More Related Content Similar to Risk mgmt (20) Risk mgmt1. IBM Global Services (ITS)
10/30/15 © 2004 IBM Corporation
Risk Management Fundamentals
and Beyond
Dr. Oliver Klapp
2. IBM Global Services (ITS)
© 2004 IBM Corporation
2 Risk Management Fundamentals 10/30/15
Agenda
1
2
3
4
What is Risk Management?
Why is Risk Management Important?
Risk Categories: Risk Management Planning VITPM 4.12
Risk Categories: Risk Identification VITPM4.13
5 Risk Categories: Qualitative Risk Analysis
Risk Categories: Quantitative Risk Analysis
Recommendations and Summary
Risk Categories: Risk Response Planning VITPM 4.15
Risk Categories: Risk Monitoring and Control VITPM 6.6
6
7
8
9
VITPM 4.14
3. IBM Global Services (ITS)
© 2004 IBM Corporation
3 Risk Management Fundamentals 10/30/15
Agenda
1
2
3
4
What is Risk Management?
Why is Risk Management Important?
Risk Categories: Risk Management Planning
Risk Categories: Risk Identification
5 Risk Categories: Qualitative Risk Analysis
Risk Categories: Quantitative Risk Analysis
Recommendations and Summary
Risk Categories: Risk Response Planning
Risk Categories: Risk Monitoring and Control
6
7
8
9
4. IBM Global Services (ITS)
© 2004 IBM Corporation
4 Risk Management Fundamentals 10/30/15
What is Risk Management?
ï§ Risk Management is the systematic process of identifying,
analyzing and responding to project risk. (PMBOK Guide)
ï§ It includes [maximizing the probability and consequences of
positive events and] minimizing the probability and consequences
of adverse events to project objectives.
5. IBM Global Services (ITS)
© 2004 IBM Corporation
5 Risk Management Fundamentals 10/30/15
ï§ IBM defines Risk as 'a possible undesirable and unplanned event that
could result in the project not meeting one or more of its objectives'
ï§ PMI further defines risk as involving only the possibility of suffering harm
or loss. (PMBOK)
ï§ Synonyms for risk include danger, jeopardy, hazard, peril, gamble, chance
(MS Word Thesaurus)
deutsch: Gefahr, GefĂ€hrlichkeit, Wagnis, GlĂŒcksfall, Unsicherheit, âŠ
ï§ Thus, Risk Management can be defined as âthe art and science of
identifying, analysing and responding to risk events.' (PMBOK)
Risk Management Definitions
6. IBM Global Services (ITS)
© 2004 IBM Corporation
6 Risk Management Fundamentals 10/30/15
Impact
Probability
Low
Impact
High Impact
Low Probability
High
Probability
Low Risk
Moderate
Risk
High Risk
An Event
A risk event is defined as a
possible undesirable event
or unplanned opportunity.
All projects have risks. If
risks are ignored you will
increase the likelihood that
the project will fail, or will
be less successful.
What is Risk
7. IBM Global Services (ITS)
© 2004 IBM Corporation
7 Risk Management Fundamentals 10/30/15
Risk versus Issues
ï§ Risks is when an event may occur
â Risk management allows for proactive management
â It allows customer expectation management early
â Financial impacts may be avoided
ï§ Issue is when a risk has eventuated (a fact, e.g. PMRs)
â Reactive management approach
â Issue results in loss â financial or customer satisfaction
8. IBM Global Services (ITS)
© 2004 IBM Corporation
8 Risk Management Fundamentals 10/30/15
Risk vs. Change vs. Issue Management
ï§ Risks Management
â A strategic process for identifying and managing possible future
events that may influence project performance and results
ï§ Change Management
â A process to formally control the management and approval of
project baselines (requirements, technical, schedule and so on) and
changes to those baselines
ï§ Issue Management
â A tactical process to formally control the management of problems
that typically result from risk, change, ineffective project
management, or a combination of these
9. IBM Global Services (ITS)
© 2004 IBM Corporation
9 Risk Management Fundamentals 10/30/15
Agenda
1
2
3
4
What is Risk Management?
Why is Risk Management Important?
Risk Categories: Risk Management Planning
Risk Categories: Risk Identification
5 Risk Categories: Qualitative Risk Analysis
Risk Categories: Quantitative Risk Analysis
Recommendations and Summary
Risk Categories: Risk Response Planning
Risk Categories: Risk Monitoring and Control
6
7
8
9
10. IBM Global Services (ITS)
© 2004 IBM Corporation
10 Risk Management Fundamentals 10/30/15
Why is Risk Management Important, Why Focus on Risk
Management?
ï§ Through managing uncertainty, effective risk management:*
â Protect:
âą Spend (GP), cost
âą Schedule
âą Requirements
â Prevent surprises
â Prevent management by crisis
â Prevent problems from occurring or, if they do occur, from escalating
â by organizational appreciation of uncertainty, increases
competitiveness in bidding and reduces chance of disaster
contracts/projects (can you think of any?) where risk is too great.
