14507_spm7

8/7/2019 14507_SPM7

http://slidepdf.com/reader/full/14507spm7 1/28

SPM (5e) risk management© The McGraw-Hill Companies, 2009

1

Software Project Management

Chapter Seven

Risk

management

8/7/2019 14507_SPM7



2

Some definitions of risk

¶an uncertain event or condition that, if it occurs, has a positive or

negative effect on a project¶s objectives¶

µthe chance of exposure to the adverse consequences of future events¶

-P

RINCE2Key Elements :

Risks relate to possible future problems, not current ones

They involve a possible cause and its effect(s) e.g. developer

leaves > task delayed

8/7/2019 14507_SPM7



3

Categories of risk

8/7/2019 14507_SPM7



4

A framework for dealing with risk

The planning for risk includes these steps:

Risk identification ± what risks might there be?

Risk analysis and prioritization ± which are the most

serious risks?Risk planning ± what are we going to do about them?

Risk monitoring ± what is the current state of therisk?

8/7/2019 14507_SPM7



5

Risk identification

Approaches to identifying risks include:

Use of checklists ± usually based on the experience

of past projects

Brainstorming ± getting knowledgeable stakeholders

together to identify risks about their project.

8/7/2019 14507_SPM7



6

Boehm¶s top 10 development risks

Risk Risk reduction techniques

Personnel shortfalls Staffing with top talent; job matching; teambuilding; training and

career development; early scheduling of key personnel

Unrealistic time and costestimates Multiple estimation techniques; design to cost; incrementaldevelopment; recording and analysis of past projects;

standardization of methods

Developing the wrong software

functions

Improved software evaluation; formal specification methods; user

surveys; prototyping; early user manuals

Developing the wrong user

interface

Prototyping; task analysis; user involvement

8/7/2019 14507_SPM7



7

Boehm¶s top ten risk - continued

Gold plating Requirements scrubbing, prototyping,

design to cost

Late changes to

requirements

Change control, incremental development

Shortfalls in externallysupplied components Benchmarking, inspections, formal specifications,contractual agreements, quality controls

Shortfalls in externally

performed tasks

Quality assurance procedures, competitive design etc

Real time performance

problems

Simulation, prototyping, tuning

Development technically too

difficult

Technical analysis, cost-benefit analysis, prototyping ,

training

8/7/2019 14507_SPM7



8

Risk analysis & prioritization

Risk exposure (RE)

= (potential damage) x (probability of occurrence)

I deally

Potential damage: a money value e.g. a flood would cause £0.5millions of damage

Probability 0.00 (absolutely no chance) to 1.00 (absolutely certain)e.g. 0.01 (one in hundred chance)

RE = £0.5m x 0.01 = £0.005m

8/7/2019 14507_SPM7


Relative Scale of loss & Probability of risks

SPM (5e) risk management© The McGraw-Hill Companies, 2009 9

8/7/2019 14507_SPM7



Risk probability: qualitative

descriptors

P robability level Range

High Greater than 50% chance of happening

Significant 30-50% chance of happening

Moderate 10-29% chance of happeningLow Less than 10% chance of happening

8/7/2019 14507_SPM7



Qualitative descriptors of impact on cost and

associated range values

Impact level Range

High Greater than 30% above budgeted expenditure

Significant 20 to 29% above budgeted expenditure

Moderate 10 to 19% above budgeted expenditure

Low Within 10% of budgeted expenditure.

