2. RISK MANAGEMENT
• Risk management is increasingly seen as one of the main jobs of project managers.
• It involves anticipating risks that might affect the project schedule or the quality of
the software being developed and taking action to avoid these risks.
• The results of the risk analysis should be documented in the project plan along
with an analysis of the consequences of a risk occurring.
• Effective risk management makes it easier to cope with problems and to ensure
that these do not lead to unacceptable budget or schedule slippage.
5. 1. Risk identification:- Possible project, product and business risks are identified.
2. Risk analysis :- The likelihood and consequences of these risks are assessed.
3. Risk planning :- Plans to address the risk either by avoiding it or minimizing its effects on
the project are drawn up.
4. Risk monitoring :- The risk is constantly assessed and plans for risk mitigation are
revised as more information about the risk becomes available.
Several stages of Risk management process
6. Risk Identification
• Risk identification is the first stage of risk management.
• It is concerned with discovering possible risks to the project.
• In principle, these should not be assessed or prioritized at this stage,
although, in practice, risks with very minor consequences or very low
probability risks are not usually considered.
• Risk identification may be carried out as a team process using a
brainstorming approach or may simply be based on experience.
• To help the process, a checklist of different types of risk may be used
7. Six types of risk
1. Technology risks Risks that derive from the software or hardware
technologies that are used to develop the system.
2. People risks Risks that are associated with the people in the
development team.
3. Organisational risks Risks that derive from the organisational
environment where the software is being developed.
4. Tools risks Risks that derive from the CASE tools and other support
software used to develop the system.
5. Requirements risks Risks that derive from changes to the customer
requirements and the process of managing the requirements change.
6. Estimation risks Risks that derive from the management estimates of the
system characteristics and the resources required to build the system
8. Risk analysis
• During the risk analysis process, you have to consider each identified
risk and make a judgement about the probability and the seriousness
of it.
• There is no easy way to do this—you must rely on your own
judgement and experience, which is why experienced project
managers are generally the best people to help with risk management
but should be based around a number of bands:
• The probability of the risk might be assessed as very low (75%).
• The effects of the risk might be assessed as catastrophic, serious, tolerable or
insignificant
9.
10. • Both the probability and the assessment of the effects of a risk may
change as more information about the risk becomes available and as
risk management plans are implemented.
• Therefore, you should update this table during each iteration of the
risk process.
• Once the risks have been analysed and ranked, you should assess
which are most significant.
• Your judgement must depend on a combination of the probability of
the risk arising and the effects of that risk.
• In general, catastrophic risks should always be considered, as should
all serious risks that have more than a moderate probability of
occurrence
11. Risk planning
• The risk planning process considers each of the key risks that have
been identified and identifies strategies to manage the risk.
• There is no simple process that can be followed to establish risk
management plans.
• It relies on the judgement and experience of the project manager.
12.
13. Strategies
• Avoidance strategies Following these strategies means that the
probability that the risk will arise will be reduced.
• Minimization strategies Following these strategies means that the
impact of the risk will be reduced.
• Contingency plans Following these strategies means that you are
prepared for the worst and have a strategy in place to deal with it.
14.
15. Risk monitoring
• Risk monitoring involves regularly assessing each of the identified
risks to decide whether or not that risk is becoming more or less
probable and whether the effects of the risk have changed.
• Of course, this cannot usually be observed directly, so you have to
look at other factors that give you clues about the risk probability and
its effects.
• These factors are obviously dependent on the types of risk.
• Risk monitoring should be a continuous process, and, at every
management progress review, you should consider and discuss each
of the key risks separately