An Approach to Proactive Risk Classification

Similar documents
Reflective Summary Project Risk Management. Anthony Bowen. Northcentral University

Project Scope Management in PMBOK made easy

IT Project Management Methodology. Project Risk Management Guide. Version 0.3

PROJECT RISK MANAGEMENT

ISO, CMMI and PMBOK Risk Management: a Comparative Analysis

Project Risk Management

Risk Management (3C05/D22) Unit 3: Risk Management. What is risk?

RiskManagement ESIEE 06/03/2012. Aloysius John March 2012

STARTING A PROJECT. Sergey V. Nesterov MD, PhD, PMP

The 10 Knowledge Areas & ITTOs

Program Management Professional (PgMP) Examination Content Outline

Project Management. [Student s Name] [Name of Institution]

Software Risk Management Practice: Evidence From Thai Software Firms

Introduction to the ITS Project Management Methodology

Crosswalk Between Current and New PMP Task Classifications

Project Zeus. Risk Management Plan

Best Practices Statement Project Management. Best Practices for Managing State Information Technology Projects

Guidelines for a risk management methodology for product design

Incorporating Risk Assessment into Project Forecasting

A Risk Management Standard

Unit 15: Risk Management

Project Management Office Charter

Project Management Professional (PMP) Examination Content Outline

SOFTWARE RISK MANAGEMENT

Managing IT Projects. Chapter 2 The PMI Framework

URGENCY: A CRITICAL FACTOR IN PROJECT PLANNING

Project Integration Management

PMP Examination Tasks Puzzle game

IT Project Management Methodology. Project Scope Management Support Guide

PROJECT RISK MANAGEMENT

ITS Project Management Methodology

Project Risk Management Single Subject Certificate Syllabus Levels 1&2 4 th Edition

TenStep Project Management Process Summary

SCOPE MANAGEMENT PLAN <PROJECT NAME>

Develop Project Charter. Develop Project Management Plan

Strategic Risk Management for School Board Trustees

Project Management Practices: The Criteria for Success or Failure

Project Management Body of Knowledge (PMBOK) (An Overview of the Knowledge Areas)

Information Technology Project Oversight Framework

Project Management: Back to Basics

BAL2-1 Professional Skills for the Business Analyst

MNLARS Project Audit Checklist

Project Risk Management in Oman: A Survey of Risk Practices in the Construction Industry

RETTEW Associates, Inc. RISK MANAGEMENT PLAN. for. (client project/rfp number) (date of proposal submission)

A DIFFERENT KIND OF PROJECT MANAGEMENT: AVOID SURPRISES

Quick Reference Guide Interactive PDF Project Management Processes for a Project

Project Management Guidebook

Project Management Summary of Best Practices

9 TH INTERNATIONAL ASECU CONFERENCE ON SYSTEMIC ECONOMIC CRISIS: CURRENT ISSUES AND PERSPECTIVES

A DIFFERENT KIND OF PROJECT MANAGEMENT

Integration Mgmt / Initiating Process Group 4.1 Develop Project Charter

Requirements engineering

CDC UNIFIED PROCESS PRACTICES GUIDE

IMCPM04 Project Scheduling and Cost Control. Course Outline

Information Technology Project Management

Project Management Process

CPM -100: Principles of Project Management

1.20 Appendix A Generic Risk Management Process and Tasks

Planning of Project Work (IS PM 6. Lecture, 2011 Spring)

Palisade Risk Conference, 2014

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

Project Risk Management in Automotive Industry. A Case Study

PMP Project Management Professional Study Guide, Third Edition

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

Project Management. James M. Conrad

How to Develop Work Breakdown Structures

IT Governance Issues in Korean Government Integrated Data Center 1

Integrated Risk Management As A Framework For Organisational Success. Abstract

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

Presenters Sue Ann Lipinski, Cindy Smith, Angela Riley

Project Risk Management. Presented by Stephen Smith

THE PROJECT MANAGEMENT PROCESS FROM A QUALITY MANAGEMENT PROFESSIONAL S PERSPECTIVE:

Benefits Realization from IS & IT, and Change Management of roles and the working practices of individuals and teams.

