Risk management involves identifying potential problems, assessing their likelihood and impacts, and developing strategies to address them. There are two main risk strategies - reactive, which addresses risks after issues arise, and proactive, which plans ahead. Key steps in proactive risk management include identifying risks through checklists, estimating their probability and impacts, developing mitigation plans, monitoring risks and mitigation effectiveness, and adjusting plans as needed. Common risk categories include project risks, technical risks, and business risks.
2. RISK?
Risk is a potential problem-it might happen,
it might not.
Risk concerns future happenings.
Risk involves change.
Risk involves choice and the uncertainty that
choice entails itself.
We can not eliminate the risk properly ,but
we can try to minimize it.
3. Risk management:
Risk analysis and management are actions
that help a software team to understand and
manage uncertainty.
Many problems can plague a software
project. Regardless of outcome, it’s a really
good idea to identify the risk, asses its
probability of occurrence and estimate its
impact.
5. Reactive risk strategyReactive risk strategy
Monitors the project for likely risks.Monitors the project for likely risks.
Resources are set aside to deal with risks when they becomeResources are set aside to deal with risks when they become
actual problem.actual problem.
Software team does nothing about risks until something goesSoftware team does nothing about risks until something goes
wrong .Then ,the team attempts to correct the problem ,this iswrong .Then ,the team attempts to correct the problem ,this is
often called a fire fighting mode.often called a fire fighting mode.
When team fails to solve the problem ,”Crisis management “When team fails to solve the problem ,”Crisis management “
takes over and the project is in real jeopardy.takes over and the project is in real jeopardy.
6. Proactive risk strategy:Proactive risk strategy:
Better than reactive risk strategy.Better than reactive risk strategy.
Begins long before technical work is initiated.Begins long before technical work is initiated.
Potential risks are identified, their probability and impacts arePotential risks are identified, their probability and impacts are
assessed and ranked by importance.assessed and ranked by importance.
Software team establishes a plan for managing risks.Software team establishes a plan for managing risks.
As all the risks can not be avoided, the team works to develop aAs all the risks can not be avoided, the team works to develop a
contingency plan that will enable it to respond in a controlledcontingency plan that will enable it to respond in a controlled
and effective manner.and effective manner.
7. Software Risks:
Risk always involves :Risk always involves :
UncertaintyUncertainty-the risk may or may not
happen.
LossLoss-if the risk become reality,
unwanted consequences and losses will
occur.
When risks are analyzed ,it isWhen risks are analyzed ,it is
important to quantify the level ofimportant to quantify the level of
uncertainty and the degree ofuncertainty and the degree of
loss associated.loss associated.
PROBABILITYPROBABILITY
IMPACTSIMPACTS
COMPONENTSCOMPONENTS
TYPESTYPES
RISKRISK
8. Types of RisksTypes of Risks
Project riskProject risk
Technical riskTechnical risk
Business riskBusiness risk
Known risksKnown risks
Predictable risksPredictable risks
Unpredictable riskUnpredictable risk
9. Project risks:
Threaten the project plan.Threaten the project plan.
If the risks become real, it is likely that the project schedule willIf the risks become real, it is likely that the project schedule will
slip and the costs will increase.slip and the costs will increase.
Risk factors:Risk factors:
Potential budgetaryPotential budgetary
Schedule personnelSchedule personnel
ResourceResource
StakeholdersStakeholders
Project complexity and sizeProject complexity and size
Degree of structural uncertainty.Degree of structural uncertainty.
10. Technical risks
Threaten the quality and timeliness of of the software to be produced.
If a technical risk become a reality ,implementation may become
difficult and impossible.
Technical risks occur when the problem is harder to solve than you
thought it would be.
Risk factors:
Potential design and implementationPotential design and implementation
InterfaceInterface
VerificationVerification
Maintenance problemsMaintenance problems
Specification ambiguitySpecification ambiguity
Technical uncertaintyTechnical uncertainty
11. Business risks
Threaten the viability of the software to be built and often
jeopardize the project or product.
Top five business risks are:
1. Market risk :building an excellent product or system that no one
really wants.
2. Strategic risk :building a product that no longer fits into the
overall business strategy for the company.
3. Sales risk :building a product that the sales force doesn’t
understand how to sell.
4. Management risk :losing the support of senior management
due to change in focus or a change in people.
5. Budget risk :losing budgetary or personnel commitment.
12. Known risksKnown risks
Those that can be uncovered after careful evaluation ofThose that can be uncovered after careful evaluation of
the project plan, the business and technical environmentthe project plan, the business and technical environment
in which the project is being developed ,and otherin which the project is being developed ,and other
reliable information source.reliable information source.
e.g. unrealistic delivery date ,lack of documentede.g. unrealistic delivery date ,lack of documented
requirements ,poor development environment.requirements ,poor development environment.
13. Predictable risks:Predictable risks:
Risks that ere extrapolated from past project
experience.
e.g. staff turnover ,poor communication with the
customer ,dilution of staff effort as ongoing
maintenance requests are serviced.
Unpredictable risks:Unpredictable risks:
Risks that are extremely difficult to identify in
advance (joker in the desk).
14. Risk Identification
Systematic attempt to specify threats to the project plan.
Predictable and known risks can be avoided and controlled possibly by
identification.
There are two types of risks for each categorized risk:
Generic risksGeneric risks : potential threat to every software project.
Product-specific risksProduct-specific risks : can be identified by those with a
clear understanding of
technology ,the people and the
environment specific for building
the project.
