cs3100 software project management risk dr tracy hall
TRANSCRIPT
CS3100Software Project Management
Risk
Dr Tracy Hall
CS3100. Risk Slide 2
1. To be able to critically discuss issues of risk with respect to likelihood and impact
2. To be able to explain and exemplify the different classes of risk action that can be taken
learning outcomes
CS3100. Risk Slide 3
Loss: “occurrence of unwanted consequences”
Project impact
Business impact
Technical impact
Any others…?
* difficulties of estimation
* assumptions made during planning
• unplanned events or hazards
• Underestimated risks
These incidents might arise from…
What is Risk?The chance that some adverse incidents may affect the project
Basics: involves two characteristics:
Uncertainty: “may or may not happen”
CS3100. Lecture 14: RiskSlide 4
Levels of Risk Management: risk strategies
Reactive Proactive
Fix on failure. react to risks quickly after they’ve occurred.
Prevention. Identify risks and prevent them from becoming problems.
Risk mitigation. Resource planning for risks IF they do occur.
Elimination of root causes. Identify &
eliminate factors that make it possible for risks to exist at all.
Crisis management – ‘fire fighting’. address risks only after they’ve become a problem.
CS3100. Lecture 14: RiskSlide 5
Risk ManagementPlan risk
management approach
Identify risks
Assess risks
Plan risk responses
Carry out risk reduction actions
Risk Register
Risk Manageme
nt Plan
Project Objectives Achieved
(Cadle and Yeates 2004)
CS3100. Risk Slide 6
using a
checklist….
or/and through
brain-storming…
…you may consider…staff factors
changeover factors
supplier factors
and so on…
…you might discuss those risks which are…
hazardous
political
generic
or
specific
First step is to “identify” risks
CS3100. Lecture 14: RiskSlide 7
Risk and planning
PLANNING
REVIEW
MANAGEMENT
PEO
PLE
CS3100. Lecture 14: RiskSlide 8
Low
Low
High
High‘likelihood’
‘impact’
Project overrun - late component for an urgent safety-critical application enhancement.
Next “assess” the risks
CS3100. Lecture 14: RiskSlide 9
Low
Low
High
High‘likelihood’
‘impact’- Graduate programmer unfamiliar with programming language of a rapid, trivial prototype development
Next, “assess” the risks
CS3100. Lecture 14: RiskSlide 10
Low
Low
High
High‘likelihood’
‘impact’
- Client pulls out for financial reasons after significant initial commitment
Next, “assess” the risks
CS3100. Lecture 14: RiskSlide 11
Low
Low
High
High‘likelihood’
‘impact’ - Project administrator leaves in the first week after a lengthy project has “kicked off”.
Next, “assess” the risks
CS3100. Lecture 14: RiskSlide 12
Low
Low
High
High‘likelihood’
‘impact’
- Late delivery of a vital component for an urgent safety-critical application enhancement.
- Graduate programmer unfamiliar with programming language of a rapid, trivial prototype development.
- Client pulls out for financial reasons after significant initial commitment.
- Project administrator leaves in the first week after a lengthy project has “kicked off”.
Next, “assess” the risks
CS3100. Lecture 14: RiskSlide 13
Low
Low
High
High‘likelihood’
‘im
pact
’
How about…?
• New O/S released?• Integration tests fail• Customer changes spec• Customer goes bankrupt• Key programmer resigns• Your company is taken over
CS3100. Lecture 14: RiskSlide 14
So you’ve looked ahead…
PLANNING
REVIEW
MANAGEMENT
PEO
PLE
CS3100. Risk Slide 15
Understanding impact of the risks: Risk exposure
Determine the ‘risk exposure’ of each of the risks that you have identified.
Risk Exposure
=probability of the unexpected loss
size of the loss
But how do you determine the probability and size of loss? …by estimating…
(Rapid Development [chapter 5] by Steve McConnell, 1996)
CS3100. Risk Slide 16
RiskExposure
= probability of the unexpected loss
size of the loss
Get project/system guru to estimate…
Use delphi or group consensus practices
Determining the probability and size of loss…
CS3100. Risk Slide 17
Obvious and easy estimates…i.e. a project might be approved only at the start of a month. Breakdown loss into
smaller losses, estimate each and aggregate these to make the combined loss.
Determining the probability and size of loss…
RiskExposure
= probability of the unexpected loss
size of the loss
CS3100. Risk Slide 18
Some simple examplesExample: say there’s a 25% chance that it will take 4 weeks longer to get project approved.
Risk Exposure = 25% x 4 weeks
Risk Exposure = 1 week
Example: say there’s a 15% chance that project will suffer 8 weeks loss because new programming tools do not produce promised savings.