TIME MANAGEMENT TOOLS AND TECHNIQUES FOR PROJECT MANAGEMENT. Hazar Hamad Hussain *

Methodical Notes for part-time BMCF TM study course M_SM / PROJECT MANAGEMENT

White Paper. PPP Governance

PMP Exam Preparation Answer Key

PMI Risk Management Professional (PMI-RMP) Exam Content Outline

The Way of Establishment of the Organization s Project Management Process 1

Project Risk Management Basics: Cost and Schedule Impacts

Performance Evaluation of Requirements Engineering Methodology for Automated Detection of Non Functional Requirements

Management Science Letters

Implementing Measurement and Risk Management in CMMI

Project Management Professional (PMP) Examination Content Outline

PROJECT MANAGEMENT METHODOLOGY SECTION 3 -- PLANNING PHASE

1. What is PRINCE2? Projects In a Controlled Environment. Structured project management method. Generic based on proven principles

PROJECT MANAGEMENT PLAN TEMPLATE < PROJECT NAME >

Frequently Asked Questions in Identifying and Assessing Prospective Risks

A SUGGESTED HARMONIZATION OF DMAIC WITH PMBOK PROJECT LIFE CYCLES FOR PHARMACEUTICAL LEAN SIX SIGMA PROJECTS

Partnering for Project Success: Project Manager and Business Analyst Collaboration

Risk Knowledge Capture in the Riskit Method

SOFTWARE PROJECT MANAGEMENT

A methodology for knowledge based project management (Work in progress)

D6.1: Service management tools implementation and maturity baseline assessment framework

Project Management Fundamentals. Office of the Senior Associate Vice President for Finance

Transcription:

An Approach to Proactive Risk Classification M.S. Rojabanu 1, Dr. K. Alagarsamy 2 1 Research Scholar, Madurai Kamaraj Universtiy, Madurai,India. 2 Associate Professor, Computer Centre, Madurai Kamaraj University, Madurai. Abstract A narrow approach to risk analysis and understanding the scope of a software project has contributed to significant software failures. Using expanded risk analysis with enlarged the project scope considered by software developers. This paper proposes a new model for the proactive risk management based on using the apriori algorithm for generating association rules. The Model is discussed, the possibilities of building such model and the outcome is also discussed. Keywords: Proactive risk Management, Classification, Apriori Algorithm. 1. Introduction Software forms the nuts and bolts of the day to day modern life. Software development and implementation pictures various threats. They are the risks involved in creating expected quality software with in the given time and the anticipated budget. The risks cannot be just simple details in the project, but they should be the core of the business [1]. To do take success over the risk we need discipline more than good processes and intuitive think ability, this discipline is called risk management. Software Risk Management is a proactive approach for minimizing the uncertainty and potential loss associated with a project. This process of Software Risk management is categorized as risk identification, risk quantification, risk response development and risk response control [2]. Risk need not to be the same for all the software projects unlike other projects can be anticipated with the common type of risk, because of this project risk management techniques that rely on the definition of risk are likely to be of limited benefit in the software pitch. This could be a further reason why many of the techniques found in the research literature are not used in practice [3]. [4] defines risk as In the context of software engineering and development, risk can be defined as the possibility of suffering a diminished level of success within a softwaredependent development program. This prospect of loss is such that the application of the selected theories, principles or techniques may fail to yield the right software product. This says that risk should be viewed only as the negative threat. But [5] says that risk can be viewed as both the threat as well as the opportunity. Some methodologies like Agile have the specific intent for making opportunity from the threats. 2. Project Risk Management There are many risks involved in creating high quality software on time and within budget. However, in order for it to be worthwhile to take these risks, they must be compensated for by a perceived reward. The greater the risk, the greater the reward must be to make it worthwhile to take a chance. In software development, the possibility of reward is high, but so is the potential for disaster. In order to successfully manage a software project and reap our rewards, we must learn to identify, analyze, and control these risks[16]. Risk assessment method is one of the most important element in software project management, These methods consider numerous aspects while assessing and estimating the risks. It involves risk identification, risk analysis, and risk prioritization. 2.1 Risk Identification Risk identification produces lists of the project -specific risk items likely to compromise 2038

