1 / 17

What is a Risk?

What is a Risk?. It is an unwanted event negative connotation It is a potential problem there is a possibility of occurrence A risk is problem that may occur 0 < (probability of occurring) < 1. Handling Risks . Risk Identification. Risk Prioritization.

booth
Télécharger la présentation

What is a Risk?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. What is a Risk? • It is an unwanted event • negative connotation • It is a potential problem • there is a possibility of occurrence A risk is problem that may occur 0 < (probability of occurring) < 1

  2. Handling Risks Risk Identification Risk Prioritization Risk Mitigation Risk Handling Plan Must Take Actions via: - monitoring - adjusting

  3. 1. Risk Identification • In software projects, where do we look? • Methodology, Process and Plan (new and unknown) • Product and Artifacts (new and unknown) • Other Resources (people, tools, technology, etc.)

  4. Risk Identification (cont.) • Methodology, Process and Plan • specific methodology (estimation, design, prototype, review, etc.) • new and unproven anywhere • lack of experience and understanding (by the team) • excessive optimism ( by the management) • incomplete definition of process (evolutionary, iterative, etc.) • pre and post conditional states (entry and exit criteria) • applicability and rationale of the specific process • execution of methodology and process • not trained to execute • not enforced • overall plan • Completeness (schedule, task assignment, goals, measurements, risks, etc.) • Consistency & Concreteness (conflict, traceability) • Accuracy (mistakes in computation, name, etc.)

  5. Risk Identification (cont.) • Product and Artifacts • intermediate artifacts • not well specified (incomplete, extraneous, inconsistent, etc.) • untested (review, formally inspected, executed) • non-utilized (timeliness, understanding) • end product and deliverables • not well defined (top cause for project failure) • continuous scope creek • aggressive or unclear targets (ease of use, robust system, dates, cost, etc.) Note

  6. Risk Identification (cont.) • Resources • People • skill and experience • Availability/total loss • morale and team work • Tools • availability • new and untried • Time • excessively optimistic • miscalculation • Finance • under-funded • timeliness of fund

  7. 2. Risk Prioritization (Evaluation) What do we do with the identified list of risks ? • Risk Prioritization is the orderingof risk items • Simple categorization (“ordered” ) • high • medium • low • Based on what ? • Cost of Recovery (estimated), if and when the risk materializes into a problem • high cost of recovery == high priority risk item • medium cost of recovery == medium priority risk item • low cost of recovery == low priority risk item • Sometimes it may be probability of recovery (e.g. unique skill that can’t be found no matter the cost)

  8. Risk Prioritization (cont.) • Upping the Measurement Scale – from “ordered” to “numerical intervals” • still based on Cost of Recovery • n equal increments • estimated & convenient numbers for the increments • (largest cost - smallest cost)/n to get the n increments • ordered • 1, 2, 3, ------,10 where 10 is the highest cost (or highest priority) • priority 7 > priority 5 • priority 8 is 5 units higher in priority than priority 3 • priority 6 is twice as high in priority as priority 3

  9. Risk Prioritization (cont.) • Include probabilityof occurrence • assess the probability of a risk item turning into a problem (this is an estimate based on some criteria) • define a risk value, RV, as product of probability of occurrence and the cost of recovery • RV(j) = p(j) * RC(j) • p(j) is the probability of risk item j turning into a problem • RC(j) is the recovery cost of item j should it turn into a problem • prioritize the risk items by their risk values, RV’s.

  10. 3. Risk Mitigation • Risk mitigation is the “reduction or containment” of risk • there may be several approaches to mitigation • each with different associated cost • each with different potential of success

  11. Risk Mitigation (cont.) • Identify the mitigation approaches via considering • increase or change resource (people, time, funding, etc.) • improve or modify process and methodology • reduce or modify product deliverables ( number of, content features, etc.) • List and characterize the “reasonable” mitigation approaches

  12. Risk Mitigation (cont.)“factors to consider” • Cost factors • Probability of success • Possible other (e.g. compare cost of mitigation versus cost of recovery)

  13. Attach Cost Factor to Mitigation • Assess the required cost for each of the mitigation approaches • Rank the mitigation approaches by costs • assess which mitigation approach(es) to utilize • pick the least costapproach • fold in probability of success(or failure) for each approach • mitigation value cost = probability of failure * mitigation cost • pick the mitigation approach with the lowest mitigation valuecost

  14. Example For Risk item j, there may be several mitigation alternatives Mitigation Alternatives Cost of Mitigation Probability of Failure Mitigation Value Cost Pick the lowest $60,000 .25 $15,000 alternative 1 $42,750 alternative 2 $95,000 .45 alternative 3 $125,000 .3 $37,500

  15. With Cost Constraint(Allocate by risk priority) Available Budget ($500,00) Prioritized Risk Item Cost of Mitigation for “best” approach Risk 1 $ 180,000 $ 320,000 Risk 2 $ 105,000 $ 215,000 Risk 3 $ 130,000 $ 85,000 Risk 4 $ 95,000 Not Enough Budget

  16. Allocation Methodology • Allocate sequentially until funds run out • Allocate via maximizing the “total” risk value • Allocate via maximizing the total number of risk items • etc.

  17. 4. Risk Handling Plan • There must be a risk mitigation plan • prioritized risk items • chosen mitigation approach • expected risk mitigation (removal) date • dependency for the mitigation • person responsible • etc.

More Related