IQ – PROJECT MANAGEMENT
STUDY MATERIAL
Date Version Comments Page 2 of 26 Table of Contents
1 OVERVIEW OF PROJECT MANAGEMENT...... 3 2 LIFE CYCLE STAGES...... 3
2.1 PRE-INITIATION...... 3 2.2 INITIATION AND PLANNING...... 3 2.3 PROJECT EXECUTION AND MONITORING...... 4 2.4 PROJECT CLOSURE...... 4 3 PM CONCEPTS...... 5
3.1 PROJECT SCOPE MANAGEMENT...... 5 3.2 EFFORT AND COST MANAGEMENT...... 5 3.3 SCHEDULE MANAGEMENT...... 6 3.4 QUALITY MANAGEMENT...... 6 3.5 RISK AND ISSUE MANAGEMENT...... 6 3.6 RESOURCE MANAGEMENT...... 6 3.7 COMMUNICATION MANAGEMENT...... 7 3.8 KNOWLEDGE MANAGEMENT...... 7 4 SPECIAL FOCUS...... 8
4.1 QUALITY MANAGEMENT (QUANTITATIVE PROJECT MANAGEMENT)...... 8 4.1.1 Quality Planning...... 8 4.1.2 Quality Implementation and Control...... 10 4.2 PROJECT MANAGEMENT TOOLS...... 14 4.3 RISK MANAGEMENT...... 16 5 REFERENCES...... 21 6 MODELS AND STANDARDS IN PROJECT MANAGEMENT...... 22 7 REFERENCES...... 22
Page 3 of 26 1 2 Overview of Project Management Project is an endeavor to achieve one or more objectives like producing a products and/or delivering a service. Building new capabilities to IT and managing IT operations are driven by business objectives and strategies of the organization. A typical IT setup in a business environment implements new projects (adding new capabilities) and also maintains and improves upon the total cost of operations of existing infrastructure. To summarize, projects have a definitive start and end dates, while operations are on-going and repetitive in nature.
In both the scenarios outlined above, objectives are achieved through a set of interconnected activities optimally utilizing resources like people, materials, process and technology. Difference primarily is that many of the activities will be repeated multiple times and analysis will look at trends and patterns in operations. This document outlines the various aspects of a typical project management process as applied in a software project. Estimation, quality management and risk management are covered in more detail. 3 Life cycle stages Projects spans over a period of time depending on its size, nature etc., Hence it goes through stages like initiation & planning, execution and closure. There may be multiple cycles of these phases if the project is iterative in nature or managing an operation. In each of this stage there are multiple tracks for cost, schedule, scope, quality etc. Planning aspects of each of the tracks will be addressed in initiation and so on. Tracks are inter-related activities which require similar skill-set while life cycle stages provide a chronological view of the process. Each of these tracks will be dealt in detail in the subsequent section while this section introduces the various life cycle stages of project management. 3.1 Pre-initiation Pre-initiation refers to the set of preparatory activities of the project which happens even before the project starts formally. This typically starts when the perceived probability of a project getting approved is reasonably high. Key activities in this phase include identifying the stakeholders and their needs, defining project scope and objectives, identifying key success factors and preparing high level estimates. Output is a high level plan and a formal document approving the project (e.g. letter of engagement, statement of work ). Return on investment (ROI) is a key measure of this phase that helps to decide on the go ahead of the project. 3.2 Initiation and Planning Project initiation and planning is the first phase after the project is formally approved. Initiation and planning spans across various tracks discussed in the section such as: Defining the objective and scope
Page 4 of 26 Selecting a process that will suit the nature of work and customizing it to meet the objectives Setting improvement goals by adopting innovative practices for driving continual improvement in the organization Preparing and validating estimates of size, effort, defect and schedule Defining project organization and assigning responsibilities Arranging for infrastructure Risk planning and preparing strategies/plans to manage them Scheduling the project Key output is a project plan which forms the basis for project execution. The plan is reviewed with stakeholders and the finalized plan is shared with the team. Some metrics which are used to measure the planning process are “cycle time to baseline the first version of plan” and “Effort spent on planning”. 3.3 Project Execution and monitoring The purpose of project execution and control is to ensure that the project is monitored and deviations controlled. The project plan developed in the initiation and planning phase is executed. Activities include periodic and event-driven ones. A few periodic activities are: Monitoring cost, scope, schedule, effort Monitoring performance of project using quantitative indicators Monitoring of risks and assumptions Monitoring communication Event-driven activities are Scope change management Issue management Managing Customer complaints Typical deliverables from this phase are status reports, intermediate performance analyses (typically called as “Milestone Reports”) and few project specific reports like SLA reports and adhoc reports. The key metric used here is the percentage of effort spent by the team on project management activities. 3.4 Project closure The closure phase of a project involves a systematic winding up of project after delivering to the client. It is an opportunity to understand the lessons learnt and feed them back to the organization. Key deliverable is a overall performance metrics report (typically called as metrics report or closure report) which captures the learnings – quantitative and qualitative – for reuse in future by the organization. Integral part of closure process is obtaining client/user feedback including a sign-off on the deliverables. It involves systematic release of resources including hardware, software resources. This could involve release of LAN space, software licenses, returning of hardware/software to
Page 5 of 26 client or disposing off client-specific information or knowledge assets as per agreed disposal procedures.
