14507_spm7

28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 1 Software Project Management Chapter Seven Risk management

Upload: mohit-dubey

Post on 08-Apr-2018

217 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 1/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009

1

Software Project Management

Chapter Seven

Risk

management

Page 2: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 2/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009

2

Some definitions of risk

¶an uncertain event or condition that, if it occurs, has a positive or 

negative effect on a project¶s objectives¶ 

µthe chance of exposure to the adverse consequences of future events¶ 

-P

RINCE2Key Elements :

Risks relate to possible future problems, not current ones

They involve a possible cause and its effect(s) e.g. developer 

leaves > task delayed

Page 3: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 3/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009

3

Categories of risk

Page 4: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 4/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009

4

A framework for dealing with risk

The planning for risk includes these steps:

Risk identification ± what risks might there be?

Risk analysis and prioritization ± which are the most

serious risks?Risk planning ± what are we going to do about them?

Risk monitoring ± what is the current state of therisk?

Page 5: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 5/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009

5

Risk identification

 Approaches to identifying risks include:

Use of checklists ± usually based on the experience

of past projects

Brainstorming ± getting knowledgeable stakeholders

together to identify risks about their project.

Page 6: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 6/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009

6

Boehm¶s top 10 development risks

  Risk Risk reduction techniques

Personnel shortfalls Staffing with top talent; job matching; teambuilding; training and

career development; early scheduling of key personnel

Unrealistic time and costestimates Multiple estimation techniques; design to cost; incrementaldevelopment; recording and analysis of past projects;

standardization of methods

Developing the wrong software

functions

Improved software evaluation; formal specification methods; user 

surveys; prototyping; early user manuals

Developing the wrong user 

interface

Prototyping; task analysis; user involvement

Page 7: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 7/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009

7

Boehm¶s top ten risk - continued

Gold plating Requirements scrubbing, prototyping,

design to cost

Late changes to

requirements

Change control, incremental development

Shortfalls in externallysupplied components Benchmarking, inspections, formal specifications,contractual agreements, quality controls

Shortfalls in externally

performed tasks

Quality assurance procedures, competitive design etc

Real time performance

problems

Simulation, prototyping, tuning

Development technically too

difficult

Technical analysis, cost-benefit analysis, prototyping ,

training

Page 8: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 8/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009

8

Risk analysis & prioritization

Risk exposure (RE)

= (potential damage) x (probability of occurrence)

I deally 

Potential damage: a money value e.g. a flood would cause £0.5millions of damage

Probability 0.00 (absolutely no chance) to 1.00 (absolutely certain)e.g. 0.01 (one in hundred chance)

RE = £0.5m x 0.01 = £0.005m

Page 9: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 9/28

Relative Scale of loss & Probability of risks

SPM (5e) risk management© The McGraw-Hill Companies, 2009 9

Page 10: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 10/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 10

Risk probability: qualitative

descriptors

 P robability level Range

High Greater than 50% chance of happening

Significant 30-50% chance of happening

Moderate 10-29% chance of happeningLow Less than 10% chance of happening

Page 11: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 11/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 11

Qualitative descriptors of impact on cost and

associated range values

 Impact level Range

High Greater than 30% above budgeted expenditure

Significant 20 to 29% above budgeted expenditure

Moderate 10 to 19% above budgeted expenditure

Low Within 10% of budgeted expenditure.

Page 12: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 12/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 12

Probability impact matrix

Page 13: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 13/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 13

Risk planning

Risks can be dealt with by:

Risk acceptance

Risk avoidance

Risk reduction & mitigation

Risk transfer 

Page 14: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 14/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 14

Risk ManagementContingency

Deciding on risk actions

Risk reduction leverage = (REbefore- REafter )/ (cost of risk

reduction)

REbefore

is risk exposure before risk reduction e.g. 1%

chance of a fire causing £200k damage

REafter is risk exposure after risk reduction e.g. fire alarm

costing £500 reduces probability of fire damage to 0.5%

RRL = (1% of £200k)-(0.5% of £200k)/£500 = 2

RRL > 1.00 therefore worth doing

Creating & maintaining the risk register 

Page 15: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 15/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 15

