Professional Documents
Culture Documents
Software Engineering: Slide Set 05: Risk Management
Software Engineering: Slide Set 05: Risk Management
Risk Management 2
Risk
• Risk involves change in some form like a change in place, a
change in profession and change in opinion.
Risk Management 3
Risk Strategies
• There are two commonly used strategies to deal with risks
in software engineering:
1. Reactive Strategies
2. Proactive Strategies.
Risk Management 4
Reactive Strategies
• There is a phrase “cross the bridge when you come across it”,
which when applied to a software project would mean taking
care of problems as and when we come across them without
planning for them in advance.
• With reactive strategies, the team does nothing about risks until
something goes wrong.
• When a problem arises, the team goes into action and takes
initiative to solve the problem.
Risk Management 5
Reactive Strategies
• Reactive strategy can be depicted as figure 5.1.
Risk Management 6
Reactive Strategies
• Assume that there was a software project in progress with three
software engineers involved in all kinds of responsibilities.
• The firm never accounted for the fact that any one of them may leave. It
simply took for granted the continuance of the staff. But, all of a
sudden, two of the engineers leave the project.
• In such a situation, the entire burden falls upon the lone software
engineer.
• Due to shortage of time, it may so happen that the firm is unable to hire
new staff immediately and the project may have to be abandoned or
delayed.
Risk Management 7
Reactive Strategies
• In the given example, reactive strategy would mean hiring and training
new staff after the earlier staff has quit.
• Had the problem been foreseen, the engineers who plan to quit could
be made to train the new staff and then leave.
Risk Management 8
Proactive Strategies
• Proactive means taking the initiative.
Risk Management 9
Proactive Strategies
• Figure 5.2 illustrates this strategy.
Risk Management 10
Characteristics of Risk
• Any kind of risk possesses two characteristics:
– Uncertainty:
– Loss:
1. Project Risks
2. Business Risks
3. Technical Risks
4. Predictable Risks
5. Unpredictable Risks
Risk Management 12
Project Risks
• These affect or threaten any project plan that has been laid.
Risk Management 13
Business Risks
• Business risks affect the viability of the software to be built.
Risk Management 14
Business Risks
4. Losing the support of senior management due to a
change in focus or a change in people (management
risk).
Risk Management 15
Technical Risks
• These risks can have an effect on the creation and completion of
software.
– Implementation
– Interfacing
– Verification
– Design
– Maintenance
Risk Management 16
Technical Risks
• The causes for technical risks could be software
obsolescence, technical uncertainty, and ambiguity in
specifications.
Risk Management 17
Predictable Risks
• Certain risks like unrealistic delivery date, lack of
documented requirements or software scope can be
predicted by evaluating the project plan and the
environment under which the project will be developed.
Risk Management 18
Unpredictable Risks
• These are the risks that may occur but cannot be
predicted in advance.
Risk Management 19
The Risk Management Process
Risk Risk
Risk Analysis Risk Planning
Identification Monitoring
Risk Management 20
The Risk Management Process
1. Risk Identification: Possible project, product and business
risks are identified.
• For each of the risks listed in the previous section, there are two
types of risks:
1. Generic Risks
2. Product-Specific Risks
Risk Management 22
Risk Identification
• Generic risks can affect any software project whereas
product specific risks can be identified by those who are
familiar with the technology, the people and the project at
hand.
Risk Management 23
Risk Identification
• A risk item checklist is generally created to help in identification
of risks as well as focus on different categories of risks.
– Product Size
– Customer Characteristics
– Process Definition
– Business Impact
– Development Environment
– Technology
– Risk Associated with Staff Size and Experience
Risk Management 24
Product Size
• This is the risk associated with the overall size of the
software to be built or modified.
Risk Management 25
Product Size
• Questions that may be asked to check product size can be
drawn as follows:
Risk Management 26
Customer Characteristics
• These are the risks associated with the sophistication of
the customer and the ability of the developer to
communicate with the customer in a timely manner.
Risk Management 27
Customer Characteristics
• Questions that may be asked to check the customer characteristics are
as given below:
Risk Management 29
Process Risk
– Are the standards being followed?
– How are the aspects of the process being monitored?
– What software tools are being used in the
development of the project?
Risk Management 30
Business Impact
• These are the risks associated with constraints posed by
the management or the market.
Risk Management 31
Business Impact
– Knowledge levels of end users, level of documentation
needed for the customer
– Governmental constraints
– Cost of late delivery
– Cost of a defective product
Risk Management 32
Development Environment
• These are risks associated with the availability and quality
of the tools that may be used to build the product.
Risk Management 33
Development Environment
• The checklist drawn to check the development environment will
be based on the availability of the following:
Risk Management 34
Technology
• These are risks associated with the complexity of the
system and the unfamiliarity with the new technology.
Risk Management 35
Technology
– Is a specialized interface demanded by the product
requirements?
– Is the type of software to be developed new to our
organization?
– Are we using new analysis, design or testing methods
for this project?
– Are the required development methods
unconventional?
– Do the requirements put excessive performance
constraints on the product?
Risk Management 36
Risk Associated with Staff Size and Experience
Risk Management 37
Risk Associated with Staff Size and Experience
Risk Management 38
Assessing Overall Project Risks
• The following questions can help to assess overall project
risks:
Risk Management 39
Assessing Overall Project Risks
– Do end-users have realistic expectations?
– Is project scope stable?
– Does the software engineering team have the right mix of
skills?
– Are project requirements stable?
– Does the project team have experience with the
technology to be implemented?
– Is the number of people on the project team adequate to
do the job?
– Do all customer/user constituencies agree on the
importance of the project and on the requirements for the
system/product to be built?
Risk Management 40
Assessing Overall Project Risks
• If any one of these questions is answered negatively,
mitigation, monitoring, and management steps should be
instituted without fail.
Risk Management 41
Risk Analysis
• During the risk analysis process, you have to consider each
identified risk and make a judgment about the probability
and the seriousness of it.
Risk Management 42
Risk Analysis
• Tabulate the results of this analysis process using a table
ordered according to the seriousness of the risk.
RE = P×C
– Where,
• P = the probability of occurring for a risk and
• C = the cost to the project should the risk occur.
Risk Management 43
Risk Analysis
• Risk exposure can be computed for each risk in the risk
table, once an estimate of the cost of the risk is made.
• The total risk exposure for all risks (above the cut-off in the
risk table) can provide a means for adjusting the final cost
estimate for a project.
Risk Management 44
Risk Table – An Example
Risk Probability Effects
Risk Management 46
Risk Mitigation
• To mitigate risks, project management must develop a strategy
for reducing turnover.
Risk Management 48
Risk Monitoring
• Risk monitoring involves regularly assessing each of the
identified risks to decide whether or not that risk is
becoming more or less probable and whether the effects of
the risk have changed.
Risk Management 49
Risk Factors
Risk Type Potential Indicators
Risk Management 50