Risk management plan loren schwappach
-
Upload
loren-schwappach -
Category
Business
-
view
271 -
download
0
description
Transcript of Risk management plan loren schwappach
Developed for:CS671 – Software Systems Engineering Process
Author:Loren Karl Schwappach, BSEE / BSCE
Risk management involves identifying applicable risks , analyzing
those risks, managing/mitigating risks, and finally reviewing risks. [Potter02]
Careful use of risk management techniques can help prevent problemsfrom occurring and allow anticipation of future problems allowing process improvement to run smoothly [Boehm89, Potter01, Van Scoy92].
What is Risk Management?
[1]
Step 1: Determine the Scope of the Risk
Step 2: Select the Team and Moderator
Step 3: Identify Risks
Step 4: Analyze Risks
Step 5: Plan to Mitigate Risks
Step 6: Plan for Periodic Risk Review
Note: There will be a hands-on example at the end of this presentation if time permits.
Six Steps to Risk Management
[2]
The scope of the list should include the goals and problems that you
plan to address in the next six months. [Potter02]
The complete list of goals and problems from your action plan are the perfect candidates for determining your risk management scope. However, you should refine the goals/problems into a few that you plan to address in the near term.
Step 1: Determining the Scope
The risk management team should include individuals who have an
understanding of the risks that could prevent successful project completion. [Potter02]
The team should include the improvement team, stakeholders(software developers, quality analysts, and managers), previous improvement project members, and subject area experts. [Potter02]
Try to limit the group size to around nine people to keep the conversations on track. [Potter02]
The moderator is responsible for keeping the discussions focused and should be able to explain the risk management process to team members. [Potter02]
Step 2: Select the Team and Moderator[3]
Risks: potential problems that are not guaranteed to occur. [Potter02]
Start risk identification as a brainstorming session, allowing members to call out problems that could cause the improvement projects to fail. [Potter02]
Consider the following: [Potter02]
Weak areas such as unknown technology (tools, vendors, methodologies).
Critical aspects necessary for the improvement project (timely delivery of training programs, management buy-in, training materials).
Previous problems (loss of essential staff, resistance to change, shifts in priority).
Step 3: Identify Risks
[4]
Sub-steps to risk analysis: [Potter02]
Focus on removing ambiguities (example: “lack of management buy-in” to “manager X may not find any benefit to the new method” and “people might leave” to “subject master X may get pulled off of project) carefully clarifying each risk item. Note: Risk Items column.
Enumerate the primary consequence if the risk were to occur. Note: Consequence column.
Set priorities by agreeing on how likely a risk item is to occur (scale 1 to 10 (very likely)), and then rate the impact if the risk were to occur (scale 1 to 10 (very large impact)). First select the item that rates the lowest and assign it a 1 and then select the item that rates the highest and assign it a 10. All other items should be rated within these boundaries. The final priority is the product of the two values!
Select a few items to manage (top three risks or top 20 percent).
Step 4: Analyze Risks
[5]
Reduce the likelihood of risk occurring..
One method used is to change the decision that caused the risk. Sometimes this can be done by eliminating the item altogether, however this can sometimes create addition risks.
Another method used is to reduce the impact of the risk should it occur.
Note: List the actions to reduce the risk likelihood and impact under their respective columns..
Decide which actions to pursue. Focus on actions that reduce likelihood and provide a contingency.
Assign responsibility to each risk reduction action. This includes identifying a responsible member and a realistic completion date.
Step 5: Plan to Mitigate
[6]
Periodic review provides visibility on the effectiveness of the
risk management process.
During the reviews determine whether any likelihood or impact numbers need revisiting and if needed repeat the complete risk management process to address any significant changes that occur.
Measure the impacts of any risks that occur for future risk management decisions.
Step 6: Plan for Periodic Risk Review
Risk Management involves:
1: Determining the Scope of the Risk
Goals/Problems within next 6 months.
2: Selecting the risk management team & moderator
Limit to around 9 people from improvement team, stakeholders, previous improvement project members, and subject area experts.
3: Identify Risks
Brainstorm session considering weak areas, critical aspects and previous problems.
4: Analyze Risks
Remove ambiguities, enumerate consequences, set priorities, and select few for managing.
5: Plan to Mitigate Risks
Choose actions that reduce the likelihood and impact of risk occurring, select best actions to pursue and assign responsibility.
6: Plan for Periodic Risk Review
Summary
[1] Image Retrieved from Lawns To Gardens Website on 27 April 2011 at http://lawnstogardens.wordpress.com/2007/12/09/how-to-develop-a-peak-oil-risk-management-plan/
[2] Image Retrieved from Edge 360 Website on 27 April 2011 at http://www.edge360.com/services/risk-management/
[3] Image Retrieved from eastpennsd.org Website on 27 April 2011 at http://www.eastpennsd.org/shoemaker/Staff.html
[4] Image Retrieved from lovemeow.com Website on 27 April 2011 at http://lovemeow.com/2009/11/video-cat-loves-mouse/
[5] Image Retrieved from Halfiranian.com Website on 27 April 2011 at http://halfiranian.com/2009/09/01/britains-radical-moment/
[6] Image Retrieved from Julesbright.com Website on 27 April 2011 at http://julesbright.com/
[7] Image Retrieved from Enterprise-PM.com Website on 27 April 2011 at http://www.enterprise-pm.com/pmbasics/risk-management-models
References
[Boehm89] Boehm, B. Tutorial: Software Risk Management. New York: IEEE Computer Society, 1989
[Potter01] Potter, N., and M. Sakry. “Keep Your Project on Track.” Software Development 2001; 9, no. 4.
