Computer Engineering 203 R Smith Risk Management 7/2009 1 Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks leads crisis management or firefighting The lure of crisis management – Attention and visibility – Access to resources – Rewards
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Computer Engineering 203 R Smith Risk Management 7/20091
Risk Management
The future can never be predicted with 100% accuracy.
Failure to plan for risks leads crisis management or firefighting
The lure of crisis management– Attention and visibility– Access to resources– Rewards
Computer Engineering 203 R Smith Risk Management 7/20092
What is a Risk?
Risk is a measure of the probability and consequence of not achieving a defined project goal.
A probability of occurrence of that event. Impact of the event occurring Risks change though out the life of a project
Computer Engineering 203 R Smith Risk Management 7/20093
Risk Management
Risk management is the act or practice of dealing with risk.
Risk management is proactive rather than reactive.
Risk management is not a separate activity but rather on aspect of sound project management.
Computer Engineering 203 R Smith Risk Management 7/20094
Common Mistakes in Risk Management
Not understanding the benefits of Risk Management
Not providing adequate time or resources for Risk Management
Not identifying and assessing risk using a standardized approach
Computer Engineering 203 R Smith Risk Management 7/20095
Requirements for successful risk management
Commitment by stakeholders Stakeholder responsibility Planning for risk management Creation of a risk management plan Committing resources to risk management Top 10 risk list
– Determine a manageable number of risks
Computer Engineering 203 R Smith Risk Management 7/20096
Resources for Risk Management
When looking at the resources to commit to risk management, one needs to consider the overall project size and the impacts of the risks.
The Survival Guide recommends about 5% of the total project resources on specific risk management activities.
Computer Engineering 203 R Smith Risk Management 7/20097
Risk Management Planning
Risk management planning is a on going process.
Develop a plan for risk identification. Determine the resources available for risks.
– What is available beyond the ordinary?– This is a good time for out of the box thinking
Computer Engineering 203 R Smith Risk Management 7/20098
Simplified Risk Management Process
Risk identification Risk analysis/evaluation Risk planning strategies Risk monitoring and control Risk response
Computer Engineering 203 R Smith Risk Management 7/20099
Risk Identification
The need to proactively identify risks.– When an event happens it is too late to plan.
Tools for identifying risk– Brainstorming– Nominal Group Technique
Each member identifies their ideas Each member writes an idea on the board until all ideas
are listed
Computer Engineering 203 R Smith Risk Management 7/200910
Risk Identification
The group discusses each idea Each individual ranks each of the ideas The group then ranks all the ideas Each individual ranks all the ideas again Rankings are summarized
– Delphi technique Experts asked individually to provide input Input summarized and distributed Experts rank input
Computer Engineering 203 R Smith Risk Management 7/200911
Risk Identification
– Strength, Weakness, Opportunities, Threats– Cause and effect diagrams– Past Projects
Computer Engineering 203 R Smith Risk Management 7/200912
Possible Risks
Creeping user requirements Excessive schedule pressure Low quality Cost overruns Poor estimates Low customer satisfaction Long schedules
Computer Engineering 203 R Smith Risk Management 7/200913
Qualitative Risk Analysis
Probability and Impact– Impacts a Software Project Manager is most likely
to face: Costs Schedule Quality
– Probability is most often determined by expert opinion and historical data
Computer Engineering 203 R Smith Risk Management 7/200914
Qualitative Analysis
Cause and Effect Diagrams Risk Impact Tables
Computer Engineering 203 R Smith Risk Management 7/200915
Quantitative Risk Analysis
Discrete probability distributions– Coin toss
Continuous probability distributions– Normal distribution or bell shaped curve
Running simulations– Using PERT to study the impact.
PERT does identify risks it only helps understand the impact
Computer Engineering 203 R Smith Risk Management 7/200916
Risk Response Planning
Who is going to detect when the risk occurs? Who has the responsibility to respond and
communicate? What is the response?
Computer Engineering 203 R Smith Risk Management 7/200917
Risk Strategies
Factors impacting the strategy– Impact of the risk– Project constraints– Tolerances
Strategy– Accept or Ignore
Provide reserves
– Contingency plans Natural disaster/backup plans
Computer Engineering 203 R Smith Risk Management 7/200918
Risk Strategies
– Avoidance, eliminate the risk – Mitigate, lessen the impact of the risk
Performance impact, provide extra hardware
– Transfer the risk Offsite backup planning Server farms Outside management
Computer Engineering 203 R Smith Risk Management 7/200919
Risk Monitoring and Control
Risk monitoring– Determine who is responsible for monitoring– How are risks monitored?
Project tracking, resources, quality, etc
– Communicating the status of identified risks Reviews and Audits
Once a risk is identified as occurring – Communicate– Take action
Computer Engineering 203 R Smith Risk Management 7/200920
Risk Response and Evaluation
Trigger the defined risk response plan– Identify the risk owner– Assign resources– Understand the impacts
PERTs, Dependencies Communicate
Evaluate once action is taken– Is more action needed?– What additional risks are triggered?
Computer Engineering 203 R Smith Risk Management 7/200921
Common Software Project Risks
Discussion of common risks– Requirements:
Feature creep Developer gold plating
– Quality Low quality Squeeze on testing time
– Over optimism Schedules Tools
Computer Engineering 203 R Smith Risk Management 7/200922
Common Software Project Risks
– Resources Not enough Weak personnel Contractor issues