PROJ6003 Project Execution and Control

Assessment 2: Risk Management

Part B: Risk Management

Table of Contents
Executive Summary.....................................................................................................................................2
Introduction.................................................................................................................................................3
Risk analysis.................................................................................................................................................3
Risk identification........................................................................................................................................3
 Risk probability and impact matrix..............................................................................................4
 A risk response strategy to manage identified risks.....................................................................5
 Project risk register......................................................................................................................5
Risk management reporting........................................................................................................................8
Conclusion...................................................................................................................................................8
References...................................................................................................................................................9
Executive Summary
The risk management report provides an overview of possible risk and impact of risk on a Link
Project case study. The key risk identified in the project is categorized into technical risk,
management risk, commercial risk and external risk. Risk probability and impact matrix has
categorized risk on the basis of likelihood and consequences. The development of an appropriate
response strategy are inclined with the identified risk of the project. Risk register has provided an
insight into risk title, the effect of risk, risk category, risk sub-category, risk impact, risk
probability, risk level, status, owner, risk response strategy, stakeholder involvement, and
communication method. Likewise, risk management reporting has identified key stakeholder
involved in the project and method of appraising stakeholder on the ongoing risk management
activities.
Introduction
The purpose of the risk management report for a given case study is to conduct risk identification
and impact assessment. The report identifies possible risk for the case study and critically
analyze the impact of the risk. Risk probability and impact matrix will be used to rate and
prioritize the risks. It develops an appropriate response strategy to effectively manage the
identified risks. A risk register is presented to highlight the overall risk and impact of the risk.
Similarly, the report identifies and explain how stakeholders will be appraised of the project’s
ongoing risk management activities.

Risk analysis
The risk analysis related to the Link Project Case study helps to find out the actual problem of
risk and impact analysis followed by the necessary management option to tackle them.

Risk identification
The risk identification process helps the stakeholders to find out threats that hamper the progress
of the project and show methods for countering risk to make the project free from any types of
error in the future. The risk related to Link Project in replacing LEAP database by Victoria
Police are:
 Loss of data and records
It is very costly to convert data from LEAP to LINK and there might exist budget issues. While
shifting data from an old to a new system, some data might get lost from the LEAP system. Loss
of files and data can arise from various issues such as system failure, drive crashes, viruses,
human error or hackers. To avoid loss of data, it is important to appoint IT personnel. It is costly
to appoint IT personnel. End users face further problems from lack of additional budget for data
conversion. Thus, data mitigation testing would help avoid such losses if the budget is allocated.
 Adoption of the like-for-like strategy
Although Victoria Police has purchased Enterprise Service Bus(ESB) for an exchange of
information from LEAP interface by making provision of a mechanism for a new system, a
commercial off the shelf (COTS) system has been made from an agency. The use of the COTS
system has led to several difficulties in upgrading the system as it was made customized to feel
and look like the previous system although several changes were made after the reproduction of
LEAP functionality. Higher cost and high customization are the risks related to the use of a like-
for-like system. Te use of the new system has solely led to duplication of the old system and
failure is seen in advancement in new technology. Thus, Victoria Police should consider re-
engineering the process to make a new system to fit and lead to the optimization of development
costs.
 Complexity in the project
The upgrade of LEAP is surrounded by various challenges in maintaining previous criminal
records and other incidents which need to be properly managed. But with the Link Project there
exists various factors that lead to a risk to the project. Lack of appointment of project manager
and lack of knowledge of sworn officer has also led to complexity. Due to this, the project
manager could not lead to the proper delivery of IT linked database conversion. Due to a lack of
accountability, unsystematic planning and inexperienced manager, the scrutiny level has been
down. Moreover, lack of documentation like interface with other applications and data collection
has led to a rise in complexity in the project. There should be made provision that interface cost
should not be underestimated as a part of up-gradation change.

 Risk probability and impact matrix

Extreme
  Risk
  High Risk
Medium
  Risk
  Low Risk

Consequences
1. 2. 3. 4. 5.
RISK MATRIX Insignificant Minor Moderate Major Severe
5. Almost Extrem
Certain High Extreme High e Extreme
Extrem
4. Likely Low Medium High e High
3. Possible Low Medium Medium High High
2. Unlikely Low Low Medium High Medium
LIKELIHOO Mediu
D 1. Rare Low Low Low m Medium
 The risk level of loss of data and records is very high compared to other risks. The risk
level of adoption of the like-for-like strategy is high as there is a high possibility of an
increase in the cost of the Link Project from the budgeted cost of $60.5 million.
Similarly, there is a medium degree of risk arising from the complexity of the project.

 A risk response strategy to manage identified risks

The most commonly available risk response strategy is escalated, avoid, transfer,
mitigate and accept. Escalate strategy is appropriate when the risks are outside
the scope of the project. Avoid strategy is appropriate when the project team
works to eliminate the risks. Transfer strategy is suitable when it involves
shifting of ownership of a threat to a third party to manage risk. Mitigate strategy
is used to reduce the probability of occurrence of a risk[ CITATION Abd12 \l 1033 ].
Accept strategy acknowledges the existence of threat but does not take any types
of proactive action.

