7 - Defining the Project Budget and Risk Plans Flashcards
What are the main topics covered in this chapter?
Security, budgeting, risk activities and strategies for your project
What are the four types of security mentioned?
- Physical security
- Operational security
- Digital security
- Data security
What constitutes the classic definition of the triple constraints?
- Scope statement
- Schedule
- Budget
Define a security policy.
A document outlining the minimum standards required to secure the organization’s technology-related systems, assets, and data
What sections are typically included in a security policy?
- Purpose
- Scope
- Definitions
- Appendix
- Roles and responsibilities
What is the purpose section of a security policy?
It states what the policy is protecting and why
What does the scope section of a security policy define?
The people impacted by the policy and a description of the systems covered
What is the difference between a policy and a procedure document?
A policy outlines what to accomplish, while a procedure outlines how to accomplish it
List some examples of IT security policies.
- Acceptable use policy
- Protection for electronic confidential information
- Network and system configuration
- Cybersecurity incident response
- Acquisition and disposal of technology assets
What is an acceptable use policy?
A policy instructing how to use the organization’s technology resources
What are branding restrictions in the context of security?
Regulations related to trademarks, copyrights, and patents
What is a trademark?
A symbol used to identify a company, brand names, logos, etc.
How are security clearances categorized for government organizations?
- Confidential
- Secret
- Top secret
What is operational security?
Policies for performing background checks and security clearances
What does digital security focus on?
Access and permissions to digital assets
What is multifactor authentication (MFA)?
A process requiring two or more methods to verify a user’s identity during sign-in
What is data classification?
Describing data according to its sensitivity, type, and value to the organization
What are two types of sensitive data classifications mentioned?
- Personally identifiable information (PII)
- Personal health information (PHI)
What is the ‘need-to-know’ principle?
Information should only be shared with those who need it to perform a task
What is the primary role of a project manager regarding project costs?
Estimating costs to complete the work of the project and determining the project budget
What are the four cost-estimating techniques?
- Analogous (top-down)
- Parametric
- Bottom-up
- Three-point estimates
True or False: Cost estimates become final once the cost baseline is determined.
True
What are the four techniques for cost estimating discussed?
Analogous, parametric, bottom-up, and three-point estimates.
What is analogous estimating also known as?
Top-down estimating.
At what stage is an analogous estimate typically performed?
During the early stages of scope planning.
What does an analogous estimate rely on?
Historical data and expert judgment.
Which estimating technique is the least accurate?
Analogous estimating.
What is parametric estimating based on?
A mathematical model that computes costs using the quantity of work multiplied by the rate.
What is the most precise cost-estimating technique?
Bottom-up estimating.
What critical inputs are needed for a bottom-up estimate?
The WBS and project resource requirements.
What does the sum of all work package estimates provide?
The estimate of the total project cost.
What is the difference between work effort and activity duration?
Work effort is the total time to complete a task, while activity duration is the estimated time it will take.
What are three-point estimates based on?
The most likely estimate, optimistic estimate, and pessimistic estimate.
How is the three-point estimate calculated?
By averaging the sum of the most likely, optimistic, and pessimistic estimates.
What should you document when performing cost estimates?
Any assumptions made during the estimating process.
What is the purpose of the project budget?
To aggregate all cost estimates and establish a cost baseline for the project.
What are capital expenses typically associated with?
Assets providing long-term benefits.
What types of expenses do project budgets usually include?
Salary, hardware, software, travel, training, and materials.
Who is ultimately accountable for project expenditures?
The project manager.
True or False: Bottom-up estimates are the most time-consuming to perform.
True.
Fill in the blank: The cost estimate is calculated by multiplying the _______ for each resource by the rate for that resource.
work effort.
What is a key consideration when using parametric estimating?
The accuracy of the data used to create the model.
What should you do to ensure comprehensive cost estimating?
Brainstorm with your project team and subject matter experts.
What is the most likely estimate in three-point estimating?
The estimate assuming costs will come in as expected.
What potential costs should be discussed during team brainstorming?
Special training and travel costs.
What is the role of accounting or finance departments in budget tracking?
They may perform the actual tracking of expenses.
What is a loaded rate?
A percentage of the employee’s salary that covers benefits.
What may the project budget include regarding expenses?
Both capital expenses (CapEx) and operational expenses (OpEx).
What are capital expenses?
Expenses for assets providing long-term benefits, such as:
* Equipment purchases
* Software purchases
* Building purchases
* Vehicle purchases
Capital expenses are managed differently than operational expenses.
What are operational expenses?
