Upload
pascha
View
22
Download
2
Tags:
Embed Size (px)
DESCRIPTION
U08784 Software Project Management. lecturer: Timothy Au email: [email protected] url: www.geocities/timothykfau/2007/u08784. What have we learnt last week. In this lecture, you will learn : Project Estimation: An Introduction to COCOMO 5a An Introduction to COCOMO (Word document) 5b - PowerPoint PPT Presentation
Citation preview
11
U08784 U08784 Software Project ManagementSoftware Project Management
lecturer: Timothy Aulecturer: Timothy Auemail: [email protected]: [email protected]
url: www.geocities/timothykfau/2007/u08784url: www.geocities/timothykfau/2007/u08784
22
What have we learnt last weekWhat have we learnt last week
In this lecture, you will learn :In this lecture, you will learn :• Project Estimation: An Introduction to COCOMO Project Estimation: An Introduction to COCOMO 5a5a
• An Introduction to COCOMO An Introduction to COCOMO (Word document)(Word document) 5b5b
• An Introduction to Estimating An Introduction to Estimating 5c5c
• The COnstructive COst MOdel (COCOMO) The COnstructive COst MOdel (COCOMO) 5d5d
In the second-half lecture,In the second-half lecture,• Week 2 Exercise Ex. COCOMO (Page 153-158) Week 2 Exercise Ex. COCOMO (Page 153-158) • Measure Software Quality (Page 163-175) 6aMeasure Software Quality (Page 163-175) 6a• Estimating Function Point Analysis (Page 186-192) Estimating Function Point Analysis (Page 186-192)
6e6e
33
Lecture 5Lecture 5
In this lecture, you will learn :In this lecture, you will learn :• Risk Management Risk Management 3a3a
• Risk Analysis ReportRisk Analysis Report In the second-half lecture,In the second-half lecture,
• RMMM Report ExampleRMMM Report Example RMMM Report 1 RMMM Report 1 3b3b
RMMM Report 2 RMMM Report 2 3c3c
44
Lecture OutcomesLecture Outcomes You should be able to understand the following upon You should be able to understand the following upon
this lecture:this lecture:• Risk Identification, Risk Analysis, Risk Treatment and Risk Identification, Risk Analysis, Risk Treatment and
Risk MitigationRisk Mitigation• How to prepare a Risk Analysis reportHow to prepare a Risk Analysis report
Project MilestonesProject Milestones• Have done your effort estimation: cost effort & durationHave done your effort estimation: cost effort & duration• Prepare cost justification on your projectPrepare cost justification on your project• Refine your detailed project plan (individual)Refine your detailed project plan (individual)• Prepare risk treatment and mitigation plan for your project Prepare risk treatment and mitigation plan for your project
risks (risk analysis report)risks (risk analysis report)• Draft Quality PlanDraft Quality Plan
55
Risk Analysis and ManagementRisk Analysis and Management
Risk Risk • PM-BOK defines risk asPM-BOK defines risk as
‘‘an uncertain event or condition that, if occurs,, has a an uncertain event or condition that, if occurs,, has a positive or negative effect on project’s objectives’.positive or negative effect on project’s objectives’.
• PRINCE2 defines risk asPRINCE2 defines risk as ‘‘the chance of exposure to the adverse consequences of the chance of exposure to the adverse consequences of
future events.’future events.’
66
Risk Analysis and ManagementRisk Analysis and Management Risk Risk
• concerns future happeningsconcerns future happenings• involves changeinvolves change• involves choicesinvolves choices• involves involves causecause and and effecteffect
Risk concerns future changes and uncertainties and risk management deals Risk concerns future changes and uncertainties and risk management deals with managing uncertainties. with managing uncertainties.
Reactive and Proactive strategiesReactive and Proactive strategies• Risk can be dealt with reactive strategy – Risk can be dealt with reactive strategy – fire fighting modefire fighting mode..• A more intelligent strategy for risk management is to be proactive. A more intelligent strategy for risk management is to be proactive.
