Chapter 17Chapter 17

Risk Risk ManagemeManageme

ntnt

RISK MANAGEMENTRISK MANAGEMENT

• RISK MANAGEMENT FOCUSES ON RISK MANAGEMENT FOCUSES ON THE FUTURETHE FUTURE

• RISK AND INFORMATION ARE RISK AND INFORMATION ARE INVERSELY RELATEDINVERSELY RELATED

RISK MANAGEMENT (CONT.)RISK MANAGEMENT (CONT.)

• HISTORICALLY, WE FOCUSED OUR HISTORICALLY, WE FOCUSED OUR ATTENTIONS ON SCHEDULE AND COST ATTENTIONS ON SCHEDULE AND COST RISK MANAGEMENT.RISK MANAGEMENT.

• TODAY, OUR PRIMARY EMPHASIS IS ON TODAY, OUR PRIMARY EMPHASIS IS ON TECHNOLOGICAL RISK MANAGEMENT:TECHNOLOGICAL RISK MANAGEMENT:– CAN WE DESIGN IT AND BUILD IT?CAN WE DESIGN IT AND BUILD IT?– WHAT IS THE RISK OF OBSOLESCENCE? WHAT IS THE RISK OF OBSOLESCENCE?

Definition Of Definition Of RiskRisk

Risk = f(Likelihood, Impact)

•Likelihood is the probability of occurrence of an event

•Impact is the amount at stake

Likelihood up risk up

Impact up risk up

event

Definition Of Risk-2Definition Of Risk-2Risk = f(Hazard, safeguard)

Hazard: source of danger

Safeguards: ways of overcoming

Hazard up risk up

Safeguard up risk down

Tolerance For Tolerance For RiskRisk• Risk avoiderRisk avoider

• Risk neutralRisk neutral

• Risk seekerRisk seeker

Risk Management (RM)Risk Management (RM)

• The act or practice of dealing with riskThe act or practice of dealing with risk– Is proactive rather than reactiveIs proactive rather than reactive– Includes:Includes:

•Planning for riskPlanning for risk

•Assessing (identifying and analyzing) risk issuesAssessing (identifying and analyzing) risk issues

•Develop risk handling strategiesDevelop risk handling strategies

•Monitor riskMonitor risk

Decision-Making Decision-Making CategoriesCategories• Decision Making under certaintyDecision Making under certainty

• Decision making under risk Decision making under risk Decision making under uncertaintyDecision making under uncertainty– Maximax, maximin, minimax, laplace Maximax, maximin, minimax, laplace

criterion, decision trees criterion, decision trees

Risk Management Risk Management ProcessesProcesses• Risk planningRisk planning

• Risk assessmentRisk assessment– Risk identificationRisk identification– Risk analysis/quantificationRisk analysis/quantification

• Risk handlingRisk handling

• Risk monitoringRisk monitoring

Types Of Risks Types Of Risks (General)(General)• Business risksBusiness risks

• Insurable (pure) riskInsurable (pure) risk– Direct property damageDirect property damage– Indirect consequential lossIndirect consequential loss– Legal liabilityLegal liability– PersonnelPersonnel

Risk PlanningRisk Planning

• Develop and document a Develop and document a comprehensive risk management comprehensive risk management strategystrategy

• Determine the methods to be used Determine the methods to be used

• Plan for adequate resourcesPlan for adequate resources

• Develop Risk Management Plan Develop Risk Management Plan (RMP)(RMP)

Risk AssessmentRisk Assessment

• One of the most important phases of One of the most important phases of risk management processrisk management process– Risk identificationRisk identification

• Identify all potential risk issuesIdentify all potential risk issues

•Life-cycle risk analysisLife-cycle risk analysis

– Risk analysisRisk analysis

Types Of Risk (PMI Types Of Risk (PMI Method)Method)• External – unpredictableExternal – unpredictable

• External – predictableExternal – predictable

• Internal – non-technicalInternal – non-technical

• Internal – technicalInternal – technical

• LegalLegal

• After risk analysis convert the results After risk analysis convert the results into risk levels.into risk levels.– High riskHigh risk– Moderate riskModerate risk– Low riskLow risk

• be careful with uncertainty be careful with uncertainty statements statements

Risk HandlingRisk Handling

• Deal with known risk, identify Deal with known risk, identify who is responsiblewho is responsible– Assumption (retention)Assumption (retention)

– AvoidanceAvoidance

– Control (mitigation)Control (mitigation)

– TransferTransfer

• AssumptionAssumption– I know the risk exists, I am aware of I know the risk exists, I am aware of

consequences, I accept the risk should it consequences, I accept the risk should it occuroccur

• AvoidanceAvoidance– I will not accept this option, change the I will not accept this option, change the

design, change the requirementsdesign, change the requirements

• Risk controlRisk control– I will take necessary measures to I will take necessary measures to

prevent unfavorable resultsprevent unfavorable results

• Risk transferRisk transfer– I will share the risk through insurance or I will share the risk through insurance or

warrantywarranty

• Which method to use?Which method to use?

Risk MonitoringRisk Monitoring

• Earned ValueEarned Value

• Program metrics: formal periodic Program metrics: formal periodic performance assessmentsperformance assessments

• Schedule performance monitoringSchedule performance monitoring

• Technical performance Technical performance measurement: product design measurement: product design assessment assessment

How Much Risk Is How Much Risk Is Acceptable?Acceptable?• High tolerance for riskHigh tolerance for risk

• Medium tolerance for riskMedium tolerance for risk

• Low tolerance for riskLow tolerance for risk