Software Project Management

Lecture – 21, 22
￭ Risk & Risk Management Strategies
￭ Risk Management Processes
◦ Risk Management Planning
◦ Risk Identification
◦ Risk Analysis
◦ Risk Response Planning
◦ Risk Monitoring and Control

Softwares for Risk Management

Risk Management Sheets

Risk Management 2
Software Project Management

Hazard
“Any real or potential condition that can cause
damage or loss of equipment or property, or
mission degradation”

Risk
“Chance of hazard or bad consequences;
exposure to chance of injury or loss”
(Oxford Dictionary)

Risk Management 4
 Risk always involves two characteristics:
◦ Uncertainty
It may or may not happen.
◦ Loss
If the risk becomes reality, loss will occur.

Risk Management 5
“Risk management is the art and science of
identifying risks, and drawing up plans to
minimise their effect on a project.”

Risk Management 6
 “Risk Management is a practice with
processes, methods, and tools for managing
risks in a project.”

“A methodology that helps managers make

best use of their available resources.”

Risk Management 7
1. Reactive Strategy
◦ Do nothing until something goes wrong.
2. Proactive Strategy
◦ Risk analysis and management begins long
before the technical work is started.
◦ Potential risk are identified, their probability
and impact is analyzed and a contingency plan
is prepared.

Risk Management 8
“If you don’t actively attack the risks, they will
attack you actively.”

(Tom Gilb)

Risk Management 9
1. Known Risks
◦ Can be uncovered after a careful evaluation of
the project etc.
2. Predictable Risks
◦ Extrapolated from the past project experience.
3. Unpredictable Risks
◦ Extremely difficult to identify in advance.

Risk Management 10
Software Project Management
 Major processes are:
◦ Risk Management Planning
◦ Risk Identification
◦ Risk Analysis
 Qualitative Risk Analysis
 Quantitative Risk Analysis
◦ Risk Response Planning
◦ Risk Monitoring and Control

Risk Management 12
Risk Planning

Risk Identification

Risk Analysis

Risk Response Planning

Risk Monitoring and Control

Risk Management 13
Software Project Management
 Deciding how to approach and plan the
risk management activities for the
project.
 A planning and analysis meeting is
conducted to develop the risk
management plan.
 Attendees include PM, team members,
stakeholders and a risk management
specialist.

Risk Management 15
 Risk management activities are defined.
 Risk templates are defined.
 Risk categories are established.
 Risk probability and impact levels are
defined for that particular project.
 Hence, the final output is a Risk
Management Plan.

Risk Management 16
1. Methodology
2. Roles and responsibilities
3. Budget and schedule
4. Risk categories
5. Definition of risk probability and impact
6. Probability and impact matrix
7. Revised stakeholder’s tolerance
8. Reporting format
9. Risk Tracking

Risk Management 17
 P ro je c t

Te ch n ica l Ex te rn a l O rg a n iza tio n a l Pro je ct M a n a g e m e n t

Pro je ct
R e qu ire m e n ts S u b-C o n tra cto rs Es tim a tin g
D e pe n de n cie s

Te ch n o lo g y R e g u la to ry
R e s o u rce s Pla n n in g

C o m ple x ity &

M a rk e t
I n te rfa ce s
Fu n din g C o n tro llin g
Pe rfo rm a n ce
C u s to m e r
& R e lia bility

Prio ritiza tio n C o m m u n ica tio n

Q u a lity W e a th e r

Risk Management 18
Level Likelihood Probability
of
Occurrence
1 Not likely 0.1
2 Low likely 0.3
3 Likely 0.5
4 High likely 0.7
5 Near certainty 0.9

Risk Management 19
Non-linear Impact Scale

Level Likelihood Probability

of
Occurrence
1 Very low 0.05
2 Low 0.1
3 Moderate 0.2
4 High 0.4
5 Very high 0.8

Risk Management 20
Probabilit
Impact
y
0.9 0.05 0.09 0.18 0.36 0.72
0.7 0.04 0.07 0.14 0.28 0.56
0.5 0.03 0.05 0.10 0.20 0.40
0.3 0.02 0.03 0.04 0.12 0.24
0.1 0.01 0.01 0.02 0.04 0.08
0.05 0.1 0.2 0.4 0.8
<<
Risk Management 21
Software Project Management
 A systematic attempt to identify threats to
the project.
 And identifying their chances of
occurrence and impact.
 It is an iterative process.
 The output of this process is a risk
register.

