Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Project Risk See also Sommerville Chapter 22.1.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "IT Project Risk See also Sommerville Chapter 22.1."— Presentation transcript:

1 IT Project Risk See also Sommerville Chapter 22.1

2 Risk Management Ideas of risk management originate in Probability theory Insurance mathematics which seek to Quantify and control risk Make a net profit in the long term Not be ruined in the short term

3 Recall the definition of an expectation over a discrete probability distribution. E = Σ p( event i ) * e( event i ) e.g. tossing a fair coin let event 1 = head event 2 = tail p( event 1 ) = 0.5, p( event 2 ) = 0.5 e( event 1 ) = +1€ e(event 2 ) = -1€

4 Expectation = (0.5 * 1 ) + (0.5 * -1) = 0.0 In the long term we make no gain or loss! But in the short term we might go bankrupt!

5 For each event ε i we need to define: (1)The impact e(ε i ) of ε i as a gain or loss (financial, time etc … ) (2)The risk r( ε i ) associated with ε i as the expression r( ε i ) = p( ε i ) * e(ε i )

6 History During 1990s ideas of risk management spread from insurance to other industries such as Banking and finance Information technology Especially through support of US legislation

7 Clinger-Cohen Act 1996 Information Technology Aquistition Reform Act “… assessing and managing the risks of the IT acquisitions of executive (government) agencies … “ And later … Department of Defence (DoD) Directive 5000.1 (1996, 1999)

8 Capability Maturity Model (CMM) Level 3 accreditation requires structured risk management.

9 Definitions A project risk is a project event ε i with three distinguishing features: (1)Associated loss which could include time, money, quality, control, understanding etc. We try to measure this value which is the risk impact e(ε i )

10 (2) A likelihood that each possible outcome ε i event occurs. We try to measure this value which is the risk probability p(ε i ). Measuring p(ε i ) is usually much harder. Often a semiquantitative approach is used e.g. Unlikely : possible : likely : very likely gives four quartiles 25 : 50 : 75 : 100

11 (3) There is some way to influence the impact. We need only be interested in risks where we can avoid or minimise the impact. Some risks are always beyond the scope of influence e.g. physics, war, legislation, etc.

12 Risk Exposure This is the cumulative exposure over a complete and independent set of events E = Σ p( event i ) * e( event i ) Risk control is a set of planned actions to reduce the risk exposure.

13 Example Consider the risk exposure for testing a new software product. Delivery of the product yields 300K€. However, if critical bugs are present a penalty payment of 150K€ is owed to the client.

14 Probability estimates By spending 50K€ (6 man month) on testing we estimate that we will find all critical bugs with a probability of 0.75. We estimate the probability that the product is free of critical bugs (from the start) to be 0.2 We estimate the probability that we will overlook a critical bug to be 0.05

15 Outcome tree P( exists fault) = 0.8P( exists no fault) = 0.2 P( find no fault) = 0.05P( find fault) = 0.75 A tree structure naturally produces a complete independent set of outcomes

16 Risk exposure Exposure = 0.75 * (300,000 – 50,000 ) + 0.05 * (300,0000 – ( 150,000 + 50,000 )) + 0.2 * (300,000 – 50,000 ) = 187,500 + 5000 + 50,000 =242,000

17 What does this calculation actually tell us? Over the long term we would make a profit of 242,000€ on a series of projects with these characteristics. However, this project is probably unique! Each summand is positive, and therefore under each outcome we make some profit.

18 The result is dominated by the term 0.75 * (300,000 – 50,000 ) = 187,500 To improve the average outcome, we could: (a)Improve testing effectiveness to raise the value 0.75 (at no cost?) (b)Reduce testing labour to reduce the value 50K (possible?) (c)Raise the product price above 300K€ (desirable? Possible?)

19 Risk Leverage Risk management procedures alter the value of our exposure … but they usually cost money to put in place. When does the gain exceed the expense? (The law of diminishing returns.)

20 Define the risk leverage of a specific risk reduction to be the value Leverage = exposure after – exposure before cost of reduction

21 Example In the previous testing scenario, suppose doubling the test budget to 100K€ will halve the probability p( find no fault ) = 0.025 so that p( find fault ) = 0.775 while p( exists no fault ) = 0.2 is unchanged.

22 Exposure after reduction Exposure after = 0.775 * ( 300,000 – 100000 ) + 0.025 * ( 300,000 – (150,000 + 100,000 )) + 0.2 * ( 300,000 – 100,000 ) = 155,000 + 1250 + 40,000 = 196,250

23 Leverage Leverage = exposure after – exposure before cost of reduction = (196,250 - 242,000 ) / 50,000 = -0.915 A leverage value < 1.0 is an uneconomic reduction!

