Unit 15: Risk Management



Similar documents
Risk Management (3C05/D22) Unit 3: Risk Management. What is risk?

SOFTWARE RISK MANAGEMENT

Risk. Risk Categories. Project Risk (aka Development Risk) Technical Risk Business Risk. Lecture 5, Part 1: Risk

Case Study on Business Risk Management for Software Outsourcing Service Provider with ISM *

Appendix V Risk Management Plan Template

Integrating Risk Management into an Undergraduate Software Engineering Course

Introduction to Software Engineering. 9. Project Management

Evaluation and Integration of Risk Management in CMMI and ISO/IEC 15504

An Approach to Proactive Risk Classification

ISO, CMMI and PMBOK Risk Management: a Comparative Analysis

Contents. Today Project Management. Project Management. Last Time - Software Development Processes. What is Project Management?

Identification and Assessment of Software Project s Risk

TECH. Tracking Progress. Project Schedule PHASE 1 STEP 1 ACTIVITY 1.1. Activity and Milestone STEP 1 STEP 2 : ACTIVITY 2.2 : ACTIVITY 1.

Lifecycle Models: Waterfall / Spiral / EVO

CS3012 Software Engineering. Risk Management. Nicolás Cardozo Lloyd 1.17

PROJECT RISK MANAGEMENT

RISK MANAGEMENT STRATEGY

PROCESS FOR RISK ASSESSMENT

Shepway District Council Risk Management Policy

Design Reviews. Introduction

Software Quality Assurance: II Software Life Cycle

Software Risk Management: Principles and Practices

SERUM - Software Engineering Risk: Understanding and Management

Software Engineering. Dilbert on Project Planning. Overview CS / COE Reading: chapter 3 in textbook Requirements documents due 9/20

Towards Better Software Projects and Contracts: Commitment Specifications in Software Development Projects

REVIEW OF RISK MANAGEMENT METHODS

Software Engineering. Objectives. Designing, building and maintaining large software systems

Advancements in the V-Model

Software Risk Management

Outline. The Spiral Model of Software Development and Enhancement. A Risk-Driven Approach. Software Process Model. Code & Fix

Cost Estimation Strategies COST ESTIMATION GUIDELINES

Specialists in Strategic, Enterprise and Project Risk Management. PROJECT RISK MANAGEMENT METHODS Dr Stephen Grey, Associate Director

RETTEW Associates, Inc. RISK MANAGEMENT PLAN. for. (client project/rfp number) (date of proposal submission)

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Génie Logiciel et Gestion de Projets. Project Management

When Finances Go Wrong - Debt

Risk Management for IT and Software Projects

PROJECT RISK MANAGEMENT

TenStep Project Management Process Summary

Software Risk Management

Lowering business costs: Mitigating risk in the software delivery lifecycle

Motivations. spm adolfo villafiorita - introduction to software project management

Risk Management Framework

Risk Management. 1 The Risk Management Practice

Project Risk Management

Software Development Process Selection Approaches

Module 4. Risk assessment for your AML/CTF program

Chapter 1 Developing a healthy appetite for risk [DTI] 3. Chapter 2 Getting the best bang per buck [DEFRA] 5

Introduction to the ITS Project Management Methodology

ICS 121 Lecture Notes Spring Quarter 96

Risk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7

Software Engineering. Reading. Effort estimation CS / COE Finish chapter 3 Start chapter 5

Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction

Software Project Management Plan (SPMP)

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

Génie Logiciel et Gestion de Projets. Project Management

PROJECT MANAGEMENT PLAN TEMPLATE < PROJECT NAME >

Introduction to Software Engineering

Project Risk Management. Presented by Stephen Smith

Project management. Organising, planning and scheduling software projects. Ian Sommerville 2000 Software Engineering, 6th edition.

Risk Management. A guide to help you manage events or circumstances that have a negative effect on your business

Know Your Enemy: Software Risk Management 1

Basic HR Risk Management Principles in Digital Libraries

Opinion of the European Banking Authority on Good Practices for the Treatment of Borrowers in Mortgage Payment Difficulties

PHASE 3: PLANNING PHASE

Risk Management guide

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

A Risk Management Standard

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

Mid Suffolk District Council. Risk Management Strategy

TDWI strives to provide course books that are content-rich and that serve as useful reference documents after a class has ended.