8/7/2019 14507_SPM7



Probability impact matrix

8/7/2019 14507_SPM7



Risk planning

Risks can be dealt with by:

Risk acceptance

Risk avoidance

Risk reduction & mitigation

Risk transfer

8/7/2019 14507_SPM7



Risk ManagementContingency

Deciding on risk actions

Risk reduction leverage = (REbefore- REafter )/ (cost of risk

reduction)

REbefore

is risk exposure before risk reduction e.g. 1%

chance of a fire causing £200k damage

REafter is risk exposure after risk reduction e.g. fire alarm

costing £500 reduces probability of fire damage to 0.5%

RRL = (1% of £200k)-(0.5% of £200k)/£500 = 2

RRL > 1.00 therefore worth doing

Creating & maintaining the risk register

8/7/2019 14507_SPM7



8/7/2019 14507_SPM7



Using PERT to evaluate the effects of

uncertainty

PERT-Program evaluation review technique

1) Using PERT to evaluate the effects of

uncertaintyThree estimates are produced for each activity

M ost likely time (m)

Optimistic time (a)

Pessimistic (b)

µexpected time¶ te = (a + 4m +b) / 6

µactivity standard deviation¶ S = (b-a)/6

8/7/2019 14507_SPM7


2) Using Expected durations

Expected durations(te) are used to carry out forward

pass through the network(similar to CPM).Here, calculated dates are not the earliest possible

dates but the expected dates (or most likely).

PERT places emphasis on uncertainty of real world so,

Rather than ³the completion date for project

is«««´

we say ³we expect the project to completeby«««.´


8/7/2019 14507_SPM7


Example for PERT


8/7/2019 14507_SPM7


PERT network after forward pass

Note: Figure indicates that we expect the project to take

13.5 weeks19

8/7/2019 14507_SPM7



3) Activity Standard DeviationsStandard Deviation is the quantitative measure of

the degree of uncertainty of an activity duration estimate.s=b-a/6

S.D is proportional to difference between

optimistic & pessimistic estimates.

8/7/2019 14507_SPM7



4) Likelihood of meeting targets*Main advantage of PERT is that it provides methods for

estimating probability of meeting or missing target dates.*There might be only single target date for the project

completion , but we might wish to set additional

intermediate targets.

8/7/2019 14507_SPM7


PERT uses following three step method for calculating the

probability of meeting or missing a target date:

a) Calculate s.d of each project event.b) Calculate the z value for each event that has a target date.

c) Converting z values to probabilities.

a) Calculate s.d of each project event :Can be calculated by carrying out forward pass.

s.d of event=sqrt (S12+ S22 )

Eg. i) s.d of event 3 depends solely on that of activity B .

Therefore s.d for event 3 is 0.33ii) For event 5 there are two possible paths,B+E or F. Total s.d

for path B+E is sqrt ( 0.332 + 0.502 ) = 0.6 & for path F is

1.17.So,s.d for event 5 is 1.17(greater out of the two)22

8/7/2019 14507_SPM7


b) Calculate the z values

Z value is calculated for each node that has a target

date.

z = T- te /sWhere,T is target date & te is expected date.

Eg, For event 4 z=(10-9.00)/0.53=1.8867

c) Converting z values to probabilities.

Z values can be converted to probability of not meeting

the target date by using the graph.

Eg, Z value for project completion(ie, event 6)is :

z=(15-13.5)/1.22=1.23


8/7/2019 14507_SPM7


Therefore, there is an 11% risk of not meeting the

target date of the end of week 15.


8/7/2019 14507_SPM7



A chain of activities

Task A Task B Task C

Task a m b te s

A 10 12 16 ? ?

B 8 10 14 ? ?

C 20 24 38 ? ?

8/7/2019 14507_SPM7



A chain of activities

What would be the expected duration of the chain A + B

+ C?

Answer: 12.66 + 10.33 + 25.66 i.e. 48.65

What would be the standard deviation for A + B+ C? Answer: square root of (12 + 12 + 32) i.e.

3.32

8/7/2019 14507_SPM7



Assessing the likelihood of meeting a

target

Say the target for completing A+B+C was 52 days (T)

Calculate the z value thus

z = (T ± te)/s

In this example z = (52-48.33)/3.32 i.e. 1.01

Look up in table of z values ± see next overhead

8/7/2019 14507_SPM7



Graph of z values

14507_spm7

Documents