SlideShare a Scribd company logo

chap6 Risk Analysis and Management Part1.pdf

M
MeghaGupta952452

The document outlines risk analysis and management in software projects, emphasizing the importance of identifying, assessing, and managing potential risks through a structured plan (RMMM). It discusses various risk types, strategies for mitigation (reactive and proactive), and principles for effective risk management, including stakeholder communication and a continuous process of adapting to new information. Key elements include understanding project, technical, and business risks, along with steps for risk assessment and monitoring to ensure project success.

Engineering
1 of 54
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
6.1 Risk Analysis & Management: Risk Mitigation, Monitoring and Management Plan (RMMM). 6.2 Quality Concepts and Software Quality assurance Metrics, Formal Technical Reviews, Software Reliability 6.3 The Software Configuration Management (SCM) ,Version Control and Change Control Chapter 6 Software Configuration Management, Quality Assurance and Maintenance
Risk Analysis and Management ⚫ Risks are potential problems that might affect the successful completion of a software project. ⚫ Risks involve uncertainty and potential losses. Risk analysis and management are intended to help a software team understand and manage uncertainty during the development process. ⚫ The important thing is to remember that things can go wrong and to make plans to minimize their impact when they do. ⚫ The work product is called a Risk Mitigation, Monitoring, and Management Plan (RMMM).
Risk Strategies ⚫ Reactive risk strategies: o Very common, resources are set aside to deal with likely risks, should they become a problem. o The software team does nothing about risks until something goes wrong. o At that point the team must work quickly to resolve the problem. ⚫ Proactive risk strategies: o Risk management begins before technical work starts. o Risks are identified, their probability and impact are assessed and they are ranked by importance. o The team builds a plan to avoid risks if they can or minimize them if the risks turn into problems.
“Risk& Reward” “Plan for the risk” to earn a “reward”
Characteristics of Software Risks ⚫ Uncertainty: the risk may or may not happen; that is there are no 100% probable risks. (A risk that is 100% probable is a constraint on the software project.) ⚫ Loss: if the risk becomes a reality, unwanted consequences or losses will occur ⚫ When risks are analyzed it is important to quantify the level of uncertainty and the degree of loss associated with each risk. Developed by Reneta Barneva, SUNY Fredonia
Software Risks Software Risks (Approach 1) ⚫ Project risks ⚫ Technical Risks ⚫ Business Risks Software Risks (Approach 2) ⚫ Known Risks ⚫ Predictable/Unpredictable Risks
Project Risks ⚫ Threaten the project plan. ⚫ Usually result in delays in project schedule and increased costs. ⚫ Identifies potential budgetary, schedule, personnel, resource, customer, and requirements problems and their impact on a software project.
Technical Risks ⚫ Threaten product quality and timeliness of the schedule. ⚫ Identifies potential design, implementation, interface, verification, and maintenance problems.
Business Risks ⚫ Threaten the viability of the software to be built. ⚫ Top 5 business risks: 1. Building an excellent product or system that no one really wants (market risk). 2. Building a product that no longer fits into the overall business strategy for the company (strategic risk). 3. Building a product that the sales force doesn’t understand how to sell (sales risk) 4. Losing the support of senior management due to a change in focus or a change in people (management risk). 5. Losing budgetary or personnel commitment (budget risks)
Known Risks ⚫ Known from careful evaluation of current project plan. ⚫ Examples: Unrealistic delivery date, lack of documented requirements or software scope, and poor development environment.
Predictable/Unpredictable Risks ⚫ Predictable Risks are extrapolated from past project experience. ⚫ Examples: staff turnover, poor communication with the customer, dilution of staff. ⚫ Unpredictable risks are extremely difficult to identify in advance.
Seven Principles of Risk Management ⚫ Maintain a global perspective – View software risks within the context of a system and the business problem that is is intended to solve ⚫ Take a forward-looking view – Think about risks that may arise in the future; establish contingency plans ⚫ Encourage open communication – Encourage all stakeholders and users to point out risks at any time ⚫ Integrate risk management – Integrate the consideration of risk into the software process
Seven Principles of Risk Management ⚫ Emphasize a continuous process of risk management – Modify identified risks as more becomes known and add new risks as better insight is achieved ⚫ Develop a shared product vision – A shared vision by all stakeholders facilitates better risk identification and assessment ⚫ Encourage teamwork when managing risk – Pool the skills and experience of all stakeholders when conducting risk management activities
Risk Risk type Description Staff turnover Project Experienced staff will leave the project before it is finished. Management change Project There will be a change of organisational management with different priorities. Hardware unavailability Project Hardware which is essential for the project will not be delivered on schedule. Requirements change Project and product There will be a larger number of changes to the requirements than anticipated. Specification delays Project and product Specifications of essential interfaces are not available on schedule Size underestimate Project and product The size of the system has been underestimated. CASE tool under- performance Product CASE tools which support the project do not perform as anticipated Technology change Business The underlying technology on which the system is built is superseded by new technology. Product competition Business A competitive product is marketed before the system is completed. Software Risks