Page 6 of 26 4 PM Concepts A good project, from customer’s viewpoint, is one which meets or exceeds the expectations set during the project initiation. Expectations are typically around four dimensions – scope, quality, cost and schedule. To summarize, a good project meets the commitments – delivering products and/or services meeting their specifications, on time and within budget. To be able to deliver this, a project has to manage many aspects like risks, resources, communication etc. which are covered in the tracks below. 4.1 Project scope management Project scope refers to the boundaries of the project. In addition to product requirements it includes aspects such as user training, installation and production support. Scope defines what needs to be done and what is excluded (i.e., what is in scope and out of scope) as a part the project. Project Scope Management is a set of processes which ensures that the scope of the project is elicited, defined, developed, delivered, and verifies that the final deliverable matches the initial plan. Various activities in scope management are: Stakeholder identification: Stakeholders are those whose interests are affected by the project. They may also influence the project and its results. Scope Planning - this involves eliciting requirements, resolving conflicting requirements and planning to achieve them Discussion with the sponsors, stakeholders, end users etc. to understand the expectations. This is performed by brainstorming and/ or using other techniques such as prototyping to ensure that requirements are clear, accurate, well-documented, verifiable etc. Scope Tracking - Tracking of requirements changes and its impact on cost, schedule etc. In development of a system, scope typically translates as requirements. However in ongoing operations this will typically mean the kinds of work being performed by the team and the systems being supported. Hence, scope not just includes software requirements, but includes all the expectations agreed as a part of the project like training, rollout etc. 4.2 Effort and cost management Cost management refers to the processes required to ensure that the project is completed within the approved budget. It involves cost estimation, budgeting and control. An accurate estimate is an important factor here. Estimation involves size, effort, schedule and cost. Refer to the section under special focus for more elaborate discussion on this topic. Typical activities are: Prepare Effort & Cost Estimation - Breaking the scope of project into smaller chunks and sizing them. Using estimation models to estimate the size, effort and cost based on inputs Analysis and re-estimation - Tracking the effort and cost at regular intervals & re- estimate as required to meet objectives
Page 7 of 26 4.3 Schedule management Schedule management refers to processes required to ensure that the project is delivered on time. This involves aspects such as tasks identification, identification of milestones, establishing dependencies and tracking of these. Some activities are: Prepare WBS and Schedule - Conceptualizing and preparing a detailed work break down structure for the project – including details such as start and end dates of tasks, resources, estimated efforts etc. Identify dependencies - Identify dependencies and translate them as milestones and risks Tracking schedule & managing timelines - Tracking of identified milestones at regular intervals 4.4 Quality Management A quality product or service is one which meets client’s expectations. Expectation refers to meeting the implicit needs of the client in addition to the requirements explicitly stated. A structured, quantitative approach to planning and implementing practices that assure these for a product or service is Quality Management. This involves understanding stakeholder expectations, translating them into quantitative goal, setting up strategies to meet them and measuring the progress quantitatively. Refer to the section under special focus for an elaborate discussion on this topic. Activities include: Quality Planning – This involves identifying critical parameters against which goals need to be set, referring to sources of quantitative data for setting these goals and thinking through the strategies which would help the project achieve these objectives Analyzing and managing quality objectives - Collecting the relevant data and quantitatively tracking them against the goals 4.5 Risk and issue management Risk is a probable event which can impact the outcome of project. Project activities aimed at identifying, characterizing, monitoring and controlling these events fall under risk management. Project risks are identified upfront using techniques such as review of work break-down structure, brainstorming etc. Risks are characterized with probability and impact and categorized as business risks, technical risks