2024 GPI Mod 4 Project Cost & Risk Management PDF

Summary

This document presents information on project cost and risk management, focusing on IT projects and their associated costs. It covers topics including the importance of project cost management, processes, principles, and types of cost estimates. The material is suitable for an undergraduate course in project management.

Full Transcript

Mod 04
Project Cost & Risk
Management

2024/25
Class 06 - Project Cost Management

Class 07 - Project Risk Management
Teaching Team: Gabriel Pestana & Nuno Pina

© Gabriel Pestana 2024
 Project Cost Management - Learning Objectives

Understand the importance of project cost management
Explain basic project cost management principles, concepts, and terms
Describe the process of planning cost management
Discuss different types of cost estimates and methods for preparing them
Understand the processes of determining a budget and preparing a cost estimate for an
information technology (IT) project
Understand the benefits of earned value management and project portfolio
management to assist in cost control
Describe how project management software can assist in project cost management

2
 The Importance of Project Cost Management

IT projects have a poor track record for meeting budget goals
Project cost management includes the processes required to ensure that the project is
completed within an approved budget
– Costs are usually measured in monetary units like dollars or euros
Project Cost Management Processes
– Planning cost management: determining the policies, procedures, and
documentation that will be used for planning, executing, and controlling project
cost.
– Estimating costs: developing an approximation or estimate of the costs of the
resources needed to complete a project
– Determining the budget: allocating the overall cost estimate to individual work
items to establish a baseline for measuring performance
– Controlling costs: controlling changes to the project budget

3
 Basic Principles of Cost Management

Most members of an executive board better understand and are more interested in
financial terms than IT terms , so IT project managers must speak their language
Profits are revenues minus expenditures
Profit margin is the ratio of revenues to profits
Life cycle costing considers the total cost of ownership, or development plus support
costs, for a project
Cash flow analysis determines the estimated annual costs and benefits for a project
and the resulting annual cash flow

4
 Types of Costs and Benefits

Tangible costs or benefits are those costs or benefits that an organization can easily measure in
dollars
Intangible costs or benefits are costs or benefits that are difficult to measure in monetary terms
Direct costs are costs that can be directly related to producing the products and services of the
project
Indirect costs are costs that are not directly related to the products or services of the project,
but are indirectly related to performing the project
Learning curve theory states that when many items are produced repetitively, the unit cost of
those items decreases in a regular pattern as more units are produced
Reserves are dollars included in a cost estimate to mitigate cost risk by allowing for future
situations that are difficult to predict
– Contingency reserves allow for future situations that may be partially planned for (sometimes called
known unknowns) and are included in the project cost baseline
– Management reserves allow for future situations that are unpredictable (sometimes called unknown
unknowns)

5
 Planning Cost Management

The project team uses expert judgment, analytical techniques, and meetings to develop
the cost management plan
Estimating Costs
– Project managers must take cost estimates seriously if they want to complete
projects within budget constraints
– It’s important to know the types of cost estimates, how to prepare cost estimates,
and typical problems associated with IT cost estimates

Source: ISO 21500 Guidance on project management

6
 Types of Cost Estimates

Estimates are usually done at various stages of a project and should become more
accurate as time progresses
A large percentage of total project costs are often labor costs
Basic tools and techniques for cost estimates:
– Analogous or top-down estimates: use the actual cost of a previous, similar project
as the basis for estimating the cost of the current project
– Bottom-up estimates: involve estimating individual work items or activities and
summing them to get a project total
– Parametric modeling: uses project characteristics (parameters) in a mathematical
model to estimate project costs

7
 Cost Estimates – Components (labour cost rates)
Academic examples to help students become familiar with fundamental concepts

Organization cost rates by resource categories:
– Consultant Type 1 = 200 € / day
– Consultant Type 2 = 270 € / day
– Consultant Type 3 = 300 € / day
8
 Cost Estimates – Components (other costs)
Academic examples to help students become familiar with fundamental concepts

9
 Cost Estimates – Components (other costs)
Academic examples to help students become familiar with fundamental concepts

Cost Breakdown Structure - CBS

10
 Project Cost Estimate - Example

11
 Determining the Budget

Cost budgeting involves allocating the project cost estimate to individual work items
over time
– Cost estimating determines the total cost of the project
– Budgeting identifies where and when costs will be expended
– The cost is measured by deliverables using project milestones, according to payment
conditions

