Project Risk ManagementFor IT Professionals

António VieiraManager, Viatecla SA

III Encontro Da Comunidade SQLPORTLx, 2010-07-13

1. The problem

Maybe you’ve heard one or two of this….

• I did everything right but this was just unexpected…

• It’s not our fault, they didn’t deliver the servers on the agreed schedule.

• Ops, the restore is not working… We just lost very important data!

• We are delayed because I got unskilled team members and I assumed top level programmers.

In the News…

What have we did about this before it happened?

2. What is a Risk?

“Project risk is an uncertain event or condition that, if occurs, has a positive or a negative effect on a project objective.”

• Uncertain: the event might occur with a determinate probability and impact

• Positive or a negative: if the event occurs it can have a positive or negative impact on the project

• Project objective: the impact is measured on the project objectives

• probability: the risk probability measures the level of uncertainty over the occurrence of the risk.

• impact: the risk impact measures the degree that it affects one or more project objectives

• Probabiliy x Impact: the overall value for the risk. Can be measured in money (Expected Monetary Value)

Impact can be over one of the 4 types of project concurrent objectives (Triple-Constraint)

Project

Scope

Cost

Quality

Time

3. Risk Management

“Risk Management is the systematic process of identifying, analyzing, and responding to project risk”

Goals on Risk Management:

– Maximize the probability and impact of positive events

– Minimize the probability and impact of negative events

– Give confidence and control of the risk tolerances of Stakeholders

Steps In Risk Management

Identify Risks Get insight on risks

Plan Responses to

risksControl Risks

PMI steps in Risk Management

Plan Risk Management

Identify Risks

Perform Qualitative

Risk Analysis

Perform Quantitative

Risk Analysis

Plan Risk Responses

Monitor & Control

Risks

Planning Monitoring & Control

Risks are planned.

Threats Response Strategies

• Avoid: Change the project plan in a way the risk does not longer exists (probability or impact)

• Transfer, Deflect or Allocate: Decision to transfer the responsibility for the risk impact and management to an external entity (insure, subcontract)

• Mitigate: Include changes to the plan that reduce the probability and/or impact of the risk.

• Accept : Project plan is not changed. A contingency allowance is added as reserve to the project.– Passive Acceptance: No plan is developed. A workaround will be implemented if

the risk is triggered.– Active Acceptance: A contingency plan is developed to implement when the risk

is triggered. A fallback plan can be implemented as a backup of the contingency plan.

Risk Register

Opportunities Response Strategies

• Exploit: Remove the uncertainty on this opportunity.

• Share: Decision to transfer the responsibility for the risk impact and management to an external entity that might get greater benefits.

• Enhance: Include changes to the plan that increase the probability and/or impact of the risk.

• Accept : Project plan is not changed.

4. Risk Attitude

Risk Management is not work of the PM.

An example in SQL code

1 Assumption = 1 risk

Thank you.Questions?

5. Risks & Schedule

How to account for uncertainty in schedule?

Add Reserve Per Task

Phase / Project Reserve

Parkinson’s Law: Work expands so as to fill the time

available for its completion.

Monte Carlo Analysis

Monte Carlo Analysis and Schedule Confidence