Project Risks. Risk Management. Characteristics of Risks. Why Software Development has Risks? Uncertainty Loss



Similar documents
Lecture Notes #27: Software Risk Management

Risk Mitigation, Monitoring and Management Plan

Project Management. Software Projects vs. Engineering Projects

Darshan Institute of Engineering & Technology Unit : 10

Project Management. Project Analysis and Definition. Project Management. Project Management People

CSSE 372 Software Project Management: Software Risk Management

P3M3 Portfolio Management Self-Assessment

Noorul Islam College of Engineering M. Sc. Software Engineering (5 yrs) IX Semester XCS592- Software Project Management

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

PROJECT RISK MANAGEMENT

RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) RISK MANAGEMENT JUST A PART OF PROJECT MANAGEMENT

Project planning and scheduling

Appendix V Risk Management Plan Template

Contents. Today Project Management. Project Management. Last Time - Software Development Processes. What is Project Management?

The purpose of Capacity and Availability Management (CAM) is to plan and monitor the effective provision of resources to support service requirements.

Risk Management Primer

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

I. TABLE OF CONTENTS...

Development, Acquisition, Implementation, and Maintenance of Application Systems

Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

Software Engineering Compiled By: Roshani Ghimire Page 1

1.20 Appendix A Generic Risk Management Process and Tasks

Risk Management: Pro-active Principles for Project Success. Liz Markewicz Don Restiano

What is Software? The Software Development Process. Definition of Software. Why Software?

Evaluation and Integration of Risk Management in CMMI and ISO/IEC 15504

RISK MANAGEMENT IN CITIZEN ORIENTED INNOVATIVE SOFTWARE DEVELOPMENT PROJECTS

Risk. Risk Categories. Project Risk (aka Development Risk) Technical Risk Business Risk. Lecture 5, Part 1: Risk

Measurement Information Model

pm4dev, 2007 management for development series Introduction to Project Management PROJECT MANAGEMENT FOR DEVELOPMENT ORGANIZATIONS

Risk Mapping A Risk Management Tool with Powerful Applications in the New Economy

Schedule Compression

Risk Assessment Worksheet and Management Plan

Project management. Organising, planning and scheduling software projects. Ian Sommerville 2000 Software Engineering, 6th edition.

1 Proactive risk management is sometimes described as fire fighting.

Project Management. Massimo Felici Room 1402, JCMB, KB

Software Project Measurement

Rolling Wave Planning: Manage Projects Without Going Under

Software Quality. Software Quality Assurance and Software Reuse. Three Important Points. Quality Factors

RISK MANAGEMENT & ISO 9001:2015. Greg Hutchins PE CERM Quality + Engineering CERM Academy GregH@CERMAcademy.com 800.COMPETE or

Desktop Scenario Self Assessment Exercise Page 1

Project management. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 5 Slide 1

Recognizing and Mitigating Risk in Acquisition Programs

Company Management System. Business Continuity in SIA

Application Security in the Software Development Lifecycle

Software Engineering. Project Management. Based on Software Engineering, 7 th Edition by Ian Sommerville

Software Project Scheduling. - Introduction - Project scheduling - Task network - Timeline chart - Earned value analysis

ISO, CMMI and PMBOK Risk Management: a Comparative Analysis

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

Introduction. Chapter 1

Information Technology Project Oversight Framework

CNPE DRAFT POSITION STATEMENT ( ) Nurses Involvement With the EHR: Advocating Patient Safety

ASSESSMENT OF QUALITY RISK MANAGEMENT IMPLEMENTATION

Latest Trends in Testing. Ajay K Chhokra

Software Project Management Matrics. Complied by Heng Sovannarith

Project Planning. COSC345 Lecture 3 Slides: Andrew Trotman Dramatic presentation: Richard O Keefe. Software Engineering 2013

A Study on Software Metrics and Phase based Defect Removal Pattern Technique for Project Management

PROJECT RISK ANALYSIS AND MANAGEMENT

3.0 Risk Assessment and Analysis Techniques and Tools

Business Continuity and Disaster Planning

Disaster Prevention and Recovery for School System Technology

SOFTWARE PROJECT MANAGEMENT

Much attention has been focused recently on enterprise risk management (ERM),

Risk Management Framework

Skatteudvalget (2. samling) SAU Alm.del Bilag 48 Offentligt. Programme, Project & Service Management Analysis