Risk Exposure = 15% x 8 weeks
Risk Exposure = 1.2 weeks
Example: say there’s a 30% chance that project will lose 12 weeks because of inadequate designs – redesign required.
Risk Exposure = 30% x 12 weeks
Risk Exposure = 3.6 weeks
CS3100. Risk Slide 19
Risk-Assessment TableRisk Probability
of LossSize of Loss (weeks)
Risk Exposure (weeks)
Overly optimistic schedule 50% 5 2.5
Inadequate design 15% 15 2.25
Delay with Project approval
25% 4 1.0
Facilities not ready in time 10% 2 0.2
Programming tools do not produce promised savings
30% 5 1.5
Change in specific reqs 40% 12 4.8
Unstable graphics engine 7% 4 0.3
Reduced quality assurance 35% 6 2.1
NB: Risks are more usually expressed in monetary terms
CS3100. Risk Slide 20
Prioritised Risk Assessment Table
Risk Probability of Loss
Size of Loss (weeks)
Risk Exposure (weeks)
Change in specific reqs 40% 12 4.8
Overly optimistic schedule 50% 5 2.5
Inadequate design 15% 15 2.25
Reduced quality assurance 35% 6 2.1
Programming tools do not produce promised savings
30% 5 1.5
Delay with Project approval 25% 4 1.0
Unstable graphics engine 7% 4 0.3
Facilities not ready in time 10% 2 0.2
CS3100. Lecture 14: RiskSlide 21
Next step, “plan risk responses…”Acceptance
Let the risk happen because countermeasures are unfeasible or more expensive.
Mitigation/Reduction
Steps to reduce impact of risk, if they happen.
TransferMaking someone else bare the burden if the risks occur, i.e. by taking out insurance.
Avoidance/ Prevention
Steps to reduce
likelihood of risks
occurring.
CS3100. Risk Slide 22
Risk Register
Contains a list of risks, their likely impact and estimated probabilities e.g.:
Risk: failure at integration
Assessment: Risk is low (we have integrated the last 4 projects successfully) but impact would be significant (remedial activity plus loss of reputation and further business). Say 5% probability x £200k = £10k
Mitigation: If risk materialises, we will assemble a recovery team for 2 months to join the project team. Weekly review meetings. Also, we will buy in 2 major platform components.
Plan risk management approach
Identify risks
Assess risks
Plan risk responses
Carry out risk reduction actions
Risk Register
Risk Management
Plan
Project Objectives Achieved
CS3100. Risk Slide 23
NO!remember…the risk
management process,
to enable you to EVALUATE as you go
along, because…
the nature of the risks may change as the project proceeds, for instance…
Predicted risks occur and are dealt with as planned.
Predicted risks fail to appear.
New, unanticipated risks materialise.
Then, you execute when necessary. But, is it that simple?
CS3100. Lecture 14: RiskSlide 24
how about seeking advice…particularly as different organisations will follow different approaches.
‘risk register’ - a repository for information about each risk, i.e. current status; potential impacts…
‘risk management plan’ - outlining the risk management cycle specific to the project - roles/responsibilities for the risks (‘risk
ownership’) - other expectations.
How would you know how to deal with these instances?
CS3100. Lecture 14: RiskSlide 25
Managing the problems…
PLANNING
REVIEW
MANAGEMENT
PEO
PLE
CS3100. Risk Slide 26
How would you act if the risks materialise as problems?
Go back to lectures on monitoring & control and on recovering from failure
CS3100. Risk Slide 27
So, when evaluating the risks…
Plan risk management
approach
Identify risks
Assess risks
Plan risk responses
Carry out risk reduction actions
Risk Register
Risk Managemen
t Plan
Project Objectives Achieved
attempting to
‘understand
uncertainty’
CS3100. Risk Slide 28
Why do we attempt to understand uncertainty?
for planning (or predicting) for the future there is always uncertainty!
therefore…
we need the best tools to predict, with reliable precision, for planning…- statistical techniques (static)- simulation techniques (dynamic)
CS3100. Risk Slide 29
…methods to explore “what if” scenarios:
simulation
study aspects of the behaviour of a system by creating approximate dynamic model of it.
By modelling activities throughout the project we can:- develop insights to the interrelationship between the activities; - predict bottle-necks in the project;- save on the cost of making real mistakes and- train for new users (team or customers)
which are more likely to be used in…
CS3100. Lecture 14: RiskSlide 30
and we have tools…
simulation tools general purpose simulation languages simulators project management simulators
project mgmt tools estimating and scheduling methods planning and management techniques progress reporting and tracking
CS3100. Risk Slide 31
To round up…
Risk management needs sharp planning, review, management and people-skills!
Risk Management is cyclical & requires vigilance!
The nature of risks may change with events.Different companies adopt different risk
management approaches to understand uncertainty.
Each company will have its own documentation to capture and manage risk