24 Risk Management Process … has its own lifecycle (1)Identify the risks using previous project histories, similar projects, checklists etc (2)Analyse risks, try to find the probabilities and impacts, even semi-quantitatively (3)Plan risk handling actions, prioritise top n risks (e.g. n = 10) in terms of exposure (4)Make contingency plans (i.e. damage control) for all n risks (5)Monitor and adjust, Update probabilities and recalculate

25 Risk Reduction Strategies There are 4 basic strategies for dealing with risk. 1. Accept the risk (i.e. do nothing) This seems most advantageous when the leverage falls below 1.0. Especially if exposure is already low.

26 (2) Transfer the risk. Negotiate contract so that the risk is accepted or shared by another party, e.g. customer, subcontractor consortium partner, bank, etc. (3) Reduce probabilities of Negative Outcomes. Invest in project activities which reduce probabilities, e.g. if risk = software bugs, activities = design, test, etc.

27 (4) Reduce Losses Associated with Negative Outcomes. Invest in catastrophe management which reduces negative impact, e.g. insurance against law suites. Note (3) = “buying smoke alarms” while (4) = “buying fire engines”

28 Risk Hierarchy It is useful to structure different types of risk into a taxonomy, e.g. to perform systemic risk analysis. There are many published taxonomies (aka. checklists) see e.g. Sommerville, course handouts and course web page.

29 Generic Project Risks Generic IT Project Risks Specific IT Project Risks Staff shortage New technology Equipment failure Subcontractor failure Unknown product Team risk….

30 Böhm’s Top IT project risks Recall the spiral lifecycle model? Böhm has studied the top IT project risks, and suggested fixes. 1.Personnel shortfall 2.Unrealistic schedules and budgets 3.Developing the wrong software functions

31 IT Risks (continued) (4) Developing the wrong user interface (5) Gold plating (6) Continuing stream of requirement changes (7) Shortfalls in externally furnished components (8) Shortfalls in externally performed tasks (9) Real time performance shortfalls Question: What fixes would you suggest?

32 Implementing Risk Control Risk management is getting easier to motivate politically. Fire Safety Officer Paradox With a good fire safety officer there are never any fires … but then why hire an officer?

Download ppt "IT Project Risk See also Sommerville Chapter 22.1."

Similar presentations

Paper Prototyping.

Paper Prototyping.
Project Management Risk Management. Introduction Project planning Gantt chart and WBS Project planning Network analysis I Project planning Network analysis.

Project Management Risk Management. Introduction Project planning Gantt chart and WBS Project planning Network analysis I Project planning Network analysis.
Risks  All projects have some degree of risk  Risks are issues that can cause problems  Delay in schedule  Increased project costs  Technical risk.

Risks  All projects have some degree of risk  Risks are issues that can cause problems  Delay in schedule  Increased project costs  Technical risk.
CSIS 3600 Systems Analysis and Design

CSIS 3600 Systems Analysis and Design
Project Cost Management Estimation Budget Cost Control

Project Cost Management Estimation Budget Cost Control
Project Planning and Control Main issues:  How to plan a project?  How to control it?

Project Planning and Control Main issues:  How to plan a project?  How to control it?
Project Planning and Control Main issues:  How to plan a project?  How to control it? ©2008 John Wiley & Sons Ltd. www.wileyeurope.com/college/van vliet.

Project Planning and Control Main issues:  How to plan a project?  How to control it? ©2008 John Wiley & Sons Ltd. vliet.
Learning Objectives After studying this chapter, you should be able to: Recognize revenue items at the proper time on the income statement. Account for.

Learning Objectives After studying this chapter, you should be able to: Recognize revenue items at the proper time on the income statement. Account for.
Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.

Projmgmt-1/33 DePaul University Project Management I - Risk Management Instructor: David A. Lash.
Paper Prototyping.

Paper Prototyping.
OHT 6.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Development plan and quality plan objectives The elements of the development.

OHT 6.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Development plan and quality plan objectives The elements of the development.
Software project management (intro)

Software project management (intro)
Creator: ACSession No: 9 Slide No: 1Reviewer: SS CSE300Advanced Software EngineeringNovember 2005 Risk Management CSE300 Advanced Software Engineering.

Creator: ACSession No: 9 Slide No: 1Reviewer: SS CSE300Advanced Software EngineeringNovember 2005 Risk Management CSE300 Advanced Software Engineering.
OHT 6.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Development plan and quality plan objectives The elements of the development.

OHT 6.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Development plan and quality plan objectives The elements of the development.
Paper Prototyping.

Paper Prototyping.
Software Project Risk Management

Software Project Risk Management
Risk Management. What is risk? You have some expected outcome –Of some event in the future Risk is the deviation of the actual future outcome from the.

Risk Management. What is risk? You have some expected outcome –Of some event in the future Risk is the deviation of the actual future outcome from the.
Chapter 3 Project Management

Chapter 3 Project Management
Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.

Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.
©Ian Sommerville 2000Software Engineering, 7th edition. Chapter 5 Slide 1 Chapter 5 Project Management Modified by Randy K. Smith.

©Ian Sommerville 2000Software Engineering, 7th edition. Chapter 5 Slide 1 Chapter 5 Project Management Modified by Randy K. Smith.

Similar presentations

Ads by Google