Risk management in Software Industry


Published on

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Risk management in Software Industry

  1. 1. Risk Management in Software Industry Presented by – Rehan Akhtar
  2. 2. IntroductionThe purpose of Risk Management is to identifypotential problems before they occur so thatrisk-handling activities can be planned andinvoked as needed across the life of the productor project to mitigate adverse impacts onachieving objectives.
  3. 3. ImportanceCapability Maturity Model Integrated (CMMi)
  4. 4. Importance cont…ISO 20000 (Service Management) ◦The ultimate goal of ISO 20000 is to: ◦Reduce operational exposure to risk ◦Meet contractual requirements ◦Demonstrate service qualityTL 9000 for Telecom Industry ◦ Similar to ISO 9000ITIL V3 (Best Practices for IT ServiceManagement) ◦ Risk Management and Analysis
  5. 5. Risk Management ProcessRiskmanagement can be divided into threeprocesses: ◦Defining a risk management strategy; ◦Identifying and analysing risks; and ◦Handling identified risks, including the implementation of risk mitigation plans when needed. ◦
  6. 6. Activities PerformedDetermine Risk Sources and Categories ◦Risk Source ◦Uncertain requirements ◦Unprecedented efforts—estimates unavailable ◦Infeasible design ◦Unavailable technology ◦Unrealistic schedule estimates or allocation ◦Inadequate staffing and skills ◦Cost or funding issues ◦Uncertain or inadequate subcontractor capability ◦Uncertain or inadequate vendor capability ◦Inadequate communication with actual or potential customers or with their representatives ◦Disruptions to continuity of operations Risk Categories ◦
  7. 7. Activities Performed cont…Define Risk Parameters Parameters for evaluating, categorizing, and ◦ prioritizing risks include the following: ◦Risk likelihood (i.e., probability of risk occurrence) ◦Risk consequence (i.e., impact and severity of risk occurrence) ◦Thresholds to trigger management activities ◦
  8. 8. Activities Performed cont…Establish a Risk Management Strategy ◦The scope of the risk management effort ◦Methods and tools to be used for risk identification, risk analysis, risk mitigation, risk monitoring, and communication ◦Project-specific sources of risks ◦How these risks are to be organized, categorized, compared, and consolidated ◦Parameters, including likelihood, consequence, and thresholds, for taking action on identified risks ◦Risk mitigation techniques to be used, such as prototyping, piloting, simulation, alternative designs, or evolutionary development ◦Definition of risk measures to monitor the status of the risks
  9. 9. Activities Performed cont…Identify Risks ◦Examine each element of the project work breakdown structure to uncover risks. ◦Conduct a risk assessment using a risk taxonomy. ◦Interview subject matter experts. ◦Review risk management efforts from similar products. ◦Examine lessons-learned documents or databases. ◦Examine design specifications and agreement requirements.
  10. 10. Activities Performed cont…Evaluate, Categorize, and Prioritize Risks ◦Each risk is evaluated and assigned values in accordance with the defined risk parameters, which may include likelihood, consequence (severity, or impact), and thresholds. ◦Likelihood - remote, unlikely, likely, highly likely, or a near certainty ◦Consequences – Low, Medium, High, Negligible, Marginal, Significant, Criti cal, Catastrophic Risks are categorized into the defined risk ◦ categories, providing a means to look at risks according to their source, taxonomy, or project component
  11. 11. Activities Performed cont…Develop Risk Mitigation Plans ◦Risk avoidance: Changing or lowering requirements while still meeting the user’s needs ◦Risk control: Taking active steps to minimize risks ◦Risk transfer: Reallocating requirements to lower the risks ◦Risk monitoring: Watching and periodically re- evaluating the risk for changes to the assigned risk parameters ◦Risk acceptance: Acknowledgment of risk but not taking any action
  12. 12. Activities Performed cont…Implement Risk Mitigation Plans ◦Monitor the status of each risk periodically and implement the risk mitigation plan as appropriate.
  13. 13. DocumentsRisk source lists (external and internal)Risk categories listRisk evaluation, categorization, andprioritization criteriaRisk management requirements (e.g., controland approval levels, and reassessment intervals)Project risk managementList of identified risks, including thecontext, conditions, and consequences of riskoccurrenceList of risks, with a priority assigned to eachriskDocumented handling options for each