Transcript Risk
Information Systems/Technology
Management
Risk and Risk Management:08
Presented by
Professor Dan Remenyi
[email protected]
Risk of Failure on the increase
Not many organisations undertake risk
analysis and management
The risk of project failure is on the
increase
There are a number of causes why
project failure is on the increase
The relative costs of IS
development
H a r d w a r e C o s ts
S o ftw a r e C o s ts
O r g a n is a tio n a l
C o s ts
1970
2000
Process complexity
Many of the current IT projects address
quite sophisticated organisational
processes
These processes require considerable
organisational changes
The cognitive, personal, and
political issues
Personal and
Interrelationship
Issue
Cognitive
or
perception issues
IS
Project Risk
Corporate
political issues
The three dimensions of the
concept of project risk
Control
Costs
A
-
B
Time
Z
Risk
Deliberately avoiding project
risks
Risk entropy
Control
Costs
A
-
B
Time
Z
Risk
The Risk and Time Equation
Project Risk profile
sin
Risk
e
Tim
rea
c
in
isk
r
g
Inf
orm
ati
on
r
edu
cin
gr
Time
isk
Time
constraint
The risk and costs/time
isoquant
III
A.
Risk
I
II
.D
B.
C
Cost/Time
.
Unlikely Events
Urgent Attention
6
5
4
Seriousness
7
8
9
High
10
The risk positioning diagram
Irritations
1
2
3
Under Control
Low 1
High
2
3
4
5
6
Probability
7
8
9
10
db
Unlikely Events
ad
6
7
mw
qr
5
ii
is
rw
Irritations
Under Control
1
2
3
4
Seriousness
Urgent Attention
lc
lf
8
9
High
10
A completed risk-positioning
diagram
Low 1
High
2
3
4
5
6
Probability
7
8
9
10
Systems developing life cycle
Cost
Construction
Analysis
Commissioning
Maintenance
Time
Feasibility
Design
Testing
Stages and Risks
Feasibility
Misunderstanding of the nature of problems,
opportunities or technology and the poor
estimation of benefits and costs.
Analysis
Lack of understanding as to the detailed
activities required to provide a solution.
Design
Misinterpretation of the work done during the
analysis or faulty analysis.
Stages and Risks
Specification
Incomplete work. Previous
analysis and design.
errors
in
Production
Inappropriate development tools. Bugs in
the development tools. Staff do not know
how to use the tools adequately.
Stages and Risks
Testing
The system is too big to adequately test in a
timeframe that is perceived as being appropriate.
Inappropriate test data or routines used.
Commissioning
Not enough attention given by users. Done too
fast.
Risk continues into the post commissioning
era
Systems developing life cycle
with Risk
Cost
Construction
Analysis
Commissioning
Maintenance
Time
RISK
Feasibility
Design
Testing
Major Risk Taxonomies
All other things being equal
risk is a function of:
Implementation problems
Conceptualisation problems
Size
Implementation problems
There are at least 2 groups of
implementation problems
Problems related to the technology
Problems related to the structuredness of
the application
different degrees of risk
High Technical
Inexperience
LowTechnical
Inexperience
Q1
Very high risk
Q2
Medium risk
Q3
Lowish risk
(with potential to
become greater)
Q4
Low risk
Low Structuredness
High Structuredness
approaches to projects with
different risk profiles
High Technical
Inexperience
LowTechnical
Inexperience
Intensive risk
management
procedures
Strong focus
on acquiring
expertise
Emphasise
understanding
the user
Routine
management
control
Low Structuredness
High Structuredness
Management activity required
with different risk profiles
High Technical
Inexperience
LowTechnical
Inexperience
Continuous
management &
costing intervention
Buy-in skills and
redevelop staff
Extensive user
education
Low frequency,
low cost
management
Low Structuredness
High Structuredness
Failures of
conceptualisation
High
