Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Risk Management
(Murphy’s law)
Risk
• Hazard
• Chance of bad consequence or loss
• Exposure to mischance
Risk Definition
• Documents revision
• Learning Cycles
• Brainstorming
• Nominal Group Technique
• Delphi Technique (described in effort estimation)
• Interviews
• SWOT Analysis
• Cause & Effect (a.k.a. Fishbone/Ishikawa)
• Checklists
Maria do Rosário Bernardo
9
GPI - Gestão de Projectos Informáticos
Risk categories
• Business risks
• Insurable risks
• External : Unpredictable
• External : Predictable but Uncertain
• Internal : Technical
• Internal : Non-technical
• Legal
checklists
Unclear
No or poor Requirements PM not involved in No / little experience of
customer New environment
business case not agreed initial planning suppliers
structure
More than one Poor access to Requirements Project very large with Development and live Suppliers in poor
customer stakeholders incomplete quick building-up environment differ financial state
Internal Requirements
Inappropriate Estimates not based Restricted access to Difficulty to stage tests
customer not detailed
contract type in metrics environment of items
policies enough
No single
Poor scope Users not Developers lack key Lack of technical Use of proprietary
document of
definition committed skills support products
requirements
Risk assessment
Risk (Threats)
Risk Assess
3 x 3 ; 4 x 4 ; 5 x 5 ...
LOW ; MED ; HIGH
VLO ; LO ; MED ; HI ; VHI
MED
Medium
R1
==>
LO Reduction actions
R3
VLO
Low
Only Control
VLO LO MED HI VHI
Consequence
Maria do Rosário Bernardo
GPI - Gestão de Projectos Informáticos
Risk assessment
Evaluation scale example
Base : IT Project – 1 year; 1.000 K€
Consequences
NIL -- 0 0
Risk Assessment
Prabability
Team assessment Historical Recors
Risk Assessment
Impact on other
Direct Consequence elements of the Impact on project Impact on business
project
VL 1 project activity No No No
Set of activities
L Reduced No No
or 1 WP
Top-down approach
– Key risk factors are identify and assessed at high level of WBS
– Allows to analyse interrelationships
Bottom-up approach
– Risks are identified at a low level of WBS
– Prepare contingency plans
Risk Treatment
• Avoidance:
– decision not to become involved in, or action to withdraw from, a risk
situation
• Mitigation:
– actions taken to lessen the probability, negative consequences, or
both, associated with a risk
• Deflection:
– sharing with another party the burden of loss or benefit of gain, for a
risk (deflect the risk)
• Contingency:
– Create a plan to react to the risk, if it occurs
Maria do Rosário Bernardo
23
GPI - Gestão de Projectos Informáticos
Risk Avoidance
Risk Transfer
Risk - Contingency
Allowances (provisões)
• Add it to WBS level – where the risk was identified
• Project
• Work Package
• Activity
Maria do Rosário Bernardo
GPI - Gestão de Projectos Informáticos
Risk – Contingency
Example : Allowance
Risk – Contingency
Example : Allowance
0,9
VHI
0,045 0,09 0,18 0,36 0,72 HIGH
Proj Reevaluation
0,7 IF "GO" ==>
0,035 0,07 0,14 0,28 0,56 reduction actions
HI
Probability
0,5
MED
0,025 0,05 0,1 0,2 0,4 MED
==>
0,3 reduction actions
0,015 0,03 0,06 0,12 0,24
LO
0,01
VLO
0,005 0,01 0,02 0,04 0,08 LOW
Risk Register
Risk communication
Control Risks
Purpose
minimise disruption to the project by determining
whether the risk responses are executed and
whether they have the desired effect
Control Risks
Control is achieved by
– keeping track of the identified risks,
– identification and analysis of newly arising risks,
– monitoring trigger conditions for contingency plans
– reviewing progress on risk responses,
– evaluating risk responses effectiveness
Risks re-evaluation