Risk Management in Software Industry                            Presented by –                             Rehan Akhtar
IntroductionThe purpose of Risk Management is to identifypotential problems before they occur so thatrisk-handling activi...
ImportanceCapability Maturity Model Integrated (CMMi)
Importance cont…ISO    20000 (Service Management)   ◦The ultimate goal of ISO 20000 is to:   ◦Reduce operational exposure...
Risk Management ProcessRiskmanagement can be divided into threeprocesses:  ◦Defining a risk management strategy;  ◦Identi...
Activities PerformedDetermine   Risk Sources and Categories  ◦Risk Source  ◦Uncertain requirements  ◦Unprecedented effort...
Activities Performed cont…Define   Risk Parameters  Parameters for evaluating, categorizing, and  ◦  prioritizing risks i...
Activities Performed cont…Establish   a Risk Management Strategy  ◦The scope of the risk management effort  ◦Methods and ...
Activities Performed cont…Identify   Risks  ◦Examine each element of the project work  breakdown structure to uncover ris...
Activities Performed cont…Evaluate,   Categorize, and Prioritize Risks  ◦Each risk is evaluated and assigned values in  a...
Activities Performed cont…Develop   Risk Mitigation Plans  ◦Risk avoidance: Changing or lowering requirements  while stil...
Activities Performed cont…Implement   Risk Mitigation Plans  ◦Monitor the status of each risk periodically and  implement...
DocumentsRisk  source lists (external and internal)Risk categories listRisk evaluation, categorization, andprioritizati...
Upcoming SlideShare
Loading in...5
×

Risk management in Software Industry

2,221

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,221
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
72
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Risk management in Software Industry

  1. 1. Risk Management in Software Industry Presented by – Rehan Akhtar
  2. 2. IntroductionThe purpose of Risk Management is to identifypotential problems before they occur so thatrisk-handling activities can be planned andinvoked as needed across the life of the productor project to mitigate adverse impacts onachieving objectives.
  3. 3. ImportanceCapability Maturity Model Integrated (CMMi)
  4. 4. Importance cont…ISO 20000 (Service Management) ◦The ultimate goal of ISO 20000 is to: ◦Reduce operational exposure to risk ◦Meet contractual requirements ◦Demonstrate service qualityTL 9000 for Telecom Industry ◦ Similar to ISO 9000ITIL V3 (Best Practices for IT ServiceManagement) ◦ Risk Management and Analysis
  5. 5. Risk Management ProcessRiskmanagement can be divided into threeprocesses: ◦Defining a risk management strategy; ◦Identifying and analysing risks; and ◦Handling identified risks, including the implementation of risk mitigation plans when needed. ◦
  6. 6. Activities PerformedDetermine Risk Sources and Categories ◦Risk Source ◦Uncertain requirements ◦Unprecedented efforts—estimates unavailable ◦Infeasible design ◦Unavailable technology ◦Unrealistic schedule estimates or allocation ◦Inadequate staffing and skills ◦Cost or funding issues ◦Uncertain or inadequate subcontractor capability ◦Uncertain or inadequate vendor capability ◦Inadequate communication with actual or potential customers or with their representatives ◦Disruptions to continuity of operations Risk Categories ◦
  7. 7. Activities Performed cont…Define Risk Parameters Parameters for evaluating, categorizing, and ◦ prioritizing risks include the following: ◦Risk likelihood (i.e., probability of risk occurrence) ◦Risk consequence (i.e., impact and severity of risk occurrence) ◦Thresholds to trigger management activities ◦
  8. 8. Activities Performed cont…Establish a Risk Management Strategy ◦The scope of the risk management effort ◦Methods and tools to be used for risk identification, risk analysis, risk mitigation, risk monitoring, and communication ◦Project-specific sources of risks ◦How these risks are to be organized, categorized, compared, and consolidated ◦Parameters, including likelihood, consequence, and thresholds, for taking action on identified risks ◦Risk mitigation techniques to be used, such as prototyping, piloting, simulation, alternative designs, or evolutionary development ◦Definition of risk measures to monitor the status of the risks
  9. 9. Activities Performed cont…Identify Risks ◦Examine each element of the project work breakdown structure to uncover risks. ◦Conduct a risk assessment using a risk taxonomy. ◦Interview subject matter experts. ◦Review risk management efforts from similar products. ◦Examine lessons-learned documents or databases. ◦Examine design specifications and agreement requirements.
  10. 10. Activities Performed cont…Evaluate, Categorize, and Prioritize Risks ◦Each risk is evaluated and assigned values in accordance with the defined risk parameters, which may include likelihood, consequence (severity, or impact), and thresholds. ◦Likelihood - remote, unlikely, likely, highly likely, or a near certainty ◦Consequences – Low, Medium, High, Negligible, Marginal, Significant, Criti cal, Catastrophic Risks are categorized into the defined risk ◦ categories, providing a means to look at risks according to their source, taxonomy, or project component
  11. 11. Activities Performed cont…Develop Risk Mitigation Plans ◦Risk avoidance: Changing or lowering requirements while still meeting the user’s needs ◦Risk control: Taking active steps to minimize risks ◦Risk transfer: Reallocating requirements to lower the risks ◦Risk monitoring: Watching and periodically re- evaluating the risk for changes to the assigned risk parameters ◦Risk acceptance: Acknowledgment of risk but not taking any action
  12. 12. Activities Performed cont…Implement Risk Mitigation Plans ◦Monitor the status of each risk periodically and implement the risk mitigation plan as appropriate.
  13. 13. DocumentsRisk source lists (external and internal)Risk categories listRisk evaluation, categorization, andprioritization criteriaRisk management requirements (e.g., controland approval levels, and reassessment intervals)Project risk managementList of identified risks, including thecontext, conditions, and consequences of riskoccurrenceList of risks, with a priority assigned to eachriskDocumented handling options for each
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×