Study Cards - Chapter 11 (more studying needed) Flashcards
Key to understanding risk management
- for the most part it is done poorly on most projects
- it is usually done very poorly on technology projects
Risk
- impacts every area of the project management lifecycle and the nine key knowledge areas
Risk management includes these processes…
- planning risk management
- identifying risks
- performing qualitative analysis
- performing quantitative analysis
- planning responses
- monitoring and controlling risk
Risk is…
- always in the future
- involves uncertainty
- known or unknown
- negative or positive
- considered from the moment the project is conceived
- tolerated differently by different organizations (low/high tolerance)
Cost of risk
- like quality, there is a cost to managing risk
- failure to address risk can be much more costly
RBS
- Risk breakdown structure
- groups risks by basic themes
Risk categories
- can number into the hundreds
- are grouped into five key categories on a software project (Tom DeMarco)
Five key risk categories of software projects
- Scope creep
- Inherent schedule flaws
- Employee turnover
- Specification breakdown
- Poor productivity
-Tom DeMarco
Identifying risks
- iterative process
- new risks may become apparent as the project evolves
Brainstorming
- Focus on quantity
- Withhold criticism
- Welcome unusual ideas
- Combine and improve ideas
- Alex Osborn
Delphi Technique
- forecasting method that relies on a panel of independent experts
- participants maintain anonymity
- RAND corporation
Root cause analysis
- performed after an event has occured to identify ‘triggers’ which can be used to forecast
- Safety-based RCA (accident)
- Production-based RCA (quality control)
- Process-based RCA (business processes)
- Failure-based RCA (failure analysis)
- Systems-based RCA (amalgamation)
RCA techniques
- Kepner-Tregoe
- FMEA
- Pareto Analysis
- Bayesian inference (conditional probability)
- Ishikawa diagram
SWOT analysis
- Setup as a grid
- Organizational analysis of Strengths, Weaknesses, Opportunities, Threats
- Albert Humphrey (stanford research)
Risk register
- key planning tool for the project
- includes attributes for risks including probability and impact in dolars
Risk becomes an issue
- when it has a probability percentage of 70% or greater
Qualitative risk analysis
- Only output is to update the risk register
Qualitative risk assessment matrix
- offers a summary level of the potential impact of the risk
Risk register updates
- Ranking and prioritization of project risks
- Grouping risks by categories
- Risk requiring near-term response
- Risks requiring additional analysis and response
- Low priority risks to monitor
- Look for trends in results
Risk register updates are outputs from
- Perform qualitative risk analysis
- Perform quantitative risk analysis
- Plan risk responses
- Monitor & control risks
Quantitative risk analysis
- numerical quantification of the effects of identified risks on the project
- involves sophisticated mathematical modeling
FMEA
- Failure Modes Effects Analysis
- Severity, Probability, Detectability
- useful for manufactured product or where risk may be undetectable
Severity
- Numberic scale for FMEA measure
- No effect (1)
- High hazard (10)
Probability
- Numberic scale for FMEA measure
- less than .0007% (1)
- 20% or greater (10)
Detectability
- Numberic scale for FMEA measure
- highly detectable (1)
- completely undetectable (10)
RPN
- Risk Priority Number
- scale of 1-1000
- Multiply the three FMEA measures (Severity, Probability, Detectability)
EMV
- Expecte monetary value
- Multiply the probability of an event by it’s impact
Monte Carlo Analysis
- mathematical modeling technique
- can use PERT or Triangular Distribution
- can use hundreds or thousands of data points
Decision Tree Analysis
- Form of EMV used for more complex decision making
- Decision branches illuminate possible paths forward
- Uncertainty branches illuminate the probability of success
Risk strategies - negative risks
- Avoid (eliminate)
- Transfer (shift)
- Mitigate (reduce)
- Accept
Risk strategies - positive risks
- Exploit (ensure)
- Share (transfer)
- Enhance (increase probability)
- Accept
Contingency plans
- developed for a specific risk
- generally developed when you have accepted a risk
Residual risk
- risks that remain after a risk response strategy was implemented
Secondary risk
- risk that results from implementing a risk response strategy
Contingency reserves
- handle the known unknowns
- part of the cost baseline and project budget
Management reserves
- handle the unknown unknowns
- part of the project budget
Qualitative risk analysis
- risk ranking
- group risks by category
- risks needing special attention
- risks needing near term responses
- watchlists of low priority risks
- Trends in qualitative risk analysis
Quantitative risk analysis
- Probabilistic analysis of project
- Probability of meeting cost/time objectives
- Prioritized list of quantified risks
- Trends in quantitative risk analysis results
Monitor and control risks
- performing risk assessments of the project on a regular basis
Risk audits
- carried out throughout the project life
- typically conducted by people outside of your immediate organization
Risk reviews
- Periodic and scheduled
- Should occur to determine if risk ratings have changed
Variance and Trend
- compares planned results to actual results
Technical Performance Measurement
- compares technical accomplishments
Reserve Analysis
- compares the amount of contingency reserves remaining to the amount of risk remaining
- apply only to the specific risks on the project for which they were set aside
Workarounds
- employed when no contingency exists
- generally executed on the fly