A proactive strategy begins long beforeA proactive strategy begins long before Potential risks are identified, their probabilities and impacts are assessed, and Potential risks are identified, their probabilities and impacts are assessed, and they are ranked by importance.they are ranked by importance. Then, the software team establishes a plan for managing the risk. Then, the software team establishes a plan for managing the risk. The primary objective is to avoid risk, but because not all risks can be avoided, the The primary objective is to avoid risk, but because not all risks can be avoided, the
team works to develop a contingency plan that will enable it to respond in a team works to develop a contingency plan that will enable it to respond in a controlled and effective manner.controlled and effective manner.
• In this lecture, we will discuss a proactive strategy for risk management. In this lecture, we will discuss a proactive strategy for risk management.
77
Risk ManagementRisk Management
The risk management provides a systematic decision-The risk management provides a systematic decision-making process to effectively deals with uncertainty making process to effectively deals with uncertainty in accomplishing program objectives.in accomplishing program objectives.• Risk Identification. Risk Identification.
• Risk AnalysisRisk Analysis
• Developing & Implementing Risk Mitigation Plan Developing & Implementing Risk Mitigation Plan
• Risk Monitoring and Tracking & ControlRisk Monitoring and Tracking & Control
88
Risk IdentificationRisk Identification Risk identification can be viewed from five different Risk identification can be viewed from five different
areas:areas:• Project-wise risks Project-wise risks
• restricted or untimely funding, mandated schedules, excessive contractual restricted or untimely funding, mandated schedules, excessive contractual requirements and constraints or political risksrequirements and constraints or political risks ..
• Technical risksTechnical risks• involves the risk of meeting performance requirement or a safety or security involves the risk of meeting performance requirement or a safety or security
requirement and may also include risks in the feasibility of a design concept or requirement and may also include risks in the feasibility of a design concept or the risks associated with using state-of-the-art hardware or softwarethe risks associated with using state-of-the-art hardware or software
• Quality risksQuality risks• occurs when the development practices that were to be used to develop a occurs when the development practices that were to be used to develop a
product are not actually followed. This can result in a product that does not product are not actually followed. This can result in a product that does not satisfy requirements.satisfy requirements.
• Logistics risks Logistics risks • include reliability, maintainability, operability and suitability concernsinclude reliability, maintainability, operability and suitability concerns
• Distribution risks Distribution risks • or operational risks (also called deployment risks) can result in improper installation and or operational risks (also called deployment risks) can result in improper installation and
use of the product, which can, impact its use by customersuse of the product, which can, impact its use by customers
99
Factors affecting Cost and Schedule Factors affecting Cost and Schedule risksrisks
Factors affecting Cost and Schedule risks Factors affecting Cost and Schedule risks • Uncertain requirements. Uncertain requirements.
• The requirements of the project are initially not known or well understood. This can The requirements of the project are initially not known or well understood. This can result in very large cost and schedule estimation errors being built to a project.result in very large cost and schedule estimation errors being built to a project.
• Incorrect cost estimates. Incorrect cost estimates. • Even if requirements are well understood, errors can occur during the estimation process. Even if requirements are well understood, errors can occur during the estimation process.
These can be as simple as data entry errors as complex as using unrealistic factors in the These can be as simple as data entry errors as complex as using unrealistic factors in the estimation model or not compensating for changes.estimation model or not compensating for changes.
• Requirement creeping. Requirement creeping. • Increase in system requirement is not reflected by a corresponding increase in budget or the schedule.Increase in system requirement is not reflected by a corresponding increase in budget or the schedule.
• Schedule compression. Schedule compression. • It is usually brought about by incorrect schedule estimates or commitments before the project starts or by It is usually brought about by incorrect schedule estimates or commitments before the project starts or by
pressure from upper management or the customer. Thus creates schedule risks and usually results in a pressure from upper management or the customer. Thus creates schedule risks and usually results in a non-linear increase in costs drastically!non-linear increase in costs drastically!