7 Steps for Risk Management high probability high impact Impact may be negligible, marginal, critical, catastrophic Identify possible risks Rank the risks by probability and impact Analyze each risk Develop a contingency plan
Steps for Risk Management 1)Identify possible risks; recognize what can go wrong 2)Analyze each risk to estimate the probability that it will occur and the impact (i.e., damage) that it will do if it does occur 3)Rank the risks by probability and impact - Impact may be negligible, marginal, critical, and catastrophic 4)Develop a contingency plan to manage those risks having high probability and high impact
The Risk Management Process Risk avoidance and contingency plans Risk planning Prioritised risk list Risk analysis List of potential risks Risk identification Risk assessment Risk monitoring
chap6 Risk Analysis and Management Part1.pdf
Background ⚫ • Risk identification is a systematic attempt to specify threats to the project plan ⚫ • By identifying known and predictable risks, the project manager takes a first step toward avoiding them when possible and controlling them when necessary ⚫ •Generic risks ⚫ – Risks that are a potential threat to every software project ⚫ •Product-specific risks ⚫ – Risks that can be identified only by those with a clear understanding of the technology, the people, and the environment that is specific to the software that is to be built ⚫ This requires examination of the project plan and the statement of scope ⚫ "What special characteristics of this product may threaten our project plan?"
Risk Item Checklist (Risk Categories) ➢ Product size – risks associated with overall size of the software to be built ➢ Business impact – risks associated with constraints imposed by management or the marketplace ➢ Customer characteristics – risks associated with sophistication of the customer and the developer's ability to communicate with the customer in a timely manner ➢ Process definition – risks associated with the degree to which the software process has been defined and is followed ➢ Development environment – risks associated with availability and quality of the tools to be used to build the project ➢ Technology to be built – risks associated with complexity of the system to be built and the "newness" of the technology in the system ➢ Staff size and experience – risks associated with overall technical and project experience of the software engineers who will do the work
Risk Assessment ⚫ What will change if Risk becomes a problem.
Questionnaire on Project Risk (Questions are ordered by their relative importance to project success) 1. Have top software and customer managers formally committed to support the project? 2. Are end-users enthusiastically committed to the project and the system/product to be built? 3. Are requirements fully understood by the software engineering team and their customers? 4. Have customers been involved in the definition of requirements? 5. Do end-users have realistic expectations? 6. Is project scope stable?
Questionnaire on Project Risk (Questions are ordered by their relative importance to project success) 7. Does the software engineering team have the right mix of skills? 8. Are project requirements stable? 9. Does the project team have experience with the technology to be implemented? 10. Is the number of people on the project team adequate to do the job? 11. Do all customer/user constituencies agree on the importance of the project and on the requirements for the system/product to be built?
Assessing Overall Project Risk ⚫ If any one of the previous questions is answered negatively, mitigation, monitoring and management steps should be instituted without fail. ⚫ The degree to which the project is at risk is directly proportional to the number of negative responses to these questions.
Risk Components and Drivers The project manager identifies the risk drivers that affect the following risk components ⚫ Performance risk: the degree of uncertainty that the product will meet the requirements and be fit for its intended use. ⚫ Support risk: the degree of uncertainty that the resultant software will be easy to correct, adapt, and enhance. ⚫ Cost risk: the degree of uncertainty that the project budget will be maintained. ⚫ Schedule risk: the degree of uncertainty that the project schedule will be maintained and that the product will be delivered on time. ⚫ The impact of each risk driver on the risk component is divided into one of four impact levels – Negligible, marginal, critical, and catastrophic
Developed by Reneta Barneva, SUNY Fredonia Fig 6.1
Risk Projection (Estimation)
Background ⚫ impact of risks/likelihood of risk actually happening ⚫ Risk projection (or estimation) attempts to rate each risk in two ways – The probability that the risk is real – The consequence of the problems associated with the risk, should it occur
Risk Projection/Estimation steps ⚫ The project planner, along with other managers and technical staff, performs four risk projection activities: – 1. Establish a scale that reflects the perceived likelihood of a risk(e.g., 1-low, 10-high) – 2. Delineate the consequences of the risk – 3. Estimate the impact of the risk on the project and the product – 4. Note the overall accuracy of the risk projection so that there will be no misunderstandings.
