This is a talk about risk management. The speaker (Gill Ferrell), hass already said that 2001: A Space Odessey is a terrible film, and misquoted Hitchhikers Guide to the Galaxy. I’ll try not to hold this against her…

She is just relating the Monty Hall dilemma (http://mathworld.wolfram.com/MontyHallProblem.html) – this seems to be popular at the moment – Shan Wareing – head of our Educational Development Centre – used it in a talk on e-learning

She seems to be drawing all the wrong conclusions from it though – she says it is human nature to stick to the original decision – I don’t think this is the case – the point of the story is that it goes against instinct that changing or sticking affects the outcome at all – the reason this became such an issue is that professional mathematicians have argued wrongly) that it make no difference to your chances of winning.

OK – lets get on to the real stuff of the talk:

Worth saying from the start that there is a JISC Infokit covering all this stuff, which is what the talk seems to be based around:

http://www.jiscinfonet.ac.uk/InfoKits/risk-management

Risk can only be managed – not eliminated. The first stage of risk management is to identify risk.

Risk registers – need to look at cause and effect:
Condition
Cause
Consequence
Context

Often the consequence is identified (e.g. a ‘risk’ the project may go over budget), rather than the actual risk.

So, try the following:
Risk – staff may leave before the end of the project
Re-phrase as:
There is a risk that staff may leave before the end of the project, caused by xxx, resulting in xxx

Unless you record the risk in a meaningful way, risk management is not useful

Ways of looking at risk analysis – probability and impact

E.g. – a very low risk would have low probability and negligible impact

Also the immediacy of a risk is important – identifying risk early, usually means more options – Risk Response Planning.

Risk Response Options:
Risk Avoidance – choose a different option which doesn’t have the risk
Risk Transference – make someone else take the risk for you
Risk Mitigation – take some action to minimise the impact of the risk
Risk Deferral – put off the decision, hope that conditions change
Risk Acceptance – decide you are going to risk it

Iterative Risk Management
Nice diagram here, but can’t quite capture it (camera phone not up to it) – see the infokit for the detail (referenced above) – but basically saying you need to go round the process of defining risks, and thinking about response.

All forms of Risk Response are going to cost something – there is a problem in budgeting for risks that actually occur – how do you set this budget?

Introducing the concept of ‘Expected Monetary Value’ – basically working out probability of risk and how much it will cost you to cope with the risk happening. Multiply the cost of the risk happening, and the probability of the risk happening to work out the EMV of the risk.

When you budget a project, you need to include the cost of project work, plus risk response cost plus contingency – otherwise you haven’t budgeted for the real world.

Some interesting results from a Gartner survey – Senior Management see IT as a barrier to business, and see IT managers as ‘risk averse’ – are IT professionals playing it safe at the expense of business opportunities?

How do we overcome this? How about ‘Service Oriented Approaches’ – http://www.elearning.ac.uk/frameworks

SOA – is about bringing together disparate systems to deliver service – especially important in systems that need to be agile – e.g. e-learning.