Assignment Report Guidelines Essay Shortened To 70 Characters.

Assignment – Report Guidelines

Research papers must be typed, or word processed, and referenced as per VIT guidelines. A variety of references from textbooks, journal articles and the internet would be well regarded.

There should be headings, an introduction (not more than 10% of the total) and a conclusion (not more than 10% of the total).

Assessment Criteria

1. Research Assignment/Research Report : 2800 – 3000 words (penalties may be applied for word counts +/- 10%)
2. To be submitted on or before the due date on MOODLE. Penalty for late submission is 10% of the paper’s worth deducted for each day late.

Marking Criteria (from 30%)

3% (front page, illustrations, colour, headings)

4% (should explain the rationale and give an overview)

10% (quality, relevance and conciseness of discussion/facts)

10% (what I have learnt and its relevance to my profession)

3% (quality/variety/relevance/topical)

Referencing Guide

A guide to referencing sources used in assignments

• All sources used in assignments, essays, reports and theses must be acknowledged in the text of your document giving the author’s name followed by the publication date (these are called ‘in-text citations’)
• A ‘bibliography’ or ‘reference list’ at the end of your document contains the full details of all the in-text citations, arranged alphabetically
• Referencing is necessary to avoid plagiarism, to verify quotations, and to enable readers to identify and consult any item to follow-up a cited author’s arguments

Referring a Book

The details required, in order, are:

• name(s) of author(s), editor(s), compiler(s) or the institution responsible
• year of publication
• title of publication and subtitle if any (all titles must be underlined or italicised with
• sentence style capitalisation as below)
• series title and individual volume, if any
• edition, if other than the first
• publisher
• place of publication
• page number(s) if applicable
• Referring an Article

The details required, in order are:

• name(s) of author(s) of the article
• year of publication
• title of article, in single quotation marks and sentence style capitalisation as below
• title of periodical (underlined or italicised with headline style capitalisation as below)
• volume number
• issue (or part) number
• page number(s)

Referring Electronic Sources

This could include sources from full text compact disk products, electronic journals or other sources from the Internet.

The basic form of the citations follow the principles listed for print sources:

• name(s) of author(s) or the organization responsible for document, web page or site
• year of publication of document, creation of page/site or date last revised
• Note: if you cannot establish the date of publication, use n.d. (no date)
• title of document or page, if applicable
• edition, if other than first
• type of medium, if necessary
• name and place of the publisher, sponsor or host of the source
• date item viewed
• web page or site address, or name of database on internet (if applicable)

Entries in a bibliography or list of references should be arranged alphabetically by the first element of the citation.

References and Citations

Definition of Business, Program, Project or Component Objectives

The project includes the installation of an automated double door at Royal North Shore Hospital  RNSH) by Stanley Security Solutions, Australia.

The definition of the project has been specified by including the response from the internal and external stakeholders, such as hospital administration, project team members and manager, medical professionals, security experts, and end-users.

The basis of risk identification and analysis, for example, in the case of RNSH will be defined as per the project factors, stakeholders involved, and the requirements associated with the project.

Risk Management Standard

AS/NZS ISO 31000: 2009 is the risk management standard and framework that will be followed in this project.

This standard is preferred over the other because it covers the definition of risks and uncertainties and provides eleven principles for risk management that may be used and applied across the enterprise. These principles include creation and protection of value, being an integral part of the organization, being a part of decision-making process, explicitly addressing uncertainty,  being systematic and timely, tailored approach, identification and analysis on the basis of current approach, transparency, taking human and cultural factors in account, being dynamic and responsive to change, and continuous improvement of the organization (Financegov, 2010).

Risk Context

Risk context for the project is developed on the basis of the information collection methods, such as interviews, brainstorming, domain analysis, and observation carried out with the internal and external stakeholders.

The example of the risk context for the current project is as illustrated below.

Definition

Risk context includes the description of the organizational environment, attitude of the personnel impacting the risk, and the behaviour towards the risks that are identified.

Risk Attitude

Risk Averse: Security Risks, Schedule/Budget Overrun, Legal Risks, Quality Risks, Ethical Risks, Environmental Risks

Risk Seeking: Operational Risks, Communication Risks, Resource Risks, Market Risks

Risk Neutral: Investment Risks, Technical Risks

Project

The project involves the installation of an auto double door at RNSH and the Project Manager shall take up the responsibility and accountability for the risks (Apm, 2018).