Expenses for day-to-day operations, including:
* Administrative costs
* Training
* Travel
* Supplies
* Salaries
* Rent
Understanding cost categories is essential for tracking resources.
What is a project budget?
A financial plan outlining estimated costs for a project, varying by project type.
How can project budgets be created?
Budgets can be created in:
* Spreadsheet format
* Budgeting software
They may be divided into monthly or quarterly increments.
What is a contingency reserve?
Funds set aside to cover unexpected costs due to:
* Scope creep
* Risks
* Change requests
* Variances in estimates
Typically a percentage of total project cost.
What is a management reserve?
Funds allocated by upper management for unforeseen costs, requiring approval for use.
What is the difference between contingency and management reserves?
Contingency reserves are controlled by the project manager, while management reserves require upper management approval.
What is a cost baseline?
The total approved expected cost for the project, used to measure future expenditures.
What is the purpose of expenditure tracking?
To measure project spending, determine burn rate, and compare actual expenditures to the cost baseline.
What is a budget burndown chart?
A visual representation showing the burn rate of the budget over time.
What is earned value management (EVM)?
A performance measurement technique comparing planned value, earned value, and actual costs.
Define Planned Value (PV).
The cost of work authorized and budgeted for a specific schedule activity.
Define Actual Cost (AC).
The actual cost incurred for completing a work component during a specific time period.
Define Earned Value (EV).
The value of work completed to date, expressed as a percentage of the planned budget.
What is Cost Variance (CV)?
The difference between earned value and actual cost, indicating if costs are over or under budget.
What is Schedule Variance (SV)?
The difference between earned value and planned value, indicating schedule performance.
What are Performance Indexes?
Metrics used to calculate efficiency and predict future project performance, including CPI.
Fill in the blank: The formula for Cost Variance (CV) is CV = ______ - AC.
EV
Fill in the blank: The formula for Schedule Variance (SV) is SV = ______ - PV.
EV
True or False: Management reserves are included in the project budget.
False
What should be communicated to the project stakeholders regarding the budget?
The cost baseline and any specific budget information they require.
What is the burn rate?
The rate at which project funds are spent over time.
What is the significance of a negative Cost Variance?
It indicates that costs are higher than budgeted.
What are efficiency indicators for project performance?
EV and SV
EV stands for Earned Value, and SV stands for Schedule Variance.
What do cost performance index (CPI) and schedule performance index (SPI) measure?
CPI measures cost efficiency; SPI measures schedule efficiency.
How is the cost performance index (CPI) calculated?
CPI = EV / AC
What does a CPI greater than 1 indicate?
Spending is less than anticipated.
What does a CPI less than 1 indicate?
Spending is more than anticipated.
How is the schedule performance index (SPI) calculated?
SPI = EV / PV
What does an SPI greater than 1 indicate?
Performance is better than expected.
What does an SPI less than 1 indicate?
Performance is worse than expected.
What is burn rate?
The rate of spending money over time.
What is the formula for estimating burn rate?
Burn rate = Cost Performance Index (CPI) calculation.
What are the main cost processes in project management?
- Cost estimating
- Creating the project budget
- Controlling costs
What forms can expenditure reporting take?
- Simple spreadsheets
- Project management software
- Pie charts
- Bar charts
What is risk in project management?
A potential future event with negative or positive impacts.
What are the three major components of risk planning?
- Identifying potential risks
- Analyzing potential impact
- Developing appropriate responses
What is risk identification?
The process of determining and documenting potential risks.
What techniques can be used for risk identification?
- Brainstorming
- Interviews
- Facilitated workshops
What are common potential risks in projects?
- Budgets or funding
- Schedules
- Scope
- Requirements changes
- Contracts
- Hardware
- Political concerns
- Management risks
- Legal risks
- Technical issues
What is a risk register?
A list of risks with identification number, name, description, owner, and response plan.
What is force majeure in risk management?
Catastrophic risks outside the control of the organization.
What is a SWOT analysis?
A technique analyzing strengths, weaknesses, opportunities, and threats.
What does impact analysis prioritize?
It prioritizes and quantifies risks for easy understanding.
How is probability expressed in risk analysis?
As a number between 0.0 and 1.0.
What is the purpose of risk analysis?
To identify risks with the greatest possibility and impact.
What is qualitative analysis?
Determining probability and impact of risks and ranking them.
What is the relationship between risk tolerance and industry?
Different industries have varying levels of risk tolerance.
What are the main project constraints?
Scope, time, cost, and quality.
What type of analysis involves prioritizing risks according to their probability and impact?
Qualitative analysis.
When should risk analysis be performed in a project?