etc. Risks are prioritized using attributes such as exposure (probability multiplied by impact) so as to enable more focused monitoring. Risk response planning is done to decide how to respond to the risks. Strategies used here are risk avoidance, mitigation, transference and acceptance. Risk monitoring is done at pre-defined frequencies and response strategies revisited, if needed. Activities in track includes: Risk Planning – This involves identifying the risks in project through techniques such as structured questionnaire, brainstorming, review of WBS etc., and characterizing them with probability, impact etc. so that they can be tracked effectively Risk Tracking - Tracking of risks and identified mitigation steps at regular intervals
Page 8 of 26 4.6 Resource management Resource refers to human and other resources used in the project. Human resources management involves managing team dynamics such as defining the team structure, assigning roles and responsibilities and planning and tracking of training and motivational activities such as team building etc. Most of the time there are dependencies on other teams. Resource management extends to managing of these inter-group dependencies as well. Managing of resources other than human resources also fall under this track. Typical examples are managing the procurement, maintenance, handling of hardware, software, tools, licenses etc. Resource Planning – Including identification of resources to meet requirements, Monitoring resource utilization Releasing resources 4.7 Communication management Communication management involves the processes required to ensure timely and appropriate dissemination of project information to manage the stakeholder expectations. The objective is to ensure that the right stakeholders get the right information at the right time. Communication planning and tracking are two key activities. Communication planning involves identifying the stakeholder expectations and defining the information , mode and frequency of communication. Communication tracking and execution is the process of implementing the plan and monitoring its implementation. Typical examples are preparing status reports, presenting the status to sponsors etc. 4.8 Knowledge management Knowledge Management is a discipline to systematically leverage information and expertise to improve organizational responsiveness, innovation, competency and efficiency. At a project level, knowledge management involves identifying of reusable knowledge or tool etc. from previous experience of the organization, facilitating knowledge exchange within the team on an ongoing basis through knowledge sharing session or tools and contributing to organizational knowledge repositories for the benefits of future projects. Some activities are:. Knowledge Identification and acquisition Utilization & dissemination of knowledge Contribution of knowledge to the organization
One of the good practices is to identifying a knowledge prime at a project level who would own and drive this track.
Page 9 of 26 5 Special focus 5.1 Quality management (Quantitative project management) A structured approach to planning and implementing practices that assure Quality of a product or service is termed as Quality Management. Quality of a product or service is meeting client’s implied and stated needs. Quality management includes Quality Planning Quality Implementation and Control
5.1.1 Quality Planning The activities involved are: Identifying project objectives: Identifying the measurable parameters for the objectives Prioritizing and Translating the objectives into goals Defining Strategies and Effective Processes Defining Tracking plan
Identifying project objectives: As defined before, Stakeholders are those whose interests are affected by the project. It is important to understand their expectations from the project. Meeting these define the success of the project. Examples of project stakeholders and their objectives are as follows: Sponsor is the person who provides the resource for a project. For example, IT director of organization approves the budget for a project. His expectations: To reduce maintenance expenditure on a system through outsourcing To provide high quality deliverables within quick turnaround time to user departments Leverage on outsourcing partner’s experience to strengthen the internal IT End users of the system e.g. client’s employees or client’s customers Usability Availability Performance Outsourcing partner who provides the service Meet and exceed client’s expectations Repeat business and new opportunities Exposure to new technology and domain
Page 10 of 26 There could be multiple sources from where one can get information on stakeholder objectives and expectations. They are Proposals, Client Contracts, SLAs, Acceptance Criteria document, Engagement Management Goals, Delivery Unit Goals, and so on.
