14507_spm7
TRANSCRIPT
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 1/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009
1
Software Project Management
Chapter Seven
Risk
management
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 2/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009
2
Some definitions of risk
¶an uncertain event or condition that, if it occurs, has a positive or
negative effect on a project¶s objectives¶
µthe chance of exposure to the adverse consequences of future events¶
-P
RINCE2Key Elements :
Risks relate to possible future problems, not current ones
They involve a possible cause and its effect(s) e.g. developer
leaves > task delayed
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 3/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009
3
Categories of risk
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 4/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009
4
A framework for dealing with risk
The planning for risk includes these steps:
Risk identification ± what risks might there be?
Risk analysis and prioritization ± which are the most
serious risks?Risk planning ± what are we going to do about them?
Risk monitoring ± what is the current state of therisk?
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 5/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009
5
Risk identification
Approaches to identifying risks include:
Use of checklists ± usually based on the experience
of past projects
Brainstorming ± getting knowledgeable stakeholders
together to identify risks about their project.
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 6/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009
6
Boehm¶s top 10 development risks
Risk Risk reduction techniques
Personnel shortfalls Staffing with top talent; job matching; teambuilding; training and
career development; early scheduling of key personnel
Unrealistic time and costestimates Multiple estimation techniques; design to cost; incrementaldevelopment; recording and analysis of past projects;
standardization of methods
Developing the wrong software
functions
Improved software evaluation; formal specification methods; user
surveys; prototyping; early user manuals
Developing the wrong user
interface
Prototyping; task analysis; user involvement
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 7/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009
7
Boehm¶s top ten risk - continued
Gold plating Requirements scrubbing, prototyping,
design to cost
Late changes to
requirements
Change control, incremental development
Shortfalls in externallysupplied components Benchmarking, inspections, formal specifications,contractual agreements, quality controls
Shortfalls in externally
performed tasks
Quality assurance procedures, competitive design etc
Real time performance
problems
Simulation, prototyping, tuning
Development technically too
difficult
Technical analysis, cost-benefit analysis, prototyping ,
training
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 8/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009
8
Risk analysis & prioritization
Risk exposure (RE)
= (potential damage) x (probability of occurrence)
I deally
Potential damage: a money value e.g. a flood would cause £0.5millions of damage
Probability 0.00 (absolutely no chance) to 1.00 (absolutely certain)e.g. 0.01 (one in hundred chance)
RE = £0.5m x 0.01 = £0.005m
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 9/28
Relative Scale of loss & Probability of risks
SPM (5e) risk management© The McGraw-Hill Companies, 2009 9
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 10/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 10
Risk probability: qualitative
descriptors
P robability level Range
High Greater than 50% chance of happening
Significant 30-50% chance of happening
Moderate 10-29% chance of happeningLow Less than 10% chance of happening
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 11/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 11
Qualitative descriptors of impact on cost and
associated range values
Impact level Range
High Greater than 30% above budgeted expenditure
Significant 20 to 29% above budgeted expenditure
Moderate 10 to 19% above budgeted expenditure
Low Within 10% of budgeted expenditure.
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 12/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 12
Probability impact matrix
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 13/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 13
Risk planning
Risks can be dealt with by:
Risk acceptance
Risk avoidance
Risk reduction & mitigation
Risk transfer
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 14/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 14
Risk ManagementContingency
Deciding on risk actions
Risk reduction leverage = (REbefore- REafter )/ (cost of risk
reduction)
REbefore
is risk exposure before risk reduction e.g. 1%
chance of a fire causing £200k damage
REafter is risk exposure after risk reduction e.g. fire alarm
costing £500 reduces probability of fire damage to 0.5%
RRL = (1% of £200k)-(0.5% of £200k)/£500 = 2
RRL > 1.00 therefore worth doing
Creating & maintaining the risk register
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 15/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 15
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 16/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 16
Using PERT to evaluate the effects of
uncertainty
PERT-Program evaluation review technique
1) Using PERT to evaluate the effects of
uncertaintyThree estimates are produced for each activity
M ost likely time (m)
Optimistic time (a)
Pessimistic (b)
µexpected time¶ te = (a + 4m +b) / 6
µactivity standard deviation¶ S = (b-a)/6
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 17/28
2) Using Expected durations
Expected durations(te) are used to carry out forward
pass through the network(similar to CPM).Here, calculated dates are not the earliest possible
dates but the expected dates (or most likely).
PERT places emphasis on uncertainty of real world so,
Rather than ³the completion date for project
is«««´
we say ³we expect the project to completeby«««.´
SPM (5e) risk management© The McGraw-Hill Companies, 2009 17
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 18/28
Example for PERT
SPM (5e) risk management© The McGraw-Hill Companies, 2009 18
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 19/28
PERT network after forward pass
Note: Figure indicates that we expect the project to take
13.5 weeks19
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 20/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 20
3) Activity Standard DeviationsStandard Deviation is the quantitative measure of
the degree of uncertainty of an activity duration estimate.s=b-a/6
S.D is proportional to difference between
optimistic & pessimistic estimates.
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 21/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 21
4) Likelihood of meeting targets*Main advantage of PERT is that it provides methods for
estimating probability of meeting or missing target dates.*There might be only single target date for the project
completion , but we might wish to set additional
intermediate targets.
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 22/28
PERT uses following three step method for calculating the
probability of meeting or missing a target date:
a) Calculate s.d of each project event.b) Calculate the z value for each event that has a target date.
c) Converting z values to probabilities.
a) Calculate s.d of each project event :Can be calculated by carrying out forward pass.
s.d of event=sqrt (S12+ S22 )
Eg. i) s.d of event 3 depends solely on that of activity B .
Therefore s.d for event 3 is 0.33ii) For event 5 there are two possible paths,B+E or F. Total s.d
for path B+E is sqrt ( 0.332 + 0.502 ) = 0.6 & for path F is
1.17.So,s.d for event 5 is 1.17(greater out of the two)22
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 23/28
b) Calculate the z values
Z value is calculated for each node that has a target
date.
z = T- te /sWhere,T is target date & te is expected date.
Eg, For event 4 z=(10-9.00)/0.53=1.8867
c) Converting z values to probabilities.
Z values can be converted to probability of not meeting
the target date by using the graph.
Eg, Z value for project completion(ie, event 6)is :
z=(15-13.5)/1.22=1.23
SPM (5e) risk management© The McGraw-Hill Companies, 2009 23
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 24/28
Therefore, there is an 11% risk of not meeting the
target date of the end of week 15.
SPM (5e) risk management© The McGraw-Hill Companies, 2009 24
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 25/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 25
A chain of activities
Task A Task B Task C
Task a m b te s
A 10 12 16 ? ?
B 8 10 14 ? ?
C 20 24 38 ? ?
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 26/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 26
A chain of activities
What would be the expected duration of the chain A + B
+ C?
Answer: 12.66 + 10.33 + 25.66 i.e. 48.65
What would be the standard deviation for A + B+ C? Answer: square root of (12 + 12 + 32) i.e.
3.32
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 27/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 27
Assessing the likelihood of meeting a
target
Say the target for completing A+B+C was 52 days (T)
Calculate the z value thus
z = (T ± te)/s
In this example z = (52-48.33)/3.32 i.e. 1.01
Look up in table of z values ± see next overhead
8/7/2019 14507_SPM7
http://slidepdf.com/reader/full/14507spm7 28/28
SPM (5e) risk management© The McGraw-Hill Companies, 2009 28
Graph of z values