The WBS is a required input to the cost budgeting process since it defines the work
items
Important goal is to produce a cost baseline
– a time-phased budget that project managers use to measure and monitor cost
performance

12
 Project Cost Baseline
Academic example of the essential elements students must cover in project budget estimation

Project cost control includes
– Monitoring cost performance
– Ensuring that only appropriate project changes are included in a revised cost baseline
– Informing project stakeholders of authorized changes to the project that will affect
costs
13
 Cash-Flow
basic version - academic example

M1 M2 M3 M4 M5 M6 Total
Resources Rate/Day Nº Days Nº Days Nº Days Nº Days Nº Days
Prog I 200 € 20 20 20 20
Prog II 200 € 20 20 20 10
TL I 300 € 10 15 10 10 10
TL II 300 € 10 15 10 10 5
PM 400 € 10 5 5 5 5
Labour Cost 10,000 € 19,000 € 16,000 € 16,000 € 12,500 € 0€ 73,500 €
Travels 500 € 1,000 € 5,000 € 6,500 €
Outsourcing 10,000 € 10,000 € 20,000 €
Materials 5,000 € 5,000 €
Total 15,500 € 20,000 € 26,000 € 16,000 € 27,500 € 0€ 105,000 €
Price 13% 120,000 €
Invoices 20% 30% 30% 20%
24,000 € 0€ 36,000 € 0€ 36,000 € 24,000 €
Cash Flow 8,500 € -11,500 € -1,500 € -17,500 € -9,000 € 15,000 €
14
 Chapter Summary

Project cost management is a traditionally weak area of IT projects, and project
managers must work to improve their ability to deliver projects within approved
budgets
Main processes include
– Plan cost management
– Estimate costs
– Determine the budget
– Control costs

15
 Project Cost Management Summary

16
Project Risk Management

© Gabriel Pestana 2024
 Project Risk Management - Learning Objectives

Understand what risk is and the importance of good project risk management
Discuss the elements involved in risk management planning and the contents of a risk
management plan
List common sources of risks in information technology projects
Describe the process of identifying risks and be able to create a risk register
Discuss the qualitative risk analysis process and explain how to calculate risk factors,
create probability/impact matrixes
Discuss what is involved in monitoring and controlling risks

Difference between Metrics, KPI and CSF

18
 The Importance of Project Risk Management

Expecting the unexpected

(Murphy’s law)

Project risk management is the art and science of identifying, analyzing, and responding
to risk throughout the life of a project and in the best interests of meeting project
objectives
Risk management is often overlooked in projects, but it can help improve project
success by helping select good projects, determining project scope, and developing
realistic estimates

19
 Type of Risks

Negative Risk
– A dictionary definition of risk is “the possibility of loss or injury”
– Negative risk involves understanding potential problems that might occur in the
project and how they might impede project success
– Negative risk management is like a form of insurance; it is an investment
Positive Risk
– Positive risks are risks that result in good things happening; sometimes called
opportunities
– A general definition of project risk is an uncertainty that can have a negative or
positive effect on meeting project objectives
– The goal of project risk management is to minimize potential negative risks while
maximizing potential positive risks

20
 Risk Utility

Risk utility or risk tolerance is the amount of satisfaction or pleasure received from a
potential payoff
– Utility rises at a decreasing rate for people who are risk-averse
– Those who are risk-seeking have a higher tolerance for risk, and their satisfaction
increases when more payoff is at stake
– The risk-neutral approach achieves a balance between risk and payoff

21
 Project Risk Management Processes

Planning risk management: deciding how to approach and plan the risk management
activities for the project
Identifying risks: determining which risks are likely to affect a project and documenting
the characteristics of each
Performing qualitative risk analysis: prioritizing risks based on their probability and
impact of occurrence
Performing quantitative risk analysis: numerically estimating the effects of risks on
project objectives
Planning risk responses: taking steps to enhance opportunities and reduce threats to
meeting project objectives
Monitoring and controlling risks: monitoring identified and residual risks, identifying
new risks, carrying out risk response plans, and evaluating the effectiveness of risk
strategies throughout the life of the project

