Project Risk Management
Risk management is one of the most important aspects that any project developer requires to understand fully. Development of projects without the establishment of effective risk management programs is a possible means to the failure of that project. In order to avoid such outcomes, project developers make the effort of establishing a solid and highly effective risk management program to help in making sure that the project does not in any instance fail to succeed. Risk management programs are mainly established with reference to the project and its nature. In order to ensure that most of the risks the project face are mitigated, project developers evaluate the stages of project development and then assess possible risks that may present in those situations. In this paper, a project will be explained, which will be used to create a risk management plan (Gregory, 2007).
Software development is currently one of the most significant activity that many companies are considering venturing into, mostly because people have attained a significant interest in having most of their activities and daily operations automated. Software products help people manage to carry out a wide variety of tasks and activities in an effectively appropriate way. Intridea is one of the largest software development companies, which venture in providing people and other clients with software products that they feel they need. The organization has a large network of develop engineers, who provide the service of developing the software products that clients of the organization order. The process of developing any software is considered a project by the organization, since it requires following all the strict policy stages that the organization has established in order to complete. The organization aims to complete every software development process successfully and thus the need to ensure that all important steps to address risks is essential.
Intridea develops a large number of software products for many clients. One of the most recent projects that the organization is currently involving in is the development of a trading software to implement a trading strategy from a client. The trading strategy that the client requires implemented is the use of three indicators to determine trend, and then using hedging to avoid loss in any trade that might be against the traded trend. Such a project is considered to be significantly important, since the client has a high stake to loose in case it is developed with flaws. Trading software products are developed in a similar manner to all other software products. A major difference is the fact that these software products are directly used to trade real money in a trading platforms and thus the need to ensure that they are developed to operate in a flawless manner is extremely important. A large number of risks can also occur at any stage of development and thus there is a need to ensure that a risk mitigation program is implemented (Young, 2006).
The main objective of this project is to ensure that the trading software is developed completely and that it meets all the expectations of the client who ordered it. Ensuring that the process of development is successful and that all the intended operations and capabilities of the software are implemented in its development would help in ensuring that the product is developed successfully. The other major development objective for this project is ensuring that the process of development does not exceed the intended budget. The budget constraint is a significantly important aspect for any project. In the case of this project, for example, there is the agreed upon amount that the client was charged for the software product. From this amount, the project development process should be covered and the profit that the organization gains from this project. Since the agreed upon amount between the organization and the client is fixed, when the budget exceeds the earlier intended upon amount, the profits that the organization gains from the project decrease. To avoid this decrease, therefore, it is a major objective for the project to complete within the initially intended budget constraint (Lewis, 2007).
Another important objective of the project is to ensure that it is developed within the provided time limit, by the client. A trading software is a money managing and developing tool. With this regard, the client that spends a large amount of money for its development is likely to be eager to have the fully completed product within the shortest time period possible. Exceeding the provided and agreed upon time deadline could thus be the reason for such a customer to consider the services of another organization next time. In order to guarantee customer satisfaction, therefore, it is essentially important to ensure that this objective is met.
External dependencies are the specific external factors or input that the project requires in order to be successful. For this project, significant trading knowledge is essential, in order to ensure that the product works exactly in the same way that the client requires. One of the main external dependency in this case is thus the client, who would require to answer any form of trading technicalities that may be required in the development process. This is because in some occasions, a software developer may require guidance on the aspects of operation regarding hos the software is required to address certain issues. The development team can also seek information and guidance from another third party individual who is highly skilled in treading activity. These two individuals would thus be the external dependencies of the project (Jackson, 2006).
For this project, stakeholders include the organization in general, the project developers and the client who ordered the development of the software product. The organization is a major stakeholder in this project. The developers of the product are employees to the organization. The successful completion of the project is however considered an achievement to the developer’s team of the organization and thus it is in their best interest to ensure that the project completes as a success. This group of stakeholders also play a major role in ensuring that the project completely meets its objectives and that the client who ordered for it is fully satisfied with their work in developing it. The client is the main stakeholder of this project. He or she plays a major role in determining whether the project was successfully completed or it is considered a fail. A successful project is the kind of a project that the client considers successful and effective in carrying out all its intended functions and purpose.
All projects have a number of project tasks that requires to be completed by the project developers in order to ensure that it completes successfully. Project tasks make the project easy to complete for a group of people and it also makes team work possible for the developers. For this task, the main tasks which requires to be completed by the project stakeholders include; evaluating the scope of the project and capabilities of the software intended for development, selecting a team that is capable to effectively develop the intended project, drafting a sufficient budget, delegation of the development task and the development of the project. All the other tasks fall under these major categories. Completion of all the project tasks in a successful way is thus the completion of the project successfully (Barkley, 2004).
