Running Head: RISK ASSESMENT

Xemba Translations case study [Name of Writer] [Name of Institution]

Running Head: RISK ASSESMENT Table of Contents

Technical Risk.........................................................................................................................6 Task 2...............................................................................................................................................9 Explanation of Metrics.............................................................................................................9 Justification of Metrics..........................................................................................................11 Current Status of the Project..................................................................................................12 Implementation......................................................................................................................13 Problems that could affect the Project ..................................................................................14 Mitigation of Problems..........................................................................................................16 Recommendations..................................................................................................................17 Executive Summary...............................................................................................................17 References......................................................................................................................................21 Appendix........................................................................................................................................23 The Risk Metrics Analysis.............................................................................................................23

RISK ASSESMENT Xemba Translations case study Task 1 Risks identified for Xemba Translations IT project It is believed that higher the risk higher would be the return a firm would earn. However it is significant for firms to analyze risks associated with the project, effects it will have while development of project. This metrics will help in identifying the risk associated with the project and will assist in highlighting the likelihood of occurrence of the risk and if it has any negative effects or causes any problems what initiatives are to be taken to minimize the risk, as it is difficult to completely eliminate risk. After understanding the techniques for risk identification and after using many techniques to identify some very effective and considerable risks that may

affect the whole project very deeply, we get five risks that may affect the processing of complete project of IT in Xemba Translations. Some of these risks are most serious which means that if they cannot be overcome effectively before the occurrence of these risks in practical life, then they can easily ruin the whole project and may lead the project towards complete failure. These risks include:

Security Risk Description The IT security breaches can also be the cause of great risks to a business. These include damage to brands, espionage and theft of property intellectual. Meanwhile, companies of all sizes have to deal with a number growing Internet-enabled devices, where most of the "endpoints" are connected to the Internet, especially in large corporations. The major risks of information security may be faced by Xemba Translations are due to the security of information.

RISK ASSESMENT This risk mostly occurs due to reasons such as, the risk of leakage of confidential information, the risk of loss or inaccessibility of important data, the risk of incomplete or distorted information, the risk of unauthorized use of hidden information resources (for example, creating

a botnet) and the risk of spread in the environment of information that threatens the reputation of the organization. Impact that this risk would have is it may reduce the rating of company in market as it affect and misuse the customer information the likelihood of occurrence is very common if system has security lapses, degree of impact is negative impact but not very serious. Initial action to take if event occurs will be to take steps to increase security of systems, try to identify common threats which may be employs of Xemba Translations who leaked information of customers. Team member responsible are, that are hired to assure security of information on the system is responsible to develop Strategies for prevention and mitigation, must install latest security software which shows high resistance for leakage of information in wrong or unauthentic personal and must have policies regarding to information security

Delay Risk Description Time is not less important factor especially for this project as this project is launched to accommodate the increase number of customers, and delay of time may affect the service which reduces number of customer. Indicators of the IT resources to be determined taking into account the duration of their service, device health, and the required rate of readiness for a lifetime. Manufacturers typically only indicate the average time between failures of devices that do not provide a complete picture of how to behave during the whole equipment life (Chapman &

RISK ASSESMENT Ward, 2003). However, according to the central limit theorem of probability theory, the probability density of the failure of the device is similar to a normal distribution, characterized

by the expectation and standard deviation . Typical dependence of the probability of failure of the device from time to time is shown in figure given below. In the early life of the probability of failure is negligible, then increases monotonically, then asymptotically approaches unity.

Impact of this risk will be, it may affect negatively on the service provided by Xemba Translations and may reduce the rate of increasing number of customers. Likelihood of occurrence is mostly. The degree of impact is serious Initial action required would be to increase the workforce to increase the amount of work completed in one day. The team member responsible will be the whole team which involves the personals who provide equipment as well those personals who are installing or developing system falls in this category and strategies for prevention and mitigation would be to ensure the availability of all instruments and devices as planned. This risk can also be prevents through checking the completion status of project after specific period of time.

