Upload
saqib-raza
View
39
Download
0
Embed Size (px)
Citation preview
Risk Management
Final 8-1Syed Saqib Raza Rizvi
What is Risk??No exact Definition
“Any uncertain factor which can bring loss or unwanted situation in software project
“
What is Risk??•A risk is a potential problem – it might happen and it might not
•Conceptual definition of risk•Risk concerns future happenings•Risk involves change in mind, opinion, actions, places, etc.
•Two characteristics of risk•Uncertainty – the risk may or may not happen, that is,
there are no 100% risks (those, instead, are called constraints)• Loss – the risk becomes a reality and unwanted
consequences or losses occur
What is Risk Management??
“Series of systematic steps that helps software team to understand and
manage uncertainty or risk”
Why Risk Management??• Software is difficult undertaking
• Huge investments, time, human resources are on stake
• Futures, careers, company reputation depends upon a project
• Lots of things can go wrong or not according to plan
•No plan is 100% secure
Who Perform Risk Analysis??•Every stakeholder participates in Risk analysis
management according to the role.
What is the Outcome?? RMMM: Risk Mitigation, Monitoring, Management
plan document.
Risk Management Strategies:•Reactive: Risk management or react after its appearance
(for e.g. Indiana Jones)
Not every project manager is to smart
•Pro-Active: Risk management or planning before its appearance (for e.g. James Bond 007)
Types of Risk??•Project Risks
•Technical Risks
•Business Risks
Project Risks:•Threaten project plans
•May cause project over budget and cross delivery deadlines• Identify budgetary, schedule, personal (staff),
resource, etc•Change in clients requirements, technology, etc with
respect to time and there impact on software life cycle
Technical Risks:•Threaten quality of software product
• If any technical risk becomes reality implementation becomes almost impossible• Identify design, code, implementation, interface and
maintenance issues•Technical risks mostly arises when we consider a
problem easy to implement but in reality its not.
Business Risks:•Threaten product from business point of view
•ROI issues
•Sale/Marketing of Product
•End Users feedback
•All tangible expectations from project
Business Risks Examples:•Excellent built product but no one really wants it
(Market Risk).•Good product but not fits in current business
scenarios (Strategic Risk).•Product which no one would buy (Sales Risk).• Loosing support from upper management (Management Risk).Loosing budget or personal commitment (Budget
risk).
Categories of Risk:•Predictable Risks: Explored from past experiences, for e.g. poor communication with customers, working
in new or unfamiliar domain, poor staff efforts etc.
•Un-Predictable Risks: They may occur extremely difficult to identify predict
in advance, only flexible pre-planning is the way to handle them.
Steps of Risk Management:•Recognize Risk: What can go wrong??
•Analyze Risk: What sort of damage it does
•Rank Risk: According to impact
•Develop Plan: Finally plan is develop to manage risk
Risk Recognition or Identification:• First step towards avoiding them• Systematic attempt to specify threats• Two distinct type of risks can be identified:• Product Specific Risks: Identification of scope and special characteristics of your
software Can be specified by those who have clear understanding of
current technology, people, environment, market situation etc, that is specific to software that is to be built.• Generic Risks: They are potential threats to all software projects
Risk Identification:• One method is to create risk checklist:
• Product Size: Risk associated with overall size• Business Impact: Impact on market• Customer Characteristics: Customer interests, knowledge
and developers ability to communicate• Development Environment: Availability & quality of tools• Technology to be built: Overall complexity of a system• Staff size and experience: Experience and skills of team.
Risk Analysis or Projection:• Also called risk estimation or risk analysis• Attempt to specify each risk in two ways:
• Probability that risk is real• Consequences or Impact of risk Planners & technical staff perform risk projection in four steps:
1. Establish scale of risk2. Delineate the consequences of risk3. Estimate the impact on project4. Note overall accuracy of risk projection
Risk Analysis or Projection:•Delineate the consequences of risk
“Assign probability of to each risk according to the general possibility of occurrence”
For e.g.:Technology will not meet the requirement 30%Customer will change the requirements 70%
Risk Rank:•1. Establish scale of risk
Impact Values:4 ----- Catastrophic3 ----- Critical2 ----- Marginal1------ Negligible
R.E = Probability * Category
Risk Analysis or Projection:•3. Estimate the impact on project
RISK Category Probability Risk Exposure
Larger number of users then plan
Critical 30% 90
Delivery Deadline will be tighten
Marginal 70% 140
Lack of training on toll Catastrophic 30% 120
Staff inexperience Negligible 50% 50
Less reuse then plan Critical 40% 120
Risk Analysis or Projection:•Example:
Risk Identification:
For developing an application only 70% of application components was pre-built, 30 % of application is to be
built
Risk Probability: 80%
Risk Impact: 60 reusable components were plan, 18 components has to be
develop from scratch.
Risk Analysis or Projection:•Example:
The average component has 100 LOC Say engineering cost of per LOC = 9 $
The over all cost impact to develop the components will be:
Impact = 18 * 100 * 9 = 16,200 $
Risk Exposure = 0.8 * 16200 = ±12,960 $
Risk Mitigation, Monitoring & Management• The RMMM plan may be a part of the software development
plan or may be a separate document• Once RMMM has been documented and the project has begun,
the risk mitigation, and monitoring steps begin• Risk mitigation is a problem avoidance activity• Risk monitoring is a project tracking activity
• Risk monitoring has three objectives• To assess whether predicted risks do, in fact, occur• To ensure that risk aversion steps defined for the risk are being properly
applied• To collect information that can be used for future risk analysis
• The findings from risk monitoring may allow the project manager to ascertain what risks caused which problems throughout the project
THE END