a project s success. Typical risk-identification techniques include checklists, examination of decision drivers, comparison with experience (assumption analysis) and decomposition. Once identified, the risk can be communicated within the project and then analyzed and coped with by undertaking appropriate actions [8]. 2.2 Risk Analysis Risk analysis assesses the loss probability and loss magnitude for each identified risk item, and it assesses compound risks in risk-item interactions.. Risk analysis has also been shown to be important in the software design phase to evaluate criticality of the system, where risks are analyzed and necessary countermeasures are introduced [9]. The purpose of risk analysis is to understand risk better and to verify and correct attributes. A successful analysis includes essential elements like problem definition, problem formulation, data collection [10]. Typical techniques include performance models, cost models, network analysis, statistical decision analysis and quality-factor (like reliability, availability, and security) analysis. 2.3 Risk Prioritization Risk prioritization produces a ranked ordering of the risk items identified and analyzed. Typical techniques include risk-exposure analysis, riskreduction leverage analysis ( particularly involving cost-benefit analysis). and Delphi or group-consensus techniques. 2.4 Risk Planning/Mitigation The second process of risk management, involves prioritizing, evaluating, and implementing the appropriate risk-reducing controls recommended from the risk assessment process. Because the elimination of all risk is usually impractical or close to impossible, it is the responsibility of senior management and functional and business managers to use the least-cost approach and implement the most appropriate controls to decrease mission risk to an acceptable level, with minimal adverse impact on the organization s resources and mission [11]. 2.5 Risk Monitoring and Controlling In this part of the risk management, continuously monitoring and controlling of the risks according to the risk management plan takes place. It can be also used for identification of new risks. Risk monitoring procedures must be created for the effective monitoring and control. For each risk or risk group, continuous monitoring and records the status are kept [12]. In cases when the status changes, one takes measures as specified in the plan. Finally, updating and recording of the risk status is done [13]. 3. Problem Formulation The repository of the risk could be built by the following methods 1. By interviewing 2. By the historical review of previous like projects 3. By the experts report 4. Analysis of high-level deliverables 5. Analysis of the WBS and project schedule 6. Analysis of scope change requests 7. Analysis of project assumptions 8. Project team input (which can take the form of interviews, brainstorming sessions, and/or Delphi technique) 9. Stakeholder and sponsor input 10. Formal risk identification sessions 11. Previous lessons learned 12. SQA audits and reviews 13. Performance and status reports 14. Diagramming techniques such as cause and effect diagrams, process or system flows, and influence diagrams. But all the above methods lacks in the prediction of the risk and to provide a warning and initiate a proactive activity in order to avoid the risk and there by the loss prevention. Hence the problem to be addressed is not to manage the risk after it is commended rather to prevent the risk. The prevention of the risk could be done by the proactive management. The proactive risk management can be done if 1. The frequent risk could be identified 2. The constraints to be found based on which the risk could be expected to be occurred 2039

3. A classification system must be found based on which a new risk could be identified 4. Proposed methodology The proposed methodology adopts the data mining functionalities for the proactive risk management. The risk analysis is done and the risk repository is built based on the analysis. For the proactive risk management the following phases of activities have been done. 1. Find the similar and frequent risk mining is done based on pattern mapping 2. Building the constraint based association rules based on the selection of the liking risk to be managed. 3. Classify the rules and build the classifier for any new risk to be identified Fig 1.: Frame work for the proactive risk management based on the data mining Once the repository is built the process is ready for the proactive risk management. The Proactive risk management starts with the selection of the risk category to be identified. The selected risks are then applied for finding the frequent risk occurrences. The next step in the proposed model is building the constraint based association rule mining. The constraints imposed on the association are based on the project constraints to be addressed. the expected risk based on the classified risks. The risks could be concentrated and the risk management could be done effectively. Apriori algorithm is used for the association rule mining and the rule based classification is adopted for the risk categorization, classifier building. The association phase is followed by the Classification of the rules, the classification enables the risks to be categorized and then the proactive management of the risk can be done. The pro action could be enabled by 2040

