You are on page 1of 27

What is risk?

A risk is a possibility of loss.
Undesirable outcome. Missed opportunity.

Anatomy of a risk
Probability of occurrence Risk Consequence: size of loss


What is Risk? Risk is characterised by Uncertainty is characterised by Loss is defined by Probability Impact Timing Expectations is valued by Stakeholder Objectives Risk = Probability x Impact 3 .

Problems & Risks ‡ Problems ± Exist Today ± Current Effect of Past Decisions ‡ Risks ± Potential Problems ± Future Effect of Current Decisions Past Present Problem Future Decisions Decisions Risk 4 .

Risk Management Risk management is a systematic process for the identification. property. control and communication of risks to life. assessment. or other valued objects 5 .

risk mitigation and risk reduction and monitoring the effectiveness of these measures Risk tolerance is how much variation in outcome we can accept (financial.Risk Management Contd. time. Definition: The art of assessing and managing risks to ensure that the objective is accomplished within established tolerance levels Meaning: Risks that aren t known can t be managed Risks are managed by recognizing them. outcome etc) 6 .

Why is Risk Management Important To meet our contractual and internal commitments If we recognize where potential issues may arise we can manage them If we don t proactively identify issues the odds are that we won t be prepared to deal with them 7 .

Benefits of Risk Management Protection of the University reputation Realistic costings Proper allocations of resources Higher probability of meeting targets Full awareness of potential hazards for everyone Informed go/no-go decisions 8 .

Downsides of Risk Management Can take extra time to do Can be seen as pessimistic Ensuring that the risk management activities appropriate to the nature and scale of the activities is key Effective risk communication is vital 9 .

The Risk Management Process Identify risks Learn about risks Analyze risks Risk Knowledge Base Plan for risks Resolve risks Track risks 10 .

What is Enterprise Risk Management Definition: Enterprise Risk Management is the identification and management of all the risks within the organization Meaning: this term is an umbrella term that covers the integration of risk management from different parts of an organization 11 .

identify how risk is to be identified. monitored. Consider: ± What is the risk. and ± How will the risk be handled if it occurs? 12 . ± Where and When might the risk occur. and closed out. ± Why does the risk exist. managed. ± Who is responsible for managing that risk.Risk Management Planning ‡ For each risk.

13 . Alert customer of potential difficulties and the possibility of delays. Replace potentially defective components with boughtin components of known reliability. investigate buying-in components.Risk management strategies (i) Risk Organisational financial problems Recruitment problems Staff illness Defective components Strategy Prepare a briefing document for senior management showing how the project is making a very important contribution to the goals of the business. Reorganise team so that there is more overlap of work and people therefore understand each other¶s jobs.

Investigate buying in components.Risk management strategies (ii) Risk Requ rements ch nges Organisational restructuring Database performance Underestimated development time St at g Der ve tr ceab ty information to assess requirements change impact. repare a briefing document for senior management sho ing ho the pro ect is making a very important contribution to the goals of the business. maximise information hiding in the design. investigate use of a program generator 14 . Investigate the possibility of buying a higherperformance database.

15 . ‡ Also assess whether the effects of the risk have changed.Risk monitoring ‡ Assess each identified risks regularly to decide whether or not it is becoming less or more probable. ‡ Each key risk should be discussed at management progress meetings.

poor relationships amongst team member. m ny reported Poor st morale. demands for higher-powered workstations Many requirements change requests. lack o action by senior management eluctance by team members to use tools. failure to clear reported defects 16 . job availability rganisational gossip.Risk indicators Ris typ Technology People rganisational Tools equirements Estimation Potential indicato s L te delivery o h rd technology problems re or support so tw re. complaints about CASE tools. customer complaints Failure to meet agreed schedule.

Risk Types y Internal Risk: Probability of suffering losses because of inadequacies in process capability and organizational culture. y External Risk: Probability of suffering losses due to uncertainties in external conditions 17 .

Expressing Risk Basic Terms y Risk ID: A unique reference number given to each risk for traceability y Risk Probability: The likelihood of risk occurrence y Risk Impact: The level of damage if risk occurs 18 .

y Risk Origin: Source of risk (internal or external) y Risk Category: A group or class with a set of similar risks y Risk Exposure: The combination of risk probability and risk impact 19 .Expressing Risk Contd.

monitoring risk status. implementing risk resolution plans.Major Activities of Risk Management Two major activities of risk management are: y Risk Assessment: Discovery process of identifying source of risk and evaluating their potential effects y Risk Control: Process of developing risk resolution plans. and correcting for deviations from the plan 20 .

inadequate funding. 21 . external interfaces. vague or incomplete requirements. ineffective planning.Classification of software risks ‡ Software Project Risks ± Resource constraints. ‡ Software Product Risks ± Lack of domain expertise. ‡ Software Process Risks ± Undocumented software process. complex design. poorly understood legacy system(s). poor design process. poorly defined interfaces. supplier relationships. interteam/intergroup coordination problems. no defect prevention. lack of effective peer reviews. nonperforming vendors. poor requirements management. internal politics.


Risk Management Concepts The basic concepts of risk management are as follows: y Goal: We manage risk in relation to a specific goal and can effect only the work that remains to achieve the goal y Uncertainty: The likelihood that a loss will occur helps to determine the relative priority of the risk 23 .

there is no risk management. viable options tend to decrease. By managing risk. there is no risk. The loss can be either a bad outcome or a lost opportunity y Time: We need time to anticipate and prevent problems. y Loss: Unless there is a potential for loss. As time goes by. we reduce wasted time by using it our advantage y Choice: Unless there is a choice. Doing something or doing nothing should be a conscious choice 24 .Risk Management Concepts Contd.

Risk Driven Project Management y Project Visibility y Goal Setting y Product Development y Development y Maintenance y Supply Chain 25 .

Risks Vs Benefits Quadrant I High risk Low Benefit RISK Quadrant III Low risk Low benefit Quadrant IV Low risk High benefit Quadrant II High risk High Benefit GAIN 26 .

Why do software projects go wrong? y Inadequate understanding of customer needs y Poor requirements documents y Poor requirements management y Poor or no architecture/design y Code first and ask questions later y Poorly understood legacy design/code y No peer reviews to catch problems early y Inexperienced or incapable personnel y Ineffective testing misses serious defects 27 .