Professional Documents
Culture Documents
Table of Contents
Introduction: ........................................................................................................................................... 2
Definition of risk and risk management: .................................................................................................. 3
Why risk management:............................................................................................................................ 4
Risk Management Process: ...................................................................................................................... 5
Risk Management Planning:................................................................................................................. 7
Risk Identification: ............................................................................................................................... 7
Tools and Techniques for Risk Identification: ................................................................................... 7
Qualitative Risk Analysis: ..................................................................................................................... 8
Tools and Techniques for Qualitative Risk Analysis:.......................................................................... 8
Quantitative Risk Analysis:................................................................................................................... 9
Tools and Techniques for Quantitative Risk Analysis: ....................................................................... 9
Risk Response Planning:..................................................................................................................... 10
Monitoring and Control: .................................................................................................................... 11
Issues that are not addressed in PMBOK:............................................................................................... 12
Building a risk-based organization:..................................................................................................... 12
Program and portfolio management: ................................................................................................. 12
Crisis and Crisis Contingency Plan: ......................................................................................................... 12
Case Study:............................................................................................................................................ 13
Analysis of the case study: ................................................................................................................. 14
Conclusion:............................................................................................................................................ 15
References and Bibliography ................................................................................................................. 16
1|Page16
Risk Management in International ICT Project Management
Introduction:
Risk management in international ICT project management has a growing concern these days. It is a
rapidly growing discipline and has varied description what it actually involves, how it should be
conducted and what it is for. For this reason institutions like AIRMIC and IRM (2002) argue that some
form of standard is needed to ensure,
On the other hand as world advances, many high cost high risk projects are beginning to start off.
Astonishingly, most of the big projects are failing. One of the key reasons point out by Matta and
Ashkenas (2005),
Managers use project plans, timelines and budgets to reduce what we call “execution risk” - the
risk that the designated activities won’t be carried out properly – but inevitably neglect these
two other critical risks – the “White Space Risk” that some required activities won’t be identified
in advance, leaving gaps in the project plan, and the “Integration Risk” that the disparate
activities won’t come together at the end.
There are also other problems associated with the ICT project risks. Often project managers do not have
any risk cost estimation Staw and Ross (2005) and when the project cost grows way beyond budget,
they do another mistake which is stated by Davis (2005),
Project managers nevertheless attempt to solve the problem by making cuts. In general they
rarely perceive hardware cuts such as equipment – as feasible. Rather, they see as the easiest
areas to cut those with least obvious benefits – managerial and design overhead, process
control software, quality assurance programs and test procedures. Ironically, these are the very
areas whose costs are often underestimated in the first place.
So we can clearly understand that successful risk management in ICT project has both direct and indirect
influence over the project outcome. It is for this reason risk management now is a very important factor
in project management. In this paper first I will try to provide an acceptable definition of risk in ICT
project management. Then I will give a very brief description of the risk management process proposed
by Project Management Body of Knowledge (PMBOK). I will then go on to provide a definition of crisis
management, give an analysis of a case study of a project risk management.
2|Page16
Risk Management in International ICT Project Management
1. Risk is an event that may occur and when it does it will threaten the successful delivery of the
project. Barker (2007)
2. Risk is any uncertainty in the project plan that you can potentially control or at least track.
Barkley (2004).
So if we combine the two definitions we get following feature of risk in projects. A risk is,
An uncertainty in project.
When it occurs, it threatens the successful delivery of the project in terms of money and time.
It can be potentially controlled or at least track.
Risk management is a central part of any organization’s strategic management. It is the process whereby
organizations methodically address the risks attaching to their activities with the goal of achieving
sustained benefit within each activity and across the portfolio of all projects. The focus of good risk
management is the identification and treatment of these risks. Its objective is to add maximum
sustainable value to all the activities of the organization. It marshals the understanding of the potential
upside and downside of all those factors which can affect the organization. It increases the probability of
success, and reduces both the probability of failure and the uncertainty of achieving the organization’s
overall objectives. Let us take look at two definitions,
1. Risk management is an approach to anticipating and dealing with events that can cause
significant deviation from the project plan. On another level, risk management helps you pin
point your plan’s weaknesses and gives a useful insight to your project’s health. Barker and Cole
(2007).
