Trash Your Risk - Intuitive Risk Management Skills
description
Transcript of Trash Your Risk - Intuitive Risk Management Skills
Trashing your Risk –
Improving Your Intuitive Risk
Management Skills
with F. Michael Dedolph
XBOSoft Info
Founded in 2006
Dedicated to software quality
Software QA Consulting
Software Testing
Offices in San Francisco, Beijing, Oslo, and Amsterdam
Slide 211/20/2014 F. Michael Dedolph Webinar 11/20/14
Housekeeping
Everyone except the speakers are muted
Questions via the gotowebinar control on the right side of
your screen or through Twitter @XBOSoft
Questions can be asked throughout the webinar - we’ll try
to answer them at the end.
You will receive info on recording after the webinar
Slide 311/20/2014 F. Michael Dedolph Webinar 11/20/14
Speakers
Sabrina Gasson
XBOSoft Marketing
Slide 411/20/2014 F. Michael Dedolph Webinar 11/20/14
Jan PrincenDirector at XBOsoftFounder of GripQA
F. Michael Dedolph Webinar 11/20/14
Trashing Your Risk - Improving Your
Intuitive Risk Management SkillsF. Michael Dedolph
Abstract: This interactive webinar will show how risk management is
something we all do intuitively, every day. After demonstrating this truth,
the talk will cover ways we can be more successful with our risk
management efforts - and make it more fun! These concepts can be
applied equally to our personal and work lives. Ultimately, improved risk
management usually translates to improved outcomes
This presentation is based on material developed by F. Michael Dedolph while working at the Software Engineering Institute (SEI). Please do not reuse the material without giving credit to the SEI. Credit for Michael would be nice, too. I have used variations of this presentation in workshops at the PNSQC, SEI, Bell Labs, CSC, Xerox, various DoD agencies, and Software Process Improvement Network (SPIN) presentations.
11/20/2014 Slide 5
Once Upon a Time - A Risk Parable
F. Michael Dedolph Webinar 11/20/14 11/20/2014 Slide 6
The Problem:
Getting to work
The Risk:
Must be on time
Slide 711/20/2014 F. Michael Dedolph Webinar 11/20/14
F. Michael Dedolph Webinar 11/20/14 11/20/2014 Slide 8
“Uncle Joe” Offers to Help
What Could Possibly Go Wrong?
Slide 911/20/2014 F. Michael Dedolph Webinar 11/20/14
(Insert your list here)
Slide 1011/20/2014 F. Michael Dedolph Webinar 11/20/14
A Few Risks Others Have Noted
• Involved in an auto accident
• Traffic problems
• Mechanical problems
• Car uncomfortable, lacks class
• Sleep in
• Weather
• Illness
• ???
Slide 1111/20/2014 F. Michael Dedolph Webinar 11/20/14
What Do We Notice About the Risks?
Here are some things you may have noted:
• Many of the risks captured go beyond the initial problem statement (getting to work on time)
• Risks may focus on urgent things while neglecting importantthings (lower probability but higher overall impact).
• Different people have different ideas and tolerances for risk
• Risks can be grouped
• Risks are inter-related - one risk makes another more or less likely, and/or changes the severity of the consequence
• Risk identification can be done intuitively and informally
– Are there other ways we could have done this?
– For this example, would it be worthwhile?
Assumption: risks can be mitigated.
What Can We Do?
Slide 1211/20/2014 F. Michael Dedolph Webinar 11/20/14
(Insert your list here)
Slide 1311/20/2014 F. Michael Dedolph Webinar 11/20/14
Mitigations Others Have NotedRisks: Mitigation Action
Involved in an auto accident Insurance
Driver training
Maintain vehicle
Cell phone
Traffic problems Radio reports
Plan alternate routes
Set up home office
Leave early
Mechanical problems Maintain vehicle
Roadside assistance plan
Vehicle inspections
Cell phone
Car lacks class Hmmm
F. Michael Dedolph Webinar 11/20/14
What is Notable About the Mitigations?
Here are some things you may have noted:
• Some strategies address multiple risks
• No single strategy address all the risks
• All of the mitigation strategies take resources – time
and/or money!
• Some mitigation activities introduce new risks
• ???
11/20/2014 Slide 14
F. Michael Dedolph Webinar 11/20/14
Question: Do Any of These
Mitigations Introduce New Risks?
Risk
I might be involved in an auto accident
SO I bought Insurance
BUT the insurance cost more money than I had
SO I got a second job
BUT I was so tired I swerved and got a ticket
SO I stayed home and slept in
BUT . . .
The “SO” . . . “BUT” game.
11/20/2014 Slide 15
Hmmm.
Slide 1611/20/2014 F. Michael Dedolph Webinar 11/20/14
Hmmm.
Slide 1711/20/2014 F. Michael Dedolph Webinar 11/20/14
What Should We Do?
Slide 1811/20/2014 F. Michael Dedolph Webinar 11/20/14
There are always choices
“Two roads diverged . . .”
•How do we choose?
>> Making better choices
is the reason for risk
analysis
For our example, what should our hero do?