Contents of a Risk Table ❑ A risk table provides a project manager with a simple technique for risk projection ❑ It consists of five columns ▪ Risk Summary – short description of the risk ▪ Risk Category – one of seven risk categories ▪ Probability – estimation of risk occurrence based on group input ▪ Impact – (1) catastrophic (2) critical (3) marginal (4) negligible ▪ RMMM – Pointer to a paragraph in the Risk Mitigation, Monitoring, and Management Plan
Developing a Risk Table • List all risks in the first column (by way of the help of the risk item checklists) • Mark the category of each risk • Estimate the probability of each risk occurring • Assess the impact of each risk based on an averaging of the four risk components to determine an overall impact value • Sort the rows by probability and impact in descending order • Draw a horizontal cutoff line in the table that indicates the risks that will be given further attention
Fig 6.2
Risk Projection Cutoff Line ⚫ This line is defined by the project manager on the risk table. ⚫ Implies that only risks that lie above the line will be given further attention. ⚫ Risks that fall below the line are re-evaluated to accomplish second-order prioritization.
Assessing Risk Impact ⚫ Three factors affect the consequences that are likely if a risk does occur: – Its nature – problems that are likely if it occurs – Its scope – combines the severity with its overall distribution – Its timing – when and how long the impact will be felt
The overall risk exposure formula is RE = P x C P = the probability of occurrence for a risk C = the cost to the project should the risk actually occur Example P = 80% probability that 18 of 60 software components will have to be developed C = Total cost of developing 18 components is $25,000 RE = .80 x $25,000 = $20,000
Assessing Risk Impact Example Problem • Risk identification. Only 70 percent of the software components scheduled for reuse will, in fact, be integrated into the application. The remaining functionality will have to be custom developed. • Risk probability. 80% (likely). • Risk impact. 60 reusable software components were planned. If only 70 percent can be used, 18 components would have to be developed from scratch (in addition to other custom software that has been scheduled for development). Since the average component is 100 LOC and local data indicate that the software engineering cost for each LOC is $14.00, the overall cost (impact) to develop the components would be 18 x 100 x 14 = $25,200. • Risk exposure. RE = 0.80 x 25,200 ~ $20,200.
Risk Assessment The referent point (break point): the point at which the decision to proceed with the project or terminate it are equally weighed.
Risk Mitigation, Monitoring, and Management (RMMM)
Risk Mitigation, Monitoring, and Management
RMMM • An effective strategy for dealing with risk must consider three issues (Note: these are not mutually exclusive) – Risk mitigation (i.e., avoidance) – Risk monitoring – Risk management and contingency planning • Risk mitigation (avoidance) is the primary strategy and is achieved through a plan – Example: Risk of high staff turnover • Risk monitoring – assessing whether predicted risks occur or not – ensuring risk aversion steps are being properly applied – collect information for future risk analysis – attempt to determine which risks caused which problems • Risk management – contingency planning – actions to be taken in the event that mitigation steps have failed and the risk has become a live problem
Foreground
Risk Information Sheets ⚫ Alternative to RMMM in which each risk is documented individually. ⚫ Often risk information sheets (RIS) are maintained using a database system. ⚫ RIS components - risk identification, date, probability, impact, description, refinement, mitigation/monitoring, management/contingency/ trigger, status, originator, assigned staff member.
chap6 Risk Analysis and Management Part1.pdf
chap6 Risk Analysis and Management Part1.pdf
chap6 Risk Analysis and Management Part1.pdf
chap6 Risk Analysis and Management Part1.pdf
chap6 Risk Analysis and Management Part1.pdf
chap6 Risk Analysis and Management Part1.pdf
chap6 Risk Analysis and Management Part1.pdf
chap6 Risk Analysis and Management Part1.pdf
chap6 Risk Analysis and Management Part1.pdf
Risk: Late Delivery • Mitigation The cost associated with a late delivery is critical. A late delivery will result in a late delivery of a letter of acceptance from the customer. Without the letter of acceptance, the group will receive a failing grade for the course. Steps have been taken to ensure a timely delivery by gauging the scope of project based on the delivery deadline. • Monitoring A schedule has been established to monitor project status. Falling behind schedule would indicate a potential for late delivery. The schedule will be followed closely during all development stages. • Management Late delivery would be a catastrophic failure in the project development. If the project cannot be delivered on time the development team will not pass the course. If it becomes apparent that the project will not be completed on time, the only course of action available would be to request an extension to the deadline form the customer.
Risk Mitigation Example: Risk: loss of key team members • Determine causes of job turnover. • Eliminate causes before project starts. • After project starts, assume turnover is going to occur and work to ensure continuity. • Make sure teams are organized and distribute information widely. • Define documentation standards and be sure documents are produced in a timely manner. • Conduct peer review of all work. • Define backup staff.
chap6 Risk Analysis and Management Part1.pdf