Risk Management 23
 The risk register ultimately contains:
◦ List of identified risks
◦ List of potential Reponses
◦ Root causes of risk
◦ Updated risk categories

Risk Management 24
 Team
Brainstorming

Walkthroughs

Risk
Knowledge
Base

Spurious
Risk Management 25
1. Documentation Review
2. Gathering Information
◦ Brainstorming
◦ Interviewing
◦ The Delphi Technique
◦ Root Cause Identification
◦ SWOT (Strengths, Weaknesses, Opportunities,
Threats) analysis

Risk Management 26
3. RI checklists
4. Assumption Analysis
5. Diagramming Techniques
◦ Cause-and-effect diagram
◦ System and process flow diagram
◦ Influence diagram

Risk Management 27
Risk Identification Template
-- handouts --

Risk Management 28
Software Project Management
 Prioritizing risks based on their probability
and impact of occurrence.
 Risk can be grouped by category for
effective risk response planning.
 Organization can improve the project’s
performance effectively by focusing on
these high priority risks.
 This is also a repetitive process.

Risk Management 30
1. Expert judgment
2. Probability/Impact matrixes
3. The Top 10 Risk Item Tracking technique

>>

Risk Management 31
 Top 10 Risk Item Tracking is a tool for
maintaining an awareness of risk
throughout the life of a project.
 Establish a periodic review of the top 10
project risk items.
 List the current ranking, previous
ranking, number of times the risk
appears on the list over a period of time,
and a summary of progress made in
resolving the risk item.

Risk Management 32
 Monthly Ranking
Risk Item This Last Number Risk Resolution
Month Month of MonthsProgress
Inadequate 1 2 4 Working on revising the
planning entire project plan
Poor definition 2 3 3 Holding meetings with
of scope project customer and
sponsor to clarify scope
Absence of 3 1 2 Just assigned a new
leadership project manager to lead
the project after old one
quit
Poor cost 4 4 3 Revising cost estimates
estimates
Poor time 5 5 3 Revising schedule
estimates estimates

Risk Management 33
Software Project Management
 Numerically estimating the effects of
risks on project objectives.
 Often follows qualitative risk analysis,
but both can be done together or
separately.
 Large, complex projects involving leading
edge technologies often require
extensive quantitative risk analysis.

Risk Management 35
 Main techniques include
1. Decision tree analysis
2. Simulation
3. Sensitivity analysis

Risk Management 36
 A decision tree is a diagramming method
used to help you select the best course
of action in situations in which future
outcomes are uncertain.
 Expected Monetary Value (EMV) is a type
of decision tree where you calculate the
expected monetary value of a decision
based on its risk event probability and
monetary value.

Risk Management 37
Risk Management 38
 Simulation uses a representation or model of a
system to analyze the expected behavior or
performance of the system.
 Monte Carlo analysis simulates a model’s
outcome many times to provide a statistical
distribution of the calculated results.
 To use a Monte Carlo simulation, you must have
three estimates (most likely, pessimistic, and
optimistic) plus an estimate of the likelihood of
the estimate being between the optimistic and
most likely values.

Risk Management 39
 Sensitivity analysis is a technique used to show
the effects of changing one or more variables
on an outcome.
 For example, many people use it to determine
what the monthly payments for a loan will be
given different interest rates or periods of the
loan, or for determining break-even points
based on different assumptions.
 Spreadsheet software, such as Excel, is a
common tool for performing sensitivity analysis.

Risk Management 40
Software Project Management
 After identifying and quantifying risks,
you must decide how to respond to
them.
 Taking steps to enhance opportunities
and reduce threats to meeting project
objectives.
 A strategy or a mix of strategies is
developed to effectively handle the risks.

Risk Management 42
 Four main strategies are:
◦ Risk avoidance: eliminating a specific threat
or risk, usually by eliminating its causes.
◦ Risk acceptance: accepting the
consequences should a risk occur.
◦ Risk transference: shifting the consequence
of a risk and responsibility for its
management to a third party.
◦ Risk mitigation: reducing the impact of a risk
event by reducing the probability of its
occurrence.
◦ Contingency response plan: executed only if
certain events occur.

Risk Management 43
Software Project Management
 Risk Monitoring and Control includes:
◦ Monitoring identified and residual risks,
◦ Carrying out risk response plans,
◦ Changing the plan according to the situations.
◦ Identifying new risks,
◦ Evaluating the effectiveness of risk strategies
throughout the life of the project and

Risk Management 45
Software Project Management
 Databases can keep track of risks. Many
IT departments have issue tracking
databases.
 Spreadsheets can aid in tracking and
quantifying risks.
 More sophisticated risk management
software, such as Monte Carlo simulation
tools, help in analyzing project risks.

Risk Management 47
Software Project Management

-- handouts --
 Pressman, Roger “Software Engineering, a
practitioner’s approach, 5th Edition”
 Wysocki, Robert “Effective Project Management
2nd Edition”
 PMI “PMBOK 3.0”
 Jenkins, Nick “Project Management Primer v
2.0”
 DoD “Risk Management Guide”
 Schwalbe, Kathy “Information Technology
Project Management, 4th Edition”
 Wiegers, Karl E. “Know Your Enemy: Software
Risk Management”
 …

Risk Management 49
Software Project Management

Thanks!
Software Project Management
Lecture – 21, 22