Programme

The acceptable level of the risk shall be identified wherein the risk does not cause severe damage to the project or the organization and may be transferred to the other parties, such as Technical Risks comprising of failure of a tool.

Portfolio

The risk management activities will cover identification, assessment, treatment, monitoring, control, and closure.

Risk Events & Categories

Risk Management Standard

Risk Register 1

The risk register has been prepared for the RNSH project.

Identification Number

Risk Category

Risk Source

Risk Event

Description of Effect/Consequences

Existing Controls

Risk Owner

Analysis of Consequence (Major, High, Moderate, Minor, Low)

Likelihood or Level (Very High, High, Moderate, Low, Very Low)

Proposed Treatment

Analysis

Responsibility

Status

1

Information

Network, People, Data Sets

Security Violation

Compromise of the information properties, such as confidentiality, integrity, and availability

Access controls

Security Expert

Major

High

Risk Avoidance & Mitigation

Risk review and inspection

Security Expert

Active

2

Finance

Project changes, resource inefficiencies

Budget Overrun

Poor customer satisfaction level, deterioration of the organization reputation in the market, employee disengagement

Project reviews and audits

Project Manager

High

Low

Risk Avoidance

Risk review and inspection

Project Manager

Active

3

Project

Project changes, resource inefficiencies

Schedule Overrun

Poor customer satisfaction level, deterioration of the organization reputation in the market, employee disengagement

Project reviews and audits

Project Manager

High

Low

Risk Avoidance

Risk review and inspection

Project Manager

Active

4

Legal

Project Resources

Non-adherence to legal norms

Legal punishments and obligations for the organization

Project reviews and audits

Legal Inspector

Major

Very Low

Risk Avoidance

Risk review and inspection

Legal Inspector

Active

5

Quality

Project Resources

Non-adherence to quality standards

Poor customer satisfaction level, deterioration of the organization reputation in the market

Project reviews and audits

Quality Manager

Major

Low

Risk Avoidance

Risk review and inspection

Quality Manager

Active

6

Ethics

Project Resources

Non-adherence to ethical principles

Poor customer satisfaction level, deterioration of the organization reputation in the market

Project reviews and audits

Project Leader

Major

Low

Risk Avoidance

Risk review and inspection

Project Leader

Active

7

Environmental

Nature

Environmental hazards

Delay in project deliveries, data loss and leakage, health and safety issues

Fire alarms, earthquake resistant architecture

HR Manager

Major

Low

Risk Avoidance

Risk review and inspection

HR Manager

Active

8

Resource

Organizational/project policies, senior management

Drop in productivity or scarcity of resources

Inability to meet the project deadlines, poor reputation of the organization in the market

Employee assessment programs

Project Manager

High

Moderate

Risk Avoidance

Risk review and inspection

Project Manager

Active

9

Resource

Poor training of the resources

Operational Errors

Major re-work causing enhancement of costs and schedule

Employee assessment programs

Project Manager

Moderate

High

Risk Avoidance

Risk review and inspection

Project Manager

Active

10

Organization

Organizational Environment

Health & Safety Issues

Temporary or permanent injuries

First aid in the organization, non-slippery floors

HR Manager

Major

Low

Risk Avoidance

Risk review and inspection

HR Manager

Active

11

Project

Project policies and resources

Ineffective Communication

Confusions for the employees

Daily team meetings

Project Manager

Moderate

Moderate

Risk Avoidance

Risk review and inspection

Project Manager

Active

12

Market

Market trends, customers

Market Fluctuations

Increased changes in the project causing re-work for the team members

Market analytics using automated data analytics tools

Market Analyst

High

High

Risk Avoidance and Mitigation

Risk review and inspection

Market Analyst

Active

13

Technological

Technical tools

Technical Failures

Disruption of the project continuity

Availability of alternate tools

Technical Expert

Moderate

Moderate

Risk Transfer

Risk review and inspection

Technical Expert

Active

Risk Register 2

The risk register below is developed for the project of mobile application that is developed for a client.