More Related Content

PDF
chapter 6.pdf Software configuration Management, Quality Assurance and Mainte...
headaids
 
PDF
chapter 6.pdf Software Configuration, Quality Assurance and Maintenance
MeghaGupta952452
 
PPTX
U3_Project Risk Management.pptx Estimation and Budget planning of Cost
ravindra661395
 
PPT
Unit 8-risk manaegement (1) -
Shashi Kumar
 
PPT
pressman-ch-25-risk-management.ppt
MuhammadKashif703372
 
PPT
pressman-ch-25-chapte risk-management.ppt
KhajaPasha33
 
PPTX
Risk Management
Saqib Raza
 
PPT
Software Engineering (Risk Management)
ShudipPal
 
chapter 6.pdf Software configuration Management, Quality Assurance and Mainte...
headaids
 
chapter 6.pdf Software Configuration, Quality Assurance and Maintenance
MeghaGupta952452
 
U3_Project Risk Management.pptx Estimation and Budget planning of Cost
ravindra661395
 
Unit 8-risk manaegement (1) -
Shashi Kumar
 
pressman-ch-25-risk-management.ppt
MuhammadKashif703372
 
pressman-ch-25-chapte risk-management.ppt
KhajaPasha33
 
Risk Management
Saqib Raza
 
Software Engineering (Risk Management)
ShudipPal
 

Similar to chap6 Risk Analysis and Management Part1.pdf (20)

PPT
lecture9-190719030941 globalized availab
faiziikanwal47
 
PPT
pressman-ch-25-enterprises-risk-management
55524110033
 
PDF
Risk Management.pdf for college studentds
UdayMann1
 
PPT
Risk-management
Umesh Gupta
 
PPT
Software engineering unit V-1 notes in the ppt format
hodcsm5
 
PPT
Introduction to risk management presentation
EphremChernet1
 
PPT
risk management
Arti Maggo
 
PPT
Pressman ch-25-risk-management
zeeshanwrch
 
PPT
Riskmanagement software Engineering1.ppt
sirishaYerraboina1
 
PPTX
Software risk, Configuration Management and QA (1).pptx
avinashpowar5
 
PPT
Risk management lec. 06
Noor Ul Hudda Memon
 
PPTX
SEPM UNIT V.pptx software engineering and product management
ManjuAppukuttan2
 
PPTX
SEPM UNIT V.pptx software engineeing and product management
ManjuAppukuttan2
 