SAMPLE MATERIAL. Pathways Plus. Strategic Management and Leadership. Level 7. Unit 7022 Strategic Risk Management

Project Management. Massimo Felici Room 1402, JCMB, KB

A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000

Software Quality Assurance in Agile, XP, Waterfall and Spiral A Comparative Study

1. Background and business case

RiskManagement ESIEE 06/03/2012. Aloysius John March 2012

A To Do List to Improve Supply Chain Risk Management Capabilities

Risk Management Plan template <TEMPLATE> RISK MANAGEMENT PLAN FOR THE <PROJECT-NAME> PROJECT

User experience prototype requirements PROJECT MANAGEMENT PLAN

Project Assessment Framework Establish service capability

Managing Successful Software Development Projects Mike Thibado 12/28/05

MISTAKE #1: Too Much Detail

Problems that haven t happened yet Why is it hard? Some are wary of bearing bad news. Define a strategy early in your project

Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge

Project management. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 5 Slide 1

Non-Technical Issues in Software Development

Utilizing Defect Management for Process Improvement. Kenneth Brown, CSQA, CSTE

Analyzing the Security Significance of System Requirements

Housekeeping. Emergency Exits. Cell phones. Bathrooms. Breaks. Introductions. Risk Management Art or Science?

Project Planning and Control. Main issues: How to plan a project? How to control it?

RISK MANAGEMENT AND COMPLIANCE

Risk Management Guide

Project Management. Software Projects vs. Engineering Projects

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Balancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs

Clinical Risk Management: Agile Development Implementation Guidance

Project management. Objectives

Transcription:

Unit 15: Risk Management Objectives Ð To explain the concept of risk & to develop its role within the software development process Ð To introduce the use of risk management as a means of identifying & controlling risk in software development What is risk? It is not just a game! 1

Definitions of risk ÒThe possibility of suffering harm or loss; dangeró ÒThe possibility of loss or injuryó ÒChance of danger, injury, lossó ÒA measure of the probability & severity of adverse effectsó Probability/ uncertainty Something bad happening Risks in the everyday world Financial risks - Òyour house is at risk if you fail to repay your mortgage or any loans secured on itó Health risks - Òthe chance that a person will encounter a specified adverse health outcome (like die or become disabled)ó Environmental & ecological risks - Òthe likelihood of extinction due to exposure of terrestrial wildlife to contaminantsó X Security risks - Òthere is a significant risk that widespread insertion of government-access key recovery systems into the information infrastructure will exacerbate, not alleviate, the potential for crime and information terrorismó More examples? 2

How is risk dealt with? Basic process: identify the risk -> analyse its implications -> determine treatment methods -> monitor performance of treatment methods Techniques & heuristics for the identification, analysis, treatment & monitoring of risk Insurance companies depend on understanding risk Risk management is a project management tool to assess & mitigate events that might adversely impact a project, thereby increasing the likelihood of success Why is the software world interested in risk? Many post-mortems of software project disasters indicate that problems would have been avoided (or strongly reduced) if there had been an explicit early concern with identifying & resolving high-risk elements! Browse the forum on ÒRisks An obvious cost factor! To The Public In Computers & Related SystemsÓ http://catless.ncl.ac.uk/risks Successful project managers are good risk managers! 3

Sources of software risk (systems context) Hardware People Technology SYSTEM Cost Software Schedule Reproduced from [Higuera 1996] ÒSoftware Risk ManagementÓ, Technical Report CMU/SEI-96-TR-012, ESC-TR-96-012, June 1996 Why is it often forgotten? Optimistic enthusiasm at the start of projects Software process can lead to over-commitment & binding requirements much too early on Premature coding The Òadd-onÓ syndrome Warning signals are missed Legal implications Poor software risk management by project managers 4

Software risk management Objectives Ð To identify, address & eliminate risk items before they become either threats to successful software operation or major sources of software rework Ð Necessary that some form of measurement is undertaken to determine & classify the range of risks a software development project faces, & to identify areas where a significant exposure exists The discipline attempts to provide a set of principles & practices to achieve the above A response to change & uncertainty The need to manage risk Risk Methods, tools & processes Expert knowledge, judgement & experience Individual knowledge, judgement & experience System complexity Reproduced from [Higuera 1996] 5

The questions What can go wrong? What is the likelihood it will go wrong? What are the consequences? What can be done? What options are available? Software risk management steps & techniques Risk assessment Risk management Risk control [Boehm 1991] Risk identification Risk analysis Risk prioritisation Risk-management planning Risk resolution Risk monitoring Checklists Decision-driver analysis Assumption analysis Decomposition Performance models Cost models Network analysis Decision analysis Quality-factor analysis Risk exposure Risk leverage Compound-risk reduction Buying information Risk avoidance Risk transfer Risk reduction Risk-element planning Prototypes Simulations Benchmarks Analyses Staffing Risk-plan integration Milestone tracking Top 10 tracking Risk reassessment Corrective action 6

