Beruflich Dokumente
Kultur Dokumente
Management
John Cvetko CISSP, CISA
Principal Consultant
TEK Associates, LLC
Email cvet55@comcast.net
Phone 503 799 2242
Overview
Risk and Risk Frameworks
Perspectives of risk frameworks
Scenario
Step though a scenario that demonstrates the Risk
Management elements
2
Liability Tool
Identify and manage liabilities
Opportunity Tool
Identify areas of high risk that can lead companies to new
opportunities
Organization Tool
Understand how to organize and apply resources
A guide for maximizing results
Compliance Tool
Demonstrate compliance
Communications Tool
Communicate progress and risk positions to management and the
functional project teams
What is a Risk?
Different disciplines have different definitions (EPA,
Nuclear, Medical)
PMI Definition (PMBOK, Third Edition)
A risk is an uncertain event or condition, that if it occurs, has a
positive or negative effect on at least one project objective
Risk is Uncertainty
Enterprise-level
Division or subsidiary
Business unit processes
Subsidiary
Risk
Management
Planning
Risk
Identification
Risk
Assessment
Risk
Response
Planning
and Control
Risk
Monitoring
Risk
Management
Planning
Risk
Identification
Risk
Assessment
Risk
Response
Planning
and Control
Risk
Monitoring
Independent Review
Reporting structure
Risk Identification:
Understanding the Project Requirements
Collect actionable/quantifiable requirements
Business goals or requirements
Product or service functionality, schedule and budget
Service level or performance goals
Risk Identification
Known Risks
These are the obvious risks that jump out quickly at the
beginning of every project.
Unknown Risks
Are usually a result of inexperience in particular areas
Unknowable Risks
Are risks that cant be predicted even with the best
information and experience available.
10
Risk Identification
Risks can come from many different sources:
Products
Procedures
People
Project
Business environment
External
11
Brainstorming
Interviews/Questionnaires
Review of similar projects
Subject matter experts
External experienced consultants
Technical Standards
Program specific Best Practice Guides, e.g., IT= CoBit, ITIL,
ISO17799
GAP analysis, SWOT, Cause and Effect, Fault Tree, Hazard and
Operability (HAZOP), business impact analysis techniques
Prototyping
12
13
14
15
Risk Ranking
High
Impact
Exposure Medium
Low
Probability
High Medium Low
1
2
4
3
16
17
Strategy use
Multiple strategies can be used per risk event and strategies may
change with time
18
Communicate
Inform management and project team of the plan
19
20
21
22
Risk Scenario
S1
You work for the ACME car insurance company. ACME is a $1 billion
dollar public company that is implementing a new collection system to
enable customers to review their bills and take credit card and direct deposit
payments on-line. This system will replace an existing manual system that
requires 250 people to manage. The cost of this system is $20 million dollars
and is expected to save the company $26k dollars a day.
This software system is a commercial off the shelf (COTS) system with the
exception of the on-line (credit card and direct deposit) payment module.
The module is currently being developed by the software supplier. The
supplier is new to the world of on-line financial transactions.
Monday Morning
Team Meeting
Status
23
S2
24
S3
25
S4
7
6
5
4
3
2
1
0
Green
Yellow
Operations
Purchasing
Material
Control
Financial
Product
Support
Sales
Red
Engineering
# of Events in Category
By Functional Area
26
S5
Tuesday Afternoon
27
S6
Wednesday Afternoon
28
S7
Wednesday Afternoon
29
Risk
Management
Planning
Risk
Identification
Summar
y
Risk
Response
Planning
and Control
Communications
Organization
Opportunity identification
Liability and Compliance Management
30