Risk Management (3C05/D22) Unit 3: Risk Management. What is risk?

Similar documents
Unit 15: Risk Management

Risk. Risk Categories. Project Risk (aka Development Risk) Technical Risk Business Risk. Lecture 5, Part 1: Risk

SOFTWARE RISK MANAGEMENT

Introduction to Software Engineering. 9. Project Management

Appendix V Risk Management Plan Template

ISO, CMMI and PMBOK Risk Management: a Comparative Analysis

Evaluation and Integration of Risk Management in CMMI and ISO/IEC 15504

An Approach to Proactive Risk Classification

Contents. Today Project Management. Project Management. Last Time - Software Development Processes. What is Project Management?

Identification and Assessment of Software Project s Risk

TECH. Tracking Progress. Project Schedule PHASE 1 STEP 1 ACTIVITY 1.1. Activity and Milestone STEP 1 STEP 2 : ACTIVITY 2.2 : ACTIVITY 1.

Lifecycle Models: Waterfall / Spiral / EVO

PROJECT RISK MANAGEMENT

RISK MANAGEMENT STRATEGY

PROCESS FOR RISK ASSESSMENT

Shepway District Council Risk Management Policy

Design Reviews. Introduction

Software Quality Assurance: II Software Life Cycle

Software Risk Management: Principles and Practices

SERUM - Software Engineering Risk: Understanding and Management

Software Engineering. Dilbert on Project Planning. Overview CS / COE Reading: chapter 3 in textbook Requirements documents due 9/20

REVIEW OF RISK MANAGEMENT METHODS

Software Engineering. Objectives. Designing, building and maintaining large software systems

Advancements in the V-Model

Software Risk Management

Specialists in Strategic, Enterprise and Project Risk Management. PROJECT RISK MANAGEMENT METHODS Dr Stephen Grey, Associate Director

Cost Estimation Strategies COST ESTIMATION GUIDELINES

Outline. The Spiral Model of Software Development and Enhancement. A Risk-Driven Approach. Software Process Model. Code & Fix

RETTEW Associates, Inc. RISK MANAGEMENT PLAN. for. (client project/rfp number) (date of proposal submission)

Module 4. Risk assessment for your AML/CTF program

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Software Development Process Selection Approaches

Risk Management. 1 The Risk Management Practice

When Finances Go Wrong - Debt

Risk Management for IT and Software Projects

PROJECT RISK MANAGEMENT

TenStep Project Management Process Summary

Software Risk Management

Lowering business costs: Mitigating risk in the software delivery lifecycle

Motivations. spm adolfo villafiorita - introduction to software project management

Risk Management Framework

Project Risk Management

Introduction to the ITS Project Management Methodology

TDWI strives to provide course books that are content-rich and that serve as useful reference documents after a class has ended.

ICS 121 Lecture Notes Spring Quarter 96

Project Planning and Control. Main issues: How to plan a project? How to control it?

Risk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

A To Do List to Improve Supply Chain Risk Management Capabilities

MISTAKE #1: Too Much Detail

Software Engineering. Reading. Effort estimation CS / COE Finish chapter 3 Start chapter 5

Software Project Management Plan (SPMP)

A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000

Génie Logiciel et Gestion de Projets. Project Management

Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge

PROJECT MANAGEMENT PLAN TEMPLATE < PROJECT NAME >

Project Risk Management. Presented by Stephen Smith

Introduction to Software Engineering

Project management. Organising, planning and scheduling software projects. Ian Sommerville 2000 Software Engineering, 6th edition.

Risk Management. A guide to help you manage events or circumstances that have a negative effect on your business

Know Your Enemy: Software Risk Management 1

Balancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs

Opinion of the European Banking Authority on Good Practices for the Treatment of Borrowers in Mortgage Payment Difficulties

DRAFT RESEARCH SUPPORT BUILDING AND INFRASTRUCTURE MODERNIZATION RISK MANAGEMENT PLAN. April 2009 SLAC I

PHASE 3: PLANNING PHASE

Risk Management guide

Project Management. Software Projects vs. Engineering Projects

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

A Risk Management Standard

SAMPLE MATERIAL. Pathways Plus. Strategic Management and Leadership. Level 7. Unit 7022 Strategic Risk Management