2. A successful risk management process is one in which risks are continuously identified and
analyzed for relative importance. Risks are mitigated, tracked and controlled to effectively use
program resources. Problems are prevented before they occur and personnel consciously focus
on what could affect product quality and schedules. (Software Engineering Institute, 2003 cited
in Barkley, 2004)
3|Page16
Risk Management in International ICT Project Management
Risk like most of the elements of the other planning processes, changes as the project progresses, and
should be monitored throughout the project. As you get close to a risk event, it the time to reassess you
original assumptions about the risk and your plans to deal with the risk and to make any adjustments if
the risk required it.
Big projects fail at an astonishing rate - more than half the time. It’s not hard to understand
why. Complicated projects are customarily developed a series of teams working along parallel
tracks. If manager fail to anticipate everything might fall through cracks. Matta and Askkenas
(2005).
There are many examples of projects which encounter drastic failure because they did not have risk
identified prior to the occurrence. We have to keep in mind that project management is after all a
practice. It is a continuous, practical way of learning knowledge. Usually the project managers want to
replicate the best practices of the previous projects, on to the existing projects they are involved in. If
the baseline projects had any bad practices that went undetected, the project managers often tend to
replicate the same mistakes in similar projects. It can happen in the case of identifying risks as well. If a
risk actually occurred in a project and somehow went undetected, then there is a string possibility of the
risk to be repeated in similar projects later on.
According to Barrow (2007) there are four reasons why risk should be managed.
1. To minimize delays.
Project delivery time is very crucial to the stakeholders of the project. If the potential risks are
identified before the outset of the project and appropriate mitigation plan is taken when they
occur, the project results in fewer delays. And the knowledge earned mitigating the risk can be
stored and used in later projects and studies.
2. To reduce cost.
When a potential risk occurs then arranging resource to manage the risk become very much
time and cost consuming. And one of the toughest parts of project management is managing
human resource effectively.
Let us take an example, while working in task A the project team faces a risk. Because the
mitigation plan was not well managed, the project manager calls in Team member X to come
and solve the problem. But at that moment team member X was busy working in task B and
further more this task depends upon the result or outcome of task A. We can easily understand
4|Page16
Risk Management in International ICT Project Management
then the whole project is in dead lock situation. And while team member X is busy doing the
task B, actually he is doing nothing but sitting idle. And the as he does not do anything in incurs
cost for the project.
3. To improve ROI
What happens when projects come in late, over budget or fail entirely? Well the simple answer
is this a project's financial return can be slashed when it delivers late, over budget, or a
combination of both, while a project that is abandoned before completion costs the company
not just the money invested in the project, but also reputation owned by the company achieved
by great hardship.
Risk management provides the means by which companies can ensure a return on investment.
Avoiding late delivery means that projects start repaying their investment earlier. Avoiding cost
overruns means that profits margins are preserved. Avoiding de-scoping means the full business
benefits are achieved as expected. Furthermore allocated budgets for the risk which has not
occurred, can be used elsewhere which also helps in a way to increase profit.
5|Page16
Risk Management in International ICT Project Management
Inputs
1. Risk management 1. Risk management 1. Risk management 1. Risk management
1. Risk management 1. Risk management
plan. plan. plan. plan.
plan. plan.
2. Risk categories. 2. Identified risks. 2. Identified risks. 2. Identified risks. 2. Risk response
3. Historical 3. Project status and 3. Expert judgement. 3. List of quantified plan.
information. type. risk. 3. Change of the
4. Scales of 4. Probabilistic analysis project scope
probability and of the risk standings of
impact. the project.
5. Assumptions. 5. Risk threshold.
6. Common trends on
risk,
Risk Management Risk Qualitative Risk Quantitative Risk Risk Response Risk Monitoring
Planning Identification Analysis Analysis Planning and Control
1. Organization’s 1.Risks. 1.Risk ranking. 1.Risk response 1.Risk response 1. Workaround plan.
policies 2. Triggers. 2. List of prioritized plan. plan. 2. Corrective action.
2. Role of the risk. 2. inputs to revised 2. inputs to revised 3. Project change
resources 3. Trends in project plans. project plans. request.
