Page 1
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In DetailCopyright © 1995-2004, Dennis J. Frailey, All Rights Reserved Slide 1
CSE7315M26
January 10, 2004
SMU CSE 7315 / NTU SE 584-NPlanning and Managing a
Software Project
Module 26The Risk Management
Process, In Detail
Page 2
Slide # 2 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Objective of This Module• To discuss the details of the risk
management process
Page 3
Slide # 3 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
The Risk Management Process In Detail
• Risk Assessment – Risk Identification– Risk Analysis– Risk Prioritization– Risk Planning & Mitigation (contingency planning)
• Risk Control– Risk Monitoring– Risk Abatement
Page 4
Slide # 4 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk Assessment• Goal: understand what the risks are, what
they mean, and how best to manage them• Method: develop a risk management plan -- documents your risks -- documents your plans for managing them -- communicates responsibilities to all
affected parties• The plan must be updated as new risks are
identified• For each risk, the likelihood and impact
change over time
Page 5
Slide # 5 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
The Risk Management Process In Detail
• Risk Assessment – Risk Identification– Risk Analysis– Risk Prioritization– Risk Planning Mitigation (contingency planning)
• Risk Control– Risk Monitoring– Risk Abatement
Page 6
Slide # 6 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk IdentificationThe First Step of Risk Assessment• We have seen how all management
activities, especially planning activities, serve to identify risks
• And we discussed the value of a risk identification brainstorming meeting
• It helps if you know what to look for• Several authors have talked about risks
associated with software development
Page 7
Slide # 7 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm’s Top Ten Software Risks (and management techniques for mitigating
them)• This is Boehm’s list, based on
experience with many projects in the 1960-1980 time period
• Your project must define its own list• But this is a good place to start looking
Page 8
Slide # 8 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Possible Exam Question Consider a particular situation (provided with the exam). What risks
apply? (careful analysis shows that these three risks are of greatest concern . . .) List of Boehm’s top ten risks
Page 9
Slide # 9 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm 1: Personnel Shortfalls
Mitigation Techniques:• Use top talent• Use people who are well matched
to the problem (i.e., they know the application, tools, etc.)
• Pre-schedule the key people• Cross training -- so you don’t
depend on heroes• Team building
Page 10
Slide # 10 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm 2: Unrealistic Schedules and Budgets
Mitigation Techniques:• Good estimating techniques– Know before you commit
• Incremental development cycles• Detailed milestones within each phase– Spot trouble early– Provide evidence of progress
• Software reuse– Don’t build what was built before
• Requirements scrubbing– Don’t build what is not required
Page 11
Slide # 11 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm 3: Developing the Wrong Software Functions
Mitigation Techniques:• Mission analysis– Understand what is supposed to happen
• User surveys and communication– Know what the user needs and is expecting
• Prototyping– Try it out - a prototype is worth a million bytes
• Write end-user documentation early in the project and use as requirements documents
Page 12
Slide # 12 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm 4: Developing the Wrong User Interface
Mitigation Techniques:• Prototyping• Task analysis• Scenario models• etc,
Page 13
Slide # 13 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm 5: Gold PlatingMitigation Techniques:• Requirements scrubbing– Don’t build what is not required
• Cost-benefit analysis– Determine what counts the most
• Design-to-cost– Development costs include debugging, error
correction• Design to life-cycle-cost– Life cycle costs include maintenance,
debugging, etc.
Page 14
Slide # 14 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm 6: Continuing Stream of Requirements Changes
Mitigation Techniques:• Establish a high change threshold – Make it costly to make a change
• Information hiding– Minimize the impact of change
• Incremental development– Do the stable requirements first
• Establish bounds for requirements– Limit the scope of changes
• Monitor requirements stability and completion– Know the risk of proceeding
Page 15
Slide # 15 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Information Hiding• A programming technique whereby
information is made available only where it is required
• This minimizes the impact of change
Student Records
(details known only to access program)
AccessProgram
Student Data Base
Update ..
Display..
Examine..
Compute..
