Notes Column: Soft Exam – Advanced – Information Systems Project Management – Review notes


Risk management

Risk management is personally considered to be a very important part of the top ten management. Only by taking risks into account and making a risk response plan, can problems be handled gracefully and the project can be promoted.

How to understand risk management?

It’s understood that, first of all, as usual, we need to plan how we’re going to manage it, then identify what the risks are, put them in the risk register, and then we start qualitative and quantitative analysis, and then based on that analysis, we plan how we’re going to respond, and then risk control in monitoring.

To put it simply:

Planning -> finding risk points -> qualitative analysis -> quantitative analysis -> coping strategies -> control

But what is the difference between qualitative and quantitative analysis?

Qualitative, focus on “risk probability and impact assessment”, that is, to make a risk probability ranking, with a matrix to judge the probability of threats and opportunities.

Quantitative, the key lies in “quantitative”, that is, the sorting of the risk of quantitative analysis, with quantitative, data display these means

Key words: risk register, qualitative, quantitative, EMV

Let’s start with the basics

1. Risk Definition:

  • Has to do with people’s purpose activities
  • Relating to future activities and events
  • The outcome of an activity or project is not ideal and may even fail

2. Factors affecting individual risk bearing capacityimportant

  1. Influence of profit size :(refer to psychology of gamblers)
  • The greater the loss, the greater the hope for gain
  • The greater the return, the greater the risk you are willing to take
  1. Impact of input size:
  • The greater the investment in project activities, the greater the hope for success and the less risk you are willing to take
  1. Subject status and resources of project activities:
  • The higher the level, the greater the risk
  • The same risk, different individuals or organizations bear different capacities
  • The more resources you have, the greater your risk tolerance

3. Classification of risksimportant

  1. By consequence:
  • Pure risks
  • Speculative risk (interchangeable, under certain conditions)
  1. By source of risk:
  • Natural risk
  • That risk
  1. Classification by scope of risk impact:
  • Local risk
  • The overall risk
  1. Classification by risk consequence bearers:
  • Project owner’s risk
  • Zf risk
  • Contractor risk
  • And so on…
  1. By risk predictability:
  • Known risk: frequent occurrence, predictable consequences, know the probability of occurrence, and know what the impact is, can be actively managed
  • Predictable risk(known – unknown risk) can be expected to occur, but do not know the consequences, useEmergency stockpileTo deal with
  • Unpredictable risk(unknown – unknown risk) It is difficult to foresee the possibility of occurrence and the consequences are not knownManagement reservesTo deal with
  1. Other important points:
  • Risk management is all-hands on
  • Risk prediction should be evaluated from the possibility of occurrence and the consequences
  • Risk cannot be completely eliminated (so have a strategy)

1. Planning risk management

[In] : Project management plan, project charter, stakeholder register, business environmental factors, organizational process assets

[Out] : Risk management plan

[Tech] : Expert judgment, conference, analysis technology

1. Process description

This stage is the very conventional planning and planning stage. The goal is to get a risk management plan. However, a special point is that the input here requires the register of stakeholders, because the risk attitude and risk tolerance of the organization and participants need to be considered, that is, full participation in risk management

2

  1. Risk management plan content
  • Methodology: Methods, tools, and data available to implement risk management in a project

  • Roles and responsibilities: Define leaders, supporters, and risk managers in the plan for each type of activity, and assign specific people to the roles

  • Budgeting: Allocate resources and estimate costs for risk management to include in the cost baseline (reserve analysis)

  • Schedule: Define how much risk management will be performed over the life of the project

  • Risk categories: provide a structured way to systematize and comprehensively identify risks

2. Identify risks

[In] : Risk management plan, cost management plan, quality management plan, schedule management plan, Human resource management plan, scope benchmark, Activity cost estimation, Activity duration, Stakeholder register, project documents, procurement documents, enterprise environmental factors, organizational process assets

[Out] : Risk register

[Tech] : Document review, information gathering technology, checklist analysis, hypothesis analysis, SWOT analysis, graphic technology, expert judgment

1. Process description

At this stage, the purpose is to find all possible risks and register them.

Don’t panic when you see so much input

First of all, think about when we need to do risk analysis in management, in conjunction with previous management areas. The answer is that almost all processes need to be considered, especially cost, schedule, quality, manpower, scope, etc.

Then, combined with the above ITO, it can be seen that the inputs to identify risks are almost various management plans and key outputs of cost, schedule, quality, manpower and scope. So we can make the following generalization.

