Lecture 12 - Managing Risk for Software Project Flashcards
What is risk deciphered as? (3)
- Lack of information
- Lack of time
- Lack of control
What is the formula for calculating Risk exposure?
Risk exposure = Impact x Probability
What is risk?
Something identified in advance that may or may not happen and can have positive or negative impact on project
What are positive risks know as?
Opportunities
TF: Project Management does not focus on threats (negative risks)
False. It does
Lack of knowledge about an event that reduces confidence in conclusions drawn from data is an…
Uncertainty
What is risk tolerance?
Level of risk acceptable to an individual or organization
What is risk threshold?
Specific point at which risk becomes unacceptable
What is Risk averse?
Someone who does not want to be negatively impacted by threats
TF: Risk tolerance is considered the opposite of risk averse
True
What is the ISO/IEC definition of risk?
The combination of the probability of an event and its negative consequence
What is the ISO/IEC definition of risk category?
A class or type of risk (technical, legal, safety, schedule, etc.)
TF: Risk category is a characterization of a source of risk
True
What are the risk management processes? (2)
- Risk assessment
- Risk control
What are the steps of risk assessment? (3)
- Risk identification
- Risk analysis
- Risk prioritization
TF: Risk assessment cannot be reassessed at the beginning of each iteration
False. It can
What is Risk identification?
Determines risks related to the overall project, product, and business
What is the outcome of risk identification?
Collection of risk items
What are typical software project risk elements? (4)
- Performance risk
- Cost risk
- Support risk
- Schedule risk
What is performance risk?
Degree of uncertainty that the product will meet its requirements and be fit for intended use
What is cost risk?
Degree of uncertainty that project budget will be maintained
What is support risk?
Degree of uncertainty that the resultant software will be easy to correct, adapt, and enhance
What is schedule risk?
Degree of uncertainty that the project schedule will be maintained, and project will be delivered on time
What are some causes of software project risks? (5)
- Poor risk management practices
- Under-defined scope/goals
- Misunderstanding context, options, and opportunities
- Poor time and priority management
- Cultural inability to cut our losses
What is Risk analysis?
Assessment of the likelihood of occurrence of a risk and the impact of it on the project, product, business
What is qualitative assessment for the likelihood of occurrence for a risk?
The scale (low, moderate, significant, high)
What is quantitative assessment for the likelihood of occurrence for a risk?
Probability of occurrence
What is qualitative assessment for the impact on project, product, business of a risk item?
The scale (low, moderate, significant, high)
What is quantitative assessment for the impact on project, product, business of a risk item?
A number to represent the impact of a risk
(ex: fire can cause 0.5 millions of damage in a facility)
What makes a risk of high concern?
If the risk has High impact and High likelihood of occurrence
Consider a fire which can cause 0.5 millions of damage in a facility. Let the probability of this event be 0.01. Then the risk exposure is…
RE = $0.5million x 0.01 = $5,000
What is risk prioritization?
Setting priorities in order to determine where to focus risk mitigation efforts
In risk prioritization, how do we determine the priority of each risk item in a quantitative model?
Combine the likelihood and impact
What are the three parts that make up Risk control?
- Risk Planning
- Resolution
- Risk Monitoring
What does the acceptance strategy in risk planning involve in risk control?
Means the project has decided not to change the project plan to deal with a risk or is unable to identify any other suitable response strategy
TF: Contingency plans is an example of the acceptance risk response strategy
True
TF: Identification of risk-trigger points is an example of the acceptance risk response strategy
True
TF: Using contingency allowance (time, budget, staff) is not an example of the acceptance risk response strategy
False. It is
What does the avoidance strategy in risk planning involve in risk control?
Changing the project plan to eliminate the risk to protect the project goals and objectives from its impacts
TF: Not using unfamiliar subcontractors is an example of the avoidance risk response strategy
True
TF: Adding resources or time to critical tasks during planning is not an example of the avoidance risk response strategy
False. It is
What does the transference strategy in risk planning involve in risk control?
Shifting the consequence and ownership of a risk to a third party
TF: Warranties and guarantees are an example of the transference risk response strategy
True
TF: Use of fixed-priced contract with subcontractors is an example of the transference risk response strategy
True
What does the mitigation strategy in risk planning involve in risk control?
Reduces the possibility and/or consequences of an adverse risk to an acceptable level
Adopting less complex processes is an example of what risk response strategy?
Mitigation
Plan for additional testing of complex elements is an example of what risk response strategy?
Mitigation
Using a more reliable or more stable vendor is an example of what risk response strategy?
Mitigation
Using a prototype in the development process is an example of what risk response strategy?
Mitigation
What is Risk Reduction Leverage?
The ratio of the reduction in risk exposure over the cost of the reduction
What is the Risk Reduction Leverage (RRL) formula?
RRL = [RE(before) - RE(after)]/cost of reduction
TF: An RRL value greater than 1 indicates cost effective risk reduction measures
True
TF: An RRL value less than 1 would indicates cost effective reduction measures
False. Indicates a non cost effective reduction measures
Slide 30 for RRL example
No answer slide?
What is the most powerful tool for determining net outcomes from both positive and negative risk events?
Decision tree analysis
A diagram that describes a decision under consideration and the implications of choosing one or another of the available alternatives is a…
Decision tree
TF: The set of outcomes for a decision tree adds up to 100%
True
How do you calculate the total impact for each branch of the decision tree?
EMV = P * I
EMV: Expected Monetary Value
P: Probability
I: Impact
Slide 32 for Decision tree analysis technique
No answer?
Examining and documenting the effectiveness of risk responses in dealing with identified risks. Their root causes, and the risk management process is known as…
Project Risk Response audits
TF: Project risk response audits should not happen regularly
False. It should happen regularly
What is involved in Periodic project risk reviews? (3)
- Identification of new risks
- Reassessment of current risks
- Closing outdated risks
What are the steps of Risk Control Overview? (6)
- Identification
- Analysis
- Prioritization
- Planning
- Resolution
- Monitoring
What are the elements that are included in Risk Monitoring/Controlling? (6)
- Risk log
- ID number
- Risk description
- Risk owner
- Action to be take
- Outcome