Loss of data and records is a type of risk that can be avoided. This risk has a high
probability of occurrence and can harm the project. This risk can be avoided by
making an appointment with IT personnel. The risk of adoption of a like-for-like
strategy can be avoided by focusing on the development of the system through the
re-engineering process. Victorian Police can mitigate the complexity of the
project by upgrading to the process which is less complex.

 Project risk register

RISK
RISK RISK COMMUNICATION
RISK IDENTIFICATION RESPONS
ASSESSMENT STRATEGY
E
R R R R R R R R S O R C ST Co CO RE
 ISK
DE IS
IS
SC K SPO
IS K IS
ISK RIP RE NSIB
K SU K IS T OU MMU
IS TIT TI ISK W SP AKE mmu LE
CA B- PR K A RSE NICA
K LE ON IMP N ON HOL nicati FOR
TE CA OB LE T OF TION
I / / AC E SE DER on COM
G TE AB VE U ACT MET
D NA Eff T R ST S Type MUN
OR G ILI L S ION HOD
ME ect / RA ICAT
Y OR TY
CA TE ION
Y
US GY
ES
Los
s of
data
aris Maint
es ain an
fro approp
Los m orite
Ext App
R s of syst Tec Cata Victo budget
Lik re O oint
K data em hni strop P Av ria Intera and
  ely me pe IT PM
00 and fail cal hic M oid Polic ctive hire
(4) (20 n perso
1 reco ure, risk (5) e skilled
) nnel
rds viru emplo
s yee for
and the
hu project
man
erro
r
U
se
of
CO
TS
syst Foc
em us on
has an
A
give imple
dopt
n e rei mentat
ion C
R rise Tec li xtr ngen Vi ion of
of atast o T inte
K to hni kel em P eerin ctoria new
like-   roph pe ran ractiv PM
00 vari cal y e M g of Polic system
for- ic n sfer e
2 ous risk (4) (20 proc e by re-
like (5)
diffi ) ess engine
strat
cult ering
egy
ies of the
in proces
upg s
radi
ng
the
syst
em
R C U Tec   li ca e o P M Int Vi inte Ma PM
 nski
lled
swo
rn
erfac
offi
e
cer
cost
and
shoul
lack
d not
of ke
omp be
proj xtr upgdar
lexit unde
K ect hni kel tastr em itig ctoria ing
y in pe resti ractiv
00 man cal y ophi e M atio Polic proces
the n mate e
3 ager risk (4) c (5) (20 n e s less
proj d in
has ) compl
ect the
led ex
upgd
to
atati
com
on
plex
chan
ity
ge
in
the
proj
ect

Risk management reporting

A stakeholder can be categorized into primary stakeholders and secondary stakeholders.
Primary stakeholders are the people who are directly affected by the project. Secondary
stakeholders are the stakeholders with an intermediary role in the project. Primary
stakeholder in the Link Project Case Study is Victorian Police and the general public.
Secondary stakeholders are government and NGOs.
Stakeholder’s select different indicators. Link Project should include some of Victorian
Police indicator, general public indicator, government indicator, and NGO indicator.
Although, it is difficult to develop an indicator and there underlies a debate with different
stakeholders. Careful handling should be done to appraise the project with the purpose of
the project. A focus must be laid down on understanding different stakeholder
expectations, benefits likely to be obtained by the stakeholders and interest of the
stakeholder.
 Through a combination of influence and importance, it allows identifying assumptions
and risks to be managed on the project. Classifying stakeholders based on influence and
importance helps to manage a project successfully.

Conclusion
The risk management report for the Link Project case study has provided a detailed insight into
risk and risk management reporting. To overcome risk in the project, different types of risk
response strategies are highlighted. A major focus is provided to stakeholders by appraising the
ongoing project risk. The risk management report will be very useful in undertaking analysis on
the project risk and strategy to avoid risk. It is very challenging for a project manager to create
an effective risk management plan. Therefore, the focus must be laid down on the different
aspects of a project to develop effective risk management.

References
Abdul-Rahman, M.-R. F. a. C. W., 2012. Reducing failures in software development projects:
effectiveness of risk mitigation strategies. Journal of Risk Research, Issue 15, pp. 417-433.

Anna Sandberg, V. A., 2014. Defining Technical Risks in Software Development. 2014 Joint Conference of
the International Workshop on Software Measurement and the International Conference on Software
Process and Product Measurement (IWSM-MENSURA).

Ssempebwa, R. K., 2013. PROJECT RISK MANAGEMENT. Conference: Atlantic international University.

Yescombe, E. R., 2002. Commercial Risks. Principles of Project Finance, pp. 137-181.