SlideShare a Scribd company logo

notes_Lecture9 RISK COMPONENTS AND DRIVERS

Download as PPT, PDF
P
psaravanakumar8

SOFTWARE PROJECT MANAGEMENT

Engineering
1 of 22
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Software Project Management Lecture # 9
Outline  Chapter 25 – risk management (contd)  Risk Identification  Risk Components and Drivers  Risk Projection  Developing a Risk table  Assessing risk impact  Risk Refinement  What is RMMM?  RMMM Plan
Risk Components and Drivers (1)  The U.S. Air force has published an excellent guideline for software risk identification and abatement.  Their approach requires project manager to identify risks drivers that affect software risk components  Following are the Risk Components  Performance  Cost  Support  Schedule
Risk Components and Drivers (2)  These risk components are defined as follows in context of these guidelines:  Performance risk  The degree of uncertainty that the product will meet its requirements and be fit for its intended use  Cost risk  The degree of uncertainty that the project budget will be maintained  Support risk  The degree of uncertainty that the resultant software will be easy to correct, adapt and enhance  Schedule risk  The degree of uncertainty that the project schedule will be maintained and that the product will be delivered on time
Risk Components and Drivers (3)  The impact of each risk driver on the risk component is determined. This impact can be any of these four impact categories  Negligible  Marginal  Critical  Catastrophic
Risk Projection (1)  Risk Projection is also known as Risk Estimation  Risk projection rates each risk in two ways:  the probability that the risk is real and  the consequences of the problems associated with the risk, should it occur  4 Risk projection steps performed by project planner along with other managers & tech staff 1. Establish a scale that reflects the perceived likelihood of a risk 2. Delineate the consequences of the risk 3. Estimate the impact of the risk on the project and the product 4. Note overall accuracy of the risk projection so that there will be no misunderstandings
Risk Projection (2)  The aim of these steps is to eventually determine prioritization of the risk  By prioritizing risks, the software team can allocate resources where they will have the most impact.
Developing a Risk Table (1)  A risk table provides a project manager with a simple technique for risk projection (estimation)  The risk table can be implemented as a spread sheet model (enabling easy manipulation & sorting of entries)  The table has the following content:  1st column: list of all risks  2nd column: categorization of risks, e.g., PS (Project Size risk), BU (Business risk)  3rd column: probability of risk occurrence  4th column: risk impact category  determined by averaging the impact categories of the 4 risk components – performance, support, cost, schedule)
Developing a Risk Table (2)  After the first four columns are completed, the table is sorted by probability and by impact.  High probability and high impact risks move to the top of the table and low ones drop to bottom  Project Manager studies the resultant (1st order risk prioritization) table and defines a cutoff line.  Risks above the cutoff line must be managed  Risks below cutoff line are reevaluated for 2nd order prioritization.  5th column: contains a pointer into a Risk Mitigation, Monitoring and Management Plan (RMMM) or alternatively, a collection of risk information sheets developed for all risks above the cutoff
Assessing Risk Impact  If a risk does occur, then the consequences (that are likely) are affected by 3 factors  nature of risk  scope (severity & its distribution) of risk  timing of risk  Following are the recommended steps to determine overall consequences of risk  Determine the avg probability of occurrence value for each risk component  Using impact assessment (fig. 25.1), determine impact for each component based on the criteria.  Complete the risk table & analyze the results as described in the preceding sections.  The overall risk exposure RE is determined using the following relationship:  RE = P x C where P = probability of occurrence for risk C = cost to the project, if risk occurs
Risk Refinement (1)  During early stages of the project, a risk is stated generally  As time passes, learning about project work and related risks improves  Hence, risks stated earlier can be refined, making them more detailed so that they are easier to handle  Risk can be represented in condition-transition- consequence (CTC) format  Given that <condition> then there is a concern that (possibly) <consequence>
Risk Refinement (2)  Example:  Given that all reusable components must conform to specific design standards and that some do not conform, then there is a concern that possibly only 70 percent of the planned reusable modules may actually be integrated into the as-built system, resulting in the need to custom engineer the remaining 30 percent of components  Refinement:  Subcondition1  Certain reusable components were developed by a third party with no knowledge of internal design standards  Subcondition2  The design standard for component interfaces has not been solidified and may not conform to certain existing reusable components  Subcondition3  Certain reusable components have been implemented in a language that is not supported on target environment  The consequence (of custom engg of 30% components) remains same for all refined subconditions but refinement helps in easy risk analysis
