Syntel CQA Forum Software Risk Management CQA

Doc No 19

Risk is nothing but the probability of unsatisfactory outcome. Software Risk Management is a
proactive approach for minimizing the uncertainty and potential loss associated with a project.
Some categories of risk include product size, business impact, customer-related, process,
technology, development environment, staffing (size and experience), schedule, and cost.

Providing insights to support informed decision making is the primary objective of Risk
Management. In contrast, Risk Management practice concentrates on performing bottom-up,
detailed, continuous assessment of risk and opportunity. It focuses on addressing the day-to-day
operational risks that a program faces.

Risk Management follows a two-stage, repeatable and iterative process of assessment and
management. It is performed continually over the life of a program, from initiation to retirement.

Some of the risks in software projects are

• Personnel Shortfalls
• Unrealistic schedules and budgets
• Developing the wrong functions and properties
• Developing the wrong user interface
• Gold-plating
• Continuing stream of requirements changes
• Shortfalls in externally furnished components
• Shortfalls in externally performed tasks
• Real-time performance shortfalls
• Straining computer-science capabilities

Risk Management : Managing risks is a two-step process - Risk Assessment & Risk Control.

Risk Assessment Risk Control

What Risks may conquer me Plan for elimination of Risk Items
Which are most critical How well am I good in eliminating them
How can I best eliminate or avoid them How do I need to adjust my plan

Risk Assessment consists of Risk Identification, Risk Analysis & Risk Prioritization. The
classifications of these are given below.

Risk Identification Risk Analysis Risk Prioritization

Check List Performance Models Risk Exposure
Decision Driver Analysis Cost Models Risk Leverage
Assumption Analysis Network analysis Compound Risk reduction
Decomposition Decision Analysis
Quality Factor Analysis

Risk Control consists of three factors Risk Management Planning, Risk Resolution, Risk
Monitoring. Their Classifications are as below:

Risk Management Risk Resolution Risk Monitoring

Planning
Buying information Prototypes Milestone Tracking
(Survey)
10718245.doc Page 1 of 4
Syntel CQA Forum Software Risk Management CQA
Doc No 19
Risk Avoidance (Change Simulations Top 10 tracing
Requirements (1sec to 2 Benchmarks Risk Assessment
sec)
Risk Transfer Analysis Corrective Action
Risk reduction Staffing
Risk Element Planning
Risk Plan Integration

Example of a Risk Checklist (For Staffing)

• Will Your Project really get all the best • Are there critical skills for which nobody is
people identified
• Are there pressures to staff with available • Are there pressures to overstaff in the early
warm bodies phases
• Are the key project people compatible • Do they have a realistic expectations about
their project job
• Do their strength match their assignment • Are they committed for the duration of the
project
• Are they committed full time • Are their task pre-requisites (Training,
clearances etc)
Satisfied

Top ten Risk Items and Risk Management techniques

S Risk Item Risk management Techniques

.No
1 Personnel Shortfalls Staffing with top talent; Key Personnel agreements; Team
Building & Training; Tailoring process to skill mix;
Walkthroughs
2 Unrealistic Schedules & Detailed Multi source Cost & Schedule Estimation;
Budgets Designed to cost; Incremental Development; Software
Reuse; Requirements De-Scoping; Adding more budget &
Schedules; Outside Reviews
3 Developing the wrong Organizational Analysis; Mission Analysis; OPS- Concept
software functions formalization; User Surveys; Prototyping; Early User Manuals
4 Developing the wrong user Proto-typing; Scenarios’ User Characteristics ( Functionality,
interface Style & Work load)
5 Gold Plating Requirements Scrubbing; Prototyping; Cost Benefit analysis;
Design to Cost;
6 Continuing Stream of High Change Threshold; Info hiding; Incremental
Requirement changes Development ( Defer Changes to later increment)
7 Shortfalls in externally Benchmarking; Inspections; Reference checking;
furnished components Compatibility analysis;
8 Shortfalls in externally Reference checking; Pre-award audits; Award fee contracts;
performed tasks Competitive design or prototyping; Team Building;
9 Real-time Performance Simulations; Benchmarking; Modeling; Prototyping;
Shortfalls Implementation; tuning
10 Straining Computer Science Technical Analysis; Cost Benefit Analysis; Prototyping;
Capabilities Reference Checking

Some of the other Risk factors and Risk Management Techniques

S. Type Management Techniques
no
10718245.doc Page 2 of 4
Syntel CQA Forum
Doc No 19
1 Requirements Mismatch Analysis –
Wrong functions; Wrong attribute
levels; Response time; Reliability;
modifiability; portability etc
2 Legacy Software-
Obsolete; incompatible; unmodifiable
Software; Difficulty of incremental
transition to new system.
Software Risk Management CQA
Organizational Analysis; Mission Analysis;
Prototyping; modeling; Simulation; Business case
analysis; Affordable to reviews; Incremental
evolutionary development ; Design to Cost /
Schedule
Legacy Software assessment; Reverse
Engineering; Restructuring; Encapsulation; Re-
Engineering; Outsourcing; Incremental Phase out

A Chart here will show the risk prone areas and their Risk Description
S Area Risk Description
.no
1 Requirements Frequent Changes, Management o f changes
2 Architecture Maintainability
3 Planning/Scheduling Estimation, Fire-fighting
4 Program Construct Construct Type, Staff, Budget
5 Configuration Multiple baselines
Management
6 Communication Internal, with end users, with customers
7 Development Process Definition, Product Control & Process Control
8 Development System Management, Integration & LAN
9 Personnel Training, MORALE

Note: We fail to focus our effort to maximize item and we are not prioritizing
Risk Exposure Calculation

Risk Exposure calculation RE = Prob(Uo) * Loss(Uo) where Prob(Uo) = Probability of

Unsatisfactory Outcome
Loss(Uo) = Loss if unsatisfactory outcome

Components of Satisfactory outcome

a. Cost, b. Schedule, c. Functionality, d. Operation, e. Support, f. Reuse,

Risk Reduction Leverage = RE (before) – RE (after)

Risk Reduction cost

The Root cause for major risks is primarily with the contract.

Risk Taxonomy is nothing but classification of Risk. It can be divided into three groups
defined below.

A. Product Engineering

Requiremen Design Code/Unit Test Integration Engineering

ts Test Specialties
Stability Functionality Feasibility Environment Maintainability
Completeness Difficulty Testing Product Reliability
Clarity Interfaces Code / System Safety
Implementation
Validity Performance - - Security
Feasibility Testability - - Human Faces
Precedent Hardware - - Specification

10718245.doc Page 3 of 4
Syntel CQA Forum Software Risk Management CQA
Doc No 19
Constraints
Scale Non-Develop - - -
Software

B. Development Environment

Developmen Developm Management Management Work Environment

t Process ent Process Methods
System
Formality Capacity Planning Monitoring Quality Attitude
Suitability Suitability Project Personnel Cooperation
Organization Management
Process Usability Management Quality Assurance Communication
Control Experience
Familiarity Familiarity Program Interfaces Configuration MORALE
Management
Product Reliability - - -
Control
- System - - -
Support
- Deliverabili - - -
ty

C. Program Environment

Resources Contract Program Interfaces

Schedule Type of Contract Customer
Staff Restrictions Associate Customer
Budget Dependencies Subcontractors
Facilities Prime Contractors
Corp Management
Vendors
Policies

10718245.doc Page 4 of 4