Risk Management Plan Scope and Identification
The project’s potential risks
The project is in software development and most of the time software development undertakings come with various challenges. The challenges might overlap or might stand out as single issues. It is proper that potential risks are identified early so that mitigation can be initiated. The potential risk areas for software development include integration challenges, software failure, and security challenges. In the following paragraphs, I have indicated several risk areas that might affect the trading software development, the rollout process and the client interaction with the software.
The organization risks developing trading software that will become obsolete in a short time span. This is because of the fast growth of technology. Advancement of technology is accompanied by upgrades and advanced techniques of developing advanced software. The organization also risks developing inferior software compared to market levels. This again is because of advancement of technology. Normally in software development, there are several steps and phases that are merged in order to develop proper working software and at times a phase or step is missed. It might go unnoticed but has the potential to have ripple effects in the future. The organization is at risk of missing a step in development and as a result is also at risk of the software failing.
Due to the direct involvement of money to the software the organization is at risk from hacking. Since there is no restriction on the trading market the organization is at risk of similar software from its competitors. The project is under a constraint budget and the budget constraint might require developers to do away or skip processes that might risk the quality of software. Other than budget constraints the trading software is also under a time constraint. The time constraints might also risk the project quality; the project is at risk of not meeting the client’s expectations.
Failure to meet client’s time expectations exposes the organization; the client might consider other organizations for the development and future developments. There is external overdependence and this brings to light the risk of leaked trade skills and strategy; risk of trade secrets. Every organization is at risk of employee turnover. Turnovers have the potential to affect the project development.
Due to the high stakes involved, the organization’s development team is at risk of gold plating in order to win the affection and business of the client. The gold plating is likely to cause a budget exceed. All software developments have many procedures and more often than not the risk of flaunting the procedures or failing to follow the procedure is quite high. There is also the probability of unavoidable risks such as government restrictions on software more so those involved in cash transactions. There is also the risk that the project might not live up to its expectations as far as productivity is concerned.
There are also positive risks that the organization is likely to face. Due to the high stakes involved, precision and effectiveness are encouraged and this exposes the organization to the risks of high-profit gains, production of superior software which might lead to the growth of customer base. Positive risks that the organization is also likely to face include expertise growth due to external overreliance, the risk learning from their failures and they also risk growing the organization.
Techniques used in risk identification
In order to identify the risks I employed the use of several techniques and they included; SWOT analysis, decision trees, assumption analysis and reviewing of related project’s documentation. The SWOT analysis helped in the identification of both internal and external risks as far as the rollout of the software and client uptake was concerned (Seth, 2015). The decision tree helped in identifying future risks since it is effective for analyzing many options or alternatives. The assumption analysis was also useful in determining possible future risks. The reviewing of already developed related project’s documentation was particularly helpful as it provided insight on possible risks factoring all areas i.e. internal risk factors, external risk factors, future potential risks, development risks, clients’ reaction and uptake risks.
Stakeholders of the risk identification process
For any risk identification, various people or groups must be involved depending on the project type and these people or groups can be referred to as risk stakeholders. Risk stakeholders can include people who might be affected or perceive to be affected should a risk come to be. The people involved in the identification of the risks included; the employees of the organization, the developers of the software and the client (In Bérard & In Teyssier, 2017).
The developers were crucial in identifying potential risks considering that they have developed prior software and hence could come up with a list of general risks that affect software. The client also played a role in the identification of risks since they gave information on potential challenges that may affect their activities such as fraud and hacks since they needed software that handled money transactions. Employees of the organization helped in brainstorming more so in the assumption analysis (Virine & Trumper, 2017). This ensured that almost all potential risks were identified.
Qualitative and quantitative risk analysis table
Developers exiting from the organization
Risk of developing an obsolete software
Risk of developing an inferior software
Risk of missing a step in development
Risk of similar software from competitors
Risk of Failure to meet all expectations of client
Risk of surpassing the budget
Risk of surpassing the time limit
Risk of exposure of trade secrets
Risk of gold plating
Risk of not adhering to procedures
Risk of producing superior software
Risk of organization growing due to large customer growth
Risk of fraud and hacking from hackers
Risk of surpassing client’s demands
Risk of losing clients to competitors
Risk of interference of the development process by client
Risk of Compromise on quality of final product
Risk of growing the organization’s profit gain
Risk Response Planning
Risks can come as either a weakness, threat or an opportunity to the organization. Therefore a company needs to perform a thorough access to risks that are prone to affect it. According to Kendrick, (2015), the management should ensure that all the risks are addressed appropriately depending on their ranking and probability. There are various responses to different risks depending on their type. In various cases organizations need to develop a mitigation plan in cases where risks are anticipated.