Identifying the measurable parameters for the objectives: The next step is to identify parameters which reflect the objectives in quantifiable terms. This is important because we can measure, track, and analyze the progress towards goal when something is quantitative. Metrics are classified in the following three broad categories. Process Quality Metrics: Metrics which reflects the effectiveness/ efficiency of the processes being used. Examples: Productivity, Gross margin, Cost of Quality Product Quality Metrics: Metrics which reflect the characteristics of the developed application. Examples: Defect Density, Coupling between objects, Depth of Inheritance Service Quality Metrics: Metrics which indicate the vendor’s responsiveness, client orientation. Examples: Turn Around Time, CSAT scores, On time Delivery Percentage
Prioritizing and translating the objectives into goals: Metrics are then prioritized. Once this exercise is completed, the next step is to assign values to these metrics and define Goals and identify ‘Baseline’ (which is a reference for the metrics). For example: the baseline productivity for a Java project could be taken as 13.4 functions points/person month.
There could be multiple sources for the baseline. They are: The previous phase of the project Similar project in the same unit Similar project in the organization Organization wide capability baselines External Bench Marks and best practices
Typically, Baseline is the reflection of current status. Once the baseline for the metrics is chosen, depending on the stakeholders objectives, an improvement target is set over and above the ‘Baseline Value for each metric.’ Improvement factor is primarily driven by the stakeholder needs like business criticality, account level improvement plans, risks associated with a new client and so on.
Please refer the table below for an example.
Metric Unit Baseline Reference Improvement Basis for % Goal % improvement Produc Function 13.4 XYZ 10 Unit level 1 tivity Points/Pe Goal 4. rson 7 Month 4 Metrics This requires a good understanding of project’s characteristics such as team size, criticality of application, percentage of experience team members etc.
Page 11 of 26 Defining strategies and effective processes: This involves selecting the engineering (life cycle) process, defining strategies and customizing to meet the objectives.
An appropriate engineering process is selected, based on the project scope. For example an iterative development process is selected for project that involves phases. Typically organizations have a set of standard processes, from which this selection is made. These processes are further customized to suit the project specific needs. High maturity organizations have a set of tailoring guidelines to help projects customize the standard process based on some pre-defined criteria.
Multiple strategies should be identified in order to meet the improved goals Tyiset. Some of the strategies to be looked at are Introduction of Tools and Automation Usage of Re-usable components Defect Containment – Identifying effective review and test strategy Adopting best practices/ learnings into the project specific standards, templates, checklists Knowledge Management.
It is important to quantify the benefit from each of these strategies so that the project has enough confidence of achieving the targeted percentage improvement. For example, a project defines a productivity improvement strategy to use code generator which can generate 50% of the code. If the coding effort of a project is 30%, by using this strategy project can expect to realize a productivity improvement of 15%.
Defining tracking and monitoring plan for goals: This is the last step in the Quality Planning stage, where the project defines how and when it is going to measure its progress towards achieving goals. This involves Measurement plan outlines the base measures to be gathered (e.g. effort, size), their units (e.g. person hours for effort, lines of codes for size), method of gathering the base measures (e.g. time tracking tool for effort), frequency of collection and how metrics are derived from measures Monitoring plan:
5.1.2 Quality Implementation and Control
Implementation of process and strategies: It is the step where the quality plan prepared is put into execution. Following are the key activities: The goals/processes defined are shared with the entire team and their feedbacks are incorporated into the plans. Proper training is provided to the team wherever necessary.
Page 12 of 26 The processes are implemented in the project as planned. For example: following the standards & checklists, self reviews, expert reviews, usage of all the tools identified, collecting data Stakeholders are updated on the progress of the project on a need basis.
Monitoring Project Health Objectively During execution, it is important for us to understand the health of the project. The idea is to identify issues in the project early in the life cycle so that, the corrective actions can be implemented. The project health is monitored through various means. Primary means of monitoring are: Project Quantitative Data Analysis Project Process Compliance Audits Both the methods are complimentary with each other. Using only one may not help the project achieve the goals completely.