Project management tutorial

DATA QUALITY MATURITY

Accurate Forecasting: The Heart of Call Center Success

1. What Is Risk? 3. Perspectives on Risk. Risk Management. 6. Characteristics of Risk Management 7. Advantages of Risk Management

A Risk Management Standard

Business Continuity Management

Capital Management Standard Banco Standard de Investimentos S/A

SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY

Project Management Challenges in Software Development

Project Management Fact Sheet:

AIPM PROFESSIONAL COMPETENCY STANDARDS FOR PROJECT MANAGEMENT PART B CERTIFIED PRACTISING PROJECT PRACTITIONER (CPPP)

copyright 1996, 2001, 2005 R.S. Pressman & Associates, Inc.

IT Project Management Methodology. Project Risk Management Guide. Version 0.3

Guide to Developing Risk Management Plans for Sport & Active Recreation Clubs

Five best practices for deploying a successful service-oriented architecture

Knowledge Management Series. Internal Audit in ERP Environment

SSgA CAPITAL INSIGHTS

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Space project management

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Recovery Management. Release Data: March 18, Prepared by: Thomas Bronack

Project Risk Management

Software-based medical devices from defibrillators

Evaluating the Business Impacts of Poor Data Quality

An Introduction to. Metrics. used during. Software Development

CHAPTER 24 SOFTWARE PROJECT SCHEDULING. Overview

Risk assessment. made simple

Project Zeus. Risk Management Plan

Transcription:

Project Risks Risk Management What can go wrong? What is the likelihood? What will the damage be? What can we do about it? M8034 @ Peter Lo 2006 1 M8034 @ Peter Lo 2006 2 Characteristics of Risks Uncertainty Loss Why Software Development has Risks? Novel Complex New technology Involve many people Specialist expertise Methods M8034 @ Peter Lo 2006 3 M8034 @ Peter Lo 2006 4

Risk Management Paradigm Stages of Risk Analysis Control Identify Characterize Track RISK Identify Quantify Assess Plan Risk Aversion Plan Analyze M8034 @ Peter Lo 2006 5 M8034 @ Peter Lo 2006 6 Reactive Risk Strategies Most software teams rely solely on reactive strategies. The team closely monitors the project for likely risks. Resources are set aside to deal with them. More commonly, the software team does nothing about risks until something goes wrong. The team flies into action to correct the problem rapidly. This is called fire fighting mode. Reactive Risk Management Project team reacts to risks when they occur Mitigation Plan for additional resources in anticipation of fire fighting Fix on Failure Resource are found and applied when the risk strikes Crisis Management Failure does not respond to applied resources and project is in jeopardy M8034 @ Peter Lo 2006 7 M8034 @ Peter Lo 2006 8

Proactive Risk Strategies More intelligent strategy. This begins long before technical work initiated. Potential risks are identified, their probability and impact are assessed and they are ranked by importance. The team establishes a plan for managing risk. The primary objective is to avoid risk, but because not all risks can be avoided, the team works to develop a contingency plan that will enable it to respond in controlled and effective manner. Proactive Risk Management Formal risk analysis is performed Organization corrects the root causes of risk Total Quality Management (TQM) concepts and statistical Software Quality Assurance (SQA) Examining risk sources that lie beyond the bounds of the software Developing the skill to manage change M8034 @ Peter Lo 2006 9 M8034 @ Peter Lo 2006 10 Proactive Risk Management After estimation of effort, duration and cost, it is need to decide go on the project or not. Making decision to go on without analyzing risks only means that risks will have to be faced after they have materialized into problems without preparations. Risk Mitigation, Monitoring, and Management Mitigation how can we avoid the risk? Monitoring what factors can we track that will enable us to determine if the risk is becoming more or less likely? Management what contingency plans do we have if the risk becomes a reality? M8034 @ Peter Lo 2006 11 M8034 @ Peter Lo 2006 12