Risk of Integration Description Risk of integration is a risk which is completely related to the system which is going to install in the Xemba Translations with implementation of IT system. If the system which is

RISK ASSESMENT implemented will fail to satisfy the needs of the business and if this system cannot integrate the whole system within one system of IT, then it may lead the whole project towards complete

failure. This is the most serious risk which if arrived, then provides no chance of correction. This type of risk is very rare in history as whole system is designed to cover every aspect of the business, but it does not mean that management of this IT project neglect this serious risk when they assess different risks for this IT project (Nielsen, 2006). Therefore, it is highly recommended to take steps to eliminate this risk completely. It can ruin the complete project as it ensures the rejection of basic goals of project but Likelihood of occurrence is very rare yet the degree of impact is very serious thus, there would be no chance of correction, and must start planning again for rework. Team member responsible will be project manager and Planning team, strategies for prevention and mitigation might include analyzing project by using prototype technique.

Technical Risk Description Technical risks include power failure risk. This risk involves or targets the risk of power failure due to any reason. This risk is also very serious if the duration of power failure is for long time (Gray et al, 2005; Ghosh et al., 2004). In addition with this risk of power, it also includes other technical aspects such as project involves the use of a new computer language or a new technology not yet mastered by your resources. Its impact can affect the working ability and efficiency of the system, and can affect the working of the processes running in the business if power failure time exceeds backup time of system, likelihood of occurrence is very rare in Europe however the degree of impact is serious

RISK ASSESMENT for long time and no affect for long time. Initial action to take if event occurs should be to hire resources that can take control on situation immediately and try to arrange temporary power supply for system.

Team member responsible, no member is responsible in case of power failure and project manager is responsible if resources are not available. Strategies for prevention and mitigation will be to assess potential training needs of your project team before the start of tasks requiring mastery of these weaknesses (computer language, new technology, etc.) and consequently make use of high backup power systems.

Commercial Risk Description This risk is related with the demands of the customer. It is also depends on the rate with which company changes its product with respect to the customer needs and demands. If organization does not change its product or service with respect to the needs of the customers then it may be out of business in any market irrespective of the fact that its product is unique in the market. In the case of Xembo Translations, commercial risk is arrived if the organization does not change its systems and does not provide training its employees with respect to the demands of the market. Impact that this risk creates is it provides very bad impact on the image of Xembo in market and can reduce the profits as it decreases number of customers the likelihood of occurrence is also very common in most cases, degree of impact is even serious thus Initial action to take if event occurs will be to take decisions based on the market demand at the same time, upgrade system with respect to market demands, Team member responsible are project

RISK ASSESMENT manager as he does not introduce system that can accept change and strategies for prevention and mitigation will be to have continuous changes in system with respect to the market and requires continuous training of employees. The metrics chart to describe the risk analysis has been discussed as follows:

RISK ASSESMENT Task 2 Metrics for Risk Assessment Explanation of Metrics In an ICT project, the most difficult part is to establish a measurement from exemplary

standards of ICT environment. It is constantly changing. It is often taken as a starting point of the basic information that is available to managers, and from this basis, assesses progress over time. Performance measurement is to define the contributions of the project to economic and social development of a community; we must establish in advance the development indexes of these communities. For example, it may be the number of jobs created or increased participation in activities. The Earned Value Analysis and earned value (sometimes referred to as earned value method or labor value analysis) is a tool for project monitoring. It is used to assess progress of projects. Here, the current date and cost situation is described by numbers. The key values are planned value, actual costs, and output value (earned value). By tracking the figures one is trend analysis possible. Earned value is management methodology for integrating scope, schedule and resources, and to measure performance and project progress in an objective manner. The yield was measured by determining the budgeted cost of work performed and compared with the actual cost of work performed (i.e., the actual cost). Progress is measured by comparing the earned value and planned value. Actual Cost (AC) is the actual cost of work conducted at the time of analysis. Confusion is often present on actual cost and earned value, also with percentage achieved with earned

RISK ASSESMENT value. For ease of understanding is important to remember that the EVM is based on the initial budget.