â helps build good employee morale by encouraging creative thinking,
cross team communication and trust.
â And much more!
*Chapman, Chris and Steve Ward (1996). Why You Need Risk Management. Project Management
Requirements
Cost Schedule
11. IBM Global Services (ITS)
© 2004 IBM Corporation
11 Risk Management Fundamentals 10/30/15
Project risk and consequences vary over the project life cycle
Risk
Time
Total Project Life Cycle
Conceive Develop Implement Terminate
Amount of Stake
Opportunity and Risk
Period of
Highest Risk
Impact
$ Value
12. IBM Global Services (ITS)
© 2004 IBM Corporation
12 Risk Management Fundamentals 10/30/15
Risk Management Planning
Approach on how to manage risks in the project
Risk Identification
Determining the risks that may affect the project and documenting
characteristics (consider validity of assumptions)
Qualitative Risk Analysis
Qualitative Analysis and prioritising its effects
Quantitative Risk Analysis
Measuring the probability of impact
Estimating the cost of impact
Risk Response Planning
Developing procedures and techniques to reduce the threat of risks and
enhance opportunities
Risk Monitoring and Control
Ongoing management of risks during project execution
Analyse Respond Control ReactIdentify
Scope of Risk Management
13. IBM Global Services (ITS)
© 2004 IBM Corporation
13 Risk Management Fundamentals 10/30/15
Risk Process PMBOK 2003
11.1 Risk Management Planning
â deciding how to approach, plan, and execute the risk management activities for a
project.
11.2 Risk Identification
â determining which risks might affect the project and documenting their characteristics.
11.3 Qualitative Risk Analysis
â prioritizing risks for subsequent further analysis or action by assessing and combining
their probability of occurrence and impact.
11.4 Quantitative Risk Analysis
â numerically analyzing the effect on overall project objectives of identified risks.
11.5 Risk Response Planning
â developing options and actions to enhance opportunities, and to reduce threats to
project objectives.
11.6 Risk Monitoring and Control
â tracking identified risks, monitoring residual risks, identifying new risks, executing risk
response plans, and evaluating their effectiveness throughout the project life cycle.
14. IBM Global Services (ITS)
© 2004 IBM Corporation
14 Risk Management Fundamentals 10/30/15
Project Risk Management Process Flow Diagram
15. IBM Global Services (ITS)
© 2004 IBM Corporation
15 Risk Management Fundamentals 10/30/15
Agenda
1
2
3
4
What is Risk Management?
Why is Risk Management Important?
Risk Categories: Risk Management Planning
Risk Categories: Risk Identification
5 Risk Categories: Qualitative Risk Analysis
Risk Categories: Quantitative Risk Analysis
Recommendations and Summary
Risk Categories: Risk Response Planning
Risk Categories: Risk Monitoring and Control
6
7
8
9
16. IBM Global Services (ITS)
© 2004 IBM Corporation
16 Risk Management Fundamentals 10/30/15
Risk Management Planning
ï§ Plan the next phases/categories
ï§ PMI lists the following inputs to Project Risk Management Planning
to create the risk management plan:
â Project Charter ï Teilprojektbeschreibungsdokumente
â Organizationâs risk management policies
â Defined roles and responsibilities
â Stakeholder risk tolerances
â Template for the organizationâs risk management plan ï FitPM
â Work breakdown structure ï ProjektplĂ€ne
ï§ The main tool used is âplanning meetingsâ.
17. IBM Global Services (ITS)
© 2004 IBM Corporation
17 Risk Management Fundamentals 10/30/15
Agenda
1
2
3
4
What is Risk Management?
Why is Risk Management Important?
Risk Categories: Risk Management Planning
Risk Categories: Risk Identification
5 Risk Categories: Qualitative Risk Analysis
Risk Categories: Quantitative Risk Analysis
Recommendations and Summary
Risk Categories: Risk Response Planning
Risk Categories: Risk Monitoring and Control
6
7
8
9
18. IBM Global Services (ITS)
© 2004 IBM Corporation
18 Risk Management Fundamentals 10/30/15
Risk Identification
ï§ Inputs to risk identification:
â risk management plan
â items from project planning
â risk categories/types
â historical information
ï§ The products of risk identification are risks, triggers, and inputs to
other processes (further action, etc.).
ï§ Should not only be performed at the beginning of the project, but
also throughout the projectâs life.
