All projects involve a certain level of risk. Project risk is any uncertain event that may have a positive or negative effect on a project objective. Project Risk Management. therefore. involves understanding the possible problems that might occur during the project life cycle and how they will affect the success of the project. Signicant improvements in project outcomes result from effectively managing project risk. Organizations need to understand that Project Risk Management processes are an investment these processes cost money but can also yield benets. Sedona Management Group (SMG) typically associates different categories of risks with the infor- mation systems projects they pursue. The rst cate- gory includes risks a ssociated with the constant flux of technology in today's business environment. The team at SMG has mitigatedor reducedthis type of risk by constantly scanning for new technologies that will reduce development time. reduce the costs of maintenance. and stimulate the reuse of code in an efcient mannerfor new projects. The second cat- egory includes risks associated with locating. hiring. and retaining competent personnel. As mentioned in an earlier case. SMG strives to provide a work envi- ronment that has a fun organizational culture and that is also professionally and nancially rewarding. Providing such a work environment has been a criti- cal element in SM G's ability to hire and retain valued Chapter Case: Sedona Management Group and Managing Project Risk employees and in its success in todayfs high-tech- nology business environment. The third category involves risks associated with the users acceptance of the system. The Sedona team mitigates this type of risk by keeping the customer constantly involved throughout the life cycle of the project. Consequently. SM G's customers know what to expect. and there are no surprises. Risk occurs at every stage of the project life cycle. In the initiation phase. risk occurs in the project selection process. In any company, the selection of the wrong project. whether in terms of profitability or complexity, may harm the company. In the case of SMG's commercial website development business. the result might be that the company could no longer sustain itself. As a result, SMG employs a detailed process for selecting projects, and as mentioned earlier. projects that don't meet SMG's criteria are rejected. In the planning stage. other types of risks may be encountered. Tim Turnpaugh recognizes that the probability of project success increases with good planning. The company's experience with success- ful projects over the last ten years helps the Sedona team define the scope. time. and cost of any project guite accurately. By using processes that accurately identify project scope, the team can determine the budget and time it would take to complete the proj- ect. All of these standardized processes are used to @ Information Systems Project Management, Edition 2.0 @ manage project risk The contract that SM G uses for its clients also minimizes the risks associated with the development process by explicitly describing the customers' expectation s, the technology used in the development of the system. the capabilities of the nal system. the customer's availability for project related communication. and nally the costs associ- ated with any changes in project scope. In the execution phase. other types of risks will be encountered. Despite a thorough plan developed with the client, there is still the risk that the project somehow won't meet client expectations. To miti- gate this risk, SMG involves the customer through- out the development process. so that any potential issues can be identified early. In the case of the Seattle Seahawks. the Sedona team produced sev- eral different potential designs based on the initial requirements set forth by the Seahawks. Mike Flood. the Seahawks' manager in charge of the develop- ment effort. was able to assess these prototypes in connection with potential website users and chose Chapter 9 Project Assignment During the life cycle of a project, it is important to manage risk because it can have an impact on the project scope. schedule. and budget. In this exercise. you will have to identify the potential risks that might occur when you are developing the entertainment website. 1. Dene risk as it relates to your project. 2 Identify sources of risks that will occur at different stages of your project. 3. Referring to Cha pterS (which discusses quality management). develop a cause-and-effect, or shbone, diagram to trace the root causes of the risks you identied for Question 2. 4. Discuss the different techniques (e.g_, risk esca- lation. avoidancefexploitation, transference;f sharing, mitigationrenhancement. and accep- tance} that you will use to address these risks. Reteren ces ' 353 to continue the development process with the ver- sion that seemed to best meet their needs. Another area where risk can be managed is in project control and closure. Project control involves measuring the progress of the project in terms of the projectobjectives. monitoring any deviation from the project plan. and taking any corrective action required to match the progress with the plan. Tum- paugh has rigid rules about change requests. Ifthe customer requests any substantial changes during the project life cycle. these change requests will result in a modified project budget and schedule. The purpose of project closure involves ensuring that the project deliverables have been completed and deliv- ering the nal product to the customer. The Sedona team ensures that the customer understands how to adequately maintain the delivered system. which prevents downstream maintenance risks, as well as risks to Sedona's reputation. At the closure stage. SMG also documents any lessons learned during the project to reduce the risks of future efforts. 5. Develop a risk response plan. which is a documented plan for risk response. The document should contain - The identified risks - The project areas or objectives the risk may affect - The roles and responsibilities of any risk owners - A description of the risk response strategies. including escalation, avoidancei'exploitation. tra nsferemelsharing. mitigationfen hance ment. and acceptance that will be used to address the identied risks - An acknowledgement of any residual risks projected to remain after any risk response strategies have been applied - A list ofactionsto be used to implement the risk response strategies