SPM-UNIT IIIRISK MANAGEMENT

Prof. Kanchana Devi

Prof. Kanchana Devi

2

Introduction An uncertain event or condition that, if it

occurs, has a positive or negative effect on a project’s objectives.

PRINCE2: The Chance of exposure to the adverse

consequences of future events

PRINCE PRojects IN Controlled Environment

Prof. Kanchana Devi

3

The key elements of risk

It relates to future Cost underestimation, New Technology

difficult to work. It involves cause and effect

Cost Over-run, Use of untrained staff, Poor Specification

Prof. Kanchana Devi

4

Socio-technical Model of Risk

Kalle Lyytinen and his Colleagues proposed a diagrammatic representation

Actors

TechnologyStructure

Tasks

Prof. Kanchana Devi

5

Risk Framework Actors : refers to all the people involved

in the development of the application in the question

Risk: High staff turn-over Technology: encompasses both the

technology used to implement the application and that embedded in the delivered products

Risk: Appropriateness of the technologies and possible faults within them

Prof. Kanchana Devi

6

…… Structure: Describes the management

structures and systems including those affecting planning and control.

Risk: Some implementation might need user participation in some tasks(not allotted)

Tasks: relates to the work planned Risk: Complexity of work might lead to delay

Prof. Kanchana Devi

7

A framework for dealing with Risk

Planning for risk includes Risk Identification Risk Analysis and Prioritization Risk Planning Risk Monitoring

Prof. Kanchana Devi

8

Risk Identification There are two main approaches:

Checklists Brain-stroming

Prof. Kanchana Devi

9

Checklists Checklists are simply lists of the risks

that have been found to occur regularly in software development projects.

Risk Risk Reduction TechniquesPersonnel shortfalls Staffing with top talent, job

matching, team building, training and career development…

Unrealistic time and Cost Estimates

Multiple Estimation techniques, Design to cost, Incremental development…

Developing the wrong software functions

Improved software evaluation, Formal Specification Methods…

Developing the wrong user interface

Prototyping, Task Analysis, User Involvement.

Gold Plating Requirements Scrubbing, Prototyping, Cost-benefit analysis…

Prof. Kanchana Devi

10

Brainstorming Stakeholders are brought together,

preliminary and plans are drafted Identifying the solution using the

individual knowledge.

Prof. Kanchana Devi

11

Risk Assessment A common problem in risk identification

is that a list of risks is potentially endless.

Estimating the risk exposure for each risk using the formula:

Risk Exposure = (Potential Damage)* (Probability of Occurrence)

Prof. Kanchana Devi

12

Example: Problem A project depended on a data centre

vulnerable to fire. It might be estimated that if a fire occurred a new computer configuration could be established for $500,000. It might also be estimated that a computer is located there is a 1 in 1000 chance of a fire actually happening, that is a probability of 0.001.

Prof. Kanchana Devi

13

Solution: By using the formula:

Risk Exposure= $500,000*0.001= $500

Risk Exposure = (Potential Damage)* (Probability of Occurrence)

Prof. Kanchana Devi

14

Risk Exposure Assessment Ref Hazard Likelihoo

dImpac

tRisk

R1 Changes to Requirement Specification during coding

8 8 64

R2 Specification Task longer than expected

3 7 21

R3 Significant staff sickness affecting critical path activities

5 7 35

R4 Significant staff sickness affecting non-critical path activities

10 3 30

R5 Module coding takes longer than expected

4 5 20

R6 Module testing demonstrates errors or deficiencies in design

4 8 32

H

S

M

S

H

S

Prof. Kanchana Devi

15

Risk Probability and Associated range valuesProbability Level RangeHigh Greater than 50% Chance of happeningSignificant 30-50% Chance of happeningModerate 10-29% Chance of happeningLow Less than 10% Chance of happening

Impact on Cost and Associated range valuesProbability Level RangeHigh More than 30% above Budgeted ExpenditureSignificant 20 to 29% above Budgeted ExpenditureModerate 10 to 19% above Budgeted ExpenditureLow Within 10% of Budgeted Expenditure

Prof. Kanchana Devi

16

Impact MatrixR6 R1

R2,R3,R5

R4

High

Significant

Moderate

Low

Low Moderate Significant

High

Probability

Tolerance Line

Prof. Kanchana Devi

17

Risk Planning After identifying the risks and priorities Task is to deal with them

Risk Acceptance Risk Avoidance Risk Reduction & Mitigation Risk Transfer

Prof. Kanchana Devi

18

Risk Management Eg: Staff absence through illness. “Contingency Plan”

Prof. Kanchana Devi

19

Risk Reduction Actions The risk reduction action can be assessed by

calculating the “Risk Reduction Leverage”(RRL)

RE Risk Exposure If RRL = 1.00 indicates the reduction in the

exposure is greater than its cost

RRL= (RE before-RE after)/(Cost of risk reduction)

Prof. Kanchana Devi

20

Example: An unrealistic example, it might cost

$200,000 to replace a hardware configuration used to develop a software application. There is a 1% chance of fire. The risk exposure would be 1% of $200000, that is $2000. Installing fire alarms at a cost of $500 would reduce the chance of fire to 0.5%. The new risk exposure would be $1000, a reduction of $1000 on previous exposure. Calculate the RRL.

Prof. Kanchana Devi

21

Solution: RRL = (2000-1000)/500

= 2.0=>So the action taken is worthwhile.

Prof. Kanchana Devi

22

Risk RegisterRisk Record

Risk DescriptionImpact DescriptionRecommended Risk MitigationProbability/ Impact Values

Incident/Action History

Risk Id Risk Title

Owner Date Raised Status

Probability Impact

Cost Duration QualityPre-mitigation

Post-mitigation

Date Incident/Action Actor Outcome/Comment