Software project management (intro)Software project management (intro)

Risk ManagementRisk Management

IntroductionIntroduction

Risk of the development project’s not Risk of the development project’s not proceeding according to planproceeding according to plan The risk of the project’s running late or over The risk of the project’s running late or over

budget andbudget and The identification of the steps to avoid or to The identification of the steps to avoid or to

minimize those risksminimize those risks

The nature of riskThe nature of risk

Estimation errorsEstimation errors

Planning assumptionsPlanning assumptions

Eventualities (unforeseen events)Eventualities (unforeseen events)

Managing riskManaging riskObjective:Objective:

To avoid or minimize the adverse effects of unforeseen To avoid or minimize the adverse effects of unforeseen events by avoiding the risks or drawing up contingency events by avoiding the risks or drawing up contingency plans for dealing with themplans for dealing with them

Risk Risk EngineeringEngineering

Risk AnalysisRisk Analysis

Risk Risk ManagementManagement

Risk IdentificationRisk Identification

Risk EstimationRisk Estimation

Risk EvaluationRisk Evaluation

Risk PlanningRisk Planning

Risk ControlRisk Control

Risk MonitoringRisk Monitoring

Risk DirectingRisk Directing

Risk StaffingRisk Staffing

Managing risk (2)Managing risk (2)Task breakdownTask breakdown

Risk identificationRisk identificationListing all of the risks that can adversely affect the successful Listing all of the risks that can adversely affect the successful execution of the projectexecution of the project

Risk estimationRisk estimationAssessing the likelihood and impact of each hazardAssessing the likelihood and impact of each hazard

Risk evaluationRisk evaluationRanking the risks and determining risk aversion strategiesRanking the risks and determining risk aversion strategies

Risk planningRisk planningDrawing up contingency plan and, where appropriate, adding these Drawing up contingency plan and, where appropriate, adding these to the project’s task structureto the project’s task structure

Risk controlRisk controlMinimizing and reacting to problemsMinimizing and reacting to problems

Risk monitoringRisk monitoringAn ongoing activity, as the importance and likelihood of particular An ongoing activity, as the importance and likelihood of particular risks can change as the project proceedsrisks can change as the project proceeds

Risk directing & risk staffingRisk directing & risk staffingDay-to-day management of riskDay-to-day management of risk

Risk IdentificationRisk Identification

Identify hazard:Identify hazard: Hazard -- an event that might occur and will, if it does Hazard -- an event that might occur and will, if it does

occur, create a problem for the successful completion occur, create a problem for the successful completion of the project.of the project.

To identify hazard:To identify hazard: Use a checklist listing all the possible hazards and Use a checklist listing all the possible hazards and

factor that influence themfactor that influence them

Some hazards are:Some hazards are: Generic risks – relevant to all software projectsGeneric risks – relevant to all software projects Specific risks – relevant to an individual projectSpecific risks – relevant to an individual project

Categories of factorsCategories of factorsApplication factors Application factors -- -- The nature of the applicationThe nature of the application

Staff factors Staff factors -- -- The experience and skills of the staffsThe experience and skills of the staffs

Project factors Project factors -- -- Project and its objectives well definedProject and its objectives well defined

Project methods Project methods -- -- Using well specified and structured methodUsing well specified and structured method

Hardware/software factors Hardware/software factors -- -- Installation riskInstallation risk

Changeover factors Changeover factors -- -- All-in-one vs gradual changeoverAll-in-one vs gradual changeover

Supplier factors Supplier factors – reliance on external organization– reliance on external organization

Environment factors Environment factors – – eg. Taxation regulationeg. Taxation regulation

Health and safety factors Health and safety factors – – though not generally a majorthough not generally a major issueissue

Risk AnalysisRisk Analysis

Risk Likelihood:Risk Likelihood: The probability of a hazard’s occurringThe probability of a hazard’s occurring

Risk Impact:Risk Impact: The effect that the resulting problem will have The effect that the resulting problem will have

on the projecton the project

Risk Value or Risk ExposureRisk Value or Risk Exposure The importance of the riskThe importance of the risk

