Presentation is loading. Please wait.

Presentation is loading. Please wait.

소프트웨어공학 원리 (SEP521) Risk Management - I Jongmoon Baik.

Published byPhoebe Walsh Modified over 6 years ago

Similar presentations

Presentation on theme: "소프트웨어공학 원리 (SEP521) Risk Management - I Jongmoon Baik."— Presentation transcript:

1 소프트웨어공학 원리 (SEP521) Risk Management - I Jongmoon Baik

2 Questions to Consider Why am I talking to you about risk management?
How many of you manage risks continuously or have you managed them throughout a project before?

3 If you don actively attack the risks?
The risks will actively attack you ! -Tom Gilb -

4 What is A Risk? “The chance or possibility of suffering loss, injury, damage, or harm” – Webster’s dictionary, 1981 “The measure of the probability and severity of adverse effects” – William Lawrance, “Of Acceptable Risk”, 1976 “problems that could cause some loss or threaten the success of projects, but which has not happened yet” No universally accepted definition All definitions share the following characteristics: Uncertainty – an event may or may not happen Loss – an event has unwanted consequences or losses What are the risks surrounding us?? We are aware of the potential dangers that permeate even simply in daily life. Getting injured from crossing the street, having a heart attack from high cholesterol level. By experience and learning, we manage those risks everyday. Unlike the hazards in our daily life, software risks: must be often learned without the benefit of lifelong exposure. A more deliberate approach is required.

5 Risk and Project Management
Budget Management Quality Management Scope Schedule Risk Management Risk Management is aimed addressing the risks within the project management environment .. Not just the technical risks So… How many of you continuously managed risks on software projects before? Most of you probably did implicitly. The notion of doing it Explicitly is what we want to emphasize here?

6 Is Risk Necessarily Bad?
“Risk in itself is not bad; risk is essential to progress, and failure is often a key part of learning. But we must learn to balance the possible negative consequences of risk against the potential benefits of its associated opportunity.”

7 Judgment and Experience
The Need to Manage Risk Project risk increases as the systems become more complex System Complexity Risk Technical Schedule Scope Budget Individual Knowledge, Judgment and Experience Expert Knowledge, Methods, Tools Techniques

8 Risk Management Get recognized as best practice to reduce the surprise factor Structured risk mgmt: to peek over the horizon at the traps that might be looming, Provides visibility in threats to project success Control risks across multiple projects Take actions to minimize the likelihood or impact of these potential problems Inefficient risk management cause: A continual state of project instability Constant fire-fighting Multiple schedule slippage “Deal with a concern before it becomes a crisis” The potential problems might have an adverse impact on the cost, schedule, or technical success of the project, the quality of software products, or project team morale.

9 Is This A Risk? We just started integrating the software
and we found out that COTS* products A and B just can’t talk to each other We’ve got too much tied into A and B to change Our best solution is to build wrappers around A and B to get them to talk via CORBA** This will take 3 months and $300K It will also delay integration and delivery by at least 3 months *COTS: Commercial off-the-shelf **CORBA: Common Object Request Broker Architecture

10 Is This A Risk? No, it is a problem Risks involve uncertainties
Being dealt with reactively Risks involve uncertainties And can be dealt with pro-actively Earlier, this problem was a risk Much risk is attributable to uncertainty about the things we sometimes pretend are under control. It’s what we don’t know that can hurt us. Uncertainty is a normal and unavoidable characteristic of most software projects. It can result from the continuously increasing complexity of the products and the haste with which we sometimes dive into the source code editor. Lack of practical knowledge about the software development techniques and tools we are using presents an additional source of uncertainty

11 Earlier, This Problem Was A Risk
A and B are our strongest COTS choices But there is some chance that they can’t talk to each other Probability of loss P(L) [or P(UO)] If we commit to using A and B And we find out in integration that they can’t talk to each other We’ll add more cost and delay delivery by at least 3 months Size of loss S(L) [or L(UO)] Risk Exposure (RE) RE = P(L) * S(L) Early concern with identifying and resolving high-risk elements: : lessens long-term costs and prevent software disasters Risk exposure: sometimes called “risk impact” or “risk factor” UO: unsatisfactory outcomes: a top level checklist for identifying and assessing risk items For customers and developers: budget overruns and schedule slips For users: products with the wrong functionality, user interface shortfalls, performance shortfalls, or reliability shortfalls For maintainers: poor quality software