Project Quantitative data analysis: This is a key mechanism to identify the project health. As mentioned earlier, the project on an ongoing collects different data. For example: effort, defects, size, schedule and so on. The data when co-related with each other with the use of statistical tools, speak volumes on the health of the project. Different types of analysis are carried out on this data. Each may have a different focus. The primary aim is to
To understand how the project is doing with respect to the plans Identifying any causes for concern in the project Identifying actions to be implemented to bring it back into control
There are quite a lot of powerful tools and concepts available which help in effective analysis, action items identification and prioritization. They are very generic and one can choose the right tool depending on the context. They are described in the Tools & Techniques for implementing quality section. Following are the examples of analysis done in projects: Milestones Analysis Defects / Problems Prevention Analysis Variation Analysis
Milestone Analysis: The objective of milestone analysis is to Understand the overall status of the project with respect to the plans Understand effectiveness of the strategies implemented Identify risks and issues in the project
Page 13 of 26 Identify the probable corrective and mitigation steps Keep the management informed about the status
Milestone Analysis is carried out at logical points identified during initiation and planning stage. Here, the project actual data is compared against Goals and Plans. Typically, a score card or a report is prepared. Some of the items analyzed are as follows: Schedule - % completion of planned activities Effort estimated v/s actual spent Defects uncovered per Life cycle stage Cost estimated v/s actual cost as on date Cyclomatic Complexity of the components developed till now,
All the deviations between planned v/s actual should be thoroughly understood and analyzed. It is important to co-relate different metrics for good inferences. For example: higher productivity and higher defects injection rate indicates an issue in the system.
At the end of this exercise we should have answers to the following questions:
Does the deviation indicate good progress or any concern for the project? What are the root causes for the deviation? In case the project performance is bad, what actions/strategies should be taken in the project to bring it back into control? Is there any process change required? In case the performance is good, what has really contributed to the better performance? Can it be mapped to any process followed? Does that indicate any risk for the success of the project and what are the risk management steps? Is there a need for the project to revise the goal and if yes, what would they be?
This analysis with proposed action items is reviewed with the senior management. Necessary actions are implemented in the project and monitored closely for the effectiveness of implementation.
Defect and Problem prevention: Defect/Problem Prevention Analysis is one of the key practices which help projects meet its objectives. Its purpose is to identify the frequently occurring defects/problems, understand root cause for them and take action to prevent them from being occurring again. For example: High Logical Defects, Low review effectiveness, etc. The steps for the same are as follows: Identify the defect/problem areas Prioritize on the problem areas to be addressed based on frequency/impact Brainstorm on the various causes of the problem Arrive at the list of root causes of the problem
Page 14 of 26 Identify solutions to address the identified root causes Choose solutions for implementation after doing a cost benefit analysis Implement the solutions Track the benefits of implementing the solutions.
Tools like Pareto Chart, Fishbone Diagram, Scatter plots, Co-relation, Regression, etc. are extensively used here.
Variation Analysis While milestone analysis throws light on the overall performance of the project at a given point, it may not readily help us understand the location of problem. For example: Overall the project may have 15% effort over run. With that information, we may not be able to say that the problem is caused by a particular module or a program or when it actually happened, and so on. Variation analysis is used in such contexts. Here the data is analyzed at smaller units on a continuous basis. For example: Program Level, Ticket Level. The process parameters are plotted on time axis and are analyzed using standard rules.
Following are the advantages of using Variation Analysis technique: Gives an early warning into the problem Enable us to locate the problem items Help us understand the stability of the processes Predict the process behavior in future Provides a visual view of the process performance trend
Here again, the data points which are out of the limits are analyzed, root causes identified and remedial actions implemented. Run Charts and Control Charts are most commonly used tools for Variation Analysis. Please refer to Tools & Techniques section for more details on what they are & how to use them in projects.
Project Process Compliance Audits: One of the other mechanisms for monitoring quality implementation in the project is Process Compliance Audits. Here an auditor verifies the process implementation in the project through offline artifact reviews and interviews with the project team members.
Objective of a an audit is to Identify the Non- Compliances to the process planned Identify Best Practices
Page 15 of 26 Identify Improvement Opportunities
Once the audit is done, the audit team briefs the project team on its findings with respect to the above mentioned objectives. The project team analyzes and implements the corrective actions.
