Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management Introduction -DS- 20031 Software Risk Management an Introduction Dindin Sjahril 2005.

Published byElvin Phelps Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk Management Introduction -DS- 20031 Software Risk Management an Introduction Dindin Sjahril 2005."— Presentation transcript:

1 Risk Management Introduction -DS- 20031 Software Risk Management an Introduction Dindin Sjahril 2005

2 Risk Management Introduction -DS- 2003 2 Risk Management “If you don’t actively attack risks, they will attack you” - Tom GilbTom Gilb Risk management is still looked upon as bad news - and messengers are still shot However, risks are problems which haven’t happened yet; the key is ‘yet’

3 Risk Management Introduction -DS- 2003 3 Are you a risk taker ? Averse…. Neutral….. Takers… Temperament Experience Skill Set The day of the week

4 Risk Management Introduction -DS- 2003 4 Are you a risk taker ? Who own risk ? Project Manager Project Sponsor Day to day responsibilities Overall responsibilities Project deliverables / Realisation of the benefit Set risk tolerance Risk project management

5 Risk Management Introduction -DS- 2003 5 Types of Risk Internal Risk Project Constraining risk External Risk Organisation Socio economy, political, legal, regulatory, Culture, etc Contract, corporate risk maturity, risk policies. Technology maturity, etc Resources availibility, Depedencies, technical complecity, Bug rate, etc. Note to Identify major risk to project delivery, all three area will require examinations

6 Risk Management Introduction -DS- 2003 6 Common Projects Risk Unavailability of key staff Reliance on a few key personnel Instability and lack of continuity in project staffing Lack of staff commitment, low morale Low productivity Lack of client support Lack of user support Lack of contact person’s competence Inaccurate metrics Lack of organizational maturity Lack of quantitative historical data Inaccurate cost estimating Excessive schedule pressure Inadequate configuration control Excessive reliance on a single development improvement Excessive paperwork Unreliable subproject delivery Creeping user requirements Unnecessary features Large and complex project Immature technology Complex application Large number of complex external interfaces Incapable project management Project manager unavailable Lack of experience with project’s platform/environment/methods Lack of experience with the software product type Lack of experience in the user environment/operations Lack of senior management commitment

7 Risk Management Introduction -DS- 2003 7 Levels of Risk Management 1. Crisis Management - everything’s broken 2. Fix on failure - something broke? Fix it! 3. Risk mitigation - what will we do when it breaks?

8 Risk Management Introduction -DS- 2003 8 Levels of Risk Management 4. Prevention - how keep it from breaking? 5. Eliminate root causes - why could it break?

9 Risk Management Introduction -DS- 2003 9 Principles [SEI 2003] Global perspective Forward-looking view Open communications Integrated management Continuous process Shared product vision Teamwork

10 Risk Management Introduction -DS- 2003 10 Risk Assessment & Control Risk Assessment  Identification – what are the risks? Make a list! (Or borrow one for ideas)  Analysis – assess risk likelihood and impact; find possible alternatives  Prioritization – which risks to focus on? Sort risks by impact...

11 Risk Management Introduction -DS- 2003 11 Risks Criticity

12 Risk Management Introduction -DS- 2003 12 Risk Impact/Probability Matrix Severity / ProbabilityVery HighHighMediumLowVery Low CatastrophicHigh Moderate Low CriticalHigh ModerateLowNone MarginalModerate LowNone NegligibleModerateLow None

13 Risk Management Introduction -DS- 2003 13 Risk Assessment & Control Risk Control  Management planning – mitigation planning, ensure consistency among plans  Resolution – actively manage and resolve each risk when it occurs  Monitoring – track progress toward risk resolution; and identify new risks

14 Risk Management Introduction -DS- 2003 14 Risk Identification Look for risks  In all of the major areas of the project - resources, tools, process, and product  In management areas - cost, schedule, level of effort  In the Classic Mistakes and Fundamentals  In every area your customer cares about!

15 Risk Management Introduction -DS- 2003 15 Risk Identification Risk identification has two different meanings:  Define what risks might occur (as previously described), and then analyze them  Be able to tell when a risk has taken place (which sets the stage for risk monitoring and mitigation)

16 Risk Management Introduction -DS- 2003 16 Risk Analysis Risk Exposure (Impact) Calculation  Estimate Size of Loss; what is result of risk?  Estimate Probability of loss, based on corporate history, industry norms, or educated guesses  Multiply Size & Probability to get task Overrun due to that risk

17 Risk Management Introduction -DS- 2003 17 Risk Analysis  Add task Overrun to the estimated task duration  Repeat for every significant risk

18 Risk Management Introduction -DS- 2003 18 Risk Exposure Calculation Suppose a task, “Define requirements for GUI”, has an estimated duration of 30 days.

19 Risk Management Introduction -DS- 2003 19 Risk Exposure Calculation If we know, based on historic data, that there is a 20% chance of this task running over by 10 days, the task overrun is 0.20*10 = 2 days. Hence in the schedule we should allow 30 + 2 = 32 days for this task, not just 30.

