Keywords

Decision-making processes in project management occur, as a rule, in conditions of uncertainty, which depends on the following factors:

  • incomplete knowledge of all the parameters of the management process or circumstances in the situation of decision making;

  • the presence of the probabilistic nature of environmental behavior and, accordingly, the need to take into account random factors;

  • the presence of subjective factors of opposition, when decision-making takes place in a situation of interaction of partners with opposite or conflicting interests.

Risk is understood as the potential, numerically measurable possibility of adverse situations and related consequences in the form of losses, damage, losses [1].

Thus, under these broad definitions of risks and quite general descriptions of risk management, it is clear that risk avoidance/risk mitigation programs must be multidimensional. These programs often include good management practice, leadership and human resource issues, as well as scheduling, contingency planning and buffer management (buffer sizing and placement).

The focus of this paper is this latter set of programs in that we analyze the way that a project team can utilize quantitative planning tools to contain project risk and to hedge against its impact on success.

Seven sources of schedule risk:

  1. 1.

    Lack of a realistic schedule developed to a level of detail that accurately reflects how the work will be done, with fully developed work scopes and sequential logic.

  2. 2.

    Inherent uncertainty of the work arising from advanced technology, design and manufacturing challenges, and external factors including labor relations, etc.

  3. 3.

    Complexity of projects, which requires coordination of many contractors, suppliers, government entities, etc.

  4. 4.

    Estimates prepared in early stages of a project with inadequate definition of the work to be performed, and inaccuracies or optimistic bias in estimating activity durations.

  5. 5.

    Over-use of directed (constraint) dates, perhaps in response to competitive pressures to develop aggressive, unrealistic schedules.

  6. 6.

    Project management strategies favoring late start scheduling or fast track implementation.

  7. 7.

    Lack of adequate float or management reserve.

The key to risk management is the quantification of risk, and the use of software tools to reduce the impact of risk on project schedules. Indeed, with the increasing power of the computer, with better and easier-to-use software, with more and better data available, and with increasing pressures to manage projects effectively. Using decision technologies to manage risk in projects is now an important part of project risk management.

There are two methods for determining the likelihood of unwanted events: objective and subjective.

An objective method for determining the probability of unwanted events is based on calculating the frequency with which a particular result was obtained under similar conditions [2].

The subjective likelihood of adverse events is an assumption regarding a specific outcome. This method is based on a heuristic judgment and the personal experience of the decision maker. In other words, based on personal experience and intuition, the decision maker needs to make a quantitative assumption about the likelihood of an undesirable event.

Thus, risk measurement is the determination of the probability of a risk event.

Risk management in projects includes identification, quantification and risk management. All projects have some degree of risk. Projects that use new technologies face the prospect that these technologies do not live up to expectations, very complex projects solve the problem of accurate estimation of time and cost, and even the smallest and simplest projects have some element of risk.

In today’s world economy, the competitive position of the economy is determined by its ability to create and apply high technology, produce competitive high-tech products, including information and communication technologies and software. In many cases, the cost and duration of software development projects far exceed the estimated time, and the quality characteristics do not meet the required ones, which is detrimental to customers, users and developers.

The risk management of the project for the implementation of information technologies (IT projects) consists in identifying all possible risks in advance and conducting a set of preventive measures to avoid serious problems during the implementation of the project.

The problem of researching risks in software development processes is complicated by the increasing diversity and complexity of software products being developed. Modern software development projects are characterized by the inability to clearly describe the project product in the initial stages of its implementation [3].

For large software manufacturers developing hundreds of software products, the inability to properly manage risks can lead to tangible economic losses, which could be significantly reduced by timely analysis, forecasting and risk reduction, which makes this direction one of the most relevant [1]. The use of risk management in practice will increase the validity of management decisions and the economic efficiency of the activities of software manufacturing enterprises.

The creation of economic and mathematical methods of risk management in the field of software engineering is today an important and insufficiently studied task, which indicates the relevance of the study on this topic [4].

