october 2002j. b. wordsworth: j2isdqr11 information systems development quality and risk (1)

October 2002 J. B. Wordsworth: J2ISDQR1 1

Information Systems Development

Quality and Risk (1)


Basis

Risk provisions

Material expensesand costs

Staff costs

Staff profile

Timescales

Problem

Resource Plan

Risk management strategy

Quality management strategy

Risk and Quality Plan

From Ould’s Managing Software Quality ...


Risk and Quality Plan1 Introduction2 Risk management plan 2.1 Risks identified 2.2 Chosen risk reduction measures 2.3 Residual risk assessment3 Quality achievement plan 3.1 Characterisation of system 3.2 Client expectations or

requirements on development 3.3 Chosen development methods 3.4 Chosen tool support 3.5 Chosen target environment 3.6 Consequent activities

4 Quality control plan

4.1 Planned product types

4.2 Specifications and standards

4.3 Quality control activities

4.4 Consequent activities

5 Quality preservation plan

5.1 Identification control

5.2 Change control

5.3 Configuration control

5.4 Consequent activities



A risk management process

A risk is anything that threatens our achieving the project’s cardinal aims.

• risk identification• risk analysis• risk response planning• risk resolution and monitoring


Some cardinal aims

• to match the stated development cost

• at peak times, to handle twice the current throughput

• to be ready at the start of next year’s peak period

• to reduce dispatch mistakes to one third of their current value.


A cause-effect tree

project fails

2: fail on throughput

1: exceed cost target

3: not ready for peak

4: mistakes not reduced

8: key staff overloaded

9: marketing over-keen

10: we are over-keen

11: facilitiesover-exploited

12: poor algorithms

13: staff cannot cope

5: supplierfails to deliver

6: installerfails to deliver

7: training late



Risk analysis• Impact

– binary risks– sliding risks

• Uncertainty– event uncertainty (it might happen that ..., so

we must influence something.)– estimating uncertainty (we are uncertain how

much ..., so we must try to find something out.)


Risk estimation• Probability:

– VL: very likely– L: likely– U: unlikely– VU: very unlikely

• Impact:– L: life threatening– P: project threatening– E: expensive in cost or time– S: some cost or time penalty– N: negligible cost or time penalty


The danger slope

VU U L VL

L X X X X

P X X X

E X X

S X X

N X



Pre-emptive risk reduction

Pre-emptive risk reduction is planned to take effect before a risk materialises.– Information-buying activities reduce the (estimation)

uncertainty of a risk.– Risk-influencing activities reduce the (event)

uncertainty of a risk.– Contractual transfer transfers a risk to someone better

able to deal with it.– A process model structures the project into phases that

are designed to successively reduce risk.


Reactive risk reduction

Reactive risk reduction is planned to take effect after a risk materialises.– Contingency plans have a trigger to bring them

into effect.– Insurance requires a premium to be paid.


Risk register• risk number• risk description• causes risks ...• source of uncertainty (event/estimation)• nature of uncertainty• probability• impact• chosen risk-reduction measures (pre-emptive or reactive)• risk owner (a person)• residual risk• best case value• chosen case value• worst case value


Summary

• A risk is anything that threatens a project’s cardinal aims.

• Risk management is a four-step process.

• Risk reduction measures, planned in advance, can be pre-emptive or reactive.

• A risk register collates information about risks.

october 2002j. b. wordsworth: j2isdqr11 information systems development quality and risk (1)

Documents