Thursday 28 April 2022

Project Risk Assessment Methods

In this article, we will analyze the risk management processes of an IT project. Let's answer the following questions:

· What is risk management in terms of project technology?

· What methods of risk management of IT projects are in demand now?

· What can be improved in the field of risk management of IT projects?

Risk is an uncertain event or set of events that, if implemented, will have an impact on the achievement of goals. A risky event is always an "opportunity" and a "threat."

1. Possible risks of the project

Risk management should increase the chances of achieving project goals. At the same time, the risks to project failure should be minimized.

An occupational risk management system is a continuous process that requires constant review of the progress of the project, reassessment and adaptation of risk management policies and response plans. In a simplified form, the risk management process on IT projects consists of the following actions:

Risk detection. To do this, we use our project documents, hold meetings with stakeholders and experts, create checklists of possible project risks. For IT projects, the following risks are typical:

a. Unpreparedness of the Customer's top management for changes in the business processes of the enterprise and organizational structure;

b. Disinterest of the heads of the main departments of the Customer and their direct, subordinates in the project;

c. Change during the implementation of the project of the RP, the Customer;

d. Insufficient qualification of the RP and the responsible executors of the Contractor;

e. Staff turnover of the Contractor

f. Absence or violation of the methodology for conducting an IT project;

g. Risk of incorrect technical decision;

h. Risk of reducing the performance of the information system;

i. Scheduling errors;

j. Changes in customer requirements

k. Violation of specifications (results plan) by the Contractor

l. Low performance of the Contractor (typical for micro-commands)

If the project manager believes that not all risks are highlighted, then you can use brainstorming methods or SWOT analysis of the project.

All risks are recorded in the Risk Register (see Table 1). Initially, filling out only the column "Risk Description" and, possibly, "Consequences of the occurrence of this problem".


2. Project risk levels and preventive measures


We analyze each risk from the standpoint of the consequences for the project and the probability of risk occurrence. The PMSC tool can be used to assess the impacts (see Table 2)

For each of the characteristics, we select the impact (bold italics in Table 2), then we calculate the arithmetic mean by adding up all the rows and get the final degree of risk impact on the project (5% + 10% + 20% + 40%) / 4 = 18.75% - i.e. the average value (15-30%).

Together with experts (the project team) on the identified main risks of the project, we set the probability: very high (90%), high (70), medium (50%), low (30%), very low (10%).

Next, summarize the probability and level of influence (see Table 3) and fill in columns 4 and 5 Table 1

The level of risks of the project - if the risk falls into the red zone - we necessarily develop an anti-risk measure (see below). With yellow risks - at the discretion of the project team.


Planning response options to manage risk in the desired direction – accordingly, determine an acceptable risk response strategy (column 6 Table 1):

a. Dodge (completely eliminate the threat)

b. Transfer (find a third party who can manage the threat for us)

c. Reduce (reduce the likelihood and/or severity of threat exposure)

d. Take (take no active action, but prepare a contingency plan in case of a threat)

e. Use (make sure that the opportunity is accurately realized)

f. Split (involve a third party in opportunity management)

g. Increase (increase the probability and/or impact of the opportunity)

h. Accept (do not take active action, but prepare a contingency plan in case of opportunity).

i. Escalation (refer to the manual for help)

Accordingly, at this stage we fill in the Columns in the Risk Register: Strategy, Work Plans before and after the occurrence of a risk event. We also assign those responsible for these tasks. It also makes sense to transfer the planned preventive measures in separate paragraphs to the calendar and resource plan of the project with the designation of responsible and required resources.

For risks with a high level of impact and high probability, one should always plan specific measures and communicate them openly to the project team. It is also necessary to regularly check whether the measures outlined in the risk management plan are relevant.

3. Impact of project risk

At the planning stage of project risk management, we have a Project Risk Register, a project calendar and resource plan with a list of tasks for project risk management.

In the course of the project, we monitor risks, determine the remaining risks, implement the project risk management plan and assess the effectiveness of actions to minimize risks, as well as the possibility of replanning the project.

In conclusion, we can say that the task of risk management of IT projects is the timely identification of factors associated with the implementation of an information system or automation system that may adversely affect the implementation of the implementation project, as well as optimal planning of actions to minimize these factors.

No comments:

Post a Comment