1 / 13

Risk Management

Risk Management. What is risk?. You have some expected outcome Of some event in the future Risk is the deviation of the actual future outcome from the expected outcome Other definitions: Hazard: something negative that can happen in the future Risk is the probability of the hazard.

chenoa
Download Presentation

Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management

  2. What is risk? • You have some expected outcome • Of some event in the future • Risk is the deviation of the actual future outcome from the expected outcome • Other definitions: • Hazard: something negative that can happen in the future • Risk is the probability of the hazard

  3. Why risk analysis? • What does knowing the risk of some hazard buy you? • We know we can only care about future activities • We know (or hope) that our risk analysis provides some actionable outcomes • What are we really trying to decide? • Is the following statement be useful? • The estimated damage by hazard X would be 2 million dollars • The risk of hazard X is 1%

  4. Risk Examples • Let’s say you know the risk of permanent injury/death of a <insert you own “very fun activity” here> is 1/1000 instances. • Would you perform the activity? Why? Why not? • This activity was “optional”. What about: • Let’s say you have a disease and there is a treatment that works 25% of the time, does nothing 50% of the time, and results in immediate death 25% of the time • Would you perform this activity? Why? Why not? • The consequence of not performing this activity is death within five years. You must do it now, you can’t do it five years from now.

  5. Why identify risks? • Decide if it is “worth” doing something • What is to be gained vs what could be lost • Avoid risks when possible • Control risks when necessary • Like metrics, the outcome of risk analysis should be something actionable • Focus on future events

  6. Software Risks • Project risks • Schedule slips • Cost increases • Technical risks • The problem is harder to solve than you thought it would be • Threaten quality and timeliness • Business risks • Market risk, strategic risk, sales risk, management risk, budget risks

  7. Again, why analyze risk? Four treatments exist: • Do nothing • i.e. if you don’t try, you can never fail • Risk sharing • Risk retention • Risk reduction • Example: let’s analyze the risk of driving to take your final exam

  8. Risk Management Paradigm control track RISK identify plan analyze

  9. Step 1: identification • Generic risks every project faces • Lots of checklists for these • Product-specific risks • Examples?

  10. Step 2: Analysis • Estimate potential likelihood • 100% of a risk means it is a constraint • Estimate potential impact • Low to High • A monetary amount • Consider the nature, scope, and timing; examples? • Determine the risk exposure • Expose = probability x impact • Sort/prioritize risks • Decide which ones you will deal with

  11. Risk Exposure Example • Risk identification. Only 70 percent of the software components scheduled for reuse will, in fact, be integrated into the application. The remaining functionality will have to be custom developed. • Risk probability. 80% (likely). • Risk impact. 60 reusable software components were planned. If only 70 percent can be used, 18 components would have to be developed from scratch (in addition to other custom software that has been scheduled for development). Since the average component is 100 LOC and local data indicate that the software engineering cost for each LOC is $14.00, the overall cost (impact) to develop the components would be 18 x 100 x 14 = $25,200. • Risk exposure. RE = 0.80 x 25,200 ~ $20,200.

  12. Step 3: Risk planning • Risk Mitigation • How to avoid the risk • Risk Monitoring • What factors indicate the risk “is happening” • Risk Management • What are our contingency plans?

  13. In-class Exercise • Identify ten risks for your term projects • Generic vs project • Product, technical, and business • Calculate the risk exposure for each risk • Decide whether to, and how to, handle each of the risks you identified

More Related