19. IBM Global Services (ITS)
© 2004 IBM Corporation
19 Risk Management Fundamentals 10/30/15
The key tools and techniques to use to identify risks are:
ïź Run a risk identification workshop (cross section of the project's
stakeholders)
ïź Peer reviews
ïź Review the risk assessment checklists created by the organization
ïź Interview key members of the project team
ïź Assumption analysis
ïź Examine sources of risk
ïź Study Lessons Learned from previous projects
Analyse Respond Control ReactIdentify
Risk Identification Tools and Techniques
20. IBM Global Services (ITS)
© 2004 IBM Corporation
20 Risk Management Fundamentals 10/30/15
Using Inputs to Identify Risk Events/Sources of Risk
ï§ Work breakdown structure / ProjektplĂ€ne
ï§ Contractual requirements or statements of work (SOWs), E-Vorlage
ï§ Supplier contracts or customer agreements
ï§ Field and marketing information
ï§ Project plan assumptions
ï§ Earned value (EV) data
ï§ Lessons learned files from previous projects
ï§ Company objectives and plans
ï§ Other project-related plans
ï§ Project schedule
ï§ Review reports
ï§ Project plan dependencies
ï§ Resource sourcing !!!
ï§ Sponsor or other stakeholder feedback
ï§ As you progress on the project, some other areas to look at are:
ï§ Change requests, Issue documents, Event log, Project status reports
21. IBM Global Services (ITS)
© 2004 IBM Corporation
21 Risk Management Fundamentals 10/30/15
Identify the Risk StatementIdentify the Risk Statement
ï§ Beispiel: Performanz nach Konsolidierung Karat
-> Prob M, impact VH vs. M / M; Warum?
ï§ Risks are described as having three parts:
â If <condition> and <dependency exists> then <impact will occur>
â If <condition>
âą The event under which the risk will materialize
â e.g., IF GeeWiz Inc. does not deliver the Oracle interface by
November 2001.
â And <dependency>
âą The reason for the projectâs dependence on the risk
â e.g., AND it becomes necessary to develop an interface from
scratch.
â Then <impact>
âą The quantifiable impact of the realized risk
â e.g., THEN our schedule will slip by 3 months and our costs will
exceed our budget by 10%.
22. IBM Global Services (ITS)
© 2004 IBM Corporation
22 Risk Management Fundamentals 10/30/15
Further Examples of Risk Statements
ï§ IF the roof leaks because of the constant snowfalls, AND the project
team will be evacuated from the trailer, THEN we will not be able to
deploy data on schedule.
ï§ IF I violate traffic rules, AND get one more ticket, THEN my insurance
company will drop me.
ï§ IF loan is not approved by May, AND we cannot move into new house,
THEN we will have to extend our rent.
23. IBM Global Services (ITS)
© 2004 IBM Corporation
23 Risk Management Fundamentals 10/30/15
Agenda
1
2
3
4
What is Risk Management?
Why is Risk Management Important?
Risk Categories: Risk Management Planning
Risk Categories: Risk Identification
5 Risk Categories: Qualitative Risk Analysis
Risk Categories: Quantitative Risk Analysis
Recommendations and Summary
Risk Categories: Risk Response Planning
Risk Categories: Risk Monitoring and Control
6
7
8
9
24. IBM Global Services (ITS)
© 2004 IBM Corporation
24 Risk Management Fundamentals 10/30/15
Qualitative Risk Analysis
ï§ Inputs:
â the risk management plan
â identified risks
â project status (early in life, later in life), project type (common,
uncommon), data precision, scales of probability and impact, and
assumptions.
ï§ Tools used:
â applying risk probability and impact to individual risks
â a risk rating matrix that combines probability and impact of risks (such
as âlowâ, âmoderateâ, âhighâ)
ï§ Qualitative risk analysis produces an overall risk ranking for the
project, list of risks for additional analysis and management, and
trends in qualitative risk analysis results.
25. IBM Global Services (ITS)
© 2004 IBM Corporation
25 Risk Management Fundamentals 10/30/15
When analysing the risk, consider the:
Probability of occurrence
Magnitude of loss or impact of each identified risk event
Severity of risk (Severity = Probability x Impact)
Evaluation factors include:
Precedence (Has the risk occurred before?)
Familiarity of operation (Has the work been undertaken before?)
Resources and skills
Time, cost, and quality
Probability (What is the likelihood of the risk occurring?)
Impact (What is the effect on the project or business?)
Win, Profit, Customer Satisfaction ï Overall
Analyse Respond Control ReactIdentify
Evaluation of Risk
26. IBM Global Services (ITS)
© 2004 IBM Corporation
26 Risk Management Fundamentals 10/30/15
Example: Define consequences/impact
Analyse
Consequence
Probability
Consequence Area Definition
Cost Entail budget overrun on more than 1 mill EURO in
<name on project>
High Time Entail that <name on project> is delayed more than 1
week
Quality Entail that subsequent projects can not be started
Cost Entail budget overrun on less than 1 mill EURO but
more than 0,1 mill EURO in <name on project>
Medium Time Entail that <name on project> is delayed less than 1
week but more than 1 day
Quality Entails that subsequent projects has considerable
negative influences
Cost Entail budget overrun less than 0,1 mill EURO in
<name on project>
Low Time Entail that <name on project> is delayed less than 1
day
Quality Entails that subsequent projects only has minor
negative influences
27. IBM Global Services (ITS)
© 2004 IBM Corporation
27 Risk Management Fundamentals 10/30/15
Risk Exposure Matrix
Exposure
Rating
Very High High Medium Low
Very High
High
Medium
Low
VH
VHVH
LH
HH
HH
HH
MM
M
M
M
Overall Impact
Probability
ï§ overall impact: highest of each of the impact categories, e.g. L L M -> M
28. IBM Global Services (ITS)
© 2004 IBM Corporation
28 Risk Management Fundamentals 10/30/15
Agenda
1
2
3
4
What is Risk Management?