Risk exposure = risk likelihood * risk impactRisk exposure = risk likelihood * risk impact

Risk Analysis (2)Risk Analysis (2)

Simple scoring to provide a quantitative measure for Simple scoring to provide a quantitative measure for assessing the riskassessing the risk

Eg., 1 to 10 whereEg., 1 to 10 where1 is the least likely1 is the least likely10 is the most likely10 is the most likely

HazardHazard LikelihoodLikelihood ImpactImpact Risk Risk ExposureExposure

R1 – changes in requirementsR1 – changes in requirements 55 77 3535

R2 – specification takes longerR2 – specification takes longer 1010 33 3030

R3 – staff sicknessR3 – staff sickness 11 1010 1010

R … R …

Prioritizing the risksPrioritizing the risks

Managing the risk involves the use of two Managing the risk involves the use of two strategiesstrategies Reducing the risk exposure by reducing the Reducing the risk exposure by reducing the

likelihood or impactlikelihood or impact Drawing up contingency plans to deal with the Drawing up contingency plans to deal with the

risk should it occurrisk should it occur

Prioritizing the risks (2)Prioritizing the risks (2)

The risk exposures allow us to obtain an The risk exposures allow us to obtain an approximate ranking in order of importanceapproximate ranking in order of importance

HoweverHowever We cannot interpret the risk exposure value We cannot interpret the risk exposure value

quantitativelyquantitativelyEg., is value of 20 is twice as risk as value of 10?Eg., is value of 20 is twice as risk as value of 10?

The exposure value are too close for us to The exposure value are too close for us to distinguish between themdistinguish between them

Eg., which one is more risky, value of 20 or 21?Eg., which one is more risky, value of 20 or 21?

Prioritizing the risks (33)Prioritizing the risks (33)

In addition to the risk exposure value, In addition to the risk exposure value, there are generally there are generally other factorsother factors to to consider when prioritizing the risks:consider when prioritizing the risks: Confidence of the risk assessmentConfidence of the risk assessment Compound risks – Compound risks – ie, dependency between risksie, dependency between risks The number of risksThe number of risks Cost of actionCost of action

Method: Risk Reduction Leverage (RRL)Method: Risk Reduction Leverage (RRL)

cost reducingrisk

RE - RERRL

afterbefore

Strategies for risk reductionStrategies for risk reduction

Hazard preventionHazard prevention Eg. Early scheduling for unavailability of staffEg. Early scheduling for unavailability of staff

Likelihood reductionLikelihood reduction Eg by prototypingEg by prototyping

Risk avoidanceRisk avoidance Eg, by increasing the duration estimates or reducing functionalityEg, by increasing the duration estimates or reducing functionality

Risk transferRisk transfer Eg., contracting or taking insuranceEg., contracting or taking insurance

Contingency planningContingency planning Eg. Using agency programmers for the absence of staffEg. Using agency programmers for the absence of staff

Evaluating risks to the scheduleEvaluating risks to the schedule

Not all risks can be eliminatedNot all risks can be eliminated

Two methods for assessing the effects of Two methods for assessing the effects of these uncertainties on the project these uncertainties on the project schedule:schedule: Using PERT to evaluate the effects of Using PERT to evaluate the effects of

uncertaintyuncertaintyMost likely timeMost likely time

Optimistic timeOptimistic time

Pessimistic timePessimistic time 6

b4mate

Using expected durationsUsing expected durations

Examples: PERT activity time estimatesExamples: PERT activity time estimates

ActivityActivity Activity durations (weeks)Activity durations (weeks)

Optimistic Optimistic

(a)(a)

Most likely Most likely

(m)(m)

Pessimistic Pessimistic

(b)(b)

AA 55 66 88

BB 33 44 55

CC 22 33 33

DD 3.53.5 44 55

EE 11 33 44

FF 88 1010 1515

GG 22 33 44

HH 22 22 2.52.5

Expected times and Standard DeviationExpected times and Standard Deviation

ActivityActivity Activity durations (weeks)Activity durations (weeks)

Optimistic Optimistic

(a)(a)

Most likely Most likely

(m)(m)

Pessimistic Pessimistic

(b)(b)

