I presented a session on Risk Management for Grown Ups at the ThoughtWorks UK Away Day. This involves using real options to manage your risk.
I had some encouraging comments so I thought I would share the presentation with you.
Q1: First Off, why do we do projects?
A1: A project should deliver business value of X for a cost of Y.
Q2: What are the types of risks associated with a project.
A2: One, that the project costs more than estimated.
Two, that the project fails to deliver the business value specified in the business value model.
Three, a special case of two where the project damages the existing business model. i.e. It creates negative business value.
Q3: What is risk?
A3: Risk is uncertainty over an outcome. When you known something is going to happen with certainty, it is not a risk. When you are not sure about something, then its a risk
The current "best practice" approach to risk is as follows:
1. Identify the risk.
2. Record the risk in a risk register.
3. Assign a trigger to the risk to show when it kicks in.
4. Monitor the risks in the risk register.
5. Wait for the risk to materialise
Financial markets use options to manage risk. An option is the right but not the obligation to do something.
Real Options are the application of options theory from finance in project decision making.
A real option is any situation where you have the right but not the obligation to do something. You can use option theory from finance to value your option.
Real options allow you to defer decisions.
Financial mathematics tells you that it is never optimal to exercise an option earlier than necessary. This means decisions should be deferred to as late as possible but not later.
Real Options allow you to handle uncertainty in your IT project.
The option value is the loss incurred if the negative outcome occurs multiplied by the probability of it occurring.
1. Calculate the loss in the event of a negative outcome.
2. Estimate the probability of the event occurring.
3. Multiply the two numbers together to give the amount to spend on the option.
e.g. If the DBA is unavailable, the cost to the project is £10,000 per day for a month to hire a replacement. i.e. £200,000. The probability of the DBA being unavailable is 10%
The option to cover the risk that the DBA is unavailable is worth £20,000. This is the amount that you have available to spend to protect yourself against this risk.
Agile allows you to manage risk using Real Options.
Agile grants you the option, the right but not the obligation, to change the requirements at any point up to the last iteration. This allows you to manage the risk, the uncertainty, surrounding the requirements.
TDD grants you the option, the right but not the obligation, to change the design of the system at any point. This allows you to manage the risk, the uncertainty, surrounding the design’s ability to support the requirements.
Risk Management for Grown Ups.
1. Identify the risk.
2. Record the risk in a risk register.
3. Assign a trigger to the risk to show when it kicks in.
4. Identify an option to handle the undesired eventuality.
5. Value the option.
6. Invest the premium in the option.
7. Monitor the risk.