130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco,...
Transcript of 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco,...
![Page 1: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/1.jpg)
1
Paper 130-29
Risk Management for Software ProjectsTom DeMarco, The Atlantic Systems Guild, Camden, ME
ABSTRACTRisk management is project management for adults. It guides project managers to focus specifically on what can go wrong, instead the more usual "if everything goes as planned" approach. The benefits of risk management include these:
• it enables aggressive risk-taking• it protects management from being blind-sided• it provides minimum cost downside protection
In this keynote, Tom DeMarco lays out the basics of a risk-focused strategy and provides clear guidelines for its implementation.
SUGI 29 Planning, Development and Support
![Page 2: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/2.jpg)
Copyright © 2004 by Tom DeMarco: The Atlantic Systems Guild
Risk Managementfor Software
Projects
SUGI2004: Montreal, May 10, 2004
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 3: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/3.jpg)
RISK MANAGEMENT . . .RISK MANAGEMENT . . .RISK MANAGEMENT . . .RISK MANAGEMENT . . .RISK MANAGEMENT . . .nothing but the beef:
three reasons why you bother
one key tool
use of monte-carlo simulation
one metric to track (late) risk manifestation
a useful pattern from the past
a scary but wonderful observation
the did-we-really-do-it? test
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 4: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/4.jpg)
You’re blind-sided by a risk that’s happened a
thousand times before.
You have no infrastructure in place to deal
with a risk when it materializes.
You don’t have a useful (early) transition
indicator.
RISK MANAGEMENT ATROCITIESRISK MANAGEMENT ATROCITIESRISK MANAGEMENT ATROCITIESRISK MANAGEMENT ATROCITIESRISK MANAGEMENT ATROCITIES
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 5: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/5.jpg)
DENVER INTERNATIONAL AIRPORTDENVER INTERNATIONAL AIRPORTDENVER INTERNATIONAL AIRPORTDENVER INTERNATIONAL AIRPORTDENVER INTERNATIONAL AIRPORT
The automated baggage handling system:
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 6: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/6.jpg)
D.I.A. PROJECT: CRITICAL PATHD.I.A. PROJECT: CRITICAL PATHD.I.A. PROJECT: CRITICAL PATHD.I.A. PROJECT: CRITICAL PATHD.I.A. PROJECT: CRITICAL PATH
Baggage Handling Software
.
.
Integration testing
.
Acceptance & signoff
Airport opening
1993 1994 1995
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 7: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/7.jpg)
You’re blind-sided by a risk that’s happened a
thousand times before.
You have no infrastructure in place to deal
with a risk when it materializes.
You don’t have a useful (early) transition
indicator.
RISK MANAGEMENT ATROCITIESRISK MANAGEMENT ATROCITIESRISK MANAGEMENT ATROCITIESRISK MANAGEMENT ATROCITIESRISK MANAGEMENT ATROCITIES
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 8: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/8.jpg)
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 9: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/9.jpg)
1. You have zero chance of
delivering before January of
next year.
2. My best guess is you’ll be
done around April 1st . . .
3. but to be at least 50% sure,
you’d better advertise a date
of May 1 or later.
4. To be 100% safe, you’d have to
allow for delivery as late as
end of next year.
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 10: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/10.jpg)
RISK DIAGRAM:RISK DIAGRAM:RISK DIAGRAM:RISK DIAGRAM:RISK DIAGRAM:
A risk diagram shows explicitly how uncertain we are about
delivery date (or anything else).
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 11: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/11.jpg)
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 12: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/12.jpg)
SENSIBLE RISK MANAGEMENT:SENSIBLE RISK MANAGEMENT:SENSIBLE RISK MANAGEMENT:SENSIBLE RISK MANAGEMENT:SENSIBLE RISK MANAGEMENT:
Effort
Size in (for example) Function Points
20,000 FP
52 person months
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 13: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/13.jpg)
40 52 70
Effort
(Person Months)
SENSIBLE RISK MANAGEMENT:SENSIBLE RISK MANAGEMENT:SENSIBLE RISK MANAGEMENT:SENSIBLE RISK MANAGEMENT:SENSIBLE RISK MANAGEMENT:
Delivery Date
6/2000 11/2000
9/2000
“The project will take this much time.”
