Risk Management

Final 8-1Syed Saqib Raza Rizvi

What is Risk??No exact Definition

“Any uncertain factor which can bring loss or unwanted situation in software project

“

What is Risk??•A risk is a potential problem – it might happen and it might not

•Conceptual definition of risk•Risk concerns future happenings•Risk involves change in mind, opinion, actions, places, etc.

•Two characteristics of risk•Uncertainty – the risk may or may not happen, that is,

there are no 100% risks (those, instead, are called constraints)• Loss – the risk becomes a reality and unwanted

consequences or losses occur

What is Risk Management??

“Series of systematic steps that helps software team to understand and

manage uncertainty or risk”

Why Risk Management??• Software is difficult undertaking

• Huge investments, time, human resources are on stake

• Futures, careers, company reputation depends upon a project

• Lots of things can go wrong or not according to plan

•No plan is 100% secure

Who Perform Risk Analysis??•Every stakeholder participates in Risk analysis

management according to the role.

What is the Outcome?? RMMM: Risk Mitigation, Monitoring, Management

plan document.

Risk Management Strategies:•Reactive: Risk management or react after its appearance

(for e.g. Indiana Jones)

Not every project manager is to smart

•Pro-Active: Risk management or planning before its appearance (for e.g. James Bond 007)

Types of Risk??•Project Risks

•Technical Risks

•Business Risks

Project Risks:•Threaten project plans

•May cause project over budget and cross delivery deadlines• Identify budgetary, schedule, personal (staff),

resource, etc•Change in clients requirements, technology, etc with

respect to time and there impact on software life cycle

Technical Risks:•Threaten quality of software product

• If any technical risk becomes reality implementation becomes almost impossible• Identify design, code, implementation, interface and

maintenance issues•Technical risks mostly arises when we consider a

problem easy to implement but in reality its not.

Business Risks:•Threaten product from business point of view

•ROI issues

•Sale/Marketing of Product

•End Users feedback

•All tangible expectations from project

Business Risks Examples:•Excellent built product but no one really wants it

(Market Risk).•Good product but not fits in current business

scenarios (Strategic Risk).•Product which no one would buy (Sales Risk).• Loosing support from upper management (Management Risk).Loosing budget or personal commitment (Budget

risk).

Categories of Risk:•Predictable Risks: Explored from past experiences, for e.g. poor communication with customers, working

in new or unfamiliar domain, poor staff efforts etc.

•Un-Predictable Risks: They may occur extremely difficult to identify predict

in advance, only flexible pre-planning is the way to handle them.

Steps of Risk Management:•Recognize Risk: What can go wrong??

•Analyze Risk: What sort of damage it does

•Rank Risk: According to impact

•Develop Plan: Finally plan is develop to manage risk

Risk Recognition or Identification:• First step towards avoiding them• Systematic attempt to specify threats• Two distinct type of risks can be identified:• Product Specific Risks: Identification of scope and special characteristics of your

software Can be specified by those who have clear understanding of

current technology, people, environment, market situation etc, that is specific to software that is to be built.• Generic Risks: They are potential threats to all software projects

Risk Identification:• One method is to create risk checklist:

• Product Size: Risk associated with overall size• Business Impact: Impact on market• Customer Characteristics: Customer interests, knowledge

and developers ability to communicate• Development Environment: Availability & quality of tools• Technology to be built: Overall complexity of a system• Staff size and experience: Experience and skills of team.

Risk Analysis or Projection:• Also called risk estimation or risk analysis• Attempt to specify each risk in two ways:

• Probability that risk is real• Consequences or Impact of risk Planners & technical staff perform risk projection in four steps:

1. Establish scale of risk2. Delineate the consequences of risk3. Estimate the impact on project4. Note overall accuracy of risk projection

Risk Analysis or Projection:•Delineate the consequences of risk

“Assign probability of to each risk according to the general possibility of occurrence”

For e.g.:Technology will not meet the requirement 30%Customer will change the requirements 70%

Risk Rank:•1. Establish scale of risk

Impact Values:4 ----- Catastrophic3 ----- Critical2 ----- Marginal1------ Negligible

R.E = Probability * Category

Risk Analysis or Projection:•3. Estimate the impact on project

RISK Category Probability Risk Exposure

Larger number of users then plan

Critical 30% 90

Delivery Deadline will be tighten

Marginal 70% 140

Lack of training on toll Catastrophic 30% 120

Staff inexperience Negligible 50% 50

Less reuse then plan Critical 40% 120

Risk Analysis or Projection:•Example:

Risk Identification:

For developing an application only 70% of application components was pre-built, 30 % of application is to be

built

Risk Probability: 80%

Risk Impact: 60 reusable components were plan, 18 components has to be

develop from scratch.

Risk Analysis or Projection:•Example:

The average component has 100 LOC Say engineering cost of per LOC = 9 $

The over all cost impact to develop the components will be:

Impact = 18 * 100 * 9 = 16,200 $

Risk Exposure = 0.8 * 16200 = ±12,960 $

Risk Mitigation, Monitoring & Management• The RMMM plan may be a part of the software development

plan or may be a separate document• Once RMMM has been documented and the project has begun,

the risk mitigation, and monitoring steps begin• Risk mitigation is a problem avoidance activity• Risk monitoring is a project tracking activity

• Risk monitoring has three objectives• To assess whether predicted risks do, in fact, occur• To ensure that risk aversion steps defined for the risk are being properly

applied• To collect information that can be used for future risk analysis

• The findings from risk monitoring may allow the project manager to ascertain what risks caused which problems throughout the project

THE END