each other ideas can be generated without fear.

Questions and answers are presented electronically. The moderator accumulates all responses into one list which is then

distributed to the list for comments. This process continues until a general consensus (agreement) is

reached

EMU 17

INTERVIEWS

Project leader and other members conduct one-on-one discussions with stakeholders.

It is crucial to make the stakeholders feel comfortable sharing their ideas.

The success of this technique is heavily dependent on the skills of the interviewer.

EMU 18

POST-IT-NOTES Each participant writes down on sticky notes as many ideas as they

can think of..1 idea per note. Moderator sticks the note on a wall, and a list of ideas is quickly

generated and the team discusses the merit of each. Ideas with zero probability of occurrence is removed from the board Ideas that remain are rated for likelihood and impact

EMU 19

SWOT ANALYSIS SWOT stands for STRENGTHS, WEAKNESSES, OPPORTUNITIES, and

THREATS

SWOT analysis offers a framework with which to conduct a brainstorming session, sticky-note exercise, or a Delphi Technique session.

A key benefit of this technique is a focus on both sides of each issue:strengths versus weaknesses and opportunities versus threats

EMU 20

EMU 21

SWOT ANALYSIS Strengths – patents, strong brand name, reputation, cost advantages

from proprietary know-how, access to distribution networks Weaknesses – lack of patent, weak brand name, poor reputation, lack

of access to distribution networks Opportunities – an unfilled customer need, arrival of new

technologies, better regulations, international trade barriers Threats – shifts in consumer tastes away from, substitute products,

worse regulations, trade barriers

EMU 21

Risk Register Contents

Risk – name of the risk along with short description.

Trigger event – Events preceding the risk occurring.

Responsible - person or group responsible for monitoring the risk and executing mitigation activities

Consequence – Key project impact if the risk occurs.

Probability – Qualitative or quantitative probability of occurrence.

Mitigation – Strategy being used to reduce likelyhood.

EMU 22

EMU 23

RISK REGISTER

EMU 23

RISK REGISTERPROJECT: ‘ interclass beauty competition’

RISK 

TRIGGER EVENT

 

RESPONSIBLE 

CONSEQUENCE 

PROBABILITY 

MITIGATION 

NAME AND SHORT DESCRIPTION

    CLASS PARTICIPATION  { RISKING THE CLASS UNBEATEN RECORD} 

ACTIONS PRECEEDING THE RISK OCCURING

    (MISS A) CATCHES THE FLU

PERSON OR GROUP RESPONSIBLE FOR MONITORING AND

MITIGATION  CLASS DOCTOR

CLASS MAKEUP TEAM

KEY PROJECT IMPACT IF THE RISK OCCURS

   OUR CLASS WILL LOOSE THE ‘interclass beauty competition’ BRAGING RIGHT  OUR CLASS WILL LOSE THE ‘interclass beauty competition’ UNBEATEN RECORD  

QUALITATIVE OR QUANTITATIVE PROBABILITY

   

MEDIUM

40%

STRATEGY BEING USED TO REDUCE

LIKELY HOOD    

GET A BACKUP CONTESTANT

(MISS B) 

INFECT OTHER CONTESTANTS

EMU 24

Yenilmez Ufuk Yilmaz (15500009)

EMU 25

Risk Analysis

After identifying the risks, the project manager needs to analyze the risks. Uncertainty and loss are the two characteristics of risk. The uncertainty

factor in risk means that the unknown event mayor may not happen. project manager needs to quantify the level of uncertainty and the degree of

loss. Based on this, the project manager plans schedules and costs. During analysis, information on risk is converted into information on decision-

making. Analysis provides the basis for the project manager to work on the “right” risks.

Qualitative Risk Analysis—performing a qualitative analysis of risks and conditions to prioritize their effects on project objectives. Quantitative Risk Analysis—measuring the probability and consequences of risks and estimating their implications for project objectives.

Risk Analysis Table

First, the WBS elements are identified. One of the tasks in the risk analysis phase is to describe the risk. The risk can be product-related, process-related, organization-related, client-related, or infrastructure-related.

Second, the WBS elements are evaluated to determine the risk events. Then the project manager quantifies the probability of occurrence of risk. The project manager can assign probability values between 0 and 1.

Third, the risks are rated depending on their probability of occurrence, the project manager identifies the impact of the risk. The impact of risk on cost, schedule, and quantity needs to be calculated and graded.

Then the risk factor is calculated by multiplying the probability of risk and the impact of risk. Finally, each risk is prioritized relative to other risks. The risk factor is used to prioritize the identified risks.