Identification Number

Risk Category

Risk Source

Risk Event

Description of Effect/Consequences

Existing Controls

Risk Owner

Analysis of Consequence (Major, High, Moderate, Minor, Low)

Likelihood or Level (Very High, High, Moderate, Low, Very Low)

Proposed Treatment

Analysis

Responsibility

Status

1

Information

Network, People, Data Sets

Security Violation

Compromise of the information properties, such as confidentiality, integrity, and availability

Access controls

Security Expert

Major

High

Risk Avoidance & Mitigation

Risk review and inspection

Security Expert

Active

2

Mobile Application

Project Requirements, Project Resources

Design Errors

Poor Customer Satisfaction Level

Responsive Web Design Principles, Design Overview

System Designer

High

Moderate

Risk Avoidance

Risk review and inspection

System Designer

Active

3

Mobile Application

Application Code & Design

Performance Lags

Poor Customer Satisfaction Level

Performance Testing

Performance Tester, Application Developer

Very High

Moderate

Risk Avoidance

Risk review and inspection

Performance Tester

Active

4

Technological

Technical tools

Technical Failures

Disruption of the project continuity

Availability of alternate tools

Technical Expert

Moderate

Moderate

Risk Transfer

Risk review and inspection

Technical Expert

Active

5

Finance

Project changes, resource inefficiencies

Budget Overrun

Poor customer satisfaction level, deterioration of the organization reputation in the market, employee disengagement

Project reviews and audits

Project Manager

High

Low

Risk Avoidance

Risk review and inspection

Project Manager

Active

6

Project

Project changes, resource inefficiencies

Schedule Overrun

Poor customer satisfaction level, deterioration of the organization reputation in the market, employee disengagement

Project reviews and audits

Project Manager

High

Low

Risk Avoidance

Risk review and inspection

Project Manager

Active

Methods of Risk Identification

The three different methods of risk identification have been listed and described below.

• SWOT Analysis: It is the qualitative analysis technique that identifies the strengths, weaknesses, opportunities, and threats associated with a particular project. The information used for the technique is collected for varied project sources and external resources and the strengths and opportunities may be used to ensure better performance and avoid the risks. The weaknesses and threats are then assessed to develop the strategies to prevent and avoid the same.
• Decision Trees: These are the graphical structures that are developed in a tree-like architecture wherein the probable events and the respective causes are represented. The risks may be identified in terms of the possible outcomes of every action associated with a project.
• Probability & Impact Matrix: A matrix of probability of the events and the possible consequences of the events is formed to identify the risks associated with a project and to develop the priorities for the same (Bock & Truck, 2011).

Analysis of Risk Events

The risk events for the project of RNSH are depicted in the risk register in the previous sections. The analysis has been done on the basis of the SWOT analysis techniques.

There were information gathering techniques that were used to understand the existing controls and analyse the risks.

• Interviews: The internal and external stakeholders associated with the project were identified and interviewed. These stakeholders included the internal staff members of the RNHS, medical authorities, regulatory bodies, supplier groups, etc. The list of interview questions were prepared for each of these entities and the interviews were conducted. The response provided by these entities was recorded through automated analytics tools (Cagliano, Grimaldi & Rafele, 2014).
• Domain Analysis: The domain of the organization is healthcare and the domain of the project is security. These two domains were analysed to understand the existing controls available with the organization to deal with the risk situations.
• Brainstorming Sessions: The different entities were brainstormed in groups to come up with unexplored ideas to determine the controls available with the organization.
• Documentation of Risk Evaluation

Risk Evaluation was carried out in the project after the determination and identification of the project risks and assessing the same on the basis of the consequences and probability of every risk.

The consequences of the risks in the risk register were marked with the values as Major, High, Moderate, Minor, or Low. Similarly, the likelihood of the risks was marked as Very High, High, Moderate, Low, or Very Low.

These values were assigned with a numerical value to come up with a risk score for every risk calculated as consequence x likelihood (Carvalho & Rabechini Junior, 2014).

