1 / 55

Effective Risk Management Training in Software Development

This guide explores best practices and traps in risk management, with a focus on software development. It includes strategies, tools, and techniques for identifying, assessing, and mitigating risks in projects. Learn about tailoring risk management training for different team levels and addressing specific software risks. Gain insights on software risk taxonomy, handling strategies, and metrics. Understand the differences between commercial and government perspectives on risk management and how to tailor practices to program needs.

zion
Download Presentation

Effective Risk Management Training in Software Development

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Week 5 – Special Topics

  2. Risk Management Best Practices

  3. Traps, Alarms & Escapes • From Navy Best Practices • Traps - think have risks covered by following procedures • Alarms – assumptions that cause trouble • Consequences – if nothing is done

  4. Risk Checklist

  5. Risk Management Training

  6. Why RM Training is Needed • Weak backgrounds in risk management • Mistaken concepts • Assessment is RM – skip planning & monitoring • Mitigation is only handling strategy • All risk can be eliminated • Focus on performance, omit cost & schedule

  7. Tailoring RM Training • Adjust to different project team groups • Sr. management • Working level engineers • Address issues each group is likely to face • Address tailoring RM activities to meet program needs – not one-size fits all

  8. Software Risk Management

  9. SW Risk as a Special Case • Virtual • Can’t physically touch/feel to assess • History of latent defects • Many interfaces • Hardware-to-software • Operating system-to-operating code • Incompatible combinations • Update frequency • Multiple versions • Upward/downward compatibility

  10. Taxonomy of SW Risk

  11. Boehm’s Top 10 Software Risks

  12. Boehm’s Top 10 Software Risks

  13. Identification Strategies • Review Schedule & Networks • Review Cost Estimation Parameters • Perform Interviews • Revisit Lessons Learned • Develop a Risk taxonomy • Brainstorm and play “what if” • Re-sort the watch list (e.g., by source)

  14. Identification- Schedule Risks • Use the planning or baseline schedule • Evaluate the activity network view • Look for nodes with: • High fan-in (many activities terminate at a single node) • High fan-out (many activities emanate from a single node) • No predecessors

  15. ID- Cost Risk Drivers • Consider specific areas of concern that can lead to problems: • Personnel experience, availability • Requirement complexity, firmness • Scheduling and prediction of task and partition times • Hardware requirements, interfaces, constraints

  16. ISO Risk Probability Table

  17. ISO Risk Consequence Table

  18. ISO Risk Contour

  19. SW Risk Handling • Avoidance - de-scoping objectives • Assumption – latent defects • Control – user acceptance testing • Transfer – from software to firmware or hardware

  20. SW Metrics

  21. Commercial vs. DoD/NASA Perspective on Risk Management

  22. Commercial vs. Gov’t Perspective • Different market conditions • Different best practices • Different likelihoods for similar issues As always, tailor RM to program needs

  23. Market Differences • How is risk impacted?

  24. SW Development Best Practices • How is risk impacted?

  25. Risk Category Likelihood

  26. Overview of Risk Management Tools

  27. Cautions in Tool Selection • A good tool for one organization may not be a good match for another • Tailor RM to the program needs • The tool should never dictate the process • Define process, then choose compatible tool • Be compatible with program culture

  28. Effective Use of a Tool • RM is more than using a RM tool • Tool must efficiently & effectively integrate into program • Resources required • Level of detail, complexity • Focus of tool – e.g., program phase

  29. RM Data Base Considerations • Provide sufficient configuration control • Accessible to all team members • Ability to accept anonymous comments • Support program needs • Reporting • Monitoring • Captures lessons learned • Fulfills contractual requirements • Balance costs/value

  30. Tools Comparison • @Risk & Crystal Ball – licensed software • Monte Carlo simulation add-in for Excel • Select desired distribution function & define parameters • Provide data and generate a plausible distribution function • Provides statistics and graphical output • User provides risk analysis structure

  31. Probability-Consequence Screening • Developed by the Air Force • Risk events assigned a probability & consequence for performance, schedule & cost • Position in consequence screening matrix determines risk score • User assigns Hi, Med, Low ranges • Generates reports and graphical output • www.pmcop.dau.mil

  32. Probability-Consequence Screening

  33. Probability-Consequence Screening

  34. Risk Matrix • Excel – based model • Collects inputs in watch list format • Uses best practices (ordinal) breakout for probability & consequence • Orders events by Borda rank & assigns risk level • Generates action plan reports and graphical output • www.mitre.org

  35. Risk Matrix

  36. Risk Matrix

  37. Risk Radar • Access – based, licensed software • Can establish standard values for risk categorization • Manual or automatic risk prioritization • Complies with ISO, SEI CMMI & Government standards • Generates detailed, summary & metrics reports • Demo available: www.iceincusa.com/products_tools.htm

  38. Risk Radar

  39. Risk Radar

  40. Risk Radar

  41. TRIMS Technical Risk ID & Mitigation • Knowledge-based system • Utilizes SEI & Navy Best Practices to collect data on past experiences • Measures technical risk rather than cost & schedule • Most applicable to design efforts • Can tailor categories, templates & questions • Generates status, next action & overdue action reports • www.bmpcoe.org

  42. TRIMS Technical Risk ID & Mitigation

  43. TRIMS Technical Risk ID & Mitigation

More Related