A Risk Management Process within a Large-Scale Information Technology Project - Assignment Example

Project Risk Management Introduction Project Management is an organized process man d with controlling, organizing, motivating, and planning an organization’s resources geared towards achievement of its objectives and goals. A project is itself a temporary plan that is designed with a definite time frame whose aim is to produce a specific result, service, or product that results in the organization’s betterment in all its aspects. In project management, several elements define and guide the path of the process. Key amongst them is project risk management, which refers to the sudden (unforeseen) occurrence of an event within a project that can affect its execution in either a negative or a positive manner. In assessing a risk, probability and impact are used. Probability is the possibility of that risk occurring, and if it is below 1, then it means that it cannot happen. However, if the probability is 1, then it becomes a concern that has to be addressed. Impact analyzes the possible result that the risk might have in case it happens. These elements of risk management therefore define it as the process of identifying, assessing, prioritizing, and controlling risks to monitor the impacts or probabilities of risks, thus realize achievement of a project’s goals. This essay will create a risk management process within a large-scale information technology project. The E-Commerce project is creating an online shopping site for an existing enterprise, which will demonstrate the application of risk management. A large-scale project is one that is complex in execution, thus requires a vast range of experts to oversee key areas. Within a project, three main areas portray risks; project environment, organization’s arrangement, and the external environment (Baydoun, 2011). The categories employed in evaluating the risk management process adhere to the Project Management Institute’s subdivision of the process that consists of risk management planning, risk identification, qualitative risk management, quantitative risk management, risk response development, and risk monitoring and control. It is obvious that any project will have risks, and the best way to deal with them is not to avoid but understand and control them. Risk Management Planning The goals of this E-commerce project is to reach out to the fast-growing online market owing to the viral use of the internet today, which is estimated to have at least two-hundred million users. This is a rather potential trade opportunity, thus the need to develop an online (web) shopping site. The project, once completed, is bound to attract more potential clients, contribute to more efficiency in marketing and delivery, cut the management and overhead costs, and match the modern-day digital enterprise demands (“International Survey”, 2013). However, publishing an enterprise online has its own dangers in that the virility in internet use has led to the occurrence of online crimes and malpractices that can hinder or even derail an e-commerce project. One, the internet being virtual, it enables hackers to gain access of online business sites and interfere with the normal programming. Secondly, the transactions are virtual which leads to some clients not trusting such transactions, so they keep away from online stores. On the organization’s part, they might lack the expertise to run and maintain such a site since it requires personnel with the technicality in information technology systems. The project will require a timeline of up to one year, a period within which it should be dominant in the online fraternity, have about a quarter-million online visitors, and the company should have full know-how on running and managing it without external assistance. Most of the risks are likely during the onset of the project, since it will require the organization to have personnel who are conversant with IT systems. The other risks might show up during the project’s running when the clients will need assurance of their financial safety, and the company itself has to safeguard its site against malicious parties such as hackers. Risk Identification According to Baydoun, risks arise from three main areas during a project; the project environment, organization’s arrangement, and the external environment. In the project environment, the technological know-how of the company’s personnel is a potential risk in this project. This is because if they are illiterate with it, then the project might not start during the intended time, and in case they are semi-skilled, then the site might be prone to hacking, client’s insecurity issues, and lack of proper maintenance. These three combined will result in one; failure of the project to meet its objectives, two; interception of the site by malicious parties that might result in loss of company integrity, thus losing clients or shutting down of the site, and lastly; legal action against the organization with clients who might fall victim to hackers while on the company’s site. When it comes to the organization’s arrangement, some of the employees and mostly in management might have reasons to oppose the project thus result in delayed approvals or partial support of the project. These might cause delay in the commencement of the project or interfere with its running at one point in time. On the external environment, the project is prone to social risks in that being a worldwide enterprise means whatever in on the website is accessible globally. The risk in this is that some content that might appear online might be deemed unsuitable in some states. For instance, some Asian countries do not condone the use of exposed (semi-nude) bodies when marketing fashion. This might result in the enterprise, attracting negative perception in some parts of the world, thus not achieve its targeted quarter-million online traffic in the one-year timeline. Quantitative risk management Quantitative risk management employs measurable data that is objective in determining asset values, probabilities of loss, and the associated risks. This approach works by measuring the specific level, amplitude, or generally quantity of an output or material in evaluating the operational attributes of an aspect or item usually expressed in a numerical value (Sims, 2012). In this project, for instance, numerous records and virtual systems exist, financial in the online e-commerce systems that are controlled and/or stored in a secured database that will be under the control of the company’s IT-conversant personnel. The system administrators in terms of amount (numbers) know these systems. In the case when a risk, such as hacking or infection by computer virus destroys the records or virtual systems, the system administrator can provide the number to parties who conduct a business impact analysis who can then calculate the total replacement costs. For instance, if 300 systems were destroyed, with each costing an average 500 USD, then the organization can estimate the risk as worth 150, 000 USD. Qualitative risk management On a rather different approach, qualitative risk management measures, risks, or