Consequence	Likelihood	Score
Major	Very High	5
High	High	4
Moderate	Moderate	3
Minor	Low	2
Low	Very Low	1

Identification Number	Risk Category	Risk Source	Risk Event	Analysis of Consequence (Major, High, Moderate, Minor, Low)	Impact Score	Likelihood or Level (Very High, High, Moderate, Low, Very Low)	Likelihood Score	Risk Score
1	Information	Network, People, Data Sets	Security Violation	Major	5	High	4	20
2	Finance	Project changes, resource inefficiencies	Budget Overrun	High	4	Low	2	8
3	Project	Project changes, resource inefficiencies	Schedule Overrun	High	4	Low	2	8
4	Legal	Project Resources	Non-adherence to legal norms	Major	5	Very Low	1	5
5	Quality	Project Resources	Non-adherence to quality standards	Major	5	Low	2	10
6	Ethics	Project Resources	Non-adherence to ethical principles	Major	5	Low	2	10
7	Environmental	Nature	Environmental hazards	Major	5	Low	2	10
8	Resource	Organizational/project policies, senior management	Drop in productivity or scarcity of resources	High	4	Moderate	3	12
9	Resource	Poor training of the resources	Operational Errors	Moderate	3	High	4	12
10	Organization	Organizational Environment	Health & Safety Issues	Major	5	Low	2	10
11	Project	Project policies and resources	Ineffective Communication	Moderate	3	Moderate	3	9
12	Market	Market trends, customers	Market Fluctuations	High	4	High	4	16
13	Technological	Technical tools	Technical Failures	Moderate	3	Moderate	3	9

Agreement of Priorities for Treatment

The priority for risk treatment is determined on the basis of the risk score that is identified above. The risks with higher score are given higher priority and vice versa.

Identification Number	Risk Category	Risk Source	Risk Event	Impact Score	Likelihood Score	Risk Score	Evaluated Priority for the Risk
1	Information	Network, People, Data Sets	Security Violation	5	4	20	1
2	Finance	Project changes, resource inefficiencies	Budget Overrun	4	2	8	6
3	Project	Project changes, resource inefficiencies	Schedule Overrun	4	2	8	6
4	Legal	Project Resources	Non-adherence to legal norms	5	1	5	7
5	Quality	Project Resources	Non-adherence to quality standards	5	2	10	4
6	Ethics	Project Resources	Non-adherence to ethical principles	5	2	10	4
7	Environmental	Nature	Environmental hazards	5	2	10	4
8	Resource	Organizational/project policies, senior management	Drop in productivity or scarcity of resources	4	3	12	3
9	Resource	Poor training of the resources	Operational Errors	3	4	12	3
10	Organization	Organizational Environment	Health & Safety Issues	5	2	10	4
11	Project	Project policies and resources	Ineffective Communication	3	3	9	5
12	Market	Market trends, customers	Market Fluctuations	4	4	16	2
13	Technological	Technical tools	Technical Failures	3	3	9	5

Options for Risk Treatment

There are five possible treatment options that may be applied on the risks.

• Risk Avoidance (Negative Consequences/Threats): The treatment strategy is applied by using and implementing the control so that the risk situation does not occur. This treatment option is used for the risks that may have negative outcomes and consequences.
• Pursuing Opportunities (Positive Consequences): There may be certain risks that may provide enhanced opportunities to the project if they occur. In such cases, the respective opportunity shall be pursued and explored.
• Minimising/Risk Mitigation: The likelihood or consequence of the risks can be controlled by using preventive and detective measures (Pimchangthong & Boonjing, 2017).
• Sharing/Transfer the Risk: The risk responsibility may be transferred to another party in case of the ownership of a specific tool or component by a third-party.
• Risk Acceptance: The risks that may be neutral and may cause no damage may be accepted.

The risks, such as security risks associated with the project have been mapped with the treatment strategy as risk avoidance and risk mitigation. The avoidance of the risks may be done with the use and application of multi-fold authentication, advanced identity and access control, advanced network security tools, and likewise. However, there may be certain risks that may occur in spite of the implementation of all of these controls. Such events may be avoided and controlled with the use of minimising and mitigation techniques as data backups and encryption of the information sets (Sanchez, Robert, Bourgault & Pellerin, 2009).

Similarly, the risks that may not have any impact may be accepted in the project.

Scenarios for Risk Acceptance

There may be certain scenarios wherein the risks may be accepted.