F. Michael Dedolph Webinar 11/20/14
A Risk Example, Continued—Analysis
Using the intuitive approach, we need to ask—
“What should we do?”, OR,
“Should we do ALL of these things?”
>> Quick answer – we should do the most important
things (we need to balance costs and benefits.)
>> Risk analysis is used to help decide which things
are most important.
11/20/2014 Slide 19
F. Michael Dedolph Webinar 11/20/14
A Risk Example, Continued—Analysis
Risk Analysis supports risk management by:
• providing tools to help prioritize risks
• identifying critical follow up actions (triggers and
tracking mechanisms)
• helping us assess the effectiveness of planned
mitigations
• providing ways to balance the acceptable level of risk
against the cost of mitigation activities
Analysis starts by looking at the individual risk statements.
Additional work may be needed to analyze the composite
set of risks.
11/20/2014 Slide 20
F. Michael Dedolph Webinar 11/20/14
A Risk Example, Continued—Analysis
Supports Management Decisions
Basic risk analysis involves estimating 2 things:
• What is the probability (or likelihood) of the risk
happening?
– Usually expressed as High, Medium, Low
• What is the cost/impact if the risk happens?
– Usually expressed as High, Medium, Low,
sometimes “Catastrophic” is added
Other analysis questions may include what the risk
triggers are, when the risk might occur, etc.
11/20/2014 Slide 21
F. Michael Dedolph Webinar 11/20/14
A Risk Example, Continued—Simple
Analysis
High 3 6 9
Med 2 4 6
Low 1 2 3
Low Med High
• P(Risk) X Impact =
Magnitude (aka,
Exposure)
• Exposure gives a
measure of how
important the risk is
• Exposure can/should be
estimated before and
after mitigation
planning
• One mechanism: Score
risks individually,
discuss as a team, use
average
P
R
O
B
A
B
I
L
I
T
Y
IMPACT
EXPOSURE TABLE
11/20/2014 Slide 22
What Will We Do?
Slide 2311/20/2014 F. Michael Dedolph Webinar 11/20/14
Plan your work, then work your plan.
F. Michael Dedolph Webinar 11/20/14
The Final Question . . .
What will we do?
• What might prevent us from following through?
• What could we do to ensure we follow through?
>> Quick answer: include risk management in project
management.
>> But, this is dependent on your goals, organization,
customer, product, and risk tolerance.
• Keep it practical – use analysis to set priorities
– What can we afford?
– How much time do we have?
11/20/2014 Slide 24
F. Michael Dedolph Webinar 11/20/14
Summary: Intuitive Risk Management
This intuitive approach is based on 4 questions.
ANALYSIS
Identification Mitigation
Risk Management
4 Risk Questions:
What
> could go wrong?
> can we do?
> should we do?
> will we do?
11/20/2014 Slide 25
OK, That’s Cool, But,
How About Us?
Slide 2611/20/2014 F. Michael Dedolph Webinar 11/20/14
What Types of Products do You Make?
• “Use and lose” - product is disposable,
mass produced
• “One and done” - custom built product, no
follow up support
• “Build and sustain” - built and operated by
us or a partner
• “Build and enhance” - iterative product with
multiple releases
• “Give away” – indirect profit from add-ons,
ad-ons, premium service packages
>> Different products, different risk
Slide 2711/20/2014 F. Michael Dedolph Webinar 11/20/14
What Could (Possibly) Go Wrong?
Slide 2811/20/2014 F. Michael Dedolph Webinar 11/20/14
Insert Your List Here:
Slide 2911/20/2014 F. Michael Dedolph Webinar 11/20/14
Sample Testing Risk Areas
Here are some things I’ve seen in the past
•Test strategies don’t match the product
•Insufficient resources for the testing needed
•Incomplete testing
•Undocumented testing
•Wrong tools and methods
•No automation/too much automation
•Uncooperative development & management teams
•Unclear criteria – what is “good enough”?
•Testers don’t have any control of test process
•???
Slide 3011/20/2014 F. Michael Dedolph Webinar 11/20/14
What Can We Do?
Slide 3111/20/2014 F. Michael Dedolph Webinar 11/20/14
(Insert your list here)
What stands out for you? Are any of these
risks things that have happened before?
>> (It might be a problem, not a risk)
What Should We Do?
Slide 3211/20/2014 F. Michael Dedolph Webinar 11/20/14
>> Start by identifying and communicating risk
>> Translate risks into $$$ and time (analysis)
What Will We Do?
Slide 3311/20/2014 F. Michael Dedolph Webinar 11/20/14
Slide 3411/20/2014 F. Michael Dedolph Webinar 11/20/14
The Goal:
Trash those risks
Q+APost your questions on Twitter and we'll answer them @XBOSoft
Join us to keep updated on all our webinars, reports and whitepapers:
facebook.com/xbosoft
+xbosoft
We post regularly on our blog – check us out!
http://xbosoft.com/software-quality-blog/
Why not download our free Whitepapers, available here: http://xbosoft.com/knowledge-center/software-
testing-white-paper/
You will receive an email with information on slides and recording. Any further queries regarding our services
or ideas for future webinars please email us! [email protected]
Slide 3511/20/2014 F. Michael Dedolph Webinar 11/20/14