Page 16
Slide # 16 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Requirements Bounds
Device Fog
Requirement: “device must find target in fog of density TBD.”Bounded Requirement: “TBD will range from .02 to 1.7 densograms”
When you know therange of the “TBD”
requirement, you canmake many software
design decisions.
Target
Page 17
Slide # 17 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Requirements Stability Monitoring
Requirements Stability
020406080
100120140160
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
TotalTBDChanges
CDRPDR
Page 18
Slide # 18 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm 7: Shortfalls in Purchased
Software/HardwareMitigation Techniques:• Benchmarking– Learn what is the best
• Inspections– Make sure it is in good shape before you buy it
• Reference Checking– Are they able to do the work?– Do they deliver?
• Compatibility Analysis– Make sure it fits with your standards, tools,
documentation requirements, etc.
Page 19
Slide # 19 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm 8: Shortfalls in Externally-performed Tasks
Mitigation Techniques:• Subcontract management (a KPA for Level
2 in the SEI CMM)• Reference checking• Pre-award audits and capability
evaluations• Award fee contracts– Reward or bonus if satisfied
• Competitive design or prototyping• Team building– Make them want you to succeed
Page 20
Slide # 20 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm 9: Real-time Performance Shortfalls
Mitigation Techniques:• Simulation• Benchmarking• Modeling• Prototyping• Instrumentation• Tuning
Page 21
Slide # 21 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Boehm 10: Straining the Limits of Computer ScienceMitigation Techniques:• Technical analysis• Cost-benefit analysis• Prototyping• Reference Checking
Page 22
Slide # 22 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Possible Exam Question
List four of Boehm’s “top ten” risks. For each of the above, list three methods of risk
mitigation Explain each of the risks and each of the mitigation
techniques
Page 23
Slide # 23 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Possible Exam Question
Consider the risk mitigation technique of prototyping. Describe this technique, and list three risks that this technique helps to mitigate. For each explain how prototyping mitigates the risk.
Page 24
Slide # 24 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
The Risk Management Process In Detail
• Risk Assessment – Risk Identification– Risk Analysis– Risk Prioritization– Risk Planning & Mitigation (contingency planning)
• Risk Control– Risk Monitoring– Risk Abatement
Page 25
Slide # 25 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk Analysis & Prioritization
Which Risks are Most Important?• A popular method is to compute two
numbers for each risk:– How likely is it to happen (a probability from 0
to 1 or a ranking from low to high)– How much will it cost if it happens (dollars,
impact)• Then make a table showing risks,
likelihood, cost, and weighted cost (likelihood * cost)
Page 26
Slide # 26 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk Analysis TableRisk Likelihood Cost Weighted Cost
Building hit by plane 0% 50,000,000 50Sub-Contractor Failure 20% 250,000 50,000Late Hardware 75% 100,000 75,000Test Equipment Delay 30% 40,000 12,000Requirements Changes 99% 5,000 4,950Memory Size 50% 50,000 25,000
Page 27
Slide # 27 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Prioritized Risk Analysis TableRisk Likelihood Cost Weighted Cost
Late Hardware 75% 100,000 75,000Sub-Contractor Failure 20% 250,000 50,000Memory Size 50% 50,000 25,000Test Equipment Delay 30% 40,000 12,000Requirements Changes 99% 5,000 4,950Building hit by plane 0% 50,000,000 50
Page 28
Slide # 28 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Alternative Risk Analysis Table
Risk Likelihood I mpact WeightedLate Hardware 7 6 42Sub-Contractor Failure 2 7 14Memory Size 5 4 20Test Equipment Delay 3 3 9Requirements Changes 8 2 16Building hit by plane 1 9 9
Note that this method produced a different ordering, but the extreme cases came out in the same order.