There are primarily 3 types of audits, which are as follows: 1st Party Audit: The project team members themselves doing the audit. Example: Configuration Controller Audits, Cross Module Audits, Internal Audits 2nd Party Audit: A team external to the project but internal to the organization audits the project. Example: SQA compliance audits 3rd Party Audit: A team external to the organization audits the project. Example: Client Team Audits, ISO Audits
A project may deploy one or more types of audits to ensure effective process implementation. Quantitative quality management, defect detection and prevention, process tailoring, quality planning, strategies, tools, metrics analysis with 2nd level of details, prediction. Pictorial representation of key activities under this track across life cycle stages Evaluating Product Quality Product quality is evaluated using quality control processes likes reviews and testing. These are dealt in detail earlier in the BOK 5.2 Project management tools System is the mechanism to institutionalize processes. There are many project management solutions available in the market or it can be developed in-house to implement client-specific processes. Advantages: Some of the key advantages brought to table by project management system are: Standardization of process: System provides a confidence to senior management that standard processes are implemented across the organization Provide visibility through reporting features Measure Systems can be used to measure processes using parameters such as “cycle time to prepare a plan” etc. Project management efficiency and effectiveness Key functionalities: The following are the key functionalities of the system Planning: The system provides to record a project plan with the components reflecting the project management process of the organization – effort, cost, schedule estimates, milestones etc. High maturity processes may have aspects like “Estimates of defects to be injected”, “estimates of defects to be detected”, UCL/LCL for statistically monitored parameters etc. also as a part of plan. Effort capturing: Capturing of actual effort against effort plan is an important input for tracking. These are done through timesheets at frequencies defined by organizational
Page 16 of 26 policy e.g. weekly, daily etc. Effort data is typically captured with attributes necessary to facilitate analysis of effort data e.g activity code, module code etc. Using these analysis such as “percentage of effort spent on project management activities”, “percentage distribution of effort across life cycle stages” etc. can be done Management of reviews and defects: Review and defect data form an integral part of engineering practice. The data is used for various purposes at various levels of maturity: At the basic level, information such as defect description, assignee etc. are needed to ensure that the defect is tracked to closure before the end product is delivered to client or intermittent work product is used in next stage Check such as if all necessary reviews were done is used for phase completion verification before taking a decision to promote the phase of project Review data such as preparation effort for review, review effort, size of work product, number of defects found are used to calculate metrics such as review efficiency, effectiveness etc. which are used to predict the quality of final deliverable using historic data from the organization. It could be used even to take go-nogo decisions in some scenarios. At higher levels of maturity, defect data collected along with details such as injection/detection stages, defect type etc. can be analyzed using Pareto analysis etc. to study patterns so as to improve the process in future cycles Thus, depending on the process maturity, system collects review data such as review effort, size of work product etc. and defect data such as description, assignee, defect type, detection/injection stages etc. are captured Issue management is similar to defect management. A simple issue tracking tool provides for recording of issue details e.g. issue name, description, type (e.g customer issue, team issue etc.), assignee and expected date of completion and implements a workflow to get the assignee/owner act on the issue. It is also integrated with mailing features to increase the effectiveness of the system. Changes requests may also be tracked in a similar way. Task scheduling and tracking: This is the core of project tracking. There are standard tools such as Microsoft project (MSP) which comes with many value-added features. Typical functionalities are: Defining tasks with attributes such as task name, estimated effort, planned start date, planned end date, resources allocated etc. Define task dependencies (predecessor/successor tasks etc.) Baseline a schedule and store previous baselines Being able to update percentage of task completed, actual start date, actual end date etc. Produce reports and charts such as Gantt chart, resource loading chart, estimate vs. actual etc. Other functionalities and capabilities: Besides the above, other functionalities could be: Reporting including standard reports (status reports etc.) and user-defined reports
Page 17 of 26 Mail integration to trigger mail on pre-defined events like issue creation, defect creation etc. Role-based access as per org-wide policies on roles and responsibilities. For example, only a project manager can edit a plan; team members can only read it. Another example is that user can see only his project or projects under his line of control. Integration with engineering tools to automatically sense the defects or capture effort on- line etc. Portfolio management: Dashboard view to see the details of multiple projects together Integration with standard formats such as xls, csv etc. through features such as export/import provides the tool to integrate with other systems and to use the system offline
