1 / 20

What is a Risk ?

What is a Risk ?. It is an unwanted event negative connotation It is a potential problem there is a possibility of occurrence A risk is problem that may occur. 0 < probability (of r occurring) < 1. B. Boehm’s (same Boehm) Risk Management Breakdown. (1) Risk Assessment.

serge
Télécharger la présentation

What is a Risk ?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What is a Risk ? • It is an unwanted event • negative connotation • It is a potential problem • there is a possibility of occurrence • A risk is problem that may occur. • 0 < probability (of r occurring) < 1

  2. B. Boehm’s (same Boehm) Risk Management Breakdown (1) Risk Assessment (2) Risk Control -Risk Identification -Risk Analysis - Risk Prioritization -Risk Mgmt & Planning -Risk Resolution - Risk Monitoring

  3. Risk Management Risk Identification (1) Risk Prioritization (& evaluation) (2) Risk Mitigation (3) Risk Handling Plan (4) Must Take Actions: - monitoring - adjusting

  4. 1. Risk Identification • In software projects, where do we look? Some suggested places: • Plan, Process, Methodology • Product and Artifacts • Other Resources (people, tools, etc.) • - This is not a prioritized list ---- risk can be everywhere • For Project Management, we may focus on the • - the plan and the people resource first

  5. Risk Identification A favorite citing of risk • Plan, Process, Methodology • overall plan • Completeness (schedule, task assignment, goals, measurements, etc.) • Consistency & Concreteness (conflict, traceability) • Accuracy (mistakes in computation, name, etc.) • specific methodology (estimation, design, prototype, review, etc.) • new and unproven anywhere • lack of experience and understanding (by the team) • excessive optimism ( by management – especially inexperienced ones) • incomplete definition of process (evolutionary, iterative, etc.) • pre and post conditional states (entry and exit criteria) • applicability and rationale of the specific process • execution of methodology and process • not trained to execute • not enforced

  6. Risk Identification • Product and Artifacts • intermediate artifacts • not well specified (incomplete, extraneous, inconsistent, etc.) • untested (review, formally inspected, executed) • non-utilized (timeliness, understanding) • end product and deliverables • not well “defined” (Chaos’ top cause for project failure) • continuous scope creek • aggressive or unclear targets (ease of use, robust system, dates, cost, etc.) Note

  7. Risk Identification • Resources • People • skill and experience • Availability • morale and team work • Tools • availability • new and untried • Time • excessively optimistic • miscalculation • Finance • under-funded • timeliness of fund

  8. 2. Risk Prioritization (Evaluation) • Risk Prioritization is some ordering of risk items • “Simple” categorization (ordered ) • high • medium • low • Based on what ? • Cost of Recovery (estimated), if and when the risk materializes into a problem • high cost of recovery == high priority risk item • medium cost of recovery == medium priority risk item • low cost of recovery == low priority risk item • Sometimes it may be probability of recovery (e.g. unique skill that can’t be found no matter the cost --- low probability of recovery equates to high risk) “Cost” can be in non-$ form (e.g. effort)

  9. Risk Prioritization • Upping the Measurement Scale to – “More Numerical” • May still based on Cost of Recovery • n equal increments • Pick a convenient numbers for the increments – e.g. 5 or 10 • (largest cost - smallest cost)/n to get the n increments • “more numerically ordered” • 1, 2, 3, ------,10 where 10 is the highest cost (or highest priority) • priority 7 > priority 5 • priority 8 is 5 units higher in priority than priority 3 • priority 6 is twice as high in priority as priority 3

  10. Risk Prioritization • Include probability of occurrence • assess the probability of a risk item turning into a problem (this is an estimate based on some criteria) 2. define a risk value, RV, as product of a) probability of occurrence and the b) cost of recovery • RV(j) = p(j) * RC(j) • p(j) is the probability of risk item j turning into a problem • RC(j) is the recovery cost of item j should it turn into a problem 3. prioritize the risk items by their risk values, RV’s.

  11. Using Earned Value Indices for Risk Identification/Prioritization of Schedule & Cost • Schedule Performance Index (SPI) = BCWP /BCWS • SPI < 1 implies we are behind • So, may set an SPI range (e.g. .90 - .80) as Schedule “Risk” • low risk = .9 to .99 ; medium risk = .85-.89; high risk = .84 or less based on some past record of recovery probability • Cost Performance Index (CPI) = BCWP/ACWP • CPI < 1 implies we have cost over-run • So, may set an CPI range (e.g. .85 - .95) as Cost “Risk” based on past experience Students always “said” schedule Think about: a) which one is higher priority, schedule or cost? b) how to determine the risk threshold? --- past experience?

  12. 3. Risk Mitigation • Risk mitigation is the “reduction or containment” of risk • there may be several approaches to mitigation • each with different associated cost • each with different potential of success

  13. Risk Mitigation • Identify the mitigation approaches via considering • increase or change resource (people, time, funding, etc.) • improve or modify process and methodology • reduce or modify product deliverables ( number of, content) • List and characterize the “reasonable” mitigation approaches

  14. Risk Mitigation factors • Cost of mitigation • Probability of success • Possible other (e.g. compare cost of mitigation versus cost of recovery)

  15. Attach Cost Factor to Mitigation • Assess the required cost for each of the mitigation approaches • Rank the mitigation approaches by costs • assess which mitigation approach(es) to utilize • pick the least cost approach • fold in probability of success(or failure) for each approach • mitigation value cost = probability of failure x mitigation cost • pick the mitigation approach with the lowest mitigation valuecost

  16. Example For Risk item j, there may be several mitigation alternatives Mitigation Alternatives Cost of Mitigation Probability of Failure Mitigation Value Cost Pick the lowest $60,000 .25 $15,000 alternative 1 $42,750 alternative 2 $95,000 .45 alternative 3 $125,000 .3 $37,500

  17. With Cost Constraint(Allocate by risk priority) Available Budget ($500,00) Prioritized Risk Item Cost of Mitigation for “best” approach Risk 1 $ 180,000 $ 320,000 Risk 2 $ 105,000 $ 215,000 Risk 3 $ 130,000 $ 85,000 Risk 4 $ 95,000 Not Enough Budget

  18. Allocation Methodology • Allocate sequentially until funds run out • Allocate via maximizing the “total” risk value • Allocate via maximizing the total number of risk items • etc.

  19. 4. Risk Handling Plan • There must be a risk mitigation plan • prioritized risk items • chosen mitigation approach • expected risk mitigation (removal) date • dependency for the mitigation • person responsible • etc.

  20. Continuous Monitoring of Risk Status • At regular interval • Natural part of project status meeting

More Related