12 Risk-Analysis: Decision Tree
Combined Risk Exposure Risk Exposure P(UO)=0.36 $0.18M L(UO)=$0.5M Find CE P=0.04 $1.3M $0.82M L=$20.5M Don’t find CE Do IV&V P=0.06 More attractive option L=$0.5M $0.30M No CE P(UO)=0.3 $0 L(UO)=$0 No IV&V Find CE Figure illustrates a potentially risky situation involving the software controlling a satellite experiment. IV&V cost: $500,000 Loss when IV&V not applied: $20M with P=0.1 – Reduce P to 0.04 by applying IV&V -Decision tree: Besides providing individual solutions for risk-management situations, it also provides a framework for analyzing sensitivity of preferred solutions to the risk-exposure parameters P=0.1 L=$20M $2M $2M Don’t find CE P=0.6 L=$0 $0 No CE

13 Using Risk to Determine “HOW MUCH ENOUGH”
The downward curve in Figure 15.4 shows the variation in risk exposure (RE) due to inadequate plans, as a function of the level of investment the company puts into its projects’ process and product plans. At the left, a minimal investment corresponds to a high probability P(L) that the plans will have loss-causing gaps, ambiguities, and inconsistencies. It also corresponds to a high S(L) that these deficiencies will cause major project oversights, delays, and rework costs. At the right, the more thorough the plans, the less P(L) that plan inadequacies will cause problems, and the smaller the size S(L) of the associated losses. The upward curve in Figure 15.4 shows the variation in RE due to market share erosion through delays in product introduction. Spending little time in planning will get at least a demo product into the marketplace early, enabling early value capture. Spending too much time in planning will have a high P(L) due both to the planning time spent, and to rapid changes causing delays via plan breakage. It will also cause a high S(L), as the delays will enable others to capture most of the market share. The upper curve in Figure 15.4 shows the sum of the risk exposures due to inadequate plans and market share erosion. It shows that very low and very high investments in plans have high overall risk exposures, and that there is a “Sweet Spot” in the middle where overall risk exposure is minimized, indicating “how much planning is enough?” for this company’s operating profile.

14 RISK vs. PROBLEM Example: Current, real problems Looming risk
A risk: threat of your top technical people being hired away by the competition A problem: unable to hire right skilled staff Current, real problems Requires prompt corrective actions Looming risk Dealt with several different ways

15 How to Deal with Risks? Buying Information Risk Avoidance
Risk Transfer Risk Reduction Risk Acceptance

16 Risk Management Strategies - I
Buying Information Let’s spend $30K and 2 weeks prototyping the integration of A and B This will buy information on the magnitude of P(L) and S(L) If RE = P(L) * S(L) is small, we’ll accept and monitor the risk If RE is large, we’ll use one/some of the other strategies

17 Risk Management Strategies - II
Risk Avoidance COTS product C is almost as good as B, and it can talk to A Delivering on time is worth more to the customer than the small performance loss Risk Transfers If the customer insists on using A and B, have them establish a risk reserve. To be used to the extent that A and B can’t talk to each other Risk Reduction If we build the wrappers and the CORBA corrections right now, we add cost but minimize the schedule delay Risk Acceptance If we can solve the A and B interoperability problem, we’ll have a big competitive edge on the future procurements Let’s do this on our own money, and patent the solution

18 When You have to Start RM?
The Answer is DAY ONE Early & Risk Resolution Data Temptations to Avoid Early Risk Resolution with the WinWin Spiral Model Identifying Stakeholders and Win Conditions Model Clash and Win-Lose Risk Avoidance Avoiding Cost/Schedule Risks with the SAIV Model

