Spread Knowledge

CS605 - Software Engineering II - Lecture Handout 19

User Rating:  / 0
PoorBest 

Related Content: CS605 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Software Engineering II

Types of Risks

Each project is faced with many types of risks. These include:

  • Project risks
    • Will impact schedule and cost
    • Includes budgetary, schedule, personnel, resource, customer, requirement problems
  • Technical risks
    • Impact the quality, timelines, and cost
    • Implementation may become difficult or impossible
    • Includes design, implementation, interface, verification and maintenance problems
    • Leading edge technology

  • Business risks
    • Marketability
    • Alignment with the overall business strategy
    • How to sell
    • Losing budget or personnel commitments

Furthermore, there are predictable and unpredictable risks. Predictable risks can be uncovered after careful evaluation whereas unpredictable risks cannot be identified.

Risk Identification

It is the responsibility of the project manager to identify known and predictable risks. These risks fall in the following categories of generic risks and product specific risks. Generic risks are threats to every project whereas Product specific risks are specific to a particular project. The question to be asked in this context is: what special characteristics of this project may threaten your project plan? A useful technique in this regards is the preparation of a risk item checklist. This list tries to ask and answer questions relevant to each of the following topics for each software project:

    • Product size
    • Business impact
    • Customer characteristics
    • Process definition
    • Development environment
    • Technology to be built
    • Staff size and experience

    Assessing Overall Project Risks

    In order to assess the overall project risks, the following questions need to be addressed:

      • Have top software and customer managers formally committed to support the project?
      • Are end-users committed to the project and the system/product to be built?
      • Are requirements fully understood?
      • Have customers been involved fully in requirement definition?
      • Do end-users have realistic expectations?
      • Does the software team have right mix of skills?
      • Are project requirements stable?
      • Does the project team have experience with the technology to be implemented?
      • Is the number of people on the project team adequate to do the job?

      Risk components and drivers

      Each risk has many components and forces behind them. From this perspective, risks can be categorized into the following categories:

        • Performance risks
          • Degree of uncertainty that the product will meet its requirements and be fit for its intended use
        • Cost risks
          • The degree of uncertainty that the project budget will be maintained
        • Support risks
          • Resultant software will be easy to correct, enhance, and adapt
        • Schedule risks
          • Product schedule will be maintained

        Each risk has its own impact and can be characterized as negligible, marginal, critical, or catastrophic.

        This is summarized in the following table:

         Risk Impact

         

        Performance

        Support

        Cost

        Schedule

        Catastrophic

        Consequence of error

        Failure to meet the requirements will result in mission failure

        Results in increased cost and schedule delays. Expected value in excess of $500K

        Consequence of failure to achieve desired result

        Significant degradation

        Non-responsive or unsupportable

        Budget overrun likely

        Unachievable

        Critical

        Consequence of error

        Would degrade performance to a point where mission success is questionable

        Results in operational delays and or increased cost with expected value of $100K-$500K

        Consequence of failure to achieve desired result

        Some reduction in technical performance

        Minor delays

        Possible overrun

        Possible slippage

        Marginal

        Consequence of error

        Result in degradation of secondary mission

        Expected value <$100K

        Consequence of failure to achieve desired result

        Small reduction

        Responsive

        Sufficient financial resources

        Realistic

        Negligible

        Consequence of error

        Inconvenience

        Minor

        Consequence of failure to achieve desired result

        No reduction

        Supportable

        Budget under run possible

        achievable


        Risk Projection

        Risk projection is concerned with risk estimation. It attempts to rate risks in two ways: likelihood and consequences. There are four risk project activities. These are:

          • Establish a scale that reflects the perceived likelihood of risk
          • Delineate the consequences
          • Estimate impact
          • Note the overall accuracy of risk projection
           This process is exemplified with the help of the following table:

          Risk

          Category

          Probability

          Impact

          RMMM

          Size estimate may be significantly low
          Larger number of users than planned
          Less reuse than planned
          End-users resist system
          Delivery deadline will be tightened
          Funding will be lost
          Customer will change requirements
          Technology will not meet expectations
          Lack of training on tools
          Staff inexperienced
          Staff turnover will be high

          PS
          PS
          PS
          BU
          BU
          CU
          PS
          TE
          DE
          ST
          ST

          60%
          30%
          70%
          40%
          50%
          40%
          80%
          30%
          80%
          30%
          60%

          2
          3
          2
          3
          2
          1
          2
          1
          3
          2
          2

           


          Where impacts are codified as follows:

          1: catastrophic             2: critical         3: marginal      4: negligible

          and RMMM stands for risk mitigation, monitoring, and management plan.