Management field A key product in the field of management – actionRisk identificationThe input to the
Cost management Cost management plan, activity cost estimation
Schedule management Schedule management plan and activity duration
Quality management Quality management plan
Human Resource Management Human resource management plan, stakeholder register
Scope management Scope baseline
Purchasing and supply management Purchasing documents
Other content Project documents, enterprise environmental factors, organizational process assets

The final product, of course, must be the risk register

2

  1. Risk identification – full participation, repeated

  2. Risk register: Important

  • List of identified risks
  • A list of potential responses
  • Root cause of risk
  • Risk Category Update
  1. Technical description:
technology instructions
Document review Conduct systematic and structural reviews of project documentation
brainstorming There may not be a conclusion, it is important to listen to the views of all parties
Derfel technique There must be conclusions, predictions to be made, anonymity, fact-seeking, complexity
interview One of the primary methods for collecting risk identification and data
Root cause identification Investigate the root cause of project risk, improve risk definition and classification
Assumptions analysis Verify the validity of assumptions in the project
Check list analysis Make lists based on previous information and knowledge gathered
SWOT Strength/weakness/opportunity / — kyoui, consider the scope and accuracy of the risk

3. Qualitative risk analysis

[In] : Risk management plan, scope benchmark, risk register, business environment factors, organizational process assets

[Out] : Project Document Update (Risk Register Update)

[Tech] : Risk probability and impact assessment, Probability and impact Juzhan, Risk data quality assessment, Risk classification, Risk urgency assessment, expert judgment

1. Process description

The key to this process is qualitative analysis.

How to do qualitative analysis, which is to take a variety of assessment techniques to prioritize identified risks

So the main technique used is the risk probability assessment matrix.

2

  1. Risk probability and impact assessment:important
  • The possibility of assessing each specific risk needs to be analysed
  • The potential impact should be evaluated from the perspectives of threat and opportunity
  1. Risk probability impact assessment matrix:important
  • Value of risk = Probability * Risk (low, medium, high)
  • Dark color: represents high-risk areas that require focused measures and active coping strategies
  • Medium gray: represents low risk area, the main monitoring is good
  1. Output – Risk register updated
  • A relative ranking or priority list of project risks
  • Risk by category
  • A list of risks that require action in the near future
  • A list of risks that require further analysis and response
  • Low-priority risk watch list
  • Trends in qualitative analysis results

4. Quantitative risk analysis

[In] : Risk management plan, Cost management plan, Schedule management plan, risk register, Business environment factors, organizational process assets

[Out] : Project Document Update (Risk Register Update)

[Tech] : Data collection and presentation technology, quantitative risk analysis and modeling technology, expert judgment

1. Process description

The key to this process is quantitative analysis.

Instead of focusing on qualitative prioritization, we’re focusing on quantitative analysis. And you can’t skip this step. Risk assessment must be quantified.

However, quantitative analysis is not required for every risk. It mainly focuses on the prioritized risks, risks with significant impact and risks that can be quantified in the results of qualitative analysis

2

  1. Data collection and presentation techniques:
  • Interview: record the rationality of the risk interval and the assumptions on which it is based, and insight into reliability and credibility
  • Probability distribution: continuous probability distribution
  1. Sensitivity analysis:
  • Determine which risks have the greatest potential impact and understand changes in project objectives
  • Commonly used: tornado map
  1. EMV (Expected money value analysis, decision tree distribution):Important, easy to calculate
  • EMV: Calculate the average outcome of possible/non-occurring scenarios, often based on the assumption of risk neutrality, neither risk taking nor risk taking
  • Opportunity – positive value;
  • Threat – Negative value;
  1. Monte carlo technology :(modeling and simulation technology)
  • You don't need an expert
  • Univariate iterative simulation, modeling and simulation

5. Plan for risk response

[In] : Risk management plan, risk register

[Out] : Update project files and project management plan

[Tech] : Negative risk or danger response strategy, positive risk or opportunity response strategy, emergency response strategy, expert judgment

1. Process description

This process is the process of making plans and measures to improve opportunities and reduce threats according to project objectives.

Once the plan is made, the budget and schedule (project buffer, connection buffer) to be used can be incorporated into the plan.

The measures formulated shall meet the following conditions:

  1. realistic
  2. Obtain the unity of all relevant parties
  3. Specific responsibility of a person in charge (risk response person)(There was a case study question, I gave you a risk table, and asked what the problem is, the biggest problem is that each risk has a separate person, this is not right ~)

Key words: negative risk or danger coping strategy, positive risk or opportunity coping strategy

2

  1. Strategies for dealing with negative risks or hazards important
  • Circumvention: extending the schedule, changing strategy, narrowing the scope (the most extreme can even be: closing the project)
  • Transfer: transfer of risk to another, e.g. insurance, performance bond, bond, bond, contract, agreement
    1. Cost compensation contract– Transfer risk toThe buyer
    1. Price contract– Transfer risk toThe seller
  • Mitigation: The addition of redundant components to a system to mitigate the impact of a failure of a main component
  • receive: to establish aEmergency stockpile, allocate a certain amount of time and money (Reserve analysis)
  1. Strategies for dealing with positive risks or opportunities important
  • Pioneering: Removing uncertainty associated with a particular positive risk and adopting new or improved technologies to save costs
  • Enhancement: Increased resources for early completion of activities
  • Sharing: Building partnerships and teams that share risks
  • Accept: To take advantage of, but not actively pursue, opportunities

6. Control risk

[In] : Project management plan, risk register, performance report

[Out] : Work performance information, change request, project document update, project management plan update, organizational process assets update

[Tech] : Risk reassessment, risk audit, Deviation and trend analysis, Technical performance measurement, reserve analysis, conference

1. Process description

The purpose of this process is to improve the efficiency of risk response and continuously optimize risk response throughout the life cycle of the project