Chapter 1: The Nature of Information Technology Projects
Download
Report
Transcript Chapter 1: The Nature of Information Technology Projects
Information Technology
Project Management
by Jack T. Marchewka
Power Point Slides by Richard Erickson, Northern Illinois University
Copyright 2003 John Wiley & Sons, Inc. all rights reserved. Reproduction or translation of this work beyond
that permitted in Section 117 of the 1976 United States Copyright Act without the express permission of
the copyright owner is unlawful. Request for further information information should be addressed to the
Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own
use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or
damages caused by the use of these programs or from the use of the information contained herein.
1-1
Chapter 8 – Managing Project Risk
1-2
Chapter 8 Objectives
• Describe the project risk management
planning framework introduced in this chapter.
• Define risk identification and the causes,
effects, and integrative nature of project risks.
• Apply several qualitative and quantitative
analysis techniques that can be used to
prioritize and analyze various project risks.
• Describe the various risk strategies, such as
insurance, avoidance, or mitigation.
• Describe risk monitoring and control.
• Describe risk evaluation in terms of how the
entire risk management process should be
evaluated in order to learn from experience
and to identify best practices.
1-3
The Baseline Project Plan is
based on:
• Our understanding of the current
situation
• The information available
• The assumptions we make
1-4
“Although no one can predict the
future with 100 percent accuracy,
having a solid foundation , in
terms of processes, tools, and
techniques, can increase our
confidence in these estimates.”
1-5
Common Mistakes in Managing
Project Risk
• Not Understanding the Benefits of Risk
Management
• Not Providing Adequate Time for Risk
Management
• Not Identifying and Assessing Risk
Using a Standardized Approach
1-6
Effective and successful project
risk management requires:
• Commitment by all stakeholders
• Stakeholder Responsibility
– each risk must have an owner
• Different Risks for Different Types of
Projects
1-7
PMBOK Processes of Risk
Management
•
•
•
•
•
•
Risk Management Planning
Risk Identification
Qualitative Risk Analysis
Quantitative Risk Analysis
Risk Response Planning
Risk Monitoring and Control
1-8
IT Project Risk Management
Planning Process
• PMBOK definition of Project Risk
– An uncertain event or condition that, if it occurs, has
a positive or negative effect on the project
objectives.
• PMBOK definition of Project Risk Management
– The systematic process of identifying, analyzing, and
responding to project risk. It includes maximizing the
probability and consequences of positive events and
minimizing the probability and consequences of
adverse events.
1-9
IT Project Risk Management Process
1-10
IT Project Risk Management
Planning Process
• Risk Planning
– Requires a firm commitment to risk
management from all project stakeholders
– Ensures adequate resources to plan for and
manage risk
– Focuses on preparation
1-11
IT Project Risk Management
Planning Process
• Risk Identification of:
– Threats and opportunities
– Causes and effects of each risk
– Effective strategies for and responses to
risk
1-12
IT Project Risk Management
Planning Process
• Risk Assessment
– What is the likelihood of a particular risk
occurring?
– What is the impact on the project if it
does occur?
1-13
IT Project Risk Management
Planning Process
• Risk Strategies
– Accept or ignore the risk
– Avoid the risk completely.
– Reduce the likelihood or impact of the
risk (or both) if the risk occurs.
– Transfer the risk to someone else (i.e.,
insurance).
1-14
IT Project Risk Management
Planning Process
• Risk Monitoring and Control
• Risk Response
• Risk Evaluation
–
–
–
–
How did we do?
What can we do better next time?
What lessons did we learn?
What best practices can be incorporated in
the risk management process?
1-15
IT Project Risk Framework
1-16
Identifying IT Project Risks
• Tools and Techniques
–
–
–
–
–
–
–
–
–
Learning Cycles
Brainstorming
Nominal Group Technique (NGT)
Delphi Technique
Interviewing
Checklists
SWOT Analysis
Cause and Effect Diagrams
Past Projects
1-17
Identifying IT Project Risks
• Nominal Group Technique (NGT)
– a. Each individual silently writes her or his ideas on a piece of
paper
– b. Each idea is then written on a board or flip chart one at a
time in a round-robin fashion until each individual has listed all
of his or her ideas.
– c. The group then discusses and clarifies each of the ideas.
– d. Each individual then silently ranks and prioritizes the ideas.
– e. The group then discusses the rankings and priorities of the
ideas.