EMU 26

EMU 27

Probability/Impact matrix

The probability and impact matrix aids the project team in prioritizing which risks need more attention based on either their probability of occurring or the size of the impact to the project or both

EMU 28

Probability/Impact matrix continued

The columns represent the degree of impact to the project’s scope, time, cost, and quality goals

This example using a five level scale: zero to low impact, low to medium, medium, medium to high, and high impact. The scores are determined by subject matter experts and historical data

The next step determine the probability that a risk will materialize again using expert judgment and historical data

EMU 29

Quantitative Risk Analysis Techniques Decision trees with

expected monetary value analysis (EMV)

Decision tree analysis is generally used along with its graphical representation that describes a set of options under consideration along with estimated implications of each option

The EMV analysis technique is a statistical concept that calculates the average outcome when dealing with unknown future scenarios

EMU 30

Simulation (Monte Carlo) Monte Carlo simulation was as an aid in building accurate time

estimates for WBS activities It can also be used during quantitative risk analysis to simulate the

impact a risk may have on project goals Based on the probabilities of various outcomes, similar to the decision

tree analysis example, the simulation can be run multiple times based on the frequency distribution to determine the expected outcomes with probabilities.

EMU 31

Risk Response Planning

Eliminate threat before it happen Decrease impact of threat Contingency plan (do something if risk happens) Fallback plan (do something if contingency plans are not effective)

EMU 32

Risk Response Planning

Four main strategies: Risk avoidance: eliminating a specific threat or risk, usually by

eliminating its causes Risk acceptance: accepting the consequences should a risk occur without

trying to control it Risk transference: shifting the consequence of a risk and responsibility

for its management to a third party internal or external to the organization Risk mitigation: reducing the impact of a risk event by reducing the

probability of its occurrence

EMU 33

Aimal zia 145881

EMU 34

Risk Mitigation Risk mitigation is the best possible approach adopted by the

project manager to avoid risks from occurring. The probability of the risk occurring and the potential impact of the risk can be mitigated by dealing with the problem early in the project. Essentially, risk mitigation involves three possibilities and the project manager needs to adopt a risk mitigation strategy aimed at them.

The three possibilities include: • Risk avoidance • Risk monitoring • Contingency planning

EMU 35

Risk Avoidance To avoid risks from occurring, the project team prepares the risk plan before

the commencement of the project. The project team identifies the potential risks and prioritizes them based on their probability of occurrence and impact. Then, the team prepares a plan for managing risks. In most software projects, this plan is popularly called the risk management plan.

Format of a risk management plan

EMU 36

Risk Monitoring

It is not possible to monitor closely all the risks that are identified for the project. For example, if 100 risks are identified for a project, only top 20 risks are monitored.

There are re-planning checkpoints where the information obtained from monitoring the risks is used to refine the risk assessments and management plan.

The project manager monitors the top 20 percent of the factors that may indicate the status of the risks in the project.

In the case of large teams, the project manager also needs to monitor the attitude of the team members and their problems. This helps the project manager monitor any possible team-related risks.

For example, choosing a more expensive but proven technology over, a newer, less expensive technology is a step toward mitigating project risks.

EMU 37

Contingency Planning

The possibility of contingency planning arises when mitigation efforts fail and risk becomes a reality.

Contingency planning is used to monitor risks and invoke a predetermined response.

According to the plan, a trigger is set up. If the trigger is reached, the contingency plan is put into effect.

Contingency planning involves maintaining an alternative plan if the original plan fails.

example. Despite the massive attack on WTC, the stock markets in the US resumed functioning within a few days. This was possible because the finance companies had backed up their data and information on computers elsewhere. The contingency planning of finance companies prevented the risk of huge data loss for the stock market.

EMU 38

Managing Risks: Case Study Consider a scenario. Your organization is a vendor of software solutions. A

bus transport company the US wants you to develop a Schedule Adherence system. The team that will develop this software is new and the platform selected for development is also new to your organization. The project team needs to be trained intensively for this.

During this project, the team is expected to manage a large volume of data. The team has never had any experience in managing such a large volume of data. The system also needs to use this data to generate various MIS reports related to delays or adherence of bus services.

The performance requirement is less than fifteen seconds for all popular browsers. Your organization is anticipating numerous requirement changes during the development process. The system needs to be implemented across several states in the country. The data related to the system is highly confidential because it can provide an edge to the competitors.

Now, as a project manager, you need to prepare a risk management plan for this project. The project starts on May 15 and should be completed on November 15.

EMU 39

Case Study First, you need to identify the potential risks involved in the project.

The potential risks to the project are described in Table.

After identifying the risks, you need to estimate the probability of their occurrence and their impact on product development. Based on this, you calculate the risk factor and plan the mitigation steps.

EMU 40

Case Study The Risk Management Plan for Building a Schedule Adherence System

EMU 41

References: http://www.slideshare.net/AbhinyaKalyan/risk-manage

ment-16546063?related=1 http://www.slideshare.net/aleemhabib7/project-risk-ma

nagement-pmbok-5 http://www.slideshare.net/Schopra17/risk-mangement?r

elated=1 http://www.slideshare.net/Samuel90/risk-management-

slides-4397491

Software Project Management (CS615) © Copyright Virtual University of Pakistan

Information Technology Project Management, 3rd Edition, John Wiley, Jack T. Marchewka

EMU 42

EMU 43