Presentation made by Robert Venczel at the PMI OVOC 10th Annual Project Management
Symposium (12-14 October 2010, Ottawa, Ontario, Canada)
More info at http://www.pmiovoc.org/files/Events/Symposium.html
Call Girls Electronic City Just Call đ 7737669865 đ Top Class Call Girl Servi...
Â
Managing Risk And Opportunity In IT Projects
1. PMI OVOC 10th Annual
Project Management Symposium
October 12 â 14, 2010
Unleashing the Power of
Project Management
Template V3
Managing Risk and Opportunity
in IT Projects
Robert Venczel
2. 3 Key Learning Points
1. Describe the risk management process
â Definitions, utility theory, steps, responsibilities, etc.
â Corporate strategy relationship
2. Explain the RiskIT Model
â IT goals, associated metrics, and IT-related risks
â IT project risk management
â Risk scenarios and implementation of controls
3. Application of IT risk management
â Case study
2Presented at PMI OVOC Project Management Symposium 2010
3. Your Presenter
⢠Robert Venczel, MBA, CMA, CISA, PMP, CIA
⢠Bivium Executive Consulting Ltd.
⢠Over 18 years of management consulting experience
in both public and private sectors in the areas of:
â Project and programme risk management
â IT project management and governance
â IT audit
â Business strategy
3Presented at PMI OVOC Project Management Symposium 2010
4. Agenda
⢠Risk Management Process â A Quick Review
⢠Project Risk Management
⢠IT Risks vs. Overall Risk Universe
⢠IT Project Risk Management Continuum
⢠Case Study â SuperSoftware Inc.
4Presented at PMI OVOC Project Management Symposium 2010
5. What is Risk?
⢠Risk is defined as this uncertainty of outcome,
whether positive opportunity or negative threat, of
actions and events.*
*Orange Book (UK) Definition
5Presented at PMI OVOC Project Management Symposium 2010
6. RM Process
⢠Risk Identification
⢠Risk Assessment
⢠Risk Mitigation and Monitoring
⢠Risk Reporting
6Presented at PMI OVOC Project Management Symposium 2010
7. The Riskit Risk Management Cycle
7Presented at PMI OVOC Project Management Symposium 2010
Source: Kontio, J , Getto, G. and Landes. D. (1998),Experiences in improving risk management processes using the concepts of Riskit
method, SIGSOFTâ98 sixth International Symposium on the Foundations of Software Engineering.
8. Risk Identification
⢠Types of risk:
â Organization-wide vs. programme/project
â External vs. internal
â Inherent vs. residual
⢠Risk identification:
â Using common methodology
â From top down and from bottom up
⢠Part of short- and long-term business planning
process
⢠Continuous not a one-time exercise
8Presented at PMI OVOC Project Management Symposium 2010
9. Risk Assessment
⢠Utility theory
⢠Likelihood and impact
⢠Need to develop a simple scoring/weighting
methodology that can be applied on a consistent
basis across the organization.
9Presented at PMI OVOC Project Management Symposium 2010
11. Addressing Risks / Risk Tolerance
ď˝ Tolerate
ď˝ Treat
ď˝ Transfer
ď˝ Terminate
ď˝ Risk tolerance vs. risk appetite
11Presented at PMI OVOC Project Management Symposium 2010
12. Risk Management/Risk Mitigation
⢠Identification of mitigating actions and controls
⢠Ensuring that mitigating actions and controls are
implemented (risk owners)
⢠Monitoring and reporting on the effectiveness of
mitigating actions and controls
⢠Reporting and escalating problems up the
management chain
12Presented at PMI OVOC Project Management Symposium 2010
13. Risk Mitigation Plan
⢠Choosing the most appropriate âtreatmentâ or
combination of treatment options
⢠Costs and efforts vs. benefits
⢠Risk treatment itself can introduce risks
13Presented at PMI OVOC Project Management Symposium 2010
14. Risk Monitoring and Reporting
⢠Review periodically:
â If the status of risks has changed or new risks emerged
â The effectiveness of the mitigation strategies against
indicators
â The validity of the initial assumptions
â The existence of appropriate contingency plans
⢠Reporting:
â Status, performance and results
â Trends and patterns
14Presented at PMI OVOC Project Management Symposium 2010
15. RM Responsibilities for Risk Owners vs.
Risk Managers
â Risk Owners:
⢠Deemed ultimately accountable for the effective management of specific risk
categories
⢠Do not necessarily own or control all aspects of the risk
⢠Depend on others to help mitigate the risks
⢠Risk Managers:
⢠Responsibility for the risk management process
⢠Have the authority to manage risks
15Presented at PMI OVOC Project Management Symposium 2010
17. Opportunity vs. Risk
⢠On the positive side⌠new business initiatives
successfully enabled by IT
⢠On the negative side⌠IT projects misaligned
with the strategic objectives; waste of
resources due to failed projects; etc.
