Risk Analysis

One of the biggest changes at technology companies like Microsoft and Google over the past 24 months has been the increased importance of project management skills. Managers are really looking to hire new employees who have fundamentally sound technical skills (such as coding), communication skills, but increasingly, basic project management knowledge.

Project management is a big topic, but one important area is Risk Management. The idea is quite simple. When you are working on any kind of project -- from creating a software product, to managing an IT system, to a sales effort -- you absolutely must take risk into account.

A risk is nothing more than an unpredictable event that had negative consequences. Risk management consists of three parts.

• Risk identification is where you determine what the risks to your project are.
• Risk analysis is where you estimate how likely the risk is, how negative the impact is, and then determine which risks should get most attention.
• Risk mitigation is where you take steps to reduce risk and create a contingency plan for when risk events occur.

Well, all this is pretty obvious, but just how do you go about actually performing any of these risk management tasks? There are many useful techniques available. For example, for risk identification you can use a set of standard taxonomies that list risks generic to most projects. Or you can identify risks by looking at each feature, cost, estimated time, and quality level for the individual parts of the project listed in a specification document (if it exists). Or, if you use traditional project management methodology, you can examine each task package in the project's Work Breakdown Structure.

For risk analysis, there are many interesting and easy quantitative techniques you can use. For example, suppose you identify 5 risks, A, B, C, D, and E. You decide to use a 3-point likelihood scale: low likelihood, medium likelihood, high likelihood. And you decide to use a 4-point impact scale: low impact, medium impact, high impact, and catastrophic impact. You can map likelihood to a normalized metric using rank order centroids: low = 0.11, medium = 0.28, high = 0.61. Similarly you can use rank order centroids to map impact to a normalized metric: low = 0.06, medium = 0.15, high = 0.27, catastrophic = 0.52. Now suppose Risk A has a low likelihood but a high impact. Its normalized relative priority is 0.11 * 0.27 = 0.03. Suppose Risk B has high likelihood but low impact. Its relative normalized priority is 0.61 * 0.06 = 0.04. As with all quantitative project management techniques, the real value from an analysis like this comes from taking a hard look at the problem rather than the final numbers.

The moral of the story is that upgrading your project management skills is a key to your career advancement. VTE, Volt's technical training department, offers short project management class modules during the weekdays, and longer, comprehensive certification sequences on the weekends. Check out http://www.vteOnline.com for schedules. VTE is putting the finishing touches on a new "VS 811 - Quantitative Techniques for Software Project Management" course that will show you exactly how to perform analyses like the one described above. Keep an eye out for an announcement from your Employee Relations representative.