For example, in the investment projects, there are certain investments that are subject to risk of market alterations but will not provide any profit and will also not cause any loss. Such risks may be accepted by the project team. Similarly, there may be situation wherein cosmetic defects may be present in a website or a mobile application that may not have an impact on the customer satisfaction level. Such risks will be accepted and the resolution may be provided in the next builds (Hilson, 2012).

Risk Analysis Techniques

Risk Treatment Plan

Scenario 1

Risk Details

Identification Number

Risk Category

Risk Source

Risk Event

Description of Effect/Consequences

Existing Controls

Risk Owner

Analysis of Consequence (Major, High, Moderate, Minor, Low)

Likelihood or Level (Very High, High, Moderate, Low, Very Low)

Proposed Treatment

Analysis

Responsibility

Status

1

Information

Network, People, Data Sets

Security Violation

Compromise of the information properties, such as confidentiality, integrity, and availability

Access controls

Security Expert

Major

High

Risk Avoidance & Mitigation

Risk review and inspection

Security Expert

Active

Recommended Risk Treatment/Response Strategy

Risk Avoidance and Mitigation

Steps for Risk Treatment

The following steps shall be followed for treating the risk.

• The possible security events that may come up shall be listed down.
• The security events shall be mapped with the avoidance and mitigation strategy as shown below.
  • Malware Attacks: Anti-malware Tools
  • Denial of Service Attacks: Anti-denial tools
  • Network eavesdropping and man in the middle attacks: Intrusion Detection & Prevention Tools
  • Data Breaches & Leakage: Access control, multi-fold authentication, Data encryption and backups (Govan & Damnjanovic, 2016)
• The other security controls that shall be implemented shall be device security, firewalls, and anti-phishing tools
• The security controls shall be implemented

Monitoring & Control

The controls and treatment strategies that are mapped with the risk shall be monitored and controlled by carrying out the weekly reviews and audits on the risk status.

Communication & Reporting

There shall be a formal risk report prepared every week on the risk status and activities. The risk shall be marked as closed when all of the activities are accomplished.

Scenario 2

Identification Number

Risk Category

Risk Source

Risk Event

Description of Effect/Consequences

Existing Controls

Risk Owner

Analysis of Consequence (Major, High, Moderate, Minor, Low)

Likelihood or Level (Very High, High, Moderate, Low, Very Low)

Proposed Treatment

Analysis

Responsibility

Status

1

Finance

Project changes, resource inefficiencies

Budget Overrun

Poor customer satisfaction level, deterioration of the organization reputation in the market, employee disengagement

Project reviews and audits

Project Manager

High

Low

Risk Avoidance

Risk review and inspection

Project Manager

Active

Recommended Risk Treatment/Response Strategy

Risk Avoidance

Steps for Risk Treatment

The following steps shall be followed for treating the risk.

• The possible events that may lead to the situation of budget overrun shall be listed down.
• The events shall be mapped with the avoidance as shown below.
  • Increased number of project changes: Change planning, execution, and management
  • Drop in resource productivity: Resource trainings and assessment programs
  • Communication Issues: Enhanced communication guidelines
• The budget estimated for the project shall also be analysed in terms of the funds allocated to every activity.
• There shall be assessment of the gap analysis that shall be done regularly to find out the cost variance, if any.

Monitoring & Control

The controls and treatment strategies that are mapped with the risk shall be monitored and controlled by carrying out the weekly reviews and audits on the risk status.

Communication & Reporting

There shall be a formal risk report prepared every week on the risk status and activities. The risk shall be marked as closed when all of the activities are accomplished.

Monitoring of Treatment Actions

In case of the absence of a detailed risk treatment plan, the monitoring of the risks shall be done by evaluating the strategies in daily team meetings.

The resources shall be responsible for treating the risks during the meeting and they shall be communication on the plan of action. A senior leader or manager must monitor and inspect the entire activity and there shall be reviews carried out at frequent intervals (Raz, Shenhar & Dvir, 2011).

Extension of Qualitative Risk Analysis to Quantitative Analysis

The qualitative risk analysis methods are extended to quantitative analysis when the former does not succeed in controlling the risks. There are quantitative analysis strategies that are in place, such as Project Evaluation & Review Technique (PERT), and Monte Carlo Simulation. 

