Risk Management Plan
Overview:
These are the potential risks to the Dynamic Interactive Communication
Environment development project. Risks have been analyzed and classified in two
categories: the probability of the risk occurring and the how difficult it will be to correct
the risk should it occur. This listing of risks has been evaluated and ranked according to
these characteristics.
Risk Chart
Risk:
Our most significant risk is that of technology compatibility. We are tapping into
several different communication methods, such as streaming voice, application
sharing, and other instant messaging mediums. Being able to leverage these
resources to fit into the different web browsers and operating systems on the market
today will be a challenge. Choosing how to implement these, either with a
homegrown solution or from tapping into open-source tools, will require certain
mitigation. We have determined that the best mitigation for this risk is through
extensive testing, software compatibility research, and getting advice from experts in
these communication areas. This risk is defined with a probability of 4 and an impact
of 5, making it a serious risk.
Our second risk is database availability. This risk is defined as the potential for a
specific college or university to have a “closed door” policy with its student enrollment
database. Although most schools do have to have daily data dumps, which are made
available, there must be some political roads that need to be navigated to ensure this
interface can happen. A possible mitigation if this occurs is to create a voluntary sign up
that is faculty and staff controlled. Another mitigation would be to look at other systems
in the university, which have similar data which information can be transferred from.
This risk has a probability of 3 and an impact of 4, making it a moderate risk.
University (customer) acceptance is the next risk to address. Embracing a new
enterprise-level application on the university or college level can be difficult, since it
requires significant cost. The cost factor is usually why customers do not embrace the
new technologies or applications. However, with marketing techniques we can mitigate
this risk. We must make the customer aware of the benefits that they will receive, along
with the features of the product. Additionally, we need to make the ROI clear and easy to
understand for the customer, so that they can identify the impact on their financial aspects
and how in the long run, DICE is a money saving application. This risk gets a 3 for
probability and a 4 for impact, making it a moderate risk.
The Family Educational Rights and Privacy Act (FERPA) clearly states that
information pertaining to the current enrollment of a student is sensitive information that
cannot be disclosed, unless permission is granted, to a third party. We will face this issue
as DICE creates the community of educational resources. Our team has agreed that
giving enough time for planning and testing will mitigate this risk. By allowing the
software to give students opt-in and opt-out capabilities and how this methodology is
structured will be key. This risk gets a 3 for probability and a 3 for impact, making it a
moderate risk.
Funding and cost are issues that almost every project faces. This is similar for
DICE. We will be required to secure funding, as well as small business loans until our
break-even point is realized. Mitigation for risk comes down to planning and marketing.
We must identify how many customers in what time frame that DICE can be rolled out
to. The better we can leverage our successful implementation, the better this risk can be
addressed. This risk gets a 3 for probability and a 3 for impact, making it a moderate
risk.
Student acceptance is another risk facing our project. Since the students are the
secondary customer to DICE. Therefore, if they do not embrace the benefits, then the
primary customers, the colleges and universities, will not continue to use DICE or will
choose not to implement DICE at all. The key mitigation that can be applied to this risk
is marketing. If DICE uses other successful community applications as a model, then the
acceptance will be a natural fit. This is a low risk with a probability of 2 and an impact
of 2.
The maintenance complexity of DICE must be addressed as well. The greater
complexity that DICE becomes, the more resources and education must be utilized to
maintain the system. For mitigation, we will work to create a seamless system that is
based on administrative simplicity. This means that documentation and using standard,
accepted technology will be key. This risk gets a 2 for probability and a 1 for impact,
making it our lowest risk.
Mitigation
Risk Mitigation Chart
#1 Technology Incompatibility
Probability: High
Impact: Very High
The concepts behind DICE involve a highly integrated, easily navigated user
interface to appeal to a wide variety of students and faculty. Therefore the underlying
tools must seamlessly work behind the scenes, which could be difficult considering the
wide variety of software out there, which could be licensed or modeled upon for the
separate components, which comprise DICE. Among the major software with which
compatibility is desired are other educational packages such as Blackboard.