15. Cont..
One method for identifying risks is to create a risk item checklist.
The checklist focuses on some subset:
Product sizeProduct size
Business impactBusiness impact
Stakeholders characteristicsStakeholders characteristics
Process identificationProcess identification
Development environmentDevelopment environment
Technology to be buildTechnology to be build
Staff size and experienceStaff size and experience
After organizing risk item checklist ,a set of “risk components and
drivers ”are listed along with their probability of occurrence ,helps
in risk identification.
16. Risk components and Drivers
Risk componentsRisk components:
PerformancePerformance : degree of uncertainty that the product will meet its
requirements and be fit for its intended use.
CostCost : degree of uncertainty that the project budget will be
maintained.
ScheduleSchedule : degree of uncertainty that the product schedule will be
maintained and that the product will be delivered on time.
SupportSupport :degree of uncertainty that the resultant software will be
easy to correct ,adapt ,and enhance.
It is required that the project manager identify the risk drivers
that affect software risk components.
17. RISK PROJECTION /RISK ESTIMATIONRISK PROJECTION /RISK ESTIMATION
Attempts to rate each risk in two ways:
i. Probability that the risk is real.
ii. Consequences of the problems associated with the
risk.
There are four risk projection steps intended to
consider risks in a manner that leads to
prioritization.
Estimate a scale that reflects the perceived probability of a
risk.
Delineate the consequences of the risk.
Estimate the impact of the risk on project and product.
Asses the overall accuracy of the risk projection.
18. Risk tableRisk table
A risk table provides simple techniques for
risk projection.
Begin by listing all the risks in the table
with the help of risk item checklist.
Each risk is categorized in the second
table.
Probability of occurrence of each risk is
entered in the next column.
Next, the impact of each risk is assessed.
19. Risks Category Probability Impact RMMM
Size estimate may be significantly low PS 60% 2
Larger no of users than planned Ps 30% 3
Less reuse than planned PS 70% 2
End users resist system BU 50% 3
Delivery deadline will be tightened BU 40% 2
Funding will be lost BU 50% 1
Customer will change requirements PS 80% 2
Technology will not meet expectations TE 30% 1
Lock of training on tools DE 80% 3
Staff inexperienced ST 30% 2
Staff turnover will be high ST 60% 2
Sample risk table prior to sorting
Impact Values:
1---Catastrophic
2---Critical
3---marginal
4---negligible
20. Risk impacts on risk components:
negligible
marginal
critical
Catastrophic
Factors affecting impacts of risk:
Nature: Indicates the problems that are likely if it occurs.
Scope: Combines the severity with overall distribution.
Timing: Considers when and for how long the impact will be felt.
21. RISK EXPOSURE(RE)
RE=P*C
P=probability of occurrence for each risk
C=cost of project when risk occurs
Risk Exposure can be computed for each risk ,once the estimation
of the cost of the risk is made.
The total RE for all the risks can provide a mean for adjusting the
final cost.
RE can be used to predict the probable increase in staff resources
required at various points during the project schedule.
22. RISK REFINEMENT
During early stages of project planning, a risk may be stated quite
generally. As time passes and more is learned about risk ,it may be
possible to refine the risk into a set of more detailed risks each
somewhere easy to monitor and manage.
One way to do this is to represent the risk in Condition Transition
Consequence format:
Given that<condition>then there is concern that (possibly)<consequence>.Given that<condition>then there is concern that (possibly)<consequence>.
Refinement helps to isolate the underlying risks and lead to easier
analysis and response.
24. RISK MITIGATIONRISK MITIGATION
If a software team adopts a proactive approach to risk, avoidanceIf a software team adopts a proactive approach to risk, avoidance
is best strategy, achieved by developing a plan for mitigation.is best strategy, achieved by developing a plan for mitigation.
For ex, assume that high staff turnover is noted as a project risk r1.BasedFor ex, assume that high staff turnover is noted as a project risk r1.Based
on past history and management intuition, the likelihood l1 of highon past history and management intuition, the likelihood l1 of high
turnover is estimated to be 0.70 and the impact x1 is produced asturnover is estimated to be 0.70 and the impact x1 is produced as
critical. i.e. high turnover will have a critical impact on project cost andcritical. i.e. high turnover will have a critical impact on project cost and
schedule.schedule.
To mitigate this risk, you would develop a strategy for reducingTo mitigate this risk, you would develop a strategy for reducing
turnoverturnover
25. RISK MONITORING
After risk mitigation ,risk monitoring activity commence.After risk mitigation ,risk monitoring activity commence.
The project manager monitors the factors that may provide anThe project manager monitors the factors that may provide an
indication of whether the risk is becoming more or less likely.indication of whether the risk is becoming more or less likely.
e.g. In case of high staff turnover, the general attitude of team memberse.g. In case of high staff turnover, the general attitude of team members
based on project pressures ,interpersonal relationships among teambased on project pressures ,interpersonal relationships among team
members, potential problems with compensation and benefits,members, potential problems with compensation and benefits,
availability of jobs within the company and outside the company isavailability of jobs within the company and outside the company is
monitoredmonitored
Project manager should also monitor the effectiveness of riskProject manager should also monitor the effectiveness of risk
mitigation steps.mitigation steps.
Project manager should monitor work products carefully to ensureProject manager should monitor work products carefully to ensure
that each can stand on its own.that each can stand on its own.