Risk management (student)

Enseigné	enseigné
Catégorie	cours

⭐

Cours de Julie Chaumard @25 février 2025

How to manage risk ?

1. Basic Definition of Risk

Risk is a combination of two elements: probability of occurrence and impact

Formula: Risk = f(probability, consequence)

Risk can also be defined as: Risk = f(hazard, safeguard)

What types of risk
- technical
- planning
- business
- budget
- quality
- regulatory
- security
- availability of raw materials, services or supplies

Risk Component Calculation

Probability (P)

Scale from 1 to 5 where:

1 = Very unlikely (1-20%)
2 = Unlikely (21-40%)
3 = Possible (41-60%)
4 = Likely (61-80%)
5 = Very likely (81-100%)

Domain statistics can be studied to get indicators.

Practical example:

Risk of App Store delay for a mobile app:
- Statistically, 70% of new apps get feedback
- Therefore Probability = 4 (Likely)

Impact (I)

Scale from 1 to 5 where:

1 = Minimal (Negligible impact)
2 = Low (Limited impact)
3 = Moderate (Significant impact)
4 = Major (Serious impact)
5 = Critical (Catastrophic impact)

Practical example:

Impact of a server crash:
- Loss of all connected users
- Revenue loss during downtime
- Reputation damage
- Therefore Impact = 5 (Critical)

Risk Score

Formula: Score = Probability × Impact

This gives a scale from 1 to 25:

1-5   = Low risk
6-12  = Moderate risk
13-19 = High risk
20-25 = Critical risk

Usage Tips

Always evaluate with a team for more objectivity

Regularly reassess scores

Document the reasons for your assessments

Use historical data when available

3. Risk Management Includes 5 Main Aspects

Risk planning

Risk identification

Risk analysis

Response strategy development

Risk monitoring and control

4. Risk Response Strategies

For negative risks:

Avoidance: change the plan to eliminate risk

Mitigation: reduce probability or impact

Transfer: have a third party bear the risk

Acceptance: accept potential consequences

For opportunities:

Exploitation

Sharing

Enhancement

Acceptance

5. Key Management Principles

Be proactive rather than reactive

Integrate risk management into all project processes

Document through a Risk Management Plan (RMP)

Train staff appropriately for their roles

Implement tracking indicators (earned value, program metrics, schedule tracking)

6. Monitoring and Control

Establish cost, technical performance, and schedule indicators

Example/Exercise

Exercise: Development of a Photo Sharing Mobile Application

You are leading a team that needs to develop a mobile photo sharing application in 4 months. The application must allow users to take photos, modify them with filters, and share them with their friends.

Open a Docx Microsoft document and create a risk management plan.

Part 1: Risk Identification

Instruction: Identify potential risks in each category:

Part 2: Risk Analysis

Instruction: Probability, impact, and score

Part 3: Response Strategies

Instruction: find response strategies and transformation into opportunity

Part 4: Monitoring Plan

Instruction: develop a monitoring plan

Part 5: Contingency Plan ("just in case" or "Plan B")

Instruction: develop a Contingency plan

Answer

Exercise: Development of a Photo Sharing Mobile Application

Open a Docx Microsoft document and create a risk management plan.

Part 1: Risk Identification

Instruction: Identify potential risks in each category:

I can help you identify a few risks

Technical Risks

Incompatibility with certain iOS/Android versions

User data storage issues
- Exceeding planned storage capacity

Regulatory Aspects

Non-compliance with GDPR or other local regulations

Inadequate storage of personal data

Data localization issues (some countries require local storage)

Security Aspects

Data leaks

Unauthorized access

Data loss

Storage system vulnerabilities

Planning Risks

Delay in photo filter development

App Store approval time longer than expected

Third-party API integration more complex than anticipated

Business Risks

Direct competitor appears before launch

Server costs higher than expected

Slower user adoption than expected

Quality performance
1. the download of the photo could take too long
1. display the photo could take too long

Part 2: Risk Analysis

Instruction: Probability, impact, and score

Example analysis for three major risks:

Risk	Probability (1-5)	Impact (1-5)	Score (P×I)
App Store delay	4	3	12
High server costs	2	4	8
User data storage	3	5	15

Part 3: Response Strategies

Instruction: find response strategies and transformation into opportunity

For App Store delay (Score: 12)

Strategy: Avoidance

Actions:
1. Study store guidelines in detail
1. Prepare submission in advance
1. Plan for specialized consultant review
1. Include 2-week margin in planning

For user data storage (Score: 15)

Mitigation
1. Architecture
  - Use scalable storage system (e.g., AWS S3)
1. Monitoring
  - Monitor storage usage
1. Security
  - Data encryption
  - Strong authentication
  - Regular security audits

Transfer strategy
- Use established cloud services (AWS, Google Cloud, Azure)
- Subscribe to cyber-risk insurance
- Partnership with data storage experts

Transformation into opportunity

Higher than expected server costs
Transformation into opportunity:
- Motivation to develop more efficient architecture
- Development of cloud optimization expertise

Direct competitor appearance
Transformation into opportunity:
- Learning from competitor's mistakes
- Motivation to accelerate innovation
- Opportunity to clearly differentiate