Upload
kapildev
View
215
Download
0
Embed Size (px)
Citation preview
8/14/2019 Doc 19 Software Risk Management
1/4
Syntel CQA Forum Software Risk Management CQADoc No 19
Risk is nothing but the probability of unsatisfactory outcome. Software Risk Management is aproactive approach for minimizing the uncertainty and potential loss associated with a project.Some categories of risk include product size, business impact, customer-related, process,technology, development environment, staffing (size and experience), schedule, and cost.
Providing insights to support informed decision making is the primary objective of RiskManagement. In contrast, Risk Management practice concentrates on performing bottom-up,
detailed, continuous assessment of risk and opportunity. It focuses on addressing the day-to-dayoperational risks that a program faces.
Risk Management follows a two-stage, repeatable and iterative process of assessment andmanagement. It is performed continually over the life of a program, from initiation to retirement.
Some of the risks in software projects are
Personnel Shortfalls
Unrealistic schedules and budgets
Developing the wrong functions and properties
Developing the wrong user interface
Gold-plating
Continuing stream of requirements changes
Shortfalls in externally furnished components
Shortfalls in externally performed tasks
Real-time performance shortfalls
Straining computer-science capabilities
Risk Management : Managing risks is a two-step process - Risk Assessment & Risk Control.
Risk Assessment Risk Control
What Risks may conquer me Plan for elimination of Risk ItemsWhich are most critical How well am I good in eliminating them
How can I best eliminate or avoid them How do I need to adjust my plan
Risk Assessment consists of Risk Identification, Risk Analysis & Risk Prioritization. Theclassifications of these are given below.
Risk Identification Risk Analysis Risk Prioritization
Check List Performance Models Risk Exposure
Decision Driver Analysis Cost Models Risk Leverage
Assumption Analysis Network analysis Compound Risk reduction
Decomposition Decision AnalysisQuality Factor Analysis
Risk Control consists of three factors Risk Management Planning, Risk Resolution, RiskMonitoring. Their Classifications are as below:
Risk ManagementPlanning
Risk Resolution Risk Monitoring
Buying information(Survey)
Prototypes Milestone Tracking
10718245.doc Page 1 of 4
8/14/2019 Doc 19 Software Risk Management
2/4
Syntel CQA Forum Software Risk Management CQADoc No 19
Risk Avoidance (Change Simulations Top 10 tracing
Requirements (1sec to 2sec)
Benchmarks Risk Assessment
Risk Transfer Analysis Corrective Action
Risk reduction Staffing
Risk Element Planning
Risk Plan Integration
Example of a Risk Checklist (For Staffing)
Will Your Project really get all the best
people
Are there critical skills for which nobody is
identified
Are there pressures to staff with available
warm bodies
Are there pressures to overstaff in the early
phases
Are the key project people compatible Do they have a realistic expectations about
their project job
Do their strength match their assignment Are they committed for the duration of the
project
Are they committed full time Are their task pre-requisites (Training,
clearances etc)Satisfied
Top ten Risk Items and Risk Management techniques
S.No
Risk Item Risk management Techniques
1 Personnel Shortfalls Staffing with top talent; Key Personnel agreements; TeamBuilding & Training; Tailoring process to skill mix;Walkthroughs
2 Unrealistic Schedules &Budgets
Detailed Multi source Cost & Schedule Estimation;Designed to cost; Incremental Development; Software
Reuse; Requirements De-Scoping; Adding more budget &Schedules; Outside Reviews
3 Developing the wrongsoftware functions
Organizational Analysis; Mission Analysis; OPS- Conceptformalization; User Surveys; Prototyping; Early User Manuals
4 Developing the wrong userinterface
Proto-typing; Scenarios User Characteristics ( Functionality,Style & Work load)