Monte Carlo Simulation is done to develop cost contingency and schedule contingency. There is a probability factor, target value, and low/high estimates assigned for every milestone. PERT is a technique that is used to find out three durations for each of the activity that is scheduled. These include the most pessimistic, most probable, and most optimistic values of the schedule.

Task 2: Monitor & Control Project Risks

Up-to-date with Risks

There is a daily meeting that is carried out among the project team members to discuss the issues present in a project, conflicts among the resources, project progress, and risk areas.

Monitoring of Treatment Actions

The risks that are identified and assessed by every group or individual are discussed and communicated to all. The risks identified previously and being handled by the project team members is also informed about their status to the resources. The likelihood and consequences of the risks identified also keep on changing on the basis of the project variables and factors.

The minutes of meeting from one such daily meeting discussing the active project risks are included below.

Minutes of Meeting

Meeting Date

12^th May 2018

Meeting Duration & Time

Start Time: 9:00 AM

End Time: 9:45 AM

Duration: 45 Minutes

Updated Risk Register

Identification Number

Risk Category

Risk Source

Risk Event

Description of Effect/Consequences

Existing Controls

Risk Owner

Analysis of Consequence (Major, High, Moderate, Minor, Low)

Likelihood or Level (Very High, High, Moderate, Low, Very Low)

Proposed Treatment

Analysis

Responsibility

Status

1

Information

Network, People, Data Sets

Security Violation

Compromise of the information properties, such as confidentiality, integrity, and availability

Access controls

Security Expert

Major

High

Risk Avoidance & Mitigation

Risk review and inspection

Security Expert

Active

2

Finance

Project changes, resource inefficiencies

Budget Overrun

Poor customer satisfaction level, deterioration of the organization reputation in the market, employee disengagement

Project reviews and audits

Project Manager

High

Low

Risk Avoidance

Risk review and inspection

Project Manager

Closed

3

Project

Project changes, resource inefficiencies

Schedule Overrun

Poor customer satisfaction level, deterioration of the organization reputation in the market, employee disengagement

Project reviews and audits

Project Manager

High

Low

Risk Avoidance

Risk review and inspection

Project Manager

Active

4

Legal

Project Resources

Non-adherence to legal norms

Legal punishments and obligations for the organization

Project reviews and audits

Legal Inspector

Major

Very Low

Risk Avoidance

Risk review and inspection

Legal Inspector

Active

5

Quality

Project Resources

Non-adherence to quality standards

Poor customer satisfaction level, deterioration of the organization reputation in the market

Project reviews and audits

Quality Manager

Major

Low

Risk Avoidance

Risk review and inspection

Quality Manager

Active

6

Ethics

Project Resources

Non-adherence to ethical principles

Poor customer satisfaction level, deterioration of the organization reputation in the market

Project reviews and audits

Project Leader

Major

Low

Risk Avoidance

Risk review and inspection

Project Leader

Closed

7

Environmental

Nature

Environmental hazards

Delay in project deliveries, data loss and leakage, health and safety issues

Fire alarms, earthquake resistant architecture

HR Manager

Major

Low

Risk Avoidance

Risk review and inspection

HR Manager

Active

8

Resource

Organizational/project policies, senior management

Drop in productivity or scarcity of resources

Inability to meet the project deadlines, poor reputation of the organization in the market

