Risk management consists of five steps: identification,
assessment, prioritization, mitigation, and communication. Risk identification
is done throughout the life of a project. Once risks are identified, each risk
is assessed with the objective of understanding its potential impact, how
likely it is to occur, and when it could materialize. The overall effect on
business value should also be estimated; if that impact is significant enough
to outweigh the business justification, a decision must be made whether to
continue the project.
To estimate the probability of a risks, various techniques
may be used, including Probability Trees, Pareto Analysis, and a Probability
and Impact Matrix. In addition to probability, risk assessment also evaluates
the potential net effect of risks on the project or organization. These effects
can be estimated using techniques such as Risk Models and Expected Monetary
Value.
Here is a video on risk assessment: http://www.scrumstudy.com/watch.asp?vid=604
Some of the recommended techniques that can be used to assess
risks are risk meetings, probability trees, Pareto analysis, probability impact
grid, and expected monetary value. Let us look at them using examples.
Risk meeting: risks could be easily prioritized by the
Product Owner by calling a meeting of the Scrum Core Team and optionally
inviting relevant Stakeholders to the meeting. The team could meet and
prioritize different risks based on their subjective assessment of the impact
of the risks on project objectives.
Probability trees: Potential events are represented in a
tree with a branch extended for each possible outcome of a risk event. The
probability of each possible outcome is indicated on the appropriate branch and
then multiplied by its assessed impact to get an expected value for each
outcome possibility. The outcome values are then summed together to calculate
the overall expected impact of a risk to a project (see Figure).
Pareto analysis: This technique of assessing risk involves
ranking risks by magnitude which helps the Scrum Team address the risks in the
order of their potential impact on the project. For example, in Figure 7-2,
Risk 1 has the highest impact and should preferably be addressed first.
Probability impact grid: Each risk is assessed for its
probability of occurrence and for its potential impact on project objectives.
Generally, a numerical rating is assigned for both probability and impact
independently. The two values are then multiplied to derive a risk severity
score (or PI value), which can be used to prioritize risks.
For example, the risk severity score for a risk with a
Probability of 50% and an Impact rating of .6 would be calculated as follows:
0.5(Probability) x 0.6(Impact) =
0.3
The rating schemes used are determined within the
organization or for the project. Often a decimal scale is used, from zero to
one, where a 0.5 probability rating would indicate 50% likelihood. Other
options include a scale of one to ten, or High (3), Medium (2), and Low (1).
The following diagram depicts the use of the decimal scale. Each risk is rated
on its probability of occurrence and impact on an objective scale.
The method of assigning probability and impact values to
risks varies depending on the project and number of risks being evaluated, as
well as existing organizational processes and procedures. However, by applying
the simple P x I formula, risk severity can be calculated on a numerical or
categorical scale.
Expected monetary value: The monetary value of the risk is
based on its Expected Monetary Value (EMV). EMV is calculated by multiplying
the monetary impact by the risk’s probability, as approximated by the customer.
Expected Monetary Value = Risk impact (in dollars) x Risk
probability (as percentage)
For example, a risk with an estimated negative impact of
$1,000 and a 50% probability of occurring would result in an EMV as follows:
EMV = $1,000 x 0.50 =
$500
No comments:
Post a Comment