1 / 27

COM369 Project Risk Unit 5

COM369 Project Risk Unit 5. Risk Management. Introduction Will look at the management of risk during the project risks vary in importance the importance of a particular risk depends on the project Risk Management should reduce the danger of risk for the particular project of interest.

lydia
Download Presentation

COM369 Project Risk Unit 5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COM369 Project Risk Unit 5

  2. Risk Management • Introduction • Will look at the management of risk during the project • risks vary in importance • the importance of a particular risk depends on the project • Risk Management should reduce the danger of risk for the particular project of interest

  3. Risk categories • Risk types to be found on Project • those caused by the inherent difficulties of estimation • those due to assumptions made during the planning process • those of unforeseen (or at least unplanned) events occurring

  4. Risk categories • Estimation errors • some tasks are easier to estimate than others • manual writing is a reasonably straight forward task • program testing and debugging may not be • analysing historic data for similar things can help with deciding the level of accuracy to be assigned to a particular estimation

  5. Risk categories • Planning errors • assumptions are used when planning, if the assumption are wrong then the plan is at risk • e.g. the need for rework may not be planned • when a plan is prepared the assumptions that have been made should listed and details given to the affect on the plan if the assumption are incorrect

  6. Risk categories • Eventualities • some eventualities might never be foreseen • it has to be accepted that such eventualities do happen, even if they are rare! • Most unforeseen eventualities generally could have been identified and predicted • e.g. the required hardware not arriving on time • plans should be in place to minimise the damage caused by an unforeseen event

  7. Managing risk • There are various models of risk management • They are generally similar and identify to main elements • risk identification • risk management • A popular model is the Boehm Risk Engineering Model

  8. Managing risk Risk engineering Risk analysis Risk management Risk identification Risk estimation Risk evaluation From: Boehm Tutorial on software risk management IEEE computer society 1989 Risk planning Risk control Risk monitoring Risk directing Risk staffing

  9. Risk identification • Identification of hazards that may affect a project must be the first steps in a risk assessment • A hazard is an event that if it occurs may adversely affect the project • The risk a hazard presents to a particular project must decided

  10. Risk identification • Checklist are often used to help in identifying hazards • Knowledge based software is also available to help with the task of hazard identification • Some hazards will be generic • Other hazards will be project specific

  11. Risk identification • Various categories of factors will need to be considered • Application factors • the nature of the application • e.g. simple data processing or safety critical system • the size of the system • Staff factors • e.g. experience and appropriateness of experience • skills, turn-over rate, level of absenteeism

  12. Risk identification • Project factors • definition of the project • project objectives • team members understanding of the above • project quality plan • Project methods • Is a specified and structured method like PRINCE 2 being used

  13. Risk identification • Hardware / software factors • the use of new untried hardware carries a higher risk than using existing hardware • where a system is developed on one type of hardware or software platform for use on another, then this will carry higher risks

  14. Risk identification • Changeover factor • An instant change over carries greater risks than an incremental change over • Parallel running is desirable but has cost implications • Supplier factors • can be difficult to control suppliers • e.g. installation of phone lines, delivery of equipment

  15. Risk identification • Environmental and social factors • generally outside the control of the project • e.g. changes in legislation • e.g. public opinion • Health and safety factors • not generally a major issue for software project when compared to other engineering projects • still need to be covered to ensure compliance with statutory obligation

  16. Risk analysis • Once identified risks should be assessed for their possible affect on the project • the level of importance of a risk must also be established this is often done by assessing the risk value

  17. Risk analysis • The importance of a risk is known as the risk value or the the risk exposure • risk exposure = risk likelihood x risk impact • risk likelihood is the probability of hazard occurring • risk impact is the effect the resulting problem will have on the project

  18. Risk analysis • Risk impact is estimated in monetary terms • Risk likelihood is assessed as a probability • Risk exposure therefore is an expected cost, in a similar manner to a cost-benefit analysis • Ranking schemes can be used to assess impact and likelihood

  19. Risk analysis • Impact scores should take account of • the cost of delay to scheduled dates for deliverables • cost overruns caused by using additional or more expensive resources • the costs incurred or implicit in any compromise to the system’s quality or functionality

  20. Risk analysis • Part of a risk exposure assessment table Hazard Likelihood Impact exposure 1 Changes to the requirements 1 8 8 specification during coding 2 Specification take longer than 3 7 21 expected 3 Staff sickness affecting 5 7 35 critical path activities 4 Staff sickness affecting 10 3 30 non-critical activities

  21. Risk analysis • Managing risk involves the use of two strategies • reducing the risk exposure by reducing likelihood and impact • drawing up contingency plans to deal with the risk should it occur • All attempts to reduce risk exposure will have a cost • Risk reduction work should be prioritised to obtain best value

  22. Risk analysis • Factor other than risk exposure that should be taken account of when prioritising risk management • confidence of risk assessment • compound risks • the number of risks • cost of action • cost can be compared using risk reduction leverage

  23. Risk analysis • Risk reduction leverage (RRL) RRL = REbefore - REafter risk reduction cost where REbefore is the original risk exposure value REafter is the expected value after action

  24. Reducing risks • There are five broad categories for risk reduction • hazard prevention • likelihood reduction • risk reduction • risk transfer • contingency planning

  25. Risk Management • Risk Planning • preparing contingency plans • large project will use a risk manager to do this • Risk Control • minimising the affect caused by the problems occurring

  26. Risk Management • Risk monitoring • ongoing assessment of the importance and relevance of particular risks • Risk directing and staffing • the day-on-day management of risk • risk aversion and problem solving

  27. Conclusion • Risk • Categories • Identification • Analysis • Management

More Related