SENG 380:Software Process and

Slides:



Advertisements
Similar presentations
PROJECT RISK MANAGEMENT
Advertisements

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
Project Management.
Risk Analysis & Management. Phases Initial Risk Assessment Risk Analysis Risk Management and Mitigation.
Risks  All projects have some degree of risk  Risks are issues that can cause problems  Delay in schedule  Increased project costs  Technical risk.
Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.
Project Risk Management
Project Risk Management
1 SOFTWARE PRODUCTION. 2 DEVELOPMENT Product Creation Means: Methods & Heuristics Measure of Success: Quality f(Fitness of Use) MANAGEMENT Efficient &
Managing Project Risk.
8 Managing Risk Teaching Strategies
PRM 702 Project Risk Management Lecture #28
Software Project Management Lecture # 8. Outline Chapter 25 – Risk Management  What is Risk Management  Risk Management Strategies  Software Risks.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Chapter 11: Project Risk Management
Chapter 10 Contemporary Project Management Kloppenborg
Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.
Software Engineering Process - II 3.1 Unit 3: Risk Management Software Engineering Process - II.
© 2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Chapter 7: Risk Management Project Management Afnan Albahli.
Risk Management Project Management Digital Media Department Unit Credit Value : 4 Essential Learning time : 120 hours.
Quick Recap Monitoring and Controlling. Phases of Quality Assurance Acceptance sampling Process control Continuous improvement Inspection before/after.
Chapter 11: Project Risk Management
1 Chapter 5 Project management. 2 Project management : Is Organizing, planning and scheduling software projects.
Management & Development of Complex Projects Course Code MS Project Management Risk Management Framework Lecture # 22.
Chapter 12 Project Risk Management
© The McGraw-Hill Companies, Software Project Management 4th Edition Risk management Chapter 7.
Object-Oriented Software Engineering
Engin Ali ARTAN Industrial Engineering
Ch 10 - Risk Management Learning Objectives You should be able to: List and describe risk management processes, inputs, outputs, and tools List and describe.
STEP 4 Manage Delivery. Role of Project Manager At this stage, you as a project manager should clearly understand why you are doing this project. Also.
Risk Management How To Develop a Risk Response Plan alphaPM Inc.
Project Risk Management Planning Stage
Software Project Management Lecture 5 Software Project Risk Management.
Information Technology Project Management Managing IT Project Risk.
Introduction to Project Management Chapter 9 Managing Project Risk
University of Sunderland CIFM02 Unit 5 COMM02 Project Hazard Management and Contingency Planning Unit 5.
Project Risk Management Sections of this presentation were adapted from A Guide to the Project Management Body of Knowledge 3 rd Edition, Project Management.
1 Project Management C53PM Session 4 Russell Taylor Staff Work-base – 1 st Floor
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
Project management. Software project management ■It is the discipline of planning, organizing and managing resources to bring about the successful completion.
Managing Project Risk – A simplified approach Presented by : Damian Leonard.
Outline Risk Identifying risks to your project Change Managing change for your project.
Project management Chapter 5. Objectives To explain the main tasks undertaken by project managers To introduce software project management and to describe.
 Define and recognize risk  Define the contents of a risk management plan  Conduct a risk identification and prioritization process  Define.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 5 Slide 1 Project management.
COMP201 Project Management.
Ranjan kumar Assistant Manager CCL,Ranchi
Software Project Management 4th Edition
Monitoring and Evaluation Systems for NARS organizations in Papua New Guinea Day 4. Session 12. Risk Management.
Project Based Risk Management Defusing a potential ticking time bomb
8 Managing Risk (Premium).
Project management.
Chapter 11: Project Risk Management
Risk Analysis.
Activity Planning.
Project Risk Management
ITPD ISSUE MANAGEMENT PROCESS SEPTEMBER 5, 2008
RISK ASSESSMENT TOOL PREVIEW
Risk Register I want to plan a project
The Importance of Project Risk Management
Software Project Management (SPM)
Assessing Risk Impact Factors affecting the consequences Nature Scope
Risk Adjusted Project Schedules
Mumtaz Ali Rajput +92 – SOFTWARE PROJECTMANAGMENT Mumtaz Ali Rajput +92 –
Chapter#8:Project Risk Management Planning
Project Risk Management
Risk Management.
Chapter#8:Project Risk Management Planning
A New Concept for Laboratory Quality Management Systems
Presentation transcript:

