Risk Management

Question 1

What is Risk?

Answer 1

An uncertain event or condition that, if occurs, has a positive or negative effect on a project objective.

Question 2

Sources

Answer 2

1. Technology risks
2. People risks
3. Organizational risks
4. Tool risks
5. Requirements risks
6. Estimation risks

Question 3

Impact

Answer 3

1. Project risks
   a) Schedule
   b) Resources
2. Product risks
   a) Quality
   b) Performance
3. Business risks
   a) Organization developing or selling the software

Question 4

Risk Management

Answer 4

1. Systematic process of identifying, analyzing, and responding to project risks
2. It includes minimizing the consequences of adverse events to project objectives
3. Setting up a culture where risks are
   - identified
   - assessed
   - communicated
   - managed proactively
4. The alternative to proactive management is reactive management (crisis management)
   - requires significantly more resources
   - takes longer for problems to surface

Question 5

Risk Analysis

Answer 5

1. Goals
   - Identify risks to be mitigated
   - Assesses and prioritize all identified risks
2. Determine
   - Probability of the risk to occur
   - Impact on the project objectives in case the risk occurs
   - Severity (probability * impact)
3. A risk is high, if
   - the probability is high
   - the potential impact is high
4. Quantitative analysis
   - Based on estimates and simulations

Question 6

Risk Rating

Answer 6

Risk Rating (cost) = probability * impact (cost)

• Estimates are always subject to considerable uncertainty
• We should try to estimate p and i for each risk

Question 7

Mitigation Strategies

Answer 7

1. Risk Avoidance
   - Changing the plan to estimate the risk
2. Risk Acceptance
   - Accept the consequences if a risk occurs
3. Risk Transference
   - Transfer all or part of the risk to another party
4. Contingency Planning
   - Set funds aside to be used if the risk occurs
5. Must be documented and stored!

Question 8

Risk Monitoring & Control

Answer 8

1. Implementing, tracking, and evaluating mitigation strategies, risk response plans
2. Identifying new risks
3. Re-assess each identified risk regularly to
   - decide whether or not it is becoming less or more probable
   - decide whether the impact of the risk has changed
4. Communicating risk status to stakeholders
5. Each major risk should be discussed at project progress meetings

Question 9

Benefits of Risk Management

Answer 9

1. Risks are identified and communicated early
   - Management and project team
2. Measures are planned and performed proactively
   - no crisis management
   - cost and benefit of the measures can be estimated
3. Assessment of the risk situation
   - influences schedule and budget planning
4. Risks are communicated explicitly
   - The risk situation is analyzed throughout the project
5. We can learn from former projects
   - risk information is collected and reused systematically

Question 10

Dishonest communication

Answer 10

• Donʼt be shy to send uncomfortable messages
• Communicate not only the situation, even more show the consequences
• Donʼt miss to tell the uncomfortable truth