20 Risk Management Introduction -DS- 2003 20 Risk Prioritization Sort risks by descending task overrun This will automatically identify risks with the highest task overrun Focus on those risks most, since you have the most to lose if you don’t!

21 Risk Management Introduction -DS- 2003 21 Risk Control Risk Management Planning Risk Resolution Risk Monitoring

22 Risk Management Introduction -DS- 2003 22 Risk Management Planning For each risk, identify how risk is to be identified, managed, monitored, and closed out. Consider:  What is the risk,  Where and When might the risk occur,  Who is responsible for managing that risk,  Why does the risk exist, and  How will the risk be handled if it occurs?

23 Risk Management Introduction -DS- 2003 23 Risk Management Planning Similar to security analysis:  Identify threats  Prevent threats  Detect threats (not trivial with information systems!)  Mitigate (reduce) the effects of the threats

24 Risk Management Introduction -DS- 2003 24 Risk Resolution Avoid the risk (have someone else do it) Transfer risk to another area (e.g. redesign) Investigate the risk to better understand it (e.g. use prototype or consultant to clarify) Eliminate the cause of the risk (defect prevention)...

25 Risk Management Introduction -DS- 2003 25 Risk Resolution Assume the risk will occur and cope with minor impact Publicize the risk - well known risks are easier to avoid, and less shocking if they do occur Control the risk - implement mitigation strategy Remember the risk - keep lessons learned!

26 Risk Management Introduction -DS- 2003 26 Risk Monitoring Develop and maintain top 10 risk list Conduct postmortems after each major project event (milestone) - collect and record lessons learned Assign a risk officer - a devil’s advocate, if you will - to keep pestering with “what if...” situations Don’t be afraid to discuss risks openly

27 Risk Management Introduction -DS- 2003 27 Top 10 Risks List Develop a list of the ten most serious risks, their status, and mitigation plans Review and update each week Raises awareness of risks, and helps detect (identify) them

28 Risk Management Introduction -DS- 2003 28 Risk Management Tasks Develop Risk Management Plan  May take from one week to several months, depending on project size  Results in approval of Risk Management Plan

29 Risk Management Introduction -DS- 2003 29 Risk Management Tasks Update Risk List at a weekly status meeting  Update existing risks, add new ones as needed Reevaluate Risk Management Plan every 3 months to year, depending on project size

30 Risk Management Introduction -DS- 2003 30 Risk Management Tasks Be sure to account for the following ongoing risk management activities:  Risk identification (what could happen?)  Risk management planning Risk analysis and prioritization (what would result?)  Risk resolution (mitigation strategy)  Risk monitoring (has it happened?)

31 Risk Management Introduction -DS- 2003 31 Risk Management Tasks For each risk, describe:  Risk number, name, and description  The Loss Hours, Probability, and Impact of each risk; sorted by descending Impact  How each risk will be: prevented (keep it from happening), identified (know when it has happened), and mitigated (managed once it has happened)

Download ppt "Risk Management Introduction -DS- 20031 Software Risk Management an Introduction Dindin Sjahril 2005."

Similar presentations

1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.

1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.
Project What is a project A temporary endeavor undertaken to create a unique product, service or result.

Project What is a project A temporary endeavor undertaken to create a unique product, service or result.
Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.

Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.
Overview Lesson 10,11 - Software Quality Assurance

Overview Lesson 10,11 - Software Quality Assurance
Computer Engineering 203 R Smith Risk Management 7/2009 1 Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks.

Computer Engineering 203 R Smith Risk Management 7/ Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks.
1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.

1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.
Software project management (intro)

Software project management (intro)
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Managing Project Risk.

Managing Project Risk.
Software Project Risk Management

Software Project Risk Management
Readiness Index – Is your application ready for Production? Jeff Tatelman SQuAD October 2008.

Readiness Index – Is your application ready for Production? Jeff Tatelman SQuAD October 2008.
CSE Senior Design I Risk Management Instructor: Mike O’Dell This presentations was derived from the textbook used for this class: McConnell, Steve, Rapid.

CSE Senior Design I Risk Management Instructor: Mike O’Dell This presentations was derived from the textbook used for this class: McConnell, Steve, Rapid.
Part II Project Planning © 2012 John Wiley & Sons Inc.

Part II Project Planning © 2012 John Wiley & Sons Inc.
Charting a course PROCESS.

Charting a course PROCESS.
© 2005 Prentice Hall14-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.

© 2005 Prentice Hall14-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.
PRM 702 Project Risk Management Lecture #28

PRM 702 Project Risk Management Lecture #28
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Risk management in Software Engineering T erm Paper By By Praveenkumar Sammita Praveenkumar Sammita CSC532 CSC532.

Risk management in Software Engineering T erm Paper By By Praveenkumar Sammita Praveenkumar Sammita CSC532 CSC532.

Similar presentations

Ads by Google