[Potter02] Potter, N., and M. Sakry. “A Consise Action Guide for Software Managers and Practitioners.” Making Process Improvement Work 2002.
[Van Scoy92] Van Scoy, Roger L. Software Development Risk: Opportunity, Not Problem. CMU/SEI-92-TR-30, ADA 258743. Pittsburgh: SEI, 1992.
References Continued
You may see this information on the class final so be prepared!
Where to go for additional information:
Garvey, P., Analytical Methods for Risk Management: A Systems Engineering Perspective, 2008.
Questions?
[7]
Hands-on Example
If time permits…
Scenario: A System Engineer Firm (Over Priced Solutions Inc.) that
develops software for a large TS/SCI satellite agency in partnership with the military and NSA.
The Firm has one manager (Jerome Akins) who is not big on wasting time on process improvement efforts and often shifts priorities. One library control expert (Jay Deguzman) that is considering leaving the firm. Two software developers (Mitchell Williams and Ryan Lacroix) that have been with the firm for 20 years and are not interested in learning new tools (specifically the software requirement management tool which has a large learning curve). And, one overly exited project manager (Loren Schwappach). The firm is also expected to hire several new staff members within the next six months.
Step 4: Analyze Risks Hands-On Example…
Software Company X – Identified Risks:
Lack of management buy-in.
People might leave.
Software requirement management tool is hard to use.
Management changes priorities often.
Software requirement management tool may be delivered late.
Creation of training materials takes a long time.
Step 4: Analyze Risks Hands-On Example…
Step 4: Analyze Risks Hands-On Example…
Risk Items Consequence Likelihood Impact Priority
Jerome Akins’ (Manager) buy-in for improvement methods
diminishes.
Improvement program fails. 10 10 100
Jerome Akins’ (Manager) changes priorities before any
milestones are completed.
Improvement program loosescredibility.
9 9 81
New Requirements Management Tool has a huge
learning curve.
Mitchell Williams and Ryan Lacroix give up on tool in
frustration.
9 8 72
Jay Deguzman (LibraryControl) might leave firm.
Wasted time training new person.
7 8 56
Creation of specialized training materials for new
staff takes too long.
Improvement implementation delayed.
4 5 20
Requirements management tool is delivered to the firm
late.
Pass up opportunity to test and use new tool.
1 1 1
Step 5: Plan to MitigateHands-On Example…
Risk Items Consequence Like-lih-ood
Imp-act
Prio-rity
Actions to Reduce
Likelihood
Actions to Reduce Impact
Responsible
Due Status
Jerome Akins’(Manager) buy-in for improvement
methods diminishes.
Improvement program fails.
10 10 100 1. Ensure that the improvement
program addresses the management
team’s problems and goals.
2. Establish a steering
committee to oversee the
improvement effort.
Meet Bimonthly.
3. Determine improvements that
can be made at a project level
without major funding.
4. Explain the problems and goals
that won’t be addressed because
of reducedfunding.
Action 1:
Loren
4/27/11 Completed
Jerome Akins’ (Manager) changes
priorities before any milestones are
completed.
Improvement program looses
credibility.
9 9 81 1. Present the action plan to
management and obtain agreement
that priorities remain
unchanged.
2. Determine improvements that
can be made regardless of which
project is active.
Action 1:
Loren
5/6/11 In Progress
New Requirements Management Tool
has a huge learning curve.
Mitchell Williams and Ryan Lacroix
give up on tool in frustration.
9 8 72 1. Start a pilot project to test the
tool.
2. Establish a cutoff date when firm
will give up on tool and use previous
methods.
Action 1:
Mitchell
5/12/11 In Progress
Handouts
Name: __________________________ Date: ______________ Grade: ______
Q1 (25pts/100pts): What are the six steps to risk management? ______________________________________________________________________________
____________________________________________________________________________________________________________________________________________________________________
Q2 (25pts/100pts): Risks are? ______________________________________________________________________________________________________________________________________________________________________________________.
Q3 (25pts/100pts): The risk management team should include the ___________________, ____________________, _____________________________________, and _________________________________.
Q4 (25pts/100pts): Step four of the Risk Management Process involves removing ___________________, enumerating the _____________________________________ if the risk were to occur, setting _______________ for each risk, and selecting a few _________________________________________________.
Risk Management Pop Quiz
Graded by: Loren K. Schwappach
Risk Management Risk Analysisfor Hands on Example
Risk Items Consequence Likelihood Impact Priority
Risk Management plan for Risk Mitigationfor Hands on Example
Risk Items Consequence Like-lih-ood
Imp-act
Prio-rity
Actions to Reduce
Likelihood
Actions to Reduce Impact
Responsible
Due Status