Software project management (intro) Risk Management Introduction Risk of the development project’s not proceeding according to plan The risk of the project’s running late or over budget and The identification of the steps to avoid or to minimize those risks The nature of risk Estimation errors Planning assumptions Eventualities (unforeseen events) Managing risk Objective: To avoid or minimize the adverse effects of unforeseen events by avoiding the risks or drawing up contingency plans for dealing with them Risk Identification Risk Analysis Risk Estimation Risk Evaluation Risk Engineering Risk Planning Risk Control Risk Management Risk Monitoring Risk Directing Risk Staffing Managing risk (2) Task breakdown Risk identification Listing all of the risks that can adversely affect the successful execution of the project Risk estimation Assessing the likelihood and impact of each hazard Risk evaluation Ranking the risks and determining risk aversion strategies Risk planning Drawing up contingency plan and, where appropriate, adding these to the project’s task structure Risk control Minimizing and reacting to problems Risk monitoring An ongoing activity, as the importance and likelihood of particular risks can change as the project proceeds Risk directing & risk staffing Day-to-day management of risk Risk Identification Identify hazard: Hazard -- an event that might occur and will, if it does occur, create a problem for the successful completion of the project. To identify hazard: Use a checklist listing all the possible hazards and factor that influence them Some hazards are: Generic risks – relevant to all software projects Specific risks – relevant to an individual project Categories of factors Application factors -- The nature of the application Staff factors -- The experience and skills of the staffs Project factors -- Project and its objectives well defined Project methods -- Using well specified and structured method Hardware/software factors -- Installation risk Changeover factors -- All-in-one vs gradual changeover Supplier factors – reliance on external organization Environment factors – eg. Taxation regulation Health and safety factors – though not generally a major issue Risk Analysis Risk Likelihood: The probability of a hazard’s occurring Risk Impact: The effect that the resulting problem will have on the project Risk Value or Risk Exposure The importance of the risk Risk exposure = risk likelihood * risk impact Risk Analysis (2) Simple scoring to provide a quantitative measure for assessing the risk Eg., 1 to 10 where 1 is the least likely 10 is the most likely Hazard Likelihood Impact Risk Exposure R1 – changes in requirements 5 7 35 R2 – specification takes longer 10 3 30 R3 – staff sickness 1 10 10 R… Prioritizing the risks Managing the risk involves the use of two strategies Reducing the risk exposure by reducing the likelihood or impact Drawing up contingency plans to deal with the risk should it occur Prioritizing the risks (2) The risk exposures allow us to obtain an approximate ranking in order of importance However We cannot interpret the risk exposure value quantitatively Eg., is value of 20 is twice as risk as value of 10? The exposure value are too close for us to distinguish between them Eg., which one is more risky, value of 20 or 21? Prioritizing the risks (33) In addition to the risk exposure value, there are generally other factors to consider when prioritizing the risks: Confidence of the risk assessment Compound risks – ie, dependency between risks The number of risks Cost of action Method: Risk Reduction Leverage (RRL) RE before - RE after RRL risk reducing cost Strategies for risk reduction Hazard prevention Eg. Early scheduling for unavailability of staff Likelihood reduction Eg by prototyping Risk avoidance Eg, by increasing the duration estimates or reducing functionality Risk transfer Eg., contracting or taking insurance Contingency planning Eg. Using agency programmers for the absence of staff Evaluating risks to the schedule Not all risks can be eliminated Two methods for assessing the effects of these uncertainties on the project schedule: Using PERT to evaluate the effects of uncertainty Most likely time Optimistic time Pessimistic time a 4m b te 6 Using expected durations Activity Activity durations (weeks) Optimistic (a) Most likely (m) Pessimistic (b) A 5 6 8 B 3 4 5 C 2 3 3 D 3.5 4 5 E 1 3 4 F 8 10 15 G 2 3 4 H 2 2 2.5 Examples: PERT activity time estimates Expected times and Standard Deviation Activity Activity durations (weeks) Optimistic (a) Most likely (m) Pessimistic (b) Expected (te) Std Dev (s) A 5 6 8 6.17 0.50 B 3 4 5 4.00 0.33 C 2 3 3 2.83 0.17 D 3.5 4 5 4.08 0.25 E 1 3 4 2.83 0.50 F 8 10 15 10.50 1.17 G 2 3 4 3.00 0.33 H 2 2 2.5 2.08 0.08 Std Dev s = (b – a) / 6 PERT Network Rather than say “the completion date for the project is …”, we are lead to say “we expect to complete the project by …” 2 A t = 6.17 B t = 4.00 1 0 6.17 3 C t = 2.83 D t = 4.08 4 4 F t = 10.5 9 E t = 2.83 5 Event number Target date Expected date Standard deviation H t = 2.08 10.5 6 13.5 G t = 3.00 The likelihood of meeting targets The PERT techniques uses the following three step method for calculating the probability of meeting or missing a target date: Calculate the standard deviation of each project event Calculate the z value for each event that has a target date Convert z values to a probabilities The likelihood of meeting targets (2) Suppose that we must complete the project within 15 weeks We expect it will take 13.5 weeks but it could take more or, perhaps, less Suppose that activity C must be completed by week 10 Event 5 represents the delivery of intermediate products to the customer PERT Network 2 A t = 6.17 s = 0.50 1 0 0 B t = 4.00 s = 0.33 6.17 0.50 3 4 0.33 F t = 10.5 s = 1.17 C t = 2.83 s = 0.17 D t = 4.08 s = 0.25 4 10 9 0.53 E t = 2.83 s = 0.50 H t = 2.08 s = 0.08 G t = 3.00 s = 0.33 5 10 10.5 1.17 PERT Network with three target dates and calculated event standard deviations 6 15 13.5 1.22 Calculating the z values It is equivalent to the number of standard deviations between the node’s expected and target dates T - te z s Where: Te = the expected date T = the target date Converting z values to probabilities Example: Z value for project completion (event 6) is 1.23 The probability is about 11% There is an 11% risk of not meeting the target date of the end of week 15 The advantages of PERT The technique can be used to calculate the standard deviation for each task and use this to rank them according to their degree of risk The probability of meeting any target set can be estimated using the expected times and standard deviations By setting target dates along the critical path, we can focus on those activities posing the greatest risk to the project’s schedule