What is RMMM?  RMMM = Risk Mitigation, Monitoring and Management  An effective strategy to deal with risks must consider issues such as:  Risk avoidance  Risk monitoring  Risk management and contingency planning  RMMM steps incur additional project cost
Example Scenario of a RISK…  Scenario  Assume that high staff turnover is a project risk r1.  Based on past history, the likelihood l1, of high turnover is estimated to be 70%  The impact x1, is projected as critical  So, high turnover will have a critical impact on project cost and schedule  Steps to mitigate r1:  Meet the staff to find the causes of turnover (poor working conditions, low pay, etc.)  Try to reduce the causes of turnover (if possible) before project starts  Once project starts, assume turnover will occur and develop techniques to ensure continuity when people leave
Example Scenario of a RISK…  Organize project teams so that information about each development activity is widely dispersed.  Define documentation standards & establish mechanisms to ensure that documents are timely developed.  Conduct peer reviews of all work.  Assign backup staff member for every critical technologist.  Risk Monitoring for r1: As project proceeds, risk monitoring activities commence to find indications whether the risk is becoming more or less likely. Following factors are considered for r1:  General attitude of team members based on project pressures.  The degree to which the team is jelled.
Example Scenario of a RISK…  Interpersonal relationships among team members.  Potential problems with compensation and benefits.  The availability of jobs within or outside the company.  Risk Management & Contingency Planning: This stage comes into play when mitigation efforts have failed and risk has become a reality.  Considering again scenario for r1.  The project is underway and a number of people announce that they will be leaving.  If mitigation strategy has been followed, backup is available, information is documented and knowledge is dispersed across the team.
Example Scenario of a RISK…  Project manager may refocus resources to those functions that are fully staffed and re-adjust schedule accordingly.  The newcomers can “get up to speed” in the mean time.  Individuals who are leaving are asked to stop all work and spend their last weeks in “knowledge transfer mode”.  This may include  video-based knowledge capture,  development of “commentary documents”,  And / or meeting with other team members who will stay on the project team
Example Scenario of a RISK…  Cost/benefit analysis:  Since RMMM steps incur additional cost, the project managers & planners must consider if the benefit of these steps are outweighed by costs associated in implementing them.  If risk management steps are projected to increase costs by 5% and duration by only 3%, then there is no harm in putting them in place.  If these steps increase both project cost and duration by 15%, then they may not be undertaken.
Risk Management  For a large project, 30 to 40 risks can be identified. If between 3 & 7 risk management steps are identified for each risk, risk management may become a project itself!  For this reason, we adapt the Pareto 80-20 rule to software risks  Experience indicates that 80% of overall project risk (potential for failure) can be accounted for by 20% of the identified risks (the critical 20 risks with highest project priority).  Risks can even occur after the software has been successfully developed & delivered to the customer.  Software safety and hazard analysis (SQA activities) focus on identification & assessment of potential hazards that have negative affect and may cause entire system to fail.
The RMMM Plan  The RMMM plan documents all work performed as part of risk analysis.  It is used by project manager as part of overall project plan.  Some software teams do not develop formal RMMM document. Rather, each risk is documented individually using a risk information sheet (RIS).  In most cases, RIS is maintained using a database system so that creation & information entry, priority ordering, searches, and other analysis may be accomplishes easily.
The RMMM Plan  RIS contains the following information (Fig. 25.4)  Risk ID, Date, Probability & Impact  Description  Refinement/context  Mitigation/monitoring  Management/Contingency Plan/trigger  Current Status  Originator & Assigned (to whom) information  Once RMMM has been documented & project has begun, risk mitigation and monitoring steps commence.
The RMMM Plan  Risk mitigation is problem avoidance activity  Risk monitoring has three main objectives:  To assess whether predicted risks do, in fact, occur  To ensure that risk aversion steps defined for the risk are properly applied  To collect info that can be used for future risk analysis  A part of monitoring is to find causes (origin) of risks.

