Risk Management

1. Definition and classification 2. Activities

Risk Estimation
Identification Assessment Review
Risk Control
Planning Supervision
1
Definition
The SEI Definition The SEI uses the Webster's definition of risk: "Risk is the P
ossibility of Suffering loss" http://www.sei.cmu.edu/programs/sepm/risk/ SAR Def
inition: "Risk: Contingency or proximity of harm "
The phrase: "Risk in Itself is not bad; Risk is essential to progress, and failu
re is Often a key part of learning. But we must learn to balance the possible ne
gative Consequences of Risk Against the Potential Benefits of Its Associated opp
ortunity." [Van Scoy, Roger L. Software Development Risk: Opportunity, Not Probl
em. Software Engineering Institute, CMU/SEI-92-TR-30, ADA 258 743, September 199
2]
2
1. Risk management: definition and classification
The objectives of risk management are to identify, control and eliminate sources
of danger before they begin to affect the fulfillment of the objectives of the
project.
The risk always involves:
Uncertainty: the event that characterizes the
risk may or may not occur.
Potential loss: if the risk becomes a
Indeed, unintended consequences occur or losses. To quantify the level of uncert
ainty and the extent of losses associated with each risk are considered differen
t categories of risks: risks of the project: They affect the timing, cost and qu
ality of the project. Identify potential problems of budget, schedule, personnel
, resources, customer ... Technical risks: They threaten the quality and the tim
ing of the software (product) to be produced. Identify potential problems of tec
hnical uncertainty, ambiguity in the specification, design, implementation, tech
nical obsolescence or cutting-edge technology, interface, testing and maintenanc
e, ... 3
1. Risk management: definition and classification
Business Risks:
Threaten the viability of the software. The main risks of business are: market r
isk: very good product. strategic risk: risk that does not fit product sales: so
me sellable product risk budget: off-budget product
You can make another categorization of the risks in terms of their ease of detec
tion: Known risks are those that can be predicted after an evaluation of the pro
ject plan, the technical environment and other reliable sources of information.
Predictable risks: are extrapolated from the experience of previous projects. Un
predictable risks: they may occur, but it is extremely difficult to identify in
advance.
Source: [
Pressman01, pag. 98]
4
2. Risk management: activities
The ongoing management of risks can increase its efficiency: continuously assess
what can go wrong to determine what risks are important Implement strategies to
ensure effective solving strategies Elements of Risk Management: Risk Estimatio
n: potential may affect project planning. Risk Analysis: Measuring the probabili
ty and impact of each risk, and risk levels of alternative methods. Risk assessm
ent risk list sorted by their impact and likelihood of occurrence. Risk Control:
treat each significant risk. Risk Monitoring: check the progress of risk contro
l and identification of new risks.
5
Risk identification: Risk List
Planning for risk management: plan for
2.1 Management of risk: risk assessment
Hazards Identification
It is a systematic attempt to estimate potential risks to the project plan.
The uncertainties on different characteristics of the project are transformed in
to risk that can be described and measured. A method for identifying risks is to
create a checklist of risk elements that may contain two types of risks: produc
t-specific risks: to identify reviews the project plan and the statement of the
scope of the software. Generic risks: They are common to all software projects.
To identify you create the following subcategories: Product Size Business Impact
of Customer Characteristics Process Definition technology development environme
nt to build size and experience of staff.
6
2.1 Management of risk: risk assessment
Hazards Identification
(Continued)
CHECKLIST OF ELEMENTS OF RISK set of issues that are relevant to each risk facto
r. Example: Checklist of known risk factors for the potential risk on the alloca
tion of staff of a PDS:
Do you have the best staff? Do staff have a proper skill set? Is there enough st
aff? Are you committed to staff throughout the project? Are there members of the
project will work only part time? Do staff have created the right expectations
about the work they will perform? Did you receive the appropriate training of pe
rsonnel? Is it low enough staff rotation to allow for continuity? ........ 7
2.1. Risk management: risk assessment
Risk Analysis
The process of examining the risks in detail to determine their extent, their re
lationships and their importance. The core activities are: Assessment: better un
derstanding of risk. Quantified, if possible, the following concepts:
Impact: loss resulting risk.
Consequences of the problems associated with risk. The factors affecting the imp
act are: Nature: potential problems that may occur if this happens. Scope: Combi
ne the severity with global distribution. Duration: Combine the time you will fe
el its impact and duration.
Probability: probability of risk. Time frame: The length of time that is
possible to mitigate the risk. Classification: classifies the risks to understan
d their nature and develop mitigation plans.
8
2.1 Management of risk: risk assessment
Risk Analysis (continued)
T R A T O U IB
Im pact
VALUE
RÍtico atastrófico C C M M u arginal Im probable probable Probable C orto M al
f term term term L argo
SC R IP D E N C IO
A. Loss System C oste> 50% R recuperation of the operational capacity C oste> 10
% (<50%) C oste <10%> 70% etween 30% and 70% <30% 30 days 1-4 m onths M ore than
4 m this
Probability
M arch tim
Risk assessment is the process of putting the risks in terms of their importance
in determining what must be solved before and which ones to assign more resourc
es. Risks can be ordered by the magnitude of risk exposure: [ri, li, xi] ri: li
Risk: risk probability xi: magnitude of the impact of risk conditions and priori
ties may change throughout the project so the analysis and prioritization should
be done on an ongoing basis using the information available at the time. (Feedb
ack, feedback) 9
2.2 Management of risk: risk control
Planning and supervision of risks RISK 1 â ¢ risk analysis data [r1, l1, x1] â ¢ ris
k management steps 1. . No Data RISK risk analysis [rn, ln, xn] â ¢ risk managemen
t steps n
PGSR
The risk monitoring is: Detect the occurrence of a risk that has been planned En
sure that risk management steps are implemented
10
Tools
http://www.decisionmetrics.net
11
Tools
http://www.palisade-europe.com/
12
REFERENCES
Boehm, BW, Software Risk Management: Principles and Practices, IEEE Software, 32
-41, January 1991. Charette, R., Softwae Engineering Risk analysis and managemen
t, McGraw-Hill, 1989
Karolak, D.W. Risk Management Software Engineering, IEEE Computer Society Press,
USA 1996
McConnell, S., development and management of IT projects, Mc Graw Hill 1997. Pre
ssman, RS, Software Engineering, A Practical Approach, Mc Graw Hill, 2001.
13
Exercise
List the possible risks that can be deduced from the following statement. Classi
fy as the project, technical or business. Arrange in order of likelihood and imp
act of risks. Graph the relationship between the risks. Lastly, set action proto
cols should happen.
A company with less than three years in the ICT sector decides to tackle a proje
ct of digital signatures for the administration of Andalusia. Decides to develop
ment with Java. Just version 1.5 virtual machine. The company has five experts i
n Java, 3 Means and 8 without knowledge of Java. The planning has been for 6 mon
ths with a stress of 400 td. The development manager has decided to use a new co
mpiler, Eclipse for multiplatform environments versatility that is new to the de
velopment team.
14