Software Risk Management

Software Risk Management

By:Gunjan PatelMedical Software081001038

“If You Don’t Actively Attack the Risks,

………without risks there is no reward

The Risks Will Actively Attack You.”-Tom Gilb

Outline

Definitions and PrinciplesRisk Assessment and ControlMethodological Dimension Recommended Implementation

ApproachReferences

Define

Risk Any anticipated unfavorable event or

circumstances that occur while the project is underway.

If the risk become true• It can hamper the successful and timely

completion of a project.

Therefore, it is necessary to anticipate and identify different risks.

Risk management Reducing the impact of all kinds of risks that

might affect a project.

Importance of Software Risk

Addresses Complex Software Systems

Focuses Projects on Critical Risk Items

Provides Techniques for Handling Risk Items

Reduces Software Costs by Reducing Rework

Usually 40-50% of software costs Making informed decisions involves the

evaluation of risk improvement Costs, benefits, and risks The evaluation of the impact of current decisions

on future options

Risks within a system Context

This process of risk management embodies

Process of Risk Management

This process of risk management embodies the identification, analysis, planning, tracking, controlling, and communication of risk.

A continuous set of activities to identify, confront, and resolve technical risk

Risk Assessment and Control

Risk assessment

The objectives of risk assessment is to rank the risks in terms of their damage causing potential.

For risk assessment, each risk should first be rated in two ways:

• The likelihood of a risk coming true (r)

• The severity of damage caused due to the risk (s)

• Based on these factors

– The priority of each risk can be computed as

– p = r ٭ s

Risk identification

The project manager needs to anticipate the risks in the project as early as possible so that the impact of the risk can be minimized by making effective risk management plans.

In order to be able to systematically identify the important risks, it is necessary to categorize risks into different classes.

Main categories of risks• Project risks• Technical risks• Business risks

Main categories of risks

Project risks• Concern various forms of

– Budgetary, Schedule, Personnel, Resource and Customer-Related Problems.

– e.g. schedule slippage» Software is intangible, it is very difficult to monitor and control

software projects.

Technical risks• Concern

– Potential design, implementation, interfacing, testing, and maintenance problems.

– E.g. incomplete specification, changing specification, etc.

Business risks• Includes

– An excellent product that no one wants, losing budgetary, etc.

Risk Containment

After all the identified risks are assessed, plans must be made to control the most damaging and the most likely risks.

Techniques for Handling Risks

Strategies used for risk containment:

• Avoid the risk– Discuss with customer

to reduce the scope of the work

– Giving incentives to engineers to avoid the risk of manpower turnover, etc.

• Transfer the risk– Getting the risky

components developed by a third party

– Buying insurance cover, etc.

• Risk reduction– Planning ways to

control the damage due to a risk

– If there is risk that some key personnel might leave, new recruitment may be planned.

To choose between the different strategies of handling a risk, the project manager must consider the cost of handling the risk and the corresponding reduction in risk.

Risk leverage =

Risk exposure before reduction – risk exposure after reduction

Risk reduction of cost

Methodological Dimension

Design to Improve overall software development process to integrate knowledge into the software acquisition process that enable manageress to make timely decision.

Samples of questions for methodological

I know that improving the process will improve my software. How do I choose the improvement method that will have the most effect for my current state? How do I secure against major disasters? What cost

will I face?

Software Risk management Methodology

Framework for Software Risk management 1. Software Risk Evaluation (SRE)2. Continuous Risk Management (CRM)3. Team Risk Management (TRM)

Developed software risk methodologies1. Risk prevention 2. Risk mitigation and correction3. Ensuring safe system failure

SRM methodological addresses the two functions of software acquisition and development. The functions are managed is composed Software Acquisition-Capability Maturity Model

• Determine current process maturity identify few critical issues critical to software quality & process improvement

• Framework used Quality principles have been design by Quality management Team

– Developed the direction Watts Humphrey at IBM

Software - Capability Maturity Model• The key process areas define requirements that must

be satisfied in order to accomplish that level of development

Methodological Framework for SRM

Seven risk management principles

Shared product vision• Sharing product vision based upon common purpose, shared ownership, and collective commitment

• Focusing on results

Teamwork• Working Cooperatively To Achieve A Common Goal• Pooling Talent, Skills, And Knowledge

Forward-looking view• Thinking Toward Tomorrow, Identifying Uncertainties,

Anticipating Potential Outcomes• Managing Project Resources And Activities While Anticipating Uncertainties

Global perspective Viewing software development within the context of the

larger system (3D) Definition, Design, and Development

Open communication Encouraging the free flow of information between all

levels Bringing unique knowledge to identifying and managing

risk Integrated management

Making risk management an integral part of project management

Adapting risk management methods and tools to a project’s infrastructure and culture

Continuous process Maintaining constant vigilance Identifying and managing risks routinely throughout all

phases of the project’s life cycle

Software Risk Management Methodologies

Basic Constructs to Risk Management 1. Risk Management Paradigm-Boehmís

2.Risk Taxonomy Follow life cycle of software develop and provides framework

for organizing data and info

30% 33% 37%

Taxonomy of Software Risks: Overview

3. Risk Clinic Workshop that takes the CRM and TRM and

adapts in integrates it with a client’s communication channels, infrastructure, existing practices, project management, risk management (if any), and technical problem management

Software Risk Evaluation (SRE)

Software Risk Evaluation (SRE) Practice model

Team Risk Management (TRM)

Initiate:• Recognize the needs• Commit to create the

team culture

Team:• Based on risks,

priorities, metrics & action plans

Team Activity

Continuous Risk Management

CORE

Sust

aini

ngDefining

CRM is a principle-based practice for managing project risks and opportunities throughout the lifetime of the project.

When followed, these principles provide an effective approach to managing risk regardless of the specific methods and tools used.

2 are composed of three groups: core, sustaining, and defining.

Software Acquisition-Capability Maturity Model (SA-CMMSM)

References:

Crosby, P.B. Quality Is Free. New York: McGraw-Hill, 1979.

www.sei.cmu.eduwww.baz.comwww.google.com

Queries… ???

Thank You……..

Kind Attention !!!