PPT
RMMM
NayyabMirTahir
 
PPT
RM_PPT.ppt risk managementfor transmission line
AkdDeshmukh
 
PPTX
Risk management
Usman Mukhtar
 
PPT
Risk management(software engineering)
Priya Tomar
 
PDF
risk-management-121021125051-phpapp02 (1).pdf
PriyanshTan
 
PPTX
Project Planning and Management.pptx
vishnupriyapm4
 
PPT
Risk-Management-05012023-025512pm.ppt
YasirShaikh34
 
lecture9-190719030941 globalized availab
faiziikanwal47
 
pressman-ch-25-enterprises-risk-management
55524110033
 
Risk Management.pdf for college studentds
UdayMann1
 
Risk-management
Umesh Gupta
 
Software engineering unit V-1 notes in the ppt format
hodcsm5
 
Introduction to risk management presentation
EphremChernet1
 
risk management
Arti Maggo
 
Pressman ch-25-risk-management
zeeshanwrch
 
Riskmanagement software Engineering1.ppt
sirishaYerraboina1
 
Software risk, Configuration Management and QA (1).pptx
avinashpowar5
 
Risk management lec. 06
Noor Ul Hudda Memon
 
SEPM UNIT V.pptx software engineering and product management
ManjuAppukuttan2
 
SEPM UNIT V.pptx software engineeing and product management
ManjuAppukuttan2
 
RMMM
NayyabMirTahir
 
RM_PPT.ppt risk managementfor transmission line
AkdDeshmukh
 
Risk management
Usman Mukhtar
 
Risk management(software engineering)
Priya Tomar
 
risk-management-121021125051-phpapp02 (1).pdf
PriyanshTan
 
Project Planning and Management.pptx
vishnupriyapm4
 
Risk-Management-05012023-025512pm.ppt
YasirShaikh34
 
Ad

Recently uploaded (20)

PDF
BIO-INSPIRED ARCHITECTURE FOR PARSIMONIOUS CONVERSATIONAL INTELLIGENCE : THE ...
ijaia
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PPTX
6ME3A-Unit-II-Sensors and Actuators_Handouts.pptx
anukaranugi
 
PPTX
introduction to high performance computing
JuanDavid747466
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PDF
Integrating Fractal Dimension and Time Series Analysis for Optimized Hyperspe...
acijjournal
 
PDF
UNIT no 1 INTRODUCTION TO DBMS NOTES.pdf
pawarbhaktiit
 
PDF
Artificial Superintelligence (ASI) Alliance Vision Paper.pdf
SonaliPatil325517
 
PDF
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PDF
EXPLORING LEARNING ENGAGEMENT FACTORS INFLUENCING BEHAVIORAL, COGNITIVE, AND ...
johnmathew9417
 
PPT
A5_DistSysCh1.ppt_INTRODUCTION TO DISTRIBUTED SYSTEMS
rameshwarchintamani
 
PPT
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
PDF
Exploratory_Data_Analysis_Fundamentals.pdf
Ashutosh Satapathy
 
PPTX
Safety Seminar civil to be ensured for safe working.
DILJEETKUMAR8
 
PPTX
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
PDF
SMART SIGNAL TIMING FOR URBAN INTERSECTIONS USING REAL-TIME VEHICLE DETECTI...
Niraj Aarya
 
PDF
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
PDF
Analyzing Impact of Pakistan Economic Corridor on Import and Export in Pakist...
IJAEMSJORNAL
 
PDF
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
BIO-INSPIRED ARCHITECTURE FOR PARSIMONIOUS CONVERSATIONAL INTELLIGENCE : THE ...
ijaia
 
PPT on Performance Review to get promotions
prashant593122
 
6ME3A-Unit-II-Sensors and Actuators_Handouts.pptx
anukaranugi
 
introduction to high performance computing
JuanDavid747466
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
Integrating Fractal Dimension and Time Series Analysis for Optimized Hyperspe...
acijjournal
 
UNIT no 1 INTRODUCTION TO DBMS NOTES.pdf
pawarbhaktiit
 
Artificial Superintelligence (ASI) Alliance Vision Paper.pdf
SonaliPatil325517
 
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
EXPLORING LEARNING ENGAGEMENT FACTORS INFLUENCING BEHAVIORAL, COGNITIVE, AND ...
johnmathew9417
 
A5_DistSysCh1.ppt_INTRODUCTION TO DISTRIBUTED SYSTEMS
rameshwarchintamani
 
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
Exploratory_Data_Analysis_Fundamentals.pdf
Ashutosh Satapathy
 
Safety Seminar civil to be ensured for safe working.
DILJEETKUMAR8
 
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
SMART SIGNAL TIMING FOR URBAN INTERSECTIONS USING REAL-TIME VEHICLE DETECTI...
Niraj Aarya
 
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
Analyzing Impact of Pakistan Economic Corridor on Import and Export in Pakist...
IJAEMSJORNAL
 