19 Risk of Delaying Risk Management: Systems
Blanchard- Fabrycky, 1998

20 Risk of Delaying Risk Management: Software
Phase in Which defect was fixed 10 20 50 100 200 500 1000 Relative cost to fix defect 2 1 5 Requirements Design Code Development Acceptance Operation test test Smaller software projects Larger software projects Median (TRW survey) 80% 20% SAFEGUARD GTE IBM-SSD

21 Steeper Cost-to-fix for High-Risk Elements
10 20 30 40 50 60 70 80 90 100 % of Software Problem Reports (SPR’s) TRW Project A 373 SPR’s TRW Project B 1005 SPR’s % of Cost to Fix SPR’s Major Rework Sources: Off-Nominal Architecture-Breakers A - Network Failover B - Extra-Long Messages

22 Day One Temptations to Avoid - I
It’s too early to think about risks. We need to: Finalize the requirements Maximize our piece of the pie Converge on the risk management organization, forms, tools, and procedures. Don’t put the cart before the horse. The real horse is the risks, and it’s leaving the barn Don’t sit around laying out the seats on the cart while this happens. Work this concurrently.

23 Day One Temptations to Avoid - II
We don’t have time to think about the risks. We need to: Get some code running right away Put on a socko demo for the customers Be decisive. Lead. Make commitments. The Contrarian’s Guide to Leadership (Sample, 2002) Never make a decision today that can be put off till tomorrow. Don’t form opinions if you don’t have to. Think gray.

24 Day One Temptations to Avoid - III
Unwillingness to admit risks exist Leaves impression that you don’t know exactly what you’re doing Leaves impression that your bosses, customers don’t know exactly what they’re doing “Success-orientation” “Shoot the messenger” syndrome Tendency to postpone the hard parts Maybe they’ll go away Maybe they’ll get easier, once we do the easy parts Unwillingness to invest money and time up front

25 Software Risk Management
Checklists Decision driver analysis Assumption analysis Decomposition Performance models Cost models Network analysis Decision analysis Quality factor analysis Risk exposure Risk leverage Compound risk reduction Buying information Risk avoidance Risk transfer Risk reduction Risk element planning Risk plan integration Prototypes Simulations Benchmarks Analyses Staffing Milestone tracking Top-10 tracking Risk reassessment Corrective action Risk Resolution Assessment Control Identification Analysis Prioritization Risk mgmt Planning Management Monitoring Two primary steps (Risk Assessment & Risk control) each with three subsidiary steps. Risk Assessment: Figure out what the risks are and what to focus on Make a list of all the potential dangers that will affect the project Assess the probability of occurrence and potential loss of each item listed Ranking the items (from most to least dangerous) Risk Control: Do something about them Come up with techniques and strategies to mitigate the highest ordered risks Implement the strategies to resolve the high order risks factors Monitor the effectiveness of the strategies and the changing levels of risk throughout the project

26 Risk Identification

27 Risk Identification Produce lists of the project specific risk items likely to compromise a project’s success Typical risk Identification Techniques Risk-item checklists Decision driver analysis Comparison with experience (Assumption Analysis) Win-lose, lose-lose situations Decomposition Pareto 80 – 20 phenomena Task dependencies Murphy’s law Uncertainty areas Analysis of Model Clashes

28 Example: Risk Item Checklist
Will you project really get all the best people? Are there critical skills for which nobody is identified? Are there pressures to staff with available warm bodies? Are there pressures to overstaff in the early phases? Are the key project people compatible? Do they have realistic expectations about their project job? Do their strengths match their assignment? Are they committed full-time? Are their task prerequisites (training, clearances, etc.) Satisfied?

29 Example: Examination of Decision Drivers
Political versus Technical Choice of equipment Choice of subcontractor Schedule, Budget Allocation of responsibilities Marketing versus Technical Gold plating Schedule, budget Solution-driven versus Problem-driven In-house components, tools Artificial intelligence Short-term versus Long-term Staffing availability versus qualification Reused software productions engineering Premature SRR, PDR Outdated Experience

30 Top 10 S/W Risk Items Barry Boehm, IEEE Software January, 1991

31 Top 10 Risk Items: 1989 vs. 1995 1995 1989 Personnel shortfalls
Schedules and budgets Wrong software functions Wrong user interface Gold plating Requirements changes Externally-furnished components Externally-performed tasks Real-time performance Straining computer science Personnel shortfalls Schedules, budgets, process COTS, external components Requirements mismatch User interface mismatch Architecture, performance, quality Requirements changes Legacy software Externally-performed tasks Straining computer science

32 Risk Context & Source(s)

33 Q & A

Download ppt "소프트웨어공학 원리 (SEP521) Risk Management - I Jongmoon Baik."