Employee assessment programs

Project Manager

High

Moderate

Risk Avoidance

Risk review and inspection

Project Manager

Active

9

Resource

Poor training of the resources

Operational Errors

Major re-work causing enhancement of costs and schedule

Employee assessment programs

Project Manager

Moderate

High

Risk Avoidance

Risk review and inspection

Project Manager

Closed

10

Organization

Organizational Environment

Health & Safety Issues

Temporary or permanent injuries

First aid in the organization, non-slippery floors

HR Manager

Major

Low

Risk Avoidance

Risk review and inspection

HR Manager

Closed

11

Project

Project policies and resources

Ineffective Communication

Confusions for the employees

Daily team meetings

Project Manager

Moderate

Moderate

Risk Avoidance

Risk review and inspection

Project Manager

Active

12

Market

Market trends, customers

Market Fluctuations

Increased changes in the project causing re-work for the team members

Market analytics using automated data analytics tools

Market Analyst

High

High

Risk Avoidance and Mitigation

Risk review and inspection

Market Analyst

Closed

13

Technological

Technical tools

Technical Failures

Disruption of the project continuity

Availability of alternate tools

Technical Expert

Moderate

Moderate

Risk Transfer

Risk review and inspection

Technical Expert

Closed

Highest Priority Risk

Security Risks & Attacks

Treatment Strategy for the Risk

• The possible security events that may come up shall be listed down.
• The security events shall be mapped with the avoidance and mitigation strategy as shown below.
  • Malware Attacks: Anti-malware Tools
  • Denial of Service Attacks: Anti-denial tools
  • Network eavesdropping and man in the middle attacks: Intrusion Detection & Prevention Tools
  • Data Breaches & Leakage: Access control, multi-fold authentication, Data encryption and back ups
• The other security controls that shall be implemented shall be device security, firewalls, and anti-phishing tools
• The security controls shall be implemented

Resource Responsible

Security Expert

Review of Risk Register & Risk Management Plan

The risk register and risk management plan is updated weekly. There is a weekly meeting that is facilitated by the Project Manager and the meeting includes internal as well as external stakeholders.

The comments from all the resources are gathered and the risk register along with the management plan is accordingly updated.

Example of a Risk Managed

Name of the Risk

Financial Risk – Budget Overrun

Original Treatment Strategy

Risk Avoidance 

Factors that Occurred after Original Strategy

There were massive changes in the original project requirements that came up after the original strategy as risk avoidance was determined to control and treat the risk.

The change was approved by the Project Sponsor and it could not be carried out without an extra share of budget (Lombard, 2008).     

Reflection

The alternate strategy was then utilized to treat the risk as it included the mitigation measures along with the avoidance measures. The budget for the pending activities was re-designed and there was a tolerance of 10% variation in the budget that was acceptable.

It allowed the project team to carry out the change that was requested by the client along with the regular project activities without causing any alteration to the overall project budget. 

Risk identified after the Project was commenced

The risk that was detected in the project after it commenced was an access control issues that was detected. The risk could not be detected earlier as the infrastructure at the client side was modified at the last moment. The potential impact of the risk would be compromise of the security of the client’s organization and the associated data and information sets.

The risk could be treated after the completion of the project as the end-product delivered to the customer was flexible and scalable. The project team went to the client-side and fixed the issue using automated access control measures.

Quantitative Risk Analysis

Task 3: Assess Risk Management Outcomes

Review Project Outcomes

The project outcomes were reviewed on the basis of the critical success factors of the project.

Project Review

The following Key Performance Indicators (KPIs) and critical success factors were used to review the project, its success, and the success of the implementation of risk treatment strategy.

• Cost Variance: Earned Value Management (EVM) was used to determine the gaps present between the estimated and actual values of the project costs. The difference between the two was calculated and there was negligible variance observed indicating project success.
• Schedule Variance: Earned Value Management (EVM) was used to determine the gaps present between the estimated and actual values of the project schedule. The difference between the two was calculated and there was negligible variance observed indicating project success.
• 360-degree Feedback: There was feedback collected from every project entity, such as the project sponsor, supplier groups, end users, partners, internal resources, and management. The feedback provided was mostly positive and there were a few areas of improvements detected. This was also an indication of success (Kwan & Leung, 2011).
• Net Present Value (NPV): The different between the cash inflows and outflows were used to calculate the NPV which was found to be positive indicating project success.
• Internet Rate of Return (IRR): The different between the cash inflows and outflows were used to calculate the IRR which was found to be 18% indicating project success.
• Lessons Learned

There were many lessons that were learned during the project timeline.

The lessons from the risk management perspective included the risk management methodology and phases that shall be used. It is necessary to have a defined risk management plan in a project so as to deal with the probable risks that may come up during the project life cycle. The necessary phases that must be included and described in a risk management plan include risk identification, risk assessment, risk evaluation, risk treatment, risk monitoring and risk closure. The risk shall be identified, assessed, and evaluated through the techniques as SWOT analysis, information gathering, PERT, and others. There shall be a risk register developed comprising of the name of the risk, description, impact, likelihood, responsible resource, status, risk score, and priority.