5. Experiment details The risk is then added in the risk archive and the repository is built, the selected like risk are then given for the frequent risk mining and the rules are constructed. The Rules are then classified by the precision and accuracy. The classified risks are provided for the documentation of the proactive risk management based on the Risk impact Risk probability Computed by the frequency of the risk occurred Risk priority computed by the risk register spreadsheet after impact and probability are entered The risk impact is measured based on 1. Project cost 2. Project duration 3. Project resource usage The various types of risks under study is a) Project size b) Excessive constraints c) Lack of experience d) Staff lags The experiment is carried out from a firm which operates on multiple projects varying in technology, project size. The expected time duration and the cost associated for five jobs are studied and the following table is prepared. Expected Cost associated ( in thousands) Expected Time duration( in man days) 1 536 360 2 251 220 3 190 200 4 176 190 5 152 160 Table 1: Observed cost and time based on the jobs for experiment 6. Results and discussions The variation in the project size affects the project cost by the extension of the project. The project size risks are studied and the avoidance of the project size risks has given the impact on the cost reduction, duration of the project. On an average the project size increase is measured as the 10%, the impact of the size increase in the parameters are tabulated below Cost associated ( in thousands) by keeping duration constant Time duration ( in man days) by keeping cost constant Estimated Existing Proposed Estimated Existing Proposed 1 536 582 567 360 412 406 2 251 294 286 220 294 278 3 190 256 245 200 241 223 4 176 239 228 190 229 214 5 152 197 182 160 196 188 Table 2: Comparison of existing and proposed approaches based on increase in project size by 10% 2041

Percentage of improvement in terms of cost Percentage of improvement in terms of time 1 2.57732 1.456311 2 2.721088 5.442177 3 4.296875 7.46888 4 4.60251 6.550218 5 7.614213 4.081633 Mean 4.3624012 4.9998438 Table 3: Percentage of improvement based on increase in project size by 10% The constraints placed on the project also play an important role. When the constraints are increased the change in the cost and time is listed as below. Here the assumption is not to extend the time so the effect in the counterpart is measured. Cost associated ( in thousands) Constraint = 0 Constraint = 3 Constraint = 6 Estimated Existing Proposed Existing Proposed Existing Proposed 1 536 542 539 563 534 610 592 2 251 265 258 286 275 319 301 3 190 210 201 226 219 274 265 4 176 196 183 212 205 246 234 5 152 176 162 195 184 228 216 Table 4 : Comparison of the cost associated based on various number of Constraints 1 2 3 4 5 Mean Percentage of improvement in Percentage of improvement in Percentage of improvement in terms of cost when constraint = 0 terms of cost when constraint = 3 terms of cost when constraint = 6 0.553505535 5.150976909 2.950819672 2.641509434 3.846153846 5.642633229 4.285714286 3.097345133 3.284671533 6.632653061 3.301886792 4.87804878 7.954545455 5.641025641 5.263157895 4.4135855542 4.2074776642 4.4038662218 Table 5: Percentage of improvement based on the number of constraints placed in the jobs Lack of experience in the job to be done is a measure to be measured as the impact is on the cost. The following tabulation gives a view on the impact of the experience lagging when the project is on. 2042

Cost associated ( in thousands) Lack of experience staff = 5% Lack of experience staff = 10% Lack of experience staff = 15% Estimated Existing Proposed Existing Proposed Existing Proposed 1 536 551 542 589 548 618 597 2 251 272 262 312 285 323 305 3 190 221 212 246 232 282 272 4 176 206 194 230 212 258 242 5 152 184 169 215 202 236 224 Table 6 : Comparison of the cost associated based on lack of experience team members 1 2 3 4 5 Mean Percentage of improvement in Percentage of improvement in Percentage of improvement in terms of cost when lack of terms of cost when lack of terms of cost when lack of experience = 5% experience = 10% experience = 15% 1.633394 6.960951 3.398058 3.676471 8.653846 5.572755 4.072398 5.691057 3.546099 5.825243 7.826087 6.20155 8.152174 6.046512 5.084746 4.671936 7.0356906 4.7606416 Table 7: Percentage of improvement based on the lack of experience The human resource availability is an important area to be concentrated in the risk management. The lag in the human resource availability is analyzed being the duration as constant and the effect on cost is analyzed. Cost associated ( in thousands) Staff lag = 5% staff lag= 10% Staff lag = 15% Estimated Existing Proposed Existing Proposed Existing Proposed 1 536 551 542 589 548 618 597 2 251 272 262 312 285 323 305 3 190 221 212 246 232 282 272 4 176 206 194 230 212 258 242 5 152 184 169 215 202 236 224 Table 8 : Comparison of the cost associated based on Staff lag 2043

