Академический Документы
Профессиональный Документы
Культура Документы
Forrester Defines Risk as: A coordinated set of activities to not only manage the adverse impacts of IT on business operations, but to also realize the opportunities that IT brings to increase business value.
COSO defines Enterprise Risk Management as: Enterprise risk management provides a framework for management to effectively deal with uncertainty and associated risk and opportunity and thereby enhance its capacity to build value.
Info- Security
Network Security Data Security Physical access Security HR Process
Location
Business continuity Location risk Other environmental and security risks
Transition
Non- cooperative incumbent Inadequate documentation Non- availability of SMEs Delay in overall transition Handoff during transition Infrastructure issues
Steady State
Delay in Ticket Resolution Inadequate documentation Impact to service level Non- cooperative incumbent Non- availability of SMEs Infrastructure issues Reduced or no opportunity for reverse shadowing Country Risks
Sourcing Risk
Operational Risk
y y y y
Identification define the risks that are likely for the project Projection attempt to indicate the quantitative likelihood that a risk will occur Assessment evaluate accuracy of projections and prioritize risks Management & Monitoring move to avert those risks that are of concern and monitor all circumstances that may lead to risk
Risk Management
Team Inexperienced project leader, project team Project team members working part-time Multi-departmental project team High turnover Customer / User Client with low confidence in developer Users are threatened by application Users wont spend the time to define Multi-departmental users Client project rep is part-time
Risk Management
Business Issues Highly volatile business area Users unsure of their needs Users have little computer experience Very tight deadline has been demanded Application Complex problem or environment New business area Complex data environment New technology will be used Limited development environment Part of application to be subcontracted High dependency on others
Risk Management
Risk Projection
Establish a scale that reflects the perceived likelihood of the risk (probability is often used) Define the consequences of the risk Estimate the impact of the risk on the project and / or the product (usually on scale of 1 to 10) Note the overall accuracy of the estimates
Risk Management
The RMMM Plan Mitigation how do we avoid the risk? Monitoring What do we track to determine whether the risk is becoming more or less likely Management What contingency plan do we put into place should the risk become a reality?
Risk Management
Risk Management
Risk Management
Pure Development Projects Application Development & Maintenance Projects Production Support Project of Transition process of Outsourcing Etc.
Risk Management
Step 1
Identify & Categorize Risks across Pre Transition, Transition and Steady State phases Assign appropriate Probability and Impact Values
Step 2
Step 3
Step 4
Step 5
Determine mitigation plan from Syntels and Comericas perspectives for every identified Risk
Impact Grid
Grid High Medium Low Impact of Occurrence Above 7 7-5 Below 5
Value At Risk (Indicative) 8 Vendor and Client resources each will be part of transition. For each day delay due to connectivity issues 8 hrs. per Vendor resource and 4 hrs. per Client resource will be lost. Total hrs. per day for Vendor = 8*8 = 64. Total hrs. per day for Client = 8*4 = 32. Value at Risk (per day) = 0.6*7*(96*65)/10 = $2,620 (per day)
Key Risks
Inadequate Transition Planning Inadequate Resource Planning
Key Risks
Delays in Knowledge Acquisition due to loss of key personnel Non Availability of SME. Inadequate Knowledge Transfer
Time-tested IntelliTransfer process Shadowing & Reverse Shadowing Joint Walkthroughs and Reviews Syntel will publish dates for environment readiness and if task on critical path impact on schedule to be jointly assessed
Sign-Off to ensure all critical systems has been identified and verifies completeness of the operation Handbook
Key Risks
Resource Mobility
Link Failure
Risk
Mitigation
Client should assign a fulltime Project Manager to this project. Lack of project communication This PM will be responsible for coordinating all Client tasks and with other communicating frequently with the teams. Stakeholders should projects/departments, which in be identified up-front and should participate in weekly status turn delays dependant tasks. meetings. Decisions on Requirements finalization, interface mapping Client should allocate sufficient number of SMEs at high priority and communication protocol to the development teams queries. get delayed Service Provider Project Manager will assess the impact and provide impact analysis documents to Project Steering Changes to the Interfacing Committee. The cost and schedule will be revised as strategy or new business appropriate; Project Plan will be updated and submitted for requirements are uncovered approval. No work will be undertaken on the new scope or after the start of the project. requirements until both parties come to an agreement on the cost and schedule. Clients Infrastructure/middleware/development tools/versions and run-time environment change during the project life-cycle
Any changes should be communicated to Service provider promptly and a joint assessment will be made on the impact to project schedule. Only upon mutual agreement would the new tools or versions be implemented in the project.
Project Risks
Multiple dependencies exist between security tasks, interfaces built, data structure changes etc. These changes may result in impact to schedule
Strong coordination is required between all parties involved to ensure a successful implementation. Clients Project Manager will take a lead role in this activity. Service Provider Project Manager will keep track of the schedule impact due to any changes or failure due to dependencies, update project plan and schedule and submit to Clients Project Manager.
Service Provider Project Manager will publish the dates on Test/QA environments are not which these environments are required in the project plan. If this made available as per task gets in the critical path, Both Parties will assess the impact schedule. on the project schedule. Clients Subject Matter Experts are not available to provide inputs to Service Provider in a timely manner or to respond to Provider queries Service Provider Project Manager will bring this to the attention of the Clients Project Manager. If the Client Project Manager is unable to address this adequately, they will jointly escalate it to the Project Steering Committee, per the published escalation procedure. Strong project management, combined with proactive communication will enable clear understanding and set the right expectations for both parties.
Schedule Overrun
Project Risks