More Related Content

PDF
risk-management-121021125051-phpapp02 (1).pdf
PriyanshTan
 
PPT
Risk analysis
saurabhshertukde
 
PPT
Risk
Rahul Hada
 
PPT
Project Risk Management-Pankaj K Sinha
Pankaj K Sinha
 
PDF
Project Management C7 -risk_management
Izah Asmadi
 
PDF
riskanalysis-120305101118-phpapp02.pdf
WilliamTom9
 
PDF
Risk Management.pdf for college studentds
UdayMann1
 
PPTX
Risk Management
Hinal Lunagariya
 
risk-management-121021125051-phpapp02 (1).pdf
PriyanshTan
 
Risk analysis
saurabhshertukde
 
Risk
Rahul Hada
 
Project Risk Management-Pankaj K Sinha
Pankaj K Sinha
 
Project Management C7 -risk_management
Izah Asmadi
 
riskanalysis-120305101118-phpapp02.pdf
WilliamTom9
 
Risk Management.pdf for college studentds
UdayMann1
 
Risk Management
Hinal Lunagariya
 

Similar to notes_Lecture9 RISK COMPONENTS AND DRIVERS (20)

PPTX
Software risk, Configuration Management and QA (1).pptx
avinashpowar5
 
DOCX
Project Name Risk Management PlanVersion 1.0 Error! Unkno.docx
wkyra78
 
PPT
Risk management(software engineering)
Priya Tomar
 
PPT
RMMM
NayyabMirTahir
 
PPT
Risk-management
Umesh Gupta
 
PDF
PRMG195 - Rsik Management Case Study.pdf
mohamed Ismail
 
PPTX
11. Project Risk Management.pptx
KamranKhan353531
 
PDF
Beyond PMP: Risk Management
abhinayverma
 
PPT
Pressman ch-25-risk-management
zeeshanwrch
 
PPT
risk management
Arti Maggo
 
PPT
Introduction to risk management presentation
EphremChernet1
 
PPT
Riskmanagement software Engineering1.ppt
sirishaYerraboina1
 
PPT
Risk Management
rajuinstru
 
PPTX
OOSE-PRESENTATION.pptx
RanjitKdk
 
DOCX
1Risk ReportingRisk ReportingRique Gidde.docx
felicidaddinwoodie
 
DOCX
Running head RISK MANAGEMENT PLAN 1RISK MANAGE.docx
toltonkendal
 
DOCX
Building Risk Tolerance into the Program Plan and Schedule
Glen Alleman
 
PPT
Practical Application Of System Safety For Performance Improvement
Albert V. Condello III CSP CHMM
 
DOCX
Risk Management Plan Project NameLast UpdatedOverviewPro.docx
healdkathaleen
 
PPT
RM_PPT.ppt risk managementfor transmission line
AkdDeshmukh
 
Software risk, Configuration Management and QA (1).pptx
avinashpowar5
 
Project Name Risk Management PlanVersion 1.0 Error! Unkno.docx
wkyra78
 
Risk management(software engineering)
Priya Tomar
 
RMMM
NayyabMirTahir
 
Risk-management
Umesh Gupta
 
PRMG195 - Rsik Management Case Study.pdf
mohamed Ismail
 
11. Project Risk Management.pptx
KamranKhan353531
 
Beyond PMP: Risk Management
abhinayverma
 
Pressman ch-25-risk-management
zeeshanwrch
 
risk management
Arti Maggo
 
Introduction to risk management presentation
EphremChernet1
 
Riskmanagement software Engineering1.ppt
sirishaYerraboina1
 
Risk Management
rajuinstru
 
OOSE-PRESENTATION.pptx
RanjitKdk
 
1Risk ReportingRisk ReportingRique Gidde.docx
felicidaddinwoodie
 
Running head RISK MANAGEMENT PLAN 1RISK MANAGE.docx
toltonkendal
 
Building Risk Tolerance into the Program Plan and Schedule
Glen Alleman
 
Practical Application Of System Safety For Performance Improvement
Albert V. Condello III CSP CHMM
 
Risk Management Plan Project NameLast UpdatedOverviewPro.docx
healdkathaleen
 
RM_PPT.ppt risk managementfor transmission line
AkdDeshmukh
 
Ad

Recently uploaded (20)

DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PPT
introduction to datamining and warehousing
ssuser4ab3a2
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PPTX
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PDF
composite construction of structures.pdf
AinieButt1
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
introduction to datamining and warehousing
ssuser4ab3a2
 
Project quality management in manufacturing
BarMusaTetik
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
Well-logging-methods_new................
ZafriFarid
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Sustainable Sites - Green Building Construction
mhdumerali
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
composite construction of structures.pdf
AinieButt1
 