Similar presentations

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
University of Southern California Center for Systems and Software Engineering Risk Calculation Case Studies CS 510 Software Engineering Supannika Koolmanojwong.

University of Southern California Center for Systems and Software Engineering Risk Calculation Case Studies CS 510 Software Engineering Supannika Koolmanojwong.
W5HH Principle As applied to Software Projects

W5HH Principle As applied to Software Projects
Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.

Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.
University of Southern California Center for Software Engineering C S E USC Barry Boehm, USC USC-CSE Executive Workshop March 15, 2006 Processes for Human.

University of Southern California Center for Software Engineering C S E USC Barry Boehm, USC USC-CSE Executive Workshop March 15, 2006 Processes for Human.
Computer Engineering 203 R Smith Risk Management 7/2009 1 Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks.

Computer Engineering 203 R Smith Risk Management 7/ Risk Management The future can never be predicted with 100% accuracy. Failure to plan for risks.
University of Southern California Center for Software Engineering C S E USC Barry Boehm, USC CS 510, CS 577a Fall,2005 (http://sunset.usc.edu)

University of Southern California Center for Software Engineering C S E USC Barry Boehm, USC CS 510, CS 577a Fall,2005 (
1 SOFTWARE PRODUCTION. 2 DEVELOPMENT Product Creation Means: Methods & Heuristics Measure of Success: Quality f(Fitness of Use) MANAGEMENT Efficient &

1 SOFTWARE PRODUCTION. 2 DEVELOPMENT Product Creation Means: Methods & Heuristics Measure of Success: Quality f(Fitness of Use) MANAGEMENT Efficient &
Session 33 Guest Speaker: Gini Van Siclen. Risk Management for Project Managers Gini Van Siclen.

Session 33 Guest Speaker: Gini Van Siclen. Risk Management for Project Managers Gini Van Siclen.
University of Southern California Center for Software Engineering C S E USC Agile and Plan-Driven Methods Barry Boehm, USC USC-CSE Affiliates’ Workshop.

University of Southern California Center for Software Engineering C S E USC Agile and Plan-Driven Methods Barry Boehm, USC USC-CSE Affiliates’ Workshop.
Software Project Risk Management

Software Project Risk Management
Don Cole Risk Assessment and Mitigation Project Management for ARA Engineers and Scientists.

Don Cole Risk Assessment and Mitigation Project Management for ARA Engineers and Scientists.
Chapter 25 Risk Management

Chapter 25 Risk Management
Software Project Management Lecture # 8. Outline Chapter 25 – Risk Management  What is Risk Management  Risk Management Strategies  Software Risks.

Software Project Management Lecture # 8. Outline Chapter 25 – Risk Management  What is Risk Management  Risk Management Strategies  Software Risks.
Project Risk Management: An Overview Andrew Westdorp Program Manger, IV&V Lockheed Martin (301)402-3924

Project Risk Management: An Overview Andrew Westdorp Program Manger, IV&V Lockheed Martin (301)
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
1 These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 5/e and are provided with permission by.

1 These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 5/e and are provided with permission by.
Project Risk Management Supplement. The Importance of Project Risk Management  Project risk management is the art and science of identifying, assigning,

Project Risk Management Supplement. The Importance of Project Risk Management  Project risk management is the art and science of identifying, assigning,
Chapter 11: Project Risk Management

Chapter 11: Project Risk Management
Quantitative Decision Making and Risk Management CS3300 Fall 2015.

Quantitative Decision Making and Risk Management CS3300 Fall 2015.

Similar presentations

Ads by Google