Risk assessment Risk identification - listing project-specific risk items that are likely to compromise a projectõs success Risk analysis - assessing the loss probability & loss magnitude for each identified risk item, & assessing compound risks Risk prioritisation - ordering & ranking the risk items identified & analysed Risk control Risk-management planning - doing the ground work so as to be in a position to address each risk item Risk resolution - producing a situation in which risk items are eliminated or resolved Risk monitoring - tracking the projectõs progress towards resolving risk items & taking corrective action where required 7

E.g. top 10 risks in software project mgmt Personnel shortfalls [Boehm 1991] Unrealistic schedules & budgets Developing the wrong functions & properties Developing the wrong user interface Gold-plating Continuing stream of requirements changes Shortfalls in externally furnished components Shortfalls in externally performed tasks Real-time performance shortfalls Straining computer-science capabilities Determine a risk-management technique to deal with each of these E.g. project sizing matrix Always a question of balance - full risk analysis may not improve risk probability estimation significantly! [Used @ DERA] 8

E.g. prioritisation scheme Risk-exposure quantity is an effective technique for risk prioritisation Ð Assess risk probabilities & losses on a scale 0-10 Ð Multiply probability by loss to determine exposure Unsatisfactory outcome Probability of unsatisfactory outcome Loss caused by unsatisfactory outcome Risk exposure Software error loses key data 3-5 8 24-40 Processor memory insufficient 1 7 7 Relies on accurate estimates of the probability & loss associated with an unsatisfactory outcome E.g. risk management plan The Risk Management Plan (RMP) presents the process for implementing proactive risk management as part of overall project management The RMP describes techniques for identifying, analysing, prioritising & tracking risks; developing risk-handling methods; & planning for adequate resources to handle each risk, should they occur The RMP also assigns specific risk management responsibilities & describes the documenting, monitoring & reporting processes to be followed 9

E.g. PMP summarised as a risk register [Used @ DERA] Ways of dealing with risks Elimination: where exposure to risk is terminated Retention: where the risk is made tolerable, perhaps after some modification Avoidance: where the risk is negated in some way, possibly by redesign of work methods Transfer: where the risk is passed to a third party, either contractually or via insurance Need to balance acceptable risks 10

Implement & ÉÉÉ. track An on-going process of measuring the effect that implementation of a risk management programme has had & its ability to continue Focus on the high-risk, high-leverage critical success factors Ð Rank a projectõs most significant risk items (prepare) Ð Establish a regular schedule for review of progress (meet) Ð Summarise progress on top risk items (discuss) Ð Focus on handling any problems in resolving the risk items (act) Putting risk management into practice Insert risk management principles & practices into your software development process, so they are riskoriented & risk-driven - do this gradually & incrementally Start with a top 10 risk-item tracking process - lightweight, cheap & good returns! Develop a WWWWWHHM RMP template to populate Not a prescription - relies on good human judgement! A focus on CSFs can help you win work! 11

The BIGGEST risk? Not knowing what the risks are! Key points The enemy of the software manger is risk Software projects must manage risks to minimise their consequences Time spent identifying, analysing & managing risk pays off! You can use the 6 stage conceptual framework with its associated techniques as a solid starting point If nothing else, be risk awareé 12

Core references B. W. Boehm, "Software Risk Management: Principle and Practices," IEEE Software, Vol. 8, No. 1, January 1991, pp. 32-41 Roger Pressman, ÒSoftware Engineering: A PractitionerÕs ApproachÓ, McGraw-Hill, 5th edition, ISBN: 0-07-709677-0 (Chapter 6) Ð Contains pointers to lots more refs You are strongly advised to read one of these! Ian Sommerville, ÒSoftware EngineeringÓ, Addison- Wesley, 6th Edition, ISBN: 0-201-39815-X (Chapter 4.4) Supplementary references P. G. Neumann, ÒComputer Related RisksÓ, ACM Press, 1995 LOTS of general J. Adams, ÒRiskÓ, UCL Press, 1995 risk info on the web! B. W. Boehm, ÒSoftware Risk ManagementÓ, CS Press, 1989 Tom Gilb, ÒPrinciples of Software Engineering ManagementÓ, Addison-Wesley, 1998, ISBN: 0-201- 19246-2 (Chapter 6) IEEE Software - Special issues on Risk - May 1994 & May/June 1997 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information