1 2 3 4 5 Mean Percentage of improvement in terms of cost when staff lag = 5% Percentage of improvement in terms of cost when staff lag =10% Percentage of improvement in terms of cost when staff lag = 15% 11.35618 14.05715 10.13624 13.19732 15.62093 12.15925 13.55411 12.88411 10.27396 15.1337 14.8563 12.74419 17.23063 13.21246 11.70528 14.094388 14.12619 11.403784 Table 9: Percentage of improvement based on the Staff lag 7. Conclusion Software Risk Management is a proactive approach for the minimization of loss and maximization of the productivity. Identification and controlling the software risks, enables one to make better and more daring decisions when taking on complex challenging projects or when exploring new unknown grounds. This research proposes a new model for the proactive risk management based on the associative classification. The Model is discussed, the possibilities of building such model and the outcome is also discussed. The results demonstrate the positive note to the proposed methodology. A novel approach of using data mining functionalities for the risk management in a proactive mode is demonstrated. The results speak on the efficiency of the proposed model. The novel model uses the frequent set and the rules are then created for finding the probability of the occurrences. This is followed by the rule based classification. The results are ensuring the effectiveness of the proposed approach. The model has been showing a positive response for the projects of various sizes. Around ten projects are taken for the consideration and the model is tested for the generalization. The results are appreciable for all the categories. The various types of risk have been taken in to consideration and the model is tested and the results are analyzed. Reference: [1] Kerzner, H. Project Management: a systems approach to Planning, Scheduling, and Controlling. John Wiley & Sons Inc., USA, 2000. [2] A guide to the project management body of knowledge (PMBOK Guide) Project Management Institute Inc, 2000. [3] Verner, J. M., & Cerpa, N. Australian software development: what software project management practices lead to success?, Brisbane, Qld., Australia, 2005. [4] Gluch, D. P. A Construct for Describing Software Development Risks: Software Engineering Institute, 1994 [5] Hillson, D. Extending the risk process to manage opportunities. International Journal of Project Management, 2002, p235-240. [6] Hu Yong, Chen Juhua, Rong Zhenbang, Mei Liu, Xie Kang, A Neural Networks Approach for Software Risk Analysis, Proceedings of the Sixth IEEE International Conference on Data Mining - Workshops, p.722-725, December 18-22, 2006 2044

[7] Ian Summerville, "Software Engineering", Addison Wesley, 7th Edition, 2007. [8] Jakub MILER, Janusz GORSKI, Risk Identification Patterns For Software Projects, Foundations of Computing and Decision Sciences Vol. 29, No. 1-2, 2004, pp. 115-131 [9] Yudistira Asnar, Paolo Giorgini, "Risk Analysis as part of the Requirements Engineering Process" University of Trento, Department of Information and Communication Technology, 2007 [10] Bryan L. McKinney, David R. Engfer, "Formulating Risk into Research and Engineering Projects", Crystal Ball User Conference, 2004 [11] Abdullah Al Murad Chowdhury and Shamsul Arefeen, Software Risk Management: Importance and Practices, IJCIT, VOLUME 02, ISSUE 01. [12] Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBoK), 3rd Ed. ANSI/PMI 99-001-2004, PMI, Newton Square, PA, 2004. [13] IEEE 1540, IEEE 1540 Standard for Lifecycle Processes-Risk Management. IEEE, New York, NY, 2001. [14] CIO Insight, Ziff Davis Media, September 2001, Number 05 [15] Smith, P. and R. Pichler (2005). Agile Risks/Agile Rewards. Software Development, 13(4), 50-53 [16] Software risk Management, Linda Westfall, The Westfall Team, 2001. 2045

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information