Page 18 of 26 5.3 Risk management Introduction A CEO of a leading company was once asked what single characteristic was most important while selecting a project manager. He responded: “A person who has the ability to know what will go wrong before it actually does” [1]. This in essence highlights the importance of Risk Management. We live in a world of uncertainty. Understanding the risks involved and taking mitigation steps is of paramount importance to ensure success of the project. Robert Charette, in his book, Software Risk Analysis and Management gives a definition of risk. Risk concerns future happenings. Whatever happened today and yesterday are out of scope of risk analysis. The question is how to adjust our actions today so that we are better prepared for tomorrow [2]. Risk Mitigation is like insurance premium. To protect our family, and ourselves we pay a premium. This premium is calculated based on the probability of occurrence and the impact of any event. For ex. the premium for earthquake insurance of our houses changes according to the zone we are living. Premium is more in a city which is earthquake prone compared to a city where probability of earthquake is less. Similarly depending on the probability and impact of risks in our projects, we have to insure it – that is, take effective mitigation steps. The broad steps in Risk Management can be outlined as below:
I. Risk II. Risk Projection III. Risk Mitigation Identification - Prioritize risks using - Alternative courses of - Identify all possible Qualitative or/and action or work arounds risks Quantitative analysis to minimize the - Use past data, - Map risks with probability and / or checklists, probability, Impact, impact of risks brainstorming, reviews exposure to identify risks - Overall risk profile of project
IV. Risk Monitoring - Scan for new risks regularly - Continuously monitor risk management plans - Communicate status regularly - Escalate if risks go out of control
Page 19 of 26 Risk Identification “ We will see when it happens” – This type of statement may be true for super characters like James Bond. It seldom works for project managers. A proactive risk management strategy identifies risks at project initiation stage itself. Contrary to this, a reactive strategy is to handle risks once it materializes only. Needless to say, proactive strategies are the need in any project
How to Identify Risks? There are several sources and techniques to identify risks. What is important is to have a systematic approach. a) One of the best methods to identify risks is to go by different categories of risks. Some of the common categories are: Business risks Technical risks People related risks Client related Quality related risks and so on. b) A use of a risk checklist is very important, since it gives visibility to things (risks) unknown to you. The risk database in PRidE helps here[3]. This TIP serves as an excellent platform to start Look at project objectives and goals and brainstorming on risks. ask “what are all the reasons that you may give if you don’t meet them!” All these are potential risks in your project!
Some of the aspects that will be covered in risk checklist are: Risk associated with size of project Risks due to methodology used Availability of tools Staff size, experience etc These must be used with other techniques like Brainstorming, past project data analysis to identify all possible risks Risk Projection
Page 20 of 26 Each risk has 2 characteristics – Probability and Impact. While probability measures the chances of risk actually materializing, Impact measures the negative outcome in project. To asses the probability and impact of project, there are 2 methods – Qualitative and Quantitative.
In the Qualitative approach, Probabilities and impact of risks can be classified as High / Medium / low etc. The numbers can also be assigned using a cardinal scale. Here High can refer to 0.8, Medium to 0.5 and Low to 0.2. Similarly Impact can also be classified under ordinal (High, Medium, Low etc) or cardinal (1, 3, 5, 7, 9 etc). While probability mathematically can be between 0 and 1, Impact can be any number. However it is a good idea to restrict the range to a reasonable limit, say 1 to 10. As you can see, Probability and Impact are two independent attributes of risk. To normalize and compare risks, Exposure value is used. Exposure = Probability * Impact Prioritizing of risks is a 2 step process. In the first step, this can be done based on their exposure values. A sample risk sheet with Probabilities, Impact and Exposure is given below Risk Risk Description Probability Impact Exposur Risk Category e Priority (Scale: 1 to 10) Client related Lack of availability of 0.6 8 4.8 1 business users for clarifying issues can lead to delays Infrastructure Delay in procurement 0.5 6 3.0 2 of tool for testing can increase effort required for testing Technical Issues in Database- 0.4 6 2.4 3 middleware integration can lead to additional testing effort People Availability of skilled 0.2 6 1.2 4 resource at onsite location
Sample Risk Sheet Cost Impact of risk (Quantitative Risk Analysis) The next step in prioritizing is to take the top few risks and understand the dollar impact due to these risks. The best way to do this is to estimate the schedule impact due to the risk. The schedule impact can be converted to dollar amount based on additional person
Page 21 of 26 effort required to complete the project. Cost impact should also be looked at from other angles – business impact, opportunity cost, etc. There will be several risks in the project and it may not be worthwhile to compute cost impact for all risks. Hence it is recommended that we do it for top few risks. The top few risks here are the ones where Probability, Impact or Exposure is greater than a threshold.