Throughout the project.
What does urgency in risk analysis refer to?
Determining how quickly a response needs to be implemented.
What is dormancy in the context of risk management?
The period of time between the risk occurrence and discovery of the risk.
Define manageability in risk analysis.
How well the risk owner manages the risk event.
What does controllability refer to in risk management?
The ability of the risk owner to control the impact of the risk.
What is detectability in risk analysis?
The ability to detect a risk trigger and understand a risk event.
What is interconnectivity in risk management?
The relationship between individual risks and how one may affect another.
What is strategic impact in the context of risk events?
The impact to the organization’s strategic goals if the risk event occurs.
What does propinquity refer to in risk analysis?
The stakeholder’s perception of the risk significance.
What is quantitative analysis in risk management?
Quantifies the aggregate risk exposure by assigning numeric probabilities to risks.
What is Monte Carlo simulation used for in risk analysis?
To estimate potential outcomes for project variables.
What is the purpose of situational/scenario analysis?
To look at risk from the perspective of various situations that may occur.
List some situation/scenario-based risks to consider.
- New projects
- New management
- Regulatory environment changes
- Digital transformation
- Infrastructure end of life
- Merger and acquisition
- Reorganization
- Cybersecurity events.
What is risk response planning?
The process of reviewing risk analysis and determining actions to reduce negative impacts.
What are the strategies to deal with negative risks?
- Avoid
- Transfer
- Mitigate
- Accept.
What are the strategies associated with positive risks or opportunities?
- Exploit
- Share
- Enhance
- Accept.
What is a risk register?
A document that records identified risks, their scores, and response plans.
What is a risk trigger?
A sign or precursor signaling that a risk event is about to occur.
Who is responsible for monitoring the risks assigned to them?
The risk owner.
What should be included in the risk response plan?
Points of escalation for when a risk event occurs.
What are unknown risks?
Risks that are not known until they occur.
What is the best strategy to deal with unknown risks?
Putting aside contingency reserves and/or management reserves.
When should risk monitoring be performed?
Throughout the entire project life cycle.
How does risk probability and impact change as a project progresses?
They typically diminish over time.
What is the total estimated cost for the project described?
$478,000.
What is the fixed budget constraint for the project?
$450,000.
What should be done if project estimates exceed the budget?
Negotiate lower implementation costs and review cost estimates.
What is a budget constraint in project management?
A budget constraint is a limit on the amount of money available for a project.
What should be accounted for in a project budget aside from direct costs?
Contingency reserves for unexpected costs.
Who will be consulted to negotiate lower implementation costs after the RFP process?
Leah in procurement and Jason in IT.
What should be reviewed with Alden, the facilities manager?
Cost estimates for interior design services and furniture and fixtures.
What happens after Emma approves and signs off on the project budget?
It becomes the official cost baseline for the project.
What will be monitored throughout the project?
Burn rate and expenditures.
What is the risk score for a delay in IaaS implementation with a probability of 0.10 and an impact of 90?
9
What is the response plan for the risk of moving company availability on moving days?
Yes, a response plan is needed.
True or False: Bad weather during a move has a risk score of 2.5.
True
Which type of policies is the IT department refreshing for the new digital platform?
Operational security, data security, and digital security policies.
What additional security policy is being refreshed due to the new building’s data center?
Physical security policy.
What does the risk register document?
Risks, their probability, impact, response plans, and risk owners.
What is the threshold for risks needing a response plan?
A risk score of 5 or greater.
What types of assets do security policies secure?
Physical, operational, digital assets.
What does data classification involve?
Classifying data based on sensitivity, type, and value to the organization.
What are the three techniques for creating project estimates?
- Analogous or top-down estimates
- Parametric estimating
- Bottom-up method
What does the bottom-up method in cost estimating involve?
Adding up individual estimates from each work package.
What is a three-point estimate?
The average of the most likely, optimistic, and pessimistic estimates.
What is the cost baseline for a project?
The total approved expected cost for the project.
What does risk planning involve?
Identifying potential risk events during the project.
What are some risk analysis techniques?
- Impact analysis
- Qualitative analysis
- Quantitative analysis
- Situational/scenario analysis
What does qualitative analysis rank?
Probability and impact.
What does quantitative analysis use to estimate potential outcomes?
Simulation techniques such as Monte Carlo analysis.
What should be communicated to stakeholders throughout the project?
Risks and response plans.
Fill in the blank: Probability is always expressed as a number between _______.
[0.0 and 1.0]
What should be done periodically on long-term projects regarding risks?
Reevaluate risk processes to determine validity and identify new risks.