Risk
description
Transcript of Risk
![Page 1: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/1.jpg)
Risk Management
![Page 2: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/2.jpg)
What is risk?
• You have some expected outcome– Of some event in the future
• Risk is the deviation of the actual future outcome from the expected outcome
• Other definitions:– Hazard: something negative that can happen
in the future– Risk is the probability of the hazard
![Page 3: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/3.jpg)
Why risk analysis?
• What does knowing the risk of some hazard buy you?– We know we can only care about future activities– We know (or hope) that our risk analysis provides
some actionable outcomes– What are we really trying to decide?
• Is the following statement be useful?– The estimated damage by hazard X would be 2
million dollars– The risk of hazard X is 1%
![Page 4: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/4.jpg)
Risk Examples• Let’s say you know the risk of permanent injury/death
of a <insert you own “very fun activity” here> is 1/1000 instances.– Would you perform the activity? Why? Why not?– This activity was “optional”. What about:
• Let’s say you have a disease and there is a treatment that works 25% of the time, does nothing 50% of the time, and results in immediate death 25% of the time– Would you perform this activity? Why? Why not?– The consequence of not performing this activity is death
within five years. You must do it now, you can’t do it five years from now.
![Page 5: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/5.jpg)
Why identify risks?
• Decide if it is “worth” doing something– What is to be gained vs what could be lost
• Avoid risks when possible• Control risks when necessary• Like metrics, the outcome of risk analysis
should be something actionable– Focus on future events
![Page 6: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/6.jpg)
Software Risks
• Project risks– Schedule slips– Cost increases
• Technical risks– The problem is harder to solve than you thought it
would be– Threaten quality and timeliness
• Business risks– Market risk, strategic risk, sales risk, management
risk, budget risks
![Page 7: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/7.jpg)
Again, why analyze risk? Four treatments exist:
• Do nothing– i.e. if you don’t try, you can never fail
• Risk sharing– spending a little now to reduce impact later
• Risk retention– the real “do nothing” – just accept the risk
• Risk reduction– reduce the probability or impact
![Page 8: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/8.jpg)
Risk Management Paradigm
RISK
control
identify
analyze
plan
track
![Page 9: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/9.jpg)
Step 1: identification
• Generic risks every project faces– Lots of checklists for these– over time, over budget, etc.
• Product-specific risks– The server on a website goes down– The touch-screen on this self-checkout is slow– etc
![Page 10: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/10.jpg)
Step 2: Analysis
• Estimate potential likelihood– 100% of a risk means it is a constraint
• Estimate potential impact– Low to High– A monetary amount– Consider the nature, scope, and timing; examples?
• Determine the risk exposure– Expose = probability x impact
• Sort/prioritize risks– Decide which ones you will deal with
![Page 11: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/11.jpg)
Risk Exposure Example• Risk identification. Only 70 percent of the software components
scheduled for reuse will, in fact, be integrated into the application. The remaining functionality will have to be custom developed.
• Risk probability. 80% (likely).• Risk impact. 60 reusable software components were planned. If
only 70 percent can be used, 18 components would have to be developed from scratch (in addition to other custom software that has been scheduled for development). Since the average component is 100 LOC and local data indicate that the software engineering cost for each LOC is $14.00, the overall cost (impact) to develop the components would be 18 x 100 x 14 = $25,200.
• Risk exposure. RE = 0.80 x 25,200 ~ $20,200.
![Page 12: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/12.jpg)
Step 3: Risk planning
• Risk Mitigation– How to avoid the risk
• Risk Monitoring– What factors indicate the risk “is happening”
• Risk Management– What are our contingency plans?
![Page 13: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/13.jpg)
Quiz review
• What is risk? (formal definition)• Give two examples of project risks• Give two examples of technical risks• Give two examples of business risks• Explain the four treatments for risk:
– do nothing– risk sharing– risk reduction– risk retention
• How do you calculate risk exposure?
![Page 14: Risk](https://reader035.fdocuments.in/reader035/viewer/2022072004/563dbb37550346aa9aab3c67/html5/thumbnails/14.jpg)
In-class Exercise
• Calculate the risk of failing your class because you slept through the final– apply the four risk treatments to this risk
• Identify ten risks for your term projects– Calculate the risk exposure for each risk– Decide whether to, and how to, handle each of
the risks you identified using one or more of the four risk treatments we dicussed
• Due next class