unit 6 university of sunderland comm80 risk assessment of systems change risk assessment: the...
Post on 19-Dec-2015
213 views
TRANSCRIPT
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Risk Assessment: the Risk Assessment: the Generic ConceptGeneric Concept
COMM80: Risk Assessment of Systems Change
Unit 6
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Objectives of Objectives of Session CoverageSession Coverage
• To understand the importance of risk assessment.
• To consider some generic techniques: e.g. prioritisation, ranking.
• To introduce two specific techniques (not dealt within in detail here)
• To consider the use of software support tools.
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Why Assess Risks?Why Assess Risks?How Assess Risks?How Assess Risks?
• Why? Because can’t monitor all risks in a project – so need to monitor and control the most significant
ones.
• How? – Quantify: assign a value to each risk– Prioritise: use the risk value to assign a priority
typically high, medium, low (or some numerical scale within a project).
– Rank: compare risks within a project against their risk value to determine their relative importance.
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Risk QuantificationRisk Quantification
• Risk = (probability of occurrence) x (impact).• Need to measure or estimate probability and
impact.– These are not absolute values but judgements
made by decision makers.
• Probability is defined on a scale 0 to 1 (impossible to certain) or 0% to 100%
• Impact is defined on a (user defined) scale – e.g.:scale 0 to 10: no impact (0) to catastrophic
(10)
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Generic techniquesGeneric techniques
• There are many techniques for risk assessment. • Generic/standard techniques include
– Prioritisation and Ranking, – Analytical Hierarchy Process, – Decision Trees, – Bayesian Belief Networks.
Risk Perspective
Risk Lifecycle
Generic
Analyse Prioritisation,ranking.AHP, …
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Quantifying/ Quantifying/ Ranking/PrioritisingRanking/Prioritising
• This basic approach will be illustrated using the Risk RadarTM software to provide examples.
• Risk RadarTM (V2.02) is a free software product.• Developed by Integrated Computer Engineering,
Inc (ICE) under a DoD contract– Available from:
• www.iceinceUSA.com and • www.spmn.com (Software Program Managers Network
(SPMN)).
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Risk RadarRisk RadarTMTM ProvidesProvides
• standard database functions to add and delete risks,
• specialised functions for prioritising and retiring project risks. – Including prioritisation of risks through automatic
sorting and risk-specific movement.
• the option of a user-defined risk management plan and a log of historical events for each risk.
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Risk Radar - Initial Risk Radar - Initial formform
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Set Up ProjectSet Up Project
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Risk DocumentationRisk Documentation
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Information About Information About Individual RisksIndividual Risks
For each risk recorded additional information is held - such as
• the area of the project it affects,
•where control resides,
•etc.
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
PrioritisationPrioritisation
• Subjective estimates are made:– based on professional judgement of the
• probability that a risk will occur and • its negative impact on the project if it does.
• risk exposure = probability * impact value.• risk exposure = probability * impact value.• risk exposure = probability * impact value.
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
PrioritisationPrioritisation
• Risk impact could be broken down and quantified into all kinds of impacts areas, such as: the schedule impact in terms of days or cost impact in financial terms, – in reality, it is not possible to quantify these impacts with
any degree of accuracy. – Adding multiple impact areas adds complexity to the risk
management process for little quantitative benefit. – The impact rating system only suggests the total impact
the risk could have on a specific project.
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
PrioritisationPrioritisation
• Risk RadarTM does not assign any meaning to an impact value. – The project team must define the meanings and keep to
them.• These numbers are, usually based on past professional
experience.
– The software uses risk exposure as a means to rank risks relative to one another within a project.
– It is inappropriate to compare risks across projects solely based on numerical factors such as probability, impact, or exposure.
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Prioritising Risks in Prioritising Risks in Risk Radar Risk Radar
The upper figure shows risks ranked according to exposure rate. However, if a risk manager felt that “Poor Interface Design” should have a higher ranking than “Poor Data Quality” they could be re-arranged them manually as shown below.
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
View Risk ImpactView Risk Impact
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
View Risk ImpactView Risk Impact
When this cell is clicked the next window is shown.
Unit 6University of Sunderland COMM80 Risk Assessment of Systems Change
Change in risks Change in risks profile over timeprofile over time
April to July