Semester VI IT Risk Management System- Part-I

---

Motivations

• When we looked at project selection we just took into account financial data

• In the scope management document we emphasized the importance of making our goals achievable, i.e. the A in SMART ... however between achievable and achieved there is a big difference.

• In the planning phase we had to deal with various uncertainties (estimation) and tried to deal with them generically (e.g. time buffers)

• We stuck to one plan (the nominal plan), but the world is non-nominal: changes, both negative and positive, will occur!

Definition:

Risk management collects techniques, know-how and processes to help identify, assess, manage, and monitor risks

The objectives of Project Risk Management are to increase the probability and the impact of positive events and decrease the probability and impact of events adverse to the project. 

Some Goals:

• Understanding whether a project is worth taking

• Help refining the budget for the project

• Increase chances of ending the project successfully

• Increase chances of terminating the project as planned:

– Within scope

– Within quality

– Within budget

– On time

Risk Management: Two Definitions

• “Traditionally”: – Risk is the possibility of suffering loss

• In project management: – (Project) Risk is an event or condition that, if it occurs has positive or negative influence on an objective

* Negative outcome: menace

* Positive outcome: opportunity

• Used in several fields, such as:

– Finance

– Insurance

– Engineering (safety critical, security, …)

• Various standards recognize the importance of risk in software development:

– ISO/IEC 12207 (Information Technology - Software life cycle processes)

– UNI EN 29000-3 (Guidelines for the application of ISO 9001 to software development and maintenance)

– UNI ISO 10006 (Guidelines for managing projects) • Various techniques (FMEA, FTA, simulation, …) have been defined and adopted to assess it.

Goals of the Unit

• Learning the techniques to identify, assess, prioritize, manage and control project risks

• Learning what are the most common risks in software development projects

• Learning how to budget for project risks

The Risk Management Process 

It runs in parallel to the other PM activities throughout the project

Defining Risk Management Standards Goal: describing how risk management will be structured and performed on the project.

– Output: a document (or set of documents and templates)

– Part of the project management plan

– Helps define project standards and best practices

Define Risk Management Standards

• The document includes, at a minimum:

– The procedures to monitor and update risks

– The procedures to apply contingency plans

– Who is in charge of what

• Added value:

– Definition of risk probabilities and impacts

– Risk Categories or other sources to identify risks

– Reporting formats

• A risk management plan could be standardized and adopted organization-wide

• Different projects require different levels of formality in risk management

Risk Identification Goal:

understanding what are the risk that could potentially influence the project and document their characteristics

– Risk identification is an iterative process (new risks may be identified as the project progresses; old risks may become “obsolete”)

– Output: Risk Register, basis for qualitative/quantitative risk analysis

Risk Identification and Classification

• Process (iterative):

– Collect:

* identify specific project risks

* describe the risk

– Analyze:

* Identify the root causes (do not misinterpret effects as causes)

* Define the risk category (impact) and probability

* Identify other useful characteristics:

– When it can occur or frequency of occurrence

– How it manifests

• Output:

– Risk Register

---

---