Risk Mitigation, Monitoring, and Management To avoid the risks an effective strategy must consists of three issues : Risk Avoidance Risk Monitoring Risk Management and Contingency Planning Risk Mitigation, Monitoring, and Management The best strategy is Risk Avoidance. This is achieved by developing a plan for risk mitigation. As project proceeds, Risk Monitoring activities commence. The project manager monitors that may provide an indication of whether the risk is becoming more or less likely. Risk Management and Contingency Planning assumes that mitigation efforts have failed and that risk has become a reality. M8034 @ Peter Lo 2006 13 M8034 @ Peter Lo 2006 14 Risk Mitigation, Monitoring and Management Plan Risk Mitigation, Monitoring and Management (RMMM) Plan documents all work performed a part of the risk analysis and is used by the project manager as part of the overall project plan. Risk Table The project manager studies the resultant sorted table and defines a cut off line. The cut off line (drawn horizontally at some point in the table) implies that only risks that lie above the line will be given further attention. The risks below the line are re-evaluated to accomplish second-order prioritisation. All risks that lie above the cut off line must be managed. M8034 @ Peter Lo 2006 15 M8034 @ Peter Lo 2006 16

Risk Table The last column RMMM is a pointer to Risk Mitigation, Monitoring and Management Plan. RMMM is the collection of risk information sheets developed for all risks that lie above the cut off. Risk probability can be determined by making individual estimates and then developing a single consensus value. More sophisticated techniques are also available now a days. Probability of 0.7 to 1.0 implies a high probable risk. Component Factors for Impact Ratings The nature of the consequences (e.g. staff turnover hit design throughput, cause slippage & additional cost, and affect quality) The severity (i.e. how serious would be an occurrence?) The distribution (i.e. how wide would be the implications?) The timing (i.e. when would it occur?) The duration (i.e. how long would it be felt?) M8034 @ Peter Lo 2006 17 M8034 @ Peter Lo 2006 18 Building the Risk Table Risk Monitoring Estimate the probability of occurrence Estimate the impact on the project on a scale of 1 to 5 1 = Low impact on project success 5 = Catastrophic impact on project success Sort the table by probability and impact Risk Probability Impact RMMM Risk Mitigation Monitoring & Management M8034 @ Peter Lo 2006 19 Risk Monitoring involves regularly assessing each of the identified risks to decide whether or not that risk is becoming more or less probable and whether the efforts of the risk have changed. Risk monitoring should be a continuous process and, at the management progress review, each of the key risks should be considered separately and discussed by the meeting. M8034 @ Peter Lo 2006 20

Risk Identification Risk identification is a systematic attempt to specify threats to the project plan. By identifying known and predictable risks, the project manager takes a first step toward avoiding them when possible and controlling them when necessary. Risk identification starts with categorization: Business Risks Project Risks Technical Risks Known Risks Risk Identification Business Risks Example Product clashes with company's strategic aims. Product has no market. Product can't be grasped by salespeople. Loss of upper management support (e.g. change of strategy, change of boss). Loss of resources (e.g. money withdrawn, people withdrawn, equipment withdrawn). M8034 @ Peter Lo 2006 21 M8034 @ Peter Lo 2006 22 Risk Identification Project Risks Project risks threaten project plan. If project risks become real, it is likely that project schedule will slip and costs will increase. Project risks identify potential budgetary, schedule, personnel, resource, customer, and requirement problems and their impact on a software project. Example: Inadequate customer commitment Incorrect or incomplete requirements Inadequate resource base Too tight a budget Too tight a schedule High staff turnover Inadequate team organization M8034 @ Peter Lo 2006 23 Risk Identification Technical Risks Technical risks threaten the quality and timeliness of the software to be produced. If a technical risk becomes a reality, implementation may become difficult or impossible. Technical risks identify potential design, implementation, interfacing, verification, and maintenance problems. Technical risks occur because the problem is harder to solve than we through it would be. M8034 @ Peter Lo 2006 24