3. WBS qualitative risk 4. Update to risk
analysis results. response plan.
5. Risk database..
6. Updates to risk
identification
checklists.
Desired Outputs
6|Page16
Risk Management in International ICT Project Management
Different project management body has defined these steps in different ways. Some renowned authors
like Barker and Cole (2007) does not believe that phases such as risk management planning exist in risk
management planning. However, guidelines set by Project Management Body of Knowledge is more
acclaimed and taken as standards by many project managers. Bellow more elaborate explanation of risk
management process taken from PMBOK.
According to PMBOK there is only one technique is of the risk planning process. And that is meeting
among the stakeholders of the project. In these risk management planning meetings, the fundamental
plan for the risk management activities will be discussed and documented. The key outcomes of these
meetings are as follows,
Risk Identification:
Risk management process involves all the activities to identify the risks that might have an impact on the
project and documenting them. Risk management is an iterative process. As the project progresses, new
risks that have not been thought about can appear. Those risks are also documented as the
documentation will come in handy in same kind projects later on.
Documentation review:
This technique involves going through historical data, assumptions, project plans and project’s
outcome. After having a clear idea of these factors project managers try to figure out what
might appear as a risk in project management.
7|Page16
Risk Management in International ICT Project Management
Information gathering:
Information gathering is probably the most common risk identification technique. It requires
project’s stakeholders to arrange a meeting and from the primary data the group of people
comes up with the list of risk.
Assumption analysis:
Assumptions analysis is a process of validating assumptions that are made previously and then
documenting the risks as the project progresses.
Diagramming technique:
Diagramming technique is also common risk identification process in project risk management.
Three types of diagram are used in diagramming technique,
8|Page16
Risk Management in International ICT Project Management
understand on which risk they should concentrate most. The figure bellow is a sample
probability and impact matrix created with the help of Elyse (2007) and PMBOK (2000),
Probability
.80 Risk 1 Risk 12 Risk 14 Risk 6
.60 Risk 2 Risk 9 Risk 10
.40 Risk 8 Risk 3 Risk 5, Risk 11
.20 Risk 7 Risk 13 Risk 4
.05 .20 .40 .60 .80
Impact
9|Page16
Risk Management in International ICT Project Management
The decision tree is a process of determining an outcome in a logical way. There is no black and
white definition for decision tree analysis. The figure bellow shows a sample decision tree using
EM vans one of its inputs.
Choice X
EMV = £7000
Poor Outcome
Probability .4
£2000
Decision start
£4000
Good Outcome
Choice Y Probability .8
EMV = £6000
Poor Outcome
Probability .2
£1000
10 | P a g e 1 6
Risk Management in International ICT Project Management
There can be also three strategies taken for the risks which have positive impact on the project.
o Exploit the opportunity posed by the risk.
o Share the risk among different parts of the project.
o Enhance the impact of the opportunity.
Monitoring and control is basically something which involves rechecking the risk log, and project charter
and objectives and finding out if already defined risks are managed efficiently or not. And whether there
is a chance for a potential risk to turn up.
11 | P a g e 1 6
Risk Management in International ICT Project Management
a. The first and the foremost step is estimating probability of crisis in an ICT project. It will help the
project planners to estimate how much budget and effort are needed to be allocated for the
crisis.
b. Secondly, a crisis contingency management team should be created. A team who will take
charge during the crisis. These people will constitute a sleeping organization, ready to be awake
at the moment’s notice. These people have to be very hard working, devoted to organization,
self motivated and last but not the least very good, veteran project managers.
c. Once the people is selected for the action committee for the crisis management, they must
meet in a focus group meeting to make a contingency plan for the crisis. They also need to sit in
short intervals to keep the plan up to date and evaluate the trigger condition of the project, if
any.
Lock’s outline crisis contingency management in my point of view lacks one key thing. To my point of
view, there should be provision for small pilot testing for the crisis. Then the steering committee will
know the effectiveness of the crisis contingency plan they have created.
12 | P a g e 1 6
Risk Management in International ICT Project Management
Case Study:
1. Background
The Federated Digital Repository at the University of Oxford
An increasing amount of digital materials are being produced on a daily basis by researchers at the
University of Oxford. These materials include journal articles, theses, images and datasets. The
University has the responsibility for providing services to store, curate, disseminate and preserve
outputs from research activities. . These services are increasingly made available at Oxford through
digital repositories. There are also digital materials produced outside of the University, that are
nonetheless required within Oxford for research purposes, and that are efficiently managed through
repositories.