Ad

notes_Lecture9 RISK COMPONENTS AND DRIVERS

  • 2. Outline  Chapter 25 – risk management (contd)  Risk Identification  Risk Components and Drivers  Risk Projection  Developing a Risk table  Assessing risk impact  Risk Refinement  What is RMMM?  RMMM Plan
  • 3. Risk Components and Drivers (1)  The U.S. Air force has published an excellent guideline for software risk identification and abatement.  Their approach requires project manager to identify risks drivers that affect software risk components  Following are the Risk Components  Performance  Cost  Support  Schedule
  • 4. Risk Components and Drivers (2)  These risk components are defined as follows in context of these guidelines:  Performance risk  The degree of uncertainty that the product will meet its requirements and be fit for its intended use  Cost risk  The degree of uncertainty that the project budget will be maintained  Support risk  The degree of uncertainty that the resultant software will be easy to correct, adapt and enhance  Schedule risk  The degree of uncertainty that the project schedule will be maintained and that the product will be delivered on time
  • 5. Risk Components and Drivers (3)  The impact of each risk driver on the risk component is determined. This impact can be any of these four impact categories  Negligible  Marginal  Critical  Catastrophic
  • 6. Risk Projection (1)  Risk Projection is also known as Risk Estimation  Risk projection rates each risk in two ways:  the probability that the risk is real and  the consequences of the problems associated with the risk, should it occur  4 Risk projection steps performed by project planner along with other managers & tech staff 1. Establish a scale that reflects the perceived likelihood of a risk 2. Delineate the consequences of the risk 3. Estimate the impact of the risk on the project and the product 4. Note overall accuracy of the risk projection so that there will be no misunderstandings
  • 7. Risk Projection (2)  The aim of these steps is to eventually determine prioritization of the risk  By prioritizing risks, the software team can allocate resources where they will have the most impact.
  • 8. Developing a Risk Table (1)  A risk table provides a project manager with a simple technique for risk projection (estimation)  The risk table can be implemented as a spread sheet model (enabling easy manipulation & sorting of entries)  The table has the following content:  1st column: list of all risks  2nd column: categorization of risks, e.g., PS (Project Size risk), BU (Business risk)  3rd column: probability of risk occurrence  4th column: risk impact category  determined by averaging the impact categories of the 4 risk components – performance, support, cost, schedule)
  • 9. Developing a Risk Table (2)  After the first four columns are completed, the table is sorted by probability and by impact.  High probability and high impact risks move to the top of the table and low ones drop to bottom  Project Manager studies the resultant (1st order risk prioritization) table and defines a cutoff line.  Risks above the cutoff line must be managed  Risks below cutoff line are reevaluated for 2nd order prioritization.  5th column: contains a pointer into a Risk Mitigation, Monitoring and Management Plan (RMMM) or alternatively, a collection of risk information sheets developed for all risks above the cutoff
  • 10. Assessing Risk Impact  If a risk does occur, then the consequences (that are likely) are affected by 3 factors  nature of risk  scope (severity & its distribution) of risk  timing of risk  Following are the recommended steps to determine overall consequences of risk  Determine the avg probability of occurrence value for each risk component  Using impact assessment (fig. 25.1), determine impact for each component based on the criteria.  Complete the risk table & analyze the results as described in the preceding sections.  The overall risk exposure RE is determined using the following relationship:  RE = P x C where P = probability of occurrence for risk C = cost to the project, if risk occurs
  • 11. Risk Refinement (1)  During early stages of the project, a risk is stated generally  As time passes, learning about project work and related risks improves  Hence, risks stated earlier can be refined, making them more detailed so that they are easier to handle  Risk can be represented in condition-transition- consequence (CTC) format  Given that <condition> then there is a concern that (possibly) <consequence>
  • 12. Risk Refinement (2)  Example:  Given that all reusable components must conform to specific design standards and that some do not conform, then there is a concern that possibly only 70 percent of the planned reusable modules may actually be integrated into the as-built system, resulting in the need to custom engineer the remaining 30 percent of components  Refinement:  Subcondition1  Certain reusable components were developed by a third party with no knowledge of internal design standards  Subcondition2  The design standard for component interfaces has not been solidified and may not conform to certain existing reusable components  Subcondition3  Certain reusable components have been implemented in a language that is not supported on target environment  The consequence (of custom engg of 30% components) remains same for all refined subconditions but refinement helps in easy risk analysis