• Unreasonable budget. Unreasonable budget. • It might be based on incorrect assumptions or analyze or on a decision that project will be bid for the It might be based on incorrect assumptions or analyze or on a decision that project will be bid for the
price.price.
1010
Factors affecting Requirement risksFactors affecting Requirement risks
Factors affecting Requirement risksFactors affecting Requirement risks• Incorrect cost estimates.Incorrect cost estimates.
• Requirements that attempts to specify user needs and customer expectations that contains errors. Most likely rework will be the Requirements that attempts to specify user needs and customer expectations that contains errors. Most likely rework will be the result.result.
• Incomplete requirements.Incomplete requirements. • Requirements that do not specify desired product features or particular aspects of desired products features. Cost and schedule will Requirements that do not specify desired product features or particular aspects of desired products features. Cost and schedule will
both grow.both grow.
• Inconsistent requirements. Inconsistent requirements. • Requirements that conflicts with other requirements. Rework and loss of quality will be likely the result.Requirements that conflicts with other requirements. Rework and loss of quality will be likely the result.
• Unexpectedly hard requirements.Unexpectedly hard requirements. • Requirements that result in a technically difficult or complex product that is either difficult to design or to implement. Cost, Requirements that result in a technically difficult or complex product that is either difficult to design or to implement. Cost,
schedule and quality are all put into risk.schedule and quality are all put into risk.
• Infeasible requirements. Infeasible requirements. • Requirements that cannot be achieved using current available people, tools or technology.Requirements that cannot be achieved using current available people, tools or technology.
1111
Factors affecting Requirement risksFactors affecting Requirement risks
Factors affecting Requirement risks (continued)Factors affecting Requirement risks (continued)• Unclear requirements. Unclear requirements.
• Requirements that have one ore more semantic interpretation. Rework is likely or customer dissatisfaction.Requirements that have one ore more semantic interpretation. Rework is likely or customer dissatisfaction.
• Unverifiable requirements. Unverifiable requirements. • Requirements that have no finite process exists to verify the products meet the requirements. Effort may be Requirements that have no finite process exists to verify the products meet the requirements. Effort may be
misdirectedmisdirected..
• Untraceable requirements. Untraceable requirements. • Requirements that have no audit trail from the requirements to tested code. Unpredictable effort may be expended.Requirements that have no audit trail from the requirements to tested code. Unpredictable effort may be expended.
• Volatile requirements. Volatile requirements. • Requirements that are constantly changing as some requirements are added, removed, changed or reinterpreted. Cost, Requirements that are constantly changing as some requirements are added, removed, changed or reinterpreted. Cost,
schedule and quality are all likely to impactschedule and quality are all likely to impact
1212
Categories of Risk Categories of Risk
When risks are analyzed, it is important to quantify the level When risks are analyzed, it is important to quantify the level of uncertainty and the degree of loss associated of the risk. of uncertainty and the degree of loss associated of the risk.
To accomplish this, different categories of risks are To accomplish this, different categories of risks are considered:considered:
• Project RisksProject Risks• It threaten the project plan. If the project risks become real, it is likely It threaten the project plan. If the project risks become real, it is likely
that the project schedule will slip and that costs will increase.that the project schedule will slip and that costs will increase.
• Technical RisksTechnical Risks• It threaten the quality and timeliness of the software to be produced. It threaten the quality and timeliness of the software to be produced.
If technical risk becomes a reality, implementation may become If technical risk becomes a reality, implementation may become difficult or impossible.difficult or impossible.
• Business RisksBusiness Risks• It threatens the viability of the software to be built. Business risks It threatens the viability of the software to be built. Business risks
often jeopardize the project or the product. often jeopardize the project or the product.