For the risk response plan and the risks mentioned, below are the responses that the organization should consider adopting. First, the risk of developer exiting from the organization can be mitigated in order to minimize the chances of it occurring in the company. The company should develop a mitigation plan to handle given a scenario. For example, the developer should train one of the staff members who are experts in the field such that in case of a developer leaving they should fit into their position with ease.
Secondly, the risks of developing obsolete or inferior software can be handled by avoiding. The risk can be avoided by the company hiring competent IT experts. Competent IT expert will stay up to date as well as constantly updating the software which will, in turn, avoid the risk of developing obsolete software. The company should respond to the risk of missing a step in the development by reducing the risk. During the planning, the company develops a clear plan with the help of competent IT experts that will take into consideration every step of the development.
The risk of similar software from competitors can be mitigated by innovation by the company software engineers. The engineers should always improve and develop competent innovations that will help in mitigating the risk of competition from other developers. The risk to meet all the expectations of the client can be reduced. The risk might be inevitable however an explicit analysis of the customers’ needs and expectations should be conducted. In this case, the developer will make software that should meet the customers’ needs and requirements.
The risk of surpassing the budget as well as the time limit can be reduced. This can be reduced by coming up with a well-planned budget as well as sticking to the plan in order to minimize miscellaneous spending. The budget will ensure that the funds are used only for the required purpose and therefore minimize mismanagement. The risk of exposure of state secrets can be addressed through avoidance. The risk can be avoided by entrusting only a few personnel with the secrets. Additionally, the secrets could be kept in a secure place and protected by codes or encryption. In this case, only the authorized individuals will be able to access the information.
The company can address the risk of gold plating by reducing the chances of it occurring. This can by accessing the customers’ needs and requirement. This will help in that when enhancing the software or services it will be the enhancement that will be accepted by the clients hence minimizing the risk of gold plating. Risk of not adhering to procedures can be reduced by hiring and training staff members on the importance of company procedures. In this case, the members who do not adhere to the procedure will be held accountable for the errors that may occur.
The organization growing due to customers’ growth and the risk of surpassing the clients’ demands should be exploited. This can be done by the company ensuring that all the services provided meet or exceed the customers’ expectations and needs. The company should take advantage of the situation and increase their production and service delivery. This can also be done by regularly improving their service delivery and products in order to maintain the clients as well as attracting some more. This will boost the company’s profit margins and enable it to efficiently achieve its set goals.
The risk of developing superior software should be enhanced. The enhancement will increase the chances of the company developing another software hence customer satisfaction which will in turn help in the growth of the company. This will be beneficial in the company’s strategy in that it will bolster its development and thus the achievement of its visions, goals, and objectives (Kim, 2010). The risk of fraud and hacking from hackers can be mitigated by putting in place firmware that would help in preventing hacking and fraud. Additionally, It experts from the company should supervise and monitor cyber security on regular basis.
Supervision and monitoring will help in a case where suspicion is detected the IT experts will respond accordingly. The risk of losing clients to competitors can be a huge threat to the company. Therefore the company should mitigate the risk by improving its services as well as improving their customer service. Risk of interference of the development process by the client can be avoided by providing only the products or services that meet the needs of the clients and being open t clients only after the development is completed.
Risk of Compromise on quality of the final product can be reduced. The project should be developed sticking to the plan, budget and ensuring that it is delivered on time. When a project is completed with the right procedures and measures, there is a minimal chance of the final product getting compromised. Risk of growing the organization’s profit gain should be shared. In this case, as noted by Kang, & Kim (2016), the company should consider sharing the opportunity with partners and suppliers in order to minimize the resources and increase the profit margins which in turn help boost the company’s growth.
Risk breakdown structure
In order to adequately understand and curb as well as minimize the risks from occurring, there is a need for a risk breakdown structure. A risk breakdown structure will help in providing an insight as well as the intensity of the risk.
· Scope Definition
· Requirements Definition
· Technical processes
· Project Management
· Health and Safety
Monitoring and Controlling Risks
For the risks identified, it will be important to develop a responsibility plan, which simply means the plans to mitigate the risks that have been identified in the project. According to Teddy (2015), one of the mechanism of risk responsibility plan in this project will be complete avoidance of the risk whereby there will be need to develop an alternative plan with a higher chance of success even when there is a higher cost but help in accomplishing the goals of the project. Owing to the fact that one of the potential risks identified is software failure because all the processes are procedures of the project are being conducted on a software. This risk can only be managed by avoidance in such a way that there is need to use high technology when developing the project. In this regard, there is need to use highly reliable software that does not break down easily and this must be bought at a trustable source whereby there cannot be a compromise or being given a duplicate of the real thing.
