230 likes | 413 Views
IS Project Risk Management. 70-451 Management Information Systems Robert Monroe October 11, 2010. Quiz. True or false: Risk management is something that you only need to worry about for very large IS projects
E N D
IS Project Risk Management 70-451 Management Information Systems Robert Monroe October 11, 2010
Quiz • True or false: Risk management is something that you only need to worry about for very large IS projects • Identify one of the four steps/tasks in the Risk Management process identified in today’s reading • True or false: As a general rule, the more complex the IS project is, the higher its overall risk
Midterm Exam ROOM CHANGE: EXAM WILL BE IN ROOM 2152! • Rules: closed-book, closed notes, closed-* (open mind) • Everything we have covered in class, readings, or exercises may be on the exam • … but the exam will strongly focus on the material and core concepts we have discussed at length in class • Approximate breakdown by question type: ~50% basic knowledge ~30% integrating concepts ~20% scenario or case • The exam will be much more difficult than the quizes!
Goals: By The End of Today's Class You Should • Be able to apply basic risk management techniques to your information systems projects • Understand how the following four tasks within a project risk management process work together: • Risk assessment • Risk reduction • Risk tracking • Risk reporting • Be able to put together a basic risk management plan and tracking sheet for an information systems project. • Understand the format, structure, and expectations for Wednesday's midterm exam
Some Definitions A project risk is an uncertain event or condition that, if it occurs, has a negative effect on project objectives Risk management is the process of proactive and ongoing identification, analysis, and response to risk factors. Source: [HBP09] Stephen Haag, Paige Baltzan, and Amy Phillips, Business Driven Technology 3rd Edition, McGraw-Hill Irwin, 2009, ISBN 978007337645.
Risk Analysis > Assessment • At this stage you need to figure out: • What risks does the project face? Ask questions such as: • What could go wrong in completing the project? • What could go wrong for the business once the project is live? • What other things could this project break? • How likely is it that each risk will occur? • What would the cost be if each risk did occur? • Prioritize the risks based on this analysis and develop a plan to deal with them (reduce, track, report, or revise project) • Be sure to have representatives for all of the key stakeholders involved in the assessment process • Assessment is generally done early in the SDLC and revisited at various points throughout the IS project
Risk Analysis > Assessment • Common Categories Of IS Project Risks • Business risks • Technical risks • People risks • Apply objective and subjective risk analysis techniques as appropriate • Objective: ‘crunch the numbers’ – makes sense when you have good numbers available to crunch • Subjective: rely on the experience and wisdom of project stakeholders to identify, assess, and prioritize key project risks
A Subjective Tool: Risk Management Matrix Cost of risk occuring Likelihood of risk occuring
Risk Analysis > Reduction • Having identified the most important risks facing your project, your team identifies ways to reduce the critical risks • … if you can’t reduce them, identify how to track them carefully • At this stage you need to: • Figure out how to reduce the chance that the risk event will happen • If we can’t practically reduce the chance of it happening, can we reduce the impact it will have if it does happen? • Do contingency planning: • How would we respond to this risk if it does happen? • How will we know when the risk has turned into a reality? • Risk reduction should be an ongoing effort throughout the entire project
Risk Management > Tracking • Risk tracking is an ongoing process throughout the project wherin your team: • Keeps the list of project risks up to date, noting changes • Watches for risk ‘triggers’ • Monitors status of project against identified risks • Closes risks out after they have passed • Somebody on the project team needs to ‘own’ the risk tracking and reporting processes
Risk Management > Reporting • Risk reporting is the process by which feedback from the tracking process is delivered to the project team, business sponsors, and other stakeholders • Frequency, structure, and format of reporting will vary significantly depending on project size, complexity, and risk, as well as organizational norms and processes
Risk Management Exercise: Quick N’ Tasty Project • Project abstract • Create smartphone app for ordering takeout for iPhone, Blackberry, and Android users • Allow users to send orders from phone to kitchen dispatcher for take-away (uses SMS which identifies sender by mobile#) • In-restaurant system will receive orders, send them to kitchen, and print out order info for servers to deliver when the drivers come to the parking lot to pick their orders up • Selected key project decisions: • Hire contractor (Fast N’ Accurate Coders) to design, build and help you deploy the system • Contractor will work with QnT to complete analysis and design phases • System is to go live in 3 months • Phased roll-out – one restaurant at a time
Risk Management Exercise • Identify and list five significant risks that this project either faces or introduces to Quick N’ Tasty or to the project contractor • Place the risks onto the risk management matrix • Order the risks you’ve come up with in terms of importance for the project team to track and/or mitigate. • Now put your team’s five risks into a risk tracking sheet, identifying triggers and contingency plans • How often should you update this tracking sheet? • Who should ‘own’ the risk management tracking on your project team? How should they report, how frequently, and to whom?
Exercise: Risk Management Matrix Cost of risk occuring Likelihood of risk occuring
Midterm Exam ROOM CHANGE: EXAM WILL BE IN ROOM 2152! • Rules: closed-book, closed notes, closed-* (open mind) • Everything we have covered in class, readings, or exercises may be on the exam • … but the exam will strongly focus on the material and core concepts we have discussed at length in class • Approximate breakdown by question type: ~50% basic knowledge ~30% integrating concepts ~20% scenario or case • The exam will be much more difficult than the quizes!
References • [HBP09] Stephen Haag, Paige Baltzan, and Amy Phillips, Business Driven Technology 3rd Edition, McGraw-Hill Irwin, 2009, ISBN 978007337645. • [Th04] Rob Thomsett, Project Management: Risk in Projects, The Total Tool Set, 2004 • http://www.its.monash.edu.au/staff/projects/project-management/risk/risk-tool-set.pdf