1313
Risk AnalysisRisk Analysis
How big is the risk?How big is the risk?• There are categories of risk that may affect the There are categories of risk that may affect the
project: project: TechnicalTechnical Project ScheduleProject Schedule CostCost Business Business
1414
Risk AnalysisRisk Analysis
Top TEN Risk ListTop TEN Risk List• The following is a list of risk Top Ten Risk in this week for The following is a list of risk Top Ten Risk in this week for
the period of dd/mm/yyyy to dd/mm/yyyy:the period of dd/mm/yyyy to dd/mm/yyyy: Rank Rank this this weekweek
Rank Rank last last weekweek
Highest Highest RankRank
No. of No. of weeks weeks on liston list
Risk Risk LevelLevel
CategoryCategory ProblemProblem Risk Risk handling handling approachapproach
StatusStatus OwnerOwner
11 33 11 22 HighHigh BusinessBusiness Requirement creepingRequirement creeping
22 22 22 11 HighHigh Project Project Unexpected schedule Unexpected schedule delaydelay
33 11 11 44 HighHigh BusinessBusiness
44 -- -- 22 Medium Medium TechnicalTechnical Development tools Development tools acquisition acquisition
55 44 44 11 MediumMedium TechnicalTechnical Computer network faultComputer network fault
66 77 55 44 MediumMedium CostCost Staff turnoverStaff turnover
77 55 66 33 LowLow BusinessBusiness
88 99 88 33 LowLow TechnicalTechnical
99 -- -- --
1010 -- -- --
1515
Risk AnalysisRisk Analysis
Risk GridRisk Grid
Risk Grid
Lik
elihood
5
4
3
2
1
1 2 3 4
Consequence
Risk Level
H High
M Medium
L Low
1616
Risk AnalysisRisk Analysis
LikelihoodLikelihood• What is the Likelihood that the risk will happen? What is the Likelihood that the risk will happen?
Level Certainty Likelihood
5 Nearly certainty
Cannot mitigate this type of risk. NO known processes or alternative available (>90% chance it will happen)
4 Highly likely Cannot mitigate this risk, but a different approach might (>66.7% chance it will happen)
3 Likely May mitigate this risk but alternative approach(es) MAY BE required (~50% chane it will happen)
2 Low Likelihood
Have usually mitigated this type of risk with minimal oversight in similar cases (<33.3% chance it will happen)
1 Not Likely Will effectively avoid or mitigate this risk based on standard practices (<10% chance it will happen)
1717
Risk AnalysisRisk Analysis
ConsequenceConsequence• Given the risk is realized, what would be the magnitude of the impact?Given the risk is realized, what would be the magnitude of the impact?
Level Technical Schedule Cost
1 Minimal Impact Minimal Impact Minimal Impact
2 Minor performance shortfall, same approach retained
Additional tasks required, able to meet key milestones
Development or acquisition cost slightly increase to 1%
3 Moderate performance shortfall, alternative available
Monitor schedule slippage, will impact to some milestone(s) without workaround
Development or acquisition cost mildly increase to >1% & 5%
4 Unacceptable performance but alternative available
Program critical path impact but workaround available
Development or acquisition cost considerably increase to >5% & 10 %
5 Unacceptable performance and NO alternative exist
No known way to achieve program milestones
Development or acquisition cost significantly increase to > 10 %
1818
Risk EstimationRisk Estimation
Risk ExposureRisk Exposure• RE = Probability x CostRE = Probability x Cost
Growth (%)
Probability Product Size (LOC/FP)
Cost Exposure
Schedule Exposure
Risk Exposure
0-5 40 200 ~ 0 ~ 0
5-10 25 265-285 $100-200 K 0 – 2 weeks
10-15 20 285-300 $200-300K 2 – 3 weeks
15-20 15 300-400 $300-400K 3 – 4 weeks
Distribution of Software Growth and Resulting Exposure
1919
Risk Mitigation, Monitoring and Risk Mitigation, Monitoring and ManagementManagement
All of the above risk analysis activities up to All of the above risk analysis activities up to this point have a common goal this point have a common goal • to assist the project team to develop a strategy for to assist the project team to develop a strategy for
dealing with risk.dealing with risk. An effective strategy must consider the An effective strategy must consider the
