Professional Documents
Culture Documents
1
What can Possibly Go Wrong?
What risks does a student undertaking a project encounter?
How can we mitigate the damage?
-Computer related:
Loss of a file;
Loss of a memory stick;
Loss/ damage of a hard drive
Loss/ damage of a computer
-Human related:
2
What can Possibly go Wrong?
Consider the “average” project:
Testing takes longer than planned – cannot resolve bugs
Supplier cannot deliver product on schedule
Critical engineer:-
Has accident;
Becomes a parent;
Leaves project/company
Change of ownership.
Major downsizing;
3
Software Project Risks
Risk Categories: (Project, technical and organizational)
i) Project management risks – threaten project plan, i.e. affect the schedule, and
costs .
Key: -Identify potential budgetary, schedule, personnel, resource , stakeholder
& requirements problems & their impact on the software project
Project complexity, i.e. size & the degree of structural uncertainty contribute
towards project risks
4
S/W Project Risk Categories
ii) Technical Risks – Affect quality and performance of the software
-If it happens, renders implementation difficult or impossible
Key - identify potential design, implementation , interface , verification &
maintenance problems
-Sources of technical risks are:
User requirements uncertainty,
technical obsolescence,
cutting edge technology,
unrealistic performance goals
5
S/W Project Risk Categories
iii/ Organizational Risks – Threaten software viability, can be:-
Unrealistic scope, cost and schedule objectives
Resource conflict due to multiple projects running simultaneously
Lack of project funding
Loss of project champion
Change in management
6
Seven Principles of Risk Management
7
Seven Principles of Risk management
4. Integrate— Risk management must be integrated into
the software process.
5. Emphasize a continuous process—the team must be
vigilant throughout the software process, modifying
identified risks as more information is known and adding
new ones as better insight is achieved.
6. Develop a shared product vision—if all stakeholders
share the same vision of the software, it is likely that
better risk identification and assessment will occur.
7. Encourage teamwork—the talents, skills, and
knowledge of all stakeholders should be pooled for
effective risk management.
8
10
A Project Risk Identification Framework
11
Examples: Monthly bill, it comes every month but with varying amounts.
12
ii. Categorize external/internal
External risks – originate from sources outside the project, &
project managers & stakeholders have little control over them
Examples:
• New laws or regulations
• Labor issues
• Weather
• Natural disasters – these require disaster recovery
techniques
14
Risk Management Plan Structure
15
Risk Identification Techniques
17
Example Risk Checklist
Risk Sources Risk Level
Status of implementation
1.No plan required None
2.Standard plan, existing, complete Low
3.Plan being prepared Medium
4.Plan not started High
No of interfaces between modules
1.Less than 5 None
2.5 – 10 Low
3.11 – 20 Medium
4.More than 20 High
% of System components requiring tests
1.0 – 1 None
2.2 – 10 Low
3.11 – 30 Medium
18
4.Over 30 High
Example Risk Checklist
Suppose an upcoming project will use a standard completed
plan, have eight modules, and will test 15 percent of the system
components.
Using the checklist above the risk ratings for the project are:
Status of implementation – Low
Interfaces between modules – Low
% of System components requiring tests – Medium
As team experience grows with completed projects, the
checklists are expanded and updated
19
Risk Identification Techniques
4. Influence Diagrams, - a variation of the Ishikawa diagram
Shows risk factor interdependencies
To construct an influence diagram:
List all identified risks and space them out
Identify those risk factors influencing or influenced by
others
Show risk factor influence by means of arrows
Keep number of risks minimum (< 15) to avoid clutter
Risks with the most influences are most important
20
Influence Diagram Example
21
I.2, S.1 and S.2 most significant
Risk Register
• Identified risks are entered into a risk register
• A tool for documenting potential risk events and related
information
• Shows both negative and positive risks
• Example negative risks: performance failure, delay in task
• Example positive risks: completing work sooner than planned,
collaborating with suppliers to produce better products
24
Qualitative Risk Analysis
Rates project risks according to their probability (likelihood)
and impact.
Risk probability - likelihood that a risk event may happen,
Risk impact - consequence the result of the risk event will
have on the project objectives.
Each risk is measured based on its likelihood and its impact.
25
Quantifying Risk Probability
For most situations, use of a five-point Likert scale is
appropriate:
Highly unlikely (p < 20%)
Unlikely (20% < p < 40%)
About even (40% < p < 60%)
Likely (60% < p < 80%)
Highly likely (p > 80%)
For less well-defined situations, use a three-point scale: High
(p > 75%) ;Moderate (35% < p < 75%)
Low (p < 35%)
26
Risk Impact
Risk impact is the result of a risk hazard
materializing.
Specified in terms of time, cost, and quality
Risk impact can be expressed as a qualitative
rating such as high, medium, or low
Measures are subjective, dependent on team.
27
Quantifying Impact, Example
28
Risk Consequence
Combined effect of likelihood and impact
Also known as risk exposure
Risk consequence can be expressed as:-
Likelihood x impact
32
Risk Response
I/ Risk Elimination / Avoidance– Seeks to identify means to completely avoid the
risk or taking an alternative course of action
Examples of avoidance include:
• Changing the project plan to eliminate the risk.
• Clarifying project requirements to avoid discrepancies.
• Hiring additional project team members that have experience with the
technology that the project deals with.
• Using a proven methodology rather than a new approach
Reducing the scope of the work by removing from the project the work
package that causes the risk.
This may result in diminished pay off opportunities
Better reduce the risk, than to completely avoid it.
33
Risk Response
II/ Mitigating/Reducing the risk - Effort to reduce the probability and/or impact
of an identified risk in the project.
The following are recommended for reducing the risk's likelihood & impact:-
• Simplifying the processes within the project
• Completing more tests on the project work before implementation
•Developing prototypes, simulations, and limited releases
34
Risk Response
Deflecting the risk – Transfers the risk to another party
May involve contracting & insurance.
Contracts can be of the following forms:-
Fixed price contract-A detailed scope of work showing costs for labour, equipment,
inflation & risk is created for the contract.
Cost plus contract-Flexible contract that allows for changes in costs as project
progresses.
Turnkey contract -Contractor takes over project from design to finish, similar to off
the shelf software products.
35
Risk Response
Contingency Planning – Involves preparing a plan of action to cope with the risks
Risks closely monitored so that if a trigger symptom is detected, the contingency
course of action is adopted
Several contingency plans can be developed based on the what if analysis
Risk Acceptance/ Do nothing – For impacts that are not severe or those whose
cost is estimated to exceed the benefit, the response might be to ignore
Note; Risk responses might trigger other risks
36