ExpectedExpected

(t(tee))

Std DevStd Dev

(s)(s)

AA 55 66 88 6.176.17 0.500.50

BB 33 44 55 4.004.00 0.330.33

CC 22 33 33 2.832.83 0.170.17

DD 3.53.5 44 55 4.084.08 0.250.25

EE 11 33 44 2.832.83 0.500.50

FF 88 1010 1515 10.5010.50 1.171.17

GG 22 33 44 3.003.00 0.330.33

HH 22 22 2.52.5 2.082.08 0.080.08

Std Dev Std Dev s = (b – a) / 6 s = (b – a) / 6

PERT NetworkPERT Network

Rather than say “the completion date for the project is …”, Rather than say “the completion date for the project is …”,

we are lead to say “we expect to complete the project by …”we are lead to say “we expect to complete the project by …”

11

00

22

6.176.17

33

44

44

99

66

13.513.5

55

10.510.5

AAt = 6.17t = 6.17

BBt = 4.00t = 4.00

CCt = 2.83t = 2.83

FFt = 10.5t = 10.5

DDt = 4.08t = 4.08

EEt = 2.83t = 2.83

HHt = 2.08t = 2.08

GGt = 3.00t = 3.00

Event Event numbernumber

Target Target datedate

Expected Expected datedate

Standard Standard deviationdeviation

The likelihood of meeting The likelihood of meeting targetstargets

The PERT techniques uses the following three The PERT techniques uses the following three step method for calculating the probability of step method for calculating the probability of meeting or missing a target date:meeting or missing a target date: Calculate the standard deviation of each project eventCalculate the standard deviation of each project event Calculate the z value for each event that has a target Calculate the z value for each event that has a target

datedate Convert z values to a probabilitiesConvert z values to a probabilities

The likelihood of meeting targets (2)The likelihood of meeting targets (2)

Suppose that we must complete the project Suppose that we must complete the project within 15 weekswithin 15 weeks

We expect it will take 13.5 weeks but it could We expect it will take 13.5 weeks but it could take more or, perhaps, lesstake more or, perhaps, less

Suppose that activity C must be completed by Suppose that activity C must be completed by week 10week 10

Event 5 represents the delivery of intermediate Event 5 represents the delivery of intermediate products to the customerproducts to the customer

PERT NetworkPERT Network

PERT Network with three target dates and calculated event PERT Network with three target dates and calculated event standard deviationsstandard deviations

11

00 00

22

6.176.17 0.500.50

33

44 0.330.33

44 1010

99 0.530.53

66 1515

13.513.5 1.221.22

55 1010

10.510.5 1.171.17

AAt = 6.17t = 6.17s = 0.50s = 0.50

BBt = 4.00t = 4.00s = 0.33s = 0.33

CCt = 2.83t = 2.83s = 0.17s = 0.17

FFt = 10.5t = 10.5s = 1.17s = 1.17

DDt = 4.08t = 4.08s = 0.25s = 0.25

EEt = 2.83t = 2.83s = 0.50s = 0.50

HHt = 2.08t = 2.08s = 0.08s = 0.08

GGt = 3.00t = 3.00s = 0.33s = 0.33

Calculating the z valuesCalculating the z values

It is equivalent to the number of standard It is equivalent to the number of standard deviations between the node’s expected deviations between the node’s expected and target datesand target dates

s

t- T z

e

Where:Te = the expected dateT = the target date

Converting z values to probabilitiesConverting z values to probabilities

Example:Z value for project completion (event 6) is 1.23The probability is about 11%

There is an 11% risk of not meeting the target date of the end of week 15

The advantages of PERTThe advantages of PERT

The technique can be used to calculate the The technique can be used to calculate the standard deviation for each task and use this to standard deviation for each task and use this to rank them according to their degree of riskrank them according to their degree of risk

The probability of meeting any target set can be The probability of meeting any target set can be estimated using the expected times and estimated using the expected times and standard deviationsstandard deviations

By setting target dates along the critical path, we By setting target dates along the critical path, we can focus on those activities posing the greatest can focus on those activities posing the greatest risk to the project’s schedulerisk to the project’s schedule