Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Engineering Lecture 6: Risk Analysis & Management.

Published bySherilyn Doyle Modified over 8 years ago

Similar presentations

Presentation on theme: "Software Engineering Lecture 6: Risk Analysis & Management."— Presentation transcript:

1 Software Engineering Lecture 6: Risk Analysis & Management

2 Today’s Topics l Reactive vs. proactive strategies l Types of software risk l Risk identification & projection l Risk mitigation, monitoring, management (RMMM) l Safety risks and hazards

3 Characterizing Risk l Risk concerns the future What can we do today to avoid problems tomorrow? l Risk involves change What aspects of the problem domain and solution are unstable? l Risk involves choice & uncertainty We often make decisions based on incomplete information

4 Quotes l “..risk, like death and taxes, is one of the few certainties of life” [Charette, 1989] l “While it is futile to try to eliminate risk, and questionable to try to minimize it, it is essential that the risks taken be the right risks.” [Drucker, 1975]

5 Reactive vs. Proactive Strategies l Reactive “Indiana Jones school of risk management” Risk management = Crisis management (“fire-fighting mode”)

6 Reactive vs. Proactive [2] l Proactive Identify risks in advance Assess probability, impact Prioritize by importance Explicit risk management plan “Risk is unavoidable”

7 Software Risks l uncertainty : The event that characterizes the risk may or may not happen; P never equals 1.0 l loss : If the risk becomes a reality, unwanted consequences or losses will occur l Important to quantify these for each risk analyzed!

8 Categories of Risk l Project risks l Technical risks l Business risks l Known risks l Predictable risks l Unknown risks

9 Project Risks l Threaten the project plan l Problems with budget, schedule, personnel, resources, customer, requirements

10 Technical Risks l Threaten quality and timeliness of software l “Implementation may become difficult or impossible” l Problems with design, implementation, interfacing, verification, maintenance

11 Technical Risks (2) l Include specification ambiguity, technical uncertainty, technical obsolescence, “leading- edge” technology l “The problem is harder to solve than we thought it would be”

12 Business Risks l No market for product (market risk) l Product no longer fits in the business plan (strategic risk) l Sales force doesn’t know how to sell the product (sales risk) l Loss of management support (management risk) l Loss of budget, people (resource risk)

13 Known Risks l Uncovered during plan evaluation l Examples: Unrealistic delivery date Lack of documented requirements Lack of scope Poor development environment

14 Predictable Risks l Extrapolate from past experience l Examples: Staff turnover Poor customer communication Dilution of staff effort by maintenance

15 Unpredictable Risks l Everything else that can’t be anticipated… l Experience in a particular development domain suggests certain risk factors that can and should be applied globally

16 Risk Identification l Specify threats to the project plan l “Identification is the better part of mitigation” l “If you don’t actively attack the risks, they will attack you” [Gilb, 1988]

17 Risk Subcategories l Generic risks (affect every software project) l Product-specific risks, specific to: the particular technology the specific individuals the particular environment

18 Risk Item Checklist l Product size: What risks are associated with overall size of the software? l Business impact: Risks associated with management or market constraints

19 Risk Checklist [2] l Customer characteristics: risks associated with the sophistication and communication skills of the customers l Process definition: risks associated with the maturity of the development process

20 Risk Checklist [3] l Development environment: risks associated with the quality of development tools l Technology to be built: risks associated with system complexity and ‘newness’ of the solution l Staff size and experience

21 Product Size Risks l Estimate LOC or FP degree of confidence in estimates? # of programs, files, events? % deviation from average size?

22 Size Risks [2] l Size of associated database(s)? l Number of users? l Number of projected requirements changes? l Amount of reused software?

23 Business Impact Risks l Impact on revenue? l Visibility to management? l Reasonableness of deadlines? l Number of customers? l Consistency of customers?

24 Business Risks [2] l Interoperability? l User sophistication? l Documentation required? l Government constraints? l Cost of late delivery, defects?

25 Customer-Related Risks l Customers have different needs and personalities l Customer / supplier relationships vary l Customers are contradictory l “Bad” customers are a significant threat and a substantial risk

26 Generic Customer Risks l Have you worked with them before? l Do they understand what is needed? l Are they willing to write specs? l Are they willing to attend reviews? l Level of technical understanding? l Do they understand the development process?

27 Process Risks l Is there a standard development process which is well-documented? l Do staff follow the process? l Do they have adequate training? l Do you track the process with formal reviews and walkthroughs? l Do you use configuration management?

