- Identifying and understanding the risks that will impact a project is not always a straightforward task. Many risk can be affect a project in different ways and during different phases of the project life cycle. Therefore, the process and techniques used to identify risks must include a broad view of the project and attempt to understand a particular risk’s cause and impact among the various project components. Framework is shown in below figure.
- At the middle of the IT project risk framework is the MOV, i.e. measurable organizational value. The MOV is the goal of the project that defines the measurable value the organization expects from the project. It is both a measure and definition of project success.
- The next layer of the framework includes the project objectives in term of scope, quality, schedule and budget. Although these objectives are not by themselves sufficient conditions for success.
- The third layer focuses on the sources of IT project risk. Risks can rise as a result of various people or stakeholders associated with a project, legal considerations, the processes, the environment, the technology, the organization, the product, and a catchall category called other.
- The next layer focuses on whether the sources of risk are internal or external to the project, it is important to make this distinction because a project manager is responsible and accountable for all project risks internal to the project. For example- if a project team member is not adequately trained to use a particular technology, then the projects objectives scope, schedule, budget, and quality may be impacted. Once this project risk has been identified along with its impact, the project manger can avoid or mitigate the risk by sending this particular project team member to training or by assigning certain tasks to a more skilful person. On other side project manger would not be responsible for external risks. For example- a project manger would not be responsible if the project were cancelled because the organization sponsoring the project went bankrupt. The distinction between internal and external risks is not always clear. For example- even though a particular hardware or software vendor may be external to the project, the project manger may still be responsible if that vendor is unable to deliver required technology resources. If the project manger chose that particular vendor, he or she would then be responsible for those risks.
The Fifth layer of the project risk management framework includes three different types of risks known risks, known-unknown risks, and unknown-unknown risks.
a. Known risk is defined as event that going to occur. These events are like death and taxes- they will happen and there is no uncertainty about it.
b. On the hand, known-unknown risks are of identifiable uncertainty. For example, if you own a home or rent an apartment, you know that you will receive a bill next month for the utilities you use. Although you know the past amount for these bills, the precise amount you will owe the utility company will be unknown until you receive the actual bill.
c. Last is unknown-unknown risks are residual risk and reflect what we don’t know. For example- it was not too long ago the people had never heard about internet. How could they comprehend the impact it would have on many of us? Unknown-unknown risks are really just a way to remind us that there may be a few risks remaining even after we think we have identified them all.
- The last layer provides a time element in terms of the project life cycle. It may help us determine or identify when risks may occurs, but remind us that they may change over the life of the project. These are all about IT Project Risk Identification Framework.