Software Quality Assurance in Agile, XP, Waterfall and Spiral A Comparative Study

Project Management. Massimo Felici Room 1402, JCMB, KB

RiskManagement ESIEE 06/03/2012. Aloysius John March 2012

1. Background and business case

User experience prototype requirements PROJECT MANAGEMENT PLAN

Risk Management Plan template <TEMPLATE> RISK MANAGEMENT PLAN FOR THE <PROJECT-NAME> PROJECT

Managing Successful Software Development Projects Mike Thibado 12/28/05

A guide for members APES 325 Risk Management for Firms

Project Assessment Framework Establish service capability

A Case study based Software Engineering Education using Open Source Tools

Problems that haven t happened yet Why is it hard? Some are wary of bearing bad news. Define a strategy early in your project

Walk around and identify the area to be assessed and look at what could reasonably be expected to cause harm.

Project management. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 5 Slide 1

Analyzing the Security Significance of System Requirements

Global framework. Safety, health and security for work-related international travel and assignments

Transcription:

Risk Management (3C05/D22) Unit 3: Risk Management Objectives To explain the concept of risk & to develop its role within the software development process To introduce the use of risk management as a means of identifying & controlling risk in software development What is risk? It is not just a game! 1

Definitions of risk The possibility of suffering harm or loss; danger The possibility of loss or injury Chance of danger, injury, loss A measure of the probability & severity of adverse effects Probability/ uncertainty Something bad happening Risks in the everyday world Financial risks - your house is at risk if you fail to repay your mortgage or any loans secured on it Health risks - the chance that a person will encounter a specified adverse health outcome (like die or become disabled) Environmental & ecological risks - the likelihood of extinction due to exposure of terrestrial wildlife to contaminants X Security risks - there is a significant risk that widespread insertion of government-access key recovery systems into the information infrastructure will exacerbate, not alleviate, the potential for crime and information terrorism More examples? How is risk dealt with? Basic process: identify the risk -> analyse its implications -> determine treatment methods -> monitor performance of treatment methods Techniques & heuristics for the identification, analysis, treatment & monitoring of risk Insurance companies depend on understanding risk Risk management is a project management tool to assess & mitigate events that might adversely impact a project, thereby increasing the likelihood of success 2

Why is the software world interested in risk? Many post-mortems of software project disasters indicate that problems would have been avoided (or strongly reduced) if there had been an explicit early concern with identifying & resolving high-risk elements! An obvious cost factor! Browse the forum on Risks To The Public In Computers & Related Systems http://catless.ncl.ac.uk/risks Successful project managers are good risk managers! Sources of software risk (systems context) Hardware People Technology SYSTEM Cost Software Schedule Reproduced from [Higuera 1996] Software Risk Management, Technical Report CMU/SEI-96-TR-012, ESC-TR-96-012, June 1996 Why is it often forgotten? Optimistic enthusiasm at the start of projects Software process can lead to over-commitment & binding requirements much too early on Premature coding The add-on syndrome Warning signals are missed Legal implications Poor software risk management by project managers 3

Software risk management Objectives To identify, address & eliminate risk items before they become either threats to successful software operation or major sources of software rework Necessary that some form of measurement is undertaken to determine & classify the range of risks a software development project faces, & to identify areas where a significant exposure exists The discipline attempts to provide a set of principles & practices to achieve the above A response to change & uncertainty The need to manage risk Risk Methods, tools & processes Expert knowledge, judgement & experience Individual knowledge, judgement & experience System complexity Reproduced from [Higuera 1996] The questions What can go wrong? What is the likelihood it will go wrong? What are the consequences? What can be done? What options are available? 4

Risk management Software risk management steps & techniques [Boehm 1991] Risk assessment Risk control Checklists Risk identification Decision-driver analysis Assumption analysis Decomposition Performance models Cost models Risk analysis Network analysis Decision analysis Quality-factor analysis Risk exposure Risk prioritisation Risk leverage Compound-risk reduction Buying information Risk avoidance Risk transfer Risk-management planning Risk reduction Risk-element planning Risk-plan integration Risk resolution Risk monitoring Prototypes Simulations Benchmarks Analyses Staffing Milestone tracking Top 10 tracking Risk reassessment Corrective action Risk assessment Risk identification - listing project-specific risk items that are likely to compromise a project s success Risk analysis - assessing the loss probability & loss magnitude for each identified risk item, & assessing compound risks Risk prioritisation - ordering & ranking the risk items identified & analysed Risk control Risk-management planning - doing the ground work so as to be in a position to address each risk item Risk resolution - producing a situation in which risk items are eliminated or resolved Risk monitoring - tracking the project s progress towards resolving risk items & taking corrective action where required 5