10

Cost Performance Index (CPI) is the earned value cost or quantity/ cost or amount at the current date. Measure of the value of work as a percentage of actual costs, the CPI indicates if your expenses exceed the budget to date. You can set performance thresholds for CPI values obtained to determine whether corrective action is necessary. It measures the value of the work done against the actual costs. A value greater than 1 indicates a cost savings in the project, on the other hand has a value less than 1 that the project develops more expensive than planned. The ratio of EV and AC is formed: Cost (CPI) = Estimated Value (EV) / Actual Cost (AC) Power value is the key figure in this model for monitoring project progress and associated costs. A risk assessment metrics is a simple way of ranking different potential projects in terms of their potential benefit and the likely risks or costs in implementing them. Some projects may be very attractive in terms of the potential benefits that they offer but have serious implementation difficulties (Hilson, 2002). Others may be low value in impact terms but be easy to implement tomorrow. Ideally firms will want to choose a balanced portfolio of short- and long-term, low- and high-risk projects. The metric selected for the risk assessment of Xemba Translations consist of name of Risk, description of risk, impact, likelihood of occurrence, degree of impact, initial action to take if event occurs, team member responsible, and strategies for prevention and mitigation.

RISK ASSESMENT Justification of Metrics

11

Before proceeding with the metrics that has been defined for risk assessment it is crucial to first understand how it would be implemented and examine the possible consequences. As this metric is a step-by-step approach and targets all aspects of risk assessment and management of project it will prove to be an effective way of analyzing project and uncertainties that are associated to it. The Earned value analysis would be appropriate for this project because it combines cost, schedule, and scope of the project in a single system. Due to this integration, it is capable of providing an accurate forecast of the problems of project performance. This is an essential requirement of project management. The implementation of earned value analysis for major projects includes features such as schedule performance, and cost performance forecast. The actual cost is an important aspect of project management. Without the actual cost, project managers would not know the current performance and the benchmark achieved. Budgets are also made after analyzing the actual cost. Therefore, for this project, the actual cost is a very significant component. CPI helps managers determine the ratio of the budget consumed so far during the implementation phase. A CPI greater than 1 signifies that the earned value is less than the actual cost. This means that the budget has been saved. 1. These metrics would be appropriate to use for this project because project diagnostic metrics provide current data on project plan execution. These metrics are based on status collection and are used for plan variance analysis, and performance reporting. The key to using this metrics is the use of measurements of earned value management. This will give Xemba Translations the opportunity to define a set of measures that can give accurate picture of where the project stands

RISK ASSESMENT according to the data received from the projects processes. This also marries nicely with the critical path methodology that Xemba Translations has used during its planning and work breakdown structure process. By using these forms of metrics it not only gives Xemba

12

Translations more flexibility to view how the project is currently being assessed, it also takes the most advantage of the numbers Xemba Translations is currently producing in their status reports. These numbers assessed currently will be compared against the planned value to create the comparative metrics. The schedule variance, schedule performance, cost variance, and cost performance will be assessed to address where the project currently stands according to schedule and cost. The most important reason why these metrics will work best for this project is the ability to make better informed decisions because of the comparative data thus minimizing risk to the project.

Current Status of the Project The comparative data reveals the important information that project managers need to make the informed decisions about the project. The Xemba Translations projects current status based on these metrics are as follows: -The project is currently over budget -The project is currently over hours -The project is slightly ahead of schedule by two days By analyzing the cost variance by taking the earned value minus the actual value, the project can be evaluated as a negative number means the actual is greater than the earned value. This analysis has noted that the cost and the hours has returned negative numbers indicating that these two items have exceeded the earned value. While these numbers have exceeded the earned

RISK ASSESMENT

13

value the tasks have equaled zero indicating that currently the project is on task, while the days is actually a positive two indicating that we have earned more days that was planned to this point in the project. While this project is ahead of schedule, it is not far enough ahead of schedule to justify the reason why it is so far over budget and hours. The number of tasks to be completed is still the same as scheduled at this point in the project. These metrics are highlighting two items that could possibly lead to some changes and mandates to the project and this junction in the project. As the number of hours and cost are over the planned value it could be deduced that workers are putting in significant overtime to complete the tasks assigned. If these numbers would have not be analyzed until the completion of the project this could have gone unnoticed, again proving why these diagnostics help make informed decisions to mitigate risk and keep project on its planned, budgeted course.

