Doc 19 Software Risk Management

Embed Size (px)

Citation preview

  • 8/14/2019 Doc 19 Software Risk Management

    1/4

    Syntel CQA Forum Software Risk Management CQADoc No 19

    Risk is nothing but the probability of unsatisfactory outcome. Software Risk Management is aproactive approach for minimizing the uncertainty and potential loss associated with a project.Some categories of risk include product size, business impact, customer-related, process,technology, development environment, staffing (size and experience), schedule, and cost.

    Providing insights to support informed decision making is the primary objective of RiskManagement. In contrast, Risk Management practice concentrates on performing bottom-up,

    detailed, continuous assessment of risk and opportunity. It focuses on addressing the day-to-dayoperational risks that a program faces.

    Risk Management follows a two-stage, repeatable and iterative process of assessment andmanagement. It is performed continually over the life of a program, from initiation to retirement.

    Some of the risks in software projects are

    Personnel Shortfalls

    Unrealistic schedules and budgets

    Developing the wrong functions and properties

    Developing the wrong user interface

    Gold-plating

    Continuing stream of requirements changes

    Shortfalls in externally furnished components

    Shortfalls in externally performed tasks

    Real-time performance shortfalls

    Straining computer-science capabilities

    Risk Management : Managing risks is a two-step process - Risk Assessment & Risk Control.

    Risk Assessment Risk Control

    What Risks may conquer me Plan for elimination of Risk ItemsWhich are most critical How well am I good in eliminating them

    How can I best eliminate or avoid them How do I need to adjust my plan

    Risk Assessment consists of Risk Identification, Risk Analysis & Risk Prioritization. Theclassifications of these are given below.

    Risk Identification Risk Analysis Risk Prioritization

    Check List Performance Models Risk Exposure

    Decision Driver Analysis Cost Models Risk Leverage

    Assumption Analysis Network analysis Compound Risk reduction

    Decomposition Decision AnalysisQuality Factor Analysis

    Risk Control consists of three factors Risk Management Planning, Risk Resolution, RiskMonitoring. Their Classifications are as below:

    Risk ManagementPlanning

    Risk Resolution Risk Monitoring

    Buying information(Survey)

    Prototypes Milestone Tracking

    10718245.doc Page 1 of 4

  • 8/14/2019 Doc 19 Software Risk Management

    2/4

    Syntel CQA Forum Software Risk Management CQADoc No 19

    Risk Avoidance (Change Simulations Top 10 tracing

    Requirements (1sec to 2sec)

    Benchmarks Risk Assessment

    Risk Transfer Analysis Corrective Action

    Risk reduction Staffing

    Risk Element Planning

    Risk Plan Integration

    Example of a Risk Checklist (For Staffing)

    Will Your Project really get all the best

    people

    Are there critical skills for which nobody is

    identified

    Are there pressures to staff with available

    warm bodies

    Are there pressures to overstaff in the early

    phases

    Are the key project people compatible Do they have a realistic expectations about

    their project job

    Do their strength match their assignment Are they committed for the duration of the

    project

    Are they committed full time Are their task pre-requisites (Training,

    clearances etc)Satisfied

    Top ten Risk Items and Risk Management techniques

    S.No

    Risk Item Risk management Techniques

    1 Personnel Shortfalls Staffing with top talent; Key Personnel agreements; TeamBuilding & Training; Tailoring process to skill mix;Walkthroughs

    2 Unrealistic Schedules &Budgets

    Detailed Multi source Cost & Schedule Estimation;Designed to cost; Incremental Development; Software

    Reuse; Requirements De-Scoping; Adding more budget &Schedules; Outside Reviews

    3 Developing the wrongsoftware functions

    Organizational Analysis; Mission Analysis; OPS- Conceptformalization; User Surveys; Prototyping; Early User Manuals

    4 Developing the wrong userinterface

    Proto-typing; Scenarios User Characteristics ( Functionality,Style & Work load)

    5 Gold Plating Requirements Scrubbing; Prototyping; Cost Benefit analysis;Design to Cost;

    6 Continuing Stream of Requirement changes

    High Change Threshold; Info hiding; IncrementalDevelopment ( Defer Changes to later increment)