  • 13. What is RMMM?  RMMM = Risk Mitigation, Monitoring and Management  An effective strategy to deal with risks must consider issues such as:  Risk avoidance  Risk monitoring  Risk management and contingency planning  RMMM steps incur additional project cost
  • 14. Example Scenario of a RISK…  Scenario  Assume that high staff turnover is a project risk r1.  Based on past history, the likelihood l1, of high turnover is estimated to be 70%  The impact x1, is projected as critical  So, high turnover will have a critical impact on project cost and schedule  Steps to mitigate r1:  Meet the staff to find the causes of turnover (poor working conditions, low pay, etc.)  Try to reduce the causes of turnover (if possible) before project starts  Once project starts, assume turnover will occur and develop techniques to ensure continuity when people leave
  • 15. Example Scenario of a RISK…  Organize project teams so that information about each development activity is widely dispersed.  Define documentation standards & establish mechanisms to ensure that documents are timely developed.  Conduct peer reviews of all work.  Assign backup staff member for every critical technologist.  Risk Monitoring for r1: As project proceeds, risk monitoring activities commence to find indications whether the risk is becoming more or less likely. Following factors are considered for r1:  General attitude of team members based on project pressures.  The degree to which the team is jelled.
  • 16. Example Scenario of a RISK…  Interpersonal relationships among team members.  Potential problems with compensation and benefits.  The availability of jobs within or outside the company.  Risk Management & Contingency Planning: This stage comes into play when mitigation efforts have failed and risk has become a reality.  Considering again scenario for r1.  The project is underway and a number of people announce that they will be leaving.  If mitigation strategy has been followed, backup is available, information is documented and knowledge is dispersed across the team.
  • 17. Example Scenario of a RISK…  Project manager may refocus resources to those functions that are fully staffed and re-adjust schedule accordingly.  The newcomers can “get up to speed” in the mean time.  Individuals who are leaving are asked to stop all work and spend their last weeks in “knowledge transfer mode”.  This may include  video-based knowledge capture,  development of “commentary documents”,  And / or meeting with other team members who will stay on the project team
  • 18. Example Scenario of a RISK…  Cost/benefit analysis:  Since RMMM steps incur additional cost, the project managers & planners must consider if the benefit of these steps are outweighed by costs associated in implementing them.  If risk management steps are projected to increase costs by 5% and duration by only 3%, then there is no harm in putting them in place.  If these steps increase both project cost and duration by 15%, then they may not be undertaken.
  • 19. Risk Management  For a large project, 30 to 40 risks can be identified. If between 3 & 7 risk management steps are identified for each risk, risk management may become a project itself!  For this reason, we adapt the Pareto 80-20 rule to software risks  Experience indicates that 80% of overall project risk (potential for failure) can be accounted for by 20% of the identified risks (the critical 20 risks with highest project priority).  Risks can even occur after the software has been successfully developed & delivered to the customer.  Software safety and hazard analysis (SQA activities) focus on identification & assessment of potential hazards that have negative affect and may cause entire system to fail.
  • 20. The RMMM Plan  The RMMM plan documents all work performed as part of risk analysis.  It is used by project manager as part of overall project plan.  Some software teams do not develop formal RMMM document. Rather, each risk is documented individually using a risk information sheet (RIS).  In most cases, RIS is maintained using a database system so that creation & information entry, priority ordering, searches, and other analysis may be accomplishes easily.
  • 21. The RMMM Plan  RIS contains the following information (Fig. 25.4)  Risk ID, Date, Probability & Impact  Description  Refinement/context  Mitigation/monitoring  Management/Contingency Plan/trigger  Current Status  Originator & Assigned (to whom) information  Once RMMM has been documented & project has begun, risk mitigation and monitoring steps commence.
  • 22. The RMMM Plan  Risk mitigation is problem avoidance activity  Risk monitoring has three main objectives:  To assess whether predicted risks do, in fact, occur  To ensure that risk aversion steps defined for the risk are properly applied  To collect info that can be used for future risk analysis  A part of monitoring is to find causes (origin) of risks.

Editor's Notes

  • #5: For stuyding about risk drivers, refer to a research paper The one-minute risk assessment tool – by Amrit Tiwana  Emory University, Atlanta, GA Mark Keil  Georgia State University, Atlanta http://portal.acm.org/citation.cfm?doid=1029496.1029497
  • #20: Constituency = any body of supporters, patrons, customers, etc.; clientele