There are five possible treatment strategies that may be applied, as Risk Avoidance (Negative Consequences/Threats) is applied by using and implementing the control so that the risk situation does not occur. This treatment option is used for the risks that may have negative outcomes and consequences. There may be certain risks that may provide enhanced opportunities to the project if they occur. In such cases, the respective opportunity shall be pursued and explored. The likelihood or consequence of the risks can be controlled by using preventive and detective measures. The risk responsibility may be transferred to another party in case of the ownership of a specific tool or component by a third-party. The risks that may be neutral and may cause no damage may be accepted.

Identification & Documentation of Risk-Management Issues

The identification and documentation of the possible risk management issues are done during the project closure stages.

There are final reviews and assessment that is carried out for every project activity in the closure stage. There is also reflection on the project activities, performance of the resources, and lessons acquired that is carried out. The possible risk management issues can be identified on the basis of the final risk review report. The risks left untreated or pending in a project shall be assessed to understand the possible gaps.

The results shall then be documented in a formal report.

Future Improvements

The process of risk management is subject to improvements as there are newer technical tools that are being developed that may be used in the process of risk management.

Also, the customer expectations, organizational policies, quality and legal standards are also changing at rapid scale. All of these factors lead to the possibility of the improvements in the risk management process that may be applied to future projects.

There shall be continuous improvement plan developed for this purpose that shall include the steps as identify, plan, act, and review. The possible areas shall be identified in the first stage, the execution plan shall be determined in the next stage, the possible actions and the review processes shall also be listed.

Some of the improvements that may be done are in the areas of the use of technology in the process of risk management. There are automated reporting and communication tools, project management and organization tools that may be used in the process. The review, inspection, and audit cycles are also subject to improvement in terms of the frequency of these processes. There shall be increased number of reviews that shall be carried out and there shall also be surprise audits that shall be executed to detect the possible flaws and errors in the process.

The risk register shall be updated weekly and there must be secure communication methods, such as use of SharePoint location that shall be done to maintain the security and privacy of the information and data sets.

References

Apm. (2018). Risk context | APM.

Bock, K., & Truck, S. (2011). Assessing Uncertainty and Risk in Public Sector Investment Projects. Technology And Investment, 02(02), 105-123. doi: 10.4236/ti.2011.22011

Cagliano, A., Grimaldi, S., & Rafele, C. (2014). Choosing project risk management techniques. A theoretical framework. Journal Of Risk Research, 18(2), 232-248. doi: 10.1080/13669877.2014.896398

Carvalho, M., & Rabechini Junior, R. (2014). Impact of risk management on project performance: the importance of soft skills. International Journal Of Production Research, 53(2), 321-340. doi: 10.1080/00207543.2014.919423

Financegov. (2010). AS/NZS ISO 31000:2009  Risk Management – Principles and Guidelines

Govan, P., & Damnjanovic, I. (2016). The Resource-Based View on Project Risk Management. Journal Of Construction Engineering And Management, 142(9), 04016034. doi: 10.1061/(asce)co.1943-7862.0001136

Hillson, D. (2012). Extending the risk process to manage opportunities. International Journal Of Project Management, 20(3), 235-240. doi: 10.1016/s0263-7863(01)00074-6

Kwan, T., & Leung, H. (2011). A Risk Management Methodology for Project Risk Dependencies. IEEE Transactions On Software Engineering, 37(5), 635-648. doi: 10.1109/tse.2010.108

Lombard, P. (2008). Project scheduling and cost control: Planning, monitoring and controlling the baseline. Project Management Journal, 39(2), 115-115. doi: 10.1002/pmj.20049

Pimchangthong, D., & Boonjing, V. (2017). Effects of Risk Management Practice on the Success of IT Project. Procedia Engineering, 182, 579-586. doi: 10.1016/j.proeng.2017.03.158

Raz, T., Shenhar, A., & Dvir, D. (2011). Risk management, project success, and technological uncertainty. R And D Management, 32(2), 101-109. doi: 10.1111/1467-9310.00243

Sanchez, H., Robert, B., Bourgault, M., & Pellerin, R. (2009). Risk management applied to projects, programs, and portfolios. International Journal Of Managing Projects In Business, 2(1), 14-35. doi: 10.1108/17538370910930491