| 2. |
(a) A key component of risk management is the ability to anticipate the
different types of risk involved in a project. Four sources of risk in a project are technical
risk, market risk, financial risk and human risk. Describe each of these four
types of risk and in each case provide an example of the risk.
|
[8] |
|
In each of the following, award 1 mark for a suitable explanation, and 1
mark for a suitable example, up to a maximum of 8 marks.
|
|
|
- Technical risk: the risk factors arising from either the
development stage or from the operation stage of the deliverable. This is a particular
danger for highly complex or new systems (1 mark). e.g. fundamental or novel research
projects (1 mark), systems integration projects (1 mark) etc.
|
[2] |
|
- Market risk: risk associated with
failure of the developed product in the marketplace (1 mark). Any suitable real example (1
mark).
|
[2] |
|
- Financial risk: the risk factors
relating budget, cash-flow and the profit-margin on the product that is developed (1
mark). Can cause difficulties if e.g. late payment by customers (1 mark), over-spending on
development equipment
(1 mark), poor budgeting (1 mark) etc.
|
[2] |
|
- Human risk: human risks are due to
the unpredictability of people and is therefore probably the least controllable of risks
(1 mark). e.g. key staff might leave (1 mark), employees might perform badly on a project
(1 mark) or customers might change their minds about purchasing a project (1 mark) etc.
|
[2] |
|
(b) In risk management we attempt to minimise
the risks associated with a project. The process of risk management is usually described
in four phases. Identify each of these four phases and explain carefully what is involved
in each of them.
|
[12] |
|
One
mark is available for correctly identifying each of the four phases. A further two marks
is available for a careful explanation which demonstrates a good level of understanding
here. Answers which effectively say "risk identification involves the identification
of risks" etc. should not receive any credit. Candidates must make at least two
substantial points for each risk to obtain both marks.
|
|
|
- Risk identification (1 mark): is the process of
determining what features of a project might involve risks so as to avoid difficulties at
a later stage of the project (1 mark). It must be undertaken carefully and systematically
and focus on risks which are both internal and external to the project, and of all four
types listed above in part (a) (1 mark).
|
[3] |
|
- Risk assessment (1 mark): aims to identify how a
particular risk or set of risks might affect the project (1 mark). As far as possible, the
assessment should be quantitative, with some indication of the probabilities of the
various outcome preferably based on previous experience (to avoid guessing) (1 mark).
|
[3] |
|
- Risk response planning (1 mark): is the process of
developing methods for dealing with risk events i.e. what actions should be taken firstly
to avoid risk, and secondly to minimise the impact of risk events should they occur (1
mark). Generally approached by developing and following system standards, acquiring
insurance, and developing planning alternatives (1 mark).
|
[3] |
|
- Documentation (1 mark): most companies have a wide range
of documentation which can provide a wealth of information which can be used to inform the
entire risk-management process (1 mark). By keeping careful historical records of all
areas of the company’s activities we produce an environment in which perceptions of
the future can be based on informed judgement gained from previous experience (1 mark).
|
[3] |
|
|
|