Page 29
Slide # 29 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
WARNINGThis method of risk prioritization has
many risks itself!• Not all risks can be quantified in terms
of dollar impact• Estimates of impact and probability are
highly subjective• Impacts change over time -- must be
revisited• Risk mitigation techniques may have
risks of their own
Page 30
Slide # 30 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
The Risk Management Process In Detail
• Risk Assessment – Risk Identification– Risk Analysis– Risk Prioritization– Risk Planning & Mitigation (contingency planning)
• Risk Control– Risk Monitoring– Risk Abatement
Page 31
Slide # 31 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk Mitigation
Minimizing the Impact• Taking actions to reduce the likelihood
or net impact of a risk• We saw many such actions in reviewing
Boehm’s list of risks• Each potential action must be evaluated
in terms of its cost vs. the potential impact
Page 32
Slide # 32 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
This is the Step Where You Impact the Planning Process
Manage Risks
Definethe Approach
GenerateDetailed Plans
Understandthe Need
Execute and Monitor
Page 33
Slide # 33 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Mitigation ExampleRisk: Project delay or failure becausesubcontractor will fail to deliver Weighted Cost: $50,000 Mitigation Options:
•Do it in-house -- Costs $100,000 extra•Send staff to live with subcontractor -- $50,000•Monthly visits -- $12,000
Page 34
Slide # 34 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk Table After MitigationRisk Likelihood Cost Weighted Cost
Late Hardware 75% 100,000 75,000Memory Size 50% 50,000 25,000Sub-Contractor Failure 5% 250,000 12,500+12,000Test Equipment Delay 30% 40,000 12,000Requirements Changes 99% 5,000 4,950Building hit by plane 0.0001% 50,000,000 50
Page 35
Slide # 35 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk Plan May Include Tables of Mitigation, Contingency,
etc.Methods
Risks
Memory Size
Benchmark
ExtraHardware
Backup
etc.Prototype
SubcontractorDelayed
Late Test Equip.
etc.
Late Hardware X
X
X
X
X
X
Page 36
Slide # 36 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
The Risk Management Process In Detail
• Risk Assessment – Risk Identification– Risk Analysis– Risk Prioritization– Risk Planning & Mitigation (contingency planning)
• Risk Control– Risk Monitoring– Risk Abatement
Page 37
Slide # 37 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk Control• Monitoring– Watch what is happening– Watch for signs of danger
• Risk Abatement– Applying contingency plans– Minimizing impact
Page 38
Slide # 38 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk MonitoringMethods of monitoring:• Reviews - periodic status reports– Must be honest reviews, not “dog and pony
shows”• Metrics - data to compare actuals with
plans and past performanceWhat to monitor:• All high priority risk items• Consider cost of monitoring - only
monitor what is worthwhile
Page 39
Slide # 39 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
How Often to Monitor• It depends on priority - you must
plan. For example:– Critical items daily or weekly– Normal items weekly or monthly– Minor items quarterly
• Monitoring too often costs money and slows down the process
Page 40
Slide # 40 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Watch Known Danger Points
• Monitor status at key milestones or progress points– Are we where we should be by
now?
We always have a flurry of changes prior to CDR
Page 41
Slide # 41 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Don’t Monitor Too Often or in Too Much Detail
• Too often– De-motivates people– Costs a lot – Robs resources from productive activities
• Too much detail (overly precise)– Costs a lot– Does not give significant additional information– May generate a lot of misleading numbers
Late by 2.7321 weeks is not much different from late by 3 weeks
Page 42
Slide # 42 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Things to Watch Out For - IHiding the facts to save face– The purpose of monitoring is to manage
properly, not to find fault with individuals– Individuals must trust that you will use the
metrics properly to fix the process, not to punish the messengers
– One solution is self-measurement -- have the individuals measure and monitor themselves without communicating higher except on an aggregate scale or with big problems that they cannot handle
Page 43
Slide # 43 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Things to Watch Out For - IIHiding the facts to save the project–Egos and jobs of technical staff vs.