Risk management has been practiced since the mid-1980s. Effective risk management can lead to a number of benefits to the project manager, such as identifying a favorable alternative course of action, increasing confidence in the project goal, improving the chances of success, fewer surprises, more accurate estimates (due to reduced uncertainty), etc.

The basis of the theory of risk management was laid by scientists who tried to develop methods of solving certain types of problems associated with emerging risks in the industrial and commercial world. The founder of risk management is Wayne Snyder, who in 1956 first described the profession of “risk manager”. The first risk management textbook was published in 1963 by Robert Irwin Mayor and Bob Atkinson Hedges, entitled “Risk Management and Business.” The main goal of risk management was to maximize the efficiency of the enterprise.

All risks cannot be eliminated, so you need to identify and manage them to prevent project failure. Risk management is the only way to get project approval because it presents risks as clearly identified and therefore controlled.

The goal of creating a methodology is to increase the confidence of quantifying project risk assessment and speed up decision-making by creating a risk management methodology. To achieve this goal, the following goals need to be met:

Form a concept for the risks of an innovative project.

To analyze existing methods of project risk assessment.

Explore traditional approaches to making innovative decisions in the face of uncertainty and the global financial crisis.

To form and classify significant risk factors for the project at all stages of its life cycle.

Combine the advantages of two different project risk management methods - the decision tree and the PERT method - in one methodology in order to improve the quality of the project risk management.

A quantitative risk analysis is carried out in relation to those risks that, in the process of a qualitative risk analysis, were qualified as potentially or significantly affecting the competitive properties of the project [1]. Quantitative assessment can be applied both separately from qualitative and in conjunction with it. If time and budget allow, and if both types of valuation are needed, sharing is the best choice. The purpose of the analysis is to determine the probabilities of achieving specific goals of the project, identify risks that require special attention, determine realistic and achievable goals for the cost, schedule or content of the project taking into account the risks of the project, determine the best solution for project management when some conditions remain undefined. This analysis presents a quantitative approach to decision making under uncertainty in project management.

At the stage of risk analysis, it is necessary to assess them on the basis of qualitative and quantitative analysis.

As part of the analysis, it is necessary to find the most effective ways to apply the methods for: avoiding, reducing, making decisions about risks, or transferring the situation to another person, and complete these steps with the development of an optimal action plan for the best combination of effectiveness.

In the process of a qualitative risk analysis, the sources of risks are determined, as well as the reasons for their occurrence:

Identification of possible risk areas;

Identification of risks associated with the work of the company;

Modeling of probabilistic positive and negative results of manifestation of identified risks.

With a qualitative analysis, the possible types of risks of the investment project are identified and identified, and the reasons and factors affecting the level of each type of risk are also identified and described.

A quantitative risk analysis of an investment project involves a numerical determination of the magnitude of individual risks and the risk of the project as a whole. Quantitative analysis is based on probability theory, mathematical statistics, and theory of operations research [1, 2].

To carry out a quantitative analysis of project risks, two conditions are necessary: the presence of a basic calculation of the project and a full analysis.

The task of quantitative risk analysis is to numerically measure the impact of changes in risk factors of the project on the behavior of the criteria for project effectiveness. When applying quantitative methods, the person responsible for risk assessment has the opportunity to present the risks in the form of a formal system.

The methods used to assess the magnitude of the risk are usually quantitative. However, a complete quantitative analysis is not always possible due to a lack of information about the system or activity being analyzed. Under such circumstances, comparative quantitative or qualitative risk ranking may be effective by specialists well-informed in the field and systems. In those cases, when a high-quality ranking is carried out, it is necessary to have a clear explanation of all the terms used and the justification of all classifications of probabilities and damages should be recorded. In the case when a complete quantitative assessment of the risk value is carried out, it is necessary to take into account that the calculated risk values are approximate estimates and care should be taken that their accuracy corresponds to the accuracy of the initial data used and analytical methods.

