Risk Analysis and Planning

1
Risk Analysis and Planning
CEN 4021 Class 11 02/16

• Review Class 7
• Overview
• Risk Identification
• Risk Prioritization
• Risk Mitigation

2
Overview of Goals and Measurements

• During the planning phase the goals for and
  measurements of, the key attributes of the
  product and services are determined.
• Many of the goals for the system are deduced from
  the functional and nonfunctional requirements
  i.e. obtained from the customer.
• For example
• A secure system
• A fully functional system

3
Overview of Goals and Measurements cont

• Measurable attribute An attribute for which
  there is a well-defined metric and a methodology
  for its measurements.
• Validation of goal Comparing a stated goal for
  an attribute with the actual measurement taken
  for the attribute.
• Verification of measurement Ensuring that the
  measurement of an attribute is properly taken and
  recorded through repetition, tracing, or some
  other means.

4
Overview of Goals and Measurements cont

• Metric The unit used to characterize an
  attribute.
• Measurement The act of characterizing an
  attribute, which may involve multiple steps,
  utilizing the agreed upon metric for that
  attribute.
• E.g., Attribute is elapsed time, metric hour
  required to take the start time and the end
  time, the compute the difference.
• Planning team may also be required to define
  other spm metrics e.g., productivity, team
  morale, tool effectiveness, user satisfaction.

5
Overview of Goals and Measurements cont

• Deliverable-related metrics and measurements
• Some s/w deliverable attributes include
• Quality
• Usability
• Functional completeness
• Maintainability
• Modifiability
• Reliability
• Installability
• Requires some thought and insight before a
  reasonable goal and metric can be designed

6
Three Types of Resources

• Once the project deliverables, WBS, tasks,
  initial schedule and goals are understood the
  resources required to complete the project must
  be planned.
• The key resource for most s/w projects is people.
• On an organizational level, processes, policies,
  and specific methodologies need to be available
  to ensure the successful completion of the
  project.

7
Risk Analysis and Planning

• Defn Risk A problem that has a greater then
  0 but less than 100 probability of occurrence.
• A problem is an event that has a negative value
  associated with it.
• If the probability a risk has a 100 of occurring
  it is a problem.
• Examples of risk include losing a critical
  resource or using an unreliable new technology in
  a software project.

8
Risk Analysis and Planning cont

• Risk can be listed, categorized, and potentially
  managed .
• The earlier risk are handled the better the
  chance of project success.
• Sources of Risk
• Schedule overrun
• Quality
• Overly optimistic assumptions about the
  availability of some technology

9
Risk Analysis and Planning cont

• Sources of Risk cont
• Misunderstanding of the real impact of some new
  technology
• Miscalculation of the robustness (e.g.,
  extensibility) or constraints of software design
• Misunderstanding of customer requirements
• Uncontrolled continuous changes of customer
  requirements
• Unrealistic promises to customers made by
  overzealous sales people or company execs.

10
Risk Analysis and Planning cont

• Sources of Risk cont
• Inadequate due diligence while choosing external
  sourcing
• Incompetence of key personnel
• Miscalculation of teamwork and group
  effectiveness
• Unrealistic expectations about the availability
  or productivity of special skilled human
  resources.

11
Risk Identification

• Steps in starting the risk list
• List those characteristics of the product that
  may not be well defined.
• List all unresolved issues for the tasks that
  will be performed in conjunction with the
  software project. Start by asking whether any
  process is defined, documented, and practiced in
  the organization.

12
Risk Identification cont

• Steps in starting the risk list
• Identify risks associated with management
  resources. For example, h/w and s/w systems
  required for the project, licenses needed etc.
  Tools may be not be available when needed.
• Human resources represent a especially important
  type of resource for s/w projects. Obtaining the
  the needed skilled people in a timely manner is
  always a problem.

13
Risk Identification cont

• For s/w planning the initial identification of
  risks
• Deliverables and product specification
• Tasks and initial schedule
• Goals, metrics, and measurements
• Human resources
• Processes and methodologies
• Tools and equipment

14
Risk Prioritization

• Defn Risk prioritization - The activity of
  ordering risks based on some criterion or set of
  criteria.
• Recovery cost The cost in terms of effort or
  financial expense to solve a problem should a
  risk materialize.
• The cost identified may not be exact but rather
  identified as merely high, medium, and low. The
  associated risk would have similar values.
• To apply the notion of recovery cost as an
  abstract value, experience in the development
  process is required.

15
Risk Prioritization cont

• Prioritization by Risk Value
• The prioritization of risk can be more complex.
• It makes sense to view risks with a low chance of
  occurring as requiring less attention.
• We can define the risk value (RV) as follows
• RV(j) P(j) X RC(j)
• P(j) the probability of risk item j becoming a
  real problem
• RC(j) is the recovery cost for the risk item j
  when it turns into a real problem.

16
Risk Prioritization cont

• Defn Risk Value - A recovery cost that is
  influenced and modified by another criterion or
  set of criteria. The probability of the risk
  turning into a problem is such an influencing
  factor, and when such a factor is taken into
  account in modifying the recovery cost, the
  result is the risk value.

Table 5.2. Risk Prioritization by Risk Value
Risk Item Prob. Of Occurrence Recovery Cost Risk Value (RV)
Item 1 0.4 600 240
Item 2 0.7 400 280
Item 3 0.3 3000 900
Item 4 0.6 1200 720
Item 5 0.3 700 210
17
Risk Mitigation

• Defn Risk mitigation An activity that may
  reduce minimize, or totally avoid a risk.
• Cost-base mitigation
• Which mitigation alternative should be chosen
  when several choices are available?
• Which criteria should be used in decision making?
• One of any several parameters as the basis for
  decision making including the ease of mitigation,
  probability of success of mitigation, and the
  cost of mitigation.

18
Risk Mitigation cont

• Mitigation Value Cost
• The mitigation cost value is defined as follows
• MVC(k) P(k) X MC(k)
• MVC(K) mitigation cost value of alternative k
• P(k) probability of failure for alternative k
• MC(k) raw cost of mitigation for alternative k
• See Table 5.4 in the next slide.
• Mitigation value cost the cost of risk
  mitigation after taking into account another
  criterion or a set of criteria, such as
  probability of mitigation success

19
Risk Mitigation cont
Table 5.4 Mitigation Value Cost
Mitigation alternative Raw risk mitigation cost Probability of failure Mitigation value cost
Alternative 1 65,000 0.1 6500
Alternative 2 50,000 0.6 30,000
Alternative 3 120,000 0.05 6000
Risk item not being able to complete a system
integration task with a specific tool because
only one person posses that special skill. Alt.
1 Hire an extra person with the needed skill as
a backup helper Alt. 2 Provide extra incentives
to persuade the current employer to stay Alt. 3
Use an alternative system integration method that
does not require this specific tool
20
Risk Mitigation cont

• Mitigation Value Cost
• Note that if P(k) is changed from the probability
  of failure to the probability of success, then
  the highest mitigation value cost would be the
  proper choice.
• Sometimes the spmr face the prospect of planning
  with a fixed budget for risk mitigation.
  Therefore the risk items must be ranked.
• See Table 5.5 in textbook.