Escolar Documentos
Profissional Documentos
Cultura Documentos
Risk Management
Risk: An unwanted event that may happen during the software
development.
Risk Management
Different steps in Risk Analysis and Management involves:
1. Risk identification
2. Risk analysis
Determine the likelihood that it will occur and damage that it will
do if does occur
Risk Management
Risk strategies
Reactive strategy
Proactive strategy
Risk Management
Reactive Strategy
Never worry about problems until they happened
At best, a reactive strategy monitors the project for likely
risks.
Resources are set aside to deal with them, when it become
actual problem
i.e. the software team does nothing about risks until
something goes wrong
When it happens ,the team flies into the action in an
attempt to correct the problem rapidly.
This is called fire fighting mode.
When this fails Crisis Management takes over and the
project is in a real jeopardy.
This strategy is not commonly used.
Risk Management
Proactive strategy
Risk Management
Software risks
An unwanted event
It possess two characteristics
Uncertainty
Loss
Uncertainty
The risk may or may not happen
There are no 100% probable risks
Loss
If the risk become a reality ,unwanted consequences or
losses will occur.
Risk Management
Different categories of risks
Project Risks
Threaten the project plan
i.e. if the project risks become real ,it is likely that project
schedule will slip and that cost will increase.
Project risk identify the potential budgetary ,schedule
,personnel(staffing and organization),resource, customer
and requirements problem and their impact on a software
project.
Project complexity ,size and degree of structural
uncertainty were also defined as project and estimation risk
factor.
Risk Management
Technical risks
Risk Management
Business risks
Risk Management
Another classification of risks:
Known risks
That can be uncovered after careful evaluation of the
project plan, the business and technical environment in
which the project is being developed or other reliable
information sources
Predictable risks
Are extrapolated from past project experience
(e.g. staff turn over, poor communication with the
customer, dilution of staff effort)
Unpredictable risks
They can and do occur
But they are extremely difficult to identify in advance
Risk Management
Risk identification
Risk identification is a systematic attempt to specify threats
to the project (estimates ,schedule, resource loading etc.)
By knowing the known and predictable risks, the project
manager takes a first step towards avoiding them when
possible and controlling them when necessary.
There are two distinct types of risks for each of the
categories of software risks:
Generic
Product-specific risks
Risk Management
Generic risks are a potential threat to every software project.
Product-specific risks can be identified by only by those with
a clear understanding of the technology,the people and the
environment that is specific to the project at hand.
Risk Management
Risk Management
Product size
Risks associated with the overall size of the software to
be built or modified.
Business impact
Risks associated with constraints imposed by
management or the market place
Customer characteristics
Risks associated with the sophistication of the customer
and the developers ability to communicate with the
customer in a timely manner
Process definition
Risks associated with the degree to which the software
process has been defined and is followed by the
development organization
Risk Management
Development environment
Risks associated with the availability and uality of the
tools to be used to build the product.
Technology to be built
Risks associated with the complexity of the system to be
built and the newness of the technology that is packaged
by the system.
Staff size and experience.
Risks associated with the overall technical and project
experience of the software engineers who will do the
work
Risk Management
The risk item check list can be organized in different ways:
Questions relevant to each of the topics can be answered
for each software project.
These answers allow the planner to estimate the impact of
risk.
Or simply lists characteristics that are relevant to each
generic sub category
Finally a set of risk components and drivers are listed along
with their probability of occurrence.
Risk Management
Risk components and drivers
The following are the risk components.
Performance risk:
the degree of uncertainty that the product will meet
its requirements and be fit for its intended use
Cost risk
The degree of uncertainty that the project budget
will be maintained
Support risk
The degree of uncertainty that the resultant software
will be easy to correct ,adapt and enhance
Schedule risk
The degree of uncertainty that the project schedule
will be maintained and that the product will be
delivered on time.
Risk Management
The impact of each risk driver on the risk component is
divided into one of four impact categoriesnegligible,marginal,critical and catastropic.
Risk Management
Risk Projection
Risk projection also known as risk estimation attempts to
rate each risk in two ways
1. Likelihood or probability that risks is real and
2. consequences of the problems associated with the risk
when it occur.
Risk Management
The project planner ,along with other mangers and technical
staff ,performs four risk projection activities:
1. Establish a scale that reflects the perceived likelihood of a
risk.
2. Delineate the consequences of the risk
3. Estimate the impact of the risk on the project and the
product
4. Note the overall accuracy of the risk projection so that
there will be no misunderstandings.
Risk Management
Developing a Risk table
A risk table provides a project manger with a simple
techniue for risk projection
A simple risk table is illustrated in fig.
Risk Management
Assessing Risk Impact
Three factors affect the consequences that are likely if a
risk does occur: its nature ,its scope and its timing.
The nature of the risk indicates the problems that are likely
if it occurs
The scope of a risk combines the severity with its overall
distribution
i.e. how much of the project will be affected or how many
customers are harmed.
The timing of a risk considers when and for how long the
impact will be felt
Risk Management
The overall risk exposure ,RE is determined using the
following relationship:
RE=PC
Pprobability of occurrence
Ccost to the project should the risk occur
Risk Management
Risk Assessment
At this point of risk mangement,a set of triples is formed
[ , , ]
Risk Management
i.e. there is a level for performance degradation ,cost
overrun,support difficulty or schedule slippage that will cause
the project to be terminated
If a combination of risks create problems that cause one or
more of these referent levels to be exceeded ,work will stop.
Risk Management
Project Termination
Risk Management
The steps during risk assessment are
Define the risk referent levels for the project
Attempt to develop a relationship between each [ , , ] and
28
Risk Management
Risk Mitigation,Monitoring and Management
The goal of the risk analysis activity is to assist the
project team in developing a strategy for dealing with a
risk.
An effective strategy must consider three issues
Risk avoidance
Risk monitoring
Risk management and contingency planning
29
Risk Management
If the software adopts a proactive approach to
risk,avoidance is always the best strategy .
This is achieved by developing a plan for risk mitigation
As the project proceeds ,risk monitoring activities
commence.
The project manager monitors factors that may provide an
indication of whether the risk is becoming more or less
likely.
Risk mangement and contingency planning assumes that
mitigation efforts have failed and that the risk has become
reality.
30
Risk Management
RMMM plan
A risk management strategy can be included in the
software project plan or the risk management steps can be
organized into a separate Risk Mitigation,Monitoring and
Management Plan.
The RMMM plan documents all work performed as a part
of risk analysis and is used by the project manager as part
of the overall project plan.
Some software team documents each risks individually
using a Risk Information Sheet(RIS)
31
Risk Management
In most cases RIS is maintained using a database system,so
that creation and information entry ,priority ordering
,searches and other analysis may be accomplished easily.
32
Risk Management
Once RMMM has been documented and project has
begun, risk mitigation and moitoring steps commence.
Risk mitigation is a problem avoidance activity.
Risk monitoring is a project tracking activity with three
primary objectives:
1. To assess whether predicted risks do occur
2. To ensure that risk aversion steps defined for the risk
are being properly applied.
3. To collect information that can be used for future risk
analysis
33
Risk Management
Problems that occur during a project can be traced to more
than one risk.
Another job of risk monitoring is to attempt to allocate
origin i.e. what risk caused which problem throughout the
project
34