Why is Risk Management Important?
Risk Categories: Risk Management Planning
Risk Categories: Risk Identification
5 Risk Categories: Qualitative Risk Analysis
Risk Categories: Quantitative Risk Analysis
Recommendations and Summary
Risk Categories: Risk Response Planning
Risk Categories: Risk Monitoring and Control
6
7
8
9
29. IBM Global Services (ITS)
© 2004 IBM Corporation
29 Risk Management Fundamentals 10/30/15
Quantitative Risk Analysis
ï§ Create a prioritized list of quantified risks, probabilistic analysis of the
projectâs duration and costs, probability of achieving cost and time
targets, and trends.
ï§ This is performed by the use of
â the risk management plan,
â identified risks,
â list of prioritized risks,
â list of risks for further analysis and management,
â historical information,
â expert judgment,
â and other inputs along with the tools of interviewing, sensitivity
analysis, decision tree analysis, and simulation.
30. IBM Global Services (ITS)
© 2004 IBM Corporation
30 Risk Management Fundamentals 10/30/15
Comparative Risk Ranking Tool
ï§ Es werden den Risiken Buchstaben zugeordnet (möglichst nicht mehr als 5 bis 10 Risiken).
ï§ Danach werden diese Risiken in unten stehende Tabelle eingetragen.
ï§ Dann werden die Risiken in den einzelnen Stufen miteinander verglichen und der entsprechende
Buchstabe in die freien Felder eingetragen.
ï§ Das Programm rechnet dann automatisch das am meisten genannte Risiko und man erhĂ€lt das
entsprechende Risk-Ranking.
ï§ Achtung: Es darf nicht sein, dass ein zwei oder mehrere Risiken das gleiche Ranking besitzen, da
jedes Risiko mit jedem anderen verglichen wird!
3 A A
1 B a B'
4 C a a C'
2 D b D'
0 E c c N
0 F c F'
0 G c G'
0 H d H'
0 I d I'
0 J J'
Ranking A B C D E F G H I J
2 4 1 3 5 5 5 5 5 5
31. IBM Global Services (ITS)
© 2004 IBM Corporation
31 Risk Management Fundamentals 10/30/15
AnalyzeAnalyze Time Frame and FrequencyTime Frame and Frequency
ï§ Time FrameTime Frame
the period and/or points in time when risk consequences might
impact the project.
*Timing is relative to the expected length of the project.
ï§ FrequencyFrequency
Characteristics of a risk which are likely to occur multiple times
throughout the project.
(e.g. das Thema Ressourcen jedes Quartal)
Near-term: Less than 30 days
Mid-term: Between 30 â 90 days
Far-term: Greater than 90 days
32. IBM Global Services (ITS)
© 2004 IBM Corporation
32 Risk Management Fundamentals 10/30/15
Assign Risk Ownership
In determining risk assignment consider:
ï§ Accountability â who is ultimately held âaccountableâ for
determining the risk approach, as well as the success or failure
of mitigation and/or use of contingency plans.
ï§ Responsibility â who is charged with developing and
implementing (or overseeing) risk mitigation actions and/or use
of contingency plans.
ï§ Authority â who has the right and ability to assign resources for
mitigation and/or contingency
33. IBM Global Services (ITS)
© 2004 IBM Corporation
33 Risk Management Fundamentals 10/30/15
Risk Log 1/2
Ris
k ID
TP Kategorie Beschreibung Zeitl.
AusprÀ
gung
Eintritt
s-
wÂŽkeit
(pre)
Impa
kt
(pre)
Score/
Exposu
re
(pre)
Score zur
Berechnung
nomalized risk
score
Strategie
1 Alg PMgmt Wenn die erforderlichen Ressourcen nicht bereitgestellt werden, fĂŒhrt dies zu Verzögerungen im Projekt. VH H VH 14 Eingrenzen
10 App/
DB
extern Wenn Probleme mit Fremd-SW entstehen, besteht eine hohe AbhÀngigkeit zu den Softwarelieferanten und deren
Support.
H M H 9 Accept
11 INET technisch Wenn keine Anpasssung der Domino- und Websphere basierten Applikationen auf Websphere Release 5.X
erfolgt, ist keine Konsolidierung vertretbar möglich.
M M M 5 Eingrenzen
12 INET technisch Wenn keine Migration der Applikationen auf WebSphere 5.X erfolgt, kann die Anzahl der Applikationen und
Server im Bereich Domino/WebSphere Applikationsserver nicht verringert werden.