Elements of the risk assessment process are common to all types of risk. First of all, the possible causes of a negative event are analyzed in order to determine the frequency of occurrence of such events, their duration, as well as nature. In the process of analysis, it may be necessary to determine the assessment of the probability of danger causing negative consequences, and conduct analyzes of the sequence of causing events.

There are a number of different methods to quantify risks. The vast majority of them are devoted to planning and scheduling, taking into account the risk of delays in the implementation of various stages of the project, as well as the risk of exceeding the project budget (in particular, assessing the necessary reserves). This is a network planning method (CPM, PERT), a decision tree analysis, a Monte Carlo simulation method. Let us analyze the decision tree method. This is a graphical tool for analyzing design situations that are under the influence of risk factors. The decision tree displays sequential decisions in the form of tree branches, located from left to right. Branches originate from the starting point of decision making and “grow” until the final results are obtained. A path along the branches of a tree consists of a sequence of individual decisions and random events. In order to evaluate solutions, it is necessary to calculate the expected value of each path by “folding” the tree in the opposite direction - from the end points to the source. This method allows you to visualize even quite complex structures of risks and decisions. The disadvantage of this method is the difficulty of accurately determining the probabilities and losses in the event of a risk event [5, 6].

One of the greatest advantages of using decision trees is the intrinsic transparent attributes. Unlike other management tools, decision trees are explicit, evaluate accurately all potential options, and links each option to its termination, permitting simple evaluation among the numerous possible decisions. The employment of discrete links to represent customer classified assessment, offers additional precision and lucidity to the process of decision making.

Program (Project) Evaluation and Review Technique (abbreviated PERT) - a technique for evaluating and analyzing programs (projects), which is used in project management. PERT is a way to analyze the tasks needed to complete a project. In particular, analysis of the time it takes to complete each individual task, as well as determining the minimum time needed to complete the entire project.

PERT was designed primarily to simplify paper planning and scheduling large and complex projects. PERT is designed for very large-scale, one-time, complex, non-routine projects. The technique implied the presence of uncertainty, making it possible to develop a project work schedule without accurate knowledge of the details and the necessary time for all its components. The PERT network diagram is most effective for modeling large projects in which the risk of a change in duration is high enough. Experts have the opportunity to give three estimates of the duration of work, which allows to take into account the risks affecting their implementation to varying degrees [5].

When criteria for the project’s effectiveness for the so-called “base case” have been obtained, its assessment cannot yet be considered completed due to the uncertainty of future events and the inaccuracy of the information collected. The cost of the project, which is planned for the near future, and even more so the prices for the products or services of the project accepted for calculations, may not be confirmed over time. Therefore, during the analysis of quantitative indicators of the project, it is necessary to determine not only their specific values for the calculation model, but also the possible area of their changes. Consequently, the tasks of project preparation also include analysis of the remaining 50%, which objectively cannot be foreseen, or risk analysis [5, 7].

Despite the complexity of the project categories and project risk, today at most enterprises there is no structured and centralized risk management system. Risk management at the enterprise, including project risk management, is integrated into the enterprise activity management system and project management system by providing risk management status to daily crisis prevention actions. However, insufficient attention is paid to the procedural aspects of risk management, as well as to issues of risk assessment.

In order to improve and increase the effectiveness of the risk management system at the enterprise, it is necessary to create a unified and centralized risk management system using all possible methods of analysis and assessment of risk situations, as well as all risk management tools with subsequent monitoring and control [7].

Decision making under uncertainty is based on the fact that the probabilities of various scenarios are unknown, that is, due to the lack of necessary information, such a probability cannot be established. Decision making under risk is based on the fact that in each situation, the probability of occurrence of individual events that affect the final result with varying degrees of accuracy can be established. This allows you to take into account each of the effectiveness values and choose the situation with the lowest risk level for implementation.

