Downloaded 168 times
Uploaded byRehan Akhtar
Risk management in Software Industry
This document discusses risk management in the software industry. It outlines the importance of risk management, including its role in frameworks like CMMI, ISO 20000, TL 9000, and ITIL. It then describes the typical risk management process, which involves defining a risk management strategy, identifying and analyzing risks, and handling risks through mitigation plans. Finally, it lists common activities in risk management, such as identifying risk sources and categories, evaluating risks, developing mitigation plans, and implementing those plans through risk monitoring.
More Related Content
Similar to Risk management in Software Industry
![Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]](https://cdn.slidesharecdn.com/ss_thumbnails/codedagentsdeck-251215155422-5497c599-thumbnail.jpg?width=640&height=640&fit=bounds)
Risk management in Software Industry
- 1. Risk Management inSoftware Industry Presented by – Rehan Akhtar
- 2. Introduction The purpose ofRisk Management is to identify potential problems before they occur so that risk-handling activities can be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives.
- 3. Importance Capability Maturity ModelIntegrated (CMMi)
- 4. Importance cont… ISO 20000 (Service Management) ◦The ultimate goal of ISO 20000 is to: ◦Reduce operational exposure to risk ◦Meet contractual requirements ◦Demonstrate service quality TL 9000 for Telecom Industry ◦ Similar to ISO 9000 ITIL V3 (Best Practices for IT Service Management) ◦ Risk Management and Analysis
- 5. Risk Management Process Riskmanagementcan be divided into three processes: ◦Defining a risk management strategy; ◦Identifying and analysing risks; and ◦Handling identified risks, including the implementation of risk mitigation plans when needed. ◦
- 6. Activities Performed Determine Risk Sources and Categories ◦Risk Source ◦Uncertain requirements ◦Unprecedented efforts—estimates unavailable ◦Infeasible design ◦Unavailable technology ◦Unrealistic schedule estimates or allocation ◦Inadequate staffing and skills ◦Cost or funding issues ◦Uncertain or inadequate subcontractor capability ◦Uncertain or inadequate vendor capability ◦Inadequate communication with actual or potential customers or with their representatives ◦Disruptions to continuity of operations Risk Categories ◦
- 7. Activities Performed cont… Define Risk Parameters Parameters for evaluating, categorizing, and ◦ prioritizing risks include the following: ◦Risk likelihood (i.e., probability of risk occurrence) ◦Risk consequence (i.e., impact and severity of risk occurrence) ◦Thresholds to trigger management activities ◦
- 8. Activities Performed cont… Establish a Risk Management Strategy ◦The scope of the risk management effort ◦Methods and tools to be used for risk identification, risk analysis, risk mitigation, risk monitoring, and communication ◦Project-specific sources of risks ◦How these risks are to be organized, categorized, compared, and consolidated ◦Parameters, including likelihood, consequence, and thresholds, for taking action on identified risks ◦Risk mitigation techniques to be used, such as prototyping, piloting, simulation, alternative designs, or evolutionary development ◦Definition of risk measures to monitor the status of the risks
- 9. Activities Performed cont… Identify Risks ◦Examine each element of the project work breakdown structure to uncover risks. ◦Conduct a risk assessment using a risk taxonomy. ◦Interview subject matter experts. ◦Review risk management efforts from similar products. ◦Examine lessons-learned documents or databases. ◦Examine design specifications and agreement requirements.
- 10. Activities Performed cont… Evaluate, Categorize, and Prioritize Risks ◦Each risk is evaluated and assigned values in accordance with the defined risk parameters, which may include likelihood, consequence (severity, or impact), and thresholds. ◦Likelihood - remote, unlikely, likely, highly likely, or a near certainty ◦Consequences – Low, Medium, High, Negligible, Marginal, Significant, Criti cal, Catastrophic Risks are categorized into the defined risk ◦ categories, providing a means to look at risks according to their source, taxonomy, or project component
- 11. Activities Performed cont… Develop Risk Mitigation Plans ◦Risk avoidance: Changing or lowering requirements while still meeting the user’s needs ◦Risk control: Taking active steps to minimize risks ◦Risk transfer: Reallocating requirements to lower the risks ◦Risk monitoring: Watching and periodically re- evaluating the risk for changes to the assigned risk parameters ◦Risk acceptance: Acknowledgment of risk but not taking any action
- 12. Activities Performed cont… Implement Risk Mitigation Plans ◦Monitor the status of each risk periodically and implement the risk mitigation plan as appropriate.
- 13. Documents Risk sourcelists (external and internal) Risk categories list Risk evaluation, categorization, and prioritization criteria Risk management requirements (e.g., control and approval levels, and reassessment intervals) Project risk management List of identified risks, including the context, conditions, and consequences of risk occurrence List of risks, with a priority assigned to each risk Documented handling options for each