Defining the Project Budget and Risk Plans Flashcards
Security Policy
a document (or documents) that outlines the minimum standards required to secure the organization’s technology-related systems, assets, and data
Physical Security
involves securing physical assets such as mobile devices, removeable media devices, access to facilities, and more
Operational Security
includes policies for performing background checks and security clearances
Digital Security
security policies that are related to access and permissions to digital assets. This may include systems, data, communication equipment and more. Access is typically role-based
Multifactor Authentication (MFA)
a process whereby the user must use two or more methods to verify their identity during the sign-in process
Need-to-know
Involves relaying the least amount of information needed for their activity, and nothing more
Work effort
the total time it will take for a person to complete the task if they do nothing else from the time they start until the task is complete
Three-point estimate
an average of the most likely estimate, the optimistic estimate, and the pessimistic estimate
Cost baseline
the total expected cost for the project. Once approved, it’s used throughout the remainder of the project to measure the overall cost performance
Project budget
used to track the actual expenses incurred against the estimates
Capital Expenses (CapEx)
apply to assets that are expected to provide benefit to the organization for an extended time into the future
Operational Expenses (OpEx)
include all expenses needed to run the day-to-day activities of the business such as administrative costs, training, travel, supplies, materials, salaries, rent, and leases
Contingency reserve
also known as a buffer, is a certain amount of money set aside to cover costs resulting from possible adverse events or unexpected issues on the project
funds are controlled by the project manager
Management reserve
an amount set aside by upper management to cover future situations that can’t be predicted
funds are controlled by upper management
Expenditure tracking
measures the project spending to date, determining the burn rate (how fast you go through the money), and tracking expenditures to the cost baseline so that stakeholders can see what was planned verses what was actually spent on the project
is the mechanism you’ll use to report on the current state of the project
Burn rate
the rate at which you are spending funds over time
total budget / time period
Earned Value Management (EVM)
a performance measurement technique that compares what your project has produced to what you’ve spent by monitoring the planned value, earned value, and actual costs expended to produce the work of the project
Planned Value (PV)
the approved budget assigned to the work to be completed during a given time period
Actual Cost (AC)
money that’s actually been expended during a given time period for completed work
Earned Value (EV)
the value of the work completed to date compared to the budget
Cost Variance (CV)
measures the actual performance to date against what’s been spent
CV = EV - AC
Schedule Variance (SV)
compares an activitiy’s actual progress to date to the estimated progress and is represented in terms of costs
Tells you whether the schedule is ahead of or behind what was planned for this period
SV = EV - PV
negative number = behind schedule
positive number = on or ahead of schedule
Cost Performance Index (CPI)
measures the value of the work completed at the measurement date against the actual cost. It is the most critical of all the EVM measurements because it tells you the cost efficiency for the work completed to the date or at the completion of the project
CPI = EV / AC
If CPI > 1 = you are spending less than the anticipated at the measurement date
If CPI < 1 = you are spending more than the anticipated at the measurement date
Risk
a potential future event that can have either negative or positive impacts on the project
Risk Planning
deals with how you manage the areas of uncertainty in your project
Risk Identification
the process of determining and documenting the potential risks that could occur on your project
Risk register
a list of risks that includes an identification number, risk name, risk description, risk owner, and response plan
Force majeure
catastrophic in nature and are outside the control of the organization and cannot be addressed with a risk response plan. Often addressed using a disaster recovery plan or cybersecurity incident response plan
might include war, employees going on strike, pandemics, cyber attacks, natural disasters, etc.
SWOT Analysis
Involves analyzing the project from each of these perspectives: Strengths, Weaknesses, Opportunities, and Threats
Strengths and Weaknesses = internal
Opportunities and Threats = external
Risk Analysis
identifies risks that have the greatest possibility of occurring and the greatest impact to the project if they do occur