2. Introduction
An engineering project is expected to produce a
reliable product within a limited time, using limited
resources. Any project however, runs the risks of not
producing the desired product, overspending its
allotted resource budget or overrunning its allotted
time.
A risk is a potential problem - it might happen, it
might not. But, regardless of the outcome, it’s a really
good idea to identify it, assess its probability of
occurrence, estimate its impact, and establish a
contingency plan.
3. Introduction
Risk always involves two
characteristics:
Uncertainty – the risk may or may not
happen.
Loss – if the risk becomes a reality,
unwanted consequences or losses will
occur.
4. Risk Management
Risk management is concerned with
identifying risks and drawing up plans to
minimise their effect on a project.
Three categories of risks
Project Risks affect schedule or resources;
Product Risks affect the quality or
performance of the software being developed;
Business Risks affect the organisation
developing or procuring the software.
5. Risk Affects Description
Staff turnover Project Experienced staff will leave the project before it is finished.
Management change Project There will be a change of organisational management with
different priorities.
Hardware unavailability Project Hardware that is essential for the project will not be
delivered on schedule.
Requirements change Project and
product
There will be a larger number of changes to the
requirements than anticipated.
Specification delays Project and
product
Specifications of essential interfaces are not available on
schedule
Size underestimate Project and
product
The size of the system has been underestimated.
CASE tool under-
performance
Product CASE tools which support the project do not perform as
anticipated
Technology change Business The underlying technology on which the system is built is
superseded by new technology.
Product competition Business A competitive product is marketed before the system is
completed.
6. The Risk Management
Process
Riskavoidance
and contingency
plans
Riskplanning
Prioritised risk
list
Riskanalysis
List of potential
risks
Risk
identification
Risk
assessment
Risk
monitoring
7. The risk management process
Risk identification
Identify project, product and business risks;
Risk analysis
Assess the likelihood and consequences of
these risks;
Risk planning
Draw up plans to avoid or minimise the effects
of the risk;
Risk monitoring
Monitor the risks throughout the project;
8. Risk identification
A check list of different types of risks is
created.
Risks are categorised:
Technology risks: risks that derive from the
software of hardware technologies that are
used to develop the software.
People risks: risks that are associated with
the people in the development team.
9. Risk identification Organisational risks: risks that derive from
the organisational environment where the
software is being developed.
Tools Risks: risks that derive from the
CASE tools and other support software
used to develop the system.
Requirements risks: risks that derive from
changes to the customer requirements and
the process of managing the requirements
change
Estimation risks: risks that derive from the
management estimates of the system
characteristics and the resources required
10. Risks and risk types
Risk type Possible risks
Technology The database used in the system cannot process as many transactions per second
as expected.
Software components that should be reused contain defects that limit their
functionality.
People It is impossible to recruit staff with the skills required.
Key staff are ill and unavailable at critical times.
Required training for staff is not available.
Organisational The organisation is restructured so that different management are responsible for
the project.
Organisational financial problems force reductions in the project budget.
Tools The code generated by CASE tools is inefficient.
CASE tools cannot be integrated.
Requirements Changes to requirements that require major design rework are proposed.
Customers fail to understand the impact of requirements changes.
Estimation The time required to develop the software is underestimated.
The rate of defect repair is underestimated.
The size of the software is underestimated.
11. Risk Analysis
It attempts each risks in two ways –
probability that the risk is real and
consequences of the problems.
Eg. The probability of risk might be
assessed as very low(<10%), low (10-
25%), moderate (25-50%), high (50-
75%) or very high (>75%).
Eg. The effects of the risk might be
catastrophic, serious, tolerable or
insignificant.
12. Risk Planning
Strategies to manage risks.
Possible strategies:
Avoidance Strategy: Following these
strategies means that the probability that
the risk will arise will be reduced.
Eg.: Dealing with defective components:
Replace potentially defective components with
brought-in components of known reliability.
13. Risk Planning
Minimization strategy: Following these
strategies that the impact of the risk will be
reduced.
Eg. Dealing with staff illness: Reorganize team so
that there is more overlap of work and people
therefore understand each other’s jobs.
Contingency plans: Following these steps
means that you are prepared for the worst and
have a strategy in place to deal with.
Eg. Organizational financial problems: Prepare a
briefing document for senior management showing
how the project is making a very important
contribution to the goals of the business.
14. Risk Monitoring
Regularly assessing each of the identified
risks to decide whether or not that risk is
becoming more or less probable and
whether the effects of risks have changed.
Eg. Risk->People
Indicator: People staff morale, poor
relationships among staff members.
Eg. Risk->Tools
Indicator: Reluctance by team member to
use tools, complaints about CASE tools.