CEN 4021 8 th Lecture CEN 4021 Software Engineering II Instructor: Masoud Sadjadi sadjadi/ [email protected] Software Project Planning

CEN 4021 8th Lecture

CEN 4021 CEN 4021 Software Engineering II Software Engineering II

Instructor: Masoud Sadjadi

http://www.cs.fiu.edu/~sadjadi/

[email protected]

Software Project Planning (POMA)Risk Analysis and Planning

9th LectureCEN 4021: Software Engineering II

AcknowledgementsAcknowledgements

Dr. Onyeka Ezenwoye

Dr. Peter Clarke

2


AgendaAgenda

Software Project Planning (POMA)– Risk Analysis and Planning


Risk Analysis and PlanningRisk Analysis and Planning

What is “risk”?

Definition: Risk – A problem that has a greater than 0% but less than 100% probability of occurrence.

A problem is an event that has a negative value associated with it.

If the probability a risk has a 100% of occurring it is a problem.

Examples of risk include: losing a critical resource or using an unreliable new technology in a software project.


Risk Analysis and PlanningRisk Analysis and Planning

Risk can be listed, categorized, and potentially managed.

The earlier risk are handled, the better the chance of project success.


Sources of RiskSources of Risk

Overly optimistic assumptions about the availability of some technology

Misunderstanding of the real impact of some new methodology

Miscalculation of the robustness (e.g., extensibility) or constraints of software design

Misunderstanding of customer requirements Uncontrolled continuous changes of customer

requirements Unrealistic promises to customers made by overzealous

sales people or company execs.


Sources of RiskSources of Risk

Inadequate due diligence while choosing external sourcing

Incompetence of key personnel

Miscalculation of teamwork and group effectiveness

Unrealistic expectations about the availability or productivity of special skilled human resources.


Risk IdentificationRisk Identification

Steps in starting the risk list:

1. List those characteristics of the product that may not be well defined.

2. List all unresolved issues for the tasks that will be performed in conjunction with the software project. Start by asking whether any process is defined, documented, and practiced in the organization.



Steps in starting the risk list:

3. Identify risks associated with management of resources. For example, hardware and software systems required for the project, licenses needed etc. Tools may not be available when needed.

Human resources represent a especially important type of resource for software projects. Obtaining the needed skilled people in a timely manner is always a problem.



Planning categories to identify risk:

Deliverables and product specification

Tasks and initial schedule

Goals, metrics, and measurements

Human resources

Processes and methodologies

Tools and equipment


Risk PrioritizationRisk Prioritization

Definition: Risk prioritization - The activity of ordering risks based on some criterion or set of criteria.

Recovery cost – The cost in terms of effort or financial expense to solve a problem should a risk materialize.

The cost identified may not be exact but rather identified as merely high, medium, and low. The associated risk would have similar values.



To apply the notion of recovery cost as an abstract value, experience in the development process is required.

Risk Item Recovery Cost Risk Priority

Item 1 High High

Item 2 Medium Medium

Item 3 High High

Item 4 Low Low

Table 5.1. Risk Prioritization by Recovery cost



Prioritization by Risk Value:

The prioritization of risk can be more complex.

It makes sense to view risks with a low chance of occurring as requiring less attention.

We can define the risk value (RV) as follows:

RV(j) = P(j) X RC(j) P(j) – the probability of risk item j becoming a real problem

RC(j) – is the recovery cost for the risk item j when it turns into a real problem.



Defn: Risk Value - A recovery cost that is influenced and modified by another criterion or set of criteria. The probability of the risk turning into a problem is such an influencing factor, and when such a factor is taken into account in modifying the recovery cost, the result is the risk value.

Risk Item Prob. Of Occurrence Recovery Cost Risk Value (RV)

Item 1 0.4 $600 240

Item 2 0.7 $400 280

Item 3 0.3 $3000 900

Item 4 0.6 $1200 720

Item 5 0.3 $700 210

Table 5.2. Risk Prioritization by Risk Value


Risk ManagementRisk Management

Is the formal process in which risk factors are systematically identified, assessed and mitigated.

Is about understanding the internal and external influences that can cause failure– Internal risk – within the control of project manager– External risk – outside the control the manager



A subset of project management that includes the processes concerned with identifying, analyzing, and responding to project risk

The result of the initial risk analysis is a risk plan that should be reviewed regularly and adjusted accordingly

The purpose is to uncommon causes of project variation



A good project manager is a good risk manager Risk management continues throughout the software

process until the product is delivered Risk analysis and mitigation continue through the

implementation stages of the software process.