– f. Each individual ranks and prioritizes the ideas again.
– g. The rankings and prioritizations are then summarized for the
group.
1-18
SWOT Analysis
1-19
Cause and Effect Diagram
• Identify the risk in terms of a threat or
opportunity.
• Identify the main factors that can cause
the risk to occur.
• Identify detailed factors for each of the
main factors.
• Continue refining the diagram until
satisfied that the diagram is complete.
1-20
Cause and Effect Diagram
1-21
Risk Analysis and Assessment
• Qualitative Approaches
–
–
–
–
–
Expected Value – probability weighted sum
Payoff Table
Decision Trees
Risk Impact Table
Tusler’s risk classification scheme
1-22
Expected Value of a Payoff Table
Schedule Risk
A
Probability
B
Payoff (in 000s)
A+B
Prob. * Payoff
Project completed
20 days early
5%
$200
$10
Project completed
10 days early
20%
$150
$30
Project completed
on schedule
50%
$100
$50
Project completed
10 days late
20%
$ --
$ --
Project completed
20 days late
5%
$ (50)
$ (3)
100%
$88
Expected Value
1-23
Decision Tree Analysis
1-24
Tusler’s Risk Classification Scheme
1-25
Risk Analysis and Assessment
• Quantitative Approaches
– Discrete Probability Distributions
• Binomial
– Continuous Probability Distributions
• Normal
• PERT
• Triangular
– Simulations
1-26
Binomial Probability Distribution
1-27
Normal Distribution
1-28
Normal Distribution
• shape is determined by its mean (µ) and
standard deviation ()
• Probability is associated with area under the
curve.
• Since the distribution is symmetrical, the
following probability rules of thumb apply
– About 68 percent of all the values will fall between
+1 of the mean
– About 95 percent of all the values will fall between
+2 of the mean
– About 99 percent of all the values will fall between
+3 of the mean
1-29
PERT Distribution
1-30
PERT Distribution
• PERT distribution uses a three-point
estimate where:
– a denotes an optimistic estimate
– b denotes a most likely estimate
– c denotes a pessimistic estimate
• PERT Mean = (a + 4m + b) / 6
• PERT Standard Deviation = (b - a) / 6
1-31
Triangular Distribution
1-32
Triangular Distribution
• uses a three-point estimate similar to the
PERT distribution where:
– a denotes an optimistic estimate
– b denotes a most likely estimate
– c denotes a pessimistic estimate
• weighting for the mean and standard deviation
are different from PERT
– TRIANG Mean = (a + m + b) / 3
– TRIANG Standard Deviation =
[((b-a)2 + (m-a)(m-b)) /18]1/2
1-33
Simulations
• Monte Carlo
– a technique that randomly generates
specific values for a variable with a specific
probability distribution.
– goes through a specific number of iterations
or trials and records the outcome.
– @risk
• Sensitivity Analysis
– Tornado Graph
1-34
Risk Simulation Using @Risk for
Microsoft Project
1-35
Output from Monte Carlo Simulation
1-36
Cumulative Probability Distribution
1-37
Sensitivity Analysis Using a
Tornado Graph
1-38
Risk Strategies
• Function of:
– The nature of the risk itself
– The impact of the risk on the project’s MOV
and objectives
– The project’s constraints in terms of scope,
schedule, budget, and quality
– requirements
1-39
Risk Strategy Alternatives
• Accept or Ignore
– Management Reserves
– Contingency Reserves
– Contingency plans
• Avoidance
• Mitigate – Reduce likelihood and/or
impact
• Transfer – e.g. insurance
1-40
Risk Response Plan should include:
• The project risk
• The trigger which flags that the risk has
occurred
• The owner of the risk (i.e., the person or
group responsible for monitoring the risk and
ensuring that the appropriate risk response is
carried out)
• The risk response based on one of the four
basic risk strategies
1-41
Risk Monitoring and Control
• tools for monitoring and controlling
project risk
– Risk Audits by external people
– Risk Reviews by internal team members
– Risk Status Meetings and Reports
1-42
Project Risk Radar
1-43
Risk Response and Evaluation
• lessons learned and best practices help us to:
– Increase our understanding of IT project risk in
general.
– Understand what information was available to
managing risks and for making
– risk-related decisions.
– Understand how and why a particular decision was
made.
– Understand the implications not only of the risks but
also the decisions that
– were made.
– Learn from our experience so that others may not
have to repeat our mistakes.
1-44