2 Qualität & Informatik Dr. E. Wallmüller Agenda Trend and examples Best practices Methodical considerations Tools Hints for implementation
3 Qualität & Informatik Dr. E. Wallmüller Challenges: New Business Models e.g. eBay, Amazon, … Global Processes and Systems e.g. NOKIA New Information Needs e.g. Transparency in Value Generation But mindset: " The Titanic is unsinkable." Capt. E. J. Smith Too little attitude: "First count, then risk." von Moltke Living with Risks...
4 Qualität & Informatik Dr. E. Wallmüller CH Study: IT Costs and Performance 2002 (Ploner)
5 Qualität & Informatik Dr. E. Wallmüller What are the Reasons? CH Study: IT Costs and Performance 2002 (Ploner)
6 Qualität & Informatik Dr. E. Wallmüller Trend TronTraG Law in Germany -- Risk management system / indicator control system -- Failure of projects are operational risks Maturity Models with risk management process areas -- CMMI -- SPICE Certification based onBS7799-2 (Information Security System) Conferences on risk management
7 Qualität & Informatik Dr. E. Wallmüller 08/23/99 11 Project Management Shared Experiences Workshop, CECockrell
8 Qualität & Informatik Dr. E. Wallmüller 08/23/99 Risk Spider Chart (Essential Program Elements) Consequence of Resource Limits Risk Management Approach Communication Requirement Definition Information Transfer Controlled Process Planning Level of Technology Readiness Experience Level of Team Design to Cost Visibility of Project Activities Extensive, Peer & Independent Reviews Limited Reviews, Project Internal Proven Team OJT TRL 5-6 TRL 1-3 Existing Extensive, Up-Front Reactive Clear, Fixed, Parent-Child Developed as Needed, Free Float Dynamic, Interactive Team Operation Cohesive, Authority Widely Dispersed, Controlled Performance is a Tradable Resource Result of Technical/ Schedule Activity Lowest Risk
9 Qualität & Informatik Dr. E. Wallmüller Risk Communication Requirements Planning TRL Experience Cost Visibility Team Risk Communication Requirements Planning TRL Experience Cost Visibility Team Risk Communication Requirements Planning TRL Experience Cost Visibility Team Risk Communication Requirements Planning TRL Experience Cost Visibility Team Low Risk ProfileHigh Risk Profile Low Risk/Single Weakness High Risk/Multiple Strengths & Weaknesses
10 Qualität & Informatik Dr. E. Wallmüller Began CRM Training Program in 1997 42 Certified CRM Instructors NASA-wide 2316 students trained NPG 8000.4 Approved April 2002 NPG 7120.5 B reviewed, updated and pending release Updated existing training products to be consistent with NIAT and NPGs CRM Training
11 Qualität & Informatik Dr. E. Wallmüller How has Risk Management been lived by Management? Washington: -Nasa boss Sean O'Keefe will renew the culture of the agency. -The final report says: Missing risk awareness and lacking moral courage of employees Nasa took consequences from the Columbia Disaster : Manager fired! 7 crew members died on February, 1st 2003
12 Qualität & Informatik Dr. E. Wallmüller Critical Success Project Factors Project wins.. Vision, Contract ExecutiveSponsor Team work, Cooperation Priorities,Decision Goal and RiskControlling Respon-sibilities,ProjectOrganisation
13 Qualität & Informatik Dr. E. Wallmüller oBetter understanding and careful dealing with risks and issues oAsking assumptions and restrictions on which project planning is based oBetter control of the project oBases for quality management and assurance What we want to achieve... - Definition: Risk is the possibility of suffering loss. - Risk in itself is not bad; - risk is essential to progress; - failure is often a key part of learning.
14 Qualität & Informatik Dr. E. Wallmüller Examples of Known Processes Barry Boehm (1989) Kontio (1997) CRM and TRM of SEI PMI...
15 Qualität & Informatik Dr. E. Wallmüller Continuous Risk Management (CRM) Principles: - Global perspective - Forward-looking view - Open communications - Integrated management - Continuous process - Shared product vision - Teamwork
16 Qualität & Informatik Dr. E. Wallmüller Continuous Risk Management… (SEI, www.sei.cmu.edu/programs/sepm/risk/) FunctionDescription IdentifySearch for and locate risks before they become problems. TrackMonitor risk indicators and mitigation actions. AnalyzeTransform risk data into decision-making information. Evaluate impact, probability, and timeframe, classify risks, and prioritize risks. PlanTranslate riks information into decisions and mitigating actions (both present and future) and implement those actions. ControlCorrect for deviations from the risk mitigation plans. CommunicateProvide information and feedback internal and external to the project on the risk activities, current risks, and emerging risks. Note: Communication happens throughout all the functions of risk management.
