Software project management (intro)
Risk Management
Introduction
Risk of the development project’s not
proceeding according to plan


The risk of the project’s running late or over
budget and
The identification of the steps to avoid or to
minimize those risks
The nature of risk
Estimation errors
Planning assumptions
Eventualities (unforeseen events)
Managing risk
Objective:

To avoid or minimize the adverse effects of unforeseen
events by avoiding the risks or drawing up contingency
plans for dealing with them
Risk Identification
Risk Analysis
Risk Estimation
Risk Evaluation
Risk
Engineering
Risk Planning
Risk Control
Risk
Management
Risk Monitoring
Risk Directing
Risk Staffing
Managing risk (2)
Task breakdown

Risk identification
Listing all of the risks that can adversely affect the successful
execution of the project

Risk estimation
Assessing the likelihood and impact of each hazard

Risk evaluation
Ranking the risks and determining risk aversion strategies

Risk planning
Drawing up contingency plan and, where appropriate, adding these
to the project’s task structure

Risk control
Minimizing and reacting to problems

Risk monitoring
An ongoing activity, as the importance and likelihood of particular
risks can change as the project proceeds

Risk directing & risk staffing
Day-to-day management of risk
Risk Identification
Identify hazard:

Hazard -- an event that might occur and will, if it does
occur, create a problem for the successful completion
of the project.
To identify hazard:

Use a checklist listing all the possible hazards and
factor that influence them
Some hazards are:


Generic risks – relevant to all software projects
Specific risks – relevant to an individual project
Categories of factors
Application factors -- The nature of the application
Staff factors -- The experience and skills of the staffs
Project factors -- Project and its objectives well defined
Project methods -- Using well specified and structured method
Hardware/software factors -- Installation risk
Changeover factors -- All-in-one vs gradual changeover
Supplier factors – reliance on external organization
Environment factors – eg. Taxation regulation
Health and safety factors – though not generally a major
issue
Risk Analysis
Risk Likelihood:

The probability of a hazard’s occurring
Risk Impact:

The effect that the resulting problem will have
on the project
Risk Value or Risk Exposure

The importance of the risk
Risk exposure = risk likelihood * risk impact
Risk Analysis (2)
Simple scoring to provide a quantitative measure for
assessing the risk

Eg., 1 to 10 where
1 is the least likely
10 is the most likely
Hazard
Likelihood
Impact
Risk
Exposure
R1 – changes in requirements
5
7
35
R2 – specification takes longer
10
3
30
R3 – staff sickness
1
10
10
R…
Prioritizing the risks
Managing the risk involves the use of two
strategies


Reducing the risk exposure by reducing the
likelihood or impact
Drawing up contingency plans to deal with the
risk should it occur
Prioritizing the risks (2)
The risk exposures allow us to obtain an
approximate ranking in order of importance
However

We cannot interpret the risk exposure value
quantitatively
Eg., is value of 20 is twice as risk as value of 10?

The exposure value are too close for us to
distinguish between them
Eg., which one is more risky, value of 20 or 21?
Prioritizing the risks (33)
In addition to the risk exposure value,
there are generally other factors to
consider when prioritizing the risks:




Confidence of the risk assessment
Compound risks – ie, dependency between risks
The number of risks
Cost of action
Method: Risk Reduction Leverage (RRL)
RE before - RE after
RRL 
risk reducing cost
Strategies for risk reduction
Hazard prevention

Eg. Early scheduling for unavailability of staff
Likelihood reduction

Eg by prototyping
Risk avoidance

Eg, by increasing the duration estimates or reducing functionality
Risk transfer

Eg., contracting or taking insurance
Contingency planning

Eg. Using agency programmers for the absence of staff
Evaluating risks to the schedule
Not all risks can be eliminated
Two methods for assessing the effects of
these uncertainties on the project
schedule:

Using PERT to evaluate the effects of
uncertainty
Most likely time
Optimistic time
Pessimistic time
a  4m  b
te 
6
Using expected durations
Activity
Activity durations (weeks)
Optimistic
(a)
Most likely
(m)
Pessimistic
(b)
A
5
6
8
B
3
4
5
C
2
3
3
D
3.5
4
5
E
1
3
4
F
8
10
15
G
2
3
4
H
2
2
2.5
Examples: PERT activity time estimates
Expected times and Standard Deviation
Activity
Activity durations (weeks)
Optimistic
(a)
Most likely
(m)
Pessimistic
(b)
Expected
(te)
Std Dev
(s)
A
5
6
8
6.17
0.50
B
3
4
5
4.00
0.33
C
2
3
3
2.83
0.17
D
3.5
4
5
4.08
0.25
E
1
3
4
2.83
0.50
F
8
10
15
10.50
1.17
G
2
3
4
3.00
0.33
H
2
2
2.5
2.08
0.08
Std Dev  s = (b – a) / 6
PERT Network
Rather than say “the completion date for the project is …”,
we are lead to say “we expect to complete the project by …”
2
A
t = 6.17
B
t = 4.00
1
0
6.17
3
C
t = 2.83
D
t = 4.08
4
4
F
t = 10.5
9
E
t = 2.83
5
Event
number
Target
date
Expected
date
Standard
deviation
H
t = 2.08
10.5
6
13.5
G
t = 3.00
The likelihood of meeting
targets
The PERT techniques uses the following three
step method for calculating the probability of
meeting or missing a target date:



Calculate the standard deviation of each project event
Calculate the z value for each event that has a target
date
Convert z values to a probabilities
The likelihood of meeting targets (2)
Suppose that we must complete the project
within 15 weeks
We expect it will take 13.5 weeks but it could
take more or, perhaps, less
Suppose that activity C must be completed by
week 10
Event 5 represents the delivery of intermediate
products to the customer
PERT Network
2
A
t = 6.17
s = 0.50
1
0
0
B
t = 4.00
s = 0.33
6.17
0.50
3
4
0.33
F
t = 10.5
s = 1.17
C
t = 2.83
s = 0.17
D
t = 4.08
s = 0.25
4
10
9
0.53
E
t = 2.83
s = 0.50
H
t = 2.08
s = 0.08
G
t = 3.00
s = 0.33
5
10
10.5
1.17
PERT Network with three target dates and calculated event
standard deviations
6
15
13.5
1.22
Calculating the z values
It is equivalent to the number of standard
deviations between the node’s expected
and target dates
T - te
z
s
Where:
Te = the expected date
T = the target date
Converting z values to probabilities
Example:
Z value for project completion (event 6) is 1.23
The probability is about 11%
There is an 11% risk of not meeting the target date of the end of week 15
The advantages of PERT
The technique can be used to calculate the
standard deviation for each task and use this to
rank them according to their degree of risk
The probability of meeting any target set can be
estimated using the expected times and
standard deviations
By setting target dates along the critical path, we
can focus on those activities posing the greatest
risk to the project’s schedule