SENG 380:Software Process and Management Project Risk Management Part1 1

Risk Definition PM-BOK: It is a project management standard. • It is a project management standard. Published by the project management institute • in the USA. • Stands for Project Management Body of Knowledge. Definition of Risk: ‘an uncertain event or condition that, • if it occurs has a objectives’. positive or negative effect on a project’s 2

Risk Definition (cont’d) PRINCE2: • It is a UK government-sponsored project management standard. It stands PRojects IN Controlled Environments. • • Risk definition: ‘the chance of exposure to the adverse consequences of future events’. 3

The future is uncertain. Risk Key Elements relates to the future. The future is uncertain. • It – – Some things that seem obvious when the project is over, might not have appeared obvious during planning (e.g. technology used, project estimation). • It – involves a cause and an effect. Causes: • The use of untrained staff. Poor specifications. An inaccurate estimate of effort. – Effects: • Cost over run. Low productivity. 4

Exercise a) Staff inexperience. Users uncertain of their requirements. Match the following risk causes to the risk effects. Causes: a) b) c) d) Staff inexperience. Lack of top management commitment. New technology. Users uncertain of their requirements. Effects: I. Testing takes longer than planned. II. Planned effort and time for activities exceeded. III. Project scope increases. IV. Time delays in getting changes to plans agreed. 5

Boundaries of Risk Management Every plan is based on ● assumptions and risk management tries to plan for and control the situations where those assumptions become incorrect. Risk planning is carried at steps: 3 & 6. out ● 6

Risk Categories • Project Risks: are risks that could prevent the achievement of the objectives given to the project manager and the project team. • These objectives are formulated success. Project success factors: toward achieving project • – On time. Within budget. Required functionality. Quality. – – – • Project risks can be classified under these four categories. 7

Risk Categories (cont’d) A different way to categorize risks: • A sociotechnical model proposed by Kalle Lyytinen and his colleagues [1]. The Lyytinen-Mathiassen-Ropponen risk Framework [1] 'A framework for risk management' journal of information technology,11(4) 8

Technology: encompasses both the technology: Risk Categories (cont’d) Actors : refers to all people involved in the development the application. Risk: • of • A high staff turnover, leads to expertise of value project being lost. Technology: encompasses both the technology: • to the • – Used to implement the application and That embedded in the delivered products. – • Risk: – Relating to the appropriateness of the technology and The possible faults in it. 9 –

Risk Categories (cont’d) Structure: describes the management structures and systems, including those affecting planning and control. Risk: • • • Responsibility for managing the users involvement at implementation stage might not be clearly allocated. the • Tasks: relates to the work planned. Risk: • • The complexity of work might lead to delays because of the additional time required integrate the large number of components. 10

All boxes are interlinked. Why? Risks often arise from the relationships between factors. Example: between technology and people:If the development technology is novel, and the developers are not experience in its use this could lead to delay of the results. What is a Novel SW in this case? ● ● ● ●

Risk Framework Planning for risk includes these steps: 1. Risk 2. 3. 4. Risk identification. analysis and prioritization. planning. monitoring. • When risks are identified, plans can remove their effects. The plans are reassessed to ensure: be made to reduce or • – That the original risks are reduced sufficiently and No new risks are inadvertently introduced. – 12