Top 10 risks in software project mgmt 1. Personnel shortfalls [Boehm 1991] 2. Unrealistic schedules & budgets 3. Developing the wrong functions & properties 4. Developing the wrong user interface 5. Gold-plating 6. Continuing stream of requirements changes 7. Shortfalls in externally furnished components 8. Shortfalls in externally performed tasks 9. Real-time performance shortfalls 10. Straining computer-science capabilities Determine a risk-management technique to deal with each of these! E.g. project sizing matrix Always a question of balance - full risk analysis may not improve risk probability estimation significantly! [Used@QuinetQ] E.g. prioritisation scheme Risk-exposure quantity is an effective technique for risk prioritisation Assess risk probabilities & losses on a scale 0-10 Multiply probability by loss to determine exposure Unsatisfactory outcome Software error loses key data Probability of unsatisfactory outcome 3-5 Loss caused by unsatisfactory outcome 8 Risk exposure 24-40 Processor memory insufficient 1 7 7 Relies on accurate estimates of the probability & loss associated with an unsatisfactory outcome 6

E.g. risk management plan The Risk Management Plan (RMP) presents the process for implementing proactive risk management as part of overall project management The RMP describes techniques for identifying, analysing, prioritising & tracking risks; developing risk-handling methods; & planning for adequate resources to handle each risk, should they occur The RMP also assigns specific risk management responsibilities & describes the documenting, monitoring & reporting processes to be followed E.g. PMP summarised as a risk register [Used @ QuinetQ] Ways of dealing with risks Elimination: where exposure to risk is terminated Retention: where the risk is made tolerable, perhaps after some modification Avoidance: where the risk is negated in some way, possibly by redesign of work methods Transfer: where the risk is passed to a third party, either contractually or via insurance Need to balance acceptable risks 7

Implement &. track An on-going process of measuring the effect that implementation of a risk management programme has had & its ability to continue Focus on the high-risk, high-leverage critical success factors Rank a project s most significant risk items (prepare) Establish a regular schedule for review of progress (meet) Summarise progress on top risk items (discuss) Focus on handling any problems in resolving the risk items (act) Putting risk management into practice Insert risk management principles & practices into your software development process, so they are risk-oriented & risk-driven - do this gradually & incrementally Start with a top 10 risk-item tracking process - lightweight, cheap & good returns! Develop a WWWWWHHM RMP template to populate Not a prescription - relies on good human judgement! A focus on CSFs can help you win work! The BIGGEST risk? Not knowing what the risks are! 8

Key points The enemy of the software manger is risk Software projects must manage risks to minimise their consequences Time spent identifying, analysing & managing risk pays off! You can use the 6 stage conceptual framework with its associated techniques as a solid starting point If nothing else, be risk aware Core references B. W. Boehm, "Software Risk Management: Principle and Practices," IEEE Software, Vol. 8, No. 1, January 1991, pp. 32-41 Roger Pressman, Software Engineering: A Practitioner s Approach, McGraw-Hill, 5th edition, ISBN: 0-07-709677-0 (Chapter 6) Contains pointers to lots more refs You are strongly advised to read one of these! Ian Sommerville, Software Engineering, Addison-Wesley, 6th Edition, ISBN: 0-201-39815-X (Chapter 4.4) Supplementary references P. G. Neumann, Computer Related Risks, ACM Press, 1995 J. Adams, Risk, UCL Press, 1995 LOTS of general risk info on the web! B. W. Boehm, Software Risk Management, CS Press, 1989 Tom Gilb, Principles of Software Engineering Management, Addison- Wesley, 1998, ISBN: 0-201-19246-2 (Chapter 6) IEEE Software - Special issues on Risk - May 1994 & May/June 1997 9