Little or no
take-up
No
delivery
Competitive
advantage
Expensive
solution
Client
misunderstanding
Low
Low
Technology
misunderstanding
High
Determinism versus Risk
analysis
Determinism
Single points estimates
Once only calculations
Risk analysis
Range estimates
Multiple calcualtiuons
Risk Analysis Input
Capital Investment Appraisal for Continental Products Ltd
Costs in 000's
Hardware
Software
Commissioning
Total
Lowest
250
150
200
600
Highest
500
250
300
1050
An influence diagram
Graphical representation of risk
analysis results for IRR
350
IRR
300
250
Frequency
200
150
100
50
0
0.164
0.172
0.180
0.188
0.196
0.204
Distribution
0.212
0.219
0.227
0.235
0.243
Risk analysis results on NPV
450
400
NPV (FDR)
350
Frequency
300
250
200
150
100
50
0
-371550.465 -332257.568-292964.672 -253671.776-214378.880 -175085.984-135793.088 -96500.192 -57207.296 -17914.400 21378.496
Distribution
Results of the risk simulation
Risk Analysis on NPV
800
700
600
500
400
300
200
100
0
-680
-580
-480
-380
-280
-180
-80
20
NPV
120
220
320
420
520
620
The statistical results of the
risk simulation
Descriptive statistics
Mean
Standard Error
Median
Mode
Standard Deviation
Sample Variance
Kurtosis
Skewness
Range
Minimum
Maximum
Sum
Count
Confidence Level (95.000%)
-77
4
-78
#N/A
252
63446
-1
0
1233
-676
557
-386379
5000
7
The new range of estimates
Capital Investment Appraisal for Continental Products Ltd
Costs in 000's
Hardware
Software
Commissioning
Total
Lowest
250
150
200
600
Highest Average-M L Risk data
500
375
410
250
200
166
300
250
233
1050
825
891
Results of the risk simulation
Risk Analyis on NPV
1200
1000
Probabilities
800
600
400
200
0
-38.1069 58.1135 154.3339 250.5543 346.7747 442.9951 539.2155 635.4359 731.6563 827.8767 924.0971 1020.318 1116.538 1212.758
NPV
The 3 dimensions of Risk
Management
Risks related to the business and to
how it is managed
Risks related to the construction pr
development application process
Risks related to the architectural
infrastructure of the organisation
Key risks jigsaw
A1
Technical
competence
D1
Estimation
and planning
B1
Understanding
Knowledge
A2
Technology
platform
D2
Staff turnover
B2
Buy-in/
commitment
Foundation
A3
Technology
life cycle
D3
Development
tools
B3
Business change
Timing
The major consequences of
each risk
A
Consequence
A Consequence
2
1
D Consequence
D Consequence
2
1
B Consequence
1
Knowledge
B Consequence
2
Foundation
A
Consequence
3
D Consequence
3
B Consequence
3
Timing
Full consequences jigsaw
A1
Quality
A2
Instability
A3
Business
advantage
D1
Aggro and
distrust
D2
Delays
D3
Re-work
B1
Waste
Knowledge
B2
IS islands
B3
Relevance lost
Foundation
Timing
Jigsaw showing the full
driver set
A1
Human
resources
planning
D1
Project management skills
B1
Unrealistic
expectations
Knowledge
A2
Technological
vision
D2
Staff
satisfaction
B2
Lack of
centralness
Foundation
A3
Architectural infrastructure
D3
Budget and
research
B3
Change aversion
Timing
Risk action jigsaw
A Action
1
D Action
1
B Action
1
Knowledge
A Action
2
D Action
2
A Action
3
D Action
3
B Action
2
B Action
3
Foundation
Timing
The complete actions jigsaw
A1
Outsource,
recruit, train
D1
Project
management
A2
Match
D2
Staff
management
B1
Education
B2
Involvement
Knowledge
Foundation
A3
Postpone
& research
D3
Replacement
B3
Contingency
planning
Timing
Acceptable levels of risk
TR3
BR1
4
3
TR2
BR2
2
1
0
TR1
BR3
DR3
DR1
DR2
The risk profile for a
project
TR3
BR1
4
3
TR2
BR2
2
1
0
TR1
BR3
DR3
DR1
DR2
Acceptable risk levels and
actual risk levels
TR3
BR1
4
3
TR2
BR2
2
1
0
TR1
BR3
DR3
DR1
DR2
Revised risk profile compared
with acceptable risk profile
TR3
BR1
4
3
TR2
BR2
2
1
0
TR1
BR3
DR3
DR1
DR2
The risk profile for a
project
TR3
BR1
4
3
TR2
BR2
2
1
0
TR1
BR3
DR3
DR1
DR2