values of assets with regard to their ranking in terms of risk level such as high, medium, or low, in which the scale varies between 1 and 10. A risk below level 1 ceases to be a risk, whereas any above 1 requires evaluation and control. The qualitative approach relates to the quantitative in that after defining a risk and determining its associated cost, it then makes it possible to rank it with regard to its vulnerability of occurrence (Pinto, 2013). In this case, for instance, qualitative risk management is likelier to apply than quantitative. In order of risk, occurrence and consequences, organizational arrangement risks are low-risks in that whereas the said problems such as disagreement over this project or late approval might occur, they are more controllable and in the event that they materialize, then the effects are not as lethal. The second risk category, external environment that includes the social aspect is more of a risk than organizational arrangement because it is somehow uncontrollable by the organization or system administrators, and might weaken the project’s ability to meet its objects. It is therefore of medium scale. The most crucial or high-level risk is therefore the project environment that in this case refers to the online risks such as hacking or customer credentials’ interception by malicious parties. These are lethal and might result in bad reputation of the organization’s site (this project), and lead to its closure or total failure of meeting objectives. Risk Response Development This element of project risk management gives the measures to counter risks in case they arise. In the e-commerce scenario, organizational problems involving employees can be solved using Kendrick’s (2011) suggestions that projects are about people and teams, thus good project managers are essential. A good project manager engages everyone in making crucial decisions, thus finds sufficient support from all the personnel with know-how on the project. This will give the project an analyzed and consistent decision-making process rather than one based on feelings. On the issue of the external environment that is in this case influenced by social (cultural) aspects, the e-commerce project will have to conduct a research on internationally recognized and permitted online business conduct. This means that whatever content will appear on the new internet marketing and shopping site will have to meet the mentioned conduct so as to reduce friction or repulsion from potential visitors and clients across the continent, thus make it a comfortable-to-navigate online shop. This relates to Kendrick’s advice that as a business entity, an organization should strive to meet its clients’ needs and objectives and requirements irrespective of the sacrifice or extent that this has to cost. Moreover, a business is meant for the clients. At the high-level risk, that is intercepted and malicious attack by online criminals, there are several effective methods of countering this. One, the site developers, or administrators should minimize or diminish entirely all remote access to the databases. This can be done by using tunneling and/or encrypted data transmission protocols that are impenetrable by anonymous parties. The other remedy is backup all the site’s information and documentation so in case of the risks succeeding, then restoration is fast and less-costly. In addition to this, there should exist within the online site project, separate entities for development, testing, and the actual (production) environs (Cherry, 2011). These will graduate the risk scale in that the developing stage might have loopholes that will be highlighted during the testing stage, both of which will result in a tightly-secured online shop and database. Testing all these remedial measures will determine whether a risk still exists or has been dealt with. Concisely, if a risk’s remedy passes the test it is subjected to, then the risk is done away with without opening another loophole for the occurrence of an additional risk. Risk Monitoring and Control During the project’s implementation, some of the risks earlier identified are likely to materialize and actually occur. However, this should be no problem since an analysis and appropriate reaction to it has already been planned. This is the mandate of the risk monitoring and control element of project risk management. In keeping track of the actual risk, the data collected from the earlier perceived risk is used to measure the magnitude and effects of the risk in the project. This requires the use of a risk management plan that gives guidelines on identifying risks, both quantitative and qualitative analyses, control and monitoring of the project during its lifecycle. There will also be the risk response plan that will define at what level of the risk that the mitigation will come in, and who bears the responsibility. Finally, there will be a scope change to control mechanism that will define how the project might be altered in case any of the risk countering measures demands of it (“Risk Monitoring”, 2000). In the e-commerce project, such might include integration of tougher online security measures or hiring of highly-trained external personnel to handle matters in case training the organization’s employees does not meet the required expertise to handle the IT systems. In determining the life cycle of risks, one has to first identify, classify, and provide valuation of an asset. After this, they have to determine by estimation the duration within the timeline when the risk should appear, until the next potential risk is about to appear as well. The timeframe between the two risks is the lifecycle of the first risk. This, and all other crucial information should be submitted to the administrators in charge of specific departments or those directly involved in executing specific tasks within the project. As such, it will be much easier to identify, evaluate, counter, control, and prevent further limitations arising from risks within a project. References Baydoun, M. (2011). “Risk Management of large-scale development projects in developing countries: Cases from MDI’s projects”. International Journal of Technology management and Sustainable Development, 9:3, pp. 237-249, doi: 10.1386/tmsd.9.3.237_1 Cherry, D. (2011). Securing SQL server: Protecting your database from attackers. Burlington, MA: Syngress. “International survey of E-commerce”. (2013). WITSA.org. Retrieved on 17 February 2014 from www.witsa.org/papers/EComSurv.pdf‎ Kendrick, T. (2011). 101 Project Management Problems and How to Solve Them: Practical Advice for Handling Real-World Project Challenges. New York, NY: American Management Association. Pinto, J. K. (2013). Project Management: Achieving Competitive Advantage. Upper Saddle River, New Jersey: Prentice Hall. “Risk Monitoring and Control.” (2014). Centro de Informatica. Retrieved on 17 February 2014 from http://www.cin.ufpe.br/~if717/Pmbok2000/pmbok_v2/wbs_11.6.html Sims, S. (2012, May 3). “Qualitative vs. Quantitative Risk Assessment”. SANS.edu. Retrieved on 17 February 2014 from http://www.sans.edu/research/leadership-laboratory/article/risk-assessment Read More