Documente Academic
Documente Profesional
Documente Cultură
Implement Risk
Management Processes
Week 1
3757G
Website Risk Management
Introduction to the process for managing risks in
website development.
Discussion:
Risk management is the process which is used to avoid, reduce
or control risks.
There should be a balance between the cost of managing risk
and the benefits you expect from taking that risk. Note that risks
are acceptable as long as you have identified them and have a
plan to mitigate them.
We need to be concerned about risk management at two points
for every website development project:
when we initially consider a project being proposed for a customer,
and as we run a project.
Completion Criteria:
Risk management is typically complete
when the following postconditions hold:
The
application, business, center, or
endeavor is retired or completed.
Business Strategy Risk Management Planning, Risk Identification, Risk Analysis, Risk Control, and Risk Monitoring
Business Optimization Risk Management Planning, Risk Identification, Risk Analysis, Risk Control, and Risk Monitoring
Initiation Risk Management Planning, Risk Identification, Risk Analysis, Risk Control, and Risk Monitoring
Construction Risk Management Planning, Risk Identification, Risk Analysis, Risk Control, and Risk Monitoring
Delivery Risk Management Planning, Risk Identification, Risk Analysis, Risk Control, and Risk Monitoring
Usage Risk Management Planning, Risk Identification, Risk Analysis, Risk Control, and Risk Monitoring
Retirement Risk Management Planning, Risk Identification, Risk Analysis, Risk Control, and Risk Monitoring
…more
…more
Definition:
Risk management planning is the risk management
task of planning the performance of the other risk
management tasks:
Risk Identification
Risk Analysis
Risk Monitoring
Risk Control
Objectives:
The typical objectives of risk management
planning are to:
Determine the scope of the risk management activity (e.g.,
determine which of the potential risks may be relevant).
Plan the other risk management plans.
Develop the risk management plan.
Communicate these plans to their stakeholders.
Preconditions:
Risk management planning can typically begin
when the following preconditions hold:
The endeavor is started.
The associated teams are initially staffed.
At least one of these teams is adequately trained in risk
management planning.
Completion Criteria:
Risk management planning is typically
complete when the following postconditions
hold:
The scope of risk management has been determined.
The risk management plan has been produced and
approved by the customer organization.
Steps:
Risk management planning typically involves
members of the endeavor’s teams performing
the following steps in an iterative, incremental,
parallel, and timeboxed manner:
Determine scope of the risk management activity.
Techniques:
Risk management planning can typically be
performed using the following techniques:
Content and format standards
Documentation templates
Automatic documentation generation from a
database of document content
Work Products:
Risk management planning results in the
production of the following work products:
Risk Management Plan (RMP)
Guidelines
Perform this task concurrently with the risk
identification and risk analysis tasks.
Definition:
Risk identification is the ongoing risk
management task of identifying the significant
risks to the success of an endeavor.
Objectives:
The typical objectives of risk identification are
to:
Identify all significant risks associated with an
endeavor including their associated risk factors:
Assets that are at risk
Business processes that are at risk
Threats to these assets and business processes
Vulnerabilities to these threats
Preconditions:
Risk identification can typically begin when
the following preconditions hold:
The endeavor is started.
The associated teams are initially staffed.
At least one of these teams is adequately trained in
risk identification.
Completion Criteria:
Risk identification is typically complete when the
following postconditions hold:
All significant risks have been identified including the:
Assets at risk.
Business processes at risk.
Threats to these assets and business processes.
Vulnerabilities to these threats.
All associated work products have been produced.
…more
SOFTWARE DATA
Interception Interruption
(Loss) Modification
Modification Fabrication
Stage IV, Semester 1, 2006 43
Risk Identification
Techniques:
Risk identification can be performed using the
following techniques:
Checklists of risks and their factors
Brainstorming of risks and their factors
Cross Functional Teams to provide multiple viewpoints
so that a comprehensive list of risks and their factors is
developed.
Documentation Studies of risk identification literature
and previous risk management plans
Incremental Development of the risks and their factors
Interviews with stakeholders and domain experts
Iteration of the identified risks and their factors
Joint Application Development (JAD) of the risks and
their factors
Parallel Development of the risks with other tasks and
other teams
Re-use of previously identified risks
Stage IV, Semester 1, 2006 44
Risk Identification
Work Products:
Risk identification typically results in the
production of all or part of the following work
products:
An informal context diagram of potential risk factors.
An informal list of unprioritised potential risks:
Assets and business processes at risk
Threats to these assets and business processes
Vulnerabilities to these threats
This information can also be stored in a risk
management database or directly documented in an
evolving risk management plan (RMP).
…more
…more
Stage IV, Semester 1, 2006 58
Risk Analysis
Guidelines (Continued):
Risk categories (continued):
Schedule Risks:
Unrealistic Schedule
Inadequate Schedule Estimates
Upgrades to COTS components and tools not available when promised
(vaporware)
Excessive Time To Market
Technical Risks:
The application will not provide all required functionality.
The application’s transactions will not be auditable.
The application will not adequately support internationalization.
The application will not provide personalization.
The application will contain excessive defects.
The application’s outputs will be inadequately accurate or precise.
Work Products:
Risk monitoring typically results in the
production of all or part of the following work
products:
Risk Monitoring Report
Definition:
Risk control is the ongoing risk management
task of taking steps that help ensure that
significant risks to the endeavor are
controlled.
Objectives:
The typical objectives of risk control are to
(where appropriate and practical):
Accept tolerable risks.
Avoid the occurance of significant risks to the
endeavor.
Mitigate the impact of significant risks to the
endeavor that occur.
Transfer significant risks to other parties.
Work Products:
Risk control typically results in the
production of all or part of the following
work products:
No specific reporting, Risk Monitoring Report
covers this.