Risk management refers to careful analysis and scientific management of project risks, so as to avoid unfavorable conditions, reduce losses, achieve expected results and achieve project goals, and strive to avoid or minimize risks after effects. However, it is impossible to completely avoid or eliminate risks, or to only enjoy benefits without taking risks.
Risk management plan preparation: how to arrange and implement the risk management of the project, and formulate the plan for the following steps. ◆Risk identification: identify the known and predictable risks in the project, determine the source of the risk, the conditions of occurrence, describe the characteristics of the risk and which items can generate the risk, and form a risk list.
◆Qualitative risk analysis: sort the identified risks, determine the possibility and impact of risks, determine the priority of risks, and determine the types of risks.
◆Risk Quantitative Analysis: Further understand how likely the risk is and how serious the consequences are. Including sensitivity analysis, expected monetary value analysis, decision tree analysis, Monte Carlo simulation.
◆Risk response plan preparation: To formulate countermeasures for each identified risk, and the document composed of these measures is called risk response plan. Including negative risks (avoidance strategies, diversion strategies, mitigation strategies); positive risks (exploration, sharing, powerful).
◆Risk monitoring: monitor the implementation of risk plans, detect residual risks, identify new risks, ensure the implementation of risk plans, and evaluate the effectiveness of these plans for reducing risks.
◆Project risk: Uncertain events or conditions acting on the project may cause threats or opportunities.
◆Through active and reasonable planning, more than 90% of risks can be dealt with and managed in advance. Risks should be identified early on, and high-level risks should be documented in the charter.
The corresponding risk should be borne by the party that has the most control over the risk.
The principle of matching the degree of risk taking with the return obtained, and the risk taking should have an upper limit.
1. The attributes of risk:
(1) Randomness: The occurrence and consequences of risk events are accidental (double accidental) and follow certain statistical laws.
(2) Relativity: Risk is relative to the subject of project activities. Different tolerances have different impacts. Factors affecting risk tolerance: the size of the income (the greater the income, the more willing to take risks); the size of the investment (the greater the investment, the smaller the tolerance); the status and resources of the subject (higher-level people can bear greater risks).
(3) Risk variability: Changes in conditions will cause changes in risks. Including changes in nature, consequences, and emergence of new risks.
2. Risk classification:
◆According to the different consequences, risks can be divided into pure risks (without any benefits) and speculative risks (which may bring benefits).
◆Divided by risk sources, natural risks (natural disasters) and man-made risks (human activities, can be divided into behavioral risks, economic risks, technical risks, political and organizational risks, etc.).
◆Divided by whether it is manageable, manageable (such as internal majority risks) and unmanageable (such as external policies) also depends on the management level of the subject.
◆Divided by scope of influence, local risk (delay of non-critical path activities) and overall risk (delay of critical path activities).
◆Divided by the bearers of the consequences: owners, governments, contractors, investors, design units, supervision units, insurance companies, etc.
◆Divided by predictability: known risk (known progress risk), predictable risk (possible server failure), unpredictable risk (earthquake, flood, policy change, etc.).
◆In information system projects, from a macro point of view, risks can be divided into project risks, technical risks and commercial risks.
◆Project risk refers to potential budget, schedule, individual (including personnel and organization), resource, user and demand issues, and their impact on the project. Uncertainties in project complexity, size and structure also constitute (estimated) risk factors for projects. Project risk threatens the project plan. Once the project risk becomes a reality, it may delay the project progress and increase the cost of the project.
◆Technical risk refers to potential problems in design, implementation, interface, testing and maintenance. In addition, the ambiguity of specifications, technical uncertainty, obsolete technology, and the latest technology (immature) are also risk factors. Technical risk threatens the quality and scheduled delivery time of the system to be developed. If technical risks materialize, development efforts may become difficult or impossible.
◆Business risk threatens the viability of the system to be developed. There are mainly five kinds of business risks:
(1) Market risk. The developed system was excellent but not what the market really wanted.
(2) Strategic risk. The developed system no longer fits with the enterprise's information systems strategy.
(3) Sales risk. Developed a system that the sales department didn't know how to sell.
(4) Manage risk. Loss of upper management support due to a shift in focus or personnel changes.
(5) Budget risk. The development process is not guaranteed by budget or personnel.