Software Risk Management

Chapter One: Introduction to Software Risk Management

 Outline
 Risk
 Risk management
 Principle of risk management
 Paradigm of risk management
 Software risk management
 Cost and benefit

I always tried to turn every disaster into an opportunity .

—John D. Rockefeller
 Introduction to software risk management

 Definitions of risk
 The possibility of suffering harm or loss; danger”
 A measure of the probability & severity of adverse effects”
 Risk is future uncertain events with a probability of occurrence and
potential for loss
 Risk is the probability of failing to achieve particular costs,
performance, schedule and objectives.
 Risk Exposure = Prob(Loss) x Size(Loss)

06/12/2022 Compiled by Abdulaziz K.

 Types Of Risks In Software Project
Software risk can be defined as a measure of the probability and severity of
adverse effects inherent in the development of software that does not meet its
intended functions and performance requirements
 Technical risks
Include problems with languages, project size, project functionality,
platforms, methods, standards, or processes.
 Personnel risks
Include staffing lags, experience and training problems, ethical and moral
issues, staff conflicts, and productivity issues.
 Management risks
Include lack of planning, lack of management experience, communications

06/12/2022
problems, organizational issues, lack of authority, and control problems.
Compiled by Abdulaziz K.
 Cont…
 Contractual and legal risks
Include changing requirements, market-driven schedules, health
&safety issues, government regulation, and product warranty issues.
 Financial risks
Include cash flow, capital and budgetary issues, and return on
investment constraints.
 Other resource risks

Include unavailability or late delivery of equipment & supplies,

inadequate tools, inadequate facilities, distributed locations,
unavailability of Computer resources, and slow response times.

06/12/2022 Compiled by Abdulaziz K.

 Risks in system context

06/12/2022 Compiled by Abdulaziz K.

 Risk management

 The art of managing of the risks effectively so that the WIN-WIN

situation and friendly relationship is established between the team and
the customer is called Risk Management.
 Risk management is a systematic approach to reducing the harm due to
risks, making the project less vulnerable and the product more robust.
 The objective of risk management is to reduce the harm due to risks.

 Risk management also aims to read risks as improvement opportunities

and provide inputs to growth plans.
 Risk management reduces a project's risk exposure and reducing
exposure makes good business sense.

06/12/2022 Compiled by Abdulaziz K.

 Cont..
 Risk management is carried out to

1) Identify the risk

2) Reduce the impact of risk

3) Reduce the probability of risk

4) Monitoring the risk

06/12/2022 Compiled by Abdulaziz K.

 Benefit of risk management

 Primary (direct) Benefits of risk Management.

 Targets are met.
 The project is saved from major risks.
 The project is less vulnerable to risks.
 People are prepared and ready to solve
problems.
 Products become more reliable.
 Cost of poor quality drop.

06/12/2022 Compiled by Abdulaziz K.

 Cont…
 Secondary Indirect Benefits

 Improvement in goal setting,  Alternative approaches

estimation, and planning.  Process optimization

 Proactive strategies
 Pragmatic decision making
 Problem-solving culture
 Better process management
 Teamwork and group thinking
 Continued improvement

06/12/2022 Compiled by Abdulaziz K.

 Software Risk management

 Software Risk Management is a software engineering

practice with processes, methods, and tools for managing
risks in a software project.
 It provides a disciplined environment for proactive
decision making to assess continuously what could go
wrong, determine which risks are important to deal with,
and implement strategies to deal with those risks.

06/12/2022 Compiled by Abdulaziz K.

 Major Reasons for Implementing Software Risk
Management [Boehm -89]:

 Avoiding software project disasters.

 Avoiding rework caused by erroneous, missing, or ambiguous
requirements, design or code.
 Avoiding overkill with detection and prevention techniques in areas
of minimal or no risk.
 Stimulating a win-win software solution where the customer
receives the product they need and the vendor makes the profits they
expect.

06/12/2022 Compiled by Abdulaziz K.

 Principles of Risk Management
 Global Perspective
 In this we look at the larger system definitions, design and
implementation.
 We look at the opportunity and the impact what the risk is going
to have.
Forward Looking View
 Looking at the possible uncertainties that might creep up.
 We also think for the possible solutions for those risks that might
occur in the future.
 Open Communication
 This enables the free flow of the communication between the end
users and the development team so that they can clarify the risks.
 Encourage all the stakeholders and users for suggesting risks at
any time.

06/12/2022 Compiled by Abdulaziz K.

 Cont..
 Integrated management
 Risk management is made an integral part of the project
management during this phase.
 A consideration of risk should be integrated into the software
process.

 Continuous process
 Risks are tracked continuously throughout the risk
management paradigm during this phase.
 Modify the identified risk than the more information is known
and add new risks as better insight is achieved.

06/12/2022 Compiled by Abdulaziz K.

 Risk Management Paradigm
 Identify: Search for the risks before they create a major
problem
 Analyze: understand the nature , kind of risk and Gather
information about the risk.
 Plan: convert them into actions and implement them.

 Track: we need to monitor the necessary actions.

 Control: Correct the deviation and make any necessary
amendments.

06/12/2022 Compiled by Abdulaziz K.

 Software risk management Process model

 Capability Maturity Model Integration (CMMi

standard).
The CMMi standard has prescribed guidelines for risk
management.
There are three major steps in managing risks:

06/12/2022 Compiled by Abdulaziz K.

 Cont…

The Capability Maturity Model Integration (CMMi) suggests

institutionalizing risk management through a set of practices:

 Establish an organizational  Identify and involve relevant

policy. stakeholders.
 Establish a defined process.  Monitor and control the process.
 Plan the process.  Collect improvement
 Provide resources. information.
 Assign responsibility.  Objectively evaluate adherence.
 Train people.  Review status with higher-level
management.
 Manage configurations.

06/12/2022 Compiled by Abdulaziz K.

 Software risk management steps & techniques

Boehm's risk
management model

06/12/2022 Compiled by Abdulaziz K.

 Reasons We Don't Do Risk Management
 Our culture has evolved such that owning up to risks is often
confused with defeatism.
 It's not rewarded.
 Nobody wants to hear about what we can't do.
 An inadequate infrastructure to support effective risk
management.
 A lack of a systematic and repeatable method to identify,
analyze and plan risk mitigation.
 Acknowledging risk can cancel a project is forbidden.

06/12/2022 Compiled by Abdulaziz K.

 summary
 Continuous software Risk Management is a software
engineering practice with processes, methods, and tools for
managing risks in a project.
 It provides a disciplined environment for proactive decision-
making to.
assess continuously what could go wrong (risks)

determine which risks are important to deal with

implement strategies to deal with those risks

06/12/2022 Compiled by Abdulaziz K.

 ! ! !
o u
y
nk
h a
T
06/12/2022 Compiled by Abdulaziz K.