28 Technology Risks l Is the technology new to you? l New algorithms or I/O? l Interface with new/unproven HW/SW/DB? l Specialized user interface? l New analysis, design, testing methods?

29 Technology Risks (2) l Unconventional development methods? (e.g., AI) l Excessive performance constraints? l Customer uncertain about feasibility?

30 Impact Assessment l Four risk types: Performance Risk, Cost Risk, Support Risk, Schedule Risk l Four impact categories: Negligible, Marginal, Critical, Catastrophic l Characterization of consequences (1) errors, (2) failure to achieve outcome

31 [From SEPA 5/e] Impact Assessment

32 Sample Risk Table [From SEPA 5/e] Assigned using impact assessment table

33 Risk and Management Concern [From SEPA 5/e]

34 Risk Referent Level [From SEPA 5/e]

35 RMMM Risk Mitigation, Monitoring, and Management Mitigation: Reduce probability and/or impact of risks in advance Monitoring: Watch factors that indicate change in risk probability Management: Implement contingency plan(s)

36 RMMM (2) l RMMM adds overhead! l 80/20 rule: 80% of overall risk from 20% of identified factors l RMM Plan for every risk above a certain threshold, create a risk information sheet (RIS) track / update RMMM plan regularly

37 Risk Information Sheet [From SEPA 5/e]

38 Safety Risks and Hazards l Classic case: control systems l Language systems: critical control or instructional scenarios l Mitigation: limit scope of software, increase human role limit scope of human intervention, increase redundant backup systems

39 Questions?

Download ppt "Software Engineering Lecture 6: Risk Analysis & Management."

Similar presentations

Risk Analysis and Management M Taimoor Khan

Risk Analysis and Management M Taimoor Khan
Project Management.

Project Management.
Risk Management Planning for Problems. Characteristics of Risk Risk has two principle characteristics Uncertainty – It may or may not happen Loss – If.

Risk Management Planning for Problems. Characteristics of Risk Risk has two principle characteristics Uncertainty – It may or may not happen Loss – If.
Issue Tracking John D. McGregor Module 10 Session 1 Issue Tracking and Risk.

Issue Tracking John D. McGregor Module 10 Session 1 Issue Tracking and Risk.
Chapter 7: Managing Risk

Chapter 7: Managing Risk
Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.

Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.
Risk Analysis and Management

Risk Analysis and Management
Computer Engineering 203 R Smith Risk Management 7/2009 1 Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks.

Computer Engineering 203 R Smith Risk Management 7/ Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks.
1 These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 5/e and are provided with permission by.

1 These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 5/e and are provided with permission by.
1 Chapter 6 Risk Management. 2 Project Risks What can go wrong? What is the likelihood? What will the damage be? What can we do about it?

1 Chapter 6 Risk Management. 2 Project Risks What can go wrong? What is the likelihood? What will the damage be? What can we do about it?
SE is not like other projects. l The project is intangible. l There is no standardized solution process. l New projects may have little or no relationship.

SE is not like other projects. l The project is intangible. l There is no standardized solution process. l New projects may have little or no relationship.
Types of Risks 1.Project risks –Impact schedule and cost –Includes budgetary, schedule, personnel, resource, customer, requirement problems 2.Technical.

Types of Risks 1.Project risks –Impact schedule and cost –Includes budgetary, schedule, personnel, resource, customer, requirement problems 2.Technical.
Risk Management CS 414, Software Engineering I Mark Ardis, Rose-Hulman Institute January 28, 2003.

Risk Management CS 414, Software Engineering I Mark Ardis, Rose-Hulman Institute January 28, 2003.
CIS 375 Bruce R. Maxim UM-Dearborn

CIS 375 Bruce R. Maxim UM-Dearborn
8 Managing Risk Teaching Strategies

8 Managing Risk Teaching Strategies
Risk Management. What is risk? You have some expected outcome –Of some event in the future Risk is the deviation of the actual future outcome from the.

Risk Management. What is risk? You have some expected outcome –Of some event in the future Risk is the deviation of the actual future outcome from the.
Chapter 25 Risk Management

Chapter 25 Risk Management
Software Project Management

Software Project Management
Chapter 25 Risk Management

Chapter 25 Risk Management
1 RISK ANALYSIS AND MANAGEMENT By Hüseyin Gürsev 2005.

1 RISK ANALYSIS AND MANAGEMENT By Hüseyin Gürsev 2005.

Similar presentations

Ads by Google