Risk Identification The two main approaches to identify risk are: – The use of checklists. Brainstorming. – Checklists: are lists of the risks that have been found to occur regularly in software development projects. • Those checklists often suggest some potential countermeasures for each risk. A group of representatives for a project examines identifying risks applicable to their project. • a checklist • PRINCE2, recommends that after completing a project, all the problems that were identified as risks during the project to be added to an organizational risk checklist to be used with new projects. 13

Software Project Risk Checklist Example 14

Risk Identification (cont’d) Brainstorming (thinking ahead): Representatives of the main stakeholders of the project, are brought together , in order to use their individual knowledge of different parts of ➔ the project to identify the problems that can occur (identify risks). 15

(Risk analysis and prioritization) Risk Assessment (Risk analysis and prioritization) In order to prioritize the risks that were identified, we need way to distinguish: a • The likely and damaging risks from those identified in previous step “risk identification”. One way of doing so is to calculate the risk exposure for the each risk identified, using the following formula: Risk Exposure (RE)= (potential damage) occurrence) ×(probability of 16

Risk Assessment (cont’d) Ways of assessing the potential damage and probability of occurrence: In money values and probabilities. 1. Say a project depended on a data center vulnerable to fire. It might be estimated that if fire occurred a new computer configuration could be established for $500,000. estimated that there is a 1 in 1000 chance that a it might also be fire will occur. The risk exposure (RE) in this case would be: 500,000 *0.001=$500 *The higher the RE, the more attention or priority is given to the risk 17

Example (True or False): A risk that has a potential damage of $40,000 and a probability of occurrence of 12%will be given a higher priority than a risk having a potential damage of $35,000 and a likelihood of 14%. False Risk Exposure= potential damage * probability of occurrence (likelihood) Exposure for risk1= 40,000 *0.12=$4800 Exposure for risk1= 35,000 *0.14= $4900 this risk exposure is higher so it will be given more priority.

A project leader may produce a probability chart for the tasks. With some risks: Instead of damages, ● ● There could be gains. Example: a task that is scheduled to take six days is completed in 3 days instead. ● ● A project leader may produce a probability chart for the tasks. Probability Chart The probability completion: shows the probability of completing the task in x days. The accumulated probability: shows the probability of completing the task on or before the xth day. ● ●

Risk Assessment (cont’d) 2. Relative scales from 0 to 10. • Both risk loss (damage) and the likelihood (probability of occurrence) will be assessed using relative scales from 0 to risk 10. • Then they will be multiplied together to get a notional exposure (RE). Risk in the (RE) table refers to the Risk Exposure 20

Risk Assessment (cont’d) 3. Qualitative descriptors. Another approach is to use qualitative descriptions of the possible impact and the likelihood of each risk. Qualitative descriptors for the “risk probability range values. ” and associated 21

Risk Assessment (cont’d) Qualitative descriptors of “impact on cost” and associated range values. 22

Risk Assessment (cont’d) Consider R5, which refers to that coding the module would take longer than planned. This risk has an impact on what? • – Time (the planned completion date) and cost. • What could be a response to such risk? – Option: Add software developers and split the remaining work between them. • This may increase the cost but will save the planned completion date. – Option: reduce time spent on software testing. • This will save both duration and staff costs but the price could be decreased quality in the project deliverable. 23

Risk Assessment (cont’d) • The risk exposure cannot be calculated by multiplying the two factors when you are using qualitative descriptors. • The risk exposure instead is indicated by the position of the risk in a matrix. The matrices used are called probability impact grids or • summary risk profiles. • Part of the matrix (some of the cells) is zoned off by a tolerance line. Risks appearing in that zone are given more attention than • other risks (higher degree of seriousness). 24

Risk Assessment (cont’d) Probability Impact Grid 25

Risk Assessment (cont’d) There is a need to reassess risk exposure as the project proceeds. This mean that some risks could only apply at certain stages. Example: Risk: the key users might not be available when needed to supply details for their requirements. ● ● ● Once the requirement gathering is done. ● – The risk is no longer significant.

