Doc 19 Software Risk Management

8/14/2019 Doc 19 Software Risk Management

1/4

Syntel CQA Forum Software Risk Management CQADoc No 19

Risk is nothing but the probability of unsatisfactory outcome. Software Risk Management is aproactive approach for minimizing the uncertainty and potential loss associated with a project.Some categories of risk include product size, business impact, customer-related, process,technology, development environment, staffing (size and experience), schedule, and cost.

Providing insights to support informed decision making is the primary objective of RiskManagement. In contrast, Risk Management practice concentrates on performing bottom-up,

detailed, continuous assessment of risk and opportunity. It focuses on addressing the day-to-dayoperational risks that a program faces.

Risk Management follows a two-stage, repeatable and iterative process of assessment andmanagement. It is performed continually over the life of a program, from initiation to retirement.

Some of the risks in software projects are

Personnel Shortfalls

Unrealistic schedules and budgets

Developing the wrong functions and properties

Developing the wrong user interface

Gold-plating

Continuing stream of requirements changes

Shortfalls in externally furnished components

Shortfalls in externally performed tasks

Real-time performance shortfalls

Straining computer-science capabilities

Risk Management : Managing risks is a two-step process - Risk Assessment & Risk Control.

Risk Assessment Risk Control

What Risks may conquer me Plan for elimination of Risk ItemsWhich are most critical How well am I good in eliminating them

How can I best eliminate or avoid them How do I need to adjust my plan

Risk Assessment consists of Risk Identification, Risk Analysis & Risk Prioritization. Theclassifications of these are given below.

Risk Identification Risk Analysis Risk Prioritization

Check List Performance Models Risk Exposure

Decision Driver Analysis Cost Models Risk Leverage

Assumption Analysis Network analysis Compound Risk reduction

Decomposition Decision AnalysisQuality Factor Analysis

Risk Control consists of three factors Risk Management Planning, Risk Resolution, RiskMonitoring. Their Classifications are as below:

Risk ManagementPlanning

Risk Resolution Risk Monitoring

Buying information(Survey)

Prototypes Milestone Tracking

10718245.doc Page 1 of 4


2/4


Risk Avoidance (Change Simulations Top 10 tracing

Requirements (1sec to 2sec)

Benchmarks Risk Assessment

Risk Transfer Analysis Corrective Action

Risk reduction Staffing

Risk Element Planning

Risk Plan Integration

Example of a Risk Checklist (For Staffing)

Will Your Project really get all the best

people

Are there critical skills for which nobody is

identified

Are there pressures to staff with available

warm bodies

Are there pressures to overstaff in the early

phases

Are the key project people compatible Do they have a realistic expectations about

their project job

Do their strength match their assignment Are they committed for the duration of the

project

Are they committed full time Are their task pre-requisites (Training,

clearances etc)Satisfied

Top ten Risk Items and Risk Management techniques

S.No

Risk Item Risk management Techniques

1 Personnel Shortfalls Staffing with top talent; Key Personnel agreements; TeamBuilding & Training; Tailoring process to skill mix;Walkthroughs

2 Unrealistic Schedules &Budgets

Detailed Multi source Cost & Schedule Estimation;Designed to cost; Incremental Development; Software

Reuse; Requirements De-Scoping; Adding more budget &Schedules; Outside Reviews

3 Developing the wrongsoftware functions

Organizational Analysis; Mission Analysis; OPS- Conceptformalization; User Surveys; Prototyping; Early User Manuals

4 Developing the wrong userinterface

Proto-typing; Scenarios User Characteristics ( Functionality,Style & Work load)

5 Gold Plating Requirements Scrubbing; Prototyping; Cost Benefit analysis;Design to Cost;

6 Continuing Stream of Requirement changes

High Change Threshold; Info hiding; IncrementalDevelopment ( Defer Changes to later increment)

7 Shortfalls in externallyfurnished components

Benchmarking; Inspections; Reference checking;Compatibility analysis;

8 Shortfalls in externallyperformed tasks

Reference checking; Pre-award audits; Award fee contracts;Competitive design or prototyping; Team Building;

9 Real-time PerformanceShortfalls

Simulations; Benchmarking; Modeling; Prototyping;Implementation; tuning

10 Straining Computer ScienceCapabilities

Technical Analysis; Cost Benefit Analysis; Prototyping;Reference Checking

Some of the other Risk factors and Risk Management Techniques

S.no

Type Management Techniques

10718245.doc Page 2 of 4


3/4


1 Requirements Mismatch Analysis

Wrong functions; Wrong attributelevels; Response time; Reliability;modifiability; portability etc

Organizational Analysis; Mission Analysis;Prototyping; modeling; Simulation; Business caseanalysis; Affordable to reviews; Incrementalevolutionary development ; Design to Cost /Schedule

2 Legacy Software-

Obsolete; incompatible; unmodifiable

Software; Difficulty of incrementaltransition to new system.

Legacy Software assessment; ReverseEngineering; Restructuring; Encapsulation; Re-Engineering; Outsourcing; Incremental Phase out

A Chart here will show the risk prone areas and their Risk Description

S.no

Area Risk Description

1 Requirements Frequent Changes, Management o f changes

2 Architecture Maintainability

3 Planning/Scheduling Estimation, Fire-fighting

4 Program Construct Construct Type, Staff, Budget

5 ConfigurationManagement

Multiple baselines

6 Communication Internal, with end users, with customers7 Development Process Definition, Product Control & Process Control

8 Development System Management, Integration & LAN

9 Personnel Training, MORALE

Note: We fail to focus our effort to maximize item and we are not prioritizingRisk Exposure Calculation

Risk Exposure calculation RE = Prob(Uo) * Loss(Uo) where Prob(Uo) = Probability ofUnsatisfactory Outcome

Loss(Uo) = Loss if unsatisfactory outcome

Components of Satisfactory outcomea. Cost, b. Schedule, c. Functionality, d. Operation, e. Support, f. Reuse,

Risk Reduction Leverage = RE (before) RE (after)Risk Reduction cost

The Root cause for major risks is primarily with the contract.

Risk Taxonomy is nothing but classification of Risk. It can be divided into three groupsdefined below.

A. Product Engineering

Requirements

Design Code/Unit Test IntegrationTest

EngineeringSpecialties

Stability Functionality Feasibility Environment Maintainability

Completeness Difficulty Testing Product Reliability

Clarity Interfaces Code /Implementation

System Safety

Validity Performance - - Security

Feasibility Testability - - Human Faces

Precedent Hardware - - Specification

10718245.doc Page 3 of 4


4/4


Constraints

Scale Non-DevelopSoftware

- - -

B. Development Environment

Developmen

t Process

Developm

entSystem

Management

Process

Management

Methods

Work Environment

Formality Capacity Planning Monitoring Quality Attitude

Suitability Suitability ProjectOrganization

PersonnelManagement

Cooperation

ProcessControl

Usability ManagementExperience

Quality Assurance Communication

Familiarity Familiarity Program Interfaces ConfigurationManagement

MORALE

ProductControl

Reliability - - -

- SystemSupport

- - -

- Deliverability

- - -

C. Program Environment

Resources Contract Program Interfaces

Schedule Type of Contract Customer

Staff Restrictions Associate Customer

Budget Dependencies Subcontractors

Facilities Prime Contractors

Corp Management

Vendors

Policies

10718245.doc Page 4 of 4

Documents

Doc 19 Software Risk Management