5 Gold Plating Requirements Scrubbing; Prototyping; Cost Benefit analysis;Design to Cost;
6 Continuing Stream of Requirement changes
High Change Threshold; Info hiding; IncrementalDevelopment ( Defer Changes to later increment)
7 Shortfalls in externallyfurnished components
Benchmarking; Inspections; Reference checking;Compatibility analysis;
8 Shortfalls in externallyperformed tasks
Reference checking; Pre-award audits; Award fee contracts;Competitive design or prototyping; Team Building;
9 Real-time PerformanceShortfalls
Simulations; Benchmarking; Modeling; Prototyping;Implementation; tuning
10 Straining Computer ScienceCapabilities
Technical Analysis; Cost Benefit Analysis; Prototyping;Reference Checking
Some of the other Risk factors and Risk Management Techniques
S.no
Type Management Techniques
10718245.doc Page 2 of 4
8/14/2019 Doc 19 Software Risk Management
3/4
Syntel CQA Forum Software Risk Management CQADoc No 19
1 Requirements Mismatch Analysis
Wrong functions; Wrong attributelevels; Response time; Reliability;modifiability; portability etc
Organizational Analysis; Mission Analysis;Prototyping; modeling; Simulation; Business caseanalysis; Affordable to reviews; Incrementalevolutionary development ; Design to Cost /Schedule
2 Legacy Software-
Obsolete; incompatible; unmodifiable
Software; Difficulty of incrementaltransition to new system.
Legacy Software assessment; ReverseEngineering; Restructuring; Encapsulation; Re-Engineering; Outsourcing; Incremental Phase out
A Chart here will show the risk prone areas and their Risk Description
S.no
Area Risk Description
1 Requirements Frequent Changes, Management o f changes
2 Architecture Maintainability
3 Planning/Scheduling Estimation, Fire-fighting
4 Program Construct Construct Type, Staff, Budget
5 ConfigurationManagement
Multiple baselines
6 Communication Internal, with end users, with customers7 Development Process Definition, Product Control & Process Control
8 Development System Management, Integration & LAN
9 Personnel Training, MORALE
Note: We fail to focus our effort to maximize item and we are not prioritizingRisk Exposure Calculation
Risk Exposure calculation RE = Prob(Uo) * Loss(Uo) where Prob(Uo) = Probability ofUnsatisfactory Outcome
Loss(Uo) = Loss if unsatisfactory outcome
Components of Satisfactory outcomea. Cost, b. Schedule, c. Functionality, d. Operation, e. Support, f. Reuse,
Risk Reduction Leverage = RE (before) RE (after)Risk Reduction cost
The Root cause for major risks is primarily with the contract.
Risk Taxonomy is nothing but classification of Risk. It can be divided into three groupsdefined below.
A. Product Engineering
Requirements
Design Code/Unit Test IntegrationTest
EngineeringSpecialties
Stability Functionality Feasibility Environment Maintainability
Completeness Difficulty Testing Product Reliability
Clarity Interfaces Code /Implementation
System Safety
Validity Performance - - Security
Feasibility Testability - - Human Faces
Precedent Hardware - - Specification
10718245.doc Page 3 of 4
8/14/2019 Doc 19 Software Risk Management
4/4
Syntel CQA Forum Software Risk Management CQADoc No 19
Constraints
Scale Non-DevelopSoftware
- - -
B. Development Environment
Developmen
t Process
Developm
entSystem
Management
Process
Management
Methods
Work Environment
Formality Capacity Planning Monitoring Quality Attitude
Suitability Suitability ProjectOrganization
PersonnelManagement
Cooperation
ProcessControl
Usability ManagementExperience
Quality Assurance Communication
Familiarity Familiarity Program Interfaces ConfigurationManagement
MORALE
ProductControl
Reliability - - -
- SystemSupport
- - -
- Deliverability
- - -
C. Program Environment
Resources Contract Program Interfaces
Schedule Type of Contract Customer
Staff Restrictions Associate Customer
Budget Dependencies Subcontractors
Facilities Prime Contractors
Corp Management
Vendors
Policies
10718245.doc Page 4 of 4