Risk Planning After: The task becomes “how to deal with them”. • After: – The major risks are identified and Prioritized. – • The task becomes “how to deal with them”. • The choices for dealing with them are: – Risk acceptance. Risk avoidance. Risk reduction and mitigation. Risk transfer. – – – 27

Risk Planning (cont’d) • Risk Acceptance: – This is deciding to do nothing about the risk. This means you – will accept its consequences. Why? In order to concentrate on the more likely or damaging risks. The damage that those risks could cause would be less – than the costs needed to act probability of occurrence. towards reducing their 28

Risk Planning (cont’d) • Risk Avoidance: – Some activities are so prone to accident that avoid them altogether. it is best to – Example to avoid all the problems associated with developing software solutions could be to: from scratch, a solution • Buy an off-the-shelf product. 29

Risk Planning (cont’d) Risk Reduction and Mitigation: • Risk Reduction and Mitigation: – Risk Reduction: attempts to reduce the likelihood risk occurring. of the e.g. consider the following risk: developers leaving a company in the middle of a project for a better paid job. In order to reduce the probability of such a risk occurring: the developers could be promised to be paid generous bonuses on successful completion of the project. 30

Risk Planning (cont’d) – Risk Mitigation: is the action taken to ensure impact of the risk is reduced when it occurs. that the Taking regular backups of data storage, is it a risk mitigation measure or a risk reduction measure? Since it would reduce the impact of data corruption not its likelihood of happening, in this sense it is a data mitigation measure. 31

Risk Planning (cont’d) • Risk Transfer: – In this case the risk is transferred to another organization. person or – Example: a software development task is outsourced for fixed fee. a – Another example car). is when you buy insurance( e.g. for a 32

Risk Management Contingency Plans: • Although risk reduction measures try to reduce the probability or the likelihood of risks, they still could happen. • Contingency plan is a planned action to be carried out if a risk materializes (occurs). 33

Risk Management (cont’d) Example: Staff absence through illness. Consider the following risk: • Staff absence through illness. One risk reduction measure taken: • Employers will encourage their employees lifestyle. Still, any of the staff members can get sick to live a healthy • by a flu. • Such risks that will happen eventually no matter what precautions can be taken to reduce their likelihood need a contingency plan. 34

Risk Management (cont’d) contingency plan in this case can be: To get other team members to cover on urgent tasks. What are the factors that will allow the above action to worthwhile? A • • be – Intermediate steps were well documented. There is a standard methodology for the way that work was carried out for the activity. – • Which one of the recommended approaches in the extreme programming would provide an alternative way to deal with the problem of a team member being ill? – Pair programming. 35

Risk Management (cont’d) Deciding on the risk actions: • For each risk you will have a set of countermeasures reduction actions. or risk • These risk reduction measures should be cost-effective. The cost effectiveness of a risk reduction action can be • assessed by the risk reduction leverage (RRL). • The risk reduction action with a RRL above 1 is worthwhile. RRL= (RE before – RE after)/cost of risk reduction. 36

Risk Management (cont’d) Say a project depended on a data center vulnerable to fire. It might • be estimated that if could be established there is a 1% chance fire occurred a new computer configuration for $500,000. it might also be estimated that that a fire will occur. Installing fire alarms at a cost of $500 would reduce the chance of fire to 0.5%. Will the action of installing alarms be worthwhile. We will calculate the RRL for this action and then decide. RE = (potential damage) ×(probability of occurrence) RE before = $500,000 * 0.01 = $2000 RE after= $500,000 * 0.005 = $1000 Cost of risk reduction = $500 (cost of installing the fire alarms) RRL= (2000-1000) / 500 = 2 Since RRL value > 1 then the action is worthwhile. • • • • • • • • 37

Risk Management (cont’d) Creating and maintaining the risk register: • A risk register: it contains the findings of project planners of what appear to be the most threatening risks to the project. • After work starts on a project more risks will appear be added to the register. Risk registers are reviewed and updated regularly. and will • True or false: • The probability and the impact of a risk are likely to during the course of the project. change 38