Mitigation: Extensive research and testing must be done to ensure that the
different parts of the system can be assembled to work cooperatively. If existing
software cannot be found which will integrate with each other, individual parts can be
developed or software connectors can be used to bridge components. Internal alpha
testing will ensure functionality before the system is deployed to any campus systems.
#2 Database Availability
Probability: Medium
Impact: High
In order to populate each student’s class information and allow him or her easy
access to classmates and potential study groups, DICE must be able to query an
educational institution’s enrollment database to obtain this information. However, this is
considered sensitive information, and therefore access to these databases may be difficult
to obtain or be restricted depending on the campus’ information systems policies. In
certain cases such as smaller campuses, online databases may not be available at all.
Mitigation: DICE will be developed with the mentality of making it
customizable to each campus that it is deployed at. Thus the system’s interface with the
campus database will be able to be scripted as needed to meet that IT department’s
standards. If access to this database is still unavailable, DICE will be capable of being
deployed with a standalone database that can be populated by students setting up their
own accounts and entering information or having that data entered by faculty.
#3 University Acceptance
Probability: Medium Impact: High
As our primary customer, gaining the interest and support of the educational
community is critical to the success of this project. While DICE seeks to fill a niche that
has yet to be filled, it will be difficult initially to distance ourselves and compete with
other educational software packages, as well as simpler and more widely available
products such as instant messaging clients.
Mitigation: An aggressive marketing plan will emphasize the benefits of DICE
to higher education campuses across the country, touting the features set of the product
and illustrating the lack of community, which is clearly present in current distance
education. In addition, partnerships with companies such as Blackboard and textbook
manufacturers will be attempted to gain market presence and recognition.
#4 Privacy Issues
Probability: Medium Impact: Medium
The Federal Rights and Privacy Act (FERPA) of 1974 governs and protects
student educational information and its distribution. Accordingly, any software which
uses student enrollment data, such as DICE, must be FERPA compliant and capable of
securing private information. Students must be unable to access other student’s
confidential data and all communications between the DICE system and database servers
must be encrypted and confidential.
Mitigation: While privacy concerns are an acknowledged risk to the project,
compliance with FERPA can be ensured with extensive testing and emphasis on security
during network communications. During Phase 1 further research will be done on
FERPA to make sure that all data students can access concerning other students will not
violate protected information.
#5 Project Funding
Probability: Low
Impact: Medium
Funding is an issue that affects any development project, and DICE is certainly no
different, as it will have no initial support from any outside software houses or other
businesses. Hiring experts will comprise the bulk of expenses in the initial phases as the
development team will be using Old Dominion University equipment and software. As
the project expands and begins to deploy software at campuses across the country it will
have to increase staffing and equipment to meet the demands.
Mitigation: SBIR grants will provide the initial funding for the project, allowing
the development team to hire experts and do the required research to begin
implementation. In the latter part of Phase 2 and subsequent out years, if additional
money is needed a small business loan can be obtained to offset costs until DICE begins
earning profit.
#6 Student Acceptance
Probability: Low
Impact: Low
Although students are the ultimate end users of DICE, they are classified as
secondary customers. However, it is still important to gain student interest and
appreciation for the system, as campuses will be unable to establish learning communities
without the participation of their students. As such, it will be important to have a feature
set and interface that will attract students to use the application.
Mitigation: Ideally once deployed at an institution, the faculty and staff at that
campus will encourage use of the software, whether that is in the form of posting
supplements to the class or setting up study times and groups for students to use. Once
the student population begins to use it, the community should grow at a steady rate as
students begin to encourage their peers to give it a try.
#7 System Maintenance
Probability: Very Low Impact: Low
As with nearly any information technology system, DICE will need to be periodically
maintained and updated to include new features and ensure continued compatibility
between tools. This process needs to be as non-disruptive as possible to allow campus IT
staff to deploy updates in between semesters or during other short periods when the
system will not be as heavily used. If the system is unable to update easily and
painlessly, campuses may be reluctant to invest in it.
Mitigation: Maintenance cycles will be taken into consideration during the
development cycle, and provisions for distributing patches and updates will be built into
the server and client software packages. DICE will be designed so that IT departments
will be able to take over maintenance after a set period of time to avoid overtaxing
project staff during the out years.