Implementation This same plan doubles as solution for the issue of being over hours as well. As being over hours has more than likely also caused the inflation in the budget, it is recommended that limiting the number of overtime hours worked will help mitigate both issues. It is also recommended that a weekly status meeting with the workers be set up. Information is power, and when the workforce feels that they are the key to why the project is being completed it will help them refocus their efforts within the given work hours. Information is also power to workers and having that line of communication and information open to project managers will better facilitate teamwork within the project group. What also needs to be brought to the attention of the project team during these weekly meetings, is that more hours worked does not always mean that the project will end sooner than scheduled. All that overtime work does not always mean the work

RISK ASSESMENT

14

put in equals completion of tasks either. As the metrics demonstrate in this case, that even though many hours where put in Xemba Translations are not statistically equal ahead of schedule on task completion. All these hours worked can also lead to a tired workforce that could lose focus on tasks and constant bitterness of working hours. Again the key to mitigate this risk is to set a limit of overtime hours and have a weekly status meeting with the workers to inform workers of the current progress of the project. If this project team is not a motivated workforce, it could slow progress, not to mention, could easily cause a decline in quality of the project that is being completed.

Problems that could affect the Project Three problems that have currently been identified based on the metrics are: One: Over budget Will run out of money before project completes if continued on this same path. Two: Over hours It is possible that because the project is slightly ahead of schedule and too many hours worked, thus budget is over as well, that too much overtime is allowed for this project. Three: Quality Because too many hours and too much overtime is being allowed that project members may lose out on putting QUALITY time into the project. Being overworked is a sure way to lose focus and lose the will to deliver a quality product. These three problems could affect project implementation and post-project success by one, running out of money. If the project manager does not find a way to cut back on spending this project could run out of funds before its completion. This could cause either one a hold on the project, or it could cause the project to continue to run far over budget and the project

RISK ASSESMENT sponsor that was once behind the project could end up regretting beginning this project, and

15

could never sponsor another project again. This is a serious post project success loss. By linking this project to the reason why more projects would not be implemented, this project could be infamous. Two, by giving more hours to project members it can be good for keeping the project on schedule and the pocketbooks of those that have been working overtime, yet this has had a significant impact on going over the budget. By going over budget the an impact on post project success can be viewed in a negative light because those who have worked many hours of overtime for the project just to get the project completed earlier by two days could feel regret for working so many hours. This could cause those who worked on this project to not want to work on another project because of the long hours. The workers could feel that the project planners did not take planning serious enough to thoroughly gage how many hours it would actually take, thus causing the workers to distrust the project manager and their ability to plan a project for success. Thirdly, this overworked project team could lose focus on delivering a quality project because they are too focused on delivering the project on time. This will impact implementation as quality drops, there could be consequences such that project management could halt the work of the regular project to do a training specifically targeted to maintain quality. By taking this break from work to refocus efforts on quality, it could not only hurt the schedule as the team could fall behind, yet also adding more hours to the overworked work force as is. These workers could also become jaded with project management, because they are on such a tight schedule to complete all their tasks yet are reminded to take the time to get the quality up to standards as well. Current implementation and post project success are damaged by these three problems.

RISK ASSESMENT Task 3 Mitigation of Problems Although there is no way to completely eliminate problems, they can be reduced. A

16

reduction in the effect of the problem can lead to significant improvements in the project during implementation as well as post-implementation. The primary issue surrounding such projects is cost overruns. This can be reduced by working on strict deadlines and working on an effective strategy to procure the requirements in advance in order to hedge against fluctuations in prices. Project risks always exist even after it is successful. They may be internal or external. Internal risks can be almost avoided but external risks can never be avoided but their effects can be reduced. To mitigate the first problem of being over budget it is recommended that a limit be set for total hours to work for each pay period. This does not mean a simple memo be sent out stating that if you work over 40 hours a week you will be written up, it means that a standard for the project be set that quality time be spent on the project. This means that hours worked on this project are precious. Members engaged in the project are to remained focused on the task at hand to deliver quality and maximize work to complete the project time yet not be forced to work overtime to reach the completion goals. It is also recommended that the project would incentivize the bonus at the completion of the project. If the project can remain within budgeted man hours at completion there will be a percentage bonus for achieving this accomplishment. This can help refocus staff that enjoyed the overtime pay, that could have been milking the clock simply for more hours.