17 Qualität & Informatik Dr. E. Wallmüller Candidates for Project Risk Management Project Risk Manager as a Central Function IT Controller Internal Audit function Project Office Project Manager as a Risk Manager External Project Risk Manager
18 Qualität & Informatik Dr. E. Wallmüller Risk Identification Identification of non-fictional and manageable risks with impact to: Costs Schedule Scope Technical Performance Contract Expectations of Client Procedure: - Workshop with brainstorming - Workshop with questionnaire and checklist
22 Qualität & Informatik Dr. E. Wallmüller Top Software Risks I Personnel Shortfall staffing with appropriate personnel, job matching, team building, securing key personnel agreements, cross-training, rescheduling key people, subcontracting Unrealistic schedule and budget detailed multi-source cost and schedule estimation, designing to cost, incremental development, software reuse, requirement scrubbing, renegotiation with client Developing the wrong software functions organisation analysis, mission analysis, ops-concept formulation, user surveys, prototyping, early user manual development, development of and agreement to acceptance criteria Developing the wrong user interface prototyping, operational scenarios, task analysis,user characterisation (functionality, style, workload) W.B. Boehm
23 Qualität & Informatik Dr. E. Wallmüller Top Software Risks II Gold Plating requirement scrubbing, prototyping, cost benefit analysis, designing to cost Continuing stream of requirement changes high change threshold, information hiding, incremental development, deferral of changes to later increment, tight change control, agreement to acceptance criteria Shortfalls in externally furnished components (Procured software) benchmarking, inspection, reference checking, compatibility analysis Shortfalls in externally performed tasks (Subcontractors) reference checking, preaward audits, award-fee contracts, competitive design or prototyping, team building Straining Computer Science Capabilities technical analysis, cost-benefit analysis, prototyping, reference checking, performance analysis, sizing analysis W.B. Boehm
24 Qualität & Informatik Dr. E. Wallmüller A Good Risk Statement … For example: The commercial off-the-shelf (COTS) high-speed data link selected by the project team was never envisioned by the vendor to be used in a hardened environment; it may not perform as needed, causing rework and integration slips.
25 Qualität & Informatik Dr. E. Wallmüller How to describe Risks?
26 Qualität & Informatik Dr. E. Wallmüller Possible Risk Strategies Can I avoid the risk? Can I reduce the risk impact or Can I reduce the risk probability? Can I limit the risk? (Contingency)? Can I transfer the risk? Can I accept the risk ? Risk Reduction Staircase
27 Qualität & Informatik Dr. E. Wallmüller Reporting with Risk Information... Specific Risks Actions Reporting Date Development Costs in CHF Cost Trend 01.01.0002.07.0031.12.0001.07.0131.12.01 Project Information Project Status Project: xxxxxxxManager:yyy.zzzz Goals:..... Reporting Date: dd-mm-jj Time Costs Quality Significance Likelihood 3 4 2 1 6 5 7 Risk Mapping Milestone Trend 01.01.98 02.07.98 31.12.98 01.07.99 30.12.99 01.01.9802.07.9831.12.9801.07.9930.12.99 Reporting Date Q3 Q4 Q5 Q6
28 Qualität & Informatik Dr. E. Wallmüller Example Monthly Status Report
29 Qualität & Informatik Dr. E. Wallmüller Costs & Benefit –0.25 % of Project Costs –Start with risk workshop –1 or 2 days per month –Reduction of Deviations –High Transparency –Reduction of Rework –Avoidance of Disasters –Reduction of Deviations –High Transparency –Reduction of Rework –Avoidance of Disasters
30 Qualität & Informatik Dr. E. Wallmüller Summary Key Elements Start early Iterative Process during Life Cycle Find and look for Chances Responsibility (Process, for each risk) Work Break Down Structure (WBS) as a good source for risk identification Monitor and track risks and measures Involve the whole project team Develop Risk Awareness
31 Qualität & Informatik Dr. E. Wallmüller Questions
Ernest Wallmüller CEO, Senior Consultant Telefon0041 1 748 52 56 Mobile0041 79 402 44 11 email@example.com Qualität & Informatik Haslernstr. 14 CH-8954 Geroldswil Many thanks for your attention!
33 Qualität & Informatik Dr. E. Wallmüller WEB Links for Risk Management Qualität & Informatik - Links/RMwww.itq.ch/links/ Risk Netwww.risknet.de SEI-RM Overviewwww.sei.cmu.edu/programs/sepm/risk/ www.risknet.dewww.dacs.dtic.mil NASA RMsmo.gsfc.nasa.gov Risk Management Resourceswww.processimprovement.com Tool Risk Radarwww.iceincusa.com Tool CARISMA www.sbi-ag.ch
34 Qualität & Informatik Dr. E. Wallmüller Literature Boehm B.: Software Riskmanagement, IEEE, 1989 Charette R. N.: Software Engineering Risk Analysis and Management, McGraw- Hill, 1989 Gaulke M.: Risikomanagement von IT-Projekten, Oldenbourg, 2002 Hall E.: Managing Risk, Addison Wesley, 1998 Kendrick T.: Identifying and Managing Projekt Risk, AMACOM, 2003 Kerzner H.: In Search of Excellence in Project Management, Van Nostrand Reinhold, 1998 Phillips D.: The Software Project Managers Handbook, IEEE, 1998 Schnorrenberg U.: Risikomanagement in Projekten, Vieweg, 1997 SEI: Continuous Risk Management Guidebook, 1996 Tom DeMarco, T. Lister: Bärentango, Hanser, 2003 Wallmüller E.: Ganzheitliches Qualitätsmanagement in der Informationsverarbeitung, Hanser, 2001 Wallmüller E.: Software-Risikomanagement - Leitfaden für die Implementierung, Hanser, erscheint 2004