UNIT-IV

MCA II SEM

Risk Management, Resource Allocation, Software Project Testing

[1]. Risk Management
A risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s
objectives.
Risk management is the systematic process of identifying, assessing, and mitigating threats or
uncertainties that can affect your organization. It involves analyzing risks’ likelihood and impact,
developing strategies to minimize harm, and monitoring measures’ effectiveness.
Loss may result from the following:
• financial risks such as cost of claims and liability judgments
• operational risks such as labor strikes
• perimeter risks including weather or political change
• strategic risks including management changes or loss of reputation

[2]. Categories of Risk

It defined the classification of risks in various business activities and provides a structured overview of
potential risks faced by them. Risk categories refer to the various types of risk that may occur in any
business during its daily operation. Such risks may be natural or man-made. Risks are handled with
through proper planning.
These project risk categories are not limited to any particular stage or level of an organization. It may arise
quite suddenly even through there is through planning and supervision. It is important to identify and
understand the effects of such risks to handle them on time. The following are the categories of risk –
#1 – Operational Risk
Operational risks occurs from improper implementation of processes, external issues (weather problems,
government regulations, political and environmental pressures, etc.) Examples of operational risks are
insufficient resources, failure in resolving conflicts, etc.
#2 – Budget Risk
Budget risk or cost risk can be defined as a risk that arises from an improper estimation of a budget
allocated to a particular project or process. The implications of such risks are delay in the completion of
project, premature handover of the project, failure to deliver the quality project or compromise in the
quality of the project.
#3 – Schedule Risk
When the release or completion of the project is not assessed and addressed correctly, the schedule risk
takes place. Such a risk can impact a project.
#4 – Technical Environment Risk
Technical environment risk can be regarded as the risk concerning the environment in which both the
customers and the clients operate.
#5 – Business Risk

1
Business risks can occur due to the unavailability of a purchase order, contracts in the initial stage of a
project, delay in the attainment of inputs from clients and customers, etc.
#6 – Information Security Risk
It is concerned with the breach of the confidentiality of a company’s or clients’ sensitive data. The
violation of such data can be a huge risk for an organization, and it might not just cause financial losses
but also result in loss of goodwill.
#7 – Technology Risk
Technology risks occur due to sudden or complete change in technology.
#8 – Supplier Risk
This risk occur when third-party supplier interference in the development of a particular project.
#9 – Resource Risk
Resource risk occurs due to improper management of a company’s resources such as its staff, budget, etc.
#10 – Quality and Process Risk
Quality and process risk occurs due to improper hiring of staff that is not well trained.
#11 – Project Planning
Project planning risks arises due to lack of proper planning concerning a project. This lack of project
planning can cost the project to sink and fail to meet the expectations of the clients as well.

[3]. A framework for dealing with Risk

Planning for risk includes these steps:
(i) risk identification;
(ii) risk analysis and prioritization;
(iii) risk planning;
(iv) risk monitoring.
Steps (i) to (iii) will be repeated. When risks are identified then plans can be made to reduce or remove
their threat. The plans are then reassessed to ensure that the original risks are reduced sufficiently and no
new risks introduced.

[4]. Risk Identification

The two main approaches to the identify risks: checklists and brainstorming.
Checklist

Checklists are simply lists of the risks that have been found to occur regularly. A list of software
development risks by Barry Boehm is shown in Table. A group of project stakeholders examines a
checklist. Often the checklist suggests potential solution for each risk.
Brainstorming

When the project plan is prepared then the main stakeholders identify (using their individual knowledge
of different parts of the project) the problems that might occur. This collaborative approach may generate
a sense of ownership in the project.
2
[5]. Assessment of Risks
A common problem with risk identification is that a list of risks is potentially endless. A way is needed
of distinguishing the damaging and likely risks. This can be done by estimating the risk exposure for each
risk using the formula:
risk exposure = (potential damage) X (probability of occurrence)
Generally, the potential damage is assessed as a money value. For example, let a project depended on a
data centre which is vulnerable to fire. If a fire occurred then we need a new computer configuration of
cost £500,000. The chances of a fire actually happening is a 1 in 1000 chance, that is a probability of
0.001.
In this case the risk exposure would be:
£500,000 x 0.001 = £500
The calculation of risk exposure above assumes that the amount of damage sustained will always be the
same. However, it is not true. For example, as software development proceeds, more software is created,
and more time would be needed to re-create it if it were lost.
With some risks, there could be not only damage but also gains. Ex- The testing of a software component
is scheduled to take six days, but is actually done in three days.
Most managers need very precise estimates of loss or the probability of occurring. Barry Boehm
suggested that, both the risk losses and the probabilities can be assessed using relative scales (0 to 10).
The two figures could then be multiplied to get a risk exposure. Table provides an example.

3
Risks can be assessed using qualitative descriptions of the possible impact and the likelihood of each risk.
The following tables shows this method.
TABLE: Qualitative descriptors of risk probability and associated range values

TABLE Qualitative descriptors of impact on cost and associated range values

[6]. Applying the PERT Technique

Using PERT to evaluate the effects of uncertainty
PERT can be used to estimate the uncertainty in s/w development. The PERT technique uses the following
three-step method for calculating the probability of meeting or missing a target date:
• Calculate the standard deviation of each project event;
• Calculate the z value for each event that has a target date;
• Convert z values to a probabilities.
The PERT method requires three estimates.
● Most likely time: It defines the time in which a task is completed under normal circumstances. It is
shown by the letter m.
● Optimistic time: It defines the time in which a task is completed with no risk or changes. This will be
the minimum time to complete the task. It is shown by the letter a.
● Pessimistic time: The worst possible time. The time in which a task is completed with all unfavorable
conditions with all negative risks. It is shown by the letter b.
PERT then combines these three estimates to form a single expected duration, te, using the formula

4
Calculate the standard deviation
The degree of uncertainty may be obtained by calculating the standard deviation s of an activity time,
using the formula

The standard deviation is proportional to the difference between the optimistic and pessimistic estimates
(a~b). It defines the degree of uncertainty or risk for each activity.
Calculating the z values
The z value is calculated for each node that has a target date. It is equivalent to the number of standard
deviations between the node’s expected and target dates. It is calculated using the formula

where te is the expected date and T the target date.

Converting z values to probabilities
A z value may be converted to the probability as per following figure.

Example: A project composed of eight activities whose durations have been estimated as shown in the
table A. Prepare a PERT chart for it.
Table A

5
 Table B

Table B provides additional information for the network. Calculate the expected duration, te, for each activity.

Answer: The Activity network is shown below:

The te and s are

The te, s and z values are
Activity Optimistic (a)
A 5
B 3
C 2
D 3.5
E 1
F 8
G 2
H 2
Most likely (m) Pessimistic (b) Te S Z
6 8
4 5
3 3
4 5
3 4
10 15
3 4
2 2.5