Risks are analyzed and prioritized on a weekly basis and the current “top-ten” risk list is presented at each weekly project status meeting.

Mitigation occurs through working the risks with the project team.



Negative impact of risk can include– Diminished quality of product– Increased cost– Delayed completion– Project failure



Handling risk is a key skill for software project managers because so much can go wrong

Software projects are thought to be more complex because the product is intangible

The determined risk profile will affect any scheduling estimates



Project manager deal with 3 general categories of risks– Known knowns: know to the project team, e.g., not having a

funding source. Risk is noted and in project plan.– Known unknowns: know to the project team but not know as

a reality to the project. E.g., not having access to the end-user may lead to incorrect requirements. These are described in the plan, prioritized and updated on a weekly basis



Project manager deal with 3 general categories of risks (continued)– unknown unknowns: these are unknown to the project team

as both a category of risk and as a reality to this project. E.g., when a specific technology is used because it is dictated by the terms of the contract. These can be addressed by setting a budget for contingencies. Also consider risk transfer, a.k.a insurance


Risk uncertainty spectrumRisk uncertainty spectrum



Part of risk management is about risk quantification Concepts of risk quantification:

– Risk Event (item): precise description of what might happen to the project

– Risk probability: the degree to which the risk event is likely to occur

– Amount at stake (recovery cost): the loss if the outcome is unsatisfactory

– Risk exposure (risk value): the overall liability (quantified) potential of the risk


Risk Management ModelRisk Management Model

Risk management is made up of:– Risk identification

Identify potential risk event (thru checklists, problem decomposition, experience, etc)

– Risk quantification Qualitative analysis: non-measurable data e.g., morale Quantitative analysis

– Response planning Identify resource reserves, and how mitigation can occur

– Monitoring and control Correction action plans and monitoring their implementation


Identifying RisksIdentifying Risks

Take the WBS and look for precedence bottlenecks. These will show up as tasks that require many other tasks to be completed before they can begin.

See all the dependencies to successful completion, parallel tasks, critical paths.

Schedule is made riskier due to increases in the project task degree of concurrency, number of critical path items, and estimation errors


Risk MitigationRisk Mitigation

Defn: Risk mitigation – An activity that may reduce minimize, or totally avoid a risk.

Risk item: not being able to complete a system integration task with a

specific tool because only one person posses that special skill.

Alt. 1 – Hire an extra person with the needed skill as a backup helper

Alt. 2 – Provide extra incentives to persuade the current employer to stay

Alt. 3 – Use an alternative system integration method that does not require

this specific tool


Cost-base mitigationCost-base mitigation

Which mitigation alternative should be chosen when several choices are available?

Which criteria should be used in decision making?

One of any several parameters as the basis for decision making including the ease of mitigation, probability of success of mitigation, and the cost of mitigation.


Cost of mitigationCost of mitigation

Mitigation alternative Cost of mitigation

Alternative 1 $65,000



Table 5.3: Estimated Mitigation Costs for Risk Item J


Mitigation Value CostMitigation Value Cost

The mitigation cost value is defined as follows:

MVC(k) = P(k) X MC(k)

MVC(K) – mitigation cost value of alternative k

P(k) – probability of failure for alternative k

MC(k) – raw cost of mitigation for alternative k

See Table 5.4 in the next slide.

Mitigation value cost – the cost of risk mitigation after taking into account another criterion or a set of criteria, such as probability of mitigation success



Mitigation

alternative

Raw risk mitigation cost

Probability of failure

Mitigation value cost

Alternative 1 $65,000 0.1 $6500

Alternative 2 $50,000 0.6 $30,000

Alternative 3 $120,000 0.05 $6000

Table 5.4 Mitigation Value Cost



Mitigation Value Cost

Note that if P(k) is changed from the probability of failure to the probability of success, then the highest mitigation value cost would be the proper choice.

Sometimes the project manager faces the prospect of planning with a fixed budget for risk mitigation. Therefore the risk items must be ranked.

See Table 5.5 in textbook.


Risk removalRisk removal

Prioritized risk item Expected removal date

Removal dependency

Item 1 06/30/2006 Risk mitigation completed

Item 3 07/15/2006 Task 3 completed on schedule

Item 3 01/30/2007 Task 8 target met and risk mitigation completed

Documents

CEN 4021 8 th Lecture CEN 4021 Software Engineering II Instructor: Masoud Sadjadi sadjadi/ [email protected] Software Project Planning