22
 Risk Management Planning

The main output of risk management planning is a risk management plan, a plan that
documents the procedures for managing risk throughout a project
The project team should review project documents and understand the organization’s
and the sponsor’s approaches to risk
The level of detail will vary with the needs of the project
Topics Addressed in a Risk Management Plan
– Methodology
– Roles and responsibilities
– Budget and schedule
– Risk categories
– Risk probability and impact (i.e., Create a Risk Matrix)
– Risk documentation

23
 Risk Management Planning

Identifies the risks associated with a project, the means by which they will be assessed
and the strategy for their reduction (4W&2H)

Source: ISO 21500 Guidance on project management

24
 Contingency and Fallback Plans, Contingency Reserves

Contingency plans are predefined actions Information Technology Success Potential Scoring Sheet
that the project team will take if an Success Criterion Relative Importance
identified risk event occurs User Involvement 19
Executive Management support 16
Fallback plans are developed for risks that Clear Statement of Requirements 15
have a high impact on meeting project
Proper Planning 11
objectives and are put into effect if attempts
to reduce the risk are not effective Realistic Expectations 10
Smaller Project Milestones 9
Contingency reserves or allowances are Competent Staff 8
provisions held by the project sponsor or Ownership 6
organization to reduce the risk of cost or Clear Visions and Objectives 3
schedule overruns to an acceptable level
Hard-Working, Focused Staff 3
Total 100

25
 Broad Categories of Risk & Risk Identification

Market risk
Financial risk
Technology risk
People risk
Structure/process risk
…

Source : The PMBOK Handbook Series

26
 Identifying Risks

Identifying risks is the process of understanding what potential events might hurt or
enhance a particular project
Risk identification tools and techniques include:
– Brainstorming
– The Delphi Technique
– Interviewing
– SWOT analysis

27
 Identifying Risks
Brainstorming | Delphi Technique

Brainstorming Delphi Technique
– is a technique by which a group attempts to – Used to derive a consensus among a panel of
generate ideas or find a solution for a specific experts who make predictions about future
problem by amassing ideas spontaneously and developments
without judgment – Provides independent and anonymous input
– An experienced facilitator should run the regarding future events
brainstorming session – Uses repeated rounds of questioning and
– Be careful not to overuse or misuse written responses and avoids the biasing effects
brainstorming possible in oral methods, such as brainstorming
Psychology literature shows that individuals
produce a greater number of ideas working alone
than they do through brainstorming in small,
face-to-face groups
Group effects often inhibit idea generation

28
 Identifying Risks
Interviewing | SWOT Analysis

Interviewing SWOT analysis
– Is a fact-finding technique for
collecting information in face-to-face,
phone, e-mail, or instant-messaging
discussions
– Interviewing people with similar
project experience is an important
tool for identifying potential risks

SWOT analysis
– (strengths, weaknesses, opportunities,
and threats) can be used during risk
identification
– Helps identify the broad negative and
positive risks that apply to a project
Source: Risk management for Agile programmes

29
 SWOT Analysis

Weaknesses and Threats
knowing these two is already
a big step toward identifying
the risks

Strengths and Opportunities
are positive events that
promote your goals

30
 Risk Register

The main output of the risk identification process is a list of identified
risks and other information needed to begin creating a risk register
A risk register is:
– A document that contains the results of various risk management processes
and that is often displayed in a table or spreadsheet format
– A tool for documenting potential risk events and related information
Risk events refer to specific, uncertain events that may occur to the
detriment or enhancement of the project

31
 Combining the impact of several risks

Individual risks can interact
The WBS is a key tool in the integration of risks
– Top-down approach
Key risk factors are identified and assessed at high level of the WBS
Allows to analyse interrelationships
– Bottom-Up approach
Risks are identified at a low level of the WBS
Prepare contingency plans

Treat Risks, develop options and determine actions to:
– Enhance opportunities
– Reduce threats to the project objectives
Addresses the risks by their impact by inserting resources and activities into the budget and schedule

32
 Risk Register Contents
standard classification attributes

An identification number for each risk event (unique identifier)
A rank for each risk event
The name of each risk event (SMART name → provides a clear perception to the risk)
A description of each risk event
The category under which each risk event falls
The root cause of each risk
Triggers for each risk; triggers are indicators or symptoms of actual risk events
Potential responses to each risk
The risk owner or person who will own or take responsibility for each risk
The probability and impact of each risk occurring
The status of each risk

33
 General Risk Mitigation Strategies
for Technical, Cost, and Schedule Risks

Recommendation to risk management, special emphasis to team management,
leadership &motivation and Monitoring (list of indicators and CSF).
Careful attention to the relevance of a good WBS definition.