Page 16: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 16/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 16

Using PERT to evaluate the effects of 

uncertainty

PERT-Program evaluation review technique

1) Using PERT to evaluate the effects of 

uncertaintyThree estimates are produced for each activity

M ost likely time (m)

Optimistic time (a)

Pessimistic (b)

µexpected time¶ te = (a + 4m +b) / 6

µactivity standard deviation¶ S = (b-a)/6

Page 17: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 17/28

2) Using Expected durations

Expected durations(te) are used to carry out forward

pass through the network(similar to CPM).Here, calculated dates are not the earliest possible

dates but the expected dates (or most likely).

PERT places emphasis on uncertainty of real world so,

Rather than ³the completion date for project

is«««´

we say ³we expect the project to completeby«««.´

SPM (5e) risk management© The McGraw-Hill Companies, 2009 17

Page 18: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 18/28

Example for PERT

SPM (5e) risk management© The McGraw-Hill Companies, 2009 18

Page 19: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 19/28

PERT network after forward pass

Note: Figure indicates that we expect the project to take

13.5 weeks19

Page 20: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 20/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 20

3) Activity Standard DeviationsStandard Deviation is the quantitative measure of 

the degree of uncertainty of an activity duration estimate.s=b-a/6

S.D is proportional to difference between

optimistic & pessimistic estimates.

Page 21: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 21/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 21

4) Likelihood of meeting targets*Main advantage of PERT is that it provides methods for 

estimating probability of meeting or missing target dates.*There might be only single target date for the project

completion , but we might wish to set additional

intermediate targets.

Page 22: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 22/28

PERT uses following three step method for calculating the

probability of meeting or missing a target date:

a) Calculate s.d of each project event.b) Calculate the z value for each event that has a target date.

c) Converting z values to probabilities.

a) Calculate s.d of each project event :Can be calculated by carrying out forward pass.

s.d of event=sqrt (S12+ S22 )

Eg. i) s.d of event 3 depends solely on that of activity B .

Therefore s.d for event 3 is 0.33ii) For event 5 there are two possible paths,B+E or F. Total s.d

for path B+E is sqrt ( 0.332 + 0.502 ) = 0.6 & for path F is

1.17.So,s.d for event 5 is 1.17(greater out of the two)22

Page 23: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 23/28

b) Calculate the z values

Z value is calculated for each node that has a target

date.

z = T- te /sWhere,T is target date & te is expected date.

Eg, For event 4 z=(10-9.00)/0.53=1.8867

c) Converting z values to probabilities.

Z values can be converted to probability of not meeting

the target date by using the graph.

Eg, Z value for project completion(ie, event 6)is :

z=(15-13.5)/1.22=1.23

SPM (5e) risk management© The McGraw-Hill Companies, 2009 23

Page 24: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 24/28

Therefore, there is an 11% risk of not meeting the

target date of the end of week 15.

SPM (5e) risk management© The McGraw-Hill Companies, 2009 24

Page 25: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 25/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 25

A chain of activities

Task A Task B Task C

Task a m b te s

 A 10 12 16 ? ?

B 8 10 14 ? ?

C 20 24 38 ? ?

Page 26: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 26/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 26

A chain of activities

What would be the expected duration of the chain  A + B

+ C?

 Answer: 12.66 + 10.33 + 25.66 i.e. 48.65

What would be the standard deviation for  A + B+ C? Answer: square root of (12 + 12 + 32) i.e.

3.32

Page 27: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 27/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 27

Assessing the likelihood of meeting a

target

Say the target for completing  A+B+C was 52 days (T)

Calculate the z value thus

z = (T ± te)/s

In this example z = (52-48.33)/3.32 i.e. 1.01

Look up in table of z values ± see next overhead

Page 28: 14507_SPM7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 28/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009 28

Graph of z values