RISK ASSESMENT Recommendations As the metrics demonstrated, these many hours put into the project, does not translate

17

into finishing the project earlier than scheduled. Many hours worked also does not always mean that the quality is going to improve simply because more time is being allocated to the project either. These metrics were designed to display how the project is progressing, what it does not show is the possible lack in quality the project may be lacking at this point in time. As more hours get logged into the project, and overtime kicks in, overworked project members could be simply going through the motions with no eye on the quality aspect. It would be important to discuss the current quality at the weekly meeting with the team members to express that Xemba Translations is still delivering a product with this project and not just hours. The mantra that should be put out to all team members is QUALITY WORK NOT JUST WORK should be put into this project. It is also recommended that there be a quality control team established that should assess the work every month of the project to ensure that moving forward with the project does not mean moving backward with the quality. This will let the employees know that Xemba Translations is not only committed to finish this project, yet finish this project with quality and cares about the work this project will produce.

Executive Summary Increased benefits associated with telecommuting have resulted in an increase in companies being relied on it to avail these advantages, however there are also uncertainties and risk associated with it that should not be ignored and should be analyzed to examine the consequences that may arise which should be overcome immediately before it becomes a problem for management and company. Today, organizations are more dependent on their

RISK ASSESMENT

18

networks and pro- problem affecting them, however small, can compromise the continuity of the operations rations, a situation that inevitably leads in economic loss, and delay in operations and crisis of confidence on the part of users. Added to this is the absence of an adequate security policy networks. This is a problem that is present underestimated in most of the cases in the world just because the flaws that internal level occur, especially considering that the complexity of the network is difficult for detection and correction of multiple and various security problems that are being detected. This problem is not underestimated in this case. This assignment provides complete assessment and identification of threats or risks for its IT project to provide service to its increasing number of customers. It also includes other serious threats which may ruin the complete process of project if ignored. The assessment metrics present in this case study of Xemba Translations is based on the eight elements whose details are present in the assignment and each selected risk is analyzed or assessed on the basis of this assessment metrics. The metrices also determined the three major problems that could severily effect this project and its post project success. This include the problem of leakage of confedential informations from the companys database. It may include key employee informations, bank accounts of the company as well as its employees and directors. Moreover, the critical information regarding this i.e. the strategies that would make this project a success could be leakesd and could cause the company its market position if another company comes up with the same project in a shorter time frame. Furthermore, the metrices also identified a second problem i.e. the loss of important data which is critical for any organization to run successfully like appraisal records, salary records, information about pending litigations or customer informations. This problem could lead the organization into serious threat since the loss of any such data can lead to serious statutory issues for the company. Moreover, there is also a problem of losing data

RISK ASSESMENT while it is under process due to low network security in employees homes, power or computer hardware failures which will result in time consuming efforts to either regain the lost data or to

19

do the work all over again causing the company serious issues with respect to time and deadline management. In order to mitigate risks and problems that have been identified in this report it is vital that the Xembas management come up with plans and strategies to control the risks that are controllable and mitigate the ones that are not controllable but can be avoided. The problems discussed in this report with respect to the said project are pretty much controllable. The first problem i.e. the loss or theft of confedential data or information from the companys information system can be controlled by increasing the network security by installing anti theft applications in the companys information system, so as to reduce unwanted intruders from getting access to companys information system.Secondly, the loss of important informational data from the companys information system coan also be controlled by the above process. Moreover, this risks cans be further mitigated by giving authorization to access such information to only a limited number of employees in the company by means of a password or id that can be given to only a few employees. The third problem is the loss of incomplete data or information sue to various issues that the users working from home may encounter. This is one of the problem that is less likely to be controlled however, it can be mitigated by training the user working from home and giving them tips to minimize the risk of any such loss. Moreover, these users can be remotely connected to a server where a copy of their work can be automatically save on the companys server, so that in case of any such issue arisisng the company can retrieve their data as quickly as they can from their servers.

RISK ASSESMENT

20

Today, the most successful companies have fully understood, absorbed, and learnt how to best limit their risks. Rather than simply through these major changes, they take advantage and raises even sometimes to create new potentials. This assignment is also based on the risk assessment according to the current scenario of Xemba Translation Company. This resilience is a real lever for growth and sustainable profitability.