This observation, together with strategic decisions such as the cessation of funding for the Arts and
Humanities Data Service (AHDS), are compelling reasons for institutions to take responsibility for the
curation and preservation of their own research data.
The project’s overall aim is to scope the requirements, including for the underlying infrastructure and
interoperability, for digital repositories services to store, curate, disseminate and preserve research data
generated at Oxford.
Objectives:
Capture document researchers’ requirements for digital repository services to handle research
data.
Make recommendations to improve and coordinate the provision of digital repository services
for research data.
Initiate and develop collaborations with the different repository activities already occurring to
ensure that communication takes place in between them.
Raise awareness at Oxford of the importance and advantages of the active management of
research data.
13 | P a g e 1 6
Risk Management in International ICT Project Management
All the risks are very high level. There is no breakdown of the risk steps. The document also fails
to show the source of the risk.
Though probability and impact has been determined but there is no cost estimate for the
impact. For this reason I think there is no use of the column Score.
There is no trigger condition defined for the risk.
Though mitigation plan is well defined but there is no cost there is no cost estimate involved for
14 | P a g e 1 6
Risk Management in International ICT Project Management
Conclusion:
As Walewski and Gibson (2003) have rightly pointed out the fact like many others,
Risk analysis and management is most effective when deployed early. A properly structured risk
identification, analysis, and mitigation process can moderate the risks associated with
international construction projects.
An organisation’s risk management policy should set out its approach and appetite for risk and its
approach to risk management. The policy should also set out responsibilities for risk management
throughout the organisation. Furthermore, it should refer to any legal requirements for policy
statements.
Different stake-holding body for the project play important role in successful management of risk in
organization. Bodies like project management unit and different business units when proactive can do a
great deal to identify risk and propose a mitigation plan. Project managers today has to accept the fact
that risk assessment and management is not a substitute for adequate pre-project planning, project
controls, or other management and technical requirements. The most effective risk management
process is coordinated with all aspects of project development and management.
Project managers have to become more dynamic in terms of project management. They have to have
some idea about project portfolio management and program management. Because small negligible risk
in the project if not managed can cost very big deal in the program.
Project risk management is still a practice in present world. There is no set rule for the risk management
yet. Often organization manages their own risk in their own set way. And when there is a change in the
business rule or the project itself, it becomes really tough for the project managers track the previous
risk of the project. For this reason I believe there should be set standards for project risk management
as it is there for project management itself. Institutions like PMI, RMI and AIRMIC should come forward
to address the problem.
15 | P a g e 1 6
Risk Management in International ICT Project Management
Barker, Stephen and Cole, Rob (2007) Brilliant project management: What the best project managers
know, say and do. Pearson Prentice Hall.
Davis, David (2005) ‘Beware of False Economics’ in Harvard Business Review on Managing Projects 2005.
Harvard Business School Publishing Corporation.
Heldman, Kim (2005) Project Management Professional Study Guide. Wiley Publishing, Inc.
Matta, Nadim F and Ashkenas, Ronald N. (2005) ‘Why Good Projects Fail Anyway’ in Harvard Business
Review on Managing Projects 2005. Harvard Business School Publishing Corporation.
Staw, Barry M. and Ross, Jerry (2005) ‘Knowing When to Pull the Plug’ in Harvard Business Review on
Managing Projects 2005. Harvard Business School Publishing Corporation.
Uribe, Luis Martinez (2008) SCOPING DIGITAL REPOSITORIES SERVICES FOR RESEARCH DATA
MANAGEMENT. 27th February, 2008. University of Oxford.
WALEWSKI, JOHN and GIBSON, G. EDWARD, JR. (2003) ‘International Project Risk Assessment: Methods,
Procedures, and Critical Factors’ in Center Construction Industry Studies September 2003. The University
of Texas Austin.
Wiegers, Karl E. (2007) Practical Project Initiation: A Handbook with Tools. Microsoft Press.
16 | P a g e 1 6