October 2002J. B. Wordsworth: J2ISDQR11 Information Systems Development Quality and Risk (1)
-
Upload
priscilla-atkins -
Category
Documents
-
view
212 -
download
0
Transcript of October 2002J. B. Wordsworth: J2ISDQR11 Information Systems Development Quality and Risk (1)
October 2002 J. B. Wordsworth: J2ISDQR1 1
Information Systems Development
Quality and Risk (1)
October 2002 J. B. Wordsworth: J2ISDQR1 2
Basis
Risk provisions
Material expensesand costs
Staff costs
Staff profile
Timescales
Problem
Resource Plan
Risk management strategy
Quality management strategy
Risk and Quality Plan
From Ould’s Managing Software Quality ...
October 2002 J. B. Wordsworth: J2ISDQR1 3
Risk and Quality Plan1 Introduction2 Risk management plan 2.1 Risks identified 2.2 Chosen risk reduction measures 2.3 Residual risk assessment3 Quality achievement plan 3.1 Characterisation of system 3.2 Client expectations or
requirements on development 3.3 Chosen development methods 3.4 Chosen tool support 3.5 Chosen target environment 3.6 Consequent activities
4 Quality control plan
4.1 Planned product types
4.2 Specifications and standards
4.3 Quality control activities
4.4 Consequent activities
5 Quality preservation plan
5.1 Identification control
5.2 Change control
5.3 Configuration control
5.4 Consequent activities
From Ould’s Managing Software Quality ...
October 2002 J. B. Wordsworth: J2ISDQR1 4
A risk management process
A risk is anything that threatens our achieving the project’s cardinal aims.
• risk identification• risk analysis• risk response planning• risk resolution and monitoring
October 2002 J. B. Wordsworth: J2ISDQR1 5
Some cardinal aims
• to match the stated development cost
• at peak times, to handle twice the current throughput
• to be ready at the start of next year’s peak period
• to reduce dispatch mistakes to one third of their current value.
October 2002 J. B. Wordsworth: J2ISDQR1 6
A cause-effect tree
project fails
2: fail on throughput
1: exceed cost target
3: not ready for peak
4: mistakes not reduced
8: key staff overloaded
9: marketing over-keen
10: we are over-keen
11: facilitiesover-exploited
12: poor algorithms
13: staff cannot cope
5: supplierfails to deliver
6: installerfails to deliver
7: training late
From Ould’s Managing Software Quality ...
October 2002 J. B. Wordsworth: J2ISDQR1 7
Risk analysis• Impact
– binary risks– sliding risks
• Uncertainty– event uncertainty (it might happen that ..., so
we must influence something.)– estimating uncertainty (we are uncertain how
much ..., so we must try to find something out.)
October 2002 J. B. Wordsworth: J2ISDQR1 8
Risk estimation• Probability:
– VL: very likely– L: likely– U: unlikely– VU: very unlikely
• Impact:– L: life threatening– P: project threatening– E: expensive in cost or time– S: some cost or time penalty– N: negligible cost or time penalty
October 2002 J. B. Wordsworth: J2ISDQR1 9
The danger slope
VU U L VL
L X X X X
P X X X
E X X
S X X
N X
From Ould’s Managing Software Quality ...
October 2002 J. B. Wordsworth: J2ISDQR1 10
Pre-emptive risk reduction
Pre-emptive risk reduction is planned to take effect before a risk materialises.– Information-buying activities reduce the (estimation)
uncertainty of a risk.– Risk-influencing activities reduce the (event)
uncertainty of a risk.– Contractual transfer transfers a risk to someone better
able to deal with it.– A process model structures the project into phases that
are designed to successively reduce risk.
October 2002 J. B. Wordsworth: J2ISDQR1 11
Reactive risk reduction
Reactive risk reduction is planned to take effect after a risk materialises.– Contingency plans have a trigger to bring them
into effect.– Insurance requires a premium to be paid.
October 2002 J. B. Wordsworth: J2ISDQR1 12
Risk register• risk number• risk description• causes risks ...• source of uncertainty (event/estimation)• nature of uncertainty• probability• impact• chosen risk-reduction measures (pre-emptive or reactive)• risk owner (a person)• residual risk• best case value• chosen case value• worst case value
October 2002 J. B. Wordsworth: J2ISDQR1 13
Summary
• A risk is anything that threatens a project’s cardinal aims.
• Risk management is a four-step process.
• Risk reduction measures, planned in advance, can be pre-emptive or reactive.
• A risk register collates information about risks.