Risk Identification Known risks Known risks are those that can be uncovered after careful evaluation of the project plan, the business and technical environment in which the project is being developed and other reliable information sources E.g. unrealistic delivery date, lack of documented requirements or software scope, poor development environment Risks Factors Hardware Software Users Developers Environment Time Money M8034 @ Peter Lo 2006 25 M8034 @ Peter Lo 2006 26 Risks due to Product Size Risks due to Business Impact Attributes that affect risk: Estimated size of the product in LOC or FP? Estimated size of product in number of programs, files, transactions? Percentage deviation in size of product from average for previous products? Size of database created or used by the product? Number of projected changes to the requirements for the product? before delivery? after delivery? Amount of reused software? M8034 @ Peter Lo 2006 27 Attributes that affect risk: Affect of this product on company revenue? Visibility of this product by senior management? Reasonableness of delivery deadline? Number of customers who will use this product Interoperability constraints Sophistication of end users? Amount and quality of product documentation that must be produced and delivered to the customer? Governmental constraints Costs associated with late delivery? Costs associated with a defective product? M8034 @ Peter Lo 2006 28

Risks due to Customer Questions that must be answered: Have you worked with the customer in the past? Does the customer have a solid idea of requirements? Has the customer agreed to spend time with you? Is the customer willing to participate in reviews? Is the customer technically sophisticated? Is the customer willing to let your people do their job that is, will the customer resist looking over your shoulder during technically detailed work? Does the customer understand the software engineering process? Risks due to Process Maturity Questions that must be answered: Have you established a common process framework? Is it followed by project teams? Do you have management support for software engineering Do you have a proactive approach to SQA? Do you conduct formal technical reviews? Are CASE tools used for analysis, design and testing Are the tools integrated with one another? Have document formats been established? M8034 @ Peter Lo 2006 29 M8034 @ Peter Lo 2006 30 Technology Risks Questions that must be answered: Is the technology new to your organization? Are new algorithms, I/O technology required? Is new or unproven hardware involved? Does the application interface with new software? Is a specialized user interface required? Is the application radically different? Are you using new software engineering methods? Are you using unconventional software development methods, such as formal methods, AI-based approaches, artificial neural networks? Are there significant performance constraints? Is there doubt the functionality requested is "do-able?" Staff/People Risks Questions that must be answered: Are the best people available? Does staff have the right skills? Are enough people available? Are staff committed for entire duration? Will some people work part time? Do staff have the right expectations? Have staff received necessary training? Will turnover among staff be low? M8034 @ Peter Lo 2006 31 M8034 @ Peter Lo 2006 32

Recording Risk Information Project: Embedded software for XYZ system Risk type: schedule risk Priority (1 low... 5 critical): 4 Risk factor: Project completion will depend on tests which require hardware component under development. Hardware component delivery may be delayed Probability: 60 % Impact: Project completion will be delayed for each day that hardware is unavailable for use in software testing Monitoring approach: Scheduled milestone reviews with hardware group Contingency plan: Modification of testing strategy to accommodate delay using software simulation Estimated resources: 6 additional person months beginning 7-1-96 Predictable Risks & Unpredictable Risks Predictable risks are extrapolated from past project experience E.g. staff turnover, poor communication with the customer, dilution of staff effort as ongoing maintenance requests are serviced Unpredictable risks can and do occur, but they are extremely difficult to identify in advance. M8034 @ Peter Lo 2006 33 M8034 @ Peter Lo 2006 34 Generic Risks & Product-specific Risks Generic Risks are a potential threat to every software project. Product-specific risks can be identified only by those with a clear understanding of the technology, the people and the environment that is specific to the project at hand. Risk Projection (Risk Estimation) It attempts to rate each risk in two ways - the likelihood or probability that the risk is real and the consequences of the problems associated with the risk. The four risk projection activities are Establish a scale that reflects the likelihood of a risk Delineate (portray by drawing) the consequences of the risk Estimate the impact of the risk on the project and the product Note the overall accuracy of the risk projection so that there will be no misunderstandings. M8034 @ Peter Lo 2006 35 M8034 @ Peter Lo 2006 36

Risk Exposure Risk Exposure = P x C P the probability of occurrence for a risk C the cost of the project if the risk occur Risk Assessment Defining a likelihood scale (e.g. highly unlikely... highly likely; 0..1). Defining an impact scale. Using scale to rate the likelihood & impact for each risk. Output A set of Risk Triple (risk, likelihood rating, impact rating) M8034 @ Peter Lo 2006 37 M8034 @ Peter Lo 2006 38 Risk Assessment The next step in risk analysis involves assessing whether the risk levels are acceptable. The idea is to correlate the risk triple with break factors & break levels (Risk Referent level) so as to reach a go/no-go decision. M8034 @ Peter Lo 2006 39

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information