M M M 5 Eingrenzen
14 Alg organisatorisch Wenn die Akzeptanz bei laufenden Projekten und in den Referaten gegenĂŒber SOKO nicht besteht, sind Termine
und Zielsetzungen gefÀhrdet.
VH H VH 14 Eingrenzen
15 App technisch Wenn die Zielsystemauslastung suboptimal gefĂŒhrt wird, sind die Zielzahlen gefĂ€hrdert. L M M 5 accept
16 App technisch Wenn Cohosting durchgefĂŒhrt wird, kann dies zu Destabilisierung, ohne vorheriges Monitoring sogar zum
Serverausfall fĂŒhren.
L M M 5 accept
19 Alg organisatorisch Wenn SOKO relevante MA das Zeit Plus Programm annehmen, kommt es zu starken Terminproblemen. VH H VH 14 accept
23 App organisatorisch Abstimmung TP APP mit Serverbetrieb kann die In-Produktionnahme von Apps verhindern / verzögern
(Workshop war am 14.6. , bis jetzt sind immer noch nicht Betriebs-MA benannt
H M H 9 accept
24 App technisch Wenn erhöhte Anforderungen an Zielsystem-Messungen und oder andere Verfahren vor einer in-
Produktionnahme (eigentlich alle Anforderungen ungleich den im BC angenommenen) entstehen, erhöhen sich
die AufwÀnde und es kann zu Terminverschiebungen kommen.
H H H 9 eingrenzen
34. IBM Global Services (ITS)
© 2004 IBM Corporation
34 Risk Management Fundamentals 10/30/15
Risk Log 2/2
Strategie MaĂnahmen Eintritts-
wÂŽkeit
(post)
Impakt
(post)
Score/
Exposu
re
(post)
Score zur
Berechnung
nomalized risk
score
Originator Datum
Aufnahme
Owner Status Links to
Issue/OP ID
Eingrenzen o quartalsweise Abstimmung der Ressourcen mit den RLs; o
bei punktuellen EngpÀssen Einsatz externer Ressourcen
o persönliche Ansprache der RLs durch die Projektleitung
o Kommunikation der möglichen Projektmitarbeiter die Zeitplus
planen, um Zeit fĂŒr alternative Lösungen zu bekommen.
H M H 9 alle PM ongoing
Accept Risiko ist im BC berĂŒcksichtigt. Als MaĂnahme bleibt die
Ăberwachung der Abbauzahlen
H L M 5 PM/Architektongoing
Eingrenzen GesprÀch PL in HH 28./29.10. in HH M M M 5 Horneff Architekt ongoing
Eingrenzen GesprÀch PL in HH 28./29.10. in HH M M M 5 Horneff Architekt ongoing
Eingrenzen o persönliche Kontakte zu Linienverantwortlichen und
Projektleitern pflegen
o Sichtbarkeit des Topsponsors/Managements fĂŒr das Projekt
nach auĂen
o Initiierung von PersonalgesprÀchen
H M H 9 Kern PM ongoing
accept Im BC berĂŒcksichtigt L M M 5 G.S. Architekt offen
accept Accept, da nicht fĂŒr alle Services Abnahmeumgebungen
vorhanden sind
L M M 5 G.S. Architekt offen
accept siehe Risiko 1 VH L H 9 PM (O.K.) PM ongoing
accept H M H 9 eingetreten siehe OP 24
eingrenzen regelmĂ€Ăige Abstimmungen zwischen SOKO-Architektur und
Betrieb
rollierender 3Monatsplan der TPL mit Betrieb regelmĂ€Ăig
abstimmen
Performancemessung stÀrken
M M M 5 ongoing
35. IBM Global Services (ITS)
© 2004 IBM Corporation
35 Risk Management Fundamentals 10/30/15
Summary Risk Analysis
ï§ Analyse: transform risk data into decision making information
ï§ Define probability
ï§ Define impact (e.g.for Win, Profit, Satisfaction)
ï§ Overall impact: highest of each of the impact categories,
e.g. L L M -> M
ï§ Risk Exposure: âproductâ probability and overall impact (s. matrix)
ï§ Scale for impacts and probability: low, medium, high, very high
ï§ Prioritisation/Ranking (s. e.g. comparative risk ranking)
36. IBM Global Services (ITS)
© 2004 IBM Corporation
36 Risk Management Fundamentals 10/30/15
Normalized Project Risk Scoring:
ï§ Rate exposure of each risk:
2 (low), 5(medium), 9(high), 14 (very high)
ï§ Sum all scores (getrennt nach Impact Kategorien und overall)
ï§ normalized score = sum of risk scores * 10 / number of risks
(risks no longer considered must still be listed as âlowâ, otherwise the
overall risk will be too high)
ï§ OVERALL RISK EXPOSURE
â 21â40 = Low
â 41â60 = Medium
â 61â80 = High
â 81+ = Very High
37. IBM Global Services (ITS)
© 2004 IBM Corporation
37 Risk Management Fundamentals 10/30/15
Normalization: Use, Strengths, and Weaknesses
ï§ Use:
â Qualitative elements must be weighted
ï§ Strengths:
â Helps with comparison of different projects
â Allows for comparison of risk categories (e.g. Win, Profit, Customer
Satisfaction)
ï§ Weaknesses:
â Tends to result in âHighâ overall risk, especially if only few risks are
used
â All identified risks must be retained, including those no longer
considered
âą Risks no longer be considered must be listed as âLowâ, otherwise
the overall risk will be to high
â The result is easy to manipulate
38. IBM Global Services (ITS)
© 2004 IBM Corporation
38 Risk Management Fundamentals 10/30/15
Risk Analysis Tools
ï§ Monte Carlo simulation and Sensitivity Analysis
aid the project management community in determining which variables of a
project most impact the projectâs possible outcomes, and by how much.