As per Infosys process, cost impact has to be calculated if Probability is >0.7 or Impact >7. Based on cost impact, risks have to be re prioritized Risk Risk Description Probability Impact Exposure Cost Risk Category Impact Priority - (Scale: 1 to Reprioritize 10) (USD) d Client Lack of availability 0.6 8 4.8 10000 2 related of business users for clarifying issues can lead to delays Infrastructur Delay in 0.5 6 3.0 5000 3 e procurement of tool for testing can increase effort required for testing Technical Issues in 0.4 6 2.4 25000 1 Database- middleware integration can lead to additional testing effort People Availability of 0.2 6 1.2 4 skilled resource at onsite location
Sample Risk Sheet with cost details of risk
Risk Mitigation A risk mitigation plan is to develop alternative courses of action, workarounds, for each of the important risks[4]. Techniques can be used to avoid, reduce, and control the probability and impact of the risk. Whenever mitigation plans cannot be deployed, contingency plans are developed that comes into play when risk actually materializes. Both risk and contingency plans may be deployed only if cost of risk is higher than that of the mitigation or contingency plans. There are several ways to handle risks.
Page 22 of 26 Risk Avoidance – Finding alternate ways of doing the project such that risk is no longer there. Risk Control – Taking steps to minimize probability and impact of risk Risk Transfer – Transferring risks to a different entity Risk Acceptance – Accept the risk without taking any action. For large risks, more than one approach may be required. Some examples Way of handling Examples risk Risk Avoidance A risk on performance of SQL DB is identified. By adopting a different DB, say, Oracle, the risk is avoided. A risk of visa availability is there - By recruiting staff directly from the onshore country, this risk can be avoided
Please note that Risk Avoidance is not easy. When we try to avoid a risk, new risks might come in. Risk Control Risk of delayed involvement from Business user - By building good rapport with customer early enough, the probability of this happening can be reduced. Low Skilled resources – By planning detailed documentation and knowledge acquisition plans, impact of the risk can be lessened
Risk control is the one of the most used ways of handling risks. We plan necessary and sufficient mitigation steps and execute them to reduce probability and impact of risks Risk Transfer Low skilled resources – By sub contracting the work, the risk is transferred to another party Complex technology where schedule cannot be estimated – Project is executed on Time & Material basis. Hence risk of schedule is transferred to client
Risk transfer can be adopted when we cannot have proper mitigation steps. Risk Acceptance Project being disrupted due to political unrest Project being stopped due to change in Client CIO
Certain risks where Probability / Impact is very low or if cost of mitigation is very high will have to be accepted. Risk Acceptance means that Mitigation steps are not proposed at this point of time, but the risk is watched and monitored
Page 23 of 26 We might sometimes encounter a situation where mitigation steps of one particular risk will increase the probability of another risk! The classic example for this is Quality vs. Productivity risks. If we implement mitigation steps like increasing testing to improve quality, Productivity will be impacted. In such situations, we need to balance the mitigation steps, considering the overall impact of risk.
Implement Mitigation Plans TIP Once the mitigation steps have been If cost of mitigation is higher identifies, they have to be implemented. than cost of risk, we may as The cost and effort for mitigation is well accept the risk calculated and mitigation steps are implemented.
Page 24 of 26 It is ideal to assign responsibilities for implementing mitigation plans. The effort for mitigation plans should be included in project effort and mitigation steps must be scheduled in project plan for effective deployment Risk Monitoring At frequent intervals, risks need to be revisited for:
Reviewing implementation of mitigation steps Risk is project manager’s enemy. If Revisiting probabilities and impact of existing risks you know your enemy, half the battle is won. Scanning for new risks
Monitoring performance of risk management plan -- Chinese proverb Communicate status to stake holders regularly
A risk becomes an issue when it actually materializes. If effective mitigation steps had been taken, handling the issue would be easier. Communicating the status of risks and escalating when risks go out of control or becomes a major issue is extremely important.
6 References [1] Software Engineering – A Practitioner’s approach by Roger Pressman, McGraw Hill [2] Software Engineering Risk Analysis and Management by Robert Charette, McGraw Hill [3]Risk management guidelines in Pride [4] CMMI model V 1.20
Additional Reading [a] A managers guide to software engineering by Roger Pressman, McGraw Hill 7 Models and standards in project management There are various models in industry. One of the popular models is from PMI. Issue with this model is that it generic and not specific to software industry which has some specific nuances. Organizations have specific models that differs significantly from PMI. Infosys has a model for PM Elite, elements of which were explained above. 8 References
© 2006 Infosys Technologies Ltd. All rights reserved Page 26 of 26