1. 06-Feb-2012
Session 3
Risk management
RISK is What is risk management?
• Risk Assessment
an uncertain event or condition that, if – Identification
– Analysis
occurs, has an effect on at least one – Prioritisation
project objective • Risk Control
– Risk management planning
– Resolution
– Monitoring
1
2. 06-Feb-2012
STEP 1: Risk identification Common projects risks
Group work: • Cause the project to be delayed and/or over budget
• Where do they come from
The project: marketing and selling your IT outsourcing – Planning assumptions
services in the EU. – Estimation errors
– Process uncertainties
– Other eventualities
Objectives:
– in 2011 to have at least 3 projects and 2 new clients in the EU
– Planned export revenue from the EU – EUR 100.000,-
Create a list of RISKS in offshore IT outsourcing
Planning assumptions Estimation errors
• Why do we have to make assumptions? • Estimation is difficult
– Because there are many uncertainties at the beginning of the – Lack of experience with similar tasks
project – Lack of historical data
• A common assumption: – Nature of the task
– “Everything will go smoothly”
2
3. 06-Feb-2012
Common risk factors in software development Common risk factors in software development
Group Work: A. The application itself
B. Staff
Create a list of key risks in software development C. Project specific risks
D. Hardware and software
E. Changeover
F. Supplier
G. Environment
H. Health and safety
A. Application B. Staff
• Nature of the application • Experience and skills
– A data processing application or a life-critical system (e.g. X-ray • Staff satisfaction
emission system)
• Staff turn-over rates
• Expected size of the application
• Offshore IT outsourcing: lack of proper HRM practices
– The larger is the size, the higher is the chance of errors,
communication and management problems
3
4. 06-Feb-2012
C. The project itself D. Hardware and software
• Project objectives: • New hardware & software
– Not well defined – Stability, availability
– Unclear to team members and stakeholders • Cross platform development
• Project plan and organisation: – Development platform is not the operation platform
– Not well specified – Does the language used support cross platform development?
– Unstructured
E. Changeover F. Suppliers
• ‘All-in-one’ changeover • OFFSHORE OUTSOURCING RISKS
– The new system is put into operation in one single step – Buyers: “Why not IT outsourcing” list
• Incremental or staged changeover – Suppliers: risks embedded in the ITO process
– Adding new components to the system by phases
• Parallel changeover
• Late delivery
– Both the existing system and the new system are used in parallel
• Instability of software
• Difficult integration of components
4
5. 06-Feb-2012
G: Environment H. Health and safety
• Changes in government policies • Health and safety of staff and environment
• Changes in business rules – Staff sickness, death, pregnancy etc.
– Any tragic accident to staff
• Restructuring of organizations
• Changes in environment such as sw. and/or hw.
platforms.
• Economic or industry crisis
STEP 2: Risk estimation Probability of 3 x Impact of 5 = Risk of 15
• Risk estimation is to assess the likelihood and impact of
each risk element (hazard)
Risk exposure = risk probability × risk impact
• Risk exposure (risk rating): it is the importance of the risk
• Risk probability (rank 1-10): The probability that a hazard is going to occur
• Risk impact (rank 1-10): The effect of the problem caused by the hazard
5
6. 06-Feb-2012
STEP 3: Risk evaluation Risk reduction strategies
1. Review and prioritize risks • Prevention
2. Determining the corresponding risk reduction strategies • Likelihood reduction
• Risk avoidance
• Risk transfer
Example: late/slow communication by the European • Contingency planning
partner
Priority: High
Risk reduction strategy: ?
6