Introduction to Continuous Risk Management

1
What is Continuous Risk Management?
 Continuous Risk Management is a software engineering practice with
processes, methods, and tools for managing risks in a project.
 It provides a disciplined environment for proactive decision-making to
• Assess continuously what could go wrong (risks)
• Determine which risks are important to deal with
• Implement strategies to deal with those risks

2
Why Do Continuous Risk Management?
 Continuous risk management helps people
• Avoid disasters
• Avoid rework
• Avoid overkill, and
• Stimulate win-win situations on software projects

3
Barriers to Effective Risk Management
Reasons for not doing risk management
• I don't have the time.
• It's not rewarded.
• It's a bureaucratic nightmare.
• I don't want to look stupid, especially in front of upper management.
• We already know our risks.
• I'll wait to see if they're serious before I put any effort into it.
• They shoot the messenger.
• We already have enough to do.

4
Benefits of Continuous Risk Management?
 Prevents problems before they occur
 Improves product quality
 Enables better use of resources
 Promotes teamwork

5
 Costs of Continuous Risk Management?
 Infrastructure Costs: those costs associated with implementing and
supporting risk management within an organization (e.g., setting up a
training program, purchasing common tools)
 Risk Management Costs: those costs associated with conducting risk
management activities within a project (e.g., time to document new
risks or write risk status reports)
 Mitigation Costs: those costs directly associated with mitigating a
specific risk to the project (e.g., the cost to carry out the mitigation
plans)
* The cost of performing continuous risk management must be balanced against the expected benefits.

6
Principles of Continuous Risk Management
7
Core Principle – Open Communication
 When members of the project team bring forward issues and concerns
about the project openly, it is referred to as open communication.
 Open communication requires:
• Encouraging free-flowing information at and between all project levels
• Enabling formal, informal, and impromptu communication
• Using consensus-based processes that value the individual voice

8
Defining Principles
 The defining principles focus on how the project sees risks, and how
ambitious it is about looking for and dealing with uncertainty.
1. Forward-Looking View: Develop the ability to look ahead, beyond
today's crisis to the consequences of that crisis and of the decisions the
project makes to deal with it. Forward-looking view requires:
• Thinking toward tomorrow, identifying uncertainties, anticipating
potential outcomes.
• Managing project resources and activities while anticipating
uncertainties.

9
Defining Principles
2. Shared product vision: This is the development of common understanding
of the objectives of the project and the goods and services it will produce for
the world. Shared product vision requires:
• Arriving at a mutual product vision based upon common purpose, shared
ownership, and collective commitment
• Focusing on results
3. Global perspective: This requires project members to escape the local
interests of groups within the project and within the organization to reach a
common view of "what's most important to the project“. It requires:
• Viewing software development within the context of the larger systems-level
definition, design, and development.
• Recognizing both the potential value of opportunity and the potential impact of
adverse effects. 10
Sustaining Principles
 The sustaining principles focus on how the project goes about its daily
business of Continuous Risk Management.
1. Integrated Management: Integrating continuous risk management tasks
into project routine. Integrated management requires:
• Making Continuous Risk Management an integral and vital part of project
management
• Adapting Continuous Risk Management methods and tools to a project's
infrastructure and culture.
2. Teamwork: Continuous Risk Management requires that the project
members find, analyze, and work risks together. Teamwork requires:
• Working cooperatively to achieve a common goal.
• Pooling talent, skills, and knowledge. 11
Sustaining Principles
3. Continuous process: The risk management processes must be part of daily,
weekly, monthly, and quarterly project management. Continuous process
requires:
• Sustaining constant vigilance.
• Identifying and managing risks routinely throughout all phases of the project's
life cycle.

12
Risk Terms and Definitions

13
What is Risk?
 Uncertainty: An event which may or may not happen.
 Loss: Unwanted consequences of an event.
 Risk: The possibility of suffering loss.
 In a development project, the loss describes the impact to the project which
could be in the form of diminished quality of the end product, increased
costs, delayed completion, or failure.
 Risk Statement: For a risk to be understandable, it must be expressed
clearly. Such a statement must include:
• A description of the current conditions that may lead to the loss
• A description of the loss or consequence.

14
Example of Risk
 A company has introduced object-oriented (OO) technology into its
organization by selecting a well-defined project "X" with hard schedule
constraints to pilot the use of the technology. Although many "X" project
personnel were familiar with the OO concept, it had not been part of their
development process, and they have had very little experience and training in
the technology's application. It is taking project personnel longer than
expected to climb the learning curve. Some personnel are concerned, for
example, that the modules implemented to date might be too inefficient to
satisfy project "X" performance requirements.
 The risk is: Given the lack of OO technology experience and training, there
is a possibility that the product will not meet performance or functionality
requirements within the defined schedule.
15
Example of Problem
 Another company is developing a flight control system. During system
integration-testing, the flight control system becomes unstable because
processing of the control function is not quick enough during a specific
maneuver sequence.
 The instability of the system is not a risk since the event is a certainty-it is a
problem.

16
Continuous Vs Non-Continuous Risk Management
 Continuous Risk Management: Risks are assessed continuously and used
for decision-making in all phases of a project. Risks are carried forward and
dealt with until they are resolved or they turn into problems and are handled
as such.
 Non-Continuous Risk Management: Risks are assessed only once during
initial project planning. Major risks are identified and mitigated, but risks are
never explicitly looked at again.

17
Risk Management Paradigm

18
Functions of Continuous Risk
Management

19
Principles and the Paradigm
 Identify
• Continuous Process
• Open Communication
• Forward-Looking View
• Teamwork
 Analyze
• Continuous Process
• Open Communication
• Forward-Looking View
• Global Perspective
• Shared Product Vision 20
Principles and the Paradigm
 Plan
• Continuous Process
• Integrated Management
• Shared Product Vision
• Global Perspective
• Forward-Looking View
• Teamwork
• Open Communication
 Track
• Open Communication
• Continuous Process
• Forward-Looking View and Global Perspective
• Integrated Management 21
Principles and the Paradigm
 Control
• Open Communication
• Integrated Management
• Shared Product Vision
• Global Perspective
 Communicate
• Open Communication
• Teamwork

22