Computer Engineering 203 R Smith Risk Management 7/ Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks leads crisis management or firefighting The lure of crisis management – Attention and visibility – Access to resources – Rewards

Computer Engineering 203 R Smith Risk Management 7/ What is a Risk? Risk is a measure of the probability and consequence of not achieving a defined project goal. A probability of occurrence of that event. Impact of the event occurring Risks change though out the life of a project

Computer Engineering 203 R Smith Risk Management 7/ Risk Management Risk management is the act or practice of dealing with risk. Risk management is proactive rather than reactive. Risk management is not a separate activity but rather on aspect of sound project management.

Computer Engineering 203 R Smith Risk Management 7/ Common Mistakes in Risk Management Not understanding the benefits of Risk Management Not providing adequate time or resources for Risk Management Not identifying and assessing risk using a standardized approach

Computer Engineering 203 R Smith Risk Management 7/ Requirements for successful risk management Commitment by stakeholders Stakeholder responsibility Planning for risk management Creation of a risk management plan Committing resources to risk management Top 10 risk list – Determine a manageable number of risks

Computer Engineering 203 R Smith Risk Management 7/ Resources for Risk Management When looking at the resources to commit to risk management, one needs to consider the overall project size and the impacts of the risks. The Survival Guide recommends about 5% of the total project resources on specific risk management activities.

Computer Engineering 203 R Smith Risk Management 7/ Risk Management Planning Risk management planning is a on going process. Develop a plan for risk identification. Determine the resources available for risks. – What is available beyond the ordinary? – This is a good time for out of the box thinking

Computer Engineering 203 R Smith Risk Management 7/ Simplified Risk Management Process Risk identification Risk analysis/evaluation Risk planning strategies Risk monitoring and control Risk response

Computer Engineering 203 R Smith Risk Management 7/ Risk Identification The need to proactively identify risks. – When an event happens it is too late to plan. Tools for identifying risk – Brainstorming – Nominal Group Technique Each member identifies their ideas Each member writes an idea on the board until all ideas are listed

Computer Engineering 203 R Smith Risk Management 7/ Risk Identification The group discusses each idea Each individual ranks each of the ideas The group then ranks all the ideas Each individual ranks all the ideas again Rankings are summarized – Delphi technique Experts asked individually to provide input Input summarized and distributed Experts rank input

Computer Engineering 203 R Smith Risk Management 7/ Risk Identification – Strength, Weakness, Opportunities, Threats – Cause and effect diagrams – Past Projects

Computer Engineering 203 R Smith Risk Management 7/ Possible Risks Creeping user requirements Excessive schedule pressure Low quality Cost overruns Poor estimates Low customer satisfaction Long schedules

Computer Engineering 203 R Smith Risk Management 7/ Qualitative Risk Analysis Probability and Impact – Impacts a Software Project Manager is most likely to face: Costs Schedule Quality – Probability is most often determined by expert opinion and historical data

Computer Engineering 203 R Smith Risk Management 7/ Qualitative Analysis Cause and Effect Diagrams Risk Impact Tables

Computer Engineering 203 R Smith Risk Management 7/ Quantitative Risk Analysis Discrete probability distributions – Coin toss Continuous probability distributions – Normal distribution or bell shaped curve Running simulations – Using PERT to study the impact. PERT does identify risks it only helps understand the impact

Computer Engineering 203 R Smith Risk Management 7/ Risk Response Planning Who is going to detect when the risk occurs? Who has the responsibility to respond and communicate? What is the response?

Computer Engineering 203 R Smith Risk Management 7/ Risk Strategies Factors impacting the strategy – Impact of the risk – Project constraints – Tolerances Strategy – Accept or Ignore Provide reserves – Contingency plans Natural disaster/backup plans

Computer Engineering 203 R Smith Risk Management 7/ Risk Strategies – Avoidance, eliminate the risk – Mitigate, lessen the impact of the risk Performance impact, provide extra hardware – Transfer the risk Offsite backup planning Server farms Outside management

Computer Engineering 203 R Smith Risk Management 7/ Risk Monitoring and Control Risk monitoring – Determine who is responsible for monitoring – How are risks monitored? Project tracking, resources, quality, etc – Communicating the status of identified risks Reviews and Audits Once a risk is identified as occurring – Communicate – Take action

Computer Engineering 203 R Smith Risk Management 7/ Risk Response and Evaluation Trigger the defined risk response plan – Identify the risk owner – Assign resources – Understand the impacts PERTs, Dependencies Communicate Evaluate once action is taken – Is more action needed? – What additional risks are triggered?

Computer Engineering 203 R Smith Risk Management 7/ Common Software Project Risks Discussion of common risks – Requirements: Feature creep Developer gold plating – Quality Low quality Squeeze on testing time – Over optimism Schedules Tools

Computer Engineering 203 R Smith Risk Management 7/ Common Software Project Risks – Resources Not enough Weak personnel Contractor issues – Customer Customer developer friction Customer acceptance