Professional Documents
Culture Documents
It is about understanding the internal and external influences that can cause project
failure.
The main purpose is to identify and handle the uncommon causes of project
variation.
The SEI definition of risk : “Risk is the possibility of suffering loss” (where loss is any
negative impact to the project which could be in terms of time, costs, quality or
outright project failure)
Risk is uncertainty or lack of complete knowledge of the set of all possible future
events.
The Project manager deals with risks resulting from 3 general classes:
Risk event: It is the precise description of what might happen to the project
Risk probability: It is the degree to which the risk event is likely to occur
Amount at stake: It is the loss incurred if the outcome is unsatisfactory
Risk exposure: It is the overall liability potential of the risk; it is the product of Risk
probability and loss
Concept and system exploration, along with requirements are the first three life cycle
phases and are the phases in which project planning has the greatest impact on risk
mitigation.
The inherent project risk is highest in these phases and drops through project
execution.
Risk identification: Developing the sources of risk, identifying potential risk events,
and symptoms of risk.
Risk quantification: using quantitative and qualitative analysis, determining the value
of the opportunities to pursue verses the threats to avoid, and the opportunities to
ignore verses the threats to accept.
Monitoring & Control: developing corrective action plans and monitoring their
implementation as part of the overall implementation of the risk management plan.
Risk Assessment:
Risk Analysis is done through modeling performance and cost, and analyzing
network, decision and quality factors.
Risk prioritization allows the project team to focus on those critical few risks that will
have the greatest potential for causing project failure.
Risk management planning uses tools of buying information and risk avoidance,
transfer, reduction, element planning and plan integration
Risk avoidance is simply finding a way to restructure the project and product to avoid
that risk
Risk transfer usually involves the buying insurance against the occurrence of the risk.
It is the actual transfer of responsibility for that part of the project with the inherent
risk, to another organization.
Milestone tracking, top-ten risk tracking, risk reassessment, and corrective action
provide the tools for risk monitoring.
These tools are all part of the steps that the project manager takes to implement
complete risk management.
This model provides information and feedback, internal and external to the project,
on the risk activities, current risks, and emerging risks. The processes in this model include:
Identify - Search for and locate risks before they become problems
Plan - translate risk information into decisions and mitigating actions (both present
and future) and implement those actions
Identifying Risks
Use checklists of problems from prior projects retrieved from the project repository or
knowledge-base.
Examine all project assumptions in the project plan for the slightest hint of risk. Pay
special attention to those that assume a rosy future where everything works.
Identifying Risks
Sometimes flowcharting a process helps spot risky areas (especially if the process is
not familiar)
There are different types of risks and the most important ones are:
Technical
Operational
Political
Legal
Regulatory
Market
Social
Internal
External
In general there are 3 basic risk areas - supportability, technical and programmatic.
Technical tasks are a major part of software development business since software is
the driver of high technology.
Programmatic sources arise from the process of trying to manage the software
development project.
As the software project nears completion, the risks inherent in the software delivery,
installation and maintainability are very real and obvious.
These 3 are the areas that add risk to cost and schedule. It should be kept in mind
that cost and schedule are inherently risky.
Analyzing and Quantifying Risks
Brainstorming
Delphi Method
Newer Methods
Sensitivity Analysis
Probability Analysis
Utility Theory
Track all estimates and actuals; understand the teams’ performance level
Understand how all team members’ time is spent-there are always overhead
activities in any organization
Establish a learning pattern for team members throughout the project’s life
Risk Response
Transfer or move the loss to a third party through a contract (warranty or insurance)
Risk Categories
2 Organization Management
3 Customer
4 Budget/Cost
5 Schedule
6 Project Content
7 Performance
8 Project Management
9 Development Process
10 Development Environment
11 Staff
12 Maintenance
The Risk Management Plan will contain all the identified risks and mitigation plans
where appropriate. It models the 12 categories of potential risk to any specific
project.
2 Rank the risk to the project for each category - Risk factors and areas, Low risk
evidence (L), Medium risk evidence (M), High risk evidence (H), Rating, Comments.
3 Sort the risk table in order of risk with high-risk items first and calculate their risk
exposure (key risks). Identify means to control them, establish ownership, and the date of
completion. Integrate key risks into the project plan. Determine impact on schedule and
cost.
4 Establish a regular risk report format for weekly project status meetings.