Professional Documents
Culture Documents
Look Out!!
If you don't actively attack the risks, they will actively attack you.
-Tom Gilb
Risk Definitions
Risk is the potential for realization of unwanted negative consequences of an event.
[Rowe, William D. An Anatomy of Risk 1988]
Risk Characteristics
uncertainty - an risk may or may not happen loss - an risk has unwanted consequences or losses
MIS Risks
Inadequate conf. Control 50 Cost overruns Low quality Excessive schedule pressure Creeping user requirements
55 60 65 80
35 50 60 65 70
Litigation expense 30 Harmful competitive actions 45 Excessive time to market Low user satisfaction Inadequate user documentation
50 55 70
Unusable software
45 70 75 85 90
Legal ownership 20 Unanticipated 30 acceptance criteria Creeping user requirements Contractor Vs client friction High maintenance costs
45 50 60
50 60 65 80
Non-transferable applications
Risk Analysis
Risk Identification Risk Projection Risk Assessment Risk Management
Risk Identification
Project Risks Technical Risks Business Risks
Project Risks
Potential budgetary, schedule, personnel, resources, customer and requirements problems and their impact. Project complexity, size and structural uncertainty are determining factors.
Technical Risks
Potential design, implementation, interfacing, verification and maintenance problems. Specification ambiguity, technical uncertainty, technical obsolescence and ``leading edge'' technology.
Business Risks
Market Risk : building a product that no one really wants. Product Risks: building a product that no longer fits into the overall product strategy for the company. building a product that the sales force doesn't understand how to sell. Management Risk: losing the support of senior management due to a change in focus or people. Budget Risk: losing budgetary or personnel commitment.
Risk-item checklist
Product size Business impact Customer characteristics Process definition Development environment Technology to be built Staff size and experience
Technology risks
Is the technology to be built new to your organization? Do the customers requirements demand the creation of new algorithms or input or output technology? Does the software interface with new or unproven hardware? Does the software to be built interface with vendorsupplied software products that are unproven? Does the software to be built interface with a database system whose function and performance have not been proved in this application area? Is a specialized user interface demanded by product requirements?
Technology risks
Do requirements for the product demand the creation of program components that are unlike any previously developed by your organization? What percentage of components are new? Do requirements demand the use of new analysis, design, or testing methods? Do requirements demand the use of unconventional software development methods, such as formal methods, AI (artificial intelligence)-based approaches, or artificial neural networks? Do requirements put excessive performance constraints on the product? Is the customer uncertain that the functionality requested is doable?
Attempts to rate each risk in two ways: Likelihood that the risk is real. Consequences of the problems associated with the risk, should it occur.
Probability Quantification
impossible to improbable (0, 0.4) probable (0.4, 0.7) frequent (0.7, 1) value
Risk Drivers
Performance
Cost
Requirements Requirements Constraints Technology Dev. approach Personnel Reusable SW Tools, env
Impact Assessment
Cost
Schedule
support
Risk Assessment
impossible 0
G HI
H
E AT R DE
MO
NONE
OW L
Risk Assessment
Risks can be represented as a set of triplets of the form: [r,l,x] where r is risk l is the likelihood (probability) of the risk x is the impact of the risk.
Risk Assessment
During risk assessment the following actions occur: An examination of the accuracy of the estimates made during risk projection. A prioritization of the risks that have been uncovered. A preliminary examination of the ways to control and/or avert likely risks.
Seven-stage Hierarchy
7. Management of change 6.Anticipation 5. Elimination of root causes 4. Prevention 3. Mitigation 2. Fix on failure 1. Crisis management
RMMP Outline
I. Introduction II. Risk analysis III. Risk management IV. Appendixes
RMMP - Introduction
A. Scope and purpose of document B. Overview
1. Objectives, 2. Risk aversion priorities
C. Organization
1. Management, 2. Responsibilities, 3. Job descriptions
B. Risk estimation
1. Estimate probability of risk, 2. Estimate consequence of risk, 3. Estimation criteria, 4. Possible sources of estimation error
C. Evaluation
1. Evaluation methods to be used, 2. Method assumptions and limitations, 3. Risk referents, 4. Results
IV. Appendixes