490 likes | 606 Views
Risk Management. Project Management Testing Effort Management. Administrivia. Bathrooms Lunch Introductions Downloads are available at http://turningwheel.net/ppasq. Objectives. At the end of this class, you should be able to:
E N D
Risk Management Project Management Testing Effort Management
Administrivia • Bathrooms • Lunch • Introductions • Downloads are available at • http://turningwheel.net/ppasq
Objectives At the end of this class, you should be able to: Identify events (risks) that are likely to impact a project and document their characteristics Assess each identified risk to determine the impact it could have to the project and the probability of it occurring Determine a priority ranking for all the risks identified Select a mitigation approach for each risk identified Develop mitigation and /or contingency plans as necessary for the risks identified Monitor and evaluate the project for occurrence of or changes to the risks identified
What is Risk Management? • What makes a project a success? • 70-80% of IT projects fail!! • The “Law” of Project Management…
What is “Risk Management” • Risk management is concerned with identifying risks and drawing up plans to minimise their effect on a project. • A risk is a probability that some adverse circumstance will occur. • Project risks affect schedule or resources • Product risks affect the quality or performance of the software being developed • Business risks affect the organisation developing or procuring the software • Determining how to react/avoid the impact • Monitoring the events throughout the life of the project
Benefits of Risk Analysis • Best Practice • “same page” for scope and priorities • Focuses on the “most important” work • Publishes “assumptions” • Promotes reuse of Quality materials • Works for both MFI and MFF projects • (“Money For Information” and …”Flexibility”)
Risk analysis • Assess probability and seriousness of each risk • Probability may be very low, low, moderate, high or very high • Risk effects might be catastrophic, serious, tolerable or insignificant
The risk management process • Risk identification • Identify project, product and business risks • Risk analysis • Assess the likelihood and consequences of these risks • Risk planning • Draw up plans to avoid or minimise the effects of the risk • Risk monitoring • Monitor the risks throughout the project
The risk management process • The Process flow • 1 Risk Identification • 2 Risk Assessment • 3 Response Planning • 4 Planning Completion • 5 Risk Monitoring • 6 Risk Response • 7 Update Risk Management Plan
Risk Identification The process of determining which events might affect the project and documenting their characteristics
Risk Identification Steps • 1.1 Comparison to prior, similar projects’ identified risks • Identify similar, previous projects based on subject matter • Obtain PIRs, Lessons Learned, Risk Management Plan, Issues Logs, etc • Review and document potential events for your project • SWOT analysis
Risk Identification Steps • 1.2 Identify events that are likely to impact the project • What methods have you successfully used to identify risks? • Use brainstorming, affinity diagrams, interviewing, dependency modeling, questionnaires, delphi technique, prototyping
Risk Identification Steps • 1.3 Categorize identified events • Grouping risks into categories will provide valuable information later in the process • Most common categories • Business / Organizational Risks • External Risks • Project Management Risks • Technical, Quality, or Performance Risks • Estimation Risks
Let’s Try It Exercise 1
Risk Identification Steps • 1.3 Categorize identified events • Along with selecting a category for each task, the following should also be identified and documented for each risk: • Triggers • Assumptions • Preliminary Owner
Let’s Try It Exercise 2
Risk Assessment The process of analyzing identified risks in order to determine the likelihood of a risk occurring (the probability), the severity of the risk (the impact), and the potential cost to the overall project (net exposure)
Risk Assessment Steps • 2.1 Comparison to prior projects’ identified risks • Obtain PIRs, Lessons Learned, Risk Management Plan, etc • Review assessment of similar risks for these projects
Risk Assessment Steps • 2.2 Qualitative Risk Analysis of each risk • Appendix B for small projects • Appendix C for medium to large projects • Appendix D for programs • Qualitative Risk Analysis Voting Process • One vote for each impact and probability (Agile)
Let’s Try It! Exercise 3
Risk Assessment Steps • Quantitative Risk Analysis • See Appendix B, C, D
Risk Assessment Steps • 2.4 Rank Risks • Determine the ranking of each risk, producing a prioritized list Samples available at http://turningwheel.net/ppasq
Let’s Try It Exercise 4
Risk Response Planning The process of developing options and determining actions and activities to reduce risk impact, probability, and exposure to the project’s objectives
Risk Response Steps 3.1 Comparison to previous projects 3.2 Assign a mitigation approach to each risk (Reactive, Proactive) 3.3 Develop mitigation/contingency plans for each risk 3.4 Finalize owner(s) of risks based on mitigation plans
Planning Completion The process of finalizing the Risk Management Plan that was developed during the risk planning process
Planning Completion Steps • 4.1 Obtain formal signoffs • This signoff signifies that the stakeholders agree with the content of the Risk Management Plan • 4.2 Execute mitigation plans • Begin execution of the actions or activities defined in the mitigation plans developed during Risk Response Planning
Let’s Try It Exercise 5
Risk Monitoring • The process of the Risk Management Plan owner keeping track of the identified risks • 5.1 Monitor existing risks for occurrence or change • Use one or more of the following: • Periodic risk management plan reviews • Performance Measurements • Each key risk should be discussed at management progress meetings
Risk Response • The process of executing the necessary contingency plan(s) once a risk has occurred • 6.1 Execute the risk contingency plan • Begin execution of the defined activities
Update Risk Management Plan The process of modifying the Risk Management Plan with changes that occur during the life of the project
Update RM Plan Steps • 7.1 Update Risk Details on RM Plan • RM Plan owner updates RM Plan based on changes identified during monitoring and control phases • 7.2 Communicate changes to RM Plan • 7.3 Obtain formal signoffs on changes to RM Plan • Signoff indicates that stakeholders agree with changes
Let’s Try It Exercise 6
What’re You Gonna Test? • “The Most Important Things” (MITs) • Severity is how bad it’ll hurt if something happens • Probability is how likely it is to happen. • A Meteorite hitting the building is unlikely but catastrophic if it happens
What’re You Gonna Test? • Risks Analysis can help: • Define the Initial Test Schedule • Form the Contract to Test • Analyze the Results of Tests (to prove they were useful) • Determine which tests to run (coverage) • Determine how hard to hit a test
The MITs Approach More refined than the last attempt Weights an index as well
Report Your Findings • Explain your approach but also show the danger of not testing • Cost Analysis • Time • Potential Customer Impact
So, What’re You Gonna Test? • You can’t test everything • Inventory Ranking • Test Sizing • Risk Analysis answers: • What do I need to test and how? • How big is the test effort? • How much will it cost?
Applying Risk Analysis • Planning Phase: quick estimate of the number and types of tests • Assumes there is a testing inventory • Path vs Data Testing in Software • Most Important Nonanalytical Tests -from SMEs • Most Important Paths –Logic of the User • Most Important Data –Most Pass Data Sets • Most Important Environments – • MITs= (MINs+MIPs+MIDs)*MIEs
The Sizing Worksheet Like test coverage, these are relative estimates Should contain time taken And if lucky, cost to perform (or not) Assumptions should be noted Estimates need to be updated as actuals are learned for improving future estimates
Sizing Worksheet Contains MITs Test and Coverage Test Units and Time to Create Tests Time to Run and Create Automated Tests Estimate the number of errors to be found Code Turnovers/Test Cycles/Iterations Test Environments and Total Tests Planning Time
Sizing Worksheet Contains 2 • The Case for Automation (if applicable) • Time for Administration, Documentation, and Logging • Factor of Safety • 50% is not unreasonable for large efforts • Constraints, Assumptions, and Status
Negotiating the Effort Don’t forget to budget time for *fixing* bugs! Agile/XP Methodologies