judgment of management vs. pocketbook of sponsor–This can get very political and very
complex
Page 44
Slide # 44 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Things to Watch Out For - IIIFailure to get the data because of
fear, overconfidence, or other psychological factors–Be careful of human nature–Focus on teaming, responsibility, and
professional behavior
Page 45
Slide # 45 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Things to Watch Out For - IVFailing to get the data because of
high overhead– Automate collection– Consider using a separate metrics
collection/analysis staff to minimize impact on development staff • but not if it destroys teamwork
Page 46
Slide # 46 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Things to Watch Out For - VMisinterpretation of data–Any number can be interpreted in
many ways• The “three ways to get it wrong” rule
–Be prepared to ask lots of questions–Define standard measures and
methods of graphing data to minimize unintentional misinterpretation–Educate everyone in statistics
Page 47
Slide # 47 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Things to Watch Out For - VI
Failure to trust past performance–Your “track record” is your most
reliable indicator
Page 48
Slide # 48 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
The Learning ProcessInformation is Communicated
Information isReceived
Information isAnalyzedAction
Each step offers many opportunities for error
Page 49
Slide # 49 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Example of MisinterpretationProductivity is
Low
Not EnoughWork Being
Done
Not WorkingHard Enough
MoreOvertime
Perhaps the Real Problem is Too Much Overtime Already
Page 50
Slide # 50 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Rate ChartActual vs. Plan
• A Rate Chart shows actual vs. planned progress for some artifact being produced– Coded units– Tested units– Inspected units– Specifications – Requirements defined– Requirements tested– etc.– etc.
• It works for anything that has discrete, measurable units
Units Tested
01020304050607080
1 2 3 4 5 6 7 8 9 10 11
PlanActualHistory
Page 51
Slide # 51 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Testing Rate Chart
Units Tested
01020304050607080
1 2 3 4 5 6 7 8 9 10 11
PlanHistory
Page 52
Slide # 52 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Testing Rate Chart
Units Tested
01020304050607080
1 2 3 4 5 6 7 8 9 10 11
PlanActualHistory
Page 53
Slide # 53 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Testing Rate Chart
Units Tested
01020304050607080
1 2 3 4 5 6 7 8 9 10 11
PlanActualHistoryProjected
Page 54
Slide # 54 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Testing Rate Chart
Units Tested
01020304050607080
1 2 3 4 5 6 7 8 9 10 11
PlanActualHistoryProjectedLikely
Page 55
Slide # 55 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Another Rate Chart
0
5
10
15
20
25
30
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Historical AveragePlanActualProjected
Page 56
Slide # 56 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
The Risk Management Process In Detail
• Risk Assessment – Risk Identification– Risk Analysis– Risk Prioritization– Risk Planning & Mitigation (contingency planning)
• Risk Control– Risk Monitoring– Risk Abatement
Page 57
Slide # 57 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk Abatement• Establish thresholds so you know when to
act– Beware of the “frog in the water” problem
– Historical experience is a good basis to judge when things are getting out of hand
Page 58
Slide # 58 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk Abatement (continued)
• Act promptly when necessary– Establish action plans before they are
needed – Learn the plan (fire drills) -- there may
be no time in an emergency• Use backup plans if needed– Develop them during the planning phase– Practice them too!
Page 59
Slide # 59 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Risk Abatement (continued)
• Let the team participate in the planning–Their cooperation is necessary for
success–Their ownership of the plan will
improve chances of cooperation
Page 60
Slide # 60 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Summary of Module1) Risk Assessment – Done as part of project planning– Continues throughout the project– Includes planning for risk control
2) Risk Control – Done as part of project execution– You must respond promptly when
monitoring indicates a problemA risk management plan is an
important part of planning
Page 61
Slide # 61 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
Possible Exam Questions Explain the difference between risk mitigation and risk abatement (risk
contingency) Explain why a risk management plan should be documented Explain why a risk management plan should be periodically revisited Explain why one would go to all the trouble to write a risk management plan
when it tells your manager and your customer that you have a risky project
Page 62
Slide # 62 January 10, 2004
CSE 7315 - SW Project Management / Module 26 - Risk Management Process, In
DetailCopyright © 1995-2004, Dennis J. Frailey,
All Rights ReservedCSE7315M26
END OFMODULE 26