Risk Management
Risk Management
Risk Management
Risk management
● Risk management is concerned with
identifying risks and drawing up plans to
minimise their effect on a project.
● A risk is a probability that some adverse
circumstance will occur
• Project risks affect schedule or resources;
• Product risks affect the quality or performance of
the software being developed;
• Business risks affect the organisation developing
or procuring the software.
Risk Management
● Manage current risks, plan and execute risk
management strategies, and capture
knowledge for the enterprise
Control
Control Identify
Identify
Learn
Learn
Track
Track
Analyze
Analyze
Plan
Plan
Software risks
Risk Affects Description
Staff turnover Project Experienced staff will leave the project before it is finished.
Management change Project There will be a change of organisational management with
different priorities.
Hardware unavailability Project Hardware that is essential for the project will not be
delivered on schedule.
Requirements change Project and There will be a larger number of changes to the
product requirements than anticipated.
Specification delays Project and Specifications of essential interfaces are not available on
product schedule
Size underestimate Project and The size of the system has been underestimated.
product
CASE tool under- Product CASE tools which support the project do not perform as
performance anticipated
Technology change Business The underlying technology on which the system is built is
superseded by new technology.
Product competition Business A competitive product is marketed before the system is
completed.
The risk management process
● Risk identification
• Identify project, product and business risks;
● Risk analysis
• Assess the likelihood and consequences of these
risks;
● Risk planning
• Draw up plans to avoid or minimise the effects of
the risk;
● Risk monitoring
• Monitor the risks throughout the project;
The risk management process
Risk Risk
Risk analysis Risk planning
identification monitoring
Risk avoidance
List of potential Prioritised risk Risk
and contingency
risks list assessment
plans
Risk identification
● Technology risks.
● People risks.
● Organisational risks.
● Requirements risks.
● Estimation risks.
Risks and risk types
Risk type Possible risks
Technology The database used in the system cannot process as many transactions per second
as expected.
Software components that should be reused contain defects that limit their
functionality.
People It is impossible to recruit staff with the skills required.
Key staff are ill and unavailable at critical times.
Required training for staff is not available.
Organisational The organisation is restructured so that different management are responsible for
the project.
Organisational financial problems force reductions in the project budget.
Tools The code generated by CASE tools is inefficient.
CASE tools cannot be integrated.
Requirements Changes to requirements that require major design rework are proposed.
Customers fail to understand the impact of requirements changes.
Estimation The time required to develop the software is underestimated.
The rate of defect repair is underestimated.
The size of the software is underestimated.
Risk analysis
● Assess probability and seriousness of each
risk.
● Probability may be very low, low, moderate,
high or very high.
● Risk effects might be catastrophic, serious,
tolerable or insignificant.
Risk analysis (i)
Risk Strategy
Organisational Prepare a briefing document for senior management
financial problems showing how the project is making a very important
contribution to the goals of the business.
Recruitment Alert customer of potential difficulties and the
problems possibility of delays, investigate buying-in
components.
Staff illness Reorganise team so that there is more overlap of work
and people therefore understand each other’s jobs.
Defective Replace potentially defective components with bought-
components in components of known reliability.
Risk management strategies (ii)
Risk Strategy
Requirements Derive traceability information to assess requirements
changes change impact, maximise information hiding in the
design.
Organisational Prepare a briefing document for senior management
restructuring showing how the project is making a very important
contribution to the goals of the business.
Database Investigate the possibility of buying a higher-
performance performance database.
Underestimated Investigate buying in components, investigate use of a
development time program generator
Risk monitoring
● Assess each identified risks regularly to decide
whether or not it is becoming less or more
probable.
● Also assess whether the effects of the risk
have changed.
● Each key risk should be discussed at
management progress meetings.
Risk indicators