ï§ For example, using Monte Carlo simulation one can obtain statistical
probabilities of project variableâs impact on the overall project expected value
(such as, maximum and minimum impact of a variable on the projectâs expected
value).
ï§ From this information on project variables impact, a tornado diagram could be
created to analyze all variables to identify which ones should be kept as a priority
to focus on to manage the projectâs outcome.
39. IBM Global Services (ITS)
© 2004 IBM Corporation
39 Risk Management Fundamentals 10/30/15
Risk Analysis Tools
Sensitivity Analysis - Tornado Diagram
40. IBM Global Services (ITS)
© 2004 IBM Corporation
40 Risk Management Fundamentals 10/30/15
Risk Analysis Tools
Decision Tree with EMV (Expected Monetary Value)
41. IBM Global Services (ITS)
© 2004 IBM Corporation
41 Risk Management Fundamentals 10/30/15
Risk Analysis Tools
Pareto Analysis
ï§ 80/20 Rule
ï§ Examples*
â 20% of your customers provide 80% of your sales
â 20% of your products provide 80% of your sales
â 20% of your products provide 80% of your profit
â 20% of your products provide 80% of your problems
ï§ Useful for*:
â Prioritizes and focuses resources where they are most needed.
â Measures the impact of an improvement by comparing before and
after.
â Visually displays the relative importance of causes, problems or
other conditions.
42. IBM Global Services (ITS)
© 2004 IBM Corporation
42 Risk Management Fundamentals 10/30/15
Agenda
1
2
3
4
What is Risk Management?
Why is Risk Management Important?
Risk Categories: Risk Management Planning
Risk Categories: Risk Identification
5 Risk Categories: Qualitative Risk Analysis
Risk Categories: Quantitative Risk Analysis
Recommendations and Summary
Risk Categories: Risk Response Planning
Risk Categories: Risk Monitoring and Control
6
7
8
9
43. IBM Global Services (ITS)
© 2004 IBM Corporation
43 Risk Management Fundamentals 10/30/15
ï§ Avoid
ï§ Accept
ï§ Transfer
ï§ Contain (kann neue Risiken erzeugen):
â Mitigation, specific actions to lower impact, probability or both
(wir tun was, die Kosten fallen jetzt an)
â Risk contingency planning, prepare a plan of action
(nur Plan vorbereiten fĂŒr den Fall, falls das Risiko eintritt)
ï§ Insure
ï§ Risk Reserve
â Risk contingency reserve (within project budget)
â Risk management reserve (outside project budget)
Analyse Respond Control ReactIdentify
Risk Response Planning Strategies
44. IBM Global Services (ITS)
© 2004 IBM Corporation
44 Risk Management Fundamentals 10/30/15
Factors to Consider When Planning Risk Response
ï§ Many factors influence the selection of a risk mitigation strategy,
including:
âą Project phase and application
âą Size
âą Priority
âą Complexity
âą Expense
âą Time available
âą Required level of detail
âą Ease of use
âą Resource availability
âą Contract type
âą Terms and conditions
âą The project manager's authority, accountability, and ability
âą Commitment from the project manager and upper management
âą Customer satisfaction
45. IBM Global Services (ITS)
© 2004 IBM Corporation
45 Risk Management Fundamentals 10/30/15
Risk Response Sheet
Response
strategy
Response actions Cost Effec. New risk as a result of the strategy
Accept none VG
Avoid
Transfer
Insure
Contain
Mitigate
Contain:
risk cont.
plan
Risk
reserve
Select best strategies: cost/effectiveness/new risk technique
(VG: very good, G: good, NG: not good)
reassess project risk â post response -> new impacts, probabilities, exposures,
normalized score
46. IBM Global Services (ITS)
© 2004 IBM Corporation
46 Risk Management Fundamentals 10/30/15
Impact of Different Risk Options
47. IBM Global Services (ITS)
© 2004 IBM Corporation
47 Risk Management Fundamentals 10/30/15
Remove high risk element(s) from proposal
Add assumptions to define boundaries of task / function / risk
Add appropriately skilled resources
Transfer responsibility to the customer - but be careful that customer
has the capability and commitment to perform (z.B. GBA !!)
