Documente Academic
Documente Profesional
Documente Cultură
Risk Analysis
Slide Set to accompany
Software Engineering: A Practitioner’s Approach, 7/e
by Roger S. Pressman
All copyright information MUST appear if these slides are posted on a website for student
use.
Coming up: Option 2: Contingency plan: Plan ahead what you will do when the risk occurs 3
Option 2: Contingency plan: Plan ahead
what you will do when the risk occurs
Coming up: Option 3: Risk mitigation: Lessen the probability of the risk occuring. Reduce the
impact of occurence 4
Option 3: Risk mitigation: Lessen the
probability of the risk occuring. Reduce
the impact of occurence
Lets read about
not playing with
fire
track
RISK identify
plan
analyze
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e
(McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman. 7
Software risks
Project risks –threaten project plan
Technical risks threaten the quality and
timeliness of the software to be built.
Business risks threaten the viability of the
software to be built
Another risk categorization categorizes risk into
three
Known risks –can be uncovered after careful
evaluation of the project plan
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e
(McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman. 8
Predictable risk are got from past project
experience
Unpredictable risks are extremely difficult to
identify in advance.
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e
(McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman. 9
Risk management
Decision driver analysis involves questioning
and analyzing all major decisions taken for the
project.
Optimistic assumptions made about the
project are also a source of risk
Decomposition implies breaking a large project
into clearly defined parts and then analyzing
them.
Next tasks that comes after risk identification
are
Risk analysis
Prioritization
In risk analysis the probability of occurrence of
a risk has to be estimated along with the loss
that will occur if the risk does materialize
The other approaches for risk analysis include
studying the probability and the outcome of
possible decisions.
Once the probabilities of risk materializing and
losses due to materialization of different risks
have been analyzed they can be prioritized.
One approach to prioritization is risk exposure
or risk impact
RE = prob(uo) * loss(uo)
Prob(uo) - probability or risk materializing
Loss(uo) -total loss incurred due to
unsatisfactory outcome.
Higher the RE , higher the priority of risk
Risk control
The main objective of risk management is to
identify the top few risk items and then focus
on them. once the risks have been identified
and prioritized the question is how to resolve
them.
One obvious strategy is risk avoidance which
entails taking actions that will avoid the risk
altogether.
For most risks the strategy is to perform the
actions that will either reduce the probability of
the risk materializing or reduce the loss due to
the risk materializing .
These are called risk mitigation steps.
To decide what mitigation steps to take , alist of
commonly used risk mitigation steps for various
risks is useful here. Risk monitoring is the
activity of monitoring the status of various risks
and their control activities.
A practical risk management
approach
In this approach the probability of a risk is
categorized as low , medium or high.
The risk impact can also be classified as low ,
medium or high.
With these ratings the following simple method
for risk identification can be specified.
1.for each risk , rate the probability of its
happening as low, medium , high
2.for each risk asses its impact on the project
as low, medium .high
3.rank the risks based on the probability and
effects on the project.
4. select the top few risk items for mitigation
and tracking
risk prob impact exp mitigation
plan
1. Failure to meet high high high white papers
the high performance training
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e
(McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman. 36
Building the Risk Table
Estimate the probability of occurrence
Estimate the impact on the project on a
scale of 1 to 5, where
1 = low impact on project success
5 = catastrophic impact on project success
Determine the exposure:
Risk Exposure = Probability x Impact
Some use cost to the project rather than
impact, but in my experience cost is hard to
estimate accurately. - Fleck
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e
(McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman. 37
Per
s
don onal O
’t lik p
e th inion:
is - I
Risk Exposure Example Fle
ck
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e
(McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman. 38
Risk Mitigation, Monitoring,
and Management
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e
(McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman. 39
Risk Management Paradigm
plan
analyze
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 7/e
(McGraw-Hill 2009). Slides copyright 2009 by Roger Pressman. 40