Download Risk Management Software Engineering and more Summaries Computer Science in PDF only on Docsity!
LEC 6: RISK MANAGEMENT
What is Risk?
"Tomorrow problems are today's risk." Hence, a clear definition of a "risk" is a problem that could cause some loss or threaten the progress of the project, but which has not happened yet.
These potential issues might harm cost, schedule or technical success of the project and the quality of our software device, or project team morale.
Risk Management is the system of identifying addressing and eliminating these problems before they can damage the project.
We need to differentiate risks, as potential issues, from the current problems of the project.
Different methods are required to address these two kinds of issues.
For example, staff storage, because we have not been able to select people with the right technical skills is a current problem, but the threat of our technical persons being hired away by the competition is a risk.
Risk Management
A software project can be concerned with a large variety of risks. In order to be adept to systematically identify the significant risks which might affect a software project, it is essential to classify risks into different classes. The project manager can then check which risks from each class are relevant to the project.
There are three main classifications of risks which can affect a software project:
- Project risks
- Technical risks
- Business risks 1. Project risks: Project risks concern differ forms of budgetary, schedule, personnel, resource, and customer-related problems. A vital project risk is schedule slippage. Since the software is intangible, it is very tough to monitor and control a software project. It is very tough to control something which cannot be identified. For any manufacturing program, such as the manufacturing of cars, the plan executive can recognize the product taking shape. 2. Technical risks: Technical risks concern potential method, implementation, interfacing, testing, and maintenance issue. It also consists of an ambiguous specification, incomplete specification, changing specification, technical uncertainty, and technical obsolescence. Most technical risks appear due to the development team's insufficient knowledge about the project.
3. Business risks: This type of risks contain risks of building an excellent product that no one need, losing budgetary or personnel commitments, etc.
Other risk categories
- 1. Known risks: Those risks that can be uncovered after careful assessment of the project program, the business and technical environment in which the plan is being developed, and more reliable data sources (e.g., unrealistic delivery date)
- 2. Predictable risks: Those risks that are hypothesized from previous project experience (e.g., past turnover)
- 3. Unpredictable risks: Those risks that can and do occur, but are extremely tough to identify in advance.
Principle of Risk Management
- Global Perspective: In this, we review the bigger system description, design, and implementation. We look at the chance and the impact the risk is going to have.
- Take a forward-looking view: Consider the threat which may appear in the future and create future plans for directing the next events.
- Open Communication: This is to allow the free flow of communications between the client and the team members so that they have certainty about the risks.
- Integrated management: In this method risk management is made an integral part of project management.
- Continuous process: In this phase, the risks are tracked continuously throughout the risk management paradigm.
Risk Management Activities
Risk management consists of three main activities, as shown in fig:
- Technology risks: Risks that assume from the software or hardware technologies that are used to develop the system.
- People risks: Risks that are connected with the person in the development team.
- Organizational risks: Risks that assume from the organizational environment where the software is being developed.
- Tools risks: Risks that assume from the software tools and other support software used to create the system.
- Requirement risks: Risks that assume from the changes to the customer requirement and the process of managing the requirements change.
- Estimation risks: Risks that assume from the management estimates of the resources required to build the system 2. Risk Analysis: During the risk analysis process, you have to consider every identified risk and make a perception of the probability and seriousness of that risk.
There is no simple way to do this. You have to rely on your perception and experience of previous projects and the problems that arise in them.
It is not possible to make an exact, the numerical estimate of the probability and seriousness of each risk. Instead, you should authorize the risk to one of several bands:
- The probability of the risk might be determined as very low (0-10%), low (10- 25%), moderate (25-50%), high (50-75%) or very high (+75%).
- The effect of the risk might be determined as catastrophic (threaten the survival of the plan), serious (would cause significant delays), tolerable (delays are within allowed contingency), or insignificant.
Risk Control
It is the process of managing risks to achieve desired outcomes. After all, the identified risks of a plan are determined; the project must be made to include the most harmful and the most likely risks. Different risks need different containment methods. In fact, most risks need ingenuity on the part of the project manager in tackling the risk.
There are three main methods to plan for risk management:
- Avoid the risk: This may take several ways such as discussing with the client to change the requirements to decrease the scope of the work, giving incentives to the engineers to avoid the risk of human resources turnover, etc.
- Transfer the risk: This method involves getting the risky element developed by a third party, buying insurance cover, etc.
- Risk reduction: This means planning method to include the loss due to risk. For instance, if there is a risk that some key personnel might leave, new recruitment can be planned.
4. Risk Leverage: To choose between the various methods of handling risk, the project
plan must consider the amount of controlling the risk and the corresponding reduction of
risk. For this, the risk leverage of the various risks can be estimated.
5. Risk leverage is the variation in risk exposure divided by the amount of reducing the risk.
6. Risk leverage = (risk exposure before reduction - risk exposure after reduction) /
(cost of reduction)
7. 1. Risk planning: The risk planning method considers each of the key risks that have
been identified and develop ways to maintain these risks.
8. For each of the risks, you have to think of the behavior that you may take to minimize the
disruption to the plan if the issue identified in the risk occurs.
9. You also should think about data that you might need to collect while monitoring the plan
so that issues can be anticipated.
10. Again, there is no easy process that can be followed for contingency planning. It
relies on the judgment and experience of the project manager.
2. Risk Monitoring: Risk monitoring is the method king that your assumption about the product, process, and business risks has not changed.
Methods for Identifying Risks
Identifying risk is one of most important or essential and initial steps in risk
management process. By chance, if failure occurs in identifying any specific or
particular risk, then all other steps that are involved in risk management will not
be implemented for that particular risk. For identifying risk, project team should review scope of program, estimate cost, schedule, technical maturity,
parameters of key performance, etc.
To manage risk, project team or organization are needed to know about what
risks it faces, and then to evaluate them. Generally, identification of risk is an
iterative process. It basically includes generating or creating comprehensive list
of threats and opportunities that are based on events that can enhance,
prevent, degrade, accelerate, or might delay successful achievement of
objectives. In simple words, if you don’t find or identify risk, you won’t be able to
manage it.
Methods for Identifying Risks :
Earlier, there were no easy methods available that will surely identify all risks.
But nowadays, there are some additional approaches available for identifying
risks. Some of approaches for risk identification are given below:
- SWOT Analysis –
Strengths-Weaknesses-Opportunities-Threat (SWOT) is very technique and helpful for identifying risks within greater organization context. It is generally used as planning tool for analyzing business, its resources, and also its environment simply by looking at internal strengths and weaknesses and opportunities and threats in external environment. It is technique often used in formulation of strategy. The appropriate time and effort should be spent on thinking seriously about weaknesses and threats of organization for SWOT analysis to more effective and successful in risk identification.
- Flowchart Method –
This method allows for dynamic process to be diagrammatically represented in paper. This method is generally used to represent activities of process graphically and sequentially to simply identify the risk.