Recommend phased development approach
Integrate special checkpoints by management
Include Level of Effort (LOE) tasks
Examine alternatives
Develop containment & contingency plans
Risk: Containment Actions
48. IBM Global Services (ITS)
© 2004 IBM Corporation
48 Risk Management Fundamentals 10/30/15
Ensure assumptions are accurate
Establish firm baseline
Detailed change control / management
Assume risk but add premium
Document analysis, tradeoffs, decisions
Contact other QA representatives for ideas
NOTE: Having a contingency plan does
not necessarily reduce the risk rating
Risk: Containment Actions (continued)
49. IBM Global Services (ITS)
© 2004 IBM Corporation
49 Risk Management Fundamentals 10/30/15
Risk Triggers
ï§ An important part of defining the risk containment plans is risk triggers.
ï§ Risk triggers are indicators that specify when an action needs to be
taken. The format for defining risk triggers is as follows: If the trigger
event happens, then initiate the action plan.
ï§ Examples of triggers and action plans include:
âą If the power is out for more than 30 minutes, start using the
generator.
âą If the product delivery from the OEM vendor is n days late, then
contact the other vendors to move their shipments back.
ï§ Effective triggers:
âą Provide an early warning, which gives the team enough time to
take appropriate action or focus extra attention on the risk
âą Do not initiate actions unnecessarily
âą Are easy to calculate and report
50. IBM Global Services (ITS)
© 2004 IBM Corporation
50 Risk Management Fundamentals 10/30/15
Agenda
1
2
3
4
What is Risk Management?
Why is Risk Management Important?
Risk Categories: Risk Management Planning
Risk Categories: Risk Identification
5 Risk Categories: Qualitative Risk Analysis
Risk Categories: Quantitative Risk Analysis
Recommendations and Summary
Risk Categories: Risk Response Planning
Risk Categories: Risk Monitoring and Control
6
7
8
9
51. IBM Global Services (ITS)
© 2004 IBM Corporation
51 Risk Management Fundamentals 10/30/15
Risk Monitoring and Control
ï§ Workaround plans, corrective action, project change requests, updates
to the risk response plan, a risk database (repository for information),
and updates to the risk identification checklists are all products of risk
monitoring and control.
ï§ Products from previously-discussed processes are used to create
these products (risk management plan, risk response plan) as well as
project communication, additional risk identification and analysis (as
part of the overall âControllingâ process), and scope changes.
ï§ Tools and techniques used are project risk response audits, periodic
risk reviews, earned value analysis, technical performance
measurement and additional risk response planning.
ï§ Watching and periodically reevaluating the risk for changes
52. IBM Global Services (ITS)
© 2004 IBM Corporation
52 Risk Management Fundamentals 10/30/15
Questions to Consider
ï§ Is the risk still possible / Is the event still risk?
ï§ Is the probability still the same?
ï§ Is the impact still the same?
ï§ Is the teamsÂŽs tolerance still the same?
ï§ Are there new risks?
53. IBM Global Services (ITS)
© 2004 IBM Corporation
53 Risk Management Fundamentals 10/30/15
Risk Tracking and Control
ï§ Critical success factors:
â execute the process
â reflect response strategies/actions in the
WBS
â develop alternatives
â communicate, get buy-in on selected
alternatives
â execute the action plan
ï§ Triggers:
â regular assessment
â key events
â Suppliers
â key changes
â human resources
â Technical
â Customer
â Competition
â other environmental changes
ï§ Risk Reaction
â analyse the impact of the risk occurrence
â update risk history
â âŠ
54. IBM Global Services (ITS)
© 2004 IBM Corporation
54 Risk Management Fundamentals 10/30/15
Risk Closure
ï§ Document the rationale for closure
ï§ Focus on information that can be used later, either within the
current project or by future projects. Example of the type of
information to be captured include:
â Successful containment plans and why they were successful
â Failed containment plans and the reason for that failure
â Risk relationships and dependencies that were not obvious
â Relevant data from various analyses, especially costs and benefits of
mitigation plans
ï§ Close the risk and update the status.
55. IBM Global Services (ITS)
© 2004 IBM Corporation
55 Risk Management Fundamentals 10/30/15
Agenda
1
2
3
4
What is Risk Management?
Why is Risk Management Important?
Risk Categories: Risk Management Planning
Risk Categories: Risk Identification
5 Risk Categories: Qualitative Risk Analysis
Risk Categories: Quantitative Risk Analysis
Recommendations and Summary
Risk Categories: Risk Response Planning
Risk Categories: Risk Monitoring and Control
6
7
8
9
56. IBM Global Services (ITS)
© 2004 IBM Corporation
56 Risk Management Fundamentals 10/30/15
Summary
ï§ Risk Management is iterative and continuous process for the life of a
project.
ï§ It is concerned with identifying, analyzing and responding to project risks.
ï§ The benefit of risk management process is safeguards that you have
done your best to minimize the probability and consequences of adverse
events.
ï§ Itâs a standard part of project management because it helps to make
educated decisions that are vital to the project success.