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
Ad

chap6 Risk Analysis and Management Part1.pdf

  • 1. 6.1 Risk Analysis & Management: Risk Mitigation, Monitoring and Management Plan (RMMM). 6.2 Quality Concepts and Software Quality assurance Metrics, Formal Technical Reviews, Software Reliability 6.3 The Software Configuration Management (SCM) ,Version Control and Change Control Chapter 6 Software Configuration Management, Quality Assurance and Maintenance
  • 2. Risk Analysis and Management ⚫ Risks are potential problems that might affect the successful completion of a software project. ⚫ Risks involve uncertainty and potential losses. Risk analysis and management are intended to help a software team understand and manage uncertainty during the development process. ⚫ The important thing is to remember that things can go wrong and to make plans to minimize their impact when they do. ⚫ The work product is called a Risk Mitigation, Monitoring, and Management Plan (RMMM).
  • 3. Risk Strategies ⚫ Reactive risk strategies: o Very common, resources are set aside to deal with likely risks, should they become a problem. o The software team does nothing about risks until something goes wrong. o At that point the team must work quickly to resolve the problem. ⚫ Proactive risk strategies: o Risk management begins before technical work starts. o Risks are identified, their probability and impact are assessed and they are ranked by importance. o The team builds a plan to avoid risks if they can or minimize them if the risks turn into problems.
  • 4. “Risk& Reward” “Plan for the risk” to earn a “reward”
  • 5. Characteristics of Software Risks ⚫ Uncertainty: the risk may or may not happen; that is there are no 100% probable risks. (A risk that is 100% probable is a constraint on the software project.) ⚫ Loss: if the risk becomes a reality, unwanted consequences or losses will occur ⚫ When risks are analyzed it is important to quantify the level of uncertainty and the degree of loss associated with each risk. Developed by Reneta Barneva, SUNY Fredonia
  • 6. Software Risks Software Risks (Approach 1) ⚫ Project risks ⚫ Technical Risks ⚫ Business Risks Software Risks (Approach 2) ⚫ Known Risks ⚫ Predictable/Unpredictable Risks
  • 7. Project Risks ⚫ Threaten the project plan. ⚫ Usually result in delays in project schedule and increased costs. ⚫ Identifies potential budgetary, schedule, personnel, resource, customer, and requirements problems and their impact on a software project.
  • 8. Technical Risks ⚫ Threaten product quality and timeliness of the schedule. ⚫ Identifies potential design, implementation, interface, verification, and maintenance problems.
  • 9. Business Risks ⚫ Threaten the viability of the software to be built. ⚫ Top 5 business risks: 1. Building an excellent product or system that no one really wants (market risk). 2. Building a product that no longer fits into the overall business strategy for the company (strategic risk). 3. Building a product that the sales force doesn’t understand how to sell (sales risk) 4. Losing the support of senior management due to a change in focus or a change in people (management risk). 5. Losing budgetary or personnel commitment (budget risks)
  • 10. Known Risks ⚫ Known from careful evaluation of current project plan. ⚫ Examples: Unrealistic delivery date, lack of documented requirements or software scope, and poor development environment.
  • 11. Predictable/Unpredictable Risks ⚫ Predictable Risks are extrapolated from past project experience. ⚫ Examples: staff turnover, poor communication with the customer, dilution of staff. ⚫ Unpredictable risks are extremely difficult to identify in advance.
  • 12. Seven Principles of Risk Management ⚫ Maintain a global perspective – View software risks within the context of a system and the business problem that is is intended to solve ⚫ Take a forward-looking view – Think about risks that may arise in the future; establish contingency plans ⚫ Encourage open communication – Encourage all stakeholders and users to point out risks at any time ⚫ Integrate risk management – Integrate the consideration of risk into the software process
  • 13. Seven Principles of Risk Management ⚫ Emphasize a continuous process of risk management – Modify identified risks as more becomes known and add new risks as better insight is achieved ⚫ Develop a shared product vision – A shared vision by all stakeholders facilitates better risk identification and assessment ⚫ Encourage teamwork when managing risk – Pool the skills and experience of all stakeholders when conducting risk management activities
  • 14. Risk Risk type Description Staff turnover Project Experienced staff will leave the project before it is finished. Management change Project There will be a change of organisational management with different priorities. Hardware unavailability Project Hardware which is essential for the project will not be delivered on schedule. Requirements change Project and product There will be a larger number of changes to the requirements than anticipated. Specification delays Project and product Specifications of essential interfaces are not available on schedule Size underestimate Project and product The size of the system has been underestimated. CASE tool under- performance Product CASE tools which support the project do not perform as anticipated Technology change Business The underlying technology on which the system is built is superseded by new technology. Product competition Business A competitive product is marketed before the system is completed. Software Risks