RISK ASSESMENT References

21

Abdou A., Alzarooni S., Lewis J. (2005), Risk identification and rating for public health care projects in the United Arab Emirates, Proceeding of the Queensland University of Technology Research Week International Conference, Brisbane, Australia. Chapman C., Ward S. (2003), Project Risk management: Processes, Techniques and Insights, 2nd Edition, England, John Wiley & Sons. Cooper D. F., Grey S., Raymond G., Walker P. (2005), Project Risk Management Guidelines, John Wiley & Sons, Ltd. Ghosh S., Jintanapakanont J. (2004), Identifying and Assessing the Critical Risk Factors in an Gray, Clifford, Larson E. (2005), Project Management: The Complete Guide for Every Manager, McGraw Hill Publishing Company, Edition 2nd. Henselwood, Fred, Phillips, Grey (2006), A Metrics-based Risk Assessment Approach for Addressing Linear Hazards such as Pipelines, Journal of Loss Prevention in the Process Industries 19, 433-441. Hillson, David (2002), The Risk Breakdown Structure (RBS) as an Aid to Effective Risk Management, Proceedings of the Fifth European Project Management Conference, France. Lyons T., Skitmore M. (2004), Project Risk Management in Queensland Engineering Construction Industry: A Survey, International Journal of Project Management 22, 5161. Miller R., Lessard D. (2001), Understanding and Managing Risks in Large Engineering Projects, International Journal of Project Management 19(8), 437-443.

RISK ASSESMENT

22

Nielsen K.R. (2006), Risk Management: Lessons from Six Continents, Journal of Management in Engineering 22(2), 61-67. Rosenburg L., Hammer T., Gallo A. (1999), Continuous risk management at NASA, Proceeding of Quality Week Conference, San Francisco, California. Shen G., Feng J., Xu K. (2008), Identification of Essential Risk Factors in Software Projects by using an Information Content based Reasoning Approach, Computing and Information Systems Journal 12(2), 29-36. Underground Rail Project in Thailand: a Factor Analysis Approach, International Journal of Project Management 22(8), 633-643. Wang J.X., Roush M.L. (2000), What Every Engineer Should Know About Risk Engineering and Management, Marcel Dekker Inc.

RISK ASSESMENT Appendix The Risk Metrics Analysis Risks Security Risk (1) S B B N N

23

Likelihood of occurrence Almost certain (A) Likely (B) Possible (C) Unlikely (D) Rare (E)

Delay Risk (2) B B M N S

Risk of Integration (3) B N N L S

Technical Risk (4) N N S S M

Commercial Risk (5) N S L M M

Degree and likelihood of Occurrence Degree of impact Severe Major (1) (2) S B B B N N B M N S

Likelihood of occurrence Almost certain (A) Likely (B) Possible (C) Unlikely (D) Rare (E)

Average (3) B N N L S

Small (4) N N S S M

Negligible (5) N S L M M

Symbols, their Full form and the Strategies Symbol Full Form S Severe risk B N L Big risk Normal risk Small risk Strategies for prevention and mitigation instant action is necessary; this sort of risk requires comprehensive study and planning by higher management. Required an Action plan soon as practicable by higher management. Required an Action plan by Department/ Area Manager. Handled by everyday procedures and workers under supervision.

RISK ASSESMENT M Minor risk Unlikely to need specific application of resources.

24

The letters and numbers related to the principle for Consequences and Likelihood replicate accuracy in the rating. For e.g. a risk rating may be B but does that represent the facts like: likely or major or possible and severe or likely and severe etc. We can just use it as the reason behind the rating of risk and its priority. It also recognizes that there are a few versions of the same rating just with different criteria being assessed.

Risk and its outcomes Safety risk The risk of leakage of confidential information The risk of loss or inaccessibility of important data The risk of incomplete or distorted information The risk of unauthorized use of hidden information resources (for example, creating a botnet) The risk of spread in the environment of information that threatens the reputation of the organization Possible outcomes Risk rating

Results in the hacking of bank accounts and serious threat to S organization Loss of some crucial files, such as employees records and S organization facts and figures Data loss B Privacy concern of organization and employees Damage to the market L