57. IBM Global Services (ITS)
© 2004 IBM Corporation
57 Risk Management Fundamentals 10/30/15
Recommendations
ï§ Risk identification needs more focus during the controlling process
(during the projectâs execution).
ï§ Positive risks need to be identified and managed to optimize project
success. (z.B. Image over IP)
ï§ Tools such as sensitivity analysis (tornado diagrams), utility functions,
influence diagrams, decision trees, and SMART analysis could aid risk
identification and quantification.
ï§ Involvement of program-level management in individual project risk
management oversight would ensure the same level of risk management
across program projects. Enforcement of the expected risk behavior and
minimum standards for risk management could be increased at the
project-level.
ï§ Increased priority and time available for risk management tasks at the
project-level could be implemented by program management.
58. IBM Global Services (ITS)
© 2004 IBM Corporation
58 Risk Management Fundamentals 10/30/15
Identify and understand risk event
Plan to handle risk events
Incorporate Risk Management into the Project Management Planning
Process
Use the right strategies (for example, containment or contingency) to fit
the situation
Monitor risk events on a regular basis
Reassess events after each risk event
Don't try to do it
SOLO
The Project Managers Role in Risk Management
60. IBM Global Services (ITS)
© 2004 IBM Corporation
60 Risk Management Fundamentals 10/30/15
Backup
61. IBM Global Services (ITS)
© 2004 IBM Corporation
61 Risk Management Fundamentals 10/30/15
Risk Identification Workshop
â Identification
â Prioritisation
â Quantification
â Response Development
â Mitigation Strategy
â Control
62. IBM Global Services (ITS)
© 2004 IBM Corporation
62 Risk Management Fundamentals 10/30/15
Utility Theory
ï§ Suppose that, after some questioning, the builder is able to make the
following statements:
ï§ 'I am indifferent between receiving $120,000 for certain or entering a
lottery that will give me a 0.9 probability of $150000 and a 0.1
probability of winning $0.â
ï§ 'I am indifferent between receiving $100,000 for certain or entering a
lottery that will give me a 0.85 probability of winning $150 000 and a
0.15 probability of winning $0.â
ï§ 'I am indifferent between receiving $80,000 for certain or entering a
lottery that will give me a 0.75 probability of winning $150 000 and a
0.25 probability of winning $0.'
63. IBM Global Services (ITS)
© 2004 IBM Corporation
63 Risk Management Fundamentals 10/30/15
Risk Analysis Tools
Utility Theory â Risk Adverse/Neutral/Seeking
ï risk adverse for dollar values below $100,000, but is a risk seeker at higher dollar values (above
$100,000). This is because the utility plot shows convex curvature at higher dollar values, and
concave curvature at lower dollar values.
64. IBM Global Services (ITS)
© 2004 IBM Corporation
64 Risk Management Fundamentals 10/30/15
Risk Analysis Tools
Decision Tree with Expected Utility
ï KontrĂ€res Ergebnis zum Decision Tree mit EVM
Editor's Notes To replace the title / subtitle with your own:
Click on the title block -&gt; select all the text by pressing Ctrl+A -&gt; press Delete key -&gt; type your own text
&lt;number&gt;
&lt;number&gt;
Project Management Institute (2000) A Guide to the Project Management Body of Knowledge (PMBoK), 2000 edn, Philadelphia, PMI
&lt;number&gt;
&lt;number&gt;
High Impact
Plane hits building
Earthquake
Stock Market Collapse
High Probability
Rate Increase
Customer Dependencies
Low Probability and Low Risk
Availability of Uni Students who know Basic Java
&lt;number&gt;
*Chapman, Chris and Steve Ward (1996). Why You Need Risk Management. Project Management
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
There are many tools and techniques which can assist in identifying risks. WBS is one that we have just discussed, but others include:
Peer reviews (QA1&apos;s)
Interviews and regular status meetings
Workshops
LL
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
Risks are determined to be near, mid, or far term potential events
This is the period when action is required to avoid or mitigate a risk
Obviously it is critical to take immediate action to mitigate high impact, high probability, near-term risks
You should strive to identify risks well before they become near-term
&lt;number&gt;
Questions to consider when assigning risks ownership:
Who could solve the risk?
Who would have the power and authority to allocate resources?
Who is accountable or can be help accountable for the risk?
Who has the time to manage the risk?
Who has the ability to take action?
$150,000 bid is better.
*Kwak (2003), Risk Management Course, George Washington University
&lt;number&gt;
&lt;number&gt;
PURPOSE: Ways to mitigate or contain risk (chart 1 of 2)
COMMENTS:
Consider these actions to mitigate the risk of a particular task
&lt;number&gt;
PURPOSE: Ways to mitigate or contain risk (chart 2 of 2)
COMMENTS:
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
Risk Management may equal PM, but it involves all players and team members.
Risk Management deals with project uncertainty
Measures organization or individual risk posture.
Measures organization or individual risk posture.
$100,000 bid is now better!