    7 Shortfalls in externallyfurnished components

    Benchmarking; Inspections; Reference checking;Compatibility analysis;

    8 Shortfalls in externallyperformed tasks

    Reference checking; Pre-award audits; Award fee contracts;Competitive design or prototyping; Team Building;

    9 Real-time PerformanceShortfalls

    Simulations; Benchmarking; Modeling; Prototyping;Implementation; tuning

    10 Straining Computer ScienceCapabilities

    Technical Analysis; Cost Benefit Analysis; Prototyping;Reference Checking

    Some of the other Risk factors and Risk Management Techniques

    S.no

    Type Management Techniques

    10718245.doc Page 2 of 4

  • 8/14/2019 Doc 19 Software Risk Management

    3/4

    Syntel CQA Forum Software Risk Management CQADoc No 19

    1 Requirements Mismatch Analysis

    Wrong functions; Wrong attributelevels; Response time; Reliability;modifiability; portability etc

    Organizational Analysis; Mission Analysis;Prototyping; modeling; Simulation; Business caseanalysis; Affordable to reviews; Incrementalevolutionary development ; Design to Cost /Schedule

    2 Legacy Software-

    Obsolete; incompatible; unmodifiable

    Software; Difficulty of incrementaltransition to new system.

    Legacy Software assessment; ReverseEngineering; Restructuring; Encapsulation; Re-Engineering; Outsourcing; Incremental Phase out

    A Chart here will show the risk prone areas and their Risk Description

    S.no

    Area Risk Description

    1 Requirements Frequent Changes, Management o f changes

    2 Architecture Maintainability

    3 Planning/Scheduling Estimation, Fire-fighting

    4 Program Construct Construct Type, Staff, Budget

    5 ConfigurationManagement

    Multiple baselines

    6 Communication Internal, with end users, with customers7 Development Process Definition, Product Control & Process Control

    8 Development System Management, Integration & LAN

    9 Personnel Training, MORALE

    Note: We fail to focus our effort to maximize item and we are not prioritizingRisk Exposure Calculation

    Risk Exposure calculation RE = Prob(Uo) * Loss(Uo) where Prob(Uo) = Probability ofUnsatisfactory Outcome

    Loss(Uo) = Loss if unsatisfactory outcome

    Components of Satisfactory outcomea. Cost, b. Schedule, c. Functionality, d. Operation, e. Support, f. Reuse,

    Risk Reduction Leverage = RE (before) RE (after)Risk Reduction cost

    The Root cause for major risks is primarily with the contract.

    Risk Taxonomy is nothing but classification of Risk. It can be divided into three groupsdefined below.

    A. Product Engineering

    Requirements

    Design Code/Unit Test IntegrationTest

    EngineeringSpecialties

    Stability Functionality Feasibility Environment Maintainability

    Completeness Difficulty Testing Product Reliability

    Clarity Interfaces Code /Implementation

    System Safety

    Validity Performance - - Security

    Feasibility Testability - - Human Faces

    Precedent Hardware - - Specification

    10718245.doc Page 3 of 4

  • 8/14/2019 Doc 19 Software Risk Management

    4/4

    Syntel CQA Forum Software Risk Management CQADoc No 19

    Constraints

    Scale Non-DevelopSoftware

    - - -

    B. Development Environment

    Developmen

    t Process

    Developm

    entSystem

    Management

    Process

    Management

    Methods

    Work Environment

    Formality Capacity Planning Monitoring Quality Attitude

    Suitability Suitability ProjectOrganization

    PersonnelManagement

    Cooperation

    ProcessControl

    Usability ManagementExperience

    Quality Assurance Communication

    Familiarity Familiarity Program Interfaces ConfigurationManagement

    MORALE

    ProductControl

    Reliability - - -

    - SystemSupport

    - - -

    - Deliverability

    - - -

    C. Program Environment

    Resources Contract Program Interfaces

    Schedule Type of Contract Customer

    Staff Restrictions Associate Customer

    Budget Dependencies Subcontractors

    Facilities Prime Contractors

    Corp Management

    Vendors

    Policies

    10718245.doc Page 4 of 4