University of Sunderland CIF301 Unit 5 CIF301 Project Risk Unit 5.

University of Sunderland CIF301 Unit 5

CIF301CIF301

Project Risk Project Risk

Unit 5Unit 5


Risk ManagementRisk Management

• Introduction– Will look at the management of risk during the

project– risks vary in importance– the importance of a particular risk depends on

the project– Risk Management should reduce the danger of

risk for the particular project of interest


Risk categoriesRisk categories

• Risk types to be found on Project– those caused by the inherent difficulties of

estimation– those due to assumptions made during the

planning process– those of unforeseen (or at least unplanned)

events occurring



• Estimation errors– some tasks are easier to estimate than others

• manual writing is a reasonably straight forward task• program testing and debugging may not be

– analysing historic data for similar things can help with deciding the level of accuracy to be assigned to a particular estimation



• Planning errors– assumptions are used when planning, if the

assumption are wrong then the plan is at risk• e.g. the need for rework may not be planned

– when a plan is prepared the assumptions that have been made should listed and details given to the affect on the plan if the assumption are incorrect



• Eventualities– some eventualities might never be foreseen– it has to be accepted that such eventualities do

happen, even if they are rare!– Most unforeseen eventualities generally could

have been identified and predicted• e.g. the required hardware not arriving on time

– plans should be in place to minimise the damage caused by an unforeseen event


Managing riskManaging risk

• There are various models of risk management

• They are generally similar and identify to main elements– risk identification– risk management

• A popular model is the Boehm Risk Engineering Model


Managing riskManaging risk

Riskengineering

Riskanalysis

Riskidentification

Riskestimation

Riskevaluation

Riskmanagement

Riskplanning

Riskcontrol

Riskmonitoring

Riskstaffing

Riskdirecting

From:BoehmTutorial on softwarerisk managementIEEE computer society1989


Risk identificationRisk identification

• Identification of hazards that may affect a project must be the first steps in a risk assessment

• A hazard is an event that if it occurs may adversely affect the project

• The risk a hazard presents to a particular project must decided



• Checklist are often used to help in identifying hazards

• Knowledge based software is also available to help with the task of hazard identification

• Some hazards will be generic

• Other hazards will be project specific



• Various categories of factors will need to be considered– Application factors

• the nature of the application– e.g. simple data processing or safety critical system

• the size of the system

– Staff factors• e.g. experience and appropriateness of experience• skills, turn-over rate, level of absenteeism



• Project factors– definition of the project– project objectives– team members understanding of the above– project quality plan

• Project methods– Is a specified and structured method like

PRINCE 2 being used



• Hardware / software factors– the use of new untried hardware carries a higher

risk than using existing hardware– where a system is developed on one type of

hardware or software platform for use on another, then this will carry higher risks



• Changeover factor– An instant change over carries greater risks than

an incremental change over– Parallel running is desirable but has cost

implications

• Supplier factors– can be difficult to control suppliers

• e.g. installation of phone lines, delivery of equipment



• Environmental and social factors– generally outside the control of the project

• e.g. changes in legislation• e.g. public opinion

• Health and safety factors– not generally a major issue for software project

when compared to other engineering projects– still need to be covered to ensure compliance

with statutory obligation


Risk analysisRisk analysis

• Once identified risks should be assessed for their possible affect on the project

• the level of importance of a risk must also be established this is often done by assessing the risk value



• The importance of a risk is known as the risk value or the the risk exposure

• risk exposure = risk likelihood x risk impact

• risk likelihood is the probability of hazard occurring

• risk impact is the effect the resulting problem will have on the project



• Risk impact is estimated in monetary terms

• Risk likelihood is assessed as a probability

• Risk exposure therefore is an expected cost, in a similar manner to a cost-benefit analysis

• Ranking schemes can be used to assess impact and likelihood



• Impact scores should take account of– the cost of delay to scheduled dates for

deliverables– cost overruns caused by using additional or

more expensive resources– the costs incurred or implicit in any compromise

to the system’s quality or functionality



• Part of a risk exposure assessment table

Hazard Likelihood Impact exposure

1 Changes to the requirements 1 8 8

specification during coding

2 Specification take longer than 3 7 21

expected

3 Staff sickness affecting 5 7 35

critical path activities

4 Staff sickness affecting 10 3 30

non-critical activities



• Managing risk involves the use of two strategies– reducing the risk exposure by reducing likelihood

and impact– drawing up contingency plans to deal with the

risk should it occur

• All attempts to reduce risk exposure will have a cost

• Risk reduction work should be prioritised to obtain best value



• Factor other than risk exposure that should be taken account of when prioritising risk management– confidence of risk assessment– compound risks– the number of risks– cost of action

• cost can be compared using risk reduction leverage



• Risk reduction leverage (RRL)

RRL = REbefore - REafter

risk reduction cost

where

REbefore is the original risk exposure value

REafter is the expected value after action


Reducing risksReducing risks

• There are five broad categories for risk reduction– hazard prevention– likelihood reduction– risk reduction– risk transfer– contingency planning



• Risk Planning– preparing contingency plans– large project will use a risk manager to do this

• Risk Control– minimising the affect caused by the problems

occurring



• Risk monitoring– ongoing assessment of the importance and

relevance of particular risks

• Risk directing and staffing– the day-on-day management of risk– risk aversion and problem solving


ConclusionConclusion

• Risk– Categories

– Identification

– Analysis

– Management

University of Sunderland CIF301 Unit 5 CIF301 Project Risk Unit 5.

Documents

Transcript of University of Sunderland CIF301 Unit 5 CIF301 Project Risk Unit 5.