When a secure software is installed, it will be reliable for the project and thus the risk of software failure will be avoided completely throughout the project. The other risk identified is the security challenge or the risk of data breach by unauthorized persons. This type of risk can also be avoided by encrypting the data in the software such that it becomes hard for unpermitted parties to get access and leak the information before the completion of the project. This is best done by increasing the authentication steps when accessing the files to make it harder for intruders. This technique will be applicable to most risks identified but there are risks that will need to be accepted in the project like the gold plating.
However, such a risk needs to be reduced so that its impact does not cause severe harm to the project by specifying the procedures of the project and simplifying them so that there are no budget exceeds (Teddy, 2015). Additionally, there is a risk of leaked trade skills strategy of the project due to employee turnover. The best way to curb this risk is by making sure that there is a very low employee turnout and only those employees of the inner circle have to know the trade skills of the project and they must be retained within the organization.
Management of the risk plan and risk responses
Having noted all the risks that are likely to face the project, it is important to formulate a mechanism that can aid in the management of the risks. This includes making sure that all the employees that get access to the information of the project are authorized and this number should be minimized so that any form of data breaching is reduced or avoided completely (Patterson, 2017). There is also need to convince the investors and sponsors of the project about the significance of purchasing a durable and high quality software and hardware where the project materials can be stored. This will be significant in our project because the risk of software breakage or failure to function will have been avoided completely and thus the project will move on smoothly. There is also need to convince the management to reduce the employee turnover. This is because the employee turnover is very risky for our project as some employees might get furious and leak out the project skills and information to our competitors meaning it will be less effective than initially expected.
Additionally, there is need to assemble all the team members of the project and educate them about all the potential risks that are likely to face the project in the due course. This will be a great move because the employees will be working while cautious of any form of risk that might take place and thus reducing the likelihood of the risks occurring except the unavoidable risks. For the risks that cannot be avoided, the project team members will be taught on the immediate response plan that will be important in helping reducing the severity of the risk that would have already occurred (Patterson, 2017). For instance, when it happens that the system has been hacked where there was involvement of monetary transactions, it will be very important to have a quick response team that closes down the software for a while to avoid further hacking while at the same time conducting an immediate investigation on the subject. All these plans are meant to be effective in ensuring that at least the risk is avoided completely or if it occurs, the level of effect it causes on the project is minimized completely.
Contingency budget for the risk responses selected
In this case, the risk selected is the software failure or malfunctioning. This is likely to cause a severe harm to the project or even make us re-start again when it fails and all information is inside. Therefore, purchasing a well standardized software needs a lot of cash and this has to be obtained from the investors. This money should include the actual purchase and installation charges whereby an expert will aid in installation of the software in the hardware computers. This will be a cost that the organization must be prepared for so that the entire project is secure.
However, it should be noted that the software cannot just be installed in outdated or old computers. It needs new computers and computer systems that are current, faster and secure. If none of this exists in the organization, then there will be a need to buy new computers so that every step of the project is kept safe. This budge can cause around 1000 us dollars for everything to be properly fixed and done on time so that the project also commences on time without delays. There is need for a fee to the person who will constantly check the software to see its vulnerability to attack or any form of failure so that the security of the project is assured.
Kang, H. W., & Kim, Y. S. (2016). Analysis of the probabilistic cost variation ranges according to the effect of core quantitative risk factors for an overseas plant project: Focused on a Middle East gas plant project. KSCE Journal of Civil Engineering, 20(2), 509-518.
Kendrick, T. (2015). Identifying and managing project risk: essential tools for failure-proofing your project. AMACOM Div American Mgmt Assn.
Kim, Y. S. (2010). A study on the costs variation range through the risk factors for overseas plant projects. Journal of The Architectural Institute of Korea, 26(7), 139-147.
In Bérard, C., & In Teyssier, C. (2017). Risk management: Lever for SME development and stakeholder value creation.
Población, G. F. J. (2017). Financial Risk Management: Identification, Measurement and Management.
Seth, C. (2015). Swot analysis. Namur: 50minutes.
Virine, L., & Trumper, M. (2017). Project risk analysis made ridiculously simple.
Barkley, B. (2004). Project risk management. New York: McGraw-Hill.
Jackson, P. (2006). Nonprofit risk management and contingency planning : done in a day strategies. Hoboken, N.J: Wiley.
Lewis, J. (2007). Fundamentals of project management. New York: American Management Association.
Gregory, G. (2007). Project management. Oxford: Pergamon Flexible Learning.
Young, T. (2006). Successful project management. London Philadelphia: Kogan Page Ltd
Teddy. W., (2015), Managing Successful Projects with PRINCE2, London: TSO. Latest edition Managing Successful Projects with PRINCE2: 2009 Edition
Patterson S.(2017). Practice standard for project risk management. Newtown Square, PA: