1 / 49

Risk Management

Risk Management. Project Management Testing Effort Management. Administrivia. Bathrooms Lunch Introductions Downloads are available at http://turningwheel.net/ppasq. Objectives. At the end of this class, you should be able to:

aulani
Download Presentation

Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management Project Management Testing Effort Management

  2. Administrivia • Bathrooms • Lunch • Introductions • Downloads are available at • http://turningwheel.net/ppasq

  3. Objectives At the end of this class, you should be able to: Identify events (risks) that are likely to impact a project and document their characteristics Assess each identified risk to determine the impact it could have to the project and the probability of it occurring Determine a priority ranking for all the risks identified Select a mitigation approach for each risk identified Develop mitigation and /or contingency plans as necessary for the risks identified Monitor and evaluate the project for occurrence of or changes to the risks identified

  4. What is Risk Management? • What makes a project a success? • 70-80% of IT projects fail!! • The “Law” of Project Management…

  5. What is “Risk Management” • Risk management is concerned with identifying risks and drawing up plans to minimise their effect on a project. • A risk is a probability that some adverse circumstance will occur. • Project risks affect schedule or resources • Product risks affect the quality or performance of the software being developed • Business risks affect the organisation developing or procuring the software • Determining how to react/avoid the impact • Monitoring the events throughout the life of the project

  6. Benefits of Risk Analysis • Best Practice • “same page” for scope and priorities • Focuses on the “most important” work • Publishes “assumptions” • Promotes reuse of Quality materials • Works for both MFI and MFF projects • (“Money For Information” and …”Flexibility”)

  7. Risk analysis • Assess probability and seriousness of each risk • Probability may be very low, low, moderate, high or very high • Risk effects might be catastrophic, serious, tolerable or insignificant

  8. Risk analysis

  9. The risk management process • Risk identification • Identify project, product and business risks • Risk analysis • Assess the likelihood and consequences of these risks • Risk planning • Draw up plans to avoid or minimise the effects of the risk • Risk monitoring • Monitor the risks throughout the project

  10. The risk management process • The Process flow • 1 Risk Identification • 2 Risk Assessment • 3 Response Planning • 4 Planning Completion • 5 Risk Monitoring • 6 Risk Response • 7 Update Risk Management Plan

  11. The risk management process

  12. Risk Identification The process of determining which events might affect the project and documenting their characteristics

  13. Risk Identification Steps • 1.1 Comparison to prior, similar projects’ identified risks • Identify similar, previous projects based on subject matter • Obtain PIRs, Lessons Learned, Risk Management Plan, Issues Logs, etc • Review and document potential events for your project • SWOT analysis

  14. Risk Identification Steps • 1.2 Identify events that are likely to impact the project • What methods have you successfully used to identify risks? • Use brainstorming, affinity diagrams, interviewing, dependency modeling, questionnaires, delphi technique, prototyping

  15. Risk Identification Steps • 1.3 Categorize identified events • Grouping risks into categories will provide valuable information later in the process • Most common categories • Business / Organizational Risks • External Risks • Project Management Risks • Technical, Quality, or Performance Risks • Estimation Risks

  16. Risks and risk types

  17. Risk factors

  18. Software risks

  19. Let’s Try It Exercise 1

  20. Risk Identification Steps • 1.3 Categorize identified events • Along with selecting a category for each task, the following should also be identified and documented for each risk: • Triggers • Assumptions • Preliminary Owner

  21. Let’s Try It Exercise 2

  22. Risk Assessment The process of analyzing identified risks in order to determine the likelihood of a risk occurring (the probability), the severity of the risk (the impact), and the potential cost to the overall project (net exposure)

  23. Risk Assessment Steps • 2.1 Comparison to prior projects’ identified risks • Obtain PIRs, Lessons Learned, Risk Management Plan, etc • Review assessment of similar risks for these projects

  24. Risk Assessment Steps • 2.2 Qualitative Risk Analysis of each risk • Appendix B for small projects • Appendix C for medium to large projects • Appendix D for programs • Qualitative Risk Analysis Voting Process • One vote for each impact and probability (Agile)

  25. Let’s Try It! Exercise 3

  26. Risk Assessment Steps • Quantitative Risk Analysis • See Appendix B, C, D

  27. Risk Assessment Steps • 2.4 Rank Risks • Determine the ranking of each risk, producing a prioritized list Samples available at http://turningwheel.net/ppasq

  28. Let’s Try It Exercise 4

  29. Risk Response Planning The process of developing options and determining actions and activities to reduce risk impact, probability, and exposure to the project’s objectives

  30. Risk Response Steps 3.1 Comparison to previous projects 3.2 Assign a mitigation approach to each risk (Reactive, Proactive) 3.3 Develop mitigation/contingency plans for each risk 3.4 Finalize owner(s) of risks based on mitigation plans

  31. Risk management strategies

  32. Planning Completion The process of finalizing the Risk Management Plan that was developed during the risk planning process

  33. Planning Completion Steps • 4.1 Obtain formal signoffs • This signoff signifies that the stakeholders agree with the content of the Risk Management Plan • 4.2 Execute mitigation plans • Begin execution of the actions or activities defined in the mitigation plans developed during Risk Response Planning

  34. Let’s Try It Exercise 5

  35. Risk Monitoring • The process of the Risk Management Plan owner keeping track of the identified risks • 5.1 Monitor existing risks for occurrence or change • Use one or more of the following: • Periodic risk management plan reviews • Performance Measurements • Each key risk should be discussed at management progress meetings

  36. Risk Response • The process of executing the necessary contingency plan(s) once a risk has occurred • 6.1 Execute the risk contingency plan • Begin execution of the defined activities

  37. Update Risk Management Plan The process of modifying the Risk Management Plan with changes that occur during the life of the project

  38. Update RM Plan Steps • 7.1 Update Risk Details on RM Plan • RM Plan owner updates RM Plan based on changes identified during monitoring and control phases • 7.2 Communicate changes to RM Plan • 7.3 Obtain formal signoffs on changes to RM Plan • Signoff indicates that stakeholders agree with changes

  39. Let’s Try It Exercise 6

  40. What’re You Gonna Test? • “The Most Important Things” (MITs) • Severity is how bad it’ll hurt if something happens • Probability is how likely it is to happen. • A Meteorite hitting the building is unlikely but catastrophic if it happens

  41. What’re You Gonna Test? • Risks Analysis can help: • Define the Initial Test Schedule • Form the Contract to Test • Analyze the Results of Tests (to prove they were useful) • Determine which tests to run (coverage) • Determine how hard to hit a test

  42. The MITs Approach More refined than the last attempt Weights an index as well

  43. Report Your Findings • Explain your approach but also show the danger of not testing • Cost Analysis • Time • Potential Customer Impact

  44. So, What’re You Gonna Test? • You can’t test everything • Inventory Ranking • Test Sizing • Risk Analysis answers: • What do I need to test and how? • How big is the test effort? • How much will it cost?

  45. Applying Risk Analysis • Planning Phase: quick estimate of the number and types of tests • Assumes there is a testing inventory • Path vs Data Testing in Software • Most Important Nonanalytical Tests -from SMEs • Most Important Paths –Logic of the User • Most Important Data –Most Pass Data Sets • Most Important Environments – • MITs= (MINs+MIPs+MIDs)*MIEs

  46. The Sizing Worksheet Like test coverage, these are relative estimates Should contain time taken And if lucky, cost to perform (or not) Assumptions should be noted Estimates need to be updated as actuals are learned for improving future estimates

  47. Sizing Worksheet Contains MITs Test and Coverage Test Units and Time to Create Tests Time to Run and Create Automated Tests Estimate the number of errors to be found Code Turnovers/Test Cycles/Iterations Test Environments and Total Tests Planning Time

  48. Sizing Worksheet Contains 2 • The Case for Automation (if applicable) • Time for Administration, Documentation, and Logging • Factor of Safety • 50% is not unreasonable for large efforts • Constraints, Assumptions, and Status

  49. Negotiating the Effort Don’t forget to budget time for *fixing* bugs! Agile/XP Methodologies

More Related