1 / 29

Risk Management

Risk Management. F29SO1 Software Engineering. Monica Farrow EM G30 monica@macs.hw.ac.uk www.vision.hw.ac.uk. Risk Management. Risk concerns future happenings For today and yesterday, we are reaping what we sowed by our past actions/inactions

wood
Download Presentation

Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Risk Management F29SO1 Software Engineering Monica Farrow EM G30 monica@macs.hw.ac.uk www.vision.hw.ac.uk SO Risk Management

  2. Risk Management • Risk concerns future happenings • For today and yesterday, we are reaping what we sowed by our past actions/inactions • Can we change today to make things better in the future? • Change minds, opinions, actions, etc. • Risk involves choice and uncertainty • Risk is inevitable Robert Charrette, 1989 SO Risk Management

  3. Reactive vs. Proactive • Reactive risk strategies seem to be the norm – fire-fighting mode • “I’ll deal with it when it happens, if it happens” • Indiana Jones School of Risk Management • “Don’t worry, I’ll think of something” • Proactive risk strategies accept uncertainty • identify it • assess probability and impact • deal with it SO Risk Management

  4. Attack Risks “If you don’t actively attack the risks, they will actively attack you” Tom Gilb SO Risk Management

  5. Consequences of Risk • missed time, cost & quality targets • liability and legal claims • upset customers (loss of reputation and market) • health & safety problems • knock on effects • on reputation and so on future custom SO Risk Management

  6. Risk management • Risk management is concerned with identifying risks and drawing up plans to minimise their effect on a project. • A risk is a probability that some adverse circumstance will occur • Project risks affect schedule or resources; • Product risks affect the quality or performance of the software being developed; • Business risks affect the organisation developing or procuring the software. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 5 Slide 24 SO Risk Management

  7. Software risks (i) Sommerville SO Risk Management

  8. Software risks (ii) Sommerville SO Risk Management

  9. The risk management process • Risk identification • Identify project, product and business risks; • Risk analysis • Assess the likelihood and consequences of these risks; • Risk planning • Draw up plans to avoid or minimise the effects of the risk; • Risk monitoring • Monitor the risks throughout the project; ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 5 Slide 26 SO Risk Management

  10. The risk management process ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 5 Slide 27 SO Risk Management

  11. Risk identification Sommerville • Technology risks. • People risks. • Organisational risks. • Tools risks. • Requirements risks. • Estimation risks. SO Risk Management

  12. Risks and risk types Sommerville SO Risk Management

  13. Risk analysis Sommerville • Assess probability and seriousness of each risk. • Probability may be very low, low, moderate, high or very high. • Risk effects might be catastrophic, serious, tolerable or insignificant. SO Risk Management

  14. Low Low Medium Medium High High Risk Map Eliminate PROBABILITY Mitigate Recognise IMPACT SO Risk Management

  15. Risk analysis (i) Sommerville SO Risk Management

  16. Risk analysis (ii) Sommerville SO Risk Management

  17. Assessing Overall Project Risk Pressman • Have top software and customer managers formally committed to support the project? • Are end-users enthusiastically committed to the project and the system to be built? • Are requirements fully understood by the SE team and its customers? • Have customers been involved fully in the definition of requirements? • Do end users have realistic expectations? SO Risk Management

  18. Assessing Overall Project Risk Pressman • Is the project scope stable? • Does the SE team have the right mix of skills? • Are the project requirements stable? • Does the project team have experience with the technology to be implemented? • Is the number of people on the project team adequate for the job? • Does the customer agree on the importance of the project and on the requirements for the system to be built? SO Risk Management

  19. Risk planning Sommerville • Consider each risk and develop a strategy to manage that risk. • Avoidance strategies • The probability that the risk will arise is reduced; • Minimisation strategies • The impact of the risk on the project or product will be reduced; • Contingency plans • If the risk arises, contingency plans are plans to deal with that risk; SO Risk Management

  20. Risk management strategies (1) Sommerville SO Risk Management

  21. Risk management strategies (2) Sommerville SO Risk Management

  22. Risk monitoring Sommerville • Assess each identified risks regularly to decide whether or not it is becoming less or more probable. • Also assess whether the effects of the risk have changed. • Each key risk should be discussed at management progress meetings. SO Risk Management

  23. Risk indicators Sommerville SO Risk Management

  24. Example Pressman • Consider that staff turnover is a high risk • Impact is serious on cost and schedule • The risk strategy must consider three issues: • Risk Avoidance • Risk Monitoring • Risk Management and contingency planning SO Risk Management

  25. Avoidance Pressman • Meet with current staff to determine causes for turnover (e.g. conditions, pay, competition) • Mitigate causes under our control before the project starts SO Risk Management

  26. Avoidance (cont) Pressman • Once started, assume turnover will occur and develop techniques to ensure continuity when people leave • Organise teams so that information about each activity is widely dispersed (XP?) • Define documentation standards and establish mechanisms to ensure timely writing of documents • Peer review all work to ensure no specialist corner • Assign backup staff for every critical engineer SO Risk Management

  27. Monitoring Pressman • As the project proceeds, monitor factors which may provide an indication of risk • General attitude of staff based on project pressures • The degree to which the team has jelled • Interpersonal relationships • Potential problems with compensation and benefits • The availability of jobs elsewhere (inside or outside the company) • Monitor mitigation techniques • Backup, documentation, etc SO Risk Management

  28. Management Pressman • Contingency planning assume that the mitigation efforts will fail • A number of staff announce they are leaving • If the mitigation strategy has been followed • Back-up is available • Information has been documented • Knowledge is dispersed across the team SO Risk Management

  29. RMMM Pressman • Risk Mitigation, Monitoring, and Management (RMMM) is an additional cost to the project • Evaluate cost of RMMM steps against benefits • Note probability of risk vs. impact • If aversion cost is greater than estimated risk, ignore the risk • 80:20 rule – 80% of overall risk can be accounted for by 20% of the identified risks SO Risk Management

More Related