  • 15. 7 Steps for Risk Management high probability high impact Impact may be negligible, marginal, critical, catastrophic Identify possible risks Rank the risks by probability and impact Analyze each risk Develop a contingency plan
  • 16. Steps for Risk Management 1)Identify possible risks; recognize what can go wrong 2)Analyze each risk to estimate the probability that it will occur and the impact (i.e., damage) that it will do if it does occur 3)Rank the risks by probability and impact - Impact may be negligible, marginal, critical, and catastrophic 4)Develop a contingency plan to manage those risks having high probability and high impact
  • 17. The Risk Management Process Risk avoidance and contingency plans Risk planning Prioritised risk list Risk analysis List of potential risks Risk identification Risk assessment Risk monitoring
  • 19. Background ⚫ • Risk identification is a systematic attempt to specify threats to the project plan ⚫ • By identifying known and predictable risks, the project manager takes a first step toward avoiding them when possible and controlling them when necessary ⚫ •Generic risks ⚫ – Risks that are a potential threat to every software project ⚫ •Product-specific risks ⚫ – Risks that can be identified only by those with a clear understanding of the technology, the people, and the environment that is specific to the software that is to be built ⚫ This requires examination of the project plan and the statement of scope ⚫ "What special characteristics of this product may threaten our project plan?"
  • 20. Risk Item Checklist (Risk Categories) ➢ Product size – risks associated with overall size of the software to be built ➢ Business impact – risks associated with constraints imposed by management or the marketplace ➢ Customer characteristics – risks associated with sophistication of the customer and the developer's ability to communicate with the customer in a timely manner ➢ Process definition – risks associated with the degree to which the software process has been defined and is followed ➢ Development environment – risks associated with availability and quality of the tools to be used to build the project ➢ Technology to be built – risks associated with complexity of the system to be built and the "newness" of the technology in the system ➢ Staff size and experience – risks associated with overall technical and project experience of the software engineers who will do the work
  • 21. Risk Assessment ⚫ What will change if Risk becomes a problem.
  • 22. Questionnaire on Project Risk (Questions are ordered by their relative importance to project success) 1. Have top software and customer managers formally committed to support the project? 2. Are end-users enthusiastically committed to the project and the system/product to be built? 3. Are requirements fully understood by the software engineering team and their customers? 4. Have customers been involved in the definition of requirements? 5. Do end-users have realistic expectations? 6. Is project scope stable?
  • 23. Questionnaire on Project Risk (Questions are ordered by their relative importance to project success) 7. Does the software engineering team have the right mix of skills? 8. Are project requirements stable? 9. Does the project team have experience with the technology to be implemented? 10. Is the number of people on the project team adequate to do the job? 11. Do all customer/user constituencies agree on the importance of the project and on the requirements for the system/product to be built?
  • 24. Assessing Overall Project Risk ⚫ If any one of the previous questions is answered negatively, mitigation, monitoring and management steps should be instituted without fail. ⚫ The degree to which the project is at risk is directly proportional to the number of negative responses to these questions.
  • 25. Risk Components and Drivers The project manager identifies the risk drivers that affect the following risk components ⚫ Performance risk: the degree of uncertainty that the product will meet the requirements and be fit for its intended use. ⚫ Support risk: the degree of uncertainty that the resultant software will be easy to correct, adapt, and enhance. ⚫ Cost risk: the degree of uncertainty that the project budget will be maintained. ⚫ Schedule risk: the degree of uncertainty that the project schedule will be maintained and that the product will be delivered on time. ⚫ The impact of each risk driver on the risk component is divided into one of four impact levels – Negligible, marginal, critical, and catastrophic
  • 26. Developed by Reneta Barneva, SUNY Fredonia Fig 6.1
  • 28. Background ⚫ impact of risks/likelihood of risk actually happening ⚫ Risk projection (or estimation) attempts to rate each risk in two ways – The probability that the risk is real – The consequence of the problems associated with the risk, should it occur
  • 29. Risk Projection/Estimation steps ⚫ The project planner, along with other managers and technical staff, performs four risk projection activities: – 1. Establish a scale that reflects the perceived likelihood of a risk(e.g., 1-low, 10-high) – 2. Delineate the consequences of the risk – 3. Estimate the impact of the risk on the project and the product – 4. Note the overall accuracy of the risk projection so that there will be no misunderstandings.