Suppose that there is a project for which it is necessary to calculate the possible risks when obtaining a loan for the development of the project and not getting a loan. We will calculate the main indicators of economic efficiency of the project according to the 1.

$$ NPV = \sum\nolimits_{t}^{T} {\frac{{\Pi _{t} - O_{t} }}{{\left( {1 + r} \right)^{t} }}} . $$
(1)

NPV (Net present value) is calculated as the difference between the discounted cash inflows (Пt) and outflows (Ot) for current (operating) and investment activities for the entire period of the project. A positive value of NPV (NPV > 0) indicates that the project is breaking even [6, 8].

NPV of the first and second options for the development of the project is 24524.56 UAH and 30,086.33 UAH, respectively. When analyzing risks using the decision tree method, it was concluded that in terms of commercial efficiency, the project has the greatest risk when applying for a loan (Fig. 1). The effectiveness of participation in a project in which equipment is purchased on credit, on the contrary, is less risky. Thus, we can conclude that the loan is a good solution in the framework of the project. Having examined a number of methods associated with the project risk, it can be emphasized that the company should strive to prevent risks or minimize their negative impact, it is also necessary to remember the rational use of project resources, as well as monitor activities for successful implementation.

Fig. 1.
figure 1

Combined methods PERT and decision tree

Full size image

Next, we will consider the method of calculating the PERT schedule to determine the expected duration of the project. The results of the calculation of the expected time, variance and standard deviation are presented in Table 1.

Table 1. Project expected duration
Full size table

The expected time is calculated according to the 2.

$$ {\text{Te}} = \frac{{{\text{O}} + 4{\text{M}} + {\text{P}}}}{6}, $$
(2)

where Te - Estimated Time

  • O - Optimistic assessment

  • M - Most likely score

  • P - Pessimistic assessment

The calculation of the dispersion of the critical path is presented in 3:

$$ \sqrt {\sigma^{2} } = \sum \left( {\frac{P - O}{6}} \right)^{2} = 18,22. $$
(3)

The standard deviation is calculated according to the 4:

$$ \sqrt {\sigma^{2} } = \sqrt {\sum \left( {\frac{P - O}{6}} \right)^{2} } = \sqrt {18,22} = 4,27. $$
(4)

Within one standard deviation from Te with a probability of 68.26%, the duration of the project can vary from 278 to 295 days. Within two standard deviations from Te with a probability of 94.44%, the duration of the project can vary from 267 to 304 days. Within three standard deviations from Te with a probability of 99.73%, the duration of the project can vary from 261 to 312 days.

We visualize the data obtained by combining them with the decision tree in Fig. 1.

The developed methodology shows that the PERT method in combination with the decision tree method is a convenient way to work with risk events that are considered to be independent of each other (which may not correspond to reality), not only in small but also in large projects, formally or informally.

The methodology is integrated into the generally accepted risk management procedure and is applied at the stage of risk assessment and analysis. This technique is effective due to the fact that it connects the most dangerous and possible risks with the ability to manage them.

The main procedure of the risk management stage is the choice of a risk management method and its further application. The company considers all groups of risk management methods and applies them both in the planning phase and in the project implementation phase. These methods include methods of risk aversion, localization, diversification and risk compensation. Directly during the application of risk management methods, monitoring of this process takes place, which may reveal the need for various adjustments.

In this paper we have advocated the use of readily available decision technologies to manage schedule risk in projects. Although our focus has been somewhat narrow, i.e., confined to schedule, but the use of modern decision technology tools can be useful to a project team as it plans and executes a project.

Thus, the use of the considered model of project risk management at the enterprise will allow to structure the risk management system itself, to take into account the procedural aspect of risk management by developing an algorithm of actions at each stage of the project. The introduction of a centralized risk management system can also solve the problem of unforeseen risks for the enterprise and its projects, simplify risk decisions and reduce risk management costs compared to the existing level.