following THREE issues:following THREE issues:• Risk avoidance (always the best strategy)Risk avoidance (always the best strategy)• Risk monitoringRisk monitoring• Risk management and contingency plan Risk management and contingency plan
2020
Risk MitigationRisk Mitigation
The risk mitigation plan:The risk mitigation plan:
Risk Mitigation PlanDescription of Potential Risk
Probability (L/M/H)
Potential Implications
Avoidance / Prevention Strategies
Contingency / Recovery Strategies
2121
Risk TreatmentRisk Treatment
Risk treatment: select risk mitigation process. Risk treatment: select risk mitigation process. How How can you reduce the risk?can you reduce the risk?• Risk Avoidance (always the preferred choice)Risk Avoidance (always the preferred choice)• Risk Acceptance (or Assumption)Risk Acceptance (or Assumption)• Problem Control (or Prevention)Problem Control (or Prevention)• Risk TransferRisk Transfer• Research & KnowledgeResearch & Knowledge
2222
Risk TreatmentRisk Treatment
What next?What next?• Assess the New Risk Level if implementedAssess the New Risk Level if implemented
HighHigh MediumMedium LowLow
• Action to be taken if implementedAction to be taken if implemented Change budget to include Mitigation activitiesChange budget to include Mitigation activities Change planning to include Mitigation eventsChange planning to include Mitigation events Change schedule to include Mitigation activitiesChange schedule to include Mitigation activities Communicate changes to stakeholdersCommunicate changes to stakeholders
• Estimating Risk Impacts and Avoidance CostsEstimating Risk Impacts and Avoidance Costs
2323
Risk Analysis DocumentRisk Analysis Document
A sample table of contents of a typical risk analysis A sample table of contents of a typical risk analysis document is as follows:document is as follows:• IntroductionIntroduction• PurposePurpose• Risk ManagementRisk Management• Risk IdentificationRisk Identification• TOP TEN Risk ListTOP TEN Risk List• Risk AnalysisRisk Analysis• Risk Mitigation StrategyRisk Mitigation Strategy• Risk Mitigation PlanRisk Mitigation Plan• ReferenceReference
2424
Risk Analysis DocumentRisk Analysis Document
PurposePurpose• This document describes how we will perform the job of managing This document describes how we will perform the job of managing
risks for risks for <YourProject> System<YourProject> System.. The purpose of this risk mitigation The purpose of this risk mitigation plan is to outline the risks that have been identified by the team as plan is to outline the risks that have been identified by the team as having highest probability to impact our schedule. These risks have having highest probability to impact our schedule. These risks have been categorized as High, Medium and Low. been categorized as High, Medium and Low.
• The risk analysis and mitigation plan contains the following:The risk analysis and mitigation plan contains the following: Risk identification – the project risks, technical risks and cost risks Risk identification – the project risks, technical risks and cost risks
are categorized and listed.are categorized and listed. A risk mitigation strategy and activities for each identified risks are A risk mitigation strategy and activities for each identified risks are
planned planned
2525
The RMMM PlanThe RMMM Plan
The RMMM Plan is an integral part of your project The RMMM Plan is an integral part of your project planplan• A risk management strategy can be included in the A risk management strategy can be included in the
software plan software plan
• Or we can say the risk management steps can be organized Or we can say the risk management steps can be organized into a separate Risk Mitigation, Monitoring and into a separate Risk Mitigation, Monitoring and Management Plan (The RMMM Plan).Management Plan (The RMMM Plan).
• This RMMM Plan documents all works performed as part This RMMM Plan documents all works performed as part of the Risk Analysis and is used by the project manager as of the Risk Analysis and is used by the project manager as part of the overall project plan.part of the overall project plan.