  • 30. Contents of a Risk Table ❑ A risk table provides a project manager with a simple technique for risk projection ❑ It consists of five columns ▪ Risk Summary – short description of the risk ▪ Risk Category – one of seven risk categories ▪ Probability – estimation of risk occurrence based on group input ▪ Impact – (1) catastrophic (2) critical (3) marginal (4) negligible ▪ RMMM – Pointer to a paragraph in the Risk Mitigation, Monitoring, and Management Plan
  • 31. Developing a Risk Table • List all risks in the first column (by way of the help of the risk item checklists) • Mark the category of each risk • Estimate the probability of each risk occurring • Assess the impact of each risk based on an averaging of the four risk components to determine an overall impact value • Sort the rows by probability and impact in descending order • Draw a horizontal cutoff line in the table that indicates the risks that will be given further attention
  • 33. Risk Projection Cutoff Line ⚫ This line is defined by the project manager on the risk table. ⚫ Implies that only risks that lie above the line will be given further attention. ⚫ Risks that fall below the line are re-evaluated to accomplish second-order prioritization.
  • 34. Assessing Risk Impact ⚫ Three factors affect the consequences that are likely if a risk does occur: – Its nature – problems that are likely if it occurs – Its scope – combines the severity with its overall distribution – Its timing – when and how long the impact will be felt
  • 35. The overall risk exposure formula is RE = P x C P = the probability of occurrence for a risk C = the cost to the project should the risk actually occur Example P = 80% probability that 18 of 60 software components will have to be developed C = Total cost of developing 18 components is $25,000 RE = .80 x $25,000 = $20,000
  • 36. Assessing Risk Impact Example Problem • Risk identification. Only 70 percent of the software components scheduled for reuse will, in fact, be integrated into the application. The remaining functionality will have to be custom developed. • Risk probability. 80% (likely). • Risk impact. 60 reusable software components were planned. If only 70 percent can be used, 18 components would have to be developed from scratch (in addition to other custom software that has been scheduled for development). Since the average component is 100 LOC and local data indicate that the software engineering cost for each LOC is $14.00, the overall cost (impact) to develop the components would be 18 x 100 x 14 = $25,200. • Risk exposure. RE = 0.80 x 25,200 ~ $20,200.
  • 37. Risk Assessment The referent point (break point): the point at which the decision to proceed with the project or terminate it are equally weighed.
  • 38. Risk Mitigation, Monitoring, and Management (RMMM)
  • 40. RMMM • An effective strategy for dealing with risk must consider three issues (Note: these are not mutually exclusive) – Risk mitigation (i.e., avoidance) – Risk monitoring – Risk management and contingency planning • Risk mitigation (avoidance) is the primary strategy and is achieved through a plan – Example: Risk of high staff turnover • Risk monitoring – assessing whether predicted risks occur or not – ensuring risk aversion steps are being properly applied – collect information for future risk analysis – attempt to determine which risks caused which problems • Risk management – contingency planning – actions to be taken in the event that mitigation steps have failed and the risk has become a live problem
  • 42. Risk Information Sheets ⚫ Alternative to RMMM in which each risk is documented individually. ⚫ Often risk information sheets (RIS) are maintained using a database system. ⚫ RIS components - risk identification, date, probability, impact, description, refinement, mitigation/monitoring, management/contingency/ trigger, status, originator, assigned staff member.
  • 52. Risk: Late Delivery • Mitigation The cost associated with a late delivery is critical. A late delivery will result in a late delivery of a letter of acceptance from the customer. Without the letter of acceptance, the group will receive a failing grade for the course. Steps have been taken to ensure a timely delivery by gauging the scope of project based on the delivery deadline. • Monitoring A schedule has been established to monitor project status. Falling behind schedule would indicate a potential for late delivery. The schedule will be followed closely during all development stages. • Management Late delivery would be a catastrophic failure in the project development. If the project cannot be delivered on time the development team will not pass the course. If it becomes apparent that the project will not be completed on time, the only course of action available would be to request an extension to the deadline form the customer.
  • 53. Risk Mitigation Example: Risk: loss of key team members • Determine causes of job turnover. • Eliminate causes before project starts. • After project starts, assume turnover is going to occur and work to ensure continuity. • Make sure teams are organized and distribute information widely. • Define documentation standards and be sure documents are produced in a timely manner. • Conduct peer review of all work. • Define backup staff.