Published on

Published in: Education, Technology, Business
  • Be the first to comment

  • Be the first to like this


  1. 1. Risk Management
  2. 2. Risk Identification <ul><li>One method for identifying risk is to create a risk item checklist(in this we have included predictable risks for generic subcategories) </li></ul><ul><ul><li>Product Size – risk associated with the overall size of the s/w to be built. </li></ul></ul><ul><ul><li>Business impact – risk associated with constraints imposed by management or the marketplace . </li></ul></ul><ul><ul><li>Customer characteristics – risk associated with the communication of customer and the developer's ability. </li></ul></ul><ul><ul><li>Process definition – risk associated with the degree to which the software process has been defined. </li></ul></ul><ul><ul><li>Development environment – risk associated with the availability and quality of the tool to be used to build a product. </li></ul></ul><ul><ul><li>Technology to be build – risk associated with the complexity of the system to be built. </li></ul></ul><ul><ul><li>Staff size and experience – risk associated with the overall technical and project experience of the s/w engineers who will do the work. </li></ul></ul>
  3. 3. Assessing overall project Risk <ul><li>Following questions arranged in the relative importance to the success of a project :- </li></ul><ul><li>1) Have top software and customer managers formally committed to support the project ? </li></ul><ul><li>2) Are end-users enthusiastically committed to the project and the system/product to be build? </li></ul><ul><li>3) Are requirement fully understood by the software engineering team and its customers? </li></ul><ul><li>4) Have customer been involved fully in the definition of requirement ? </li></ul><ul><li>5) Do end-users have realistic expectations? </li></ul><ul><li>6) Is project scope stable ? </li></ul><ul><li>7) Does the software engineering team have the right mix of skills? </li></ul><ul><li>8) Are project requirement stable ? </li></ul><ul><li>9) Does the project team have experience with the technology to be implemented? </li></ul><ul><li>10) Is the number of people on the project team adequate to do the job? </li></ul><ul><li>11) Do all customer/user constituencies agree on the importance of the project and on the requirements for the system/product to be built? </li></ul><ul><li>“ The degree to which the project is at risk is directly proportional to the number of negative response to these questions” </li></ul>
  4. 4. Risk Components and Drivers <ul><li>“ The U.S Air Force[AFC88] has written a pamphlet that contains excellent guidelines for software risk identification.” </li></ul><ul><li>The project manager identify the risk drivers that affect software risk components – </li></ul><ul><li>* Performance Risk – degree of uncertainty that the product will meet its requirements. </li></ul><ul><li>* Cost Risk – the degree of uncertainty that project budget will be maintained. </li></ul><ul><li>* Support Risk – the degree of uncertainty that the resultant software will be easy to correct, adapt, and enhance. </li></ul><ul><li>* Schedule Risk – the degree of uncertainty that the project schedule will be maintained and product will be delivered on time. </li></ul><ul><li>The impact of each risk driver on the risk component is divided into one of four impact levels </li></ul><ul><ul><li>Negligible , marginal, critical , or catastrophic [refer a table in a book page 732] </li></ul></ul>
  5. 5. Risk Projection <ul><li>It is also called risk estimation. </li></ul><ul><li>Risk rate in two ways – </li></ul><ul><ul><li>Likelihood or probability that the risk is real </li></ul></ul><ul><ul><li>Consequences of the problems associated with the risk </li></ul></ul><ul><li>Four risk projection steps : [ By project manager & Technical staff ] </li></ul><ul><ul><li>Establish a scale that reflects the perceived likelihood of a risk. </li></ul></ul><ul><ul><li>Delineate the consequences of the risk. </li></ul></ul><ul><ul><li>Estimate the impact of risk on the project and the product. </li></ul></ul><ul><ul><li>Note the overall accuracy of the risk projection , to avoid misunderstanding. </li></ul></ul><ul><li>No s/w team handle the risk with same degree of rigor. </li></ul>