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 14: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/14.jpg)
RISK DIAGRAMS IN USE:RISK DIAGRAMS IN USE:RISK DIAGRAMS IN USE:RISK DIAGRAMS IN USE:RISK DIAGRAMS IN USE:
Risk
Modeling
ProcessSources of
UncertaintyResultant
Uncertainty
Delivery Date
Size Inflation
Productivity
Variation
etc.
Flaw in size
estimate
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 15: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/15.jpg)
Alpha Platform: Project Simulation (500 Runs)
0
1 0
2 0
3 0
4 0
5 0
6 0
7 0
8 0
9 0
1 0 021
-FE
B-0
4
3-JU
N-0
4
15-S
EP
-04
27-D
EC
-04
9-A
PR
-05
21-J
UL
-05
3-N
OV
-05
15-F
EB
-06
27-M
AY
-06
9-S
EP
-06
CA
NC
EL
LE
D
Completion Date
Nu
mb
er o
f In
stan
ces
in R
ange
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 16: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/16.jpg)
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 17: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/17.jpg)
Alpha Platform ProjectEarned Value Demonstrated by Versions Running
-
2.00
4.00
6.00
8.00
10.00
12.00
14.00
16.00
18.00
Jun-01 Dec-01 Jun-02 Dec-02 Jun-03 Dec-03 Jun-04 Dec-04
Calendar Date
Earn
ed V
alu
e (R
un
nin
g) i
n M
illi
on
s
Expected Version AcceptanceDate
Actual Version AcceptanceDate
September 22, 2003
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 18: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/18.jpg)
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 19: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/19.jpg)
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 20: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/20.jpg)
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 21: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/21.jpg)
SCARY BUT WONDERFUL OBSERVATION:SCARY BUT WONDERFUL OBSERVATION:SCARY BUT WONDERFUL OBSERVATION:SCARY BUT WONDERFUL OBSERVATION:SCARY BUT WONDERFUL OBSERVATION:
The real reason we need to do risk
management is not to avoid risks,
but to enable aggressive risk-taking.
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 22: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/22.jpg)
THE FIVE CORE RISKSTHE FIVE CORE RISKSTHE FIVE CORE RISKSTHE FIVE CORE RISKSTHE FIVE CORE RISKS
The following five risks are common to all high-
tech projects:
Size inflation
Original estimate flaw
Personnel turnover
Failure to concur (breakdown among the
interested parties)
Productivity variation
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 23: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/23.jpg)
1. Is there a census of risks with at least 10-20 risks on it?
2. Is each risk quantified as to probability and cost and
schedule impact?
3. Is there at least one early transition indicator associated
with each risk?
THE “ARE WE REALLY DOING RISKTHE “ARE WE REALLY DOING RISKTHE “ARE WE REALLY DOING RISKTHE “ARE WE REALLY DOING RISKTHE “ARE WE REALLY DOING RISK
MANAGEMENT” TESTMANAGEMENT” TESTMANAGEMENT” TESTMANAGEMENT” TESTMANAGEMENT” TEST
(in six parts):
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 24: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/24.jpg)
THE “ARE WE REALLY DOING RISKTHE “ARE WE REALLY DOING RISKTHE “ARE WE REALLY DOING RISKTHE “ARE WE REALLY DOING RISKTHE “ARE WE REALLY DOING RISK
MANAGEMENT” TEST (CONTINUED)MANAGEMENT” TEST (CONTINUED)MANAGEMENT” TEST (CONTINUED)MANAGEMENT” TEST (CONTINUED)MANAGEMENT” TEST (CONTINUED)
4. Does the census include the core risks indicated by
past industry experience?
5. Are risk diagrams used widely to specify both the
causal risks as well as the net result (schedule and
cost) risks?
6. Is the scheduled delivery date significantly different
from the best-case scenario?
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort
![Page 25: 130-29: Risk Management for Software Projects · Risk Management for Software Projects Tom DeMarco, The Atlantic Systems Guild, Camden, ME ABSTRACT Risk management is project management](https://reader034.fdocuments.in/reader034/viewer/2022042908/5f3894a4e34a2b79f375aff6/html5/thumbnails/25.jpg)
SU
GI 29
Plan
nin
g, D
evelop
men
t and
Su
pp
ort