2 Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks leads to crisis management or firefightingCultivates as dangerous “hero” cultureA very poor management practice (why?)The lure of crisis managementAttention and visibilityAccess to resourcesRewards
3 Objective of Risk Management The objective is to plan and manage the project in such a way that whatever happens, whatever outcomes are achieved, the stakeholders still “win”That is, value is still obtainedExample: Failed system development can provide value in learning early on that a system as designed is not worth pursuing which helps avoid costly commitment to a system that eventually will not be adopted/accepted/used
4 What is a Risk? Risk is the potential of loss Always has two componentsLikelihood of lossSize of lossMust account for both!Risk Exposure = Prob(Loss)* Size(Loss)A probability of occurrence of that event.Impact of the event occurringa quantitative measure of risk
5 What is a Risk? - 2 Project risk Risk of not achieving a defined project goal (schedule, quality, cost, …)The challenge is to manage project risk, not eliminate it (impossible!)Note: Risks change throughout the life of a project
6 Opportunity The flip-side of risk is opportunity The potential for gainOften where there is risk there is opportunityWithout risk there is usually no valueNeed to accept risk as a inherent part of the development process because we seek valueNeed to consider opportunity when considering risk
7 Risk ManagementRisk management is the act or practice of dealing with risk.Risk management is proactive rather than reactive.Risk management is not a separate activityan aspect of sound project management.this implies that, when you make any decision, you account for its risk considerations
8 Successful Risk Management Depends upon:Commitment by stakeholdersStakeholder responsibilityPlanning for risk managementCreation of a risk management planCommitting resources to risk managementTop 10 risk listDetermine a manageable number of risks
9 Resources for Risk Management When looking at the resources to commit to risk management, one needs to consider the project size and the impacts of the risks.Recommendation: about 5% of total project resources on risk management activities.
10 Risk Management Planning Risk management planning is a continuous and ongoing process.Develop a plan for risk identification.Determine the resources available for risks.What is available beyond the ordinary?This is a good time for out of the box thinkingEstablish a methodology for accounting for risk in every decision with significant impact
11 A Simplified Risk Management Process Risk identificationRisk analysis/evaluationRisk planning strategiesRisk monitoring and controlRisk response
12 Risk Identification Proactively identify risks! Tools for identifying risksBrainstormingNominal Group TechniqueEach member identifies their ideasEach member writes their idea on the boardThe group discusses each ideaEach individual ranks each of the ideasThe group then ranks all the ideasEach individual ranks all the ideas againRankings are summarized
14 Possible Risks Creeping user requirements Excessive schedule pressure Low qualityCost overrunsPoor estimatesLow customer satisfactionLong schedulesInadequate planning or managing to planProject member shortfalls
15 Qualitative Risk Analysis Probability and ImpactImpacts a software Project Manager is most likely to face:CostsScheduleQualityProbability is most often determined by expert opinion and historical dataSimple “red-yellow-green” or 1-5 scale assessment
16 Quantitative Risk Analysis Discrete probability distributionsCoin tossContinuous probability distributionsNormal distribution or bell shaped curveRunning simulationsUsing PERT/GANTT charts to study the impact.does not identify risks; helps understand the impactBetting analogies“How much would you be willing to bet on a successful outcome?”
17 Risk Response Planning Who is going to detect when the risk occurs?Who has the responsibility to respond and communicate?What is the response?
18 Risk Strategies Factors impacting the strategy Strategy Impact of the riskProject constraintsTolerancesStrategyAccept or IgnoreProvide reservesContingency plansNatural disaster/backup plans/plan-B’s
19 Risk Strategies Avoidance, eliminate the risk Mitigate, lessen the impact of the riskPerformance impact, provide extra hardware, de-scopeTransfer the riskOffsite backup planningServer farmsOutside management
20 Risk Monitoring and Control Determine who is responsible for monitoringHow are risks monitored?Project tracking, resources, quality, etcCommunicating the status of identified risksReviews and AuditsOnce a risk is identified as occurringCommunicateTake action
21 Risk Response and Evaluation Trigger the defined risk response planIdentify the risk ownerAssign resourcesUnderstand the impactsPERTs, DependenciesCommunicateEvaluate once action is takenIs more action needed?What additional risks are triggered?
22 Common Software Project Risks Requirements:Feature creepDeveloper gold platingQualityLow qualitySqueeze on testing timeOver optimismSchedulesToolsCapabilityRe-use or acquisition
24 Group ExerciseCreate a formal, documented risk management plan for your project.Do the following:Risk identificationDiscuss at least three serious risksRisk analysis/evaluationAssess the risks identified (qualitatively or quantitatively)Risk planning strategiesWhat can you do to manage these risks?Risk monitoring and controlHow will you manage these risks during the remainder of the project?Risk responseWhat will you do if a risk becomes actual (i.e. exposed)?both for the development and the eventual operation of your system.