Show Menu

IT Project Risk Cheat Sheet by

IT Project Risk
management     project     costs     risk

Risk definition from PRINCE2

‘The chance of exposure to the adverse conseq­uences of future events.’

External risks include:

Government interv­ention
Cuts in resources, including staff
Reduction in financial support
Increased compet­ition from rivals
Social develo­pments

Identi­fying risks

Analyse what you already know - views, trends or constr­­aints
Use prompts and checklists from aids to build initial list of risks. (Check textbooks, Applic­ation develo­pment documents, company standards, Google)
Review Barry Boehm’s Top Ten Risks
Methods of gathering risk info
-
Interv­iewing experts or stakeh­olders
-
Brains­torming workshops w/stak­eho­lders
-
Searching past project docume­ntation
Law of dimini­shing returns, do not assume that all generic risks will be relevant
Dismiss risks not project specific
Recognise root cause of the problem

Quanti­tative approaches to risk

Based on seemingly precise values
Probab­ility is repres­ented between 0-1 or %
Impact = $ loss should risk happen
Prob­ability x impact = risk exposure $$$
Risk exposure value (REV) can be compared against insurance premium
REV helps assess effect­iveness of risk reduction action
Risk reduction leverage (RRL) = (RE (before) – RE(after)) / cost of risk reduct­ion
If RRL > 1.0 the action is worth while
Problems with quanti­tative risk assessment
-
Without lots of data IDing probab­ility is often guesswork
-
Amount of damage usually guesswork
-
Amount guessed might be less than actuality & risk fund may be exhausted

Probab­ility impact grid (PIG)

With qual approach, risk tolerance line is drawn on PIG. Don't approve project with risks above this line. Take mitigative action to reposition risks by reducing risk probab­ility &/or impact

Planning, monitoring and control

New risks ID'd any time, & secondary risks result from actions to reduce initial risks.
Monitoring is part of project control cycle
Monitoring = mixture of regular reviews and reviews after events, e.g. end of a stage.
Need a project risk plan to doc planning & facilitate monitoring & control process. Use a risk regist­er/log, & list all the risks

Risk register management

For each risk in register, an individual risk record will be created
Risk record shows prob & impacts before and after mitigating action is taken
Risk plan
Plans of actions documented
Not always 1:1 between risk and plan
Risk owner manages risk plan & monitoring
If risk changes during process, revise plans
 

Adverse effects could be

Reduction in the value delivered
Project failure
Higher develo­pment costs
Delayed project completion
Reduced scope
Reduced perfor­mance
Completed system fails to deliver capability = original business case not realised

Risk Management Framework

Barry Boehm’s Top Ten Software Project Risks

1. Personnel shortfalls – capabi­lit­y/skill mismatches
2. Unreal­istic schedules and budgets
3. Developing wrong functions & properties
4. Developing the wrong user interface
5. Gold-p­lating – develo­pment of unneeded functi­onality
6. Continuous stream of changes
7. Shortfalls in external components
8. Shortfalls in externally performed tasks
9. Real-time perfor­mance shortfalls
10. Straining capabi­lities – current techno­logies / expertise not developed to satisfy req's and project becomes a research project

The qualit­ative approaches to risk

Because qualit­ative is mostly guesswork modern practice = qualit­ative approach
Approaches = interv­iewing stakeh­olders, experts and brains­torming
Qual­itative descri­ptions of probab­ili­ty:
Extremely Likely, Very High, High, Medium, Low, Very Low, Improbable
Quanti­tative values expressed within a range, e.g. 20–50% probab­ility. Then map to categories of probab­ility and impact
Risk assessment similar to effort estima­tion, often done together
Priori­tising risks
-
Ensure effort used where needed most
-
Use a probab­ility impact grid (PIG)
-
On the PIG #'s uniquely identify each risk

Mitigating actions decision consid­era­tions

Benefits should outweigh benefits of inaction – use the calc of risk reduction leverage
Decisions
-
How many actions to approve
-
In relation to which risks
-
Focus first on the show-s­toppers – that prevent completion of the project.
With quant approach, sum up risk exposure figures for an overall project risk exposure. Then plan actions to reduce risk to level accept­able. Altern­atively address highest priority risks.

Risk register

 

Internal risks include

staff changes
lack of policies to guide decision making
increased scope of changes
lack of developer experience
sabotage

Risk manage­ment: similar to any other activity

ID risks
Plan to deal with them
-
Contin­gency
Execute project
Monitor and control
Cyclic process throughout project

Assessing the risk

Evaluate and then prioritise the risk
Evaluation criteria
-
Probab­ility risk will occur
-
Impact that the risk could have
Risk exposure, magnitude of the risk
Risks may impact time, cost or quality, and will impact business case.
-
Time: longer develo­pment time needed
-
Quality: reduction in the scope or perfor­mance of the delive­rable
-
Costs: increase in the resources
A risk can be viewed as an opport­unity
Proximity of the risk
-
Risk magnitude vary – completed tasks risks disappear
-
Time period when the risk may occur
-
Uncert­ainty high at beginning due to unknowns. As knowledge increases uncert­ainty is reduced.

Mapping assess­ments of risk probab­ility

Deciding the approp­riate actions

Conseq­uence of mitigating action, update:
-
project schedule
-
develo­pment costs
-
functional scope
-
Perfor­mance of the delive­rables
Acce­pting the risk
If prob low, impact low, & other actions not practical could accept risk and monitor it
Maybe cost of action outweighs impact
Prev­enting the risk aka 'risk avoida­nce'.
Reducing the risk
Action before the expected risk occurs
Tran­sfe­rring the risk to another party, outsource for eg
Cont­ing­ency
No action before the risk occurs
Plan of action once risk occurs, or certain
Generally only incurs costs if risk arises
Costs
$ to manage risk and with creating the conditions in the contin­gency action plan

Download the IT Project Risk Cheat Sheet

2 Pages
//media.cheatography.com/storage/thumb/nataliemoore_it-project-risk.750.jpg

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!

 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Project Management Cheat Sheet
          User and System Interfaces Cheat Sheet
          Project Planning Cheat Sheet

          More Cheat Sheets by NatalieMoore