17Presented at PMI OVOC Project Management Symposium 2010
18. Defining IT Goals and Enterprise
Architecture for IT
18Presented at PMI OVOC Project Management Symposium 2010
Source: ISACAâs COBITÂŽ 4.1 Framework for IT Governance and Control (2007)
19. IT Risk vs. Overall Risk Universe
19Presented at PMI OVOC Project Management Symposium 2010
Source: ISACAâs The Risk IT Framework (2009)
20. IT Project Risk Management Continuum
20Presented at PMI OVOC Project Management Symposium 2010
Needs and
Requirements
Specifications
Contractor/Team
Selection
Design and
Development
Systems
Integration
Conceptual
Design
Demonstration/
Validation
Engineering,
Manufacturing,
Development,
and Production
Maintenance
and Major
Upgrade
21. System Complexity vs. Risk
21Presented at PMI OVOC Project Management Symposium 2010
Risk(technical;cost;schedule)
Complexity (technology; team; expertise; etc.)
22. IT Risk Management Supports Success
By enabling IT project management to:
⢠Deal effectively with potential future events that
create uncertainty.
⢠Respond in a manner that reduces the likelihood that
objectives will not be achieved and increases the
likelihood of success.
22Presented at PMI OVOC Project Management Symposium 2010
23. Practicing Risk Management
⢠Integrate IT project risk management with business planning
and priority setting
⢠Promote use of the common language, framework, and
process
⢠Use common tools, techniques and models for risk mapping
and monitoring
⢠Use of risk management concepts in decision making and
reporting
⢠Consult and communicate with internal and external
stakeholders throughout the process
⢠Monitor, evaluate, and adjust systems, processes, and
practices
23Presented at PMI OVOC Project Management Symposium 2010
24. IT Project Risk Scenario Example
24Presented at PMI OVOC Project Management Symposium 2010
Beta Test
Successful
Users not ready to
use the new
software
Cost: $15K+
Unsuccessful
Project terminated
because of changed
business priorities
Cost: $100K+
Project delayed
Time: 1 month
Cost: $20K+
Software development project
25. Case Study â SuperSoftware Inc.
⢠Software development project
⢠Stakeholders
⢠Team
⢠Risks
⢠Evaluation of risks (quantitative vs. qualitative)
⢠Mitigation, monitoring and reporting
⢠Lessons learned
25Presented at PMI OVOC Project Management Symposium 2010
26. Conclusions
⢠Get senior managementâs buy in and support for a
risk-aware culture.
⢠Use risk management people who understand the
business and information technology, and are also
good communicators.
⢠Successful IT risk management is all about
connection and alignment with business strategy.
26Presented at PMI OVOC Project Management Symposium 2010
27. Additional Resources
⢠Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk
Management â Integrated Framework
⢠Risk management: Principles and guidelines - International Standard, ISO 31000: 2009
⢠Australian/New Zealand Standard for risk management - AS/NZS 4360:2004
⢠Risk management policies, directives and standards developed by the Treasury Board
Secretariat (TBSâs) to guide good management across the Canadian Federal Government:
â Integrated Risk Management Framework (IRMF)
â Integrated Risk Management Implementation Guide
â Policy on Active Monitoring
â Risk Management Policy
â Draft Core Management Controls
â Management Accountability Framework (MAF) criteria.
⢠PMIâs PMBOK Guide, Fourth Edition (2008)
⢠ISACAâs COBITÂŽ 4.1 Framework for IT Governance and Control (2007)
⢠ISACAâs The Risk IT Framework (2009)
⢠ISACAâs The Risk IT Practitioner Guide (2009)
27Presented at PMI OVOC Project Management Symposium 2010
28. For more informationâŚ
⢠Thank you for your participation today!
⢠For more information on the contents of this
presentation, please feel free to contact me as
follows:
â Robert Venczel, MBA, CMA, CISA, PMP, CIA
â Bivium Executive Consulting Ltd.
⢠âAchieving Excellence Through Changeâ
â rvenczel@biviumconsulting.ca
â 613-843-7629
28Presented at PMI OVOC Project Management Symposium 2010
29. Copyright Notice
⢠The contents of this presentation are Copyright Š 2010 by the
presenter and PMI OVOC.
⢠Permission is granted for participants to print the
presentation handouts for use during the conference and
later personal reference.
⢠PMI OVOC reserves the right to store this content for archival
purposes as a record of conference proceedings and to
publish this content electronically for the purpose of
disseminating conference proceedings to conference
participants.
⢠All other use, storage, retrieval, distribution, or reproduction
must be authorized in advance, in writing.
29Presented at PMI OVOC Project Management Symposium 2010