34
 Planning Risk Responses

After identifying and quantifying risks, you must decide how to respond to them
Four main response strategies for negative risks (i.e., risk treatment)
– Risk avoidance, decision not to become involved in, or action to withdraw from, a risk situation.
Under avoidance implies changes to the project plan (Scope, Time, Costs, Quality, Organization)
– Risk acceptance, create a contingency plan to react to the risk if it occurs. Make an allowance by
increasing time and/or budget to the project (WP, Activity or Task) where the risk was identified
– Risk transference, sharing with another party the burden of loss or benefits of gain for a risk
(deflect the risk). Risk transfer has additional costs (e.g., insurance, subcontracting, etc.)
– Risk mitigation, actions taken to lessen the probability, negative consequences, or both.

35
 Planning Risk Responses
Risk Treatment Process

Source: Risk Assessment – ISO 27005 Generic Process

36
 Risk Assessment
Example based on two parameters: Consequence & Probability

Source: ISO 21500

Risk Impact = P(R) * Consequence
Risk Impact = P(R) * Consequence * Public perception
– Consequence (Ri)) = 500 €
– Probability (Ri) = 1%
– Impact (Ri) ) = 500 € * 1% = 5,00 €

37
 Risk Impact Table
Example based on two parameters: Consequence & Probability

38
 Risk Impact Matrix
Example based on two parameters: Consequence & Probability

Risk Impact Matrix = Probability * Consequence
– 3 levels: Low; Med; High
– 5 Levels: VLO; LO; MED; HI; VHI

39
 Risk acceptance – Contingency and Allowance Cost Estimation
Example based on two parameters: Consequence & Probability

40
 Risk Management – ISO/IEC 27000 series

The series provides best practice recommendations on information security management, risks
and controls within the context of an overall information security management system

Standard Description
ISO/IEC 27000 Information security management systems (Overview and vocabulary)
ISO/IEC 27001 Requirements for information security management systems
ISO/IEC 27002 Code of practice for information security management
ISO/IEC 27003 Information security management system implementation guidance
ISO/IEC 27004 Information security management — Measurement & Metrics
ISO/IEC 27005
Information security risk management
ISO/IEC 27006 Requirements for bodies providing audit and certification of information
security management systems
ISO/IEC 27007 Guidelines for information security management systems auditing (focused
on the management system)
41
 Risk Management – ISO 27005 Generic Process

42
 Risk Assessment - Risk Matrix and Impact Level
Standard approach (ISO 27005 recommendation)

43
 Build the Risk Matrix – ISO 27005 Generic Process

The Risk Matrix: tool used in the Risk Assessment process, it allows the severity of the
risk of an event occurring to be determined.
Graphically displays the total of each of the hazards/harms that contribute to the risk
– Severity (Consequences) = X
– Frequency (Probability) = Y
– Risk Score = XY

RISK
Y
(XY)

X

44
 ISO 27005 Generic Process
There are some “gray areas”

Risks are not always “black and white”
When defining risk management, some organizations find it convenient to categorize
risks into the following three regions:
– The broadly acceptable region (Generally Acceptable - GA)
– The ALARP (As Low As Reasonably Practicable) region; and
– The intolerable region (Generally Unacceptable - GU)

GU

Probability
ALARP

But how many zones?
How to determine ALARP?

GA

45 Severity
 Project Risk Management Summary
Description of risk management actions to be performed by the Project Manager

46
Gabriel Pestana
Prof. Coordenador
[email protected]

Escola Superior de Tecnologia de Setúbal
Instituto Politécnico de Setúbal
Campus do IPS, Estefanilha | 2914-761 Setúbal, Portugal
www.estsetubal.ips.pt

© Gabriel Pestana 2024