Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Risk Management

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 18

Risk management

Risk management
● Risk management is concerned with
identifying risks and drawing up plans to
minimise their effect on a project.
● A risk is a probability that some adverse
circumstance will occur
• Project risks affect schedule or resources;
• Product risks affect the quality or performance of
the software being developed;
• Business risks affect the organisation developing
or procuring the software.
Risk Management
● Manage current risks, plan and execute risk
management strategies, and capture
knowledge for the enterprise

Control
Control Identify
Identify

Learn
Learn
Track
Track
Analyze
Analyze

Plan
Plan
Software risks
Risk Affects Description
Staff turnover Project Experienced staff will leave the project before it is finished.
Management change Project There will be a change of organisational management with
different priorities.
Hardware unavailability Project Hardware that is essential for the project will not be
delivered on schedule.
Requirements change Project and There will be a larger number of changes to the
product requirements than anticipated.
Specification delays Project and Specifications of essential interfaces are not available on
product schedule
Size underestimate Project and The size of the system has been underestimated.
product
CASE tool under- Product CASE tools which support the project do not perform as
performance anticipated
Technology change Business The underlying technology on which the system is built is
superseded by new technology.
Product competition Business A competitive product is marketed before the system is
completed.
The risk management process
● Risk identification
• Identify project, product and business risks;
● Risk analysis
• Assess the likelihood and consequences of these
risks;
● Risk planning
• Draw up plans to avoid or minimise the effects of
the risk;
● Risk monitoring
• Monitor the risks throughout the project;
The risk management process

Risk Risk
Risk analysis Risk planning
identification monitoring

Risk avoidance
List of potential Prioritised risk Risk
and contingency
risks list assessment
plans
Risk identification
● Technology risks.
● People risks.
● Organisational risks.
● Requirements risks.
● Estimation risks.
Risks and risk types
Risk type Possible risks
Technology The database used in the system cannot process as many transactions per second
as expected.
Software components that should be reused contain defects that limit their
functionality.
People It is impossible to recruit staff with the skills required.
Key staff are ill and unavailable at critical times.
Required training for staff is not available.
Organisational The organisation is restructured so that different management are responsible for
the project.
Organisational financial problems force reductions in the project budget.
Tools The code generated by CASE tools is inefficient.
CASE tools cannot be integrated.
Requirements Changes to requirements that require major design rework are proposed.
Customers fail to understand the impact of requirements changes.
Estimation The time required to develop the software is underestimated.
The rate of defect repair is underestimated.
The size of the software is underestimated.
Risk analysis
● Assess probability and seriousness of each
risk.
● Probability may be very low, low, moderate,
high or very high.
● Risk effects might be catastrophic, serious,
tolerable or insignificant.
Risk analysis (i)

Risk Probability Effects


Organisational financial problems force reductions in Low Catastrophic
the project budget.
It is impossible to recruit staff with the skills required High Catastrophic
for the project.
Key staff are ill at critical times in the project. Moderate Serious
Software components that should be reused contain Moderate Serious
defects which limit their functionality.
Changes to requirements that require major design Moderate Serious
rework are proposed.
The organisation is restructured so that different High Serious
management are responsible for the project.
Risk analysis (ii)

Risk Probability Effects


The database used in the system cannot process as Moderate Serious
many transactions per second as expected.
The time required to develop the software is High Serious
underestimated.
CASE tools cannot be integrated. High Tolerable
Customers fail to understand the impact of Moderate Tolerable
requirements changes.
Required training for staff is not available. Moderate Tolerable
The rate of defect repair is underestimated. Moderate Tolerable
The size of the software is underestimated. High Tolerable
The code generated by CASE tools is inefficient. Moderate Insignificant
Risk planning
● Consider each risk and develop a strategy to
manage that risk.
● Avoidance strategies
• The probability that the risk will arise is reduced;
● Minimisation strategies
• The impact of the risk on the project or product will
be reduced;
● Contingency plans
• If the risk arises, contingency plans are plans to
deal with that risk;
Risk planning
● Risk Planning
• Identify the approach to handle the risk. It could be one or
more of the following:
• To Eliminate risks
❥ Avoid: Eliminate the causes by changing the scope while still
meeting the user’s needs so that the risk is avoided
❥ Transfer: Transfer the risk ownership to another project, team,
organization or individual to minimize the impact of the risk.
• To Mitigate risks
❥ Mitigate: Determine the mitigation plan to reduce the probability of
occurrence of the risk. Risk mitigation plans are developed and
implemented as needed to proactively reduce risks before they
become problems. Develop alternative courses of action,
workarounds, and fallback positions, with a recommended course
of action for each critical risk.
• To accept the risk and develop contingency plans
❥ Accept: Accept the risk and take no further action. Live with the
consequence if the risk were to occur.
❥ Contingency: Develop a Contingency plans to reduce the impact
if the risk occurs.
Risk management strategies (i)

Risk Strategy
Organisational Prepare a briefing document for senior management
financial problems showing how the project is making a very important
contribution to the goals of the business.
Recruitment Alert customer of potential difficulties and the
problems possibility of delays, investigate buying-in
components.
Staff illness Reorganise team so that there is more overlap of work
and people therefore understand each other’s jobs.
Defective Replace potentially defective components with bought-
components in components of known reliability.
Risk management strategies (ii)

Risk Strategy
Requirements Derive traceability information to assess requirements
changes change impact, maximise information hiding in the
design.
Organisational Prepare a briefing document for senior management
restructuring showing how the project is making a very important
contribution to the goals of the business.
Database Investigate the possibility of buying a higher-
performance performance database.
Underestimated Investigate buying in components, investigate use of a
development time program generator
Risk monitoring
● Assess each identified risks regularly to decide
whether or not it is becoming less or more
probable.
● Also assess whether the effects of the risk
have changed.
● Each key risk should be discussed at
management progress meetings.
Risk indicators

Risk type Potential indicators


Technology Late delivery of hardware or support software, many reported
technology problems
People Poor staff morale, poor relationships amongst team member,
job availability
Organisational Organisational gossip, lack of action by senior management
Tools Reluctance by team members to use tools, complaints about
CASE tools, demands for higher-powered workstations
Requirements Many requirements change requests, customer complaints
Estimation Failure to meet agreed schedule, failure to clear reported
defects
Key points

● Risk management is concerned with


identifying risks which may affect the project
and planning to ensure that these risks do not
develop into major threats.

You might also like