Information Systems Risk Management Chapter 5

Risk Management Process

• Identifies and characterizes threats
• Analyzes risk data into decision-making information
• Plans actions for addressing individual risks and creates an integrated risk management plan
• Tracks the status of risks and actions taken to enhance them
• Controls deviations from planned risk actions
• Communicates information and views about risks

Project Risk Management

• Concerned with identifying, analyzing, and planning for potential risks that might impact the project
• Minimizes the probability and impact of negative risks while maximizing the probability and impact of positive risks
• Comprises seven processes: Plan Risk Management, Identify Risks, Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk Responses, Implement Risk Responses, and Monitor Risks

Project Risk Management Knowledge Area

• Addresses two levels of risk: individual project risk and overall project risk
• Individual project risk: an uncertain event or condition that has a positive or negative effect on a project's objectives
• Overall project risk: the effect of uncertainty on the project as a whole, combining all risks and sources of uncertainty

Trends and Emerging Practices

• Non-event risks: variability risk, ambiguity risk
• Project resilience
• Integrated risk management

Project Risk Management Considerations

• Project size: budget, duration, scope, or team size
• Project complexity: innovation, new technology, commercial arrangements, interfaces, or external dependencies
• Project importance: breakthrough opportunities, significant blocks to organizational performance, or major product innovation
• Development approach: waterfall or agile

High-Variability Environments

• Incur more uncertainty and risk
• Adaptive approaches: frequent reviews, cross-functional project teams, and knowledge sharing to manage risk

Plan Risk Management

• Defines the way to conduct risk management activities
• Outputs: risk management plan that describes how risk management activities will be structured and performed

Risk Management Plan

• Methodology: approaches, tools, and data sources
• Roles and responsibilities: risk management responsibilities
• Risk strategy: general approach for managing risk
• Funding: funds needed for Project Risk Management activities
• Timing: schedule of risk management processes
• Risk categories: grouping individual project risks
• Stakeholder risk appetite: recorded in the risk management plan
• Definitions of risk probability and impacts: specific to the project context
• Probability and impact matrix: prioritizes risks
• Reporting formats: content of the risk register and risk report
• Tracking: description of how to document risk activities and audit risk management processes