  6. 6. Contents of a Risk Table <ul><li>It consists of five column </li></ul><ul><ul><li>Risk Summary – short description of the risk </li></ul></ul><ul><ul><li>Risk Category – one of seven risk categories </li></ul></ul><ul><ul><li>(slide risk identification) </li></ul></ul><ul><ul><li>Probability – estimation of risk occurrence based on group input </li></ul></ul><ul><ul><li>Impact – 1) catastrophic 2) critical 3) Marginal 4) negligible </li></ul></ul><ul><ul><li>RMMM – Pointer to the paragraph in the Risk Mitigation , Monitoring and Management Plan. </li></ul></ul>
  7. 7. Developing a Risk Table <ul><li>List all risks in the first column (by way of the help of the risk item checklist) </li></ul><ul><li>Mark the category of each risk. </li></ul><ul><li>Estimate the probability of each risk occurring </li></ul><ul><li>Assess the impact of each risk based on an averaging the four risk components to determine an overall impact value </li></ul><ul><li>Sort the rows by probability and impact in descending order </li></ul><ul><li>Draw horizontal cutoff line in the table that indicates the risk that will be given further attention </li></ul>
  8. 8. Assessing Risk Impact <ul><li>Three factor affect the consequences that are likely if a risk does occur </li></ul><ul><ul><li>Its nature – This indicates the problem that are likely if the risk occur. </li></ul></ul><ul><ul><li>Its scope – This combines the severity of the risk(how serious) with its overall distribution (how mush of the project will be affected) </li></ul></ul><ul><ul><li>Its timing – when and for how long the impact will be felt. </li></ul></ul><ul><li>Ex: poorly external interface to customer hardware(technical risk) </li></ul><ul><li>The overall risk exposure formula is RE=P x C </li></ul><ul><ul><li>P= probability of occurrence of a risk </li></ul></ul><ul><ul><li>C= is the cost to the project should the risk occur. </li></ul></ul><ul><li>Example [steps followed by s/w team] </li></ul><ul><ul><li>Risk Identification – Only 70% of the s/w component schedule for reuse </li></ul></ul><ul><ul><li>Risk Probability – 80 % </li></ul></ul><ul><ul><li>Risk Impact -- 60 reusable component were planned which is 70 % of the total component , then 18 component have to developed from scratch. </li></ul></ul><ul><li>Avg. component have 100 LOC , per LOC $10 </li></ul><ul><li>then RE = .80 x (100x10x18)= </li></ul>
  9. 9. Risk Mitigation, Monitoring and Management <ul><li>Risk Referent Level [refer soft.pdf] </li></ul><ul><li>RMMM has single goal – to assist the project team in development a strategy for developing with risk </li></ul><ul><li>An effective strategy must consider three issues: </li></ul><ul><ul><li>Risk Avoidance(i.e mitigation) </li></ul></ul><ul><ul><li>Risk monitoring </li></ul></ul><ul><ul><li>Risk Management and contingency planning </li></ul></ul>
  10. 10. Example Cont.. <ul><li>Suppose </li></ul><ul><ul><li>high staff turnover is noted as a project risk ri. </li></ul></ul><ul><ul><li>Based on the past history the likelihood li. </li></ul></ul><ul><ul><li>Projected Impact xi. </li></ul></ul>
  11. 11. Cont… <ul><li>Develop a strategy to mitigates the risk and reducing turnover. </li></ul><ul><ul><li>Meet the current staff to determine causes for turnover </li></ul></ul><ul><ul><li>Mitigate those causes that are under our control before the project starts </li></ul></ul><ul><ul><li>Once the project commences, assume turnover will occur and develop techniques to ensure continuity when people leave </li></ul></ul><ul><ul><li>Organize project teams so that information about each development activity is widely dispersed </li></ul></ul><ul><ul><li>Define documentation standards and establish mechanisms to ensure that documents are developed in a timely manner </li></ul></ul><ul><ul><li>Conduct peer reviews of all work (so that more than one person is &quot;